Jump to content

My Log


Recommended Posts

I've been having some serious ad ware issues as of late. While searching for a way to fix this, I stumbled across this site, and thusly HijackThis. Anyways, here's my log, if anyone could help me, it'd be appreciated

Logfile of Trend Micro HijackThis v2.0.0 (BETA)

Scan saved at 2:37:13 PM, on 7/31/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe

C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxpers.exe

C:\WINDOWS\stsystra.exe

C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe

C:\WINDOWS\System32\DLA\DLACTRLW.EXE

C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

C:\WINDOWS\surfmonkey\smproxy.exe

C:\WINDOWS\glbtmflA.exe

C:\WINDOWS\win32062352826722007.exe

C:\WINDOWS\g4356cbvy63.exe

C:\WINDOWS\system32\rundll32.exe

C:\PROGRA~1\COMMON~1\AVSYST~1\uga6pcw.exe

C:\Program Files\Digital Line Detect\DLG.exe

C:\Program Files\Winamp\winamp.exe

C:\WINDOWS\system32\svchost.exe

C:\DOCUME~1\COLIN~1.D48\MYDOCU~1\FIREFOX\FIREFOX.EXE

C:\Program Files\Microsoft Office\Office10\MSACCESS.EXE

C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

C:\WINDOWS\system32\msiexec.exe

C:\WINDOWS\system32\cmd.exe

C:\WINDOWS\explorer.exe

C:\Documents and Settings\Colin.D48PRVC1\My Documents\Downloads\HiJackThis_v2.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=1070526

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=1070526

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=1070526

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {3964D8D6-86D0-493A-B460-A805B5401114} - C:\WINDOWS\system32\wvuttur.dll

O2 - BHO: EarthLink Popup Blocker - {4B5F2E08-6F39-479a-B547-B2026E4C7EDF} - C:\Program Files\EarthLink TotalAccess\PnEL.dll

O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL

O2 - BHO: (no name) - {681D1C8B-AF1A-F8E9-4917-FC8DBB2CD090} - C:\WINDOWS\system32\xde.dll

O2 - BHO: (no name) - {6D41C0C4-EDCC-47ED-BE5F-B98E4088082F} - C:\DOCUME~1\Tristan\LOCALS~1\Temp\vturr.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O2 - BHO: (no name) - {77C6A56E-E330-4DDD-8E14-1CF558A4599C} - C:\DOCUME~1\Ian\LOCALS~1\Temp\ssttr.dll

O2 - BHO: (no name) - {C6039E6C-BDE9-4de5-BB40-768CAA584FDC} - C:\WINDOWS\system32\twtkfplf.dll

O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll

O2 - BHO: (no name) - {CACFB41C-BF81-4F52-847B-3064A2F9511A} - C:\Program Files\MSN Gaming Zone\nizyd4.dll

O2 - BHO: CIEIntegrator Object - {D3B4C621-6024-410B-9F0F-22CBD6981F5E} - C:\Program Files\AVSystemCare\Addons\popupg.dll

O2 - BHO: (no name) - {DB28152F-2056-4481-BA69-634A3B3D970C} - C:\WINDOWS\system32\jkkjk.dll

O3 - Toolbar: EarthLink Toolbar - {D7F30B62-8269-41AF-9539-B2697FA7D77E} - C:\Program Files\EarthLink TotalAccess\PnEL.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll (file missing)

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [sigmatelSysTrayApp] stsystra.exe

O4 - HKLM\..\Run: [iAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe

O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe

O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE

O4 - HKLM\..\Run: [iSUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup

O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start

O4 - HKLM\..\Run: [ELNKProxy] C:\WINDOWS\surfmonkey\smproxy.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [glbtmflA] C:\WINDOWS\glbtmflA.exe

O4 - HKLM\..\Run: [win32062352826722007] C:\WINDOWS\win32062352826722007

O4 - HKLM\..\Run: [{ZN}] C:\WINDOWS\sys022672235282007.exe ICM001

O4 - HKLM\..\Run: [g4356cbvy63] C:\WINDOWS\g4356cbvy63

O4 - HKLM\..\Run: [MemoryManager] rundll32.exe "C:\DOCUME~1\Tristan\LOCALS~1\Temp\yhomjymf.dll",sitypnow

O4 - HKLM\..\Run: [AVSystemCare] C:\Program Files\AVSystemCare\pgs.exe

O4 - HKLM\..\Run: [uga6pcw] "C:\PROGRA~1\COMMON~1\AVSYST~1\uga6pcw.exe" -start

O4 - S-1-5-21-600373968-3565873685-2217043775-1010 Startup: TA_Start.lnk = C:\WINDOWS\sys022672235282007.exe (User '?')

O4 - Startup: TA_Start.lnk = C:\WINDOWS\sys022672235282007.exe

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: Digital Line Detect.lnk = ?

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O20 - Winlogon Notify: geeba - C:\WINDOWS\system32\geeba.dll

O20 - Winlogon Notify: jkkjk - C:\WINDOWS\system32\jkkjk.dll

O20 - Winlogon Notify: ssttr - C:\DOCUME~1\Ian\LOCALS~1\Temp\ssttr.dll

O20 - Winlogon Notify: vturr - C:\DOCUME~1\Tristan\LOCALS~1\Temp\vturr.dll

O20 - Winlogon Notify: wvuttur - C:\WINDOWS\SYSTEM32\wvuttur.dll

O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll

O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll

O23 - Service: ClamAV (clamAntiVirus) - Unknown owner - C:\Program Files\clamAV\clamdService.exe

O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe

O23 - Service: Net Agent - Unknown owner - C:\WINDOWS\dls0523pmw.exe

O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe

O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

--

End of file - 7936 bytes

Link to post
Share on other sites

Hi renrats and welcome to Malwarebytes.

You do have a bit of a mess. With patience and perseverance we will get you all cleaned up. First please set your system to show all files and folders.

Click Start.

Open My Computer.

Select the Tools menu and click Folder Options.

Select the View Tab.

Under the Hidden files and folders heading select Show hidden files and folders.

Uncheck the Hide protected operating system files (recommended) option.

Click Yes to confirm.

Click OK.

[*]Close all programs leaving only HijackThis running. Place a check against each of the following, making sure you get them all and not any others by mistake:

O2 - BHO: (no name) - {3964D8D6-86D0-493A-B460-A805B5401114} - C:\WINDOWS\system32\wvuttur.dll

O2 - BHO: (no name) - {681D1C8B-AF1A-F8E9-4917-FC8DBB2CD090} - C:\WINDOWS\system32\xde.dll

O2 - BHO: (no name) - {6D41C0C4-EDCC-47ED-BE5F-B98E4088082F} - C:\DOCUME~1\Tristan\LOCALS~1\Temp\vturr.dll

O2 - BHO: (no name) - {C6039E6C-BDE9-4de5-BB40-768CAA584FDC} - C:\WINDOWS\system32\twtkfplf.dll

O2 - BHO: (no name) - {CACFB41C-BF81-4F52-847B-3064A2F9511A} - C:\Program Files\MSN Gaming Zone\nizyd4.dll

O2 - BHO: CIEIntegrator Object - {D3B4C621-6024-410B-9F0F-22CBD6981F5E} - C:\Program Files\AVSystemCare\Addons\popupg.dll

O2 - BHO: (no name) - {DB28152F-2056-4481-BA69-634A3B3D970C} - C:\WINDOWS\system32\jkkjk.dll

O4 - HKLM\..\Run: [{ZN}] C:\WINDOWS\sys022672235282007.exe ICM001

O4 - HKLM\..\Run: [MemoryManager] rundll32.exe "C:\DOCUME~1\Tristan\LOCALS~1\Temp\yhomjymf.dll",sitypnow

O4 - S-1-5-21-600373968-3565873685-2217043775-1010 Startup: TA_Start.lnk = C:\WINDOWS\sys022672235282007.exe (User '?')

O4 - Startup: TA_Start.lnk = C:\WINDOWS\sys022672235282007.exe

O20 - Winlogon Notify: jkkjk - C:\WINDOWS\system32\jkkjk.dll

O23 - Service: Net Agent - Unknown owner - C:\WINDOWS\dls0523pmw.exe

Click on Fix Checked when finished and exit HijackThis.

[*]Reboot into Safe Mode: By tapping the F8 key as soon as you hear the beep when the system starts.

Using Windows Explorer, locate the following files/folders, and delete them:

C:\WINDOWS\sys022672235282007.exe ICM001

rundll32.exe "C:\DOCUME~1\Tristan\LOCALS~1\Temp\yhomjymf.dll",sitypnow

O4 - S-1-5-21-600373968-3565873685-2217043775-1010 Startup: TA_Start.lnk = C:\WINDOWS\sys022672235282007.exe (User '?')

O4 - Startup: TA_Start.lnk = C:\WINDOWS\sys022672235282007.exe

C:\WINDOWS\system32\jkkjk.dll

C:\WINDOWS\dls0523pmw.exe

Exit Explorer, and reboot as normal afterwards.

If you were unable to find any of the files then please follow these additional instructions:

Download Pocket Killbox and unzip it; save it to your Desktop.

Run it, and click the radio button that says Delete a file on reboot. For each of the files you could not delete, paste them one at a time into the full path of file to delete box and click the red circle with a white cross in it.

The program will ask you if you want to reboot; say No each time until the last one has been pasted in whereupon you should answer Yes.

Let the system reboot.

Now please go here http://www.pandasecurity.com/homeusers/solutions/activescan/ and run a full scan, remove anything it finds and save the log. Post that log as a reply in this thread and a new HiJack This log. But please get this version http://www.trendsecure.com/portal/en-US/th.../hijackthis.php your using a beta version and the program is no longer in beta.

We will have another look and see what else there is to do.

Link to post
Share on other sites

EDIT: Sorry about length

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 1:15:12 AM, on 8/1/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\clamAV\clamdService.exe

C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe

C:\Program Files\clamAV\freshclam.exe

C:\Program Files\clamAV\clamd.exe

C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\surfmonkey\SMProxy.exe

C:\WINDOWS\system32\rundll32.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxpers.exe

C:\WINDOWS\stsystra.exe

C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe

C:\WINDOWS\System32\DLA\DLACTRLW.EXE

C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

C:\WINDOWS\glbtmflA.exe

C:\WINDOWS\win32062352826722007.exe

C:\WINDOWS\g4356cbvy63.exe

C:\Program Files\Digital Line Detect\DLG.exe

C:\Documents and Settings\Colin.D48PRVC1\My Documents\Firefox\firefox.exe

C:\Program Files\Winamp\winamp.exe

C:\WINDOWS\explorer.exe

C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=1070526

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=1070526

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=1070526

O3 - Toolbar: EarthLink Toolbar - {D7F30B62-8269-41AF-9539-B2697FA7D77E} - C:\Program Files\EarthLink TotalAccess\PnEL.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll (file missing)

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [sigmatelSysTrayApp] stsystra.exe

O4 - HKLM\..\Run: [iAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe

O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe

O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE

O4 - HKLM\..\Run: [iSUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup

O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start

O4 - HKLM\..\Run: [ELNKProxy] C:\WINDOWS\surfmonkey\smproxy.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [glbtmflA] C:\WINDOWS\glbtmflA.exe

O4 - HKLM\..\Run: [win32062352826722007] C:\WINDOWS\win32062352826722007

O4 - HKLM\..\Run: [g4356cbvy63] C:\WINDOWS\g4356cbvy63

O4 - HKLM\..\Run: [userFaultCheck] %systemroot%\system32\dumprep 0 -u

O4 - HKLM\..\Run: [systemOptimizer] rundll32.exe "C:\WINDOWS\system32\qwstadve.dll",forkonce

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: Digital Line Detect.lnk = ?

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)

O23 - Service: ClamAV (clamAntiVirus) - Unknown owner - C:\Program Files\clamAV\clamdService.exe

O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: Intel

Link to post
Share on other sites

Incident Status Location

Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Colin.D48PRVC1\Application Data\Mozilla\Firefox\Profiles\5ggiza7x.default\cookies.txt[.zedo.com/]

Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Colin.D48PRVC1\Application Data\Mozilla\Firefox\Profiles\5ggiza7x.default\cookies.txt[ad.yieldmanager.com/]

Spyware:Cookie/Winantivirus Not disinfected C:\Documents and Settings\Colin.D48PRVC1\Application Data\Mozilla\Firefox\Profiles\5ggiza7x.default\cookies.txt[.winantivirus.com/]

Spyware:Cookie/Winantivirus Not disinfected C:\Documents and Settings\Colin.D48PRVC1\Application Data\Mozilla\Firefox\Profiles\5ggiza7x.default\cookies.txt[winantivirus.com/]

Spyware:Cookie/Reliablestats Not disinfected C:\Documents and Settings\Colin.D48PRVC1\Application Data\Mozilla\Firefox\Profiles\5ggiza7x.default\cookies.txt[stats1.reliablestats.com/]

Spyware:Cookie/Winantivirus Not disinfected C:\Documents and Settings\Colin.D48PRVC1\Application Data\Mozilla\Firefox\Profiles\5ggiza7x.default\cookies.txt[.winantivirus.com/]

Spyware:Cookie/WebtrendsLive Not disinfected C:\Documents and Settings\Colin.D48PRVC1\Application Data\Mozilla\Firefox\Profiles\5ggiza7x.default\cookies.txt[statse.webtrendslive.com/]

Spyware:Cookie/adultfriendfinder Not disinfected C:\Documents and Settings\Colin.D48PRVC1\Application Data\Mozilla\Firefox\Profiles\5ggiza7x.default\cookies.txt[.adultfriendfinder.com/]

Spyware:Cookie/Sextracker Not disinfected C:\Documents and Settings\Colin.D48PRVC1\Application Data\Mozilla\Firefox\Profiles\5ggiza7x.default\cookies.txt[.sextracker.com/]

Spyware:Cookie/Sextracker Not disinfected C:\Documents and Settings\Colin.D48PRVC1\Application Data\Mozilla\Firefox\Profiles\5ggiza7x.default\cookies.txt[counter13.sextracker.com/]

Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Colin.D48PRVC1\Application Data\Mozilla\Firefox\Profiles\5ggiza7x.default\cookies.txt[.fastclick.net/]

Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Colin.D48PRVC1\Application Data\Mozilla\Firefox\Profiles\5ggiza7x.default\cookies.txt[.doubleclick.net/]

Spyware:Cookie/BurstNet Not disinfected C:\Documents and Settings\Colin.D48PRVC1\Application Data\Mozilla\Firefox\Profiles\5ggiza7x.default\cookies.txt[.burstnet.com/]

Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Colin.D48PRVC1\Application Data\Mozilla\Firefox\Profiles\5ggiza7x.default\cookies.txt[.adrevolver.com/]

Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Colin.D48PRVC1\Application Data\Mozilla\Firefox\Profiles\5ggiza7x.default\cookies.txt[.atdmt.com/]

Spyware:Cookie/AdDynamix Not disinfected C:\Documents and Settings\Colin.D48PRVC1\Application Data\Mozilla\Firefox\Profiles\5ggiza7x.default\cookies.txt[.ads.addynamix.com/]

Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\Colin.D48PRVC1\Application Data\Mozilla\Firefox\Profiles\5ggiza7x.default\cookies.txt[.casalemedia.com/]

Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Colin.D48PRVC1\Application Data\Mozilla\Firefox\Profiles\5ggiza7x.default\cookies.txt[.tribalfusion.com/]

Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\Colin.D48PRVC1\Application Data\Mozilla\Firefox\Profiles\5ggiza7x.default\cookies.txt[.casalemedia.com/]

Spyware:Cookie/Bluestreak Not disinfected C:\Documents and Settings\Colin.D48PRVC1\Application Data\Mozilla\Firefox\Profiles\5ggiza7x.default\cookies.txt[.bluestreak.com/]

Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\Colin.D48PRVC1\Application Data\Mozilla\Firefox\Profiles\5ggiza7x.default\cookies.txt[.questionmarket.com/]

Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Colin.D48PRVC1\Application Data\Mozilla\Firefox\Profiles\5ggiza7x.default\cookies.txt[.mediaplex.com/]

Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Colin.D48PRVC1\Application Data\Mozilla\Firefox\Profiles\5ggiza7x.default\cookies.txt[.com.com/]

Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Colin.D48PRVC1\Application Data\Mozilla\Firefox\Profiles\5ggiza7x.default\cookies.txt[.advertising.com/]

Spyware:Cookie/WUpd Not disinfected C:\Documents and Settings\Colin.D48PRVC1\Application Data\Mozilla\Firefox\Profiles\5ggiza7x.default\cookies.txt[.revenue.net/]

Spyware:Cookie/Searchportal Not disinfected C:\Documents and Settings\Colin.D48PRVC1\Application Data\Mozilla\Firefox\Profiles\5ggiza7x.default\cookies.txt[searchportal.information.com/]

Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Colin.D48PRVC1\Cookies\colin@2o7[2].txt

Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Colin.D48PRVC1\Cookies\colin@ad.yieldmanager[2].txt

Spyware:Cookie/AdDynamix Not disinfected C:\Documents and Settings\Colin.D48PRVC1\Cookies\colin@ads.addynamix[1].txt

Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Colin.D48PRVC1\Cookies\colin@atdmt[2].txt

Spyware:Cookie/BurstNet Not disinfected C:\Documents and Settings\Colin.D48PRVC1\Cookies\colin@burstnet[2].txt

Spyware:Cookie/Sextracker Not disinfected C:\Documents and Settings\Colin.D48PRVC1\Cookies\colin@counter1.sextracker[1].txt

Spyware:Cookie/Sextracker Not disinfected C:\Documents and Settings\Colin.D48PRVC1\Cookies\colin@counter13.sextracker[1].txt

Spyware:Cookie/Sextracker Not disinfected C:\Documents and Settings\Colin.D48PRVC1\Cookies\colin@counter3.sextracker[1].txt

Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Colin.D48PRVC1\Cookies\colin@doubleclick[1].txt

Spyware:Cookie/ErrorSafe Not disinfected C:\Documents and Settings\Colin.D48PRVC1\Cookies\colin@errorsafe[2].txt

Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Colin.D48PRVC1\Cookies\colin@fastclick[1].txt

Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Colin.D48PRVC1\Cookies\colin@mediaplex[1].txt

Spyware:Cookie/WUpd Not disinfected C:\Documents and Settings\Colin.D48PRVC1\Cookies\colin@revenue[1].txt

Spyware:Cookie/Sextracker Not disinfected C:\Documents and Settings\Colin.D48PRVC1\Cookies\colin@sextracker[2].txt

Spyware:Cookie/Reliablestats Not disinfected C:\Documents and Settings\Colin.D48PRVC1\Cookies\colin@stats1.reliablestats[2].txt

Spyware:Cookie/Systemdoctor Not disinfected C:\Documents and Settings\Colin.D48PRVC1\Cookies\colin@systemdoctor[1].txt

Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Colin.D48PRVC1\Cookies\colin@tribalfusion[1].txt

Spyware:Cookie/Winantivirus Not disinfected C:\Documents and Settings\Colin.D48PRVC1\Cookies\colin@winantivirus[1].txt

Spyware:Cookie/ErrorSafe Not disinfected C:\Documents and Settings\Colin.D48PRVC1\Cookies\colin@www.errorsafe[1].txt

Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Colin.D48PRVC1\Cookies\colin@zedo[1].txt

Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Colin.D48PRVC1\Cookies\colin@zedo[2].txt

Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Colin.D48PRVC1\Cookies\colin@zedo[3].txt

Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Colin.D48PRVC1\Cookies\colin@zedo[4].txt

Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Colin.D48PRVC1\Cookies\colin@zedo[6].txt

Potentially unwanted tool:Application/ErrorSafe Not disinfected C:\Documents and Settings\Colin.D48PRVC1\Local Settings\Application Data\Mozilla\Firefox\Profiles\5ggiza7x.default\Cache\A23E4567d01

Virus:Generic Malware Disinfected C:\Documents and Settings\Colin.D48PRVC1\Local Settings\Temporary Internet Files\Content.IE5\OR8O3SI8\masiyxanidi[1]

Virus:Trj/Downloader.PJT Disinfected C:\Documents and Settings\Colin.D48PRVC1\Local Settings\Temporary Internet Files\Content.IE5\Y969MBYZ\kcehc_eicooc20070702[1]

Potentially unwanted tool:Application/ErrorSafe Not disinfected C:\Documents and Settings\Colin.D48PRVC1\Local Settings\Temporary Internet Files\Content.IE5\Y969MBYZ\WinAntiVirusPro2006FreeInstall[1].exe

Virus:Eicar.Mod Not disinfected C:\Documents and Settings\Colin.D48PRVC1\My Documents\Downloads\BAV_v4.rar[bin\Test.bvd]

Virus:Eicar.Mod Not disinfected C:\Documents and Settings\Colin.D48PRVC1\My Documents\Downloads\BAV_v4.rar[VirusTool\Test.bvd]

Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Colin.D48PRVC1\My Documents\Downloads\SDFix.exe[sDFix\apps\Process.exe]

Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Ian\Application Data\Mozilla\Firefox\Profiles\g7bjp78p.default\cookies.txt[.advertising.com/]

Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Ian\Application Data\Mozilla\Firefox\Profiles\g7bjp78p.default\cookies.txt[.atdmt.com/]

Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Ian\Application Data\Mozilla\Firefox\Profiles\g7bjp78p.default\cookies.txt[.realmedia.com/]

Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Ian\Application Data\Mozilla\Firefox\Profiles\g7bjp78p.default\cookies.txt[.doubleclick.net/]

Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Ian\Application Data\Mozilla\Firefox\Profiles\g7bjp78p.default\cookies.txt[.tribalfusion.com/]

Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Ian\Application Data\Mozilla\Firefox\Profiles\g7bjp78p.default\cookies.txt[.adrevolver.com/]

Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Ian\Application Data\Mozilla\Firefox\Profiles\g7bjp78p.default\cookies.txt[ad.yieldmanager.com/]

Spyware:Cookie/Azjmp Not disinfected C:\Documents and Settings\Ian\Application Data\Mozilla\Firefox\Profiles\g7bjp78p.default\cookies.txt[.azjmp.com/]

Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Ian\Application Data\Mozilla\Firefox\Profiles\g7bjp78p.default\cookies.txt[.serving-sys.com/]

Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Ian\Application Data\Mozilla\Firefox\Profiles\g7bjp78p.default\cookies.txt[.bs.serving-sys.com/]

Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Ian\Application Data\Mozilla\Firefox\Profiles\g7bjp78p.default\cookies.txt[.serving-sys.com/]

Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Ian\Application Data\Mozilla\Firefox\Profiles\g7bjp78p.default\cookies.txt[.fastclick.net/]

Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\Ian\Application Data\Mozilla\Firefox\Profiles\g7bjp78p.default\cookies.txt[.statcounter.com/]

Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Ian\Application Data\Mozilla\Firefox\Profiles\g7bjp78p.default\cookies.txt[.mediaplex.com/]

Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Ian\Application Data\Mozilla\Firefox\Profiles\g7bjp78p.default\cookies.txt[.2o7.net/]

Spyware:Cookie/adultfriendfinder Not disinfected C:\Documents and Settings\Ian\Application Data\Mozilla\Firefox\Profiles\g7bjp78p.default\cookies.txt[.adultfriendfinder.com/]

Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\Ian\Application Data\Mozilla\Firefox\Profiles\g7bjp78p.default\cookies.txt[.casalemedia.com/]

Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\Ian\Application Data\Mozilla\Firefox\Profiles\g7bjp78p.default\cookies.txt[.trafficmp.com/]

Spyware:Cookie/Ccbill Not disinfected C:\Documents and Settings\Ian\Application Data\Mozilla\Firefox\Profiles\g7bjp78p.default\cookies.txt[.ccbill.com/]

Spyware:Cookie/Bluestreak Not disinfected C:\Documents and Settings\Ian\Application Data\Mozilla\Firefox\Profiles\g7bjp78p.default\cookies.txt[.bluestreak.com/]

Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Ian\Application Data\Mozilla\Firefox\Profiles\g7bjp78p.default\cookies.txt[.overture.com/]

Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\Ian\Application Data\Mozilla\Firefox\Profiles\g7bjp78p.default\cookies.txt[.questionmarket.com/]

Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Ian\Application Data\Mozilla\Firefox\Profiles\g7bjp78p.default\cookies.txt[.zedo.com/]

Spyware:Cookie/Yadro Not disinfected C:\Documents and Settings\Ian\Application Data\Mozilla\Firefox\Profiles\g7bjp78p.default\cookies.txt[.yadro.ru/]

Spyware:Cookie/Hitslink Not disinfected C:\Documents and Settings\Ian\Application Data\Mozilla\Firefox\Profiles\g7bjp78p.default\cookies.txt[counter.hitslink.com/]

Spyware:Cookie/Findwhat Not disinfected C:\Documents and Settings\Ian\Application Data\Mozilla\Firefox\Profiles\g7bjp78p.default\cookies.txt[.findwhat.com/]

Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Ian\Application Data\Mozilla\Firefox\Profiles\g7bjp78p.default\cookies.txt[.terra.com.br/]

Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Ian\Application Data\Mozilla\Firefox\Profiles\g7bjp78p.default\cookies.txt[.com.com/]

Spyware:Cookie/BurstNet Not disinfected C:\Documents and Settings\Ian\Application Data\Mozilla\Firefox\Profiles\g7bjp78p.default\cookies.txt[.burstnet.com/]

Spyware:Cookie/SpyLog Not disinfected C:\Documents and Settings\Ian\Application Data\Mozilla\Firefox\Profiles\g7bjp78p.default\cookies.txt[.spylog.com/]

Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\Ian\Application Data\Mozilla\Firefox\Profiles\g7bjp78p.default\cookies.txt[.xiti.com/]

Spyware:Cookie/Systemdoctor Not disinfected C:\Documents and

Link to post
Share on other sites

Settings\Ian\Application Data\Mozilla\Firefox\Profiles\g7bjp78p.default\cookies.txt[.systemdoctor.com/]

Spyware:Cookie/Reliablestats Not disinfected C:\Documents and Settings\Ian\Application Data\Mozilla\Firefox\Profiles\g7bjp78p.default\cookies.txt[stats1.reliablestats.com/]

Spyware:Cookie/Systemdoctor Not disinfected C:\Documents and Settings\Ian\Application Data\Mozilla\Firefox\Profiles\g7bjp78p.default\cookies.txt[.systemdoctor.com/]

Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Ian\Application Data\Mozilla\Firefox\Profiles\g7bjp78p.default\cookies.txt[.perf.overture.com/]

Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Ian\Application Data\Mozilla\Firefox\Profiles\g7bjp78p.default\cookies.txt[.247realmedia.com/]

Spyware:Cookie/HotLog Not disinfected C:\Documents and Settings\Ian\Application Data\Mozilla\Firefox\Profiles\g7bjp78p.default\cookies.txt[.hotlog.ru/]

Spyware:Cookie/MediaTickets Not disinfected C:\Documents and Settings\Ian\Application Data\Mozilla\Firefox\Profiles\g7bjp78p.default\cookies.txt[.kinghost.com/]

Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Ian\Cookies\ian@advertising[2].txt

Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Ian\Cookies\ian@atdmt[2].txt

Spyware:Cookie/Sextracker Not disinfected C:\Documents and Settings\Ian\Cookies\ian@counter1.sextracker[1].txt

Spyware:Cookie/Sextracker Not disinfected C:\Documents and Settings\Ian\Cookies\ian@counter13.sextracker[1].txt

Spyware:Cookie/Sextracker Not disinfected C:\Documents and Settings\Ian\Cookies\ian@counter3.sextracker[1].txt

Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Ian\Cookies\ian@doubleclick[1].txt

Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Ian\Cookies\ian@fastclick[1].txt

Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Ian\Cookies\ian@overture[1].txt

Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Ian\Cookies\ian@overture[2].txt

Spyware:Cookie/Sextracker Not disinfected C:\Documents and Settings\Ian\Cookies\ian@sextracker[1].txt

Spyware:Cookie/Sextracker Not disinfected C:\Documents and Settings\Ian\Cookies\ian@sextracker[2].txt

Spyware:Cookie/Reliablestats Not disinfected C:\Documents and Settings\Ian\Cookies\ian@stats1.reliablestats[1].txt

Spyware:Cookie/WebtrendsLive Not disinfected C:\Documents and Settings\Ian\Cookies\ian@statse.webtrendslive[1].txt

Spyware:Cookie/WebtrendsLive Not disinfected C:\Documents and Settings\Ian\Cookies\ian@statse.webtrendslive[2].txt

Spyware:Cookie/Systemdoctor Not disinfected C:\Documents and Settings\Ian\Cookies\ian@systemdoctor[1].txt

Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Ian\Cookies\ian@tribalfusion[1].txt

Spyware:Cookie/Winantivirus Not disinfected C:\Documents and Settings\Ian\Cookies\ian@winantivirus[1].txt

Spyware:Cookie/Winantivirus Not disinfected C:\Documents and Settings\Ian\Cookies\ian@www.winantiviruspro[1].txt

Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Ian\Cookies\ian@zedo[1].txt

Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Ian\Cookies\ian@zedo[2].txt

Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Ian\Cookies\ian@zedo[3].txt

Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Ian\Cookies\ian@zedo[4].txt

Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Ian\Cookies\ian@zedo[5].txt

Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Ian\Cookies\ian@zedo[6].txt

Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Ian\Cookies\ian@zedo[7].txt

Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Ian\Cookies\ian@zedo[8].txt

Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Ian\Cookies\ian@zedo[9].txt

Spyware:Spyware/Virtumonde Not disinfected C:\Documents and Settings\Ian\Local Settings\Temporary Internet Files\Content.IE5\7JY5TPLA\is67672[1].exe

Adware:Adware/Zenosearch Not disinfected C:\Documents and Settings\Ian\Local Settings\Temporary Internet Files\Content.IE5\7JY5TPLA\TIICM001[1].exe

Virus:Trj/Downloader.LAF Disinfected C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\ODAJCD6Z\user9[1].exe

Virus:Trj/Downloader.PMC Disinfected C:\Documents and Settings\Parent\Application Data\Microsoft\Windows\hjpsuy.exe

Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Parent\Application Data\Mozilla\Firefox\Profiles\fxsiot5d.default\cookies.txt[ad.yieldmanager.com/]

Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Parent\Application Data\Mozilla\Firefox\Profiles\fxsiot5d.default\cookies.txt[.2o7.net/]

Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Parent\Application Data\Mozilla\Firefox\Profiles\fxsiot5d.default\cookies.txt[.atdmt.com/]

Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Parent\Application Data\Mozilla\Firefox\Profiles\fxsiot5d.default\cookies.txt[.com.com/]

Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Parent\Application Data\Mozilla\Firefox\Profiles\fxsiot5d.default\cookies.txt[.tribalfusion.com/]

Possible Virus. Not disinfected C:\Documents and Settings\Parent\Application Data\WinTouch\WinTouch.exe

Possible Virus. Not disinfected C:\Documents and Settings\Parent\Application Data\WinTouch\WTUninstaller.exe

Adware:Adware/PurityScan Not disinfected C:\Documents and Settings\Parent\Application Data\??crosoft.NET\w?wexec.exe

Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Parent\Cookies\parent@2o7[2].txt

Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\Parent\Cookies\parent@ads.pointroll[1].txt

Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Parent\Cookies\parent@advertising[1].txt

Spyware:Cookie/Azjmp Not disinfected C:\Documents and Settings\Parent\Cookies\parent@azjmp[1].txt

Spyware:Cookie/Sextracker Not disinfected C:\Documents and Settings\Parent\Cookies\parent@counter1.sextracker[2].txt

Spyware:Cookie/Sextracker Not disinfected C:\Documents and Settings\Parent\Cookies\parent@counter13.sextracker[2].txt

Spyware:Cookie/Sextracker Not disinfected C:\Documents and Settings\Parent\Cookies\parent@counter3.sextracker[2].txt

Spyware:Cookie/Linksynergy Not disinfected C:\Documents and Settings\Parent\Cookies\parent@linksynergy[1].txt

Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Parent\Cookies\parent@mediaplex[1].txt

Spyware:Cookie/Sextracker Not disinfected C:\Documents and Settings\Parent\Cookies\parent@sextracker[2].txt

Spyware:Cookie/ErrorSafe Not disinfected C:\Documents and Settings\Tristan\Application Data\Mozilla\Firefox\Profiles\mgdkq8hn.default\cookies.txt[.errorsafe.com/]

Spyware:Cookie/Reliablestats Not disinfected C:\Documents and Settings\Tristan\Application Data\Mozilla\Firefox\Profiles\mgdkq8hn.default\cookies.txt[stats1.reliablestats.com/]

Spyware:Cookie/Winantivirus Not disinfected C:\Documents and Settings\Tristan\Application Data\Mozilla\Firefox\Profiles\mgdkq8hn.default\cookies.txt[.winantivirus.com/]

Spyware:Cookie/Winantivirus Not disinfected C:\Documents and Settings\Tristan\Application Data\Mozilla\Firefox\Profiles\mgdkq8hn.default\cookies.txt[winantivirus.com/]

Spyware:Cookie/Winantivirus Not disinfected C:\Documents and Settings\Tristan\Application Data\Mozilla\Firefox\Profiles\mgdkq8hn.default\cookies.txt[.winantivirus.com/]

Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Tristan\Application Data\Mozilla\Firefox\Profiles\mgdkq8hn.default\cookies.txt[.doubleclick.net/]

Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Tristan\Application Data\Mozilla\Firefox\Profiles\mgdkq8hn.default\cookies.txt[.tribalfusion.com/]

Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\Tristan\Application Data\Mozilla\Firefox\Profiles\mgdkq8hn.default\cookies.txt[.casalemedia.com/]

Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Tristan\Application Data\Mozilla\Firefox\Profiles\mgdkq8hn.default\cookies.txt[.mediaplex.com/]

Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Tristan\Application Data\Mozilla\Firefox\Profiles\mgdkq8hn.default\cookies.txt[.atdmt.com/]

Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\Tristan\Application Data\Mozilla\Firefox\Profiles\mgdkq8hn.default\cookies.txt[.trafficmp.com/]

Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Tristan\Application Data\Mozilla\Firefox\Profiles\mgdkq8hn.default\cookies.txt[.fastclick.net/]

Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Tristan\Application Data\Mozilla\Firefox\Profiles\mgdkq8hn.default\cookies.txt[.advertising.com/]

Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\Tristan\Application Data\Mozilla\Firefox\Profiles\mgdkq8hn.default\cookies.txt[.statcounter.com/]

Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Tristan\Application Data\Mozilla\Firefox\Profiles\mgdkq8hn.default\cookies.txt[.serving-sys.com/]

Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Tristan\Application Data\Mozilla\Firefox\Profiles\mgdkq8hn.default\cookies.txt[.bs.serving-sys.com/]

Spyware:Cookie/BurstNet Not disinfected C:\Documents and Settings\Tristan\Application Data\Mozilla\Firefox\Profiles\mgdkq8hn.default\cookies.txt[.burstnet.com/]

Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Tristan\Application Data\Mozilla\Firefox\Profiles\mgdkq8hn.default\cookies.txt[.2o7.net/]

Spyware:Cookie/WebtrendsLive Not disinfected C:\Documents and Settings\Tristan\Application Data\Mozilla\Firefox\Profiles\mgdkq8hn.default\cookies.txt[statse.webtrendslive.com/]

Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Tristan\Application Data\Mozilla\Firefox\Profiles\mgdkq8hn.default\cookies.txt[.overture.com/]

Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\Tristan\Application Data\Mozilla\Firefox\Profiles\mgdkq8hn.default\cookies.txt[.ads.pointroll.com/]

Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Tristan\Application Data\Mozilla\Firefox\Profiles\mgdkq8hn.default\cookies.txt[.adrevolver.com/]

Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\Tristan\Application Data\Mozilla\Firefox\Profiles\mgdkq8hn.default\cookies.txt[.questionmarket.com/]

Spyware:Cookie/adultfriendfinder Not disinfected C:\Documents and Settings\Tristan\Application Data\Mozilla\Firefox\Profiles\mgdkq8hn.default\cookies.txt[.adultfriendfinder.com/]

Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Tristan\Application Data\Mozilla\Firefox\Profiles\mgdkq8hn.default\cookies.txt[.realmedia.com/]

Spyware:Cookie/Screensavers Not disinfected C:\Documents and Settings\Tristan\Application Data\Mozilla\Firefox\Profiles\mgdkq8hn.default\cookies.txt[.i.screensavers.com/]

Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Tristan\Application Data\Mozilla\Firefox\Profiles\mgdkq8hn.default\cookies.txt[.com.com/]

Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Tristan\Cookies\tristan@2o7[2].txt

Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Tristan\Cookies\tristan@ad.yieldmanager[2].txt

Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Tristan\Cookies\tristan@adrevolver[1].txt

Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\Tristan\Cookies\tristan@ads.pointroll[1].txt

Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\Tristan\Cookies\tristan@ads.pointroll[2].txt

Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\Tristan\Cookies\tristan@ads.pointroll[3].txt

Spyware:Cookie/adultfriendfinder Not disinfected C:\Documents and Settings\Tristan\Cookies\tristan@adultfriendfinder[1].txt

Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Tristan\Cookies\tristan@advertising[1].txt

Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Tristan\Cookies\tristan@advertising[2].txt

Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Tristan\Cookies\tristan@advertising[3].txt

Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Tristan\Cookies\tristan@advertising[4].txt

Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Tristan\Cookies\tristan@advertising[5].txt

Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Tristan\Cookies\tristan@advertising[6].txt

Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Tristan\Cookies\tristan@advertising[7].txt

Spyware:Cookie/Apmebf Not disinfected C:\Documents and Settings\Tristan\Cookies\tristan@apmebf[1].txt

Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Tristan\Cookies\tristan@atdmt[2].txt

Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\Tristan\Cookies\tristan@casalemedia[1].txt

Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\Tristan\Cookies\tristan@casalemedia[2].txt

Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\Tristan\Cookies\tristan@casalemedia[3].txt

Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\Tristan\Cookies\tristan@casalemedia[4].txt

Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\Tristan\Cookies\tristan@casalemedia[5].txt

Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\Tristan\Cookies\tristan@casalemedia[6].txt

Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\Tristan\Cookies\tristan@casalemedia[8].txt

Spyware:Cookie/Sextracker Not disinfected C:\Documents and Settings\Tristan\Cookies\tristan@counter1.sextracker[1].txt

Spyware:Cookie/Sextracker Not disinfected C:\Documents and Settings\Tristan\Cookies\tristan@counter13.sextracker[1].txt

Spyware:Cookie/Sextracker Not disinfected C:\Documents and Settings\Tristan\Cookies\tristan@counter3.sextracker[1].txt

Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Tristan\Cookies\tristan@doubleclick[1].txt

Spyware:Cookie/DriveCleaner Not disinfected C:\Documents and Settings\Tristan\Cookies\tristan@drivecleaner[2].txt

Spyware:Cookie/Enhance Not disinfected C:\Documents and Settings\Tristan\Cookies\tristan@enhance[2].txt

Spyware:Cookie/ErrorSafe Not disinfected C:\Documents and Settings\Tristan\Cookies\tristan@errorsafe[2].txt

Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Tristan\Cookies\tristan@fastclick[1].txt

Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Tristan\Cookies\tristan@fastclick[2].txt

Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Tristan\Cookies\tristan@fastclick[3].txt

Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Tristan\Cookies\tristan@fastclick[5].txt

Spyware:Cookie/Linksynergy Not disinfected C:\Documents and Settings\Tristan\Cookies\tristan@linksynergy[1].txt

Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Tristan\Cookies\tristan@mediaplex[2].txt

Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Tristan\Cookies\tristan@overture[1].txt

Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Tristan\Cookies\tristan@overture[2].txt

Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Tristan\Cookies\tristan@realmedia[2].txt

Spyware:Cookie/Sextracker Not disinfected C:\Documents and Settings\Tristan\Cookies\tristan@sextracker[1].txt

Spyware:Cookie/Sextracker Not disinfected C:\Documents and Settings\Tristan\Cookies\tristan@sextracker[2].txt

Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\Tristan\Cookies\tristan@statcounter[1].txt

Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\Tristan\Cookies\tristan@statcounter[2].txt

Spyware:Cookie/Reliablestats Not disinfected C:\Documents and Settings\Tristan\Cookies\tristan@stats1.reliablestats[1].txt

Spyware:Cookie/Reliablestats Not disinfected C:\Documents and Settings\Tristan\Cookies\tristan@stats1.reliablestats[2].txt

Spyware:Cookie/Systemdoctor Not disinfected C:\Documents and Settings\Tristan\Cookies\tristan@systemdoctor[1].txt

Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\Tristan\Cookies\tristan@trafficmp[1].txt

Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\Tristan\Cookies\tristan@trafficmp[2].txt

Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\Tristan\Cookies\tristan@trafficmp[3].txt

Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\Tristan\Cookies\tristan@trafficmp[4].txt

Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\Tristan\Cookies\tristan@trafficmp[5].txt

Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\Tristan\Cookies\tristan@trafficmp[7].txt

Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Tristan\Cookies\tristan@tribalfusion[2].txt

Spyware:Cookie/Winantivirus Not disinfected C:\Documents and Settings\Tristan\Cookies\tristan@winantivirus[1].txt

Spyware:Cookie/ErrorSafe Not disinfected C:\Documents and Settings\Tristan\Cookies\tristan@www.errorsafe[1].txt

Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Tristan\Cookies\tristan@zedo[10].txt

Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Tristan\Cookies\tristan@zedo[11].txt

Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Tristan\Cookies\tristan@zedo[12].txt

Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Tristan\Cookies\tristan@zedo[13].txt

Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Tristan\Cookies\tristan@zedo[14].txt

Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Tristan\Cookies\tristan@zedo[15].txt

Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Tristan\Cookies\tristan@zedo[16].txt

Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Tristan\Cookies\tristan@zedo[17].txt

Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Tristan\Cookies\tristan@zedo[18].txt

Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Tristan\Cookies\tristan@zedo[1].txt

Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Tristan\Cookies\tristan@zedo[20].txt

Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Tristan\Cookies\tristan@zedo[2].txt

Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Tristan\Cookies\tristan@zedo[3].txt

Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Tristan\Cookies\tristan@zedo[4].txt

Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Tristan\Cookies\tristan@zedo[5].txt

Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Tristan\Cookies\tristan@zedo[6].txt

Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Tristan\Cookies\tristan@zedo[7].txt

Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Tristan\Cookies\tristan@zedo[8].txt

Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Tristan\Cookies\tristan@zedo[9].txt

Potentially unwanted tool:Application/ErrorSafe Not disinfected C:\Documents and Settings\Tristan\Local Settings\Application Data\Mozilla\Firefox\Profiles\mgdkq8hn.default\Cache\A23E4567d01

Potentially unwanted tool:Application/ErrorSafe Not disinfected C:\Documents and Settings\Tristan\Local Settings\Application Data\Mozilla\Firefox\Profiles\mgdkq8hn.default\Cache\B44F0815d01

Virus:Trj/Downloader.PJT Disinfected C:\Documents and Settings\Tristan\Local Settings\Temp\fsjfewbi.exe

Virus:Trj/Downloader.PJT Disinfected C:\Documents and Settings\Tristan\Local Settings\Temp\hsrwiboo.exe

Virus:Trj/Downloader.PJT Disinfected C:\Documents and Settings\Tristan\Local Settings\Temp\lvghpypd.exe

Virus:Trj/Downloader.OZB Disinfected C:\Documents and Settings\Tristan\Local Settings\Temp\lxaujrwp.exe

Virus:Trj/Downloader.PJT Disinfected C:\Documents and Settings\Tristan\Local Settings\Temp\onvjukrj.exe

Virus:Trj/Downloader.OZB Disinfected C:\Documents and Settings\Tristan\Local Settings\Temp\qumjtrgo.exe

Virus:Trj/Downloader.OZB Disinfected C:\Documents and Settings\Tristan\Local Settings\Temp\qwubohkj.exe

Virus:Trj/Downloader.OZB Disinfected C:\Documents and Settings\Tristan\Local Settings\Temp\qxhcakkn.exe

Virus:Trj/Downloader.OZB Disinfected C:\Documents and Settings\Tristan\Local Settings\Temp\soevredw.exe

Spyware:Spyware/Virtumonde Not disinfected C:\Documents and Settings\Tristan\Local Settings\Temp\wkxpbfep.dll

Virus:Trj/Downloader.PJT Disinfected C:\Documents and Settings\Tristan\Local Settings\Temp\wxdnjxse.exe

Virus:Trj/Downloader.PCQ Disinfected C:\Documents and Settings\Tristan\Local Settings\Temp\ykorqmnb.exe

Virus:Generic Malware Disinfected C:\Documents and Settings\Tristan\Local Settings\Temporary Internet Files\Content.IE5\8Y2AXXYM\masiyxanidi[1]

Virus:Trj/Downloader.PJT Disinfected C:\Documents and Settings\Tristan\Local Settings\Temporary Internet Files\Content.IE5\FE14KSR0\kcehc_eicooc20070702[1]

Adware:Adware/Sqwire Not disinfected C:\Program Files\Common Files\rrok\rroka.exe

Adware:Adware/Sqwire Not disinfected C:\Program Files\Common Files\rrok\rrokd\rrokc.dll

Adware:Adware/Sqwire Not disinfected C:\Program Files\Common Files\rrok\rrokl.exe

Adware:Adware/Sqwire Not disinfected C:\Program Files\Common Files\rrok\rrokm.exe

Adware:Adware/Sqwire Not disinfected C:\Program Files\Common Files\rrok\rrokp.exe

Adware:Adware/Starware Not disinfected C:\Program Files\EarthLink Setup\windows\msdotnet\netSetup.exe[

Link to post
Share on other sites

Hi there. Your logs show evidence of fixes being run that I did not instruct. You are either doing things on your own, or getting help at another forum, either way you must decide if your going to follow my instructions only or seek help elsewhere.

This is for your benefit and to make sure your system doesn't get damaged beyond repair. Let me know what you want to do. You are not clean of infection by any means.

Link to post
Share on other sites

Hi there. Your logs show evidence of fixes being run that I did not instruct. You are either doing things on your own, or getting help at another forum, either way you must decide if your going to follow my instructions only or seek help elsewhere.

This is for your benefit and to make sure your system doesn't get damaged beyond repair. Let me know what you want to do. You are not clean of infection by any means.

I had cleaned a bit on my own. I'm sorry. I'll follow your instructions.

Link to post
Share on other sites

OK I will keep working with you. If you would like to submit files to our database please upload these files:

C:\WINDOWS\glbtmflA.exe

C:\WINDOWS\win32062352826722007.exe

C:\WINDOWS\g4356cbvy63.exe

Here: http://uploads.malwarebytes.org/ If you don't want to that is fine. You do have a new version of the Vundo trojan and we could add it to the definitions of the new product being tested. It is totally up to you.

Please follow the instructions below.

VundoFix.exe is a removal tool developed to remove Virtumonde infections. To use the tool follow the instrctions below.

Please download VundoFix.exe by Attribune to your desktop.

* Double-click VundoFix.exe to run it.

* When VundoFix re-opens, click the Scan for Vundo button.

* Once it's done scanning, click the Remove Vundo button.

* You will receive a prompt asking if you want to remove the files, click YES

* Once you click yes, your desktop will go blank as it starts removing Vundo.

* When completed, it will prompt that it will reboot your computer, click OK.

Note: It is possible that VundoFix encountered a file it could not remove.

In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the

Scan for Vundo button." when VundoFix appears at reboot.

After that scan please post a new HJT log and we will see how we are doing.

Link to post
Share on other sites

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 8:42:58 PM, on 8/1/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\clamAV\clamdService.exe

C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe

C:\Program Files\clamAV\clamd.exe

C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\system32\userinit.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxpers.exe

C:\WINDOWS\stsystra.exe

C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe

C:\WINDOWS\System32\DLA\DLACTRLW.EXE

C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

C:\WINDOWS\surfmonkey\smproxy.exe

C:\WINDOWS\glbtmflA.exe

C:\WINDOWS\win32062352826722007.exe

C:\WINDOWS\g4356cbvy63.exe

C:\WINDOWS\system32\rundll32.exe

C:\Program Files\Winamp\winampa.exe

C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

C:\Program Files\Digital Line Detect\DLG.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=1070526

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=1070526

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=1070526

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: EarthLink Popup Blocker - {4B5F2E08-6F39-479a-B547-B2026E4C7EDF} - C:\Program Files\EarthLink TotalAccess\PnEL.dll

O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O2 - BHO: (no name) - {C6039E6C-BDE9-4de5-BB40-768CAA584FDC} - C:\WINDOWS\system32\twtkfplf.dll

O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll

O2 - BHO: (no name) - {D3D70E1B-659C-4B50-A07F-EDD9DBDE2DB8} - C:\DOCUME~1\Tristan\LOCALS~1\Temp\vturr.dll (file missing)

O3 - Toolbar: EarthLink Toolbar - {D7F30B62-8269-41AF-9539-B2697FA7D77E} - C:\Program Files\EarthLink TotalAccess\PnEL.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll (file missing)

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [sigmatelSysTrayApp] stsystra.exe

O4 - HKLM\..\Run: [iAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe

O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe

O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE

O4 - HKLM\..\Run: [iSUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup

O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start

O4 - HKLM\..\Run: [ELNKProxy] C:\WINDOWS\surfmonkey\smproxy.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [glbtmflA] C:\WINDOWS\glbtmflA.exe

O4 - HKLM\..\Run: [win32062352826722007] C:\WINDOWS\win32062352826722007

O4 - HKLM\..\Run: [g4356cbvy63] C:\WINDOWS\g4356cbvy63

O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe

O4 - HKLM\..\Run: [systemOptimizer] rundll32.exe "C:\WINDOWS\system32\pycpromm.dll",forkonce

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: Digital Line Detect.lnk = ?

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

O20 - Winlogon Notify: pmnkkjh - pmnkkjh.dll (file missing)

O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)

O23 - Service: ClamAV (clamAntiVirus) - Unknown owner - C:\Program Files\clamAV\clamdService.exe

O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe

O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe

O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

--

End of file - 6510 bytes

Link to post
Share on other sites

Did you run the Vundo fix?

Run HJT again and put a check next to the items below.

O2 - BHO: (no name) - {D3D70E1B-659C-4B50-A07F-EDD9DBDE2DB8} - C:\DOCUME~1\Tristan\LOCALS~1\Temp\vturr.dll (file missing)

O2 - BHO: (no name) - {C6039E6C-BDE9-4de5-BB40-768CAA584FDC} - C:\WINDOWS\system32\twtkfplf.dll

O4 - HKLM\..\Run: [glbtmflA] C:\WINDOWS\glbtmflA.exe

O4 - HKLM\..\Run: [win32062352826722007] C:\WINDOWS\win32062352826722007

O4 - HKLM\..\Run: [g4356cbvy63] C:\WINDOWS\g4356cbvy63

O20 - Winlogon Notify: pmnkkjh - pmnkkjh.dll (file missing)

Click fix then run the Vundo fix again and post a new HJT log. Please give me some feed back as to what is happening on your end also.

Link to post
Share on other sites

I ran the VundoFix before the log, and it removed a lot. I ran it again after I got rid of the HJT items, and it came up clean.

Here's the new log:

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 10:12:22 PM, on 8/1/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\clamAV\clamdService.exe

C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe

C:\Program Files\clamAV\clamd.exe

C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxpers.exe

C:\WINDOWS\stsystra.exe

C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe

C:\WINDOWS\System32\DLA\DLACTRLW.EXE

C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

C:\WINDOWS\surfmonkey\smproxy.exe

C:\Program Files\Winamp\winampa.exe

C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

C:\Program Files\Digital Line Detect\DLG.exe

C:\WINDOWS\system32\rundll32.exe

C:\Documents and Settings\Colin.D48PRVC1\My Documents\Firefox\firefox.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\Winamp\winamp.exe

C:\WINDOWS\explorer.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=1070526

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=1070526

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=1070526

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: EarthLink Popup Blocker - {4B5F2E08-6F39-479a-B547-B2026E4C7EDF} - C:\Program Files\EarthLink TotalAccess\PnEL.dll

O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll

O3 - Toolbar: EarthLink Toolbar - {D7F30B62-8269-41AF-9539-B2697FA7D77E} - C:\Program Files\EarthLink TotalAccess\PnEL.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll (file missing)

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [sigmatelSysTrayApp] stsystra.exe

O4 - HKLM\..\Run: [iAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe

O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe

O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE

O4 - HKLM\..\Run: [iSUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup

O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start

O4 - HKLM\..\Run: [ELNKProxy] C:\WINDOWS\surfmonkey\smproxy.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe

O4 - HKLM\..\Run: [systemOptimizer] rundll32.exe "C:\WINDOWS\system32\pycpromm.dll",forkonce

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: Digital Line Detect.lnk = ?

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)

O23 - Service: ClamAV (clamAntiVirus) - Unknown owner - C:\Program Files\clamAV\clamdService.exe

O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe

O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe

O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

--

End of file - 6033 bytes

Link to post
Share on other sites

It's looking better, still not done though. I missed a couple.

Run HJT again and put a check next to these please.

O4 - HKLM\..\Run: [systemOptimizer] rundll32.exe "C:\WINDOWS\system32\pycpromm.dll",forkonce

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

Make sure you have your system set to show all files and folders.

Click Start.

Open My Computer.

Select the Tools menu and click Folder Options.

Select the View Tab.

Under the Hidden files and folders heading select Show hidden files and folders.

Uncheck the Hide protected operating system files (recommended) option.

Click Yes to confirm.

Click OK.

Press Control-Alt-Del to enter the Task Manager.

Click on the Processes tab and end the following process, this is not Firefox the browser:

C:\Documents and Settings\Colin.D48PRVC1\My Documents\Firefox\firefox.exe

Exit the Task Manager when finished.

Reboot into Safe Mode: By tapping the F8 key as soon as you hear the beep.

Using Windows Explorer, locate the following files/folders, and delete them:

C:\Documents and Settings\Colin.D48PRVC1\My Documents\Firefox\firefox.exe

Exit Explorer, and reboot as normal afterwards.

If you were unable to find any of the files then please follow these additional instructions:

Download Pocket Killbox and unzip it; save it to your Desktop.

Run it, and click the radio button that says Delete a file on reboot. For each of the files you could not delete, paste them one at a time into the full path of file to delete box and click the red circle with a white cross in it.

The program will ask you if you want to reboot; say No each time until the last one has been pasted in whereupon you should answer Yes.

Let the system reboot. Then please get the program below install, update and run a scan, put a check in anything it finds and click on fix. Have it remove all the spy and adware cookies you have.

Spybot Search & Destroy

Now please do another scan at Panda and post that log and a new HJT also. We are getting closer.

You also need to update your Adobe Reader, it is a known security risk version and so is your Java. Go to Add/Remove programs and uninstall both. Also go to program files and delete the program file for Java and Adobe if it leaves one, I don't remember for sure on that one. You can get the current Java here http://www.java.com/en/download/manual.jsp and Adobe http://www.adobe.com/products/reader/

Link to post
Share on other sites

I did as you asked, except for the Firefox, because that is the real program, I installed it there. Not sure why, but I did.

Here's the latest log:

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 12:22:36 PM, on 8/2/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\clamAV\clamdService.exe

C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe

C:\Program Files\clamAV\clamd.exe

C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxpers.exe

C:\WINDOWS\stsystra.exe

C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe

C:\WINDOWS\System32\DLA\DLACTRLW.EXE

C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

C:\WINDOWS\surfmonkey\smproxy.exe

C:\Program Files\Winamp\winampa.exe

C:\Program Files\Digital Line Detect\DLG.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\Winamp\winamp.exe

C:\Program Files\Bethesda Softworks\Morrowind\Morrowind.exe

C:\Documents and Settings\Colin.D48PRVC1\My Documents\Firefox\firefox.exe

C:\WINDOWS\system32\msiexec.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=1070526

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=1070526

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=1070526

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {43ADFCB3-4379-4B82-2F74-4AB60840F294} - C:\WINDOWS\system32\lubcpmj.dll

O2 - BHO: EarthLink Popup Blocker - {4B5F2E08-6F39-479a-B547-B2026E4C7EDF} - C:\Program Files\EarthLink TotalAccess\PnEL.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll

O3 - Toolbar: EarthLink Toolbar - {D7F30B62-8269-41AF-9539-B2697FA7D77E} - C:\Program Files\EarthLink TotalAccess\PnEL.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll (file missing)

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [sigmatelSysTrayApp] stsystra.exe

O4 - HKLM\..\Run: [iAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe

O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe

O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE

O4 - HKLM\..\Run: [iSUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup

O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start

O4 - HKLM\..\Run: [ELNKProxy] C:\WINDOWS\surfmonkey\smproxy.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - Global Startup: Digital Line Detect.lnk = ?

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)

O23 - Service: ClamAV (clamAntiVirus) - Unknown owner - C:\Program Files\clamAV\clamdService.exe

O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: Intel

Link to post
Share on other sites

OK where is the Panda log? I would reinstall Firefox to the correct location if I was you. That way you know it is not an infection.

Would you please attach this file to your next post: C:\WINDOWS\system32\lubcpmj.dll

Unless you know what it is also run HJT again and please put a check in this:

O2 - BHO: (no name) - {43ADFCB3-4379-4B82-2F74-4AB60840F294} - C:\WINDOWS\system32\lubcpmj.dll

I would get rid of this too but it is your call

O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll

It is not necessary and questionable IMO Google and Dell have teamed up to control your browser. http://googlesystem.blogspot.com/2007/05/g...ress-error.html

http://www.gadgetizer.com/2006/02/10/is-de...ealing-traffic/ Those are just two articles about it.

I would like to see the Panda log from a fresh scan please. We have made huge progress. You had some horrible infections and any passwords you and any other users of this machine have for sensitive sites like banking or credit information should all be changed ASAP. I'm reasonably sure we have those gone so they can't get your new passwords. But I need to see the Panda log.

Then we will still have a few final steps. You still need to uninstall Java, delete the program folder and reinstall the safe updated version too.

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.