« previous next »
Pages: [1] 2

Author Topic: Help with a possible virus  (Read 945 times)

Offline Dachronic

  • Newbie
  • *
  • Posts: 49
  • Karma: +0/-0
    • View Profile
Help with a possible virus
« on: October 13, 2006, 08:14:28 PM »
I seem to be infected with some kind of virus, Recently all of a sudden when I tried to open task manager it tells me that it has been disabled by the admin. This is a single user pc and I didn't disable it. Also I have had to kill all access to Internet Explorer because everytime it would open or attempt to open on its own it would cause Windows Explorer to freeze up and shut down. I've tried searching with Norton,NOD32,AdAware,Spybot,Ewido, and ZoneAlarm Pro but the problems keep occuring and I have no clue what to do, if anyone has any suggestions your help is much appreciated. I think it's a possiblity it could be the Win32.P2P-Worm.Alcan.a virus. Thanks for any help in advance.
Logged

Offline guestolo

  • Site Donator
  • Administrator
  • Hero Member
  • *****
  • Posts: 16034
  • Karma: +1/-0
    • View Profile
    • http://
Help with a possible virus
« Reply #1 on: October 13, 2006, 09:53:06 PM »
From my signature below, download and save too a permanent folder of it's own onto your harddrive
Hijackthis 1.99.1
Open Hijackthis.exe

Do a "SCAN and Save a Log file"
A log will open in Notepad
Copy and paste the WHOLE contents of the log  here... Don't try and fix anything yet----It is all important
Logged

Do you want to post your own logs from FRST?

Follow the instructions posted http://www.thetechguide.com/forum/index.php/topic/22942-please-read-how-to-post-logs-from-frst/\'>Click Here

Offline Kill Em All

  • Full Member
  • ***
  • Posts: 245
  • Karma: +0/-0
    • View Profile
Help with a possible virus
« Reply #2 on: October 13, 2006, 10:02:48 PM »
do what he says i had a nasty @ss virus and that hijackthis eats the virus prrty much..
Logged
Transactions



bought a lvl 97 acct. from dogman....he jacked the acct. the real owner of the acct. took it back (lil noob)

scammed by sn1jia he said acct. didnt have recovs and it did      

scammed by mystic bear slayer took my lvl 72 acct.

bought 2 pins off of joeythesecond successful!

mmd for casper123 successfull 300k tip!

scammed by ttg junkie firecaped and took all of my items

borrowed 5m from casper123 and gave back a week later!

almost mmd a lvl 104 for casper123 g-reazzea but he said offical only=( so the deal was cancelled

almost scammed by an imposter bernercam

bought a lvl 80 and 85 from puppychow i went first! very trusted successfull!

bought siggy from puppychow for 500k successfull! and i love the sig!!

bought another sig from puppychow for 25k its great!!

bought pure mage from BAPEMAN devilman mmd successful!!

did a 15m transfer for CASPER123 successfull!

[font=\"Arial Black\"] [color=\"red\"]

MMing for free!!! only MMing things under 3 mill!!!!

 [/font] [/color]



[color=\"green\"]

msn:[email protected]

[/color]



Offline Dachronic

  • Newbie
  • *
  • Posts: 49
  • Karma: +0/-0
    • View Profile
Help with a possible virus
« Reply #3 on: October 13, 2006, 11:14:33 PM »
ok heres my log file, and thanks for your help in advance.

Logfile of HijackThis v1.99.1
Scan saved at 12:13:08 AM, on 10/14/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\IntelDH\Intel® Quick Resume Technology\ELService.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\DISC\DiscUpdateMgr.exe
C:\Program Files\Sonic\DigitalMedia Plus\DigitalMedia Archive\DMAScheduler.exe
C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\HP_Administrator\My Documents\download\slipknot13577772\acidmax2\mirc.exe
C:\HP\KBD\KBD.EXE
c:\windows\system\hpsysdrv.exe
C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\HP_Administrator\Desktop\hijackthis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [HPHUPD08] c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe
O4 - HKLM\..\Run: [DISCover] C:\Program Files\DISC\DISCover.exe
O4 - HKLM\..\Run: [DiscUpdateManager] C:\Program Files\DISC\DiscUpdateMgr.exe
O4 - HKLM\..\Run: [DMAScheduler] c:\Program Files\Sonic\DigitalMedia Plus\DigitalMedia Archive\DMAScheduler.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\Xfire.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://*.trymedia.com (HKLM)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Intel® Quick Resume Technology Drivers (ELService) - Intel Corporation - C:\Program Files\Intel\IntelDH\Intel® Quick Resume Technology\ELService.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset  - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
Logged

Offline guestolo

  • Site Donator
  • Administrator
  • Hero Member
  • *****
  • Posts: 16034
  • Karma: +1/-0
    • View Profile
    • http://
Help with a possible virus
« Reply #4 on: October 13, 2006, 11:18:18 PM »
Can you do the following
==Download this file - Combofix.exe and save it too desktop
Double click combofix.exe & follow the prompts.
When finished, it shall produce a log for you.
Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Post the log from combofix please
Logged

Do you want to post your own logs from FRST?

Follow the instructions posted http://www.thetechguide.com/forum/index.php/topic/22942-please-read-how-to-post-logs-from-frst/\'>Click Here

Offline Dachronic

  • Newbie
  • *
  • Posts: 49
  • Karma: +0/-0
    • View Profile
Help with a possible virus
« Reply #5 on: October 13, 2006, 11:51:54 PM »
HP_Administrator - 06-10-14  0:48:28.40    Service Pack 2
ComboFix 06.10.14 - Running from: "C:\Documents and Settings\HP_Administrator\Desktop"

(((((((((((((((((((((((((((((((   Files Created from 2006-09-14 to 2006-10-14  ))))))))))))))))))))))))))))))))))
 
 
2006-10-13   16:11   3,968   --a------   C:\WINDOWS\system32\drivers\AvgAsCln.sys
2006-10-13   03:47   502,368   --a------   C:\WINDOWS\system32\drivers\amon.sys
2006-10-13   03:47   274,432   --a------   C:\WINDOWS\system32\imon.dll
2006-10-09   20:36   0   --a------   C:\WINDOWS\system32\dlh9jkdq8.exe
2006-10-09   16:31   62,744   --a------   C:\WINDOWS\system32\xinput1_2.dll
2006-10-09   16:31   236,824   --a------   C:\WINDOWS\system32\xactengine2_3.dll
2006-10-06   01:44   45,525   --a------   C:\WINDOWS\system32\otxfsach.dll
2006-09-30   01:45   867,468   ---hs----   C:\WINDOWS\system32\cfhkj.bak1
2006-09-29   01:45   73,748   --a------   C:\WINDOWS\system32\yxlnvbtd.dll
2006-09-29   01:45   45,525   --a------   C:\WINDOWS\system32\wmqbdrkc.dll
2006-09-29   01:45   143,380   --a------   C:\WINDOWS\system32\guqlnurt.exe
2006-09-15   12:57   859,081   ---hs----   C:\WINDOWS\system32\cfhkj.ini2
2006-09-15   12:40   860,740   ---hs----   C:\WINDOWS\system32\cfhkj.bak2
2006-09-15   12:34   577,588   ---hs----   C:\WINDOWS\system32\jkhfc.dll


((((((((((((((((((((((((((((((((((((((((((((((((   Find3M Report   )))))))))))))))))))))))))))))))))))))))))))))))))))))   


2006-10-14 00:42   --------   d--------   C:\Program Files\Mozilla Firefox
2006-10-13 16:59   --------   d--------   C:\Documents and Settings\HP_Administrator\Application Data\Azureus
2006-10-13 16:11   --------   d--------   C:\Program Files\Grisoft
2006-10-13 14:24   --------   d--------   C:\Program Files\ESET
2006-10-13 03:27   135680   --a------   C:\WINDOWS\system32\taskmgr.exe
2006-10-13 03:22   1032192   --a------   C:\WINDOWS\explorer.exe
2006-10-10 14:02   --------   d--------   C:\Program Files\Dolphin
2006-10-09 16:25   --------   d--h-----   C:\Program Files\InstallShield Installation Information
2006-10-09 16:20   --------   d--------   C:\Program Files\Radical Games
2006-10-07 18:01   --------   d--------   C:\Program Files\GameSpy Arcade
2006-10-06 17:02   --------   d--------   C:\Program Files\PokerStars
2006-10-01 21:26   --------   d--------   C:\Program Files\Zone Labs
2006-09-30 20:25   --------   d--------   C:\Program Files\VIRTUAL RC RACING
2006-09-30 13:41   --------   d--------   C:\Program Files\EA GAMES
2006-09-30 12:14   --------   d--------   C:\Program Files\Windows Media Player
2006-09-30 12:14   --------   d--------   C:\Program Files\Windows Media Connect 2
2006-09-29 01:44   --------   d--------   C:\Program Files\Common Files\Symantec Shared
2006-09-29 01:42   --------   d--------   C:\Program Files\Symantec
2006-09-29 01:42   --------   d--------   C:\Program Files\Common Files
2006-09-29 01:29   --------   d--------   C:\Program Files\KONAMI
2006-09-23 22:06   --------   d--------   C:\Program Files\Project64 1.6
2006-09-23 20:17   --------   d--------   C:\Program Files\YVD
2006-09-23 14:53   --------   d--------   C:\Program Files\Empyre Group
2006-09-20 19:55   --------   d--------   C:\Program Files\Winamp
2006-09-19 14:37   --------   d--------   C:\Program Files\GemMaster
2006-09-19 14:35   --------   d--------   C:\Program Files\Quicken
2006-09-17 16:43   --------   d--------   C:\Documents and Settings\HP_Administrator\Application Data\Google
2006-09-17 16:42   --------   d--------   C:\Program Files\Google
2006-09-17 14:34   --------   d--------   C:\Program Files\Lavasoft
2006-09-17 14:34   --------   d--------   C:\Documents and Settings\HP_Administrator\Application Data\Lavasoft
2006-09-15 22:29   163644   --a------   C:\WINDOWS\system32\drivers\secdrv.sys
2006-09-15 22:24   --------   d--------   C:\Program Files\Activision
2006-09-15 12:15   --------   d--------   C:\Documents and Settings\HP_Administrator\Application Data\HPQ
2006-09-15 00:20   --------   d---s----   C:\Documents and Settings\HP_Administrator\Application Data\Microsoft
2006-09-13 01:18   --------   d--------   C:\Program Files\Microsoft Games
2006-09-10 00:44   --------   d--------   C:\Program Files\MSXML 4.0
2006-09-09 21:37   --------   d--------   C:\Program Files\Azureus
2006-09-09 00:21   98304   --a------   C:\WINDOWS\system32\CmdLineExt.dll
2006-09-09 00:15   --------   d--------   C:\Program Files\Sierra
2006-09-05 12:25   --------   d--------   C:\Program Files\DISC
2006-08-24 22:42   8704   --a------   C:\WINDOWS\system32\wdfmgr.exe
2006-08-24 22:42   8704   --a------   C:\WINDOWS\system32\uwdf.exe
2006-08-24 22:30   99840   --a------   C:\WINDOWS\system32\wmpshell.dll
2006-08-24 22:30   990208   --a------   C:\WINDOWS\system32\drmv2clt.dll
2006-08-24 22:30   937984   --a------   C:\WINDOWS\system32\WMNetMgr.dll
2006-08-24 22:30   8337920   --a------   C:\WINDOWS\system32\wmploc.dll
2006-08-24 22:30   790016   ---------   C:\WINDOWS\system32\WMVSENCD.dll
2006-08-24 22:30   757248   --a------   C:\WINDOWS\system32\WMADMOD.dll
2006-08-24 22:30   7168   ---------   C:\WINDOWS\system32\asferror.dll
2006-08-24 22:30   656896   ---------   C:\WINDOWS\system32\WMVXENCD.dll
2006-08-24 22:30   63488   --a------   C:\WINDOWS\system32\wpdmtpus.dll
2006-08-24 22:30   629760   --a------   C:\WINDOWS\system32\wpd_ci.dll
2006-08-24 22:30   611840   ---------   C:\WINDOWS\system32\wmpmde.dll
2006-08-24 22:30   603648   --a------   C:\WINDOWS\system32\WMSPDMOD.dll
2006-08-24 22:30   537600   --a------   C:\WINDOWS\system32\blackbox.dll
2006-08-24 22:30   532992   --a------   C:\WINDOWS\system32\wmdrmsdk.dll
2006-08-24 22:30   428032   --a------   C:\WINDOWS\system32\wmdrmdev.dll
2006-08-24 22:30   414208   --a------   C:\WINDOWS\system32\msscp.dll
2006-08-24 22:30   4096   --a------   C:\WINDOWS\system32\wmvdmoe2.dll
2006-08-24 22:30   4096   --a------   C:\WINDOWS\system32\wmvdmod.dll
2006-08-24 22:30   4096   --a------   C:\WINDOWS\system32\WMVADVE.DLL
2006-08-24 22:30   4096   --a------   C:\WINDOWS\system32\WMVADVD.dll
2006-08-24 22:30   4096   --a------   C:\WINDOWS\system32\wmsdmoe2.dll
2006-08-24 22:30   4096   --a------   C:\WINDOWS\system32\wmsdmod.dll
2006-08-24 22:30   4096   --a------   C:\WINDOWS\system32\wdfapi.dll
2006-08-24 22:30   4096   ---------   C:\WINDOWS\system32\MPG4DMOD.dll
2006-08-24 22:30   4096   ---------   C:\WINDOWS\system32\MP4SDMOD.dll
2006-08-24 22:30   4096   ---------   C:\WINDOWS\system32\MP43DMOD.dll
2006-08-24 22:30   37376   --a------   C:\WINDOWS\system32\wmdmps.dll
2006-08-24 22:30   35840   --a------   C:\WINDOWS\system32\wpdconns.dll
2006-08-24 22:30   349184   --a------   C:\WINDOWS\system32\wpdsp.dll
2006-08-24 22:30   347648   --a------   C:\WINDOWS\system32\wmdrmnet.dll
2006-08-24 22:30   33792   --a------   C:\WINDOWS\system32\wmdmlog.dll
2006-08-24 22:30   320512   --a------   C:\WINDOWS\system32\mswmdm.dll
2006-08-24 22:30   316928   ---------   C:\WINDOWS\system32\MP4SDECD.dll
2006-08-24 22:30   314368   --a------   C:\WINDOWS\system32\wmpdxm.dll
2006-08-24 22:30   305152   ---------   C:\WINDOWS\system32\MSDelta.dll
2006-08-24 22:30   295424   ---------   C:\WINDOWS\system32\wmpeffects.dll
2006-08-24 22:30   284160   ---------   C:\WINDOWS\system32\PortableDeviceApi.dll
2006-08-24 22:30   276480   ---------   C:\WINDOWS\system32\audiodev.dll
2006-08-24 22:30   27648   --a------   C:\WINDOWS\system32\mspmsnsv.dll
2006-08-24 22:30   259072   ---------   C:\WINDOWS\system32\MPG4DECD.dll
2006-08-24 22:30   2589184   ---------   C:\WINDOWS\system32\WpdShext.dll
2006-08-24 22:30   258560   ---------   C:\WINDOWS\system32\MP43DECD.dll
2006-08-24 22:30   2450944   --a------   C:\WINDOWS\system32\wmvcore.dll
2006-08-24 22:30   242176   --a------   C:\WINDOWS\system32\wmpasf.dll
2006-08-24 22:30   228352   --a------   C:\WINDOWS\system32\cewmdm.dll
2006-08-24 22:30   227328   --a------   C:\WINDOWS\system32\wmerror.dll
2006-08-24 22:30   222208   --a------   C:\WINDOWS\system32\WMASF.dll
2006-08-24 22:30   211968   --a------   C:\WINDOWS\system32\MFPLAT.dll
2006-08-24 22:30   210432   --a------   C:\WINDOWS\system32\qasf.dll
2006-08-24 22:30   204800   --a------   C:\WINDOWS\system32\wmpsrcwp.dll
2006-08-24 22:30   198144   ---------   C:\WINDOWS\system32\PortableDeviceWMDRM.dll
2006-08-24 22:30   179712   --a------   C:\WINDOWS\system32\msnetobj.dll
2006-08-24 22:30   175104   --a------   C:\WINDOWS\system32\mspmsp.dll
2006-08-24 22:30   166912   ---------   C:\WINDOWS\system32\PortableDeviceTypes.dll
2006-08-24 22:30   1660416   --a------   C:\WINDOWS\system32\wmpencen.dll
2006-08-24 22:30   157184   --a------   C:\WINDOWS\system32\wmidx.dll
2006-08-24 22:30   154624   --a------   C:\WINDOWS\system32\wpdmtp.dll
2006-08-24 22:30   1539584   ---------   C:\WINDOWS\system32\WMVDECOD.dll
2006-08-24 22:30   1532416   ---------   C:\WINDOWS\system32\WMVENCOD.dll
2006-08-24 22:30   1392128   ---------   C:\WINDOWS\system32\WMVSDECD.dll
2006-08-24 22:30   133120   ---------   C:\WINDOWS\system32\WPDShServiceObj.dll
2006-08-24 22:30   1327616   --a------   C:\WINDOWS\system32\WMSPDMOE.dll
2006-08-24 22:30   132096   ---------   C:\WINDOWS\system32\PortableDeviceWiaCompat.dll
2006-08-24 22:30   130048   ---------   C:\WINDOWS\system32\wmpps.dll
2006-08-24 22:30   11264   --a------   C:\WINDOWS\system32\LAPRXY.dll
2006-08-24 22:30   1118208   --a------   C:\WINDOWS\system32\WMADMOE.dll
2006-08-24 22:30   101888   ---------   C:\WINDOWS\system32\PortableDeviceClassExtension.dll
2006-08-24 20:31   100864   --a------   C:\WINDOWS\system32\logagent.exe
2006-08-24 20:27   249344   --a------   C:\WINDOWS\system32\drmupgds.exe
2006-08-24 20:26   95288   ---------   C:\WINDOWS\system32\WUDFCoinstaller.dll
2006-08-24 20:26   38656   --a------   C:\WINDOWS\system32\drivers\wpdusb.sys
2006-08-24 20:26   17408   ---------   C:\WINDOWS\system32\wpdshextautoplay.exe
2006-08-24 19:22   90112   ---------   C:\WINDOWS\system32\drivers\WudfRd.sys
2006-08-24 19:19   316416   ---------   C:\WINDOWS\system32\WUDFx.dll
2006-08-24 19:19   145920   ---------   C:\WINDOWS\system32\WudfHost.exe
2006-08-24 19:18   84864   ---------   C:\WINDOWS\system32\drivers\WudfPf.sys
2006-08-24 19:18   56320   ---------   C:\WINDOWS\system32\WudfSvc.dll
2006-08-24 19:18   168448   ---------   C:\WINDOWS\system32\WudfPlatform.dll
2006-08-11 20:14   22752   --a------   C:\WINDOWS\system32\spupdsvc.exe
 
 
((((((((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))
 
*Note* empty entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"ehTray"="C:\\WINDOWS\\ehome\\ehtray.exe"
"IAAnotif"="C:\\Program Files\\Intel\\Intel Matrix Storage Manager\\iaanotif.exe"
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"nwiz"="nwiz.exe /installquiet /keeploaded /nodetect"
"RTHDCPL"="RTHDCPL.EXE"
"HPHUPD08"="c:\\Program Files\\HP\\Digital Imaging\\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\\hphupd08.exe"
"DISCover"="C:\\Program Files\\DISC\\DISCover.exe"
"DiscUpdateManager"="C:\\Program Files\\DISC\\DiscUpdateMgr.exe"
"DMAScheduler"="c:\\Program Files\\Sonic\\DigitalMedia Plus\\DigitalMedia Archive\\DMAScheduler.exe"
"Recguard"="C:\\WINDOWS\\SMINST\\RECGUARD.EXE"
"PCDrProfiler"=""
"HPBootOp"="\"C:\\Program Files\\Hewlett-Packard\\HP Boot Optimizer\\HPBootOp.exe\" /run"
"Reminder"="\"C:\\Windows\\Creator\\Remind_XP.exe\""
"HP Software Update"=hex(2):43,3a,5c,50,72,6f,67,72,61,6d,20,46,69,6c,65,73,5c,\
  48,50,5c,48,50,20,53,6f,66,74,77,61,72,65,20,55,70,64,61,74,65,5c,48,50,77,\
  75,53,63,68,64,32,2e,65,78,65,00
"TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\"  -osboot"
"NWEReboot"=""
"Zone Labs Client"="\"C:\\Program Files\\Zone Labs\\ZoneAlarm\\zlclient.exe\""
"nod32kui"="\"C:\\Program Files\\Eset\\nod32kui.exe\" /WAITSERVICE"
"!AVG Anti-Spyware"="\"C:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000001

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,20,01,00,00,00,00,00,00,80,04,00,00,66,03,00,00,00,\
  00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\
  ff,ff,04,00,00,00
"RestoredStateInfo"=hex:18,00,00,00,6a,02,00,00,23,00,00,00,a4,00,00,00,9a,00,\
  00,00,01,00,00,00

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001
"InstallVisualStyle"=hex(2):43,3a,5c,57,49,4e,44,4f,57,53,5c,52,65,73,6f,75,72,\
  63,65,73,5c,54,68,65,6d,65,73,5c,52,6f,79,61,6c,65,5c,52,6f,79,61,6c,65,2e,\
  6d,73,73,74,79,6c,65,73,00
"InstallTheme"=hex(2):43,3a,5c,57,49,4e,44,4f,57,53,5c,52,65,73,6f,75,72,63,65,\
  73,5c,54,68,65,6d,65,73,5c,52,6f,79,61,6c,65,2e,74,68,65,6d,65,00

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoCDBurning"=dword:00000000

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"
"WPDShServiceObj"="{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\jkhfc
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wintmh32

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]   
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

Completion time: 06-10-14  0:49:21.04
C:\ComboFix.txt ... 06-10-14 00:49
C:\ComboFix2.txt ... 06-10-14 00:46
Logged

Offline guestolo

  • Site Donator
  • Administrator
  • Hero Member
  • *****
  • Posts: 16034
  • Karma: +1/-0
    • View Profile
    • http://
Help with a possible virus
« Reply #6 on: October 14, 2006, 12:08:14 AM »
Please download [color=\"blue\"]VundoFix.exe[/color]
to your desktop.
  • Double-click VundoFix.exe to run it.
  • Click the Scan for Vundo button.
  • Once it's done scanning, click the Remove Vundo button.
  • You will receive a prompt asking if you want to remove the files,  click YES
  • Once you click yes, your desktop will go blank as it starts removing Vundo.
  • When completed, it will prompt that it will reboot your computer, click OK.
  • Please post the contents of C:\vundofix.txt and a new HiJackThis log.
Note: It is possible that VundoFix encountered a file it could not remove.
In this case, VundoFix will run on reboot, simply follow the above
instructions starting from "Click the Scan for Vundo button." when
VundoFix appears at reboot.
Logged

Do you want to post your own logs from FRST?

Follow the instructions posted http://www.thetechguide.com/forum/index.php/topic/22942-please-read-how-to-post-logs-from-frst/\'>Click Here

Offline Dachronic

  • Newbie
  • *
  • Posts: 49
  • Karma: +0/-0
    • View Profile
Help with a possible virus
« Reply #7 on: October 14, 2006, 01:06:26 AM »
there was one file that vundo wouldn't remove with multiple attempts, I tried to start in safe mode and remove it myself but even in safe mode it was still in use by another program and couldn't be deleted. here are both of the logs.



VundoFix V6.2.2

Checking Java version...

Java version is 1.5.0.5

Java version is 1.5.0.6

Scan started at 1:13:18 AM 10/14/2006

Listing files found while scanning....

C:\WINDOWS\system32\jkhfc.dll
C:\WINDOWS\system32\cfhkj.ini
C:\WINDOWS\system32\cfhkj.bak1
C:\WINDOWS\system32\cfhkj.bak2
C:\WINDOWS\system32\cfhkj.ini2
C:\WINDOWS\system32\otxfsach.dll
C:\WINDOWS\system32\wmqbdrkc.dll
C:\WINDOWS\system32\yxlnvbtd.dll
C:\WINDOWS\system32\guqlnurt.exe
C:\WINDOWS\system32\jkhfc.dll
C:\WINDOWS\system32\cfhkj.ini
C:\WINDOWS\system32\cfhkj.bak1
C:\WINDOWS\system32\cfhkj.bak2
C:\WINDOWS\system32\cfhkj.ini2
C:\WINDOWS\system32\cfhkj.ini
C:\WINDOWS\system32\cfhkj.bak1
C:\WINDOWS\system32\cfhkj.bak2
C:\WINDOWS\system32\cfhkj.ini2

Beginning removal...

 Attempting to delete C:\WINDOWS\system32\jkhfc.dll
C:\WINDOWS\system32\jkhfc.dll Could not be deleted.

 Attempting to delete C:\WINDOWS\system32\cfhkj.ini
C:\WINDOWS\system32\cfhkj.ini Has been deleted!

 Attempting to delete C:\WINDOWS\system32\cfhkj.bak1
C:\WINDOWS\system32\cfhkj.bak1 Has been deleted!

 Attempting to delete C:\WINDOWS\system32\cfhkj.bak2
C:\WINDOWS\system32\cfhkj.bak2 Has been deleted!

 Attempting to delete C:\WINDOWS\system32\cfhkj.ini2
C:\WINDOWS\system32\cfhkj.ini2 Has been deleted!

 Attempting to delete C:\WINDOWS\system32\otxfsach.dll
C:\WINDOWS\system32\otxfsach.dll Has been deleted!

 Attempting to delete C:\WINDOWS\system32\wmqbdrkc.dll
C:\WINDOWS\system32\wmqbdrkc.dll Has been deleted!

 Attempting to delete C:\WINDOWS\system32\yxlnvbtd.dll
C:\WINDOWS\system32\yxlnvbtd.dll Has been deleted!

 Attempting to delete C:\WINDOWS\system32\guqlnurt.exe
C:\WINDOWS\system32\guqlnurt.exe Has been deleted!

 Attempting to delete C:\WINDOWS\system32\jkhfc.dll
C:\WINDOWS\system32\jkhfc.dll Could not be deleted.

 Attempting to delete C:\WINDOWS\system32\cfhkj.ini
C:\WINDOWS\system32\cfhkj.ini Has been deleted!

Performing Repairs to the registry.
Done!

Beginning removal...

 Attempting to delete C:\WINDOWS\system32\jkhfc.dll
C:\WINDOWS\system32\jkhfc.dll Could not be deleted.

 Attempting to delete C:\WINDOWS\system32\cfhkj.ini
C:\WINDOWS\system32\cfhkj.ini Has been deleted!

 Attempting to delete C:\WINDOWS\system32\jkhfc.dll
C:\WINDOWS\system32\jkhfc.dll Could not be deleted.

Performing Repairs to the registry.
Done!

VundoFix V6.2.2

Checking Java version...

Java version is 1.5.0.5

Java version is 1.5.0.6

Scan started at 1:32:18 AM 10/14/2006

Listing files found while scanning....

C:\WINDOWS\system32\jkhfc.dll
C:\WINDOWS\system32\cfhkj.ini
C:\WINDOWS\system32\jkhfc.dll
C:\WINDOWS\system32\cfhkj.ini
C:\WINDOWS\system32\cfhkj.ini

Beginning removal...

 Attempting to delete C:\WINDOWS\system32\jkhfc.dll
C:\WINDOWS\system32\jkhfc.dll Could not be deleted.

 Attempting to delete C:\WINDOWS\system32\cfhkj.ini
C:\WINDOWS\system32\cfhkj.ini Has been deleted!

 Attempting to delete C:\WINDOWS\system32\jkhfc.dll
C:\WINDOWS\system32\jkhfc.dll Could not be deleted.

Performing Repairs to the registry.
Done!

Beginning removal...

 Attempting to delete C:\WINDOWS\system32\jkhfc.dll
C:\WINDOWS\system32\jkhfc.dll Could not be deleted.

 Attempting to delete C:\WINDOWS\system32\cfhkj.ini
C:\WINDOWS\system32\cfhkj.ini Has been deleted!

 Attempting to delete C:\WINDOWS\system32\jkhfc.dll
C:\WINDOWS\system32\jkhfc.dll Could not be deleted.

Performing Repairs to the registry.
Done!

Beginning removal...





-------------------------------------------------------------------------------------------------------------------


Logfile of HijackThis v1.99.1
Scan saved at 2:04:52 AM, on 10/14/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\IntelDH\Intel® Quick Resume Technology\ELService.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\DISC\DiscUpdateMgr.exe
C:\Program Files\Sonic\DigitalMedia Plus\DigitalMedia Archive\DMAScheduler.exe
C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe
C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\HP\KBD\KBD.EXE
C:\Documents and Settings\HP_Administrator\Desktop\hijackthis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [HPHUPD08] c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe
O4 - HKLM\..\Run: [DISCover] C:\Program Files\DISC\DISCover.exe
O4 - HKLM\..\Run: [DiscUpdateManager] C:\Program Files\DISC\DiscUpdateMgr.exe
O4 - HKLM\..\Run: [DMAScheduler] c:\Program Files\Sonic\DigitalMedia Plus\DigitalMedia Archive\DMAScheduler.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\Xfire.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://*.trymedia.com (HKLM)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Intel® Quick Resume Technology Drivers (ELService) - Intel Corporation - C:\Program Files\Intel\IntelDH\Intel® Quick Resume Technology\ELService.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset  - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
Logged

Offline guestolo

  • Site Donator
  • Administrator
  • Hero Member
  • *****
  • Posts: 16034
  • Karma: +1/-0
    • View Profile
    • http://
Help with a possible virus
« Reply #8 on: October 14, 2006, 09:53:17 AM »
Can you do the following for me please
Right click on Hijacthis.exe on desktop and rename it too
scanit.exe

Download the latest version of  Java Runtime Environment (JRE) 5.0 Update 9
  • Scroll down to where it says "The J2SE Runtime Environment (JRE) allows end-users to run Java applications".
  • Click the "Download" button to the right.
  • Check the box that says: "Accept License Agreement[/i]".
  • The page will refresh.
  • Click on the link to download Windows Offline Installation Multi-language
Save the file to your Desktop.
Don't install it yet

Access your Windows Control panel and open the Java Icon
Under the General tab click "Delete Files"
Leave all 3 selections selected and click OK

Access your Add/Remove programs via control panel
Search in the list for all previous installed versions of Java. (J2SE Runtime Environment.... )
J2SE Runtime Environment 5.0 Update 5
J2SE Runtime Environment 5.0 Update 6
They should have the following icon next to it:  
Select it and click Remove all of them

Please download VirtumundoBeGone:
http://secured2k.home.comcast.net/tools/VirtumundoBeGone.exe
* Save it to the Desktop
* Close all running programs (including your Internet Browser)
* Double-click VirtumundoBeGone.exe on the Desktop
* Follow the directions as indicated

This program may generate a "BLUE SCREEN OF DEATH". Do not be concerned.
Just reboot if your system freezes

The VirtumundoBeGone log VBG.txt is found on the Desktop.

Go ahead and install the latest version of Sun Java from the installer on desktop
follow the prompts, after installation, delete the installer from desktop

1. Can you post the contents of VBG.txt
2. Also, run a fresh Scan and save logfile with scanit.exe (Hijackthis)
and post the fresh log
3. Can you run Combofix again and post the new log that opens

Also
4. Download [color=\"red\"]SmitfraudFix[/color][/url] (by S!Ri)
Extract the contents (a folder named SmitfraudFix) to your Desktop.

Open the SmitfraudFix folder and double-click smitfraudfix.cmd
Select option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).
Please copy/paste the content of that report into your next reply.

[color=\"#3366FF\"]Note[/color] : [color=\"#FF0000\"]process.exe[/color] [color=\"#3366FF\"]is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.[/color]

I would like to see all the above 4 logs
Even if it requires you to make multiple replies to do so
« Last Edit: October 14, 2006, 11:36:33 AM by guestolo »
Logged

Do you want to post your own logs from FRST?

Follow the instructions posted http://www.thetechguide.com/forum/index.php/topic/22942-please-read-how-to-post-logs-from-frst/\'>Click Here

Offline Dachronic

  • Newbie
  • *
  • Posts: 49
  • Karma: +0/-0
    • View Profile
Help with a possible virus
« Reply #9 on: October 14, 2006, 01:34:17 PM »
I just woke up but I will get started on posting those logs, thx again for your help
Logged

Offline Dachronic

  • Newbie
  • *
  • Posts: 49
  • Karma: +0/-0
    • View Profile
Help with a possible virus
« Reply #10 on: October 14, 2006, 02:05:58 PM »
[10/14/2006, 14:54:14] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\HP_Administrator\Desktop\VirtumundoBeGone.exe" )
[10/14/2006, 14:54:20] - Detected System Information:
[10/14/2006, 14:54:20] -  Windows Version: 5.1.2600, Service Pack 2
[10/14/2006, 14:54:20] -  Current Username: HP_Administrator (Admin)
[10/14/2006, 14:54:20] -  Windows is in NORMAL mode.
[10/14/2006, 14:54:20] - Searching for Browser Helper Objects:
[10/14/2006, 14:54:20] -  BHO 1: {02478D38-C3F9-4EFB-9B51-7695ECA05670} (Yahoo! Toolbar Helper)
[10/14/2006, 14:54:20] -  BHO 2: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (AcroIEHlprObj Class)
[10/14/2006, 14:54:20] -  BHO 3: {53707962-6F74-2D53-2644-206D7942484F} ()
[10/14/2006, 14:54:20] - WARNING: BHO has no default name. Checking for Winlogon reference.
[10/14/2006, 14:54:20] -  Checking for HKLM\...\Winlogon\Notify\SDHelper
[10/14/2006, 14:54:20] -  Key not found: HKLM\...\Winlogon\Notify\SDHelper, continuing.
[10/14/2006, 14:54:20] -  BHO 4: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} (Yahoo! IE Services Button)
[10/14/2006, 14:54:20] -  BHO 5: {788013CF-3276-4BC1-9864-13F3347E4977} ()
[10/14/2006, 14:54:20] - WARNING: BHO has no default name. Checking for Winlogon reference.
[10/14/2006, 14:54:20] -  Checking for HKLM\...\Winlogon\Notify\jkhfc
[10/14/2006, 14:54:20] -  Found: HKLM\...\Winlogon\Notify\jkhfc - This is probably Virtumundo.
[10/14/2006, 14:54:20] -  Assigning {788013CF-3276-4BC1-9864-13F3347E4977} MSEvents Object
[10/14/2006, 14:54:20] - BHO list has been changed! Starting over...
[10/14/2006, 14:54:20] -  BHO 1: {02478D38-C3F9-4EFB-9B51-7695ECA05670} (Yahoo! Toolbar Helper)
[10/14/2006, 14:54:20] -  BHO 2: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (AcroIEHlprObj Class)
[10/14/2006, 14:54:20] -  BHO 3: {53707962-6F74-2D53-2644-206D7942484F} ()
[10/14/2006, 14:54:20] - WARNING: BHO has no default name. Checking for Winlogon reference.
[10/14/2006, 14:54:20] -  Checking for HKLM\...\Winlogon\Notify\SDHelper
[10/14/2006, 14:54:20] -  Key not found: HKLM\...\Winlogon\Notify\SDHelper, continuing.
[10/14/2006, 14:54:20] -  BHO 4: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} (Yahoo! IE Services Button)
[10/14/2006, 14:54:20] -  BHO 5: {788013CF-3276-4BC1-9864-13F3347E4977} (MSEvents Object)
[10/14/2006, 14:54:20] - ALERT: Found MSEvents Object!
[10/14/2006, 14:54:20] -  BHO 6: {849B9523-785F-4014-9CAF-079FB4A74C61} ()
[10/14/2006, 14:54:20] - WARNING: BHO has no default name. Checking for Winlogon reference.
[10/14/2006, 14:54:20] -  Checking for HKLM\...\Winlogon\Notify\cvcslkpq
[10/14/2006, 14:54:20] -  Key not found: HKLM\...\Winlogon\Notify\cvcslkpq, continuing.
[10/14/2006, 14:54:20] -  BHO 7: {AAAE832A-5FFF-4661-9C8F-369692D1DCB9} (hpWebHelper Class)
[10/14/2006, 14:54:21] - Finished Searching Browser Helper Objects
[10/14/2006, 14:54:21] - *** Detected MSEvents Object
[10/14/2006, 14:54:21] - Trying to remove MSEvents Object...
[10/14/2006, 14:54:22] -    Terminating Process: IEXPLORE.EXE
[10/14/2006, 14:54:22] -    Terminating Process: RUNDLL32.EXE
[10/14/2006, 14:54:40] -    Disabling Automatic Shell Restart
[10/14/2006, 14:54:40] -    Terminating Process: EXPLORER.EXE
[10/14/2006, 14:54:40] -    Suspending the NT Session Manager System Service
[10/14/2006, 14:54:46] -    Terminating Windows NT Logon/Logoff Manager

Logfile of HijackThis v1.99.1
Scan saved at 3:02:30 PM, on 10/14/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\IntelDH\Intel® Quick Resume Technology\ELService.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\DISC\DiscUpdateMgr.exe
C:\Program Files\Sonic\DigitalMedia Plus\DigitalMedia Archive\DMAScheduler.exe
C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Eset\nod32kui.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
c:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\msiexec.exe
C:\Documents and Settings\HP_Administrator\Desktop\scanit.exe.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: (no name) - {5CAEEF81-6407-450F-92A3-C22E7EB5E7FF} - C:\WINDOWS\system32\jkhfc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: (no name) - {849B9523-785F-4014-9CAF-079FB4A74C61} - C:\WINDOWS\system32\cvcslkpq.dll (file missing)
O2 - BHO: hpWebHelper Class - {AAAE832A-5FFF-4661-9C8F-369692D1DCB9} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\WebHelper.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [HPHUPD08] c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe
O4 - HKLM\..\Run: [DISCover] C:\Program Files\DISC\DISCover.exe
O4 - HKLM\..\Run: [DiscUpdateManager] C:\Program Files\DISC\DiscUpdateMgr.exe
O4 - HKLM\..\Run: [DMAScheduler] c:\Program Files\Sonic\DigitalMedia Plus\DigitalMedia Archive\DMAScheduler.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\Xfire.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\npjpi150_09.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\npjpi150_09.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://*.trymedia.com (HKLM)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O20 - Winlogon Notify: jkhfc - C:\WINDOWS\system32\jkhfc.dll
O20 - Winlogon Notify: wintmh32 - wintmh32.dll (file missing)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Intel® Quick Resume Technology Drivers (ELService) - Intel Corporation - C:\Program Files\Intel\IntelDH\Intel® Quick Resume Technology\ELService.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset  - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe



HP_Administrator - 06-10-14 15:03:49.06    Service Pack 2
ComboFix 06.10.14 - Running from: "C:\Documents and Settings\HP_Administrator\Desktop"

(((((((((((((((((((((((((((((((   Files Created from 2006-09-14 to 2006-10-14  ))))))))))))))))))))))))))))))))))
 
 
2006-10-13   16:11   3,968   --a------   C:\WINDOWS\system32\drivers\AvgAsCln.sys
2006-10-13   03:47   502,368   --a------   C:\WINDOWS\system32\drivers\amon.sys
2006-10-13   03:47   274,432   --a------   C:\WINDOWS\system32\imon.dll
2006-10-09   20:36   0   --a------   C:\WINDOWS\system32\dlh9jkdq8.exe
2006-10-09   16:31   62,744   --a------   C:\WINDOWS\system32\xinput1_2.dll
2006-10-09   16:31   236,824   --a------   C:\WINDOWS\system32\xactengine2_3.dll
2006-09-15   12:34   577,588   ---------   C:\WINDOWS\system32\jkhfc.dll


((((((((((((((((((((((((((((((((((((((((((((((((   Find3M Report   )))))))))))))))))))))))))))))))))))))))))))))))))))))   


2006-10-14 15:01   --------   d--------   C:\Program Files\Java
2006-10-14 14:58   --------   d--------   C:\Program Files\Mozilla Firefox
2006-10-13 16:59   --------   d--------   C:\Documents and Settings\HP_Administrator\Application Data\Azureus
2006-10-13 16:11   --------   d--------   C:\Program Files\Grisoft
2006-10-13 14:24   --------   d--------   C:\Program Files\ESET
2006-10-13 03:27   135680   --a------   C:\WINDOWS\system32\taskmgr.exe
2006-10-13 03:22   1032192   --a------   C:\WINDOWS\explorer.exe
2006-10-10 14:02   --------   d--------   C:\Program Files\Dolphin
2006-10-09 16:25   --------   d--h-----   C:\Program Files\InstallShield Installation Information
2006-10-09 16:20   --------   d--------   C:\Program Files\Radical Games
2006-10-07 18:01   --------   d--------   C:\Program Files\GameSpy Arcade
2006-10-06 17:02   --------   d--------   C:\Program Files\PokerStars
2006-10-01 21:26   --------   d--------   C:\Program Files\Zone Labs
2006-09-30 20:25   --------   d--------   C:\Program Files\VIRTUAL RC RACING
2006-09-30 13:41   --------   d--------   C:\Program Files\EA GAMES
2006-09-30 12:14   --------   d--------   C:\Program Files\Windows Media Player
2006-09-30 12:14   --------   d--------   C:\Program Files\Windows Media Connect 2
2006-09-29 01:44   --------   d--------   C:\Program Files\Common Files\Symantec Shared
2006-09-29 01:42   --------   d--------   C:\Program Files\Symantec
2006-09-29 01:42   --------   d--------   C:\Program Files\Common Files
2006-09-29 01:29   --------   d--------   C:\Program Files\KONAMI
2006-09-23 22:06   --------   d--------   C:\Program Files\Project64 1.6
2006-09-23 20:17   --------   d--------   C:\Program Files\YVD
2006-09-23 14:53   --------   d--------   C:\Program Files\Empyre Group
2006-09-20 19:55   --------   d--------   C:\Program Files\Winamp
2006-09-19 14:37   --------   d--------   C:\Program Files\GemMaster
2006-09-19 14:35   --------   d--------   C:\Program Files\Quicken
2006-09-17 16:43   --------   d--------   C:\Documents and Settings\HP_Administrator\Application Data\Google
2006-09-17 16:42   --------   d--------   C:\Program Files\Google
2006-09-17 14:34   --------   d--------   C:\Program Files\Lavasoft
2006-09-17 14:34   --------   d--------   C:\Documents and Settings\HP_Administrator\Application Data\Lavasoft
2006-09-15 22:29   163644   --a------   C:\WINDOWS\system32\drivers\secdrv.sys
2006-09-15 22:24   --------   d--------   C:\Program Files\Activision
2006-09-15 12:15   --------   d--------   C:\Documents and Settings\HP_Administrator\Application Data\HPQ
2006-09-15 00:20   --------   d---s----   C:\Documents and Settings\HP_Administrator\Application Data\Microsoft
2006-09-13 01:18   --------   d--------   C:\Program Files\Microsoft Games
2006-09-10 00:44   --------   d--------   C:\Program Files\MSXML 4.0
2006-09-09 21:37   --------   d--------   C:\Program Files\Azureus
2006-09-09 00:21   98304   --a------   C:\WINDOWS\system32\CmdLineExt.dll
2006-09-09 00:15   --------   d--------   C:\Program Files\Sierra
2006-09-05 12:25   --------   d--------   C:\Program Files\DISC
2006-08-24 22:42   8704   --a------   C:\WINDOWS\system32\wdfmgr.exe
2006-08-24 22:42   8704   --a------   C:\WINDOWS\system32\uwdf.exe
2006-08-24 22:30   99840   --a------   C:\WINDOWS\system32\wmpshell.dll
2006-08-24 22:30   990208   --a------   C:\WINDOWS\system32\drmv2clt.dll
2006-08-24 22:30   937984   --a------   C:\WINDOWS\system32\WMNetMgr.dll
2006-08-24 22:30   8337920   --a------   C:\WINDOWS\system32\wmploc.dll
2006-08-24 22:30   790016   ---------   C:\WINDOWS\system32\WMVSENCD.dll
2006-08-24 22:30   757248   --a------   C:\WINDOWS\system32\WMADMOD.dll
2006-08-24 22:30   7168   ---------   C:\WINDOWS\system32\asferror.dll
2006-08-24 22:30   656896   ---------   C:\WINDOWS\system32\WMVXENCD.dll
2006-08-24 22:30   63488   --a------   C:\WINDOWS\system32\wpdmtpus.dll
2006-08-24 22:30   629760   --a------   C:\WINDOWS\system32\wpd_ci.dll
2006-08-24 22:30   611840   ---------   C:\WINDOWS\system32\wmpmde.dll
2006-08-24 22:30   603648   --a------   C:\WINDOWS\system32\WMSPDMOD.dll
2006-08-24 22:30   537600   --a------   C:\WINDOWS\system32\blackbox.dll
2006-08-24 22:30   532992   --a------   C:\WINDOWS\system32\wmdrmsdk.dll
2006-08-24 22:30   428032   --a------   C:\WINDOWS\system32\wmdrmdev.dll
2006-08-24 22:30   414208   --a------   C:\WINDOWS\system32\msscp.dll
2006-08-24 22:30   4096   --a------   C:\WINDOWS\system32\wmvdmoe2.dll
2006-08-24 22:30   4096   --a------   C:\WINDOWS\system32\wmvdmod.dll
2006-08-24 22:30   4096   --a------   C:\WINDOWS\system32\WMVADVE.DLL
2006-08-24 22:30   4096   --a------   C:\WINDOWS\system32\WMVADVD.dll
2006-08-24 22:30   4096   --a------   C:\WINDOWS\system32\wmsdmoe2.dll
2006-08-24 22:30   4096   --a------   C:\WINDOWS\system32\wmsdmod.dll
2006-08-24 22:30   4096   --a------   C:\WINDOWS\system32\wdfapi.dll
2006-08-24 22:30   4096   ---------   C:\WINDOWS\system32\MPG4DMOD.dll
2006-08-24 22:30   4096   ---------   C:\WINDOWS\system32\MP4SDMOD.dll
2006-08-24 22:30   4096   ---------   C:\WINDOWS\system32\MP43DMOD.dll
2006-08-24 22:30   37376   --a------   C:\WINDOWS\system32\wmdmps.dll
2006-08-24 22:30   35840   --a------   C:\WINDOWS\system32\wpdconns.dll
2006-08-24 22:30   349184   --a------   C:\WINDOWS\system32\wpdsp.dll
2006-08-24 22:30   347648   --a------   C:\WINDOWS\system32\wmdrmnet.dll
2006-08-24 22:30   33792   --a------   C:\WINDOWS\system32\wmdmlog.dll
2006-08-24 22:30   320512   --a------   C:\WINDOWS\system32\mswmdm.dll
2006-08-24 22:30   316928   ---------   C:\WINDOWS\system32\MP4SDECD.dll
2006-08-24 22:30   314368   --a------   C:\WINDOWS\system32\wmpdxm.dll
2006-08-24 22:30   305152   ---------   C:\WINDOWS\system32\MSDelta.dll
2006-08-24 22:30   295424   ---------   C:\WINDOWS\system32\wmpeffects.dll
2006-08-24 22:30   284160   ---------   C:\WINDOWS\system32\PortableDeviceApi.dll
2006-08-24 22:30   276480   ---------   C:\WINDOWS\system32\audiodev.dll
2006-08-24 22:30   27648   --a------   C:\WINDOWS\system32\mspmsnsv.dll
2006-08-24 22:30   259072   ---------   C:\WINDOWS\system32\MPG4DECD.dll
2006-08-24 22:30   2589184   ---------   C:\WINDOWS\system32\WpdShext.dll
2006-08-24 22:30   258560   ---------   C:\WINDOWS\system32\MP43DECD.dll
2006-08-24 22:30   2450944   --a------   C:\WINDOWS\system32\wmvcore.dll
2006-08-24 22:30   242176   --a------   C:\WINDOWS\system32\wmpasf.dll
2006-08-24 22:30   228352   --a------   C:\WINDOWS\system32\cewmdm.dll
2006-08-24 22:30   227328   --a------   C:\WINDOWS\system32\wmerror.dll
2006-08-24 22:30   222208   --a------   C:\WINDOWS\system32\WMASF.dll
2006-08-24 22:30   211968   --a------   C:\WINDOWS\system32\MFPLAT.dll
2006-08-24 22:30   210432   --a------   C:\WINDOWS\system32\qasf.dll
2006-08-24 22:30   204800   --a------   C:\WINDOWS\system32\wmpsrcwp.dll
2006-08-24 22:30   198144   ---------   C:\WINDOWS\system32\PortableDeviceWMDRM.dll
2006-08-24 22:30   179712   --a------   C:\WINDOWS\system32\msnetobj.dll
2006-08-24 22:30   175104   --a------   C:\WINDOWS\system32\mspmsp.dll
2006-08-24 22:30   166912   ---------   C:\WINDOWS\system32\PortableDeviceTypes.dll
2006-08-24 22:30   1660416   --a------   C:\WINDOWS\system32\wmpencen.dll
2006-08-24 22:30   157184   --a------   C:\WINDOWS\system32\wmidx.dll
2006-08-24 22:30   154624   --a------   C:\WINDOWS\system32\wpdmtp.dll
2006-08-24 22:30   1539584   ---------   C:\WINDOWS\system32\WMVDECOD.dll
2006-08-24 22:30   1532416   ---------   C:\WINDOWS\system32\WMVENCOD.dll
2006-08-24 22:30   1392128   ---------   C:\WINDOWS\system32\WMVSDECD.dll
2006-08-24 22:30   133120   ---------   C:\WINDOWS\system32\WPDShServiceObj.dll
2006-08-24 22:30   1327616   --a------   C:\WINDOWS\system32\WMSPDMOE.dll
2006-08-24 22:30   132096   ---------   C:\WINDOWS\system32\PortableDeviceWiaCompat.dll
2006-08-24 22:30   130048   ---------   C:\WINDOWS\system32\wmpps.dll
2006-08-24 22:30   11264   --a------   C:\WINDOWS\system32\LAPRXY.dll
2006-08-24 22:30   1118208   --a------   C:\WINDOWS\system32\WMADMOE.dll
2006-08-24 22:30   101888   ---------   C:\WINDOWS\system32\PortableDeviceClassExtension.dll
2006-08-24 20:31   100864   --a------   C:\WINDOWS\system32\logagent.exe
2006-08-24 20:27   249344   --a------   C:\WINDOWS\system32\drmupgds.exe
2006-08-24 20:26   95288   ---------   C:\WINDOWS\system32\WUDFCoinstaller.dll
2006-08-24 20:26   38656   --a------   C:\WINDOWS\system32\drivers\wpdusb.sys
2006-08-24 20:26   17408   ---------   C:\WINDOWS\system32\wpdshextautoplay.exe
2006-08-24 19:22   90112   ---------   C:\WINDOWS\system32\drivers\WudfRd.sys
2006-08-24 19:19   316416   ---------   C:\WINDOWS\system32\WUDFx.dll
2006-08-24 19:19   145920   ---------   C:\WINDOWS\system32\WudfHost.exe
2006-08-24 19:18   84864   ---------   C:\WINDOWS\system32\drivers\WudfPf.sys
2006-08-24 19:18   56320   ---------   C:\WINDOWS\system32\WudfSvc.dll
2006-08-24 19:18   168448   ---------   C:\WINDOWS\system32\WudfPlatform.dll
2006-08-11 20:14   22752   --a------   C:\WINDOWS\system32\spupdsvc.exe
 
 
((((((((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))
 
*Note* empty entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"ehTray"="C:\\WINDOWS\\ehome\\ehtray.exe"
"IAAnotif"="C:\\Program Files\\Intel\\Intel Matrix Storage Manager\\iaanotif.exe"
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"nwiz"="nwiz.exe /installquiet /keeploaded /nodetect"
"RTHDCPL"="RTHDCPL.EXE"
"HPHUPD08"="c:\\Program Files\\HP\\Digital Imaging\\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\\hphupd08.exe"
"DISCover"="C:\\Program Files\\DISC\\DISCover.exe"
"DiscUpdateManager"="C:\\Program Files\\DISC\\DiscUpdateMgr.exe"
"DMAScheduler"="c:\\Program Files\\Sonic\\DigitalMedia Plus\\DigitalMedia Archive\\DMAScheduler.exe"
"Recguard"="C:\\WINDOWS\\SMINST\\RECGUARD.EXE"
"PCDrProfiler"=""
"HPBootOp"="\"C:\\Program Files\\Hewlett-Packard\\HP Boot Optimizer\\HPBootOp.exe\" /run"
"Reminder"="\"C:\\Windows\\Creator\\Remind_XP.exe\""
"HP Software Update"=hex(2):43,3a,5c,50,72,6f,67,72,61,6d,20,46,69,6c,65,73,5c,\
  48,50,5c,48,50,20,53,6f,66,74,77,61,72,65,20,55,70,64,61,74,65,5c,48,50,77,\
  75,53,63,68,64,32,2e,65,78,65,00
"TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\"  -osboot"
"NWEReboot"=""
"Zone Labs Client"="\"C:\\Program Files\\Zone Labs\\ZoneAlarm\\zlclient.exe\""
"nod32kui"="\"C:\\Program Files\\Eset\\nod32kui.exe\" /WAITSERVICE"
"!AVG Anti-Spyware"="\"C:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized"
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.5.0_09\\bin\\jusched.exe\""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000001

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,20,01,00,00,00,00,00,00,80,04,00,00,66,03,00,00,00,\
  00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\
  ff,ff,04,00,00,00
"RestoredStateInfo"=hex:18,00,00,00,6a,02,00,00,23,00,00,00,a4,00,00,00,9a,00,\
  00,00,01,00,00,00

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001
"InstallVisualStyle"=hex(2):43,3a,5c,57,49,4e,44,4f,57,53,5c,52,65,73,6f,75,72,\
  63,65,73,5c,54,68,65,6d,65,73,5c,52,6f,79,61,6c,65,5c,52,6f,79,61,6c,65,2e,\
  6d,73,73,74,79,6c,65,73,00
"InstallTheme"=hex(2):43,3a,5c,57,49,4e,44,4f,57,53,5c,52,65,73,6f,75,72,63,65,\
  73,5c,54,68,65,6d,65,73,5c,52,6f,79,61,6c,65,2e,74,68,65,6d,65,00

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoCDBurning"=dword:00000000

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"
"WPDShServiceObj"="{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\jkhfc
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wintmh32

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]   
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

Completion time: 06-10-14 15:05:08.42
C:\ComboFix.txt ... 06-10-14 15:05
C:\ComboFix2.txt ... 06-10-14 00:49
C:\ComboFix3.txt ... 06-10-14 00:46
Logged

Offline guestolo

  • Site Donator
  • Administrator
  • Hero Member
  • *****
  • Posts: 16034
  • Karma: +1/-0
    • View Profile
    • http://
Help with a possible virus
« Reply #11 on: October 14, 2006, 02:08:16 PM »
Can you post the log from Smitfraudfix please
Logged

Do you want to post your own logs from FRST?

Follow the instructions posted http://www.thetechguide.com/forum/index.php/topic/22942-please-read-how-to-post-logs-from-frst/\'>Click Here

Offline Dachronic

  • Newbie
  • *
  • Posts: 49
  • Karma: +0/-0
    • View Profile
Help with a possible virus
« Reply #12 on: October 14, 2006, 02:08:44 PM »
SmitFraudFix v2.109

Scan done at 15:07:41.92, Sat 10/14/2006
Run from C:\Documents and Settings\HP_Administrator\Desktop\SmitfraudFix\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
Fix run in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32

C:\WINDOWS\system32\dlh9jkdq?.exe FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\HP_Administrator


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\HP_Administrator\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Start Menu


»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\HP_ADM~1\FAVORI~1


»»»»»»»»»»»»»»»»»»»»»»»» Desktop


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files


»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys


»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components
 
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
 

»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""


»»»»»»»»»»»»»»»»»»»»»»»» pe386-msguard-lzx32


»»»»»»»»»»»»»»»»»»»»»»»» Scanning wininet.dll infection


»»»»»»»»»»»»»»»»»»»»»»»» End
Logged

Offline guestolo

  • Site Donator
  • Administrator
  • Hero Member
  • *****
  • Posts: 16034
  • Karma: +1/-0
    • View Profile
    • http://
Help with a possible virus
« Reply #13 on: October 14, 2006, 02:26:23 PM »
Can you do the following please
Download The Avenger.zip by Swandog46 to your Desktop.

    * Click on Avenger.zip to open the file
    * Extract avenger.exe to your desktop

Copy ALL the text contained in [color=\"#3333FF\"]blue[/color] below to your Clipboard by highlighting it and pressing the (Ctrl+C) on your keyboard


[color=\"#3333FF\"]files to delete:
C:\WINDOWS\system32\dlh9jkdq8.exe
C:\WINDOWS\system32\wintmh32.dll
C:\WINDOWS\system32\cfhkj.ini
C:\WINDOWS\system32\jkhfc.dll [/color]


Now, start The Avenger program by clicking on its icon on your desktop

    * Under "Script file to execute" choose "Input Script Manually".
    * Now click on the Magnifying Glass icon which will open a new window titled "View/edit script"
    * Paste the text copied to clipboard into this window by pressing (Ctrl+V).
    * Click Done
    * Now click on the Green Light to begin execution of the script
    * Answer "Yes" twice when prompted.

Avenger should now Reboot your computer

Back in Windows

Do a "System scan only" with Hijackthis(scanit.exe) and put a check next to these entries:

O2 - BHO: (no name) - {5CAEEF81-6407-450F-92A3-C22E7EB5E7FF} - C:\WINDOWS\system32\jkhfc.dll
O2 - BHO: (no name) - {849B9523-785F-4014-9CAF-079FB4A74C61} - C:\WINDOWS\system32\cvcslkpq.dll (file missing)
O20 - Winlogon Notify: jkhfc - C:\WINDOWS\system32\jkhfc.dll
O20 - Winlogon Notify: wintmh32 - wintmh32.dll (file missing)

After you have ticked the above entries, close All other open windows
Including this one
Leave Hijackthis open and click FIX CHECKED
OK the prompt and exit Hijackthis

Reboot one more time
Back in Windows
Can you post a fresh log again from scanit.exe
Logged

Do you want to post your own logs from FRST?

Follow the instructions posted http://www.thetechguide.com/forum/index.php/topic/22942-please-read-how-to-post-logs-from-frst/\'>Click Here

Offline Dachronic

  • Newbie
  • *
  • Posts: 49
  • Karma: +0/-0
    • View Profile
Help with a possible virus
« Reply #14 on: October 14, 2006, 02:43:48 PM »
Logfile of HijackThis v1.99.1
Scan saved at 3:42:46 PM, on 10/14/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\IntelDH\Intel® Quick Resume Technology\ELService.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\DISC\DiscUpdateMgr.exe
C:\Program Files\Sonic\DigitalMedia Plus\DigitalMedia Archive\DMAScheduler.exe
C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe
C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Documents and Settings\HP_Administrator\Desktop\scanit.exe.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: hpWebHelper Class - {AAAE832A-5FFF-4661-9C8F-369692D1DCB9} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\WebHelper.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [HPHUPD08] c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe
O4 - HKLM\..\Run: [DISCover] C:\Program Files\DISC\DISCover.exe
O4 - HKLM\..\Run: [DiscUpdateManager] C:\Program Files\DISC\DiscUpdateMgr.exe
O4 - HKLM\..\Run: [DMAScheduler] c:\Program Files\Sonic\DigitalMedia Plus\DigitalMedia Archive\DMAScheduler.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\Xfire.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://*.trymedia.com (HKLM)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Intel® Quick Resume Technology Drivers (ELService) - Intel Corporation - C:\Program Files\Intel\IntelDH\Intel® Quick Resume Technology\ELService.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset  - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
Logged

Offline guestolo

  • Site Donator
  • Administrator
  • Hero Member
  • *****
  • Posts: 16034
  • Karma: +1/-0
    • View Profile
    • http://
Help with a possible virus
« Reply #15 on: October 14, 2006, 02:54:30 PM »
Woops, sorry, can I have you also post the log from Avenger please
Found here
C:\Avenger.txt

Is your task manager still disabled?
« Last Edit: October 14, 2006, 02:54:51 PM by guestolo »
Logged

Do you want to post your own logs from FRST?

Follow the instructions posted http://www.thetechguide.com/forum/index.php/topic/22942-please-read-how-to-post-logs-from-frst/\'>Click Here

Offline Dachronic

  • Newbie
  • *
  • Posts: 49
  • Karma: +0/-0
    • View Profile
Help with a possible virus
« Reply #16 on: October 14, 2006, 03:11:07 PM »
yes task manager works againand so far IE hasn't tried to make windows explorer crash


Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\vfwfsvbq

*******************

Script file located at: \??\C:\Program Files\wadybjfl.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

File C:\WINDOWS\system32\dlh9jkdq8.exe deleted successfully.


File C:\WINDOWS\system32\wintmh32.dll not found!
Deletion of file C:\WINDOWS\system32\wintmh32.dll failed!

Could not process line:
C:\WINDOWS\system32\wintmh32.dll
Status: 0xc0000034

File C:\WINDOWS\system32\cfhkj.ini deleted successfully.
File C:\WINDOWS\system32\jkhfc.dll deleted successfully.

Completed script processing.

*******************

Finished!  Terminate.

thanks again
Logged

Offline guestolo

  • Site Donator
  • Administrator
  • Hero Member
  • *****
  • Posts: 16034
  • Karma: +1/-0
    • View Profile
    • http://
Help with a possible virus
« Reply #17 on: October 14, 2006, 03:34:30 PM »
Can we just ensure we have nailed everything
I suggest you do the following
Since you have AVG antispyware installed
  • Load AVG-antispyware and then click the Update tab at the top. Under Manual Update click Start update.
  • After the update finishes (the status bar at the bottom will display "Update successful")
  • Close AVG-Antispyware.
Do not run it yet.

Print the rest of these instructions or save them too a text file on desktop

Reboot your computer into Safe Mode. To boot into Safe Mode, please restart your computer. Tap F8 before Windows loads. Select Safe Mode on the screen that appears.
Sign in with your normal user account

In safe mode
Open the SmitfraudFix folder again and double-click smitfraudfix.cmd
Select Option #3 - Delete Trusted zones by typing 3 and press "Enter"
Type Y and then press "Enter"
Then press any key to continue

Select option #2 - Clean by typing 2 and press "Enter" to delete infected files.

You will be prompted : "Registry cleaning - Do you want to clean the registry ?"; answer "Yes" by typing Y and press "Enter" in order to remove the Desktop background and clean registry keys associated with the infection.

The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found); answer "Yes" by typing Y and press "Enter".

The tool may need to restart your computer to finish the cleaning process.  A text file will appear onscreen, with results from the cleaning process
I'll need to see these later, by default they are also saved at C:\rapport.txt
If a reboot was required, please reboot back to safe mode

AVG-Antispyware Scan
  • Load AVG and select the "Scanner" tab
  • Click the "Settings" tab and then change the recommended action to Quarantine and ensure that  Automatically generate report after every scan is selected
  • Click back to the "Scan" tab and then click on Complete System Scan.
  • Let this scan complete
  • AVG will list any infections found on the left hand side. When the scan has finished, it will automatically set the recommended action. Click the Apply all actions button. Ewido will display "All actions have been applied" on the right hand side.

  • Click on "Save Report", then "Save Report As".  This will create a text file.  Make sure you know where to find this file again (like on the Desktop).
Reboot the computer to Normal windows

Back in Windows
Can you open Spybot 1.4
-Click the UPDATE button on the left
SEARCH FOR UPDATES on the right
Check, and then download all updates
After update is complete
Click the "Immunize" button on the left>>>OK at the prompt>>Immunzine at the top green cross
If there were any new updates, as there were some new ones yesterday
I suggest that you also "Check for Problems"
After the scan fix all selected problems in RED
Reboot

Can you post the 2 logs please
1. Post the log from Smitfraudfix>>C:\Rapport.txt
2. Post the report from AVG anti-spyware

Just some minor cleanup and we should be done here

NOTE: You will have to enter your display properties and reset your desktop background image after running the clean with Smitfraudfix, so don't be alarmed
« Last Edit: October 14, 2006, 03:38:06 PM by guestolo »
Logged

Do you want to post your own logs from FRST?

Follow the instructions posted http://www.thetechguide.com/forum/index.php/topic/22942-please-read-how-to-post-logs-from-frst/\'>Click Here

Offline Dachronic

  • Newbie
  • *
  • Posts: 49
  • Karma: +0/-0
    • View Profile
Help with a possible virus
« Reply #18 on: October 14, 2006, 08:24:19 PM »
sorry man I left for awhile and just got back, I'll get back to it
Logged

Offline Dachronic

  • Newbie
  • *
  • Posts: 49
  • Karma: +0/-0
    • View Profile
Help with a possible virus
« Reply #19 on: October 15, 2006, 03:45:20 PM »
---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

 + Created at:   4:39:57 PM 10/15/2006

 + Scan result:   



C:\Program Files\Common Files\Real\WeatherBug\MiniBugTransporter.dll -> Adware.Minibug : No action taken.
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP114\A0014089.exe -> Adware.SaveNow : No action taken.
C:\Penguins\assorted programs\Nod32 Antivirus 3.0 + key.zip/Key2006.exe -> Backdoor.Agent.aga : No action taken.
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP95\A0008756.exe -> Backdoor.Ciadoor.bo : No action taken.
C:\WINDOWS\system32\DoYAlpq346.ini -> Backdoor.Ciadoor.bo : No action taken.
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP95\A0008755.exe -> Dropper.Pakes : No action taken.
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP129\A0024953.dll -> Logger.VBStat.e : No action taken.
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP129\A0024954.dll -> Logger.VBStat.e : No action taken.
C:\VundoFix Backups\otxfsach.dll.bad -> Logger.VBStat.e : No action taken.
C:\VundoFix Backups\wmqbdrkc.dll.bad -> Logger.VBStat.e : No action taken.
:mozilla.678:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\7o0mz1d8.default\cookies.txt -> TrackingCookie.247realmedia : No action taken.
:mozilla.371:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\7o0mz1d8.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.372:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\7o0mz1d8.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.373:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\7o0mz1d8.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.374:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\7o0mz1d8.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.375:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\7o0mz1d8.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.376:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\7o0mz1d8.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.377:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\7o0mz1d8.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.378:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\7o0mz1d8.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.379:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\7o0mz1d8.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.380:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\7o0mz1d8.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.381:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\7o0mz1d8.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.382:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\7o0mz1d8.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.383:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\7o0mz1d8.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.384:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\7o0mz1d8.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.385:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\7o0mz1d8.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.386:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\7o0mz1d8.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.387:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\7o0mz1d8.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.388:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\7o0mz1d8.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.389:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\7o0mz1d8.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.390:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\7o0mz1d8.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.391:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\7o0mz1d8.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.392:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\7o0mz1d8.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.393:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\7o0mz1d8.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.394:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\7o0mz1d8.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.395:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\7o0mz1d8.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.396:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\7o0mz1d8.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.397:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\7o0mz1d8.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.398:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\7o0mz1d8.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.399:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\7o0mz1d8.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.400:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\7o0mz1d8.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.401:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\7o0mz1d8.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.711:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\7o0mz1d8.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.737:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\7o0mz1d8.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.789:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\7o0mz1d8.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.204:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\7o0mz1d8.default\cookies.txt -> TrackingCookie.Adbrite : No action taken.
:mozilla.205:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\7o0mz1d8.default\cookies.txt -> TrackingCookie.Adbrite : No action taken.
:mozilla.206:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\7o0mz1d8.default\cookies.txt -> TrackingCookie.Adbrite : No action taken.
:mozilla.207:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\7o0mz1d8.default\cookies.txt -> TrackingCookie.Adbrite : No action taken.
:mozilla.890:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\7o0mz1d8.default\cookies.txt -> TrackingCookie.Addcontrol : No action taken.
:mozilla.352:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\7o0mz1d8.default\cookies.txt -> TrackingCookie.Addynamix : No action taken.
:mozilla.353:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\7o0mz1d8.default\cookies.txt -> TrackingCookie.Addynamix : No action taken.
:mozilla.60:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\7o0mz1d8.default\cookies.txt -> TrackingCookie.Adrevolver : No action taken.
:mozilla.61:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\7o0mz1d8.default\cookies.txt -> TrackingCookie.Adrevolver : No action taken.
:mozilla.629:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\7o0mz1d8.default\cookies.txt -> TrackingCookie.Adrevolver : No action taken.
:mozilla.62:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\7o0mz1d8.default\cookies.txt -> TrackingCookie.Adrevolver : No action taken.
:mozilla.63:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\7o0mz1d8.default\cookies.txt -> TrackingCookie.Adrevolver : No action taken.
:mozilla.64:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\7o0mz1d8.default\cookies.txt -> TrackingCookie.Adrevolver : No action taken.
:mozilla.65:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\7o0mz1d8.default\cookies.txt -> TrackingCookie.Adrevolver : No action taken.
:mozilla.665:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\7o0mz1d8.default\cookies.txt -> TrackingCookie.Adrevolver : No action taken.
:mozilla.66:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\7o0mz1d8.default\cookies.txt -> TrackingCookie.Adrevolver : No action taken.
:mozilla.898:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\7o0mz1d8.default\cookies.txt -> TrackingCookie.Adrevolver : No action taken.
:mozilla.899:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\7o0mz1d8.default\cookies.txt -> TrackingCookie.Adrevolver : No action taken.
:mozilla.900:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\7o0mz1d8.default\cookies.txt -> TrackingCookie.Adrevolver : No action taken.
:mozilla.857:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\7o0mz1d8.default\cookies.txt -> TrackingCookie.Adserver : No action taken.
:mozilla.858:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\7o0mz1d8.default\cookies.txt -> TrackingCookie.Adserver : No action taken.
:mozilla.685:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\7o0mz1d8.default\cookies.txt -> TrackingCookie.Adtech : No action taken.
:mozilla.686:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\7o0mz1d8.default\cookies.txt -> TrackingCookie.Adtech : No action taken.
:mozilla.34:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\7o0mz1d8.default\cookies.txt -> TrackingCookie.Advertising : No action taken.
:mozilla.35:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\7o0mz1d8.default\cookies.txt -> TrackingCookie.Advertising : No action taken.
:mozilla.36:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\7o0mz1d8.default\cookies.txt -> TrackingCookie.Advertising : No action taken.
:mozilla.37:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\7o0mz1d8.default\cookies.txt -> TrackingCookie.Advertising : No action taken.
:mozilla.38:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\7o0mz1d8.default\cookies.txt -> TrackingCookie.Advertising : No action taken.
:mozilla.86:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\7o0mz1d8.default\cookies.txt -> TrackingCookie.Atdmt : No action taken.
:mozilla.170:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\7o0mz1d8.default\cookies.txt -> TrackingCookie.Bluestreak : No action taken.
:mozilla.461:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\7o0mz1d8.default\cookies.txt -> TrackingCookie.Bridgetrack : No action taken.
:mozilla.462:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\7o0mz1d8.default\cookies.txt -> TrackingCookie.Bridgetrack : No action taken.
:mozilla.463:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\7o0mz1d8.default\cookies.txt -> TrackingCookie.Bridgetrack : No action taken.
:mozilla.466:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\7o0mz1d8.default\cookies.txt -> TrackingCookie.Burstbeacon : No action taken.
:mozilla.310:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\7o0mz1d8.default\cookies.txt -> TrackingCookie.Burstnet : No action taken.
:mozilla.312:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\7o0mz1d8.default\cookies.txt -> TrackingCookie.Burstnet : No action taken.
:mozilla.313:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\7o0mz1d8.default\cookies.txt -> TrackingCookie.Burstnet : No action taken.
:mozilla.315:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\7o0mz1d8.default\cookies.txt -> TrackingCookie.Burstnet : No action taken.
:mozilla.87:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\7o0mz1d8.default\cookies.txt -> TrackingCookie.Casalemedia : No action taken.
:mozilla.88:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\7o0mz1d8.default\cookies.txt -> TrackingCookie.Casalemedia : No action taken.
:mozilla.89:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\7o0mz1d8.default\cookies.txt -> TrackingCookie.Casalemedia : No action taken.
:mozilla.90:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\7o0mz1d8.default\cookies.txt -> TrackingCookie.Casalemedia : No action taken.
:mozilla.91:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\7o0mz1d8.default\cookies.txt -> TrackingCookie.Casalemedia : No action taken.
:mozilla.92:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\7o0mz1d8.default\cookies.txt -> TrackingCookie.Casalemedia : No action taken.
:mozilla.93:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\7o0mz1d8.default\cookies.txt -> TrackingCookie.Casalemedia : No action taken.
:mozilla.869:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\7o0mz1d8.default\cookies.txt -> TrackingCookie.Clickhype : No action taken.
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@cpvfeed[2].txt -> TrackingCookie.Cpvfeed : No action taken.
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@cpvfeed[3].txt -> TrackingCookie.Cpvfeed : No action taken.
:mozilla.514:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\7o0mz1d8.default\cookies.txt -> TrackingCookie.Doubleclick : No action taken.
:mozilla.556:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\7o0mz1d8.default\cookies.txt -> TrackingCookie.Doubleclick : No action taken.
:mozilla.645:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\7o0mz1d8.default\cookies.txt -> TrackingCookie.Doubleclick : No action taken.
:mozilla.729:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\7o0mz1d8.default\cookies.txt -> TrackingCookie.Esomniture : No action taken.
:mozilla.457:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\7o0mz1d8.default\cookies.txt -> TrackingCookie.Euroclick : No action taken.
:mozilla.458:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\7o0mz1d8.default\cookies.txt -> TrackingCookie.Euroclick : No action taken.
:mozilla.459:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\7o0mz1d8.default\cookies.txt -> TrackingCookie.Euroclick : No action taken.
:mozilla.460:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\7o0mz1d8.default\cookies.txt -> TrackingCookie.Euroclick : No action taken.
:mozilla.497:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\7o0mz1d8.default\cookies.txt -> TrackingCookie.Falkag : No action taken.
:mozilla.498:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\7o0mz1d8.default\cookies.txt -> TrackingCookie.Falkag : No action taken.
:mozilla.499:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\7o0mz1d8.default\cookies.txt -> TrackingCookie.Falkag : No action taken.
:mozilla.500:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\7o0mz1d8.default\cookies.txt -> TrackingCookie.Falkag : No action taken.
:mozilla.884:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\7o0mz1d8.default\cookies.txt -> TrackingCookie.Falkag : No action taken.
:mozilla.885:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\7o0mz1d8.default\cookies.txt -> TrackingCookie.Falkag : No action taken.
:mozilla.886:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\7o0mz1d8.default\cookies.txt -> TrackingCookie.Falkag : No action taken.
:mozilla.887:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\7o0mz1d8.default\cookies.txt -> TrackingCookie.Falkag : No action taken.
:mozilla.888:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\7o0mz1d8.default\cookies.txt -> TrackingCookie.Falkag : No action taken.
:mozilla.68:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\7o0mz1d8.default\cookies.txt -> TrackingCookie.Fastclick : No action taken.
:mozilla.69:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\7o0mz1d8.default\cookies.txt -> TrackingCookie.Fastclick : No action taken.
:mozilla.70:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\7o0mz1d8.default\cookies.txt -> TrackingCookie.Fastclick : No action taken.
:mozilla.71:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\7o0mz1d8.default\cookies.txt -> TrackingCookie.Fastclick : No action taken.
:mozilla.72:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\7o0mz1d8.default\cookies.txt -> TrackingCookie.Fastclick : No action taken.
:mozilla.73:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\7o0mz1d8.default\cookies.txt -> TrackingCookie.Fastclick : No action taken.
:mozilla.74:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\7o0mz1d8.default\cookies.txt -> TrackingCookie.Fastclick : No action taken.
:mozilla.75:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\7o0mz1d8.default\cookies.txt -> TrackingCookie.Fastclick : No action taken.
:mozilla.744:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\7o0mz1d8.default\cookies.txt -> TrackingCookie.Findwhat : No action taken.
:mozilla.317:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\7o0mz1d8.default\cookies.txt -> TrackingCookie.Hitbox : No action taken.
:mozilla.319:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\7o0mz1d8.default\cookies.txt -> TrackingCookie.Hitbox : No action taken.
:mozilla.320:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\7o0mz1d8.default\cookies.txt -> TrackingCookie.Hitbox : No action taken.
:mozilla.426:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\7o0mz1d8.default\cookies.txt -> TrackingCookie.Hitbox : No action taken.
:mozilla.475:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\7o0mz1d8.default\cookies.txt -> TrackingCookie.Hitbox : No action taken.
:mozilla.515:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\7o0mz1d8.default\cookies.txt -> TrackingCookie.Hitbox : No action taken.
:mozilla.656:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\7o0mz1d8.default\cookies.txt -> TrackingCookie.Hitbox : No action taken.
:mozilla.657:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\7o0mz1d8.default\cookies.txt -> TrackingCookie.Hitbox : No action taken.
:mozilla.563:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\7o0mz1d8.default\cookies.txt -> TrackingCookie.Hotlog : No action taken.
:mozilla.171:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\7o0mz1d8.default\cookies.txt -> TrackingCookie.Mediaplex : No action taken.
:mozilla.304:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\7o0mz1d8.default\cookies.txt -> TrackingCookie.Overture : No action taken.
:mozilla.305:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\7o0mz1d8.default\cookies.txt -> TrackingCookie.Overture : No action taken.
:mozilla.306:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\7o0mz1d8.default\cookies.txt -> TrackingCookie.Overture : No action taken.
:mozilla.793:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\7o0mz1d8.default\cookies.txt -> TrackingCookie.Overture : No action taken.
:mozilla.214:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\7o0mz1d8.default\cookies.txt -> TrackingCookie.Pointroll : No action taken.
:mozilla.215:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\7o0mz1d8.default\cookies.txt -> TrackingCookie.Pointroll : No action taken.
:mozilla.216:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\7o0mz1d8.default\cookies.txt -> TrackingCookie.Pointroll : No action taken.
:mozilla.217:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\7o0mz1d8.default\cookies.txt -> TrackingCookie.Pointroll : No action taken.
:mozilla.812:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\7o0mz1d8.default\cookies.txt -> TrackingCookie.Qksrv : No action taken.
:mozilla.813:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\7o0mz1d8.default\cookies.txt -> TrackingCookie.Qksrv : No action taken.
:mozilla.210:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\7o0mz1d8.default\cookies.txt -> TrackingCookie.Questionmarket : No action taken.
:mozilla.211:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\7o0mz1d8.default\cookies.txt -> TrackingCookie.Questionmarket : No action taken.
:mozilla.212:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\7o0mz1d8.default\cookies.txt -> TrackingCookie.Questionmarket : No action taken.
:mozilla.213:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\7o0mz1d8.default\cookies.txt -> TrackingCookie.Questionmarket : No action taken.
:mozilla.671:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\7o0mz1d8.default\cookies.txt -> TrackingCookie.Reliablestats : No action taken.
:mozilla.672:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\7o0mz1d8.default\cookies.txt -> TrackingCookie.Reliablestats : No action taken.
:mozilla.673:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\7o0mz1d8.default\cookies.txt -> TrackingCookie.Reliablestats : No action taken.
:mozilla.674:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\7o0mz1d8.default\cookies.txt -> TrackingCookie.Reliablestats : No action taken.
:mozilla.675:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\7o0mz1d8.default\cookies.txt -> TrackingCookie.Reliablestats : No action taken.
:mozilla.288:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\7o0mz1d8.default\cookies.txt -> TrackingCookie.Ru4 : No action taken.
:mozilla.289:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\7o0mz1d8.default\cookies.txt -> TrackingCookie.Ru4 : No action taken.
:mozilla.290:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\7o0mz1d8.default\cookies.txt -> TrackingCookie.Ru4 : No action taken.
:mozilla.291:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\7o0mz1d8.default\cookies.txt -> TrackingCookie.Ru4 : No action taken.
:mozilla.292:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\7o0mz1d8.default\cookies.txt -> TrackingCookie.Ru4 : No action taken.
:mozilla.293:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\7o0mz1d8.default\cookies.txt -> TrackingCookie.Ru4 : No action taken.
:mozilla.294:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\7o0mz1d8.default\cookies.txt -> TrackingCookie.Ru4 : No action taken.
:mozilla.295:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\7o0mz1d8.default\cookies.txt -> TrackingCookie.Ru4 : No action taken.
:mozilla.296:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\7o0mz1d8.default\cookies.txt -> TrackingCookie.Ru4 : No action taken.
:mozilla.297:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\7o0mz1d8.default\cookies.txt -> TrackingCookie.Ru4 : No action taken.
:mozilla.298:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\7o0mz1d8.default\cookies.txt -> TrackingCookie.Ru4 : No action taken.
:mozilla.299:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\7o0mz1d8.default\cookies.txt -> TrackingCookie.Ru4 : No action taken.
:mozilla.300:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\7o0mz1d8.default\cookies.txt -> TrackingCookie.Ru4 : No action taken.
:mozilla.218:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\7o0mz1d8.default\cookies.txt -> TrackingCookie.Serving-sys : No action taken.
:mozilla.219:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\7o0mz1d8.default\cookies.txt -> TrackingCookie.Serving-sys : No action taken.
:mozilla.220:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\7o0mz1d8.default\cookies.txt -> TrackingCookie.Serving-sys : No action taken.
:mozilla.221:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\7o0mz1d8.default\cookies.txt -> TrackingCookie.Serving-sys : No action taken.
:mozilla.222:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\7o0mz1d8.default\cookies.txt -> TrackingCookie.Serving-sys : No action taken.
:mozilla.223:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\7o0mz1d8.default\cookies.txt -> TrackingCookie.Serving-sys : No action taken.
:mozilla.354:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\7o0mz1d8.default\cookies.txt -> TrackingCookie.Specificclick : No action taken.
:mozilla.355:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\7o0mz1d8.default\cookies.txt -> TrackingCookie.Specificclick : No action taken.
:mozilla.356:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\7o0mz1d8.default\cookies.txt -> TrackingCookie.Specificclick : No action taken.
:mozilla.357:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\7o0mz1d8.default\cookies.txt -> TrackingCookie.Specificclick : No action taken.
:mozilla.358:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\7o0mz1d8.default\cookies.txt -> TrackingCookie.Specificclick : No action taken.
:mozilla.757:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\7o0mz1d8.default\cookies.txt -> TrackingCookie.Starware : No action taken.
:mozilla.758:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\7o0mz1d8.default\cookies.txt -> TrackingCookie.Starware : No action taken.
:mozilla.912:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\7o0mz1d8.default\cookies.txt -> TrackingCookie.Starware : No action taken.
:mozilla.250:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\7o0mz1d8.default\cookies.txt -> TrackingCookie.Statcounter : No action taken.
:mozilla.251:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\7o0mz1d8.default\cookies.txt -> TrackingCookie.Statcounter : No action taken.
:mozilla.252:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\7o0mz1d8.default\cookies.txt -> TrackingCookie.Statcounter : No action taken.
:mozilla.253:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\7o0mz1d8.default\cookies.txt -> TrackingCookie.Statcounter : No action taken.
:mozilla.254:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\7o0mz1d8.default\cookies.txt -> TrackingCookie.Statcounter : No action taken.
:mozilla.255:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\7o0mz1d8.default\cookies.txt -> TrackingCookie.Statcounter : No action taken.
:mozilla.256:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\7o0mz1d8.default\cookies.txt -> TrackingCookie.Statcounter : No action taken.
:mozilla.260:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\7o0mz1d8.default\cookies.txt -> TrackingCookie.Statcounter : No action taken.
:mozilla.261:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\7o0mz1d8.default\cookies.txt -> TrackingCookie.Statcounter : No action taken.
:mozilla.262:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\7o0mz1d8.default\cookies.txt -> TrackingCookie.Statcounter : No action taken.
:mozilla.263:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\7o0mz1d8.default\cookies.txt -> TrackingCookie.Statcounter : No action taken.
:mozilla.273:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\7o0mz1d8.default\cookies.txt -> TrackingCookie.Statcounter : No action taken.
:mozilla.274:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\7o0mz1d8.default\cookies.txt -> TrackingCookie.Statcounter : No action taken.
:mozilla.275:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\7o0mz1d8.default\cookies.txt -> TrackingCookie.Statcounter : No action taken.
:mozilla.276:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\7o0mz1d8.default\cookies.txt -> TrackingCookie.Statcounter : No action taken.
:mozilla.277:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\7o0mz1d8.default\cookies.txt -> TrackingCookie.Statcounter : No action taken.
:mozilla.278:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\7o0mz1d8.default\cookies.txt -> TrackingCookie.Statcounter : No action taken.
:mozilla.279:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\7o0mz1d8.default\cookies.txt -> TrackingCookie.Statcounter : No action taken.
:mozilla.280:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\7o0mz1d8.default\cookies.txt -> TrackingCookie.Statcounter : No action taken.
:mozilla.281:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\7o0mz1d8.default\cookies.txt -> TrackingCookie.Statcounter : No action taken.
:mozilla.249:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\7o0mz1d8.default\cookies.txt -> TrackingCookie.Tacoda : No action taken.
:mozilla.267:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\7o0mz1d8.default\cookies.txt -> TrackingCookie.Tacoda : No action taken.
:mozilla.268:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\7o0mz1d8.default\cookies.txt -> TrackingCookie.Tacoda : No action taken.
:mozilla.270:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\7o0mz1d8.default\cookies.txt -> TrackingCookie.Tacoda : No action taken.
:mozilla.271:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\7o0mz1d8.default\cookies.txt -> TrackingCookie.Tacoda : No action taken.
:mozilla.272:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\7o0mz1d8.default\cookies.txt -> TrackingCookie.Tacoda : No action taken.
:mozilla.321:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\7o0mz1d8.default\cookies.txt -> TrackingCookie.Tacoda : No action taken.
:mozilla.76:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\7o0mz1d8.default\cookies.txt -> TrackingCookie.Trafficmp : No action taken.
:mozilla.77:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\7o0mz1d8.default\cookies.txt -> TrackingCookie.Trafficmp : No action taken.
:mozilla.78:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\7o0mz1d8.default\cookies.txt -> TrackingCookie.Trafficmp : No action taken.
:mozilla.79:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\7o0mz1d8.default\cookies.txt -> TrackingCookie.Trafficmp : No action taken.
:mozilla.80:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\7o0mz1d8.default\cookies.txt -> TrackingCookie.Trafficmp : No action taken.
:mozilla.81:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\7o0mz1d8.default\cookies.txt -> TrackingCookie.Trafficmp : No action taken.
:mozilla.82:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\7o0mz1d8.default\cookies.txt -> TrackingCookie.Trafficmp : No action taken.
:mozilla.83:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\7o0mz1d8.default\cookies.txt -> TrackingCookie.Trafficmp : No action taken.
:mozilla.84:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\7o0mz1d8.default\cookies.txt -> TrackingCookie.Trafficmp : No action taken.
:mozilla.85:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\7o0mz1d8.default\cookies.txt -> TrackingCookie.Trafficmp : No action taken.
:mozilla.837:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\7o0mz1d8.default\cookies.txt -> TrackingCookie.Trafic : No action taken.
:mozilla.307:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\7o0mz1d8.default\cookies.txt -> TrackingCookie.Tribalfusion : No action taken.
:mozilla.308:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\7o0mz1d8.default\cookies.txt -> TrackingCookie.Tribalfusion : No action taken.
:mozilla.311:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\7o0mz1d8.default\cookies.txt -> TrackingCookie.Tribalfusion : No action taken.
:mozilla.335:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\7o0mz1d8.default\cookies.txt -> TrackingCookie.Valuead : No action taken.
:mozilla.336:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\7o0mz1d8.default\cookies.txt -> TrackingCookie.Valuead : No action taken.
:mozilla.337:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\7o0mz1d8.default\cookies.txt -> TrackingCookie.Valuead : No action taken.
:mozilla.338:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\7o0mz1d8.default\cookies.txt -> TrackingCookie.Valuead : No action taken.
:mozilla.339:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\7o0mz1d8.default\cookies.txt -> TrackingCookie.Valuead : No action taken.
:mozilla.340:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\7o0mz1d8.default\cookies.txt -> TrackingCookie.Valuead : No action taken.
:mozilla.341:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\7o0mz1d8.default\cookies.txt -> TrackingCookie.Valuead : No action taken.
:mozilla.794:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\7o0mz1d8.default\cookies.txt -> TrackingCookie.Valuead : No action taken.
:mozilla.795:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\7o0mz1d8.default\cookies.txt -> TrackingCookie.Valuead : No action taken.
:mozilla.796:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\7o0mz1d8.default\cookies.txt -> TrackingCookie.Valuead : No action taken.
:mozilla.797:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\7o0mz1d8.default\cookies.txt -> TrackingCookie.Valuead : No action taken.
:mozilla.39:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\7o0mz1d8.default\cookies.txt -> TrackingCookie.Yieldmanager : No action taken.
:mozilla.40:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\7o0mz1d8.default\cookies.txt -> TrackingCookie.Yieldmanager : No action taken.
:mozilla.41:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\7o0mz1d8.default\cookies.txt -> TrackingCookie.Yieldmanager : No action taken.
:mozilla.42:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\7o0mz1d8.default\cookies.txt -> TrackingCookie.Yieldmanager : No action taken.
:mozilla.43:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\7o0mz1d8.default\cookies.txt -> TrackingCookie.Yieldmanager : No action taken.
:mozilla.44:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\7o0mz1d8.default\cookies.txt -> TrackingCookie.Yieldmanager : No action taken.
:mozilla.45:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\7o0mz1d8.default\cookies.txt -> TrackingCookie.Yieldmanager : No action taken.
:mozilla.46:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\7o0mz1d8.default\cookies.txt -> TrackingCookie.Yieldmanager : No action taken.
:mozilla.47:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\7o0mz1d8.default\cookies.txt -> TrackingCookie.Yieldmanager : No action taken.
C:\Documents and Settings\HP_Administrator\Cookies\[email protected][1].txt -> TrackingCookie.Yieldmanager : No action taken.
C:\Documents and Settings\HP_Administrator\Cookies\[email protected][2].txt -> TrackingCookie.Yieldmanager : No action taken.
:mozilla.282:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\7o0mz1d8.default\cookies.txt -> TrackingCookie.Zedo : No action taken.
:mozilla.283:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\7o0mz1d8.default\cookies.txt -> TrackingCookie.Zedo : No action taken.
:mozilla.284:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\7o0mz1d8.default\cookies.txt -> TrackingCookie.Zedo : No action taken.
:mozilla.285:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\7o0mz1d8.default\cookies.txt -> TrackingCookie.Zedo : No action taken.
:mozilla.286:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\7o0mz1d8.default\cookies.txt -> TrackingCookie.Zedo : No action taken.
:mozilla.328:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\7o0mz1d8.default\cookies.txt -> TrackingCookie.Zedo : No action taken.
:mozilla.329:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\7o0mz1d8.default\cookies.txt -> TrackingCookie.Zedo : No action taken.
:mozilla.330:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\7o0mz1d8.default\cookies.txt -> TrackingCookie.Zedo : No action taken.
HKU\S-1-5-21-3428190331-2995392307-455144043-1008\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E14DCE67-8FB7-4721-8149-179BAA4D792C} -> Trojan.Ciadoor.m : No action taken.


::Report end



SmitFraudFix v2.109

Scan done at 16:03:58.95, Sun 10/15/2006
Run from C:\Documents and Settings\HP_Administrator\Desktop\SmitfraudFix\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
Fix run in safe mode

»»»»»»»»»»»»»»»»»»»»»»»» Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Killing process


»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files


»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files


»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning
 
Registry Cleaning done.
 
»»»»»»»»»»»»»»»»»»»»»»»» After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» End


sorry it took so long to get these posted
Logged
Pages: [1] 2
« previous next »