View Full Version : pop ups!!!!!! please help!
darren_1
2007-07-29, 17:57
iv got my high jack this log
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:55:52 PM, on 7/29/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Creative\Shared Files\CTDevSrv.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Veoh Networks\Veoh\VeohClient.exe
C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Creative\MediaSource5\MtdAcqu.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\CPdeSrvU.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Java\jre1.5.0_11\bin\jucheck.exe
C:\Program Files\Azureus\Azureus.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Nero\Nero 7\Nero Vision\NeroVision.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\paul\Local Settings\Temporary Internet Files\Content.IE5\012VAFSH\VundoFix[1].exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wmid=6010&mid=MjI6Ojg5&lid=2
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {6DD9F60E-A01D-43AC-952E-2F3FA2DB340f} - C:\WINDOWS\system32\nqihoshb.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: (no name) - {ECBF285B-AC0F-4A7E-920B-E2530EA842Ae} - C:\WINDOWS\system32\nqihoshb.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [SoundService] rundll32.exe "C:\WINDOWS\system32\uxbiisps.dll",setvm
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton AntiVirus\osCheck.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\K-Lite Codec Pack\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - HKCU\..\Run: [CTSyncU.exe] "C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe"
O4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
O4 - HKCU\..\Run: [MtdAcqu] "C:\Program Files\Creative\MediaSource5\MtdAcqu.exe" /s
O4 - HKCU\..\Run: [OCAEBNDVDUpdate] C:\Program Files\ObjectCube\XXX2Burn DVD Wizard\xxx2burn.exe /update
O4 - HKLM\..\Policies\Explorer\Run: [user32.dll] C:\Program Files\Video ActiveX Access\iesmn.exe
O4 - Startup: IMVU.lnk = C:\Program Files\IMVU\IMVUClient.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\paul\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab57176.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{9F91C7A7-0DF8-42E4-9B9C-96DF8F3D30EF}: NameServer = 62.24.128.17 62.24.128.18
O20 - Winlogon Notify: awtqo - C:\WINDOWS\system32\awtqo.dll (file missing)
O21 - SSODL: msqnx - {23EBD1F7-257B-4F72-B3E7-3FA38A6028B3} - C:\WINDOWS\msqnx.dll (file missing)
O21 - SSODL: msddx - {3892E3B4-A12E-4644-A738-9208E0D6696D} - C:\WINDOWS\msddx.dll (file missing)
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: CT Device Query service (CTDevice_Srv) - Creative Technology Ltd - C:\Program Files\Creative\Shared Files\CTDevSrv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Microsoft System Management - Unknown owner - C:\WINDOWS\system32\system.exe (file missing)
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: vwsrv - Unknown owner - C:\WINDOWS\system32\vwsrv.exe (file missing)
O24 - Desktop Component 0: my current home page - file:///C:\WINDOWS\privacy_danger\index.htm
--
End of file - 11301 bytes
thanks!
darren_1
2007-07-29, 18:59
SmitFraudFix v2.207
Scan done at 16:57:23.00, Sun 07/29/2007
Run from C:\Documents and Settings\paul\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode
»»»»»»»»»»»»»»»»»»»»»»»» Process
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Creative\Shared Files\CTDevSrv.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Nero\Nero 7\Nero StartSmart\NeroStartSmart.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Veoh Networks\Veoh\VeohClient.exe
C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Creative\MediaSource5\MtdAcqu.exe
C:\Program Files\Azureus\Azureus.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\CPdeSrvU.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\system32\cmd.exe
»»»»»»»»»»»»»»»»»»»»»»»» hosts
»»»»»»»»»»»»»»»»»»»»»»»» C:\
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS
C:\WINDOWS\privacy_danger FOUND !
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32
C:\WINDOWS\system32\RegistryCleanerSetup.exe FOUND !
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\paul
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\paul\Application Data
»»»»»»»»»»»»»»»»»»»»»»»» Start Menu
»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\paul\FAVORI~1
»»»»»»»»»»»»»»»»»»»»»»»» Desktop
C:\DOCUME~1\paul\Desktop\Registry Cleaner.lnk FOUND !
»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files
C:\Program Files\MW\ FOUND !
C:\Program Files\RegistryCleaner\ FOUND !
»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys
»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="file:///C:\\WINDOWS\\privacy_danger\\index.htm"
"SubscribedURL"=""
"FriendlyName"="my current home page"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\1]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""
»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""
»»»»»»»»»»»»»»»»»»»»»»»» Rustock
»»»»»»»»»»»»»»»»»»»»»»»» DNS
Description: WAN (PPP/SLIP) Interface
DNS Server Search Order: 62.24.252.135
DNS Server Search Order: 62.24.252.134
HKLM\SYSTEM\CCS\Services\Tcpip\..\{9F91C7A7-0DF8-42E4-9B9C-96DF8F3D30EF}: NameServer=62.24.252.135 62.24.252.134
HKLM\SYSTEM\CS1\Services\Tcpip\..\{9F91C7A7-0DF8-42E4-9B9C-96DF8F3D30EF}: NameServer=62.24.252.135 62.24.252.134
HKLM\SYSTEM\CS2\Services\Tcpip\..\{9F91C7A7-0DF8-42E4-9B9C-96DF8F3D30EF}: NameServer=62.24.128.17 62.24.128.18
»»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection
»»»»»»»»»»»»»»»»»»»»»»»» End
darren_1
2007-07-29, 19:03
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:03:58 PM, on 7/29/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Creative\Shared Files\CTDevSrv.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Veoh Networks\Veoh\VeohClient.exe
C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Creative\MediaSource5\MtdAcqu.exe
C:\Program Files\Azureus\Azureus.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\CPdeSrvU.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Java\jre1.5.0_11\bin\jucheck.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wmid=6010&mid=MjI6Ojg5&lid=2
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {6DD9F60E-A01D-43AC-952E-2F3FA2DB340f} - C:\WINDOWS\system32\nqihoshb.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: (no name) - {ECBF285B-AC0F-4A7E-920B-E2530EA842Ae} - C:\WINDOWS\system32\nqihoshb.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton AntiVirus\osCheck.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\K-Lite Codec Pack\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - HKCU\..\Run: [CTSyncU.exe] "C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe"
O4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
O4 - HKCU\..\Run: [MtdAcqu] "C:\Program Files\Creative\MediaSource5\MtdAcqu.exe" /s
O4 - HKCU\..\Run: [OCAEBNDVDUpdate] C:\Program Files\ObjectCube\XXX2Burn DVD Wizard\xxx2burn.exe /update
O4 - HKLM\..\Policies\Explorer\Run: [user32.dll] C:\Program Files\Video ActiveX Access\iesmn.exe
O4 - Startup: IMVU.lnk = C:\Program Files\IMVU\IMVUClient.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\paul\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab57176.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{9F91C7A7-0DF8-42E4-9B9C-96DF8F3D30EF}: NameServer = 62.24.252.135 62.24.252.134
O20 - Winlogon Notify: awtqo - C:\WINDOWS\system32\awtqo.dll (file missing)
O21 - SSODL: msqnx - {23EBD1F7-257B-4F72-B3E7-3FA38A6028B3} - C:\WINDOWS\msqnx.dll (file missing)
O21 - SSODL: msddx - {3892E3B4-A12E-4644-A738-9208E0D6696D} - C:\WINDOWS\msddx.dll (file missing)
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: CT Device Query service (CTDevice_Srv) - Creative Technology Ltd - C:\Program Files\Creative\Shared Files\CTDevSrv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Microsoft System Management - Unknown owner - C:\WINDOWS\system32\system.exe (file missing)
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: vwsrv - Unknown owner - C:\WINDOWS\system32\vwsrv.exe (file missing)
O24 - Desktop Component 0: my current home page - file:///C:\WINDOWS\privacy_danger\index.htm
--
End of file - 10932 bytes
Hi
Please download AVG Anti-Spyware to your Desktop or to your usual Download Folder.
http://www.ewido.net/en/download/
Install AVG Anti-Spyware by double clicking the installer.
Follow the prompts. Make sure that Launch AVG Anti-Spyware is checked.
On the main screen under Your Computer's security.
Click on Change state next to Resident shield. It should now change to inactive.
Click on Change state next to Automatic updates. It should now change to inactive.
Next to Last Update, click on Update now. (You will need an active internet connection to perform this)
Wait until you see the Update succesfull message.
Right-click the AVG Anti-Spyware Tray Icon and uncheck Start with Windows.
Right-click the AVG Anti-Spyware Tray Icon and select Exit. Confirm by clicking Yes.
If you are having problems with the updater, you can use this link to manually update ewido.
AVG Anti-Spyware manual updates (http://www.ewido.net/en/download/updates/).
Download the Full database to your Desktop or to your usual Download Folder and install it by double clicking the file. Make sure that AVG Anti-Spyware is closed before installing the update. Don't run AVG yet. Will do it a bit later.
Download ATF (Atribune Temp File) Cleaner© by Atribune (http://www.atribune.org/ccount/click.php?id=1) to your desktop. Don't run ATF yet. Will do it a bit later.
Please print out or copy these instructions/tutorial to Notepad as the internet will not be (while in Safe Mode) available to you at certain points of the removal process. Make sure to work through all the Steps in the exact order in which they are listed below. If there's anything that you don't understand, ask your question(s) before moving on with the fixes.
Reboot your computer in Safe Mode.
If the computer is running, shut down Windows, and then turn off the power.
Wait 30 seconds, and then turn the computer on.
Start tapping the F8 key. The Windows Advanced Options Menu appears. If you begin tapping the F8 key too soon, some computers display a
keyboard error
message. To resolve this, restart the computer and try again.
Ensure that the Safe Mode option is selected.
Press Enter. The computer then begins to start in Safe mode.
Login on your usual account.
______________________________
Open the SmitfraudFix Folder, then double-click smitfraudfix.cmd file to start the tool.
Select option #2 - Clean by typing 2 and press Enter.
Wait for the tool to complete and disk cleanup to finish.
You will be prompted :
Registry cleaning - Do you want to clean the registry ?
answer Yes by typing Y and hit Enter.
http://siri.urz.free.fr/Fix/Bitmaps/Fix02b.jpg
The tool will also check if wininet.dll is infected. If a clean version is found, you will be prompted to replace wininet.dll. Answer Yes to the question
Replace infected file ?
by typing Y and hit Enter.
Reboot back into normal mode.
Double-click ATF Cleaner.exe to open it
Under Main choose:
Windows Temp
Current User Temp
All Users Temp
Cookies
Temporary Internet Files
Prefetch
Java Cache
*The other boxes are optional*
Then click the Empty Selected button.
If you use Firefox:
Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.
If you use Opera:
Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.
Click Exit on the Main menu to close the program.
Close ALL open Windows / Programs / Folders. Please start AVG Anti-Spyware and run a full scan.
Click on Scanner on the toolbar.
Click on the Settings tab.
Under How to act?
Click on Recommended Action and choose Quarantine from the popup menu.
Under How to scan?
All checkboxes should be ticked.
Under Possibly unwanted software:
All checkboxes should be ticked.
Under Reports:
Unselect Automatically generate report after every scan and uncheck Only if threats were found.
Under What to scan?
Select Scan every file.
Click on the Scan tab.
Click on Complete System Scan to start the scan process.
Let the program scan the machine.
When the scan has finished, follow the instructions below.
IMPORTANT : Don't click on the
Save Scan Report
button before you did hit the
Apply all Actions
button.
Make sure that Set all elements to: shows Quarantine (1), if not click on the link and choose Quarantine from the popup menu. (2)
At the bottom of the window click on the Apply all Actions button. (3)
http://img509.imageshack.us/img509/4851/scanavgjk2.jpg
When done, click the Save Scan Report button. (4)
Click the Save Report as button.
Save the report to your Desktop.
Right-click the AVG Anti-Spyware Tray Icon and select Exit. Confirm by clicking Yes.
Reboot.
Post contents of c:\rapport.txt, AVG Anti-Spyware log & a fresh HJT log.
darren_1
2007-07-30, 09:07
--------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------
+ Created at: 7:05:45 AM 7/30/2007
+ Scan result:
C:\System Volume Information\_restore{D39F8AE1-5DB3-4F5E-94CF-537D9F9D60E0}\RP54\A0015050.EXE -> Downloader.Agent.bpc : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D39F8AE1-5DB3-4F5E-94CF-537D9F9D60E0}\RP54\A0015051.EXE -> Downloader.Agent.bpc : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D39F8AE1-5DB3-4F5E-94CF-537D9F9D60E0}\RP55\A0015059.exe -> Downloader.Agent.bpc : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D39F8AE1-5DB3-4F5E-94CF-537D9F9D60E0}\RP60\A0015185.EXE -> Downloader.Agent.bpc : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D39F8AE1-5DB3-4F5E-94CF-537D9F9D60E0}\RP60\A0015186.EXE -> Downloader.Agent.bpc : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D39F8AE1-5DB3-4F5E-94CF-537D9F9D60E0}\RP65\A0018399.EXE -> Downloader.Agent.bpc : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D39F8AE1-5DB3-4F5E-94CF-537D9F9D60E0}\RP70\A0020435.EXE -> Downloader.Agent.bpc : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D39F8AE1-5DB3-4F5E-94CF-537D9F9D60E0}\RP84\A0025952.exe -> Downloader.Zlob.awv : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D39F8AE1-5DB3-4F5E-94CF-537D9F9D60E0}\RP84\A0025953.exe -> Downloader.Zlob.bov : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D39F8AE1-5DB3-4F5E-94CF-537D9F9D60E0}\RP83\A0025725.exe -> Downloader.Zlob.btj : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D39F8AE1-5DB3-4F5E-94CF-537D9F9D60E0}\RP84\A0025778.exe -> Downloader.Zlob.btj : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D39F8AE1-5DB3-4F5E-94CF-537D9F9D60E0}\RP83\A0025724.exe -> Downloader.Zlob.btq : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D39F8AE1-5DB3-4F5E-94CF-537D9F9D60E0}\RP84\A0025777.exe -> Downloader.Zlob.btq : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D39F8AE1-5DB3-4F5E-94CF-537D9F9D60E0}\RP84\A0025950.exe -> Downloader.Zlob.btq : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D39F8AE1-5DB3-4F5E-94CF-537D9F9D60E0}\RP84\A0025958.exe -> Downloader.Zlob.btq : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D39F8AE1-5DB3-4F5E-94CF-537D9F9D60E0}\RP84\A0025951.dll -> Downloader.Zlob.yt : Cleaned with backup (quarantined).
C:\Documents and Settings\paul\My Documents\Nero 7.8.5.0 Ultra Edition Enhanced + Keymaker\keymaker.exe -> Dropper.Agent.bkj : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D39F8AE1-5DB3-4F5E-94CF-537D9F9D60E0}\RP86\A0026060.dll -> Hijacker.Agent.jw : Cleaned with backup (quarantined).
:mozilla.10:C:\Documents and Settings\paul\Application Data\Mozilla\Firefox\Profiles\8lcijq9g.default\cookies.txt -> TrackingCookie.247realmedia : Cleaned.
:mozilla.11:C:\Documents and Settings\paul\Application Data\Mozilla\Firefox\Profiles\8lcijq9g.default\cookies.txt -> TrackingCookie.247realmedia : Cleaned.
:mozilla.15:C:\Documents and Settings\paul\Application Data\Mozilla\Firefox\Profiles\8lcijq9g.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.16:C:\Documents and Settings\paul\Application Data\Mozilla\Firefox\Profiles\8lcijq9g.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.179:C:\Documents and Settings\paul\Application Data\Mozilla\Firefox\Profiles\8lcijq9g.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.17:C:\Documents and Settings\paul\Application Data\Mozilla\Firefox\Profiles\8lcijq9g.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.180:C:\Documents and Settings\paul\Application Data\Mozilla\Firefox\Profiles\8lcijq9g.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.18:C:\Documents and Settings\paul\Application Data\Mozilla\Firefox\Profiles\8lcijq9g.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.19:C:\Documents and Settings\paul\Application Data\Mozilla\Firefox\Profiles\8lcijq9g.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.20:C:\Documents and Settings\paul\Application Data\Mozilla\Firefox\Profiles\8lcijq9g.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.21:C:\Documents and Settings\paul\Application Data\Mozilla\Firefox\Profiles\8lcijq9g.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.242:C:\Documents and Settings\paul\Application Data\Mozilla\Firefox\Profiles\8lcijq9g.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.323:C:\Documents and Settings\paul\Application Data\Mozilla\Firefox\Profiles\8lcijq9g.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.423:C:\Documents and Settings\paul\Application Data\Mozilla\Firefox\Profiles\8lcijq9g.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.470:C:\Documents and Settings\paul\Application Data\Mozilla\Firefox\Profiles\8lcijq9g.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.487:C:\Documents and Settings\paul\Application Data\Mozilla\Firefox\Profiles\8lcijq9g.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.490:C:\Documents and Settings\paul\Application Data\Mozilla\Firefox\Profiles\8lcijq9g.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.7:C:\Documents and Settings\paul\Application Data\Mozilla\Firefox\Profiles\8lcijq9g.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.106:C:\Documents and Settings\paul\Application Data\Mozilla\Firefox\Profiles\8lcijq9g.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.107:C:\Documents and Settings\paul\Application Data\Mozilla\Firefox\Profiles\8lcijq9g.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.129:C:\Documents and Settings\paul\Application Data\Mozilla\Firefox\Profiles\8lcijq9g.default\cookies.txt -> TrackingCookie.Adtech : Cleaned.
:mozilla.130:C:\Documents and Settings\paul\Application Data\Mozilla\Firefox\Profiles\8lcijq9g.default\cookies.txt -> TrackingCookie.Adtech : Cleaned.
C:\Documents and Settings\paul\Cookies\paul@advertising[1].txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.151:C:\Documents and Settings\paul\Application Data\Mozilla\Firefox\Profiles\8lcijq9g.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
:mozilla.816:C:\Documents and Settings\paul\Application Data\Mozilla\Firefox\Profiles\8lcijq9g.default\cookies.txt -> TrackingCookie.Clickhype : Cleaned.
:mozilla.117:C:\Documents and Settings\paul\Application Data\Mozilla\Firefox\Profiles\8lcijq9g.default\cookies.txt -> TrackingCookie.Cnn : Cleaned.
:mozilla.206:C:\Documents and Settings\paul\Application Data\Mozilla\Firefox\Profiles\8lcijq9g.default\cookies.txt -> TrackingCookie.Com : Cleaned.
:mozilla.207:C:\Documents and Settings\paul\Application Data\Mozilla\Firefox\Profiles\8lcijq9g.default\cookies.txt -> TrackingCookie.Connextra : Cleaned.
:mozilla.208:C:\Documents and Settings\paul\Application Data\Mozilla\Firefox\Profiles\8lcijq9g.default\cookies.txt -> TrackingCookie.Connextra : Cleaned.
:mozilla.209:C:\Documents and Settings\paul\Application Data\Mozilla\Firefox\Profiles\8lcijq9g.default\cookies.txt -> TrackingCookie.Connextra : Cleaned.
:mozilla.210:C:\Documents and Settings\paul\Application Data\Mozilla\Firefox\Profiles\8lcijq9g.default\cookies.txt -> TrackingCookie.Connextra : Cleaned.
:mozilla.863:C:\Documents and Settings\paul\Application Data\Mozilla\Firefox\Profiles\8lcijq9g.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.352:C:\Documents and Settings\paul\Application Data\Mozilla\Firefox\Profiles\8lcijq9g.default\cookies.txt -> TrackingCookie.Imrworldwide : Cleaned.
:mozilla.353:C:\Documents and Settings\paul\Application Data\Mozilla\Firefox\Profiles\8lcijq9g.default\cookies.txt -> TrackingCookie.Imrworldwide : Cleaned.
:mozilla.576:C:\Documents and Settings\paul\Application Data\Mozilla\Firefox\Profiles\8lcijq9g.default\cookies.txt -> TrackingCookie.Information : Cleaned.
:mozilla.845:C:\Documents and Settings\paul\Application Data\Mozilla\Firefox\Profiles\8lcijq9g.default\cookies.txt -> TrackingCookie.Live : Cleaned.
:mozilla.846:C:\Documents and Settings\paul\Application Data\Mozilla\Firefox\Profiles\8lcijq9g.default\cookies.txt -> TrackingCookie.Live : Cleaned.
:mozilla.847:C:\Documents and Settings\paul\Application Data\Mozilla\Firefox\Profiles\8lcijq9g.default\cookies.txt -> TrackingCookie.Live : Cleaned.
:mozilla.573:C:\Documents and Settings\paul\Application Data\Mozilla\Firefox\Profiles\8lcijq9g.default\cookies.txt -> TrackingCookie.Msn : Cleaned.
:mozilla.574:C:\Documents and Settings\paul\Application Data\Mozilla\Firefox\Profiles\8lcijq9g.default\cookies.txt -> TrackingCookie.Msn : Cleaned.
:mozilla.575:C:\Documents and Settings\paul\Application Data\Mozilla\Firefox\Profiles\8lcijq9g.default\cookies.txt -> TrackingCookie.Msn : Cleaned.
:mozilla.482:C:\Documents and Settings\paul\Application Data\Mozilla\Firefox\Profiles\8lcijq9g.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.483:C:\Documents and Settings\paul\Application Data\Mozilla\Firefox\Profiles\8lcijq9g.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.491:C:\Documents and Settings\paul\Application Data\Mozilla\Firefox\Profiles\8lcijq9g.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.774:C:\Documents and Settings\paul\Application Data\Mozilla\Firefox\Profiles\8lcijq9g.default\cookies.txt -> TrackingCookie.Paypal : Cleaned.
:mozilla.525:C:\Documents and Settings\paul\Application Data\Mozilla\Firefox\Profiles\8lcijq9g.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.526:C:\Documents and Settings\paul\Application Data\Mozilla\Firefox\Profiles\8lcijq9g.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.553:C:\Documents and Settings\paul\Application Data\Mozilla\Firefox\Profiles\8lcijq9g.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.554:C:\Documents and Settings\paul\Application Data\Mozilla\Firefox\Profiles\8lcijq9g.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.555:C:\Documents and Settings\paul\Application Data\Mozilla\Firefox\Profiles\8lcijq9g.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.556:C:\Documents and Settings\paul\Application Data\Mozilla\Firefox\Profiles\8lcijq9g.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.557:C:\Documents and Settings\paul\Application Data\Mozilla\Firefox\Profiles\8lcijq9g.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.558:C:\Documents and Settings\paul\Application Data\Mozilla\Firefox\Profiles\8lcijq9g.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.173:C:\Documents and Settings\paul\Application Data\Mozilla\Firefox\Profiles\8lcijq9g.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.578:C:\Documents and Settings\paul\Application Data\Mozilla\Firefox\Profiles\8lcijq9g.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.579:C:\Documents and Settings\paul\Application Data\Mozilla\Firefox\Profiles\8lcijq9g.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.580:C:\Documents and Settings\paul\Application Data\Mozilla\Firefox\Profiles\8lcijq9g.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.581:C:\Documents and Settings\paul\Application Data\Mozilla\Firefox\Profiles\8lcijq9g.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.582:C:\Documents and Settings\paul\Application Data\Mozilla\Firefox\Profiles\8lcijq9g.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.216:C:\Documents and Settings\paul\Application Data\Mozilla\Firefox\Profiles\8lcijq9g.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.217:C:\Documents and Settings\paul\Application Data\Mozilla\Firefox\Profiles\8lcijq9g.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.670:C:\Documents and Settings\paul\Application Data\Mozilla\Firefox\Profiles\8lcijq9g.default\cookies.txt -> TrackingCookie.Sitestat : Cleaned.
:mozilla.671:C:\Documents and Settings\paul\Application Data\Mozilla\Firefox\Profiles\8lcijq9g.default\cookies.txt -> TrackingCookie.Sitestat : Cleaned.
:mozilla.672:C:\Documents and Settings\paul\Application Data\Mozilla\Firefox\Profiles\8lcijq9g.default\cookies.txt -> TrackingCookie.Sitestat : Cleaned.
:mozilla.110:C:\Documents and Settings\paul\Application Data\Mozilla\Firefox\Profiles\8lcijq9g.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.607:C:\Documents and Settings\paul\Application Data\Mozilla\Firefox\Profiles\8lcijq9g.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.317:C:\Documents and Settings\paul\Application Data\Mozilla\Firefox\Profiles\8lcijq9g.default\cookies.txt -> TrackingCookie.Starware : Cleaned.
:mozilla.318:C:\Documents and Settings\paul\Application Data\Mozilla\Firefox\Profiles\8lcijq9g.default\cookies.txt -> TrackingCookie.Starware : Cleaned.
:mozilla.656:C:\Documents and Settings\paul\Application Data\Mozilla\Firefox\Profiles\8lcijq9g.default\cookies.txt -> TrackingCookie.Starware : Cleaned.
:mozilla.622:C:\Documents and Settings\paul\Application Data\Mozilla\Firefox\Profiles\8lcijq9g.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.623:C:\Documents and Settings\paul\Application Data\Mozilla\Firefox\Profiles\8lcijq9g.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.624:C:\Documents and Settings\paul\Application Data\Mozilla\Firefox\Profiles\8lcijq9g.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.651:C:\Documents and Settings\paul\Application Data\Mozilla\Firefox\Profiles\8lcijq9g.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.652:C:\Documents and Settings\paul\Application Data\Mozilla\Firefox\Profiles\8lcijq9g.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.655:C:\Documents and Settings\paul\Application Data\Mozilla\Firefox\Profiles\8lcijq9g.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
C:\Documents and Settings\paul\Cookies\paul@tribalfusion[1].txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.839:C:\Documents and Settings\paul\Application Data\Mozilla\Firefox\Profiles\8lcijq9g.default\cookies.txt -> TrackingCookie.Webtrends : Cleaned.
:mozilla.810:C:\Documents and Settings\paul\Application Data\Mozilla\Firefox\Profiles\8lcijq9g.default\cookies.txt -> TrackingCookie.Yadro : Cleaned.
:mozilla.814:C:\Documents and Settings\paul\Application Data\Mozilla\Firefox\Profiles\8lcijq9g.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.815:C:\Documents and Settings\paul\Application Data\Mozilla\Firefox\Profiles\8lcijq9g.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
C:\WINDOWS\Temp\win171B.tmp.exe -> Trojan.Agent.qt : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D39F8AE1-5DB3-4F5E-94CF-537D9F9D60E0}\RP64\A0018309.dll -> Trojan.Obfuscated.ev : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D39F8AE1-5DB3-4F5E-94CF-537D9F9D60E0}\RP64\A0018311.dll -> Trojan.Obfuscated.ev : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D39F8AE1-5DB3-4F5E-94CF-537D9F9D60E0}\RP64\A0018313.dll -> Trojan.Obfuscated.ev : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D39F8AE1-5DB3-4F5E-94CF-537D9F9D60E0}\RP70\A0020437.dll -> Trojan.Obfuscated.ev : Cleaned with backup (quarantined).
C:\WINDOWS\system32\wintisv.exe -> Trojan.Small : Cleaned with backup (quarantined).
::Report end
Post contents of c:\rapport.txt, AVG Anti-Spyware log & a fresh HJT log.
Hi
You posted only AVG report. Could you post the missing ones too?
:scratch:
Due to lack of a response to helper this topic has been archived.
If you need it re-opened please send me a private message (pm) and provide a link to the thread. Applies only to the original poster, anyone else with similar problems please start a new topic.