renrats Posted July 31, 2007 ID:6875 Share Posted July 31, 2007 I've been having some serious ad ware issues as of late. While searching for a way to fix this, I stumbled across this site, and thusly HijackThis. Anyways, here's my log, if anyone could help me, it'd be appreciatedLogfile of Trend Micro HijackThis v2.0.0 (BETA)Scan saved at 2:37:13 PM, on 7/31/2007Platform: Windows XP SP2 (WinNT 5.01.2600)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exeC:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exeC:\WINDOWS\system32\wscntfy.exeC:\WINDOWS\system32\hkcmd.exeC:\WINDOWS\system32\igfxpers.exeC:\WINDOWS\stsystra.exeC:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exeC:\WINDOWS\System32\DLA\DLACTRLW.EXEC:\Program Files\Common Files\InstallShield\UpdateService\issch.exeC:\WINDOWS\surfmonkey\smproxy.exeC:\WINDOWS\glbtmflA.exeC:\WINDOWS\win32062352826722007.exeC:\WINDOWS\g4356cbvy63.exeC:\WINDOWS\system32\rundll32.exeC:\PROGRA~1\COMMON~1\AVSYST~1\uga6pcw.exeC:\Program Files\Digital Line Detect\DLG.exeC:\Program Files\Winamp\winamp.exeC:\WINDOWS\system32\svchost.exeC:\DOCUME~1\COLIN~1.D48\MYDOCU~1\FIREFOX\FIREFOX.EXEC:\Program Files\Microsoft Office\Office10\MSACCESS.EXEC:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exeC:\WINDOWS\system32\msiexec.exeC:\WINDOWS\system32\cmd.exeC:\WINDOWS\explorer.exeC:\Documents and Settings\Colin.D48PRVC1\My Documents\Downloads\HiJackThis_v2.exeR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=1070526R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=1070526R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.comR0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.comR1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=1070526O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dllO2 - BHO: (no name) - {3964D8D6-86D0-493A-B460-A805B5401114} - C:\WINDOWS\system32\wvuttur.dllO2 - BHO: EarthLink Popup Blocker - {4B5F2E08-6F39-479a-B547-B2026E4C7EDF} - C:\Program Files\EarthLink TotalAccess\PnEL.dllO2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLLO2 - BHO: (no name) - {681D1C8B-AF1A-F8E9-4917-FC8DBB2CD090} - C:\WINDOWS\system32\xde.dllO2 - BHO: (no name) - {6D41C0C4-EDCC-47ED-BE5F-B98E4088082F} - C:\DOCUME~1\Tristan\LOCALS~1\Temp\vturr.dllO2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dllO2 - BHO: (no name) - {77C6A56E-E330-4DDD-8E14-1CF558A4599C} - C:\DOCUME~1\Ian\LOCALS~1\Temp\ssttr.dllO2 - BHO: (no name) - {C6039E6C-BDE9-4de5-BB40-768CAA584FDC} - C:\WINDOWS\system32\twtkfplf.dllO2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dllO2 - BHO: (no name) - {CACFB41C-BF81-4F52-847B-3064A2F9511A} - C:\Program Files\MSN Gaming Zone\nizyd4.dllO2 - BHO: CIEIntegrator Object - {D3B4C621-6024-410B-9F0F-22CBD6981F5E} - C:\Program Files\AVSystemCare\Addons\popupg.dllO2 - BHO: (no name) - {DB28152F-2056-4481-BA69-634A3B3D970C} - C:\WINDOWS\system32\jkkjk.dllO3 - Toolbar: EarthLink Toolbar - {D7F30B62-8269-41AF-9539-B2697FA7D77E} - C:\Program Files\EarthLink TotalAccess\PnEL.dllO3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll (file missing)O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exeO4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exeO4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exeO4 - HKLM\..\Run: [sigmatelSysTrayApp] stsystra.exeO4 - HKLM\..\Run: [iAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exeO4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exeO4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXEO4 - HKLM\..\Run: [iSUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startupO4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -startO4 - HKLM\..\Run: [ELNKProxy] C:\WINDOWS\surfmonkey\smproxy.exeO4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottimeO4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exeO4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exeO4 - HKLM\..\Run: [glbtmflA] C:\WINDOWS\glbtmflA.exeO4 - HKLM\..\Run: [win32062352826722007] C:\WINDOWS\win32062352826722007O4 - HKLM\..\Run: [{ZN}] C:\WINDOWS\sys022672235282007.exe ICM001O4 - HKLM\..\Run: [g4356cbvy63] C:\WINDOWS\g4356cbvy63O4 - HKLM\..\Run: [MemoryManager] rundll32.exe "C:\DOCUME~1\Tristan\LOCALS~1\Temp\yhomjymf.dll",sitypnowO4 - HKLM\..\Run: [AVSystemCare] C:\Program Files\AVSystemCare\pgs.exeO4 - HKLM\..\Run: [uga6pcw] "C:\PROGRA~1\COMMON~1\AVSYST~1\uga6pcw.exe" -startO4 - S-1-5-21-600373968-3565873685-2217043775-1010 Startup: TA_Start.lnk = C:\WINDOWS\sys022672235282007.exe (User '?')O4 - Startup: TA_Start.lnk = C:\WINDOWS\sys022672235282007.exeO4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exeO4 - Global Startup: Digital Line Detect.lnk = ?O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXEO8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dllO9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dllO9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dllO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO20 - Winlogon Notify: geeba - C:\WINDOWS\system32\geeba.dllO20 - Winlogon Notify: jkkjk - C:\WINDOWS\system32\jkkjk.dllO20 - Winlogon Notify: ssttr - C:\DOCUME~1\Ian\LOCALS~1\Temp\ssttr.dllO20 - Winlogon Notify: vturr - C:\DOCUME~1\Tristan\LOCALS~1\Temp\vturr.dllO20 - Winlogon Notify: wvuttur - C:\WINDOWS\SYSTEM32\wvuttur.dllO22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dllO22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dllO23 - Service: ClamAV (clamAntiVirus) - Unknown owner - C:\Program Files\clamAV\clamdService.exeO23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exeO23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exeO23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exeO23 - Service: Net Agent - Unknown owner - C:\WINDOWS\dls0523pmw.exeO23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exeO23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe--End of file - 7936 bytes Link to post Share on other sites More sharing options...
JeanInMontana Posted July 31, 2007 ID:6880 Share Posted July 31, 2007 Hi renrats and welcome to Malwarebytes.You do have a bit of a mess. With patience and perseverance we will get you all cleaned up. First please set your system to show all files and folders.Click Start.Open My Computer.Select the Tools menu and click Folder Options.Select the View Tab.Under the Hidden files and folders heading select Show hidden files and folders.Uncheck the Hide protected operating system files (recommended) option.Click Yes to confirm.Click OK.[*]Close all programs leaving only HijackThis running. Place a check against each of the following, making sure you get them all and not any others by mistake:O2 - BHO: (no name) - {3964D8D6-86D0-493A-B460-A805B5401114} - C:\WINDOWS\system32\wvuttur.dllO2 - BHO: (no name) - {681D1C8B-AF1A-F8E9-4917-FC8DBB2CD090} - C:\WINDOWS\system32\xde.dllO2 - BHO: (no name) - {6D41C0C4-EDCC-47ED-BE5F-B98E4088082F} - C:\DOCUME~1\Tristan\LOCALS~1\Temp\vturr.dllO2 - BHO: (no name) - {C6039E6C-BDE9-4de5-BB40-768CAA584FDC} - C:\WINDOWS\system32\twtkfplf.dllO2 - BHO: (no name) - {CACFB41C-BF81-4F52-847B-3064A2F9511A} - C:\Program Files\MSN Gaming Zone\nizyd4.dllO2 - BHO: CIEIntegrator Object - {D3B4C621-6024-410B-9F0F-22CBD6981F5E} - C:\Program Files\AVSystemCare\Addons\popupg.dllO2 - BHO: (no name) - {DB28152F-2056-4481-BA69-634A3B3D970C} - C:\WINDOWS\system32\jkkjk.dllO4 - HKLM\..\Run: [{ZN}] C:\WINDOWS\sys022672235282007.exe ICM001O4 - HKLM\..\Run: [MemoryManager] rundll32.exe "C:\DOCUME~1\Tristan\LOCALS~1\Temp\yhomjymf.dll",sitypnowO4 - S-1-5-21-600373968-3565873685-2217043775-1010 Startup: TA_Start.lnk = C:\WINDOWS\sys022672235282007.exe (User '?')O4 - Startup: TA_Start.lnk = C:\WINDOWS\sys022672235282007.exeO20 - Winlogon Notify: jkkjk - C:\WINDOWS\system32\jkkjk.dllO23 - Service: Net Agent - Unknown owner - C:\WINDOWS\dls0523pmw.exeClick on Fix Checked when finished and exit HijackThis.[*]Reboot into Safe Mode: By tapping the F8 key as soon as you hear the beep when the system starts.Using Windows Explorer, locate the following files/folders, and delete them:C:\WINDOWS\sys022672235282007.exe ICM001rundll32.exe "C:\DOCUME~1\Tristan\LOCALS~1\Temp\yhomjymf.dll",sitypnowO4 - S-1-5-21-600373968-3565873685-2217043775-1010 Startup: TA_Start.lnk = C:\WINDOWS\sys022672235282007.exe (User '?')O4 - Startup: TA_Start.lnk = C:\WINDOWS\sys022672235282007.exeC:\WINDOWS\system32\jkkjk.dllC:\WINDOWS\dls0523pmw.exeExit Explorer, and reboot as normal afterwards.If you were unable to find any of the files then please follow these additional instructions:Download Pocket Killbox and unzip it; save it to your Desktop.Run it, and click the radio button that says Delete a file on reboot. For each of the files you could not delete, paste them one at a time into the full path of file to delete box and click the red circle with a white cross in it.The program will ask you if you want to reboot; say No each time until the last one has been pasted in whereupon you should answer Yes.Let the system reboot.Now please go here http://www.pandasecurity.com/homeusers/solutions/activescan/ and run a full scan, remove anything it finds and save the log. Post that log as a reply in this thread and a new HiJack This log. But please get this version http://www.trendsecure.com/portal/en-US/th.../hijackthis.php your using a beta version and the program is no longer in beta.We will have another look and see what else there is to do. Link to post Share on other sites More sharing options...
renrats Posted August 1, 2007 Author ID:6905 Share Posted August 1, 2007 EDIT: Sorry about lengthLogfile of Trend Micro HijackThis v2.0.2Scan saved at 1:15:12 AM, on 8/1/2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\clamAV\clamdService.exeC:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exeC:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exeC:\Program Files\clamAV\freshclam.exeC:\Program Files\clamAV\clamd.exeC:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exeC:\WINDOWS\system32\wscntfy.exeC:\WINDOWS\surfmonkey\SMProxy.exeC:\WINDOWS\system32\rundll32.exeC:\WINDOWS\system32\hkcmd.exeC:\WINDOWS\system32\igfxpers.exeC:\WINDOWS\stsystra.exeC:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exeC:\WINDOWS\System32\DLA\DLACTRLW.EXEC:\Program Files\Common Files\InstallShield\UpdateService\issch.exeC:\WINDOWS\glbtmflA.exeC:\WINDOWS\win32062352826722007.exeC:\WINDOWS\g4356cbvy63.exeC:\Program Files\Digital Line Detect\DLG.exeC:\Documents and Settings\Colin.D48PRVC1\My Documents\Firefox\firefox.exeC:\Program Files\Winamp\winamp.exeC:\WINDOWS\explorer.exeC:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exeC:\Program Files\Trend Micro\HijackThis\HijackThis.exeR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=1070526R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=1070526R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.comR0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.comR1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=1070526O3 - Toolbar: EarthLink Toolbar - {D7F30B62-8269-41AF-9539-B2697FA7D77E} - C:\Program Files\EarthLink TotalAccess\PnEL.dllO3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll (file missing)O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exeO4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exeO4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exeO4 - HKLM\..\Run: [sigmatelSysTrayApp] stsystra.exeO4 - HKLM\..\Run: [iAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exeO4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exeO4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXEO4 - HKLM\..\Run: [iSUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startupO4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -startO4 - HKLM\..\Run: [ELNKProxy] C:\WINDOWS\surfmonkey\smproxy.exeO4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottimeO4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exeO4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exeO4 - HKLM\..\Run: [glbtmflA] C:\WINDOWS\glbtmflA.exeO4 - HKLM\..\Run: [win32062352826722007] C:\WINDOWS\win32062352826722007O4 - HKLM\..\Run: [g4356cbvy63] C:\WINDOWS\g4356cbvy63O4 - HKLM\..\Run: [userFaultCheck] %systemroot%\system32\dumprep 0 -uO4 - HKLM\..\Run: [systemOptimizer] rundll32.exe "C:\WINDOWS\system32\qwstadve.dll",forkonceO4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exeO4 - Global Startup: Digital Line Detect.lnk = ?O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXEO8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dllO9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dllO9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dllO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cabO23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)O23 - Service: ClamAV (clamAntiVirus) - Unknown owner - C:\Program Files\clamAV\clamdService.exeO23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exeO23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exeO23 - Service: Intel Link to post Share on other sites More sharing options...
renrats Posted August 1, 2007 Author ID:6906 Share Posted August 1, 2007 Incident Status Location Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Colin.D48PRVC1\Application Data\Mozilla\Firefox\Profiles\5ggiza7x.default\cookies.txt[.zedo.com/] Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Colin.D48PRVC1\Application Data\Mozilla\Firefox\Profiles\5ggiza7x.default\cookies.txt[ad.yieldmanager.com/] Spyware:Cookie/Winantivirus Not disinfected C:\Documents and Settings\Colin.D48PRVC1\Application Data\Mozilla\Firefox\Profiles\5ggiza7x.default\cookies.txt[.winantivirus.com/] Spyware:Cookie/Winantivirus Not disinfected C:\Documents and Settings\Colin.D48PRVC1\Application Data\Mozilla\Firefox\Profiles\5ggiza7x.default\cookies.txt[winantivirus.com/] Spyware:Cookie/Reliablestats Not disinfected C:\Documents and Settings\Colin.D48PRVC1\Application Data\Mozilla\Firefox\Profiles\5ggiza7x.default\cookies.txt[stats1.reliablestats.com/] Spyware:Cookie/Winantivirus Not disinfected C:\Documents and Settings\Colin.D48PRVC1\Application Data\Mozilla\Firefox\Profiles\5ggiza7x.default\cookies.txt[.winantivirus.com/] Spyware:Cookie/WebtrendsLive Not disinfected C:\Documents and Settings\Colin.D48PRVC1\Application Data\Mozilla\Firefox\Profiles\5ggiza7x.default\cookies.txt[statse.webtrendslive.com/] Spyware:Cookie/adultfriendfinder Not disinfected C:\Documents and Settings\Colin.D48PRVC1\Application Data\Mozilla\Firefox\Profiles\5ggiza7x.default\cookies.txt[.adultfriendfinder.com/] Spyware:Cookie/Sextracker Not disinfected C:\Documents and Settings\Colin.D48PRVC1\Application Data\Mozilla\Firefox\Profiles\5ggiza7x.default\cookies.txt[.sextracker.com/] Spyware:Cookie/Sextracker Not disinfected C:\Documents and Settings\Colin.D48PRVC1\Application Data\Mozilla\Firefox\Profiles\5ggiza7x.default\cookies.txt[counter13.sextracker.com/] Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Colin.D48PRVC1\Application Data\Mozilla\Firefox\Profiles\5ggiza7x.default\cookies.txt[.fastclick.net/] Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Colin.D48PRVC1\Application Data\Mozilla\Firefox\Profiles\5ggiza7x.default\cookies.txt[.doubleclick.net/] Spyware:Cookie/BurstNet Not disinfected C:\Documents and Settings\Colin.D48PRVC1\Application Data\Mozilla\Firefox\Profiles\5ggiza7x.default\cookies.txt[.burstnet.com/] Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Colin.D48PRVC1\Application Data\Mozilla\Firefox\Profiles\5ggiza7x.default\cookies.txt[.adrevolver.com/] Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Colin.D48PRVC1\Application Data\Mozilla\Firefox\Profiles\5ggiza7x.default\cookies.txt[.atdmt.com/] Spyware:Cookie/AdDynamix Not disinfected C:\Documents and Settings\Colin.D48PRVC1\Application Data\Mozilla\Firefox\Profiles\5ggiza7x.default\cookies.txt[.ads.addynamix.com/] Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\Colin.D48PRVC1\Application Data\Mozilla\Firefox\Profiles\5ggiza7x.default\cookies.txt[.casalemedia.com/] Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Colin.D48PRVC1\Application Data\Mozilla\Firefox\Profiles\5ggiza7x.default\cookies.txt[.tribalfusion.com/] Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\Colin.D48PRVC1\Application Data\Mozilla\Firefox\Profiles\5ggiza7x.default\cookies.txt[.casalemedia.com/] Spyware:Cookie/Bluestreak Not disinfected C:\Documents and Settings\Colin.D48PRVC1\Application Data\Mozilla\Firefox\Profiles\5ggiza7x.default\cookies.txt[.bluestreak.com/] Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\Colin.D48PRVC1\Application Data\Mozilla\Firefox\Profiles\5ggiza7x.default\cookies.txt[.questionmarket.com/] Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Colin.D48PRVC1\Application Data\Mozilla\Firefox\Profiles\5ggiza7x.default\cookies.txt[.mediaplex.com/] Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Colin.D48PRVC1\Application Data\Mozilla\Firefox\Profiles\5ggiza7x.default\cookies.txt[.com.com/] Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Colin.D48PRVC1\Application Data\Mozilla\Firefox\Profiles\5ggiza7x.default\cookies.txt[.advertising.com/] Spyware:Cookie/WUpd Not disinfected C:\Documents and Settings\Colin.D48PRVC1\Application Data\Mozilla\Firefox\Profiles\5ggiza7x.default\cookies.txt[.revenue.net/] Spyware:Cookie/Searchportal Not disinfected C:\Documents and Settings\Colin.D48PRVC1\Application Data\Mozilla\Firefox\Profiles\5ggiza7x.default\cookies.txt[searchportal.information.com/] Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Colin.D48PRVC1\Cookies\colin@2o7[2].txt Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Colin.D48PRVC1\Cookies\colin@ad.yieldmanager[2].txt Spyware:Cookie/AdDynamix Not disinfected C:\Documents and Settings\Colin.D48PRVC1\Cookies\colin@ads.addynamix[1].txt Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Colin.D48PRVC1\Cookies\colin@atdmt[2].txt Spyware:Cookie/BurstNet Not disinfected C:\Documents and Settings\Colin.D48PRVC1\Cookies\colin@burstnet[2].txt Spyware:Cookie/Sextracker Not disinfected C:\Documents and Settings\Colin.D48PRVC1\Cookies\colin@counter1.sextracker[1].txt Spyware:Cookie/Sextracker Not disinfected C:\Documents and Settings\Colin.D48PRVC1\Cookies\colin@counter13.sextracker[1].txt Spyware:Cookie/Sextracker Not disinfected C:\Documents and Settings\Colin.D48PRVC1\Cookies\colin@counter3.sextracker[1].txt Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Colin.D48PRVC1\Cookies\colin@doubleclick[1].txt Spyware:Cookie/ErrorSafe Not disinfected C:\Documents and Settings\Colin.D48PRVC1\Cookies\colin@errorsafe[2].txt Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Colin.D48PRVC1\Cookies\colin@fastclick[1].txt Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Colin.D48PRVC1\Cookies\colin@mediaplex[1].txt Spyware:Cookie/WUpd Not disinfected C:\Documents and Settings\Colin.D48PRVC1\Cookies\colin@revenue[1].txt Spyware:Cookie/Sextracker Not disinfected C:\Documents and Settings\Colin.D48PRVC1\Cookies\colin@sextracker[2].txt Spyware:Cookie/Reliablestats Not disinfected C:\Documents and Settings\Colin.D48PRVC1\Cookies\colin@stats1.reliablestats[2].txt Spyware:Cookie/Systemdoctor Not disinfected C:\Documents and Settings\Colin.D48PRVC1\Cookies\colin@systemdoctor[1].txt Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Colin.D48PRVC1\Cookies\colin@tribalfusion[1].txt Spyware:Cookie/Winantivirus Not disinfected C:\Documents and Settings\Colin.D48PRVC1\Cookies\colin@winantivirus[1].txt Spyware:Cookie/ErrorSafe Not disinfected C:\Documents and Settings\Colin.D48PRVC1\Cookies\colin@www.errorsafe[1].txt Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Colin.D48PRVC1\Cookies\colin@zedo[1].txt Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Colin.D48PRVC1\Cookies\colin@zedo[2].txt Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Colin.D48PRVC1\Cookies\colin@zedo[3].txt Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Colin.D48PRVC1\Cookies\colin@zedo[4].txt Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Colin.D48PRVC1\Cookies\colin@zedo[6].txt Potentially unwanted tool:Application/ErrorSafe Not disinfected C:\Documents and Settings\Colin.D48PRVC1\Local Settings\Application Data\Mozilla\Firefox\Profiles\5ggiza7x.default\Cache\A23E4567d01 Virus:Generic Malware Disinfected C:\Documents and Settings\Colin.D48PRVC1\Local Settings\Temporary Internet Files\Content.IE5\OR8O3SI8\masiyxanidi[1] Virus:Trj/Downloader.PJT Disinfected C:\Documents and Settings\Colin.D48PRVC1\Local Settings\Temporary Internet Files\Content.IE5\Y969MBYZ\kcehc_eicooc20070702[1] Potentially unwanted tool:Application/ErrorSafe Not disinfected C:\Documents and Settings\Colin.D48PRVC1\Local Settings\Temporary Internet Files\Content.IE5\Y969MBYZ\WinAntiVirusPro2006FreeInstall[1].exe Virus:Eicar.Mod Not disinfected C:\Documents and Settings\Colin.D48PRVC1\My Documents\Downloads\BAV_v4.rar[bin\Test.bvd] Virus:Eicar.Mod Not disinfected C:\Documents and Settings\Colin.D48PRVC1\My Documents\Downloads\BAV_v4.rar[VirusTool\Test.bvd] Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Colin.D48PRVC1\My Documents\Downloads\SDFix.exe[sDFix\apps\Process.exe] Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Ian\Application Data\Mozilla\Firefox\Profiles\g7bjp78p.default\cookies.txt[.advertising.com/] Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Ian\Application Data\Mozilla\Firefox\Profiles\g7bjp78p.default\cookies.txt[.atdmt.com/] Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Ian\Application Data\Mozilla\Firefox\Profiles\g7bjp78p.default\cookies.txt[.realmedia.com/] Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Ian\Application Data\Mozilla\Firefox\Profiles\g7bjp78p.default\cookies.txt[.doubleclick.net/] Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Ian\Application Data\Mozilla\Firefox\Profiles\g7bjp78p.default\cookies.txt[.tribalfusion.com/] Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Ian\Application Data\Mozilla\Firefox\Profiles\g7bjp78p.default\cookies.txt[.adrevolver.com/] Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Ian\Application Data\Mozilla\Firefox\Profiles\g7bjp78p.default\cookies.txt[ad.yieldmanager.com/] Spyware:Cookie/Azjmp Not disinfected C:\Documents and Settings\Ian\Application Data\Mozilla\Firefox\Profiles\g7bjp78p.default\cookies.txt[.azjmp.com/] Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Ian\Application Data\Mozilla\Firefox\Profiles\g7bjp78p.default\cookies.txt[.serving-sys.com/] Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Ian\Application Data\Mozilla\Firefox\Profiles\g7bjp78p.default\cookies.txt[.bs.serving-sys.com/] Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Ian\Application Data\Mozilla\Firefox\Profiles\g7bjp78p.default\cookies.txt[.serving-sys.com/] Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Ian\Application Data\Mozilla\Firefox\Profiles\g7bjp78p.default\cookies.txt[.fastclick.net/] Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\Ian\Application Data\Mozilla\Firefox\Profiles\g7bjp78p.default\cookies.txt[.statcounter.com/] Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Ian\Application Data\Mozilla\Firefox\Profiles\g7bjp78p.default\cookies.txt[.mediaplex.com/] Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Ian\Application Data\Mozilla\Firefox\Profiles\g7bjp78p.default\cookies.txt[.2o7.net/] Spyware:Cookie/adultfriendfinder Not disinfected C:\Documents and Settings\Ian\Application Data\Mozilla\Firefox\Profiles\g7bjp78p.default\cookies.txt[.adultfriendfinder.com/] Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\Ian\Application Data\Mozilla\Firefox\Profiles\g7bjp78p.default\cookies.txt[.casalemedia.com/] Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\Ian\Application Data\Mozilla\Firefox\Profiles\g7bjp78p.default\cookies.txt[.trafficmp.com/] Spyware:Cookie/Ccbill Not disinfected C:\Documents and Settings\Ian\Application Data\Mozilla\Firefox\Profiles\g7bjp78p.default\cookies.txt[.ccbill.com/] Spyware:Cookie/Bluestreak Not disinfected C:\Documents and Settings\Ian\Application Data\Mozilla\Firefox\Profiles\g7bjp78p.default\cookies.txt[.bluestreak.com/] Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Ian\Application Data\Mozilla\Firefox\Profiles\g7bjp78p.default\cookies.txt[.overture.com/] Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\Ian\Application Data\Mozilla\Firefox\Profiles\g7bjp78p.default\cookies.txt[.questionmarket.com/] Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Ian\Application Data\Mozilla\Firefox\Profiles\g7bjp78p.default\cookies.txt[.zedo.com/] Spyware:Cookie/Yadro Not disinfected C:\Documents and Settings\Ian\Application Data\Mozilla\Firefox\Profiles\g7bjp78p.default\cookies.txt[.yadro.ru/] Spyware:Cookie/Hitslink Not disinfected C:\Documents and Settings\Ian\Application Data\Mozilla\Firefox\Profiles\g7bjp78p.default\cookies.txt[counter.hitslink.com/] Spyware:Cookie/Findwhat Not disinfected C:\Documents and Settings\Ian\Application Data\Mozilla\Firefox\Profiles\g7bjp78p.default\cookies.txt[.findwhat.com/] Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Ian\Application Data\Mozilla\Firefox\Profiles\g7bjp78p.default\cookies.txt[.terra.com.br/] Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Ian\Application Data\Mozilla\Firefox\Profiles\g7bjp78p.default\cookies.txt[.com.com/] Spyware:Cookie/BurstNet Not disinfected C:\Documents and Settings\Ian\Application Data\Mozilla\Firefox\Profiles\g7bjp78p.default\cookies.txt[.burstnet.com/] Spyware:Cookie/SpyLog Not disinfected C:\Documents and Settings\Ian\Application Data\Mozilla\Firefox\Profiles\g7bjp78p.default\cookies.txt[.spylog.com/] Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\Ian\Application Data\Mozilla\Firefox\Profiles\g7bjp78p.default\cookies.txt[.xiti.com/] Spyware:Cookie/Systemdoctor Not disinfected C:\Documents and Link to post Share on other sites More sharing options...
renrats Posted August 1, 2007 Author ID:6907 Share Posted August 1, 2007 Settings\Ian\Application Data\Mozilla\Firefox\Profiles\g7bjp78p.default\cookies.txt[.systemdoctor.com/] Spyware:Cookie/Reliablestats Not disinfected C:\Documents and Settings\Ian\Application Data\Mozilla\Firefox\Profiles\g7bjp78p.default\cookies.txt[stats1.reliablestats.com/] Spyware:Cookie/Systemdoctor Not disinfected C:\Documents and Settings\Ian\Application Data\Mozilla\Firefox\Profiles\g7bjp78p.default\cookies.txt[.systemdoctor.com/] Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Ian\Application Data\Mozilla\Firefox\Profiles\g7bjp78p.default\cookies.txt[.perf.overture.com/] Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Ian\Application Data\Mozilla\Firefox\Profiles\g7bjp78p.default\cookies.txt[.247realmedia.com/] Spyware:Cookie/HotLog Not disinfected C:\Documents and Settings\Ian\Application Data\Mozilla\Firefox\Profiles\g7bjp78p.default\cookies.txt[.hotlog.ru/] Spyware:Cookie/MediaTickets Not disinfected C:\Documents and Settings\Ian\Application Data\Mozilla\Firefox\Profiles\g7bjp78p.default\cookies.txt[.kinghost.com/] Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Ian\Cookies\ian@advertising[2].txt Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Ian\Cookies\ian@atdmt[2].txt Spyware:Cookie/Sextracker Not disinfected C:\Documents and Settings\Ian\Cookies\ian@counter1.sextracker[1].txt Spyware:Cookie/Sextracker Not disinfected C:\Documents and Settings\Ian\Cookies\ian@counter13.sextracker[1].txt Spyware:Cookie/Sextracker Not disinfected C:\Documents and Settings\Ian\Cookies\ian@counter3.sextracker[1].txt Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Ian\Cookies\ian@doubleclick[1].txt Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Ian\Cookies\ian@fastclick[1].txt Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Ian\Cookies\ian@overture[1].txt Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Ian\Cookies\ian@overture[2].txt Spyware:Cookie/Sextracker Not disinfected C:\Documents and Settings\Ian\Cookies\ian@sextracker[1].txt Spyware:Cookie/Sextracker Not disinfected C:\Documents and Settings\Ian\Cookies\ian@sextracker[2].txt Spyware:Cookie/Reliablestats Not disinfected C:\Documents and Settings\Ian\Cookies\ian@stats1.reliablestats[1].txt Spyware:Cookie/WebtrendsLive Not disinfected C:\Documents and Settings\Ian\Cookies\ian@statse.webtrendslive[1].txt Spyware:Cookie/WebtrendsLive Not disinfected C:\Documents and Settings\Ian\Cookies\ian@statse.webtrendslive[2].txt Spyware:Cookie/Systemdoctor Not disinfected C:\Documents and Settings\Ian\Cookies\ian@systemdoctor[1].txt Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Ian\Cookies\ian@tribalfusion[1].txt Spyware:Cookie/Winantivirus Not disinfected C:\Documents and Settings\Ian\Cookies\ian@winantivirus[1].txt Spyware:Cookie/Winantivirus Not disinfected C:\Documents and Settings\Ian\Cookies\ian@www.winantiviruspro[1].txt Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Ian\Cookies\ian@zedo[1].txt Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Ian\Cookies\ian@zedo[2].txt Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Ian\Cookies\ian@zedo[3].txt Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Ian\Cookies\ian@zedo[4].txt Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Ian\Cookies\ian@zedo[5].txt Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Ian\Cookies\ian@zedo[6].txt Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Ian\Cookies\ian@zedo[7].txt Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Ian\Cookies\ian@zedo[8].txt Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Ian\Cookies\ian@zedo[9].txt Spyware:Spyware/Virtumonde Not disinfected C:\Documents and Settings\Ian\Local Settings\Temporary Internet Files\Content.IE5\7JY5TPLA\is67672[1].exe Adware:Adware/Zenosearch Not disinfected C:\Documents and Settings\Ian\Local Settings\Temporary Internet Files\Content.IE5\7JY5TPLA\TIICM001[1].exe Virus:Trj/Downloader.LAF Disinfected C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\ODAJCD6Z\user9[1].exe Virus:Trj/Downloader.PMC Disinfected C:\Documents and Settings\Parent\Application Data\Microsoft\Windows\hjpsuy.exe Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Parent\Application Data\Mozilla\Firefox\Profiles\fxsiot5d.default\cookies.txt[ad.yieldmanager.com/] Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Parent\Application Data\Mozilla\Firefox\Profiles\fxsiot5d.default\cookies.txt[.2o7.net/] Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Parent\Application Data\Mozilla\Firefox\Profiles\fxsiot5d.default\cookies.txt[.atdmt.com/] Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Parent\Application Data\Mozilla\Firefox\Profiles\fxsiot5d.default\cookies.txt[.com.com/] Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Parent\Application Data\Mozilla\Firefox\Profiles\fxsiot5d.default\cookies.txt[.tribalfusion.com/] Possible Virus. Not disinfected C:\Documents and Settings\Parent\Application Data\WinTouch\WinTouch.exe Possible Virus. Not disinfected C:\Documents and Settings\Parent\Application Data\WinTouch\WTUninstaller.exe Adware:Adware/PurityScan Not disinfected C:\Documents and Settings\Parent\Application Data\??crosoft.NET\w?wexec.exe Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Parent\Cookies\parent@2o7[2].txt Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\Parent\Cookies\parent@ads.pointroll[1].txt Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Parent\Cookies\parent@advertising[1].txt Spyware:Cookie/Azjmp Not disinfected C:\Documents and Settings\Parent\Cookies\parent@azjmp[1].txt Spyware:Cookie/Sextracker Not disinfected C:\Documents and Settings\Parent\Cookies\parent@counter1.sextracker[2].txt Spyware:Cookie/Sextracker Not disinfected C:\Documents and Settings\Parent\Cookies\parent@counter13.sextracker[2].txt Spyware:Cookie/Sextracker Not disinfected C:\Documents and Settings\Parent\Cookies\parent@counter3.sextracker[2].txt Spyware:Cookie/Linksynergy Not disinfected C:\Documents and Settings\Parent\Cookies\parent@linksynergy[1].txt Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Parent\Cookies\parent@mediaplex[1].txt Spyware:Cookie/Sextracker Not disinfected C:\Documents and Settings\Parent\Cookies\parent@sextracker[2].txt Spyware:Cookie/ErrorSafe Not disinfected C:\Documents and Settings\Tristan\Application Data\Mozilla\Firefox\Profiles\mgdkq8hn.default\cookies.txt[.errorsafe.com/] Spyware:Cookie/Reliablestats Not disinfected C:\Documents and Settings\Tristan\Application Data\Mozilla\Firefox\Profiles\mgdkq8hn.default\cookies.txt[stats1.reliablestats.com/] Spyware:Cookie/Winantivirus Not disinfected C:\Documents and Settings\Tristan\Application Data\Mozilla\Firefox\Profiles\mgdkq8hn.default\cookies.txt[.winantivirus.com/] Spyware:Cookie/Winantivirus Not disinfected C:\Documents and Settings\Tristan\Application Data\Mozilla\Firefox\Profiles\mgdkq8hn.default\cookies.txt[winantivirus.com/] Spyware:Cookie/Winantivirus Not disinfected C:\Documents and Settings\Tristan\Application Data\Mozilla\Firefox\Profiles\mgdkq8hn.default\cookies.txt[.winantivirus.com/] Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Tristan\Application Data\Mozilla\Firefox\Profiles\mgdkq8hn.default\cookies.txt[.doubleclick.net/] Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Tristan\Application Data\Mozilla\Firefox\Profiles\mgdkq8hn.default\cookies.txt[.tribalfusion.com/] Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\Tristan\Application Data\Mozilla\Firefox\Profiles\mgdkq8hn.default\cookies.txt[.casalemedia.com/] Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Tristan\Application Data\Mozilla\Firefox\Profiles\mgdkq8hn.default\cookies.txt[.mediaplex.com/] Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Tristan\Application Data\Mozilla\Firefox\Profiles\mgdkq8hn.default\cookies.txt[.atdmt.com/] Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\Tristan\Application Data\Mozilla\Firefox\Profiles\mgdkq8hn.default\cookies.txt[.trafficmp.com/] Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Tristan\Application Data\Mozilla\Firefox\Profiles\mgdkq8hn.default\cookies.txt[.fastclick.net/] Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Tristan\Application Data\Mozilla\Firefox\Profiles\mgdkq8hn.default\cookies.txt[.advertising.com/] Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\Tristan\Application Data\Mozilla\Firefox\Profiles\mgdkq8hn.default\cookies.txt[.statcounter.com/] Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Tristan\Application Data\Mozilla\Firefox\Profiles\mgdkq8hn.default\cookies.txt[.serving-sys.com/] Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Tristan\Application Data\Mozilla\Firefox\Profiles\mgdkq8hn.default\cookies.txt[.bs.serving-sys.com/] Spyware:Cookie/BurstNet Not disinfected C:\Documents and Settings\Tristan\Application Data\Mozilla\Firefox\Profiles\mgdkq8hn.default\cookies.txt[.burstnet.com/] Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Tristan\Application Data\Mozilla\Firefox\Profiles\mgdkq8hn.default\cookies.txt[.2o7.net/] Spyware:Cookie/WebtrendsLive Not disinfected C:\Documents and Settings\Tristan\Application Data\Mozilla\Firefox\Profiles\mgdkq8hn.default\cookies.txt[statse.webtrendslive.com/] Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Tristan\Application Data\Mozilla\Firefox\Profiles\mgdkq8hn.default\cookies.txt[.overture.com/] Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\Tristan\Application Data\Mozilla\Firefox\Profiles\mgdkq8hn.default\cookies.txt[.ads.pointroll.com/] Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Tristan\Application Data\Mozilla\Firefox\Profiles\mgdkq8hn.default\cookies.txt[.adrevolver.com/] Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\Tristan\Application Data\Mozilla\Firefox\Profiles\mgdkq8hn.default\cookies.txt[.questionmarket.com/] Spyware:Cookie/adultfriendfinder Not disinfected C:\Documents and Settings\Tristan\Application Data\Mozilla\Firefox\Profiles\mgdkq8hn.default\cookies.txt[.adultfriendfinder.com/] Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Tristan\Application Data\Mozilla\Firefox\Profiles\mgdkq8hn.default\cookies.txt[.realmedia.com/] Spyware:Cookie/Screensavers Not disinfected C:\Documents and Settings\Tristan\Application Data\Mozilla\Firefox\Profiles\mgdkq8hn.default\cookies.txt[.i.screensavers.com/] Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Tristan\Application Data\Mozilla\Firefox\Profiles\mgdkq8hn.default\cookies.txt[.com.com/] Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Tristan\Cookies\tristan@2o7[2].txt Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Tristan\Cookies\tristan@ad.yieldmanager[2].txt Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Tristan\Cookies\tristan@adrevolver[1].txt Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\Tristan\Cookies\tristan@ads.pointroll[1].txt Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\Tristan\Cookies\tristan@ads.pointroll[2].txt Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\Tristan\Cookies\tristan@ads.pointroll[3].txt Spyware:Cookie/adultfriendfinder Not disinfected C:\Documents and Settings\Tristan\Cookies\tristan@adultfriendfinder[1].txt Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Tristan\Cookies\tristan@advertising[1].txt Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Tristan\Cookies\tristan@advertising[2].txt Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Tristan\Cookies\tristan@advertising[3].txt Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Tristan\Cookies\tristan@advertising[4].txt Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Tristan\Cookies\tristan@advertising[5].txt Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Tristan\Cookies\tristan@advertising[6].txt Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Tristan\Cookies\tristan@advertising[7].txt Spyware:Cookie/Apmebf Not disinfected C:\Documents and Settings\Tristan\Cookies\tristan@apmebf[1].txt Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Tristan\Cookies\tristan@atdmt[2].txt Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\Tristan\Cookies\tristan@casalemedia[1].txt Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\Tristan\Cookies\tristan@casalemedia[2].txt Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\Tristan\Cookies\tristan@casalemedia[3].txt Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\Tristan\Cookies\tristan@casalemedia[4].txt Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\Tristan\Cookies\tristan@casalemedia[5].txt Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\Tristan\Cookies\tristan@casalemedia[6].txt Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\Tristan\Cookies\tristan@casalemedia[8].txt Spyware:Cookie/Sextracker Not disinfected C:\Documents and Settings\Tristan\Cookies\tristan@counter1.sextracker[1].txt Spyware:Cookie/Sextracker Not disinfected C:\Documents and Settings\Tristan\Cookies\tristan@counter13.sextracker[1].txt Spyware:Cookie/Sextracker Not disinfected C:\Documents and Settings\Tristan\Cookies\tristan@counter3.sextracker[1].txt Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Tristan\Cookies\tristan@doubleclick[1].txt Spyware:Cookie/DriveCleaner Not disinfected C:\Documents and Settings\Tristan\Cookies\tristan@drivecleaner[2].txt Spyware:Cookie/Enhance Not disinfected C:\Documents and Settings\Tristan\Cookies\tristan@enhance[2].txt Spyware:Cookie/ErrorSafe Not disinfected C:\Documents and Settings\Tristan\Cookies\tristan@errorsafe[2].txt Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Tristan\Cookies\tristan@fastclick[1].txt Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Tristan\Cookies\tristan@fastclick[2].txt Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Tristan\Cookies\tristan@fastclick[3].txt Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Tristan\Cookies\tristan@fastclick[5].txt Spyware:Cookie/Linksynergy Not disinfected C:\Documents and Settings\Tristan\Cookies\tristan@linksynergy[1].txt Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Tristan\Cookies\tristan@mediaplex[2].txt Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Tristan\Cookies\tristan@overture[1].txt Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Tristan\Cookies\tristan@overture[2].txt Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Tristan\Cookies\tristan@realmedia[2].txt Spyware:Cookie/Sextracker Not disinfected C:\Documents and Settings\Tristan\Cookies\tristan@sextracker[1].txt Spyware:Cookie/Sextracker Not disinfected C:\Documents and Settings\Tristan\Cookies\tristan@sextracker[2].txt Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\Tristan\Cookies\tristan@statcounter[1].txt Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\Tristan\Cookies\tristan@statcounter[2].txt Spyware:Cookie/Reliablestats Not disinfected C:\Documents and Settings\Tristan\Cookies\tristan@stats1.reliablestats[1].txt Spyware:Cookie/Reliablestats Not disinfected C:\Documents and Settings\Tristan\Cookies\tristan@stats1.reliablestats[2].txt Spyware:Cookie/Systemdoctor Not disinfected C:\Documents and Settings\Tristan\Cookies\tristan@systemdoctor[1].txt Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\Tristan\Cookies\tristan@trafficmp[1].txt Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\Tristan\Cookies\tristan@trafficmp[2].txt Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\Tristan\Cookies\tristan@trafficmp[3].txt Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\Tristan\Cookies\tristan@trafficmp[4].txt Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\Tristan\Cookies\tristan@trafficmp[5].txt Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\Tristan\Cookies\tristan@trafficmp[7].txt Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Tristan\Cookies\tristan@tribalfusion[2].txt Spyware:Cookie/Winantivirus Not disinfected C:\Documents and Settings\Tristan\Cookies\tristan@winantivirus[1].txt Spyware:Cookie/ErrorSafe Not disinfected C:\Documents and Settings\Tristan\Cookies\tristan@www.errorsafe[1].txt Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Tristan\Cookies\tristan@zedo[10].txt Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Tristan\Cookies\tristan@zedo[11].txt Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Tristan\Cookies\tristan@zedo[12].txt Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Tristan\Cookies\tristan@zedo[13].txt Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Tristan\Cookies\tristan@zedo[14].txt Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Tristan\Cookies\tristan@zedo[15].txt Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Tristan\Cookies\tristan@zedo[16].txt Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Tristan\Cookies\tristan@zedo[17].txt Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Tristan\Cookies\tristan@zedo[18].txt Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Tristan\Cookies\tristan@zedo[1].txt Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Tristan\Cookies\tristan@zedo[20].txt Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Tristan\Cookies\tristan@zedo[2].txt Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Tristan\Cookies\tristan@zedo[3].txt Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Tristan\Cookies\tristan@zedo[4].txt Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Tristan\Cookies\tristan@zedo[5].txt Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Tristan\Cookies\tristan@zedo[6].txt Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Tristan\Cookies\tristan@zedo[7].txt Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Tristan\Cookies\tristan@zedo[8].txt Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Tristan\Cookies\tristan@zedo[9].txt Potentially unwanted tool:Application/ErrorSafe Not disinfected C:\Documents and Settings\Tristan\Local Settings\Application Data\Mozilla\Firefox\Profiles\mgdkq8hn.default\Cache\A23E4567d01 Potentially unwanted tool:Application/ErrorSafe Not disinfected C:\Documents and Settings\Tristan\Local Settings\Application Data\Mozilla\Firefox\Profiles\mgdkq8hn.default\Cache\B44F0815d01 Virus:Trj/Downloader.PJT Disinfected C:\Documents and Settings\Tristan\Local Settings\Temp\fsjfewbi.exe Virus:Trj/Downloader.PJT Disinfected C:\Documents and Settings\Tristan\Local Settings\Temp\hsrwiboo.exe Virus:Trj/Downloader.PJT Disinfected C:\Documents and Settings\Tristan\Local Settings\Temp\lvghpypd.exe Virus:Trj/Downloader.OZB Disinfected C:\Documents and Settings\Tristan\Local Settings\Temp\lxaujrwp.exe Virus:Trj/Downloader.PJT Disinfected C:\Documents and Settings\Tristan\Local Settings\Temp\onvjukrj.exe Virus:Trj/Downloader.OZB Disinfected C:\Documents and Settings\Tristan\Local Settings\Temp\qumjtrgo.exe Virus:Trj/Downloader.OZB Disinfected C:\Documents and Settings\Tristan\Local Settings\Temp\qwubohkj.exe Virus:Trj/Downloader.OZB Disinfected C:\Documents and Settings\Tristan\Local Settings\Temp\qxhcakkn.exe Virus:Trj/Downloader.OZB Disinfected C:\Documents and Settings\Tristan\Local Settings\Temp\soevredw.exe Spyware:Spyware/Virtumonde Not disinfected C:\Documents and Settings\Tristan\Local Settings\Temp\wkxpbfep.dll Virus:Trj/Downloader.PJT Disinfected C:\Documents and Settings\Tristan\Local Settings\Temp\wxdnjxse.exe Virus:Trj/Downloader.PCQ Disinfected C:\Documents and Settings\Tristan\Local Settings\Temp\ykorqmnb.exe Virus:Generic Malware Disinfected C:\Documents and Settings\Tristan\Local Settings\Temporary Internet Files\Content.IE5\8Y2AXXYM\masiyxanidi[1] Virus:Trj/Downloader.PJT Disinfected C:\Documents and Settings\Tristan\Local Settings\Temporary Internet Files\Content.IE5\FE14KSR0\kcehc_eicooc20070702[1] Adware:Adware/Sqwire Not disinfected C:\Program Files\Common Files\rrok\rroka.exe Adware:Adware/Sqwire Not disinfected C:\Program Files\Common Files\rrok\rrokd\rrokc.dll Adware:Adware/Sqwire Not disinfected C:\Program Files\Common Files\rrok\rrokl.exe Adware:Adware/Sqwire Not disinfected C:\Program Files\Common Files\rrok\rrokm.exe Adware:Adware/Sqwire Not disinfected C:\Program Files\Common Files\rrok\rrokp.exe Adware:Adware/Starware Not disinfected C:\Program Files\EarthLink Setup\windows\msdotnet\netSetup.exe[ Link to post Share on other sites More sharing options...
JeanInMontana Posted August 1, 2007 ID:6930 Share Posted August 1, 2007 Hi there. Your logs show evidence of fixes being run that I did not instruct. You are either doing things on your own, or getting help at another forum, either way you must decide if your going to follow my instructions only or seek help elsewhere. This is for your benefit and to make sure your system doesn't get damaged beyond repair. Let me know what you want to do. You are not clean of infection by any means. Link to post Share on other sites More sharing options...
renrats Posted August 1, 2007 Author ID:6931 Share Posted August 1, 2007 Hi there. Your logs show evidence of fixes being run that I did not instruct. You are either doing things on your own, or getting help at another forum, either way you must decide if your going to follow my instructions only or seek help elsewhere. This is for your benefit and to make sure your system doesn't get damaged beyond repair. Let me know what you want to do. You are not clean of infection by any means.I had cleaned a bit on my own. I'm sorry. I'll follow your instructions. Link to post Share on other sites More sharing options...
JeanInMontana Posted August 1, 2007 ID:6938 Share Posted August 1, 2007 OK I will keep working with you. If you would like to submit files to our database please upload these files:C:\WINDOWS\glbtmflA.exe C:\WINDOWS\win32062352826722007.exe C:\WINDOWS\g4356cbvy63.exeHere: http://uploads.malwarebytes.org/ If you don't want to that is fine. You do have a new version of the Vundo trojan and we could add it to the definitions of the new product being tested. It is totally up to you. Please follow the instructions below.VundoFix.exe is a removal tool developed to remove Virtumonde infections. To use the tool follow the instrctions below.Please download VundoFix.exe by Attribune to your desktop. * Double-click VundoFix.exe to run it. * When VundoFix re-opens, click the Scan for Vundo button. * Once it's done scanning, click the Remove Vundo button. * You will receive a prompt asking if you want to remove the files, click YES * Once you click yes, your desktop will go blank as it starts removing Vundo. * When completed, it will prompt that it will reboot your computer, click OK. Note: It is possible that VundoFix encountered a file it could not remove.In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click theScan for Vundo button." when VundoFix appears at reboot.After that scan please post a new HJT log and we will see how we are doing. Link to post Share on other sites More sharing options...
JeanInMontana Posted August 1, 2007 ID:6947 Share Posted August 1, 2007 I should have added if you decide to upload the files, please put them into a zip file. Thanks. Link to post Share on other sites More sharing options...
renrats Posted August 2, 2007 Author ID:6969 Share Posted August 2, 2007 Logfile of Trend Micro HijackThis v2.0.2Scan saved at 8:42:58 PM, on 8/1/2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\clamAV\clamdService.exeC:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exeC:\Program Files\clamAV\clamd.exeC:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exeC:\WINDOWS\system32\wscntfy.exeC:\WINDOWS\system32\userinit.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\hkcmd.exeC:\WINDOWS\system32\igfxpers.exeC:\WINDOWS\stsystra.exeC:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exeC:\WINDOWS\System32\DLA\DLACTRLW.EXEC:\Program Files\Common Files\InstallShield\UpdateService\issch.exeC:\WINDOWS\surfmonkey\smproxy.exeC:\WINDOWS\glbtmflA.exeC:\WINDOWS\win32062352826722007.exeC:\WINDOWS\g4356cbvy63.exeC:\WINDOWS\system32\rundll32.exeC:\Program Files\Winamp\winampa.exeC:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exeC:\Program Files\Digital Line Detect\DLG.exeC:\WINDOWS\system32\wuauclt.exeC:\Program Files\Trend Micro\HijackThis\HijackThis.exeR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=1070526R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=1070526R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.comR0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.comR1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=1070526O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dllO2 - BHO: EarthLink Popup Blocker - {4B5F2E08-6F39-479a-B547-B2026E4C7EDF} - C:\Program Files\EarthLink TotalAccess\PnEL.dllO2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLLO2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dllO2 - BHO: (no name) - {C6039E6C-BDE9-4de5-BB40-768CAA584FDC} - C:\WINDOWS\system32\twtkfplf.dllO2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dllO2 - BHO: (no name) - {D3D70E1B-659C-4B50-A07F-EDD9DBDE2DB8} - C:\DOCUME~1\Tristan\LOCALS~1\Temp\vturr.dll (file missing)O3 - Toolbar: EarthLink Toolbar - {D7F30B62-8269-41AF-9539-B2697FA7D77E} - C:\Program Files\EarthLink TotalAccess\PnEL.dllO3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll (file missing)O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exeO4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exeO4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exeO4 - HKLM\..\Run: [sigmatelSysTrayApp] stsystra.exeO4 - HKLM\..\Run: [iAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exeO4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exeO4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXEO4 - HKLM\..\Run: [iSUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startupO4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -startO4 - HKLM\..\Run: [ELNKProxy] C:\WINDOWS\surfmonkey\smproxy.exeO4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottimeO4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exeO4 - HKLM\..\Run: [glbtmflA] C:\WINDOWS\glbtmflA.exeO4 - HKLM\..\Run: [win32062352826722007] C:\WINDOWS\win32062352826722007O4 - HKLM\..\Run: [g4356cbvy63] C:\WINDOWS\g4356cbvy63O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exeO4 - HKLM\..\Run: [systemOptimizer] rundll32.exe "C:\WINDOWS\system32\pycpromm.dll",forkonceO4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exeO4 - Global Startup: Digital Line Detect.lnk = ?O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXEO8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dllO9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dllO9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dllO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cabO20 - Winlogon Notify: pmnkkjh - pmnkkjh.dll (file missing)O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)O23 - Service: ClamAV (clamAntiVirus) - Unknown owner - C:\Program Files\clamAV\clamdService.exeO23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exeO23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exeO23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exeO23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exeO23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe--End of file - 6510 bytes Link to post Share on other sites More sharing options...
JeanInMontana Posted August 2, 2007 ID:6970 Share Posted August 2, 2007 Did you run the Vundo fix?Run HJT again and put a check next to the items below.O2 - BHO: (no name) - {D3D70E1B-659C-4B50-A07F-EDD9DBDE2DB8} - C:\DOCUME~1\Tristan\LOCALS~1\Temp\vturr.dll (file missing)O2 - BHO: (no name) - {C6039E6C-BDE9-4de5-BB40-768CAA584FDC} - C:\WINDOWS\system32\twtkfplf.dllO4 - HKLM\..\Run: [glbtmflA] C:\WINDOWS\glbtmflA.exeO4 - HKLM\..\Run: [win32062352826722007] C:\WINDOWS\win32062352826722007O4 - HKLM\..\Run: [g4356cbvy63] C:\WINDOWS\g4356cbvy63O20 - Winlogon Notify: pmnkkjh - pmnkkjh.dll (file missing)Click fix then run the Vundo fix again and post a new HJT log. Please give me some feed back as to what is happening on your end also. Link to post Share on other sites More sharing options...
renrats Posted August 2, 2007 Author ID:6978 Share Posted August 2, 2007 I ran the VundoFix before the log, and it removed a lot. I ran it again after I got rid of the HJT items, and it came up clean.Here's the new log:Logfile of Trend Micro HijackThis v2.0.2Scan saved at 10:12:22 PM, on 8/1/2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\clamAV\clamdService.exeC:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exeC:\Program Files\clamAV\clamd.exeC:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exeC:\WINDOWS\system32\wscntfy.exeC:\WINDOWS\system32\hkcmd.exeC:\WINDOWS\system32\igfxpers.exeC:\WINDOWS\stsystra.exeC:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exeC:\WINDOWS\System32\DLA\DLACTRLW.EXEC:\Program Files\Common Files\InstallShield\UpdateService\issch.exeC:\WINDOWS\surfmonkey\smproxy.exeC:\Program Files\Winamp\winampa.exeC:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exeC:\Program Files\Digital Line Detect\DLG.exeC:\WINDOWS\system32\rundll32.exeC:\Documents and Settings\Colin.D48PRVC1\My Documents\Firefox\firefox.exeC:\WINDOWS\system32\wuauclt.exeC:\Program Files\Winamp\winamp.exeC:\WINDOWS\explorer.exeC:\Program Files\Trend Micro\HijackThis\HijackThis.exeR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=1070526R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=1070526R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.comR0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.comR1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=1070526O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dllO2 - BHO: EarthLink Popup Blocker - {4B5F2E08-6F39-479a-B547-B2026E4C7EDF} - C:\Program Files\EarthLink TotalAccess\PnEL.dllO2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLLO2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dllO2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dllO3 - Toolbar: EarthLink Toolbar - {D7F30B62-8269-41AF-9539-B2697FA7D77E} - C:\Program Files\EarthLink TotalAccess\PnEL.dllO3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll (file missing)O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exeO4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exeO4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exeO4 - HKLM\..\Run: [sigmatelSysTrayApp] stsystra.exeO4 - HKLM\..\Run: [iAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exeO4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exeO4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXEO4 - HKLM\..\Run: [iSUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startupO4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -startO4 - HKLM\..\Run: [ELNKProxy] C:\WINDOWS\surfmonkey\smproxy.exeO4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottimeO4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exeO4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exeO4 - HKLM\..\Run: [systemOptimizer] rundll32.exe "C:\WINDOWS\system32\pycpromm.dll",forkonceO4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exeO4 - Global Startup: Digital Line Detect.lnk = ?O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXEO8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dllO9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dllO9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dllO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cabO23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)O23 - Service: ClamAV (clamAntiVirus) - Unknown owner - C:\Program Files\clamAV\clamdService.exeO23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exeO23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exeO23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exeO23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exeO23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe--End of file - 6033 bytes Link to post Share on other sites More sharing options...
JeanInMontana Posted August 2, 2007 ID:6980 Share Posted August 2, 2007 It's looking better, still not done though. I missed a couple.Run HJT again and put a check next to these please.O4 - HKLM\..\Run: [systemOptimizer] rundll32.exe "C:\WINDOWS\system32\pycpromm.dll",forkonceO4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXEMake sure you have your system set to show all files and folders.Click Start.Open My Computer.Select the Tools menu and click Folder Options.Select the View Tab.Under the Hidden files and folders heading select Show hidden files and folders.Uncheck the Hide protected operating system files (recommended) option.Click Yes to confirm.Click OK.Press Control-Alt-Del to enter the Task Manager.Click on the Processes tab and end the following process, this is not Firefox the browser:C:\Documents and Settings\Colin.D48PRVC1\My Documents\Firefox\firefox.exeExit the Task Manager when finished.Reboot into Safe Mode: By tapping the F8 key as soon as you hear the beep.Using Windows Explorer, locate the following files/folders, and delete them:C:\Documents and Settings\Colin.D48PRVC1\My Documents\Firefox\firefox.exeExit Explorer, and reboot as normal afterwards.If you were unable to find any of the files then please follow these additional instructions:Download Pocket Killbox and unzip it; save it to your Desktop.Run it, and click the radio button that says Delete a file on reboot. For each of the files you could not delete, paste them one at a time into the full path of file to delete box and click the red circle with a white cross in it.The program will ask you if you want to reboot; say No each time until the last one has been pasted in whereupon you should answer Yes.Let the system reboot. Then please get the program below install, update and run a scan, put a check in anything it finds and click on fix. Have it remove all the spy and adware cookies you have.Spybot Search & DestroyNow please do another scan at Panda and post that log and a new HJT also. We are getting closer. You also need to update your Adobe Reader, it is a known security risk version and so is your Java. Go to Add/Remove programs and uninstall both. Also go to program files and delete the program file for Java and Adobe if it leaves one, I don't remember for sure on that one. You can get the current Java here http://www.java.com/en/download/manual.jsp and Adobe http://www.adobe.com/products/reader/ Link to post Share on other sites More sharing options...
renrats Posted August 2, 2007 Author ID:6989 Share Posted August 2, 2007 I did as you asked, except for the Firefox, because that is the real program, I installed it there. Not sure why, but I did.Here's the latest log:Logfile of Trend Micro HijackThis v2.0.2Scan saved at 12:22:36 PM, on 8/2/2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\clamAV\clamdService.exeC:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exeC:\Program Files\clamAV\clamd.exeC:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exeC:\WINDOWS\system32\wscntfy.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\hkcmd.exeC:\WINDOWS\system32\igfxpers.exeC:\WINDOWS\stsystra.exeC:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exeC:\WINDOWS\System32\DLA\DLACTRLW.EXEC:\Program Files\Common Files\InstallShield\UpdateService\issch.exeC:\WINDOWS\surfmonkey\smproxy.exeC:\Program Files\Winamp\winampa.exeC:\Program Files\Digital Line Detect\DLG.exeC:\WINDOWS\system32\wuauclt.exeC:\Program Files\Winamp\winamp.exeC:\Program Files\Bethesda Softworks\Morrowind\Morrowind.exeC:\Documents and Settings\Colin.D48PRVC1\My Documents\Firefox\firefox.exeC:\WINDOWS\system32\msiexec.exeC:\Program Files\Trend Micro\HijackThis\HijackThis.exeR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=1070526R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=1070526R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.comR0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.comR1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=1070526O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dllO2 - BHO: (no name) - {43ADFCB3-4379-4B82-2F74-4AB60840F294} - C:\WINDOWS\system32\lubcpmj.dllO2 - BHO: EarthLink Popup Blocker - {4B5F2E08-6F39-479a-B547-B2026E4C7EDF} - C:\Program Files\EarthLink TotalAccess\PnEL.dllO2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dllO2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLLO2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dllO2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dllO3 - Toolbar: EarthLink Toolbar - {D7F30B62-8269-41AF-9539-B2697FA7D77E} - C:\Program Files\EarthLink TotalAccess\PnEL.dllO3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll (file missing)O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exeO4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exeO4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exeO4 - HKLM\..\Run: [sigmatelSysTrayApp] stsystra.exeO4 - HKLM\..\Run: [iAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exeO4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exeO4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXEO4 - HKLM\..\Run: [iSUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startupO4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -startO4 - HKLM\..\Run: [ELNKProxy] C:\WINDOWS\surfmonkey\smproxy.exeO4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottimeO4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exeO4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"O4 - Global Startup: Digital Line Detect.lnk = ?O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dllO9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dllO9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dllO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cabO23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)O23 - Service: ClamAV (clamAntiVirus) - Unknown owner - C:\Program Files\clamAV\clamdService.exeO23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exeO23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exeO23 - Service: Intel Link to post Share on other sites More sharing options...
JeanInMontana Posted August 2, 2007 ID:6999 Share Posted August 2, 2007 OK where is the Panda log? I would reinstall Firefox to the correct location if I was you. That way you know it is not an infection.Would you please attach this file to your next post: C:\WINDOWS\system32\lubcpmj.dllUnless you know what it is also run HJT again and please put a check in this:O2 - BHO: (no name) - {43ADFCB3-4379-4B82-2F74-4AB60840F294} - C:\WINDOWS\system32\lubcpmj.dllI would get rid of this too but it is your callO2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dllIt is not necessary and questionable IMO Google and Dell have teamed up to control your browser. http://googlesystem.blogspot.com/2007/05/g...ress-error.htmlhttp://www.gadgetizer.com/2006/02/10/is-de...ealing-traffic/ Those are just two articles about it. I would like to see the Panda log from a fresh scan please. We have made huge progress. You had some horrible infections and any passwords you and any other users of this machine have for sensitive sites like banking or credit information should all be changed ASAP. I'm reasonably sure we have those gone so they can't get your new passwords. But I need to see the Panda log.Then we will still have a few final steps. You still need to uninstall Java, delete the program folder and reinstall the safe updated version too. Link to post Share on other sites More sharing options...
JeanInMontana Posted August 4, 2007 ID:7066 Share Posted August 4, 2007 So, what's going on with this? Link to post Share on other sites More sharing options...
JeanInMontana Posted August 6, 2007 ID:7207 Share Posted August 6, 2007 Are you abandoning this? Please let me know so I can close the thread. There are some final steps also. Link to post Share on other sites More sharing options...
JeanInMontana Posted August 8, 2007 ID:7307 Share Posted August 8, 2007 Due to no response this thread is closed.The fixes posted here are for this system only. Using these fixes on another system can cause major damage. Link to post Share on other sites More sharing options...
Recommended Posts