View Full Version : same prob! Help please(joec11 own thread)
Hey I have tried to solve this on my own but no dice. HJT log files says this--
any advice would be helpful. Ive read lots of threads and tried myself but nothing. super annoying.
Logfile of HijackThis v1.99.1
Scan saved at 10:27:15 PM, on 10/7/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\NMSSvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\WINDOWS\system32\devldr32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Safety Bar - {052b12f7-86fa-4921-8482-26c42316b522} - C:\Program Files\Safety Bar\SafetyBar.dll
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [ixfivgg.dll] C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\ixfivgg.dll,fivplce
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [NAV CfgWiz] C:\Program Files\Common Files\Symantec Shared\SymProbe.exe -r "C:\Program Files\Norton AntiVirus\CfgWiz.exe" /GUID {0D7956A2-5A08-4ec2-A72C-DF8495A66016} /MODE CfgWiz /CMDLINE "REBOOT"
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [dahomah.dll] C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\dahomah.dll,ftrttbf
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [AIM] C:\PROGRA~1\AIM95\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R
O4 - HKCU\..\Run: [Wdeo] "C:\DOCUME~1\JOECUR~1\MYDOCU~1\ASKS~1\msconfig.exe" -vt yazb
O4 - HKCU\..\Run: [Lzwtrq] C:\Program Files\Common Files\?asks\w?nspool.exe
O4 - Global Startup: Microsoft Office.lnk = Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://bittercup.spaces.msn.com//PhotoUpload/MsnPUpld.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{EBBE12D5-1829-42EC-A8E2-3B7F37237D18}: NameServer = 192.168.0.1
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Intel(R) NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\system32\NMSSvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
pskelley
2006-10-08, 14:30
Welcome to the forum, hey joec11,
same prob! Help please <<< same problem as what We are working with dozens of different infections and it helps to have a little information.
I guess we will start like this:
1) Follow the directions in this link: http://forums.spybot.info/showthread.php?t=4015 When you finish the instructions, post the three logs in this same topic using the "Post Reply" button.
Spybot-S&D: Be sure to follow the directions to save the scan report but do not post it here unless requested by a helper.
2) Thanks to sUBs and anyone who helped with this fix.
1. Download this file - combofix.exe
http://download.bleepingcomputer.com/sUBs/combofix.exe
2. Double click combofix.exe & follow the prompts.
3. When finished, it shall produce a log for you. Post that log in your next reply
Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall
If the log is large You might need to post half in one reply half in another.
Post the three logs from the SmitfraudFix instructions and the combofix log. Include any comments you think will help.
Thanks...pskelley
Safer Networking Forums
My apologies for my first post, I meant to add to a previous thread about Dialer.Trojan. I followed your steps and here are the HJT and SmitFraud logfiles. the other two are in next post because they were too long.
Logfile of HijackThis v1.99.1
Scan saved at 2:03:49 AM, on 10/10/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\system32\NMSSvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\WINDOWS\system32\devldr32.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [ixfivgg.dll] C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\ixfivgg.dll,fivplce
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [NAV CfgWiz] C:\Program Files\Common Files\Symantec Shared\SymProbe.exe -r "C:\Program Files\Norton AntiVirus\CfgWiz.exe" /GUID {0D7956A2-5A08-4ec2-A72C-DF8495A66016} /MODE CfgWiz /CMDLINE "REBOOT"
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [dahomah.dll] C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\dahomah.dll,ftrttbf
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [AIM] C:\PROGRA~1\AIM95\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R
O4 - HKCU\..\Run: [Wdeo] "C:\DOCUME~1\JOECUR~1\MYDOCU~1\ASKS~1\msconfig.exe" -vt yazb
O4 - HKCU\..\Run: [Lzwtrq] C:\Program Files\Common Files\?asks\w?nspool.exe
O4 - Global Startup: Microsoft Office.lnk = Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://bittercup.spaces.msn.com//PhotoUpload/MsnPUpld.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{EBBE12D5-1829-42EC-A8E2-3B7F37237D18}: NameServer = 192.168.0.1
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Intel(R) NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\system32\NMSSvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
SmitFraudFix v2.107
Scan done at 0:32:27.84, Tue 10/10/2006
Run from C:\Documents and Settings\Joe Currie\Desktop\SmitfraudFix\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
Fix run in normal mode
»»»»»»»»»»»»»»»»»»»»»»»» C:\
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32
C:\WINDOWS\system32\ismini.exe FOUND !
C:\WINDOWS\system32\issearch.exe FOUND !
C:\WINDOWS\system32\ot.ico FOUND !
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Joe Currie
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Joe Currie\Application Data
»»»»»»»»»»»»»»»»»»»»»»»» Start Menu
C:\DOCUME~1\ALLUSE~1\STARTM~1\Online Security Guide.url FOUND !
C:\DOCUME~1\ALLUSE~1\STARTM~1\Security Troubleshooting.url FOUND !
»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\JOECUR~1\FAVORI~1
C:\DOCUME~1\JOECUR~1\FAVORI~1\Antivirus Test Online.url FOUND !
»»»»»»»»»»»»»»»»»»»»»»»» Desktop
C:\DOCUME~1\ALLUSE~1\Desktop\Online Security Guide.url FOUND !
C:\DOCUME~1\ALLUSE~1\Desktop\Security Troubleshooting.url FOUND !
»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files
C:\Program Files\Safety Bar\ FOUND !
»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys
»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"incestuously"="{03413bf7-e34c-445b-bfc0-a2b127255871}"
»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""
»»»»»»»»»»»»»»»»»»»»»»»» pe386-msguard-lzx32
»»»»»»»»»»»»»»»»»»»»»»»» Scanning wininet.dll infection
»»»»»»»»»»»»»»»»»»»»»»»» End
Thanks again
Here is AVG and ComboFix
Joe Currie - 06-10-10 2:10:48.29 Service Pack 2
ComboFix 06.09.28 - Running from: "C:\Program Files\Mozilla Firefox"
(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
C:\WINDOWS\system32\wtscc.exe
C:\Program Files\Common Files\Yazzle1122OinUninstaller.exe
C:\WINDOWS\system32\components
~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ Purity ~ ~ ~ ~ ~ ~ ~ ~~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~
Folders Quarantined:
C:\QooBox\Purity\Documents and Settings\Joe Currie\My Documents\ASKS~1
C:\QooBox\Purity\Documents and Settings\Joe Currie\My Documents\ASKS~1\?asks
C:\QooBox\Purity\Program Files\Common Files\ASKS~1
((((((((((((((((((((((((((((((( Files Created from 2006-09-10 to 2006-10-10 ))))))))))))))))))))))))))))))))))
2006-10-10 00:29 3,968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2006-10-08 21:57 721,196 ---hs---- C:\WINDOWS\system32\ayadd.ini2
2006-10-06 19:36 72,704 --a------ C:\WINDOWS\system32\uyrpbee.dll
2006-10-04 21:51 793,568 ---hs---- C:\WINDOWS\system32\ayadd.bak1
2006-10-02 21:49 793,908 ---hs---- C:\WINDOWS\system32\ayadd.bak2
2006-09-30 00:23 520,192 --------- C:\WINDOWS\system32\ati2sgag.exe
2006-09-28 22:58 420,240 --a------ C:\WINDOWS\system32\mpg4c32.dll
2006-09-28 22:58 309,616 --a------ C:\WINDOWS\system32\wmv8dmod.dll
2006-09-28 19:12 73,748 --a------ C:\WINDOWS\system32\ttbuowge.dll
2006-09-27 22:20 9,644 --a------ C:\WINDOWS\system32\drivers\NMSCFG.SYS
2006-09-27 22:20 61,440 --a------ C:\WINDOWS\system32\PROMon.exe
2006-09-27 22:20 59,152 --a------ C:\WINDOWS\system32\drivers\iansw2k.sys
2006-09-27 22:20 36,864 --a------ C:\WINDOWS\system32\NMSSvcPS.DLL
2006-09-27 22:20 317,952 --a------ C:\WINDOWS\system32\ROBOEX32.DLL
2006-09-27 22:20 24,778 --a------ C:\WINDOWS\system32\drivers\NMSDD.SYS
2006-09-27 22:20 20,480 --a------ C:\WINDOWS\system32\NMSMsg.DLL
2006-09-27 22:20 147,456 --a------ C:\WINDOWS\system32\PRONtObj.dll
2006-09-27 22:20 147,456 --a------ C:\WINDOWS\system32\NMSAPI.DLL
2006-09-27 22:20 1,077,248 --a------ C:\WINDOWS\system32\NMSSvc.Exe
2006-09-27 22:19 306,688 --a------ C:\WINDOWS\IsUninst.exe
2006-09-27 15:11 611,064 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2006-09-26 23:11 451,072 C:\WINDOWSRadeon Omega Drivers v3.8.273 Uninstall.exe
2006-09-26 19:35 10,344 --a------ C:\WINDOWS\system32\drivers\symlcbrd.sys
2006-09-26 19:33 48,816 --a------ C:\WINDOWS\system32\S32EVNT1.DLL
2006-09-26 19:33 109,744 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2006-09-26 19:10 577,588 ---hs---- C:\WINDOWS\system32\ddaya.dll
2006-09-26 19:05 72,704 --a------ C:\WINDOWS\system32\qdjwten.dll
2006-09-23 22:49 77,824 --a------ C:\WINDOWS\system32\Oemdspif.dll
2006-09-23 22:49 61,440 --a------ C:\WINDOWS\system32\ati2evxx.dll
2006-09-23 22:49 6,684,672 --a------ C:\WINDOWS\system32\atioglx1.dll
2006-09-23 22:49 53,248 --a------ C:\WINDOWS\system32\ATIDDC.DLL
2006-09-23 22:49 5,124,096 --a------ C:\WINDOWS\system32\atioglxx.dll
2006-09-23 22:49 405,504 --a------ C:\WINDOWS\system32\ati2evxx.exe
2006-09-23 22:49 40,960 --a------ C:\WINDOWS\system32\drivers\ati2erec.dll
2006-09-23 22:49 40,960 --a------ C:\WINDOWS\system32\ati2edxx.dll
2006-09-23 22:49 307,200 --a------ C:\WINDOWS\system32\atiiiexx.dll
2006-09-23 22:49 282,624 --a------ C:\WINDOWS\system32\ATIDEMGR.dll
2006-09-23 22:49 26,112 --a------ C:\WINDOWS\system32\Ati2mdxx.exe
2006-09-23 22:49 24,064 --a------ C:\WINDOWS\system32\ativcoxx.dll
2006-09-23 22:49 17,408 --a------ C:\WINDOWS\system32\atitvo32.dll
2006-09-23 22:49 151,552 --a------ C:\WINDOWS\system32\atikvmag.dll
2006-09-23 22:49 114,688 --a------ C:\WINDOWS\system32\atipdlxx.dll
(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))
2006-10-10 02:11 -------- d-------- C:\Program Files\Common Files
2006-10-10 02:10 -------- d-------- C:\Program Files\Mozilla Firefox
2006-10-10 02:03 -------- d-------- C:\Program Files\Hijackthis
2006-10-10 00:29 -------- d-------- C:\Program Files\Grisoft
2006-10-09 21:50 -------- d-------- C:\Documents and Settings\Joe Currie\Application Data\Skype
2006-10-09 13:16 -------- d-------- C:\Program Files\Common Files\Symantec Shared
2006-10-07 22:51 -------- d--h----- C:\Program Files\InstallShield Installation Information
2006-10-03 11:18 -------- d-------- C:\Program Files\Microsoft ActiveSync
2006-10-03 11:18 -------- d-------- C:\Program Files\Common Files\Microsoft Shared
2006-10-03 11:18 -------- d-------- C:\Program Files\Common Files\Designer
2006-10-03 10:25 -------- d-------- C:\Documents and Settings\Joe Currie\Application Data\uTorrent
2006-09-30 00:23 -------- d-------- C:\Program Files\ATI Technologies
2006-09-29 22:38 -------- d-------- C:\Program Files\DAEMON Tools
2006-09-28 22:49 -------- d-------- C:\Program Files\Codemasters
2006-09-27 22:20 -------- d-------- C:\Program Files\Intel
2006-09-27 17:14 -------- d-------- C:\Program Files\Common Files\Services
2006-09-27 15:45 -------- d-------- C:\Program Files\Common Files\DirectX
2006-09-27 15:38 -------- d-------- C:\Program Files\EA GAMES
2006-09-26 23:33 -------- d-------- C:\Documents and Settings\Joe Currie\Application Data\atitray
2006-09-26 23:13 -------- d-------- C:\Program Files\MultiRes
2006-09-26 23:11 451072 --a------ C:\WINDOWS\Radeon Omega Drivers v3.8.273 Uninstall.exe
2006-09-26 20:27 -------- d-------- C:\Program Files\Diskeeper Corporation
2006-09-26 20:24 -------- d-------- C:\Program Files\Norton AntiVirus
2006-09-26 20:23 -------- d-------- C:\Documents and Settings\Joe Currie\Application Data\VersionTracker Pro
2006-09-26 20:16 -------- d-------- C:\Program Files\Symantec
2006-09-26 20:07 -------- d-------- C:\Documents and Settings\Joe Currie\Application Data\Symantec
2006-09-26 19:21 -------- d-------- C:\Program Files\Prey
2006-09-25 21:43 -------- d-------- C:\Program Files\Internet Explorer
2006-09-24 01:56 -------- d-------- C:\Documents and Settings\Joe Currie\Application Data\Help
2006-09-23 22:46 -------- d-------- C:\Documents and Settings\Joe Currie\Application Data\ATI
2006-09-21 20:14 -------- d-------- C:\Program Files\Java
2006-09-18 19:29 -------- d-------- C:\Program Files\Common Files\Java
2006-09-13 13:05 -------- d-------- C:\Program Files\QuickTime
2006-09-06 17:49 -------- d-------- C:\Program Files\Microsoft IntelliPoint
2006-09-03 18:24 -------- d-------- C:\Program Files\Skype
2006-09-01 15:59 -------- d-------- C:\Program Files\Adobe
2006-09-01 15:58 -------- d-------- C:\Documents and Settings\Joe Currie\Application Data\Leadertech
2006-09-01 12:48 -------- d---s---- C:\Documents and Settings\Joe Currie\Application Data\Microsoft
2006-09-01 12:44 -------- d-------- C:\Program Files\GameShadow
2006-08-29 00:36 -------- d-------- C:\Program Files\Real
2006-08-27 19:45 -------- d-------- C:\Documents and Settings\Joe Currie\Application Data\vlc
2006-08-27 19:42 -------- d-------- C:\Program Files\VideoLAN
2006-08-27 11:07 -------- d-------- C:\Program Files\DivXCodec
2006-08-21 08:21 16896 --a------ C:\WINDOWS\system32\fltlib.dll
2006-08-21 05:14 23040 --a------ C:\WINDOWS\system32\fltmc.exe
2006-08-21 05:14 128896 --a------ C:\WINDOWS\system32\drivers\fltmgr.sys
2006-08-07 16:02 534208 --a------ C:\WINDOWS\system32\SymNeti.dll
2006-08-07 16:02 161472 --a------ C:\WINDOWS\system32\SymRedir.dll
2006-07-27 09:24 679424 --a------ C:\WINDOWS\system32\inetcomm.dll
2006-07-21 04:24 72704 --a------ C:\WINDOWS\system32\hlink.dll
(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries are not shown
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="\"C:\\Program Files\\MSN Messenger\\MsnMsgr.Exe\" /background"
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="\"C:\\Program Files\\Common Files\\Ahead\\lib\\NMBgMonitor.exe\""
"AIM"="C:\\PROGRA~1\\AIM95\\aim.exe -cnetwait.odl"
"Creative Detector"="C:\\Program Files\\Creative\\MediaSource\\Detector\\CTDetect.exe /R"
"Wdeo"="\"C:\\DOCUME~1\\JOECUR~1\\MYDOCU~1\\ASKS~1\\msconfig.exe\" -vt yazb"
"Lzwtrq"="C:\\Program Files\\Common Files\\?asks\\w?nspool.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"Adobe Photo Downloader"="\"C:\\Program Files\\Adobe\\Photoshop Album Starter Edition\\3.0\\Apps\\apdproxy.exe\""
"WinampAgent"="C:\\Program Files\\Winamp\\winampa.exe"
"IntelliPoint"="\"C:\\Program Files\\Microsoft IntelliPoint\\point32.exe\""
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"SunJavaUpdateSched"="C:\\Program Files\\Java\\jre1.5.0_06\\bin\\jusched.exe"
"ixfivgg.dll"="C:\\WINDOWS\\system32\\rundll32.exe C:\\WINDOWS\\system32\\ixfivgg.dll,fivplce"
"ccApp"="\"C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\""
"NAV CfgWiz"="C:\\Program Files\\Common Files\\Symantec Shared\\SymProbe.exe -r \"C:\\Program Files\\Norton AntiVirus\\CfgWiz.exe\" /GUID {0D7956A2-5A08-4ec2-A72C-DF8495A66016} /MODE CfgWiz /CMDLINE \"REBOOT\""
"DAEMON Tools"="\"C:\\Program Files\\DAEMON Tools\\daemon.exe\" -lang 1033"
"ATIPTA"="\"C:\\Program Files\\ATI Technologies\\ATI Control Panel\\atiptaxx.exe\""
"dahomah.dll"="C:\\WINDOWS\\system32\\rundll32.exe C:\\WINDOWS\\system32\\dahomah.dll,ftrttbf"
"!AVG Anti-Spyware"="\"C:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
"Installed"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
"Installed"="1"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000004
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001
[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\MSMSGS]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="msmsgs"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"inimapping"="0"
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ddaya
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winbue32
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders
securityproviders REG_SZ msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll
Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\Norton AntiVirus - Run Full System Scan - Joe Currie.job
Completion time: Tue 10/10/2006 2:12:09.82
ComboFix.txt
---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------
+ Created at: 1:40:41 AM 10/10/2006
+ Scan result:
C:\Program Files\Common Files\Real\WeatherBug\MiniBugTransporter.dll -> Adware.Minibug : Ignored.
C:\System Volume Information\_restore{FC5D0D7D-7FB2-453A-A8A3-5D64B3C78FC0}\RP329\A0047094.dll -> Adware.PurityScan : Ignored.
C:\System Volume Information\_restore{FC5D0D7D-7FB2-453A-A8A3-5D64B3C78FC0}\RP330\A0047158.exe -> Adware.PurityScan : Ignored.
C:\System Volume Information\_restore{FC5D0D7D-7FB2-453A-A8A3-5D64B3C78FC0}\RP333\A0048557.exe -> Adware.SaveNow : Ignored.
C:\System Volume Information\_restore{FC5D0D7D-7FB2-453A-A8A3-5D64B3C78FC0}\RP328\A0047058.dll -> Adware.Softomate : Ignored.
C:\System Volume Information\_restore{FC5D0D7D-7FB2-453A-A8A3-5D64B3C78FC0}\RP330\A0047154.dll -> Adware.Virtumionde : Ignored.
C:\System Volume Information\_restore{FC5D0D7D-7FB2-453A-A8A3-5D64B3C78FC0}\RP338\A0050876.exe -> Dialer.Small : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{FC5D0D7D-7FB2-453A-A8A3-5D64B3C78FC0}\RP341\A0051889.exe -> Dialer.Small : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{FC5D0D7D-7FB2-453A-A8A3-5D64B3C78FC0}\RP341\A0051890.exe -> Dialer.Small : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{FC5D0D7D-7FB2-453A-A8A3-5D64B3C78FC0}\RP341\A0051891.exe -> Dialer.Small : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{FC5D0D7D-7FB2-453A-A8A3-5D64B3C78FC0}\RP341\A0051892.exe -> Dialer.Small : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{FC5D0D7D-7FB2-453A-A8A3-5D64B3C78FC0}\RP341\A0051893.exe -> Dialer.Small : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{FC5D0D7D-7FB2-453A-A8A3-5D64B3C78FC0}\RP341\A0051894.exe -> Dialer.Small : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{FC5D0D7D-7FB2-453A-A8A3-5D64B3C78FC0}\RP341\A0051895.exe -> Dialer.Small : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{FC5D0D7D-7FB2-453A-A8A3-5D64B3C78FC0}\RP341\A0051896.exe -> Dialer.Small : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{FC5D0D7D-7FB2-453A-A8A3-5D64B3C78FC0}\RP341\A0051897.exe -> Dialer.Small : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{FC5D0D7D-7FB2-453A-A8A3-5D64B3C78FC0}\RP341\A0051898.exe -> Dialer.Small : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{FC5D0D7D-7FB2-453A-A8A3-5D64B3C78FC0}\RP341\A0051899.exe -> Dialer.Small : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{FC5D0D7D-7FB2-453A-A8A3-5D64B3C78FC0}\RP341\A0051900.exe -> Dialer.Small : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{FC5D0D7D-7FB2-453A-A8A3-5D64B3C78FC0}\RP341\A0051901.exe -> Dialer.Small : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{FC5D0D7D-7FB2-453A-A8A3-5D64B3C78FC0}\RP341\A0051902.exe -> Dialer.Small : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{FC5D0D7D-7FB2-453A-A8A3-5D64B3C78FC0}\RP341\A0051903.exe -> Dialer.Small : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{FC5D0D7D-7FB2-453A-A8A3-5D64B3C78FC0}\RP341\A0051904.exe -> Dialer.Small : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{FC5D0D7D-7FB2-453A-A8A3-5D64B3C78FC0}\RP341\A0051905.exe -> Dialer.Small : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{FC5D0D7D-7FB2-453A-A8A3-5D64B3C78FC0}\RP341\A0051906.exe -> Dialer.Small : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{FC5D0D7D-7FB2-453A-A8A3-5D64B3C78FC0}\RP341\A0051907.exe -> Dialer.Small : Cleaned with backup (quarantined).
longest report ever. my apologies
C:\System Volume Information\_restore{FC5D0D7D-7FB2-453A-A8A3-5D64B3C78FC0}\RP341\A0051908.exe -> Dialer.Small : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{FC5D0D7D-7FB2-453A-A8A3-5D64B3C78FC0}\RP341\A0051909.exe -> Dialer.Small : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{FC5D0D7D-7FB2-453A-A8A3-5D64B3C78FC0}\RP341\A0051910.exe -> Dialer.Small : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{FC5D0D7D-7FB2-453A-A8A3-5D64B3C78FC0}\RP341\A0051911.exe -> Dialer.Small : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{FC5D0D7D-7FB2-453A-A8A3-5D64B3C78FC0}\RP341\A0051912.exe -> Dialer.Small : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{FC5D0D7D-7FB2-453A-A8A3-5D64B3C78FC0}\RP341\A0051913.exe -> Dialer.Small : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{FC5D0D7D-7FB2-453A-A8A3-5D64B3C78FC0}\RP341\A0051914.exe -> Dialer.Small : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{FC5D0D7D-7FB2-453A-A8A3-5D64B3C78FC0}\RP341\A0051915.exe -> Dialer.Small : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{FC5D0D7D-7FB2-453A-A8A3-5D64B3C78FC0}\RP341\A0051916.exe -> Dialer.Small : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{FC5D0D7D-7FB2-453A-A8A3-5D64B3C78FC0}\RP341\A0051917.exe -> Dialer.Small : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{FC5D0D7D-7FB2-453A-A8A3-5D64B3C78FC0}\RP341\A0051918.exe -> Dialer.Small : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{FC5D0D7D-7FB2-453A-A8A3-5D64B3C78FC0}\RP341\A0051919.exe -> Dialer.Small : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{FC5D0D7D-7FB2-453A-A8A3-5D64B3C78FC0}\RP341\A0051920.exe -> Dialer.Small : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{FC5D0D7D-7FB2-453A-A8A3-5D64B3C78FC0}\RP341\A0051921.exe -> Dialer.Small : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{FC5D0D7D-7FB2-453A-A8A3-5D64B3C78FC0}\RP341\A0051922.exe -> Dialer.Small : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{FC5D0D7D-7FB2-453A-A8A3-5D64B3C78FC0}\RP341\A0051923.exe -> Dialer.Small : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{FC5D0D7D-7FB2-453A-A8A3-5D64B3C78FC0}\RP341\A0051924.exe -> Dialer.Small : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{FC5D0D7D-7FB2-453A-A8A3-5D64B3C78FC0}\RP341\A0051925.exe -> Dialer.Small : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{FC5D0D7D-7FB2-453A-A8A3-5D64B3C78FC0}\RP341\A0051926.exe -> Dialer.Small : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{FC5D0D7D-7FB2-453A-A8A3-5D64B3C78FC0}\RP341\A0051927.exe -> Dialer.Small : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{FC5D0D7D-7FB2-453A-A8A3-5D64B3C78FC0}\RP341\A0051928.exe -> Dialer.Small : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{FC5D0D7D-7FB2-453A-A8A3-5D64B3C78FC0}\RP341\A0051929.exe -> Dialer.Small : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{FC5D0D7D-7FB2-453A-A8A3-5D64B3C78FC0}\RP341\A0051930.exe -> Dialer.Small : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{FC5D0D7D-7FB2-453A-A8A3-5D64B3C78FC0}\RP341\A0051931.exe -> Dialer.Small : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{FC5D0D7D-7FB2-453A-A8A3-5D64B3C78FC0}\RP341\A0051932.exe -> Dialer.Small : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{FC5D0D7D-7FB2-453A-A8A3-5D64B3C78FC0}\RP341\A0051933.exe -> Dialer.Small : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{FC5D0D7D-7FB2-453A-A8A3-5D64B3C78FC0}\RP341\A0051934.exe -> Dialer.Small : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{FC5D0D7D-7FB2-453A-A8A3-5D64B3C78FC0}\RP341\A0051935.exe -> Dialer.Small : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{FC5D0D7D-7FB2-453A-A8A3-5D64B3C78FC0}\RP341\A0051936.exe -> Dialer.Small : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{FC5D0D7D-7FB2-453A-A8A3-5D64B3C78FC0}\RP341\A0051937.exe -> Dialer.Small : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{FC5D0D7D-7FB2-453A-A8A3-5D64B3C78FC0}\RP341\A0051938.exe -> Dialer.Small : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{FC5D0D7D-7FB2-453A-A8A3-5D64B3C78FC0}\RP341\A0051939.exe -> Dialer.Small : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{FC5D0D7D-7FB2-453A-A8A3-5D64B3C78FC0}\RP341\A0051940.exe -> Dialer.Small : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{FC5D0D7D-7FB2-453A-A8A3-5D64B3C78FC0}\RP341\A0051941.exe -> Dialer.Small : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{FC5D0D7D-7FB2-453A-A8A3-5D64B3C78FC0}\RP341\A0051942.exe -> Dialer.Small : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{FC5D0D7D-7FB2-453A-A8A3-5D64B3C78FC0}\RP341\A0051943.exe -> Dialer.Small : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{FC5D0D7D-7FB2-453A-A8A3-5D64B3C78FC0}\RP341\A0051944.exe -> Dialer.Small : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{FC5D0D7D-7FB2-453A-A8A3-5D64B3C78FC0}\RP341\A0051945.exe -> Dialer.Small : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{FC5D0D7D-7FB2-453A-A8A3-5D64B3C78FC0}\RP341\A0051946.exe -> Dialer.Small : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{FC5D0D7D-7FB2-453A-A8A3-5D64B3C78FC0}\RP341\A0051947.exe -> Dialer.Small : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{FC5D0D7D-7FB2-453A-A8A3-5D64B3C78FC0}\RP341\A0051948.exe -> Dialer.Small : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{FC5D0D7D-7FB2-453A-A8A3-5D64B3C78FC0}\RP341\A0051949.exe -> Dialer.Small : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{FC5D0D7D-7FB2-453A-A8A3-5D64B3C78FC0}\RP341\A0051950.exe -> Dialer.Small : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{FC5D0D7D-7FB2-453A-A8A3-5D64B3C78FC0}\RP341\A0051951.exe -> Dialer.Small : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{FC5D0D7D-7FB2-453A-A8A3-5D64B3C78FC0}\RP341\A0051952.exe -> Dialer.Small : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{FC5D0D7D-7FB2-453A-A8A3-5D64B3C78FC0}\RP341\A0051953.exe -> Dialer.Small : Cleaned with backup (quarantined).C:\System Volume Information\_restore{FC5D0D7D-7FB2-453A-A8A3-5D64B3C78FC0}\RP341\A0051954.exe -> Dialer.Small : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{FC5D0D7D-7FB2-453A-A8A3-5D64B3C78FC0}\RP341\A0051955.exe -> Dialer.Small : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{FC5D0D7D-7FB2-453A-A8A3-5D64B3C78FC0}\RP341\A0051956.exe -> Dialer.Small : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{FC5D0D7D-7FB2-453A-A8A3-5D64B3C78FC0}\RP341\A0051957.exe -> Dialer.Small : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{FC5D0D7D-7FB2-453A-A8A3-5D64B3C78FC0}\RP341\A0051958.exe -> Dialer.Small : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{FC5D0D7D-7FB2-453A-A8A3-5D64B3C78FC0}\RP341\A0051959.exe -> Dialer.Small : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{FC5D0D7D-7FB2-453A-A8A3-5D64B3C78FC0}\RP341\A0051960.exe -> Dialer.Small : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{FC5D0D7D-7FB2-453A-A8A3-5D64B3C78FC0}\RP341\A0051961.exe -> Dialer.Small : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{FC5D0D7D-7FB2-453A-A8A3-5D64B3C78FC0}\RP341\A0051962.exe -> Dialer.Small : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{FC5D0D7D-7FB2-453A-A8A3-5D64B3C78FC0}\RP341\A0051963.exe -> Dialer.Small : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{FC5D0D7D-7FB2-453A-A8A3-5D64B3C78FC0}\RP341\A0051964.exe -> Dialer.Small : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{FC5D0D7D-7FB2-453A-A8A3-5D64B3C78FC0}\RP341\A0051965.exe -> Dialer.Small : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{FC5D0D7D-7FB2-453A-A8A3-5D64B3C78FC0}\RP341\A0051966.exe -> Dialer.Small : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{FC5D0D7D-7FB2-453A-A8A3-5D64B3C78FC0}\RP341\A0051967.exe -> Dialer.Small : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{FC5D0D7D-7FB2-453A-A8A3-5D64B3C78FC0}\RP341\A0051968.exe -> Dialer.Small : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{FC5D0D7D-7FB2-453A-A8A3-5D64B3C78FC0}\RP341\A0051969.exe -> Dialer.Small : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{FC5D0D7D-7FB2-453A-A8A3-5D64B3C78FC0}\RP341\A0051970.exe -> Dialer.Small : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{FC5D0D7D-7FB2-453A-A8A3-5D64B3C78FC0}\RP341\A0051971.exe -> Dialer.Small : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{FC5D0D7D-7FB2-453A-A8A3-5D64B3C78FC0}\RP341\A0051972.exe -> Dialer.Small : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{FC5D0D7D-7FB2-453A-A8A3-5D64B3C78FC0}\RP341\A0051973.exe -> Dialer.Small : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{FC5D0D7D-7FB2-453A-A8A3-5D64B3C78FC0}\RP341\A0051974.exe -> Dialer.Small : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{FC5D0D7D-7FB2-453A-A8A3-5D64B3C78FC0}\RP341\A0051975.exe -> Dialer.Small : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{FC5D0D7D-7FB2-453A-A8A3-5D64B3C78FC0}\RP341\A0051976.exe -> Dialer.Small : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{FC5D0D7D-7FB2-453A-A8A3-5D64B3C78FC0}\RP341\A0051977.exe -> Dialer.Small : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{FC5D0D7D-7FB2-453A-A8A3-5D64B3C78FC0}\RP341\A0051978.exe -> Dialer.Small : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{FC5D0D7D-7FB2-453A-A8A3-5D64B3C78FC0}\RP341\A0051979.exe -> Dialer.Small : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{FC5D0D7D-7FB2-453A-A8A3-5D64B3C78FC0}\RP341\A0051980.exe -> Dialer.Small : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{FC5D0D7D-7FB2-453A-A8A3-5D64B3C78FC0}\RP341\A0051981.exe -> Dialer.Small : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{FC5D0D7D-7FB2-453A-A8A3-5D64B3C78FC0}\RP341\A0051982.exe -> Dialer.Small : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{FC5D0D7D-7FB2-453A-A8A3-5D64B3C78FC0}\RP341\A0051983.exe -> Dialer.Small : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{FC5D0D7D-7FB2-453A-A8A3-5D64B3C78FC0}\RP341\A0051984.exe -> Dialer.Small : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{FC5D0D7D-7FB2-453A-A8A3-5D64B3C78FC0}\RP341\A0051985.exe -> Dialer.Small : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{FC5D0D7D-7FB2-453A-A8A3-5D64B3C78FC0}\RP341\A0051986.exe -> Dialer.Small : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{FC5D0D7D-7FB2-453A-A8A3-5D64B3C78FC0}\RP341\A0051987.exe -> Dialer.Small : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{FC5D0D7D-7FB2-453A-A8A3-5D64B3C78FC0}\RP341\A0051988.exe -> Dialer.Small : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{FC5D0D7D-7FB2-453A-A8A3-5D64B3C78FC0}\RP341\A0051989.exe -> Dialer.Small : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{FC5D0D7D-7FB2-453A-A8A3-5D64B3C78FC0}\RP341\A0051990.exe -> Dialer.Small : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{FC5D0D7D-7FB2-453A-A8A3-5D64B3C78FC0}\RP341\A0051991.exe -> Dialer.Small : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{FC5D0D7D-7FB2-453A-A8A3-5D64B3C78FC0}\RP341\A0051992.exe -> Dialer.Small : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{FC5D0D7D-7FB2-453A-A8A3-5D64B3C78FC0}\RP341\A0051993.exe -> Dialer.Small : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{FC5D0D7D-7FB2-453A-A8A3-5D64B3C78FC0}\RP341\A0051994.exe -> Dialer.Small : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{FC5D0D7D-7FB2-453A-A8A3-5D64B3C78FC0}\RP341\A0051995.exe -> Dialer.Small : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{FC5D0D7D-7FB2-453A-A8A3-5D64B3C78FC0}\RP341\A0051996.exe -> Dialer.Small : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{FC5D0D7D-7FB2-453A-A8A3-5D64B3C78FC0}\RP341\A0051997.exe -> Dialer.Small : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{FC5D0D7D-7FB2-453A-A8A3-5D64B3C78FC0}\RP341\A0051998.exe -> Dialer.Small : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{FC5D0D7D-7FB2-453A-A8A3-5D64B3C78FC0}\RP341\A0051999.exe -> Dialer.Small : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{FC5D0D7D-7FB2-453A-A8A3-5D64B3C78FC0}\RP341\A0052000.exe -> Dialer.Small : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{FC5D0D7D-7FB2-453A-A8A3-5D64B3C78FC0}\RP341\A0052001.exe -> Dialer.Small : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{FC5D0D7D-7FB2-453A-A8A3-5D64B3C78FC0}\RP341\A0052002.exe -> Dialer.Small : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{FC5D0D7D-7FB2-453A-A8A3-5D64B3C78FC0}\RP341\A0052003.exe -> Dialer.Small : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{FC5D0D7D-7FB2-453A-A8A3-5D64B3C78FC0}\RP341\A0052004.exe -> Dialer.Small : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{FC5D0D7D-7FB2-453A-A8A3-5D64B3C78FC0}\RP341\A0052005.exe -> Dialer.Small : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{FC5D0D7D-7FB2-453A-A8A3-5D64B3C78FC0}\RP341\A0052006.exe -> Dialer.Small : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{FC5D0D7D-7FB2-453A-A8A3-5D64B3C78FC0}\RP341\A0052007.exe -> Dialer.Small : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{FC5D0D7D-7FB2-453A-A8A3-5D64B3C78FC0}\RP341\A0052008.exe -> Dialer.Small : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{FC5D0D7D-7FB2-453A-A8A3-5D64B3C78FC0}\RP341\A0052009.exe -> Dialer.Small : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{FC5D0D7D-7FB2-453A-A8A3-5D64B3C78FC0}\RP341\A0052010.exe -> Dialer.Small : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{FC5D0D7D-7FB2-453A-A8A3-5D64B3C78FC0}\RP341\A0052011.exe -> Dialer.Small : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{FC5D0D7D-7FB2-453A-A8A3-5D64B3C78FC0}\RP341\A0052012.exe -> Dialer.Small : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{FC5D0D7D-7FB2-453A-A8A3-5D64B3C78FC0}\RP341\A0052013.exe -> Dialer.Small : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{FC5D0D7D-7FB2-453A-A8A3-5D64B3C78FC0}\RP341\A0052014.exe -> Dialer.Small : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{FC5D0D7D-7FB2-453A-A8A3-5D64B3C78FC0}\RP341\A0052015.exe -> Dialer.Small : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{FC5D0D7D-7FB2-453A-A8A3-5D64B3C78FC0}\RP343\A0053029.dll -> Downloader.Agent.avm : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{FC5D0D7D-7FB2-453A-A8A3-5D64B3C78FC0}\RP343\A0053030.dll -> Downloader.Busky.h : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{FC5D0D7D-7FB2-453A-A8A3-5D64B3C78FC0}\RP325\A0046775.exe -> Downloader.Zlob.aew : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{FC5D0D7D-7FB2-453A-A8A3-5D64B3C78FC0}\RP325\A0046637.exe -> Downloader.Zlob.amq : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{FC5D0D7D-7FB2-453A-A8A3-5D64B3C78FC0}\RP326\A0046793.exe -> Downloader.Zlob.amq : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{FC5D0D7D-7FB2-453A-A8A3-5D64B3C78FC0}\RP325\A0046774.exe -> Downloader.Zlob.amw : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{FC5D0D7D-7FB2-453A-A8A3-5D64B3C78FC0}\RP325\A0046638.dll -> Downloader.Zlob.amx : Cleaned with backup (quarantined).
C:\Program Files\Common Files\Yazzle1122OinAdmin.exe -> Dropper.Small : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{FC5D0D7D-7FB2-453A-A8A3-5D64B3C78FC0}\RP341\A0052016.dll -> Logger.VBStat.e : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{FC5D0D7D-7FB2-453A-A8A3-5D64B3C78FC0}\RP341\A0052017.dll -> Logger.VBStat.e : Cleaned with backup (quarantined).
C:\WINDOWS\system32\ksmmljrs.dll -> Logger.VBStat.e : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{FC5D0D7D-7FB2-453A-A8A3-5D64B3C78FC0}\RP330\A0047155.dll -> Not-A-Virus.Hoax.Win32.Renos.ds : Ignored.
C:\System Volume Information\_restore{FC5D0D7D-7FB2-453A-A8A3-5D64B3C78FC0}\RP330\A0047157.dll -> Not-A-Virus.Hoax.Win32.Renos.ds : Ignored.
C:\System Volume Information\_restore{FC5D0D7D-7FB2-453A-A8A3-5D64B3C78FC0}\RP343\A0053031.dll -> Not-A-Virus.Hoax.Win32.Renos.fh : Ignored.
this is the last of it.
C:\WINDOWS\system32\ixt0.dll_tobedeleted -> Not-A-Virus.Hoax.Win32.Renos.fh : Ignored.
:mozilla.28:C:\Documents and Settings\Joe Currie\Application Data\Mozilla\Firefox\Profiles\cn12t7dp.Default User\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
:mozilla.10:C:\Documents and Settings\Joe Currie\Application Data\Mozilla\Firefox\Profiles\cn12t7dp.Default User\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.12:C:\Documents and Settings\Joe Currie\Application Data\Mozilla\Firefox\Profiles\cn12t7dp.Default User\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.15:C:\Documents and Settings\Joe Currie\Application Data\Mozilla\Firefox\Profiles\cn12t7dp.Default User\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.16:C:\Documents and Settings\Joe Currie\Application Data\Mozilla\Firefox\Profiles\cn12t7dp.Default User\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.17:C:\Documents and Settings\Joe Currie\Application Data\Mozilla\Firefox\Profiles\cn12t7dp.Default User\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.18:C:\Documents and Settings\Joe Currie\Application Data\Mozilla\Firefox\Profiles\cn12t7dp.Default User\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.6:C:\Documents and Settings\Joe Currie\Application Data\Mozilla\Firefox\Profiles\cn12t7dp.Default User\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.7:C:\Documents and Settings\Joe Currie\Application Data\Mozilla\Firefox\Profiles\cn12t7dp.Default User\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.8:C:\Documents and Settings\Joe Currie\Application Data\Mozilla\Firefox\Profiles\cn12t7dp.Default User\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.9:C:\Documents and Settings\Joe Currie\Application Data\Mozilla\Firefox\Profiles\cn12t7dp.Default User\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
C:\System Volume Information\_restore{FC5D0D7D-7FB2-453A-A8A3-5D64B3C78FC0}\RP340\A0051883.dll -> Trojan.BHO.g : Cleaned with backup (quarantined).
C:\WINDOWS\system32\tjvqigcw.dll -> Trojan.BHO.g : Cleaned with backup (quarantined).
C:\WINDOWS\Temp\win3B7.tmp -> Trojan.Dialer.qs : Cleaned with backup (quarantined).
C:\WINDOWS\Temp\win3CB.tmp -> Trojan.Dialer.qs : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{FC5D0D7D-7FB2-453A-A8A3-5D64B3C78FC0}\RP343\A0053028.dll -> Trojan.Small : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{FC5D0D7D-7FB2-453A-A8A3-5D64B3C78FC0}\RP329\A0047092.exe -> Trojan.Starter.65 : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{FC5D0D7D-7FB2-453A-A8A3-5D64B3C78FC0}\RP343\A0053038.exe -> Worm.VB.ao : Cleaned with backup (quarantined).
::Report end
pskelley
2006-10-12, 23:47
I apologize, for some unknown reason, perhaps the move to new servers, I did not get notified when you posted.
Let's start by running the SmitfraudFix "Clean" function, here is a tutorial if it helps:
http://siri.urz.free.fr/Fix/SmitfraudFix_En.php
You are running version SmitfraudFix v2.107 and version v2.109 is available. Please delete all SmitfraudFix on the computer, download and use the new version like this:
Clean:
Reboot your computer in Safe Mode (before the Windows icon appears, tap the F8 key continually)
Double-click smitfraudfix.cmd
Select 2 and hit Enter to delete infect files.
You will be prompted: Do you want to clean the registry ? answer Y (yes) and hit Enter in order to remove the Desktop background and clean registry keys associated with the infection.
The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found): Replace infected file ? answer Y (yes) and hit Enter to restore a clean file.
A reboot may be needed to finish the cleaning process. The report can be found at the root of the system drive, usually at C:\rapport.txt
Optional:
To restore Trusted and Restricted site zone, select 3 and hit Enter.
You will be prompted: Restore Trusted Zone ? answer Y (yes) and hit Enter to delete trusted zone.
Note, if you use SpywareBlaster and/or IE-SPYAD, it will be necessary to re-install the protection both afford. For SpywareBlaster, run the program and re-protect all items. For IE-SPYAD, run the batch file and reinstall the protection.
Post the results of the SmitfraudFix "Clean" and a new HJT log. Let me know how the computer is running now.
I wanted to add much of the AVG scan is stuff backed up in System Restore. We will clean that before we finish, just do not do a restore or that junk will get back on the computer. A few items were ignored in error, but we will attend to them if they are still there after SmitfraudFix is done cleaning.
Thanks
Hey no worries about the wait. cant complain about this advice. the dialer.trojan is gone buy winantivirus pro and anouther system popup are still frequent. here are the two new logfiles. thanks again
Logfile of HijackThis v1.99.1
Scan saved at 2:33:42 AM, on 10/13/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\WINDOWS\system32\devldr32.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\NMSSvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [ixfivgg.dll] C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\ixfivgg.dll,fivplce
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [NAV CfgWiz] C:\Program Files\Common Files\Symantec Shared\SymProbe.exe -r "C:\Program Files\Norton AntiVirus\CfgWiz.exe" /GUID {0D7956A2-5A08-4ec2-A72C-DF8495A66016} /MODE CfgWiz /CMDLINE "REBOOT"
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [dahomah.dll] C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\dahomah.dll,ftrttbf
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [AIM] C:\PROGRA~1\AIM95\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R
O4 - HKCU\..\Run: [Wdeo] "C:\DOCUME~1\JOECUR~1\MYDOCU~1\ASKS~1\msconfig.exe" -vt yazb
O4 - HKCU\..\Run: [Lzwtrq] C:\Program Files\Common Files\?asks\w?nspool.exe
O4 - Global Startup: Microsoft Office.lnk = Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://bittercup.spaces.msn.com//PhotoUpload/MsnPUpld.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{EBBE12D5-1829-42EC-A8E2-3B7F37237D18}: NameServer = 192.168.0.1
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Intel(R) NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\system32\NMSSvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
SmitFraudFix v2.109
Scan done at 2:28:13.53, Fri 10/13/2006
Run from C:\Documents and Settings\Joe Currie\Desktop\SmitfraudFix1\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
Fix run in safe mode
»»»»»»»»»»»»»»»»»»»»»»»» Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» Killing process
»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix
GenericRenosFix by S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files
»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files
»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning
Registry Cleaning done.
»»»»»»»»»»»»»»»»»»»»»»»» After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» End
pskelley
2006-10-13, 12:23
Let me first apologize for the delay in responding. Safer Networking is moving to new servers and all notifications are not working properly during the move. I found your post during a routine check of my open commitments this morning and will respond now...thanks
There is no doubt you still have problems and I am most sure the Vundo trojan which the hackers have hidden is part of it. I also see PurityScan adware and some other junk I can't identify. Let's proceed like this.
1) Return here: C:\Program Files\Hijackthis\HijackThis.exe right click and rename the .exe, call it joec11.exe or whatever you wish.
2) Thanks to sUBs and anyone who helped with this fix.
1. Download this file - combofix.exe
http://download.bleepingcomputer.com/sUBs/combofix.exe
2. Double click combofix.exe & follow the prompts.
3. When finished, it shall produce a log for you. Post that log in your next reply
Note:
Do not mouseclick combofix's window while it's running. That may cause it to stall
If the log is large You might need to post half in one reply half in another.
3) Make sure the computer is restarted and post a new HJT log along with the one from combofix.
Thanks
Logfile of HijackThis v1.99.1
Scan saved at 6:03:19 PM, on 10/13/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\WINDOWS\system32\devldr32.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\NMSSvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Winamp\winamp.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Hijackthis\joec11.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1DAEFCB9-06C8-47c6-8F20-3FB54B244DAA} - C:\WINDOWS\system32\hiuaqaqt.dll
O2 - BHO: (no name) - {282E58CD-9712-4D80-99E8-9E7420753EBF} - C:\WINDOWS\system32\ddaya.dll
O2 - BHO: (no name) - {35E3555A-9046-9F0D-675A-023421D28DEA} - C:\WINDOWS\system32\uyrpbee.dll
O2 - BHO: (no name) - {50B8EF84-D4F8-72FD-F005-09FDEF1034C7} - C:\WINDOWS\system32\qdjwten.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {a43385f0-7113-496d-96d7-b9b550e3fcca} - C:\WINDOWS\system32\ixt0.dll (file missing)
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [ixfivgg.dll] C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\ixfivgg.dll,fivplce
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [NAV CfgWiz] C:\Program Files\Common Files\Symantec Shared\SymProbe.exe -r "C:\Program Files\Norton AntiVirus\CfgWiz.exe" /GUID {0D7956A2-5A08-4ec2-A72C-DF8495A66016} /MODE CfgWiz /CMDLINE "REBOOT"
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [dahomah.dll] C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\dahomah.dll,ftrttbf
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [AIM] C:\PROGRA~1\AIM95\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R
O4 - HKCU\..\Run: [Wdeo] "C:\DOCUME~1\JOECUR~1\MYDOCU~1\ASKS~1\msconfig.exe" -vt yazb
O4 - HKCU\..\Run: [Lzwtrq] C:\Program Files\Common Files\?asks\w?nspool.exe
O4 - Global Startup: Microsoft Office.lnk = Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://bittercup.spaces.msn.com//PhotoUpload/MsnPUpld.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{EBBE12D5-1829-42EC-A8E2-3B7F37237D18}: NameServer = 192.168.0.1
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: ddaya - C:\WINDOWS\system32\ddaya.dll
O20 - Winlogon Notify: winbue32 - winbue32.dll (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Intel(R) NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\system32\NMSSvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
Joe Currie - 06-10-13 18:00:41.82 Service Pack 2
ComboFix 06.10.14 - Running from: "C:\Documents and Settings\Joe Currie\Desktop"
(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ Purity ~ ~ ~ ~ ~ ~ ~ ~~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~
Folders Quarantined:
C:\QooBox\Purity\Documents and Settings\Joe Currie\My Documents\ASKS~1
C:\QooBox\Purity\Documents and Settings\Joe Currie\My Documents\ASKS~1\?asks
C:\QooBox\Purity\Program Files\Common Files\ASKS~1
((((((((((((((((((((((((((((((( Files Created from 2006-09-13 to 2006-10-13 ))))))))))))))))))))))))))))))))))
2006-10-13 02:34 818,522 ---hs---- C:\WINDOWS\system32\ayadd.ini2
2006-10-13 02:26 53,248 --a------ C:\WINDOWS\system32\Process.exe
2006-10-13 02:26 40,960 --a------ C:\WINDOWS\system32\swsc.exe
2006-10-13 02:26 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2006-10-13 02:26 135,168 --a------ C:\WINDOWS\system32\swreg.exe
2006-10-12 08:09 98,324 --a------ C:\WINDOWS\system32\hiuaqaqt.dll
2006-10-10 00:29 3,968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2006-10-06 19:36 72,704 --a------ C:\WINDOWS\system32\uyrpbee.dll
2006-10-04 21:51 793,246 ---hs---- C:\WINDOWS\system32\ayadd.bak1
2006-10-02 21:49 798,874 ---hs---- C:\WINDOWS\system32\ayadd.bak2
2006-09-30 00:23 520,192 --------- C:\WINDOWS\system32\ati2sgag.exe
2006-09-28 22:58 420,240 --a------ C:\WINDOWS\system32\mpg4c32.dll
2006-09-28 22:58 309,616 --a------ C:\WINDOWS\system32\wmv8dmod.dll
2006-09-28 19:12 73,748 --a------ C:\WINDOWS\system32\ttbuowge.dll
2006-09-27 22:20 9,644 --a------ C:\WINDOWS\system32\drivers\NMSCFG.SYS
2006-09-27 22:20 61,440 --a------ C:\WINDOWS\system32\PROMon.exe
2006-09-27 22:20 59,152 --a------ C:\WINDOWS\system32\drivers\iansw2k.sys
2006-09-27 22:20 36,864 --a------ C:\WINDOWS\system32\NMSSvcPS.DLL
2006-09-27 22:20 317,952 --a------ C:\WINDOWS\system32\ROBOEX32.DLL
2006-09-27 22:20 24,778 --a------ C:\WINDOWS\system32\drivers\NMSDD.SYS
2006-09-27 22:20 20,480 --a------ C:\WINDOWS\system32\NMSMsg.DLL
2006-09-27 22:20 147,456 --a------ C:\WINDOWS\system32\PRONtObj.dll
2006-09-27 22:20 147,456 --a------ C:\WINDOWS\system32\NMSAPI.DLL
2006-09-27 22:20 1,077,248 --a------ C:\WINDOWS\system32\NMSSvc.Exe
2006-09-27 22:19 306,688 --a------ C:\WINDOWS\IsUninst.exe
2006-09-27 15:11 611,064 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2006-09-26 23:11 451,072 C:\WINDOWSRadeon Omega Drivers v3.8.273 Uninstall.exe
2006-09-26 19:35 10,344 --a------ C:\WINDOWS\system32\drivers\symlcbrd.sys
2006-09-26 19:33 48,816 --a------ C:\WINDOWS\system32\S32EVNT1.DLL
2006-09-26 19:33 109,744 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2006-09-26 19:10 577,588 ---hs---- C:\WINDOWS\system32\ddaya.dll
2006-09-26 19:05 72,704 --a------ C:\WINDOWS\system32\qdjwten.dll
2006-09-23 22:49 77,824 --a------ C:\WINDOWS\system32\Oemdspif.dll
2006-09-23 22:49 61,440 --a------ C:\WINDOWS\system32\ati2evxx.dll
2006-09-23 22:49 6,684,672 --a------ C:\WINDOWS\system32\atioglx1.dll
2006-09-23 22:49 53,248 --a------ C:\WINDOWS\system32\ATIDDC.DLL
2006-09-23 22:49 5,124,096 --a------ C:\WINDOWS\system32\atioglxx.dll
2006-09-23 22:49 405,504 --a------ C:\WINDOWS\system32\ati2evxx.exe
2006-09-23 22:49 40,960 --a------ C:\WINDOWS\system32\drivers\ati2erec.dll
2006-09-23 22:49 40,960 --a------ C:\WINDOWS\system32\ati2edxx.dll
2006-09-23 22:49 307,200 --a------ C:\WINDOWS\system32\atiiiexx.dll
2006-09-23 22:49 282,624 --a------ C:\WINDOWS\system32\ATIDEMGR.dll
2006-09-23 22:49 26,112 --a------ C:\WINDOWS\system32\Ati2mdxx.exe
2006-09-23 22:49 24,064 --a------ C:\WINDOWS\system32\ativcoxx.dll
2006-09-23 22:49 17,408 --a------ C:\WINDOWS\system32\atitvo32.dll
2006-09-23 22:49 151,552 --a------ C:\WINDOWS\system32\atikvmag.dll
2006-09-23 22:49 114,688 --a------ C:\WINDOWS\system32\atipdlxx.dll
(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))
there is more
2006-10-13 18:00 -------- d-------- C:\Program Files\Hijackthis
2006-10-13 17:54 -------- d-------- C:\Program Files\Mozilla Firefox
2006-10-13 13:44 -------- d-------- C:\Documents and Settings\Joe Currie\Application Data\uTorrent
2006-10-13 01:24 -------- d-------- C:\Program Files\Radical Games
2006-10-10 02:11 -------- d-------- C:\Program Files\Common Files
2006-10-10 00:29 -------- d-------- C:\Program Files\Grisoft
2006-10-09 21:50 -------- d-------- C:\Documents and Settings\Joe Currie\Application Data\Skype
2006-10-09 13:16 -------- d-------- C:\Program Files\Common Files\Symantec Shared
2006-10-07 22:51 -------- d--h----- C:\Program Files\InstallShield Installation Information
2006-10-03 11:18 -------- d-------- C:\Program Files\Microsoft ActiveSync
2006-10-03 11:18 -------- d-------- C:\Program Files\Common Files\Microsoft Shared
2006-10-03 11:18 -------- d-------- C:\Program Files\Common Files\Designer
2006-09-30 00:23 -------- d-------- C:\Program Files\ATI Technologies
2006-09-29 22:38 -------- d-------- C:\Program Files\DAEMON Tools
2006-09-28 22:49 -------- d-------- C:\Program Files\Codemasters
2006-09-27 22:20 -------- d-------- C:\Program Files\Intel
2006-09-27 17:14 -------- d-------- C:\Program Files\Common Files\Services
2006-09-27 15:45 -------- d-------- C:\Program Files\Common Files\DirectX
2006-09-27 15:38 -------- d-------- C:\Program Files\EA GAMES
2006-09-26 23:33 -------- d-------- C:\Documents and Settings\Joe Currie\Application Data\atitray
2006-09-26 23:13 -------- d-------- C:\Program Files\MultiRes
2006-09-26 23:11 451072 --a------ C:\WINDOWS\Radeon Omega Drivers v3.8.273 Uninstall.exe
2006-09-26 20:27 -------- d-------- C:\Program Files\Diskeeper Corporation
2006-09-26 20:24 -------- d-------- C:\Program Files\Norton AntiVirus
2006-09-26 20:23 -------- d-------- C:\Documents and Settings\Joe Currie\Application Data\VersionTracker Pro
2006-09-26 20:16 -------- d-------- C:\Program Files\Symantec
2006-09-26 20:07 -------- d-------- C:\Documents and Settings\Joe Currie\Application Data\Symantec
2006-09-26 19:21 -------- d-------- C:\Program Files\Prey
2006-09-25 21:43 -------- d-------- C:\Program Files\Internet Explorer
2006-09-24 01:56 -------- d-------- C:\Documents and Settings\Joe Currie\Application Data\Help
2006-09-23 22:46 -------- d-------- C:\Documents and Settings\Joe Currie\Application Data\ATI
2006-09-21 20:14 -------- d-------- C:\Program Files\Java
2006-09-18 19:29 -------- d-------- C:\Program Files\Common Files\Java
2006-09-13 13:05 -------- d-------- C:\Program Files\QuickTime
2006-09-06 17:49 -------- d-------- C:\Program Files\Microsoft IntelliPoint
2006-09-03 18:24 -------- d-------- C:\Program Files\Skype
2006-09-01 15:59 -------- d-------- C:\Program Files\Adobe
2006-09-01 15:58 -------- d-------- C:\Documents and Settings\Joe Currie\Application Data\Leadertech
2006-09-01 12:48 -------- d---s---- C:\Documents and Settings\Joe Currie\Application Data\Microsoft
2006-09-01 12:44 -------- d-------- C:\Program Files\GameShadow
2006-08-29 00:36 -------- d-------- C:\Program Files\Real
2006-08-27 19:45 -------- d-------- C:\Documents and Settings\Joe Currie\Application Data\vlc
2006-08-27 19:42 -------- d-------- C:\Program Files\VideoLAN
2006-08-27 11:07 -------- d-------- C:\Program Files\DivXCodec
2006-08-21 08:21 16896 --a------ C:\WINDOWS\system32\fltlib.dll
2006-08-21 05:14 23040 --a------ C:\WINDOWS\system32\fltmc.exe
2006-08-21 05:14 128896 --a------ C:\WINDOWS\system32\drivers\fltmgr.sys
2006-08-07 16:02 534208 --a------ C:\WINDOWS\system32\SymNeti.dll
2006-08-07 16:02 161472 --a------ C:\WINDOWS\system32\SymRedir.dll
2006-07-27 09:24 679424 --a------ C:\WINDOWS\system32\inetcomm.dll
2006-07-21 04:24 72704 --a------ C:\WINDOWS\system32\hlink.dll
(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries are not shown
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"MsnMsgr"="\"C:\\Program Files\\MSN Messenger\\MsnMsgr.Exe\" /background"
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="\"C:\\Program Files\\Common Files\\Ahead\\lib\\NMBgMonitor.exe\""
"AIM"="C:\\PROGRA~1\\AIM95\\aim.exe -cnetwait.odl"
"Creative Detector"="C:\\Program Files\\Creative\\MediaSource\\Detector\\CTDetect.exe /R"
"Wdeo"="\"C:\\DOCUME~1\\JOECUR~1\\MYDOCU~1\\ASKS~1\\msconfig.exe\" -vt yazb"
"Lzwtrq"="C:\\Program Files\\Common Files\\?asks\\w?nspool.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"Adobe Photo Downloader"="\"C:\\Program Files\\Adobe\\Photoshop Album Starter Edition\\3.0\\Apps\\apdproxy.exe\""
"WinampAgent"="C:\\Program Files\\Winamp\\winampa.exe"
"IntelliPoint"="\"C:\\Program Files\\Microsoft IntelliPoint\\point32.exe\""
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"SunJavaUpdateSched"="C:\\Program Files\\Java\\jre1.5.0_06\\bin\\jusched.exe"
"ixfivgg.dll"="C:\\WINDOWS\\system32\\rundll32.exe C:\\WINDOWS\\system32\\ixfivgg.dll,fivplce"
"ccApp"="\"C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\""
"NAV CfgWiz"="C:\\Program Files\\Common Files\\Symantec Shared\\SymProbe.exe -r \"C:\\Program Files\\Norton AntiVirus\\CfgWiz.exe\" /GUID {0D7956A2-5A08-4ec2-A72C-DF8495A66016} /MODE CfgWiz /CMDLINE \"REBOOT\""
"DAEMON Tools"="\"C:\\Program Files\\DAEMON Tools\\daemon.exe\" -lang 1033"
"ATIPTA"="\"C:\\Program Files\\ATI Technologies\\ATI Control Panel\\atiptaxx.exe\""
"dahomah.dll"="C:\\WINDOWS\\system32\\rundll32.exe C:\\WINDOWS\\system32\\dahomah.dll,ftrttbf"
"!AVG Anti-Spyware"="\"C:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"
[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000004
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="msmsgs"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"inimapping"="0"
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ddaya
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winbue32
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"
Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\Norton AntiVirus - Run Full System Scan - Joe Currie.job
Completion time: 06-10-13 18:02:17.43
C:\ComboFix.txt ... 06-10-13 18:02
C:\ComboFix2.txt ... 06-10-10 02:12
thanks
pskelley
2006-10-14, 00:56
OK, now we can see the junk they we hiding. The tough one to remove is Vundo, looks like this: C:\WINDOWS\system32\ddaya.dll
Atribunes new fix will learn from the stuff and it may take several tries to delete the junk. You will know when you are successfull when all Vundo files it locates have been deleted. I would also appreciate it if a file can't be deleted at first if you would upload it to Atribune so he can add it to the fix to help others.
If there is a file VundoFix doesn't find we need it submitted. Please submit
the files to upload malware: http://www.uploadmalware.com
Follow the directions in this link: http://forums.spybot.info/showthread.php?t=4394
Once Vundo is deleted then do this:
How to make files and folders visible:
Click Start > Open My Computer.
Select the Tools menu and click Folder Options.
Select the View Tab. Under the Hidden files and folders heading, select Show hidden files and folders.
Uncheck: Hide file extensions for known file types
Uncheck the Hide protected operating system files (recommended) option.
Click Yes to confirm.
Click OK.
Please download ATF Cleaner by Atribune
http://www.atribune.org/content/view/25/2/
Save it to your Desktop. We will use this later.
Open HijackThis and choose "Do a system scan only" then check the box in front of these line items:
(some items may be gone, just do not miss any)
O2 - BHO: (no name) - {1DAEFCB9-06C8-47c6-8F20-3FB54B244DAA} - C:\WINDOWS\system32\hiuaqaqt.dll
O2 - BHO: (no name) - {282E58CD-9712-4D80-99E8-9E7420753EBF} - C:\WINDOWS\system32\ddaya.dll
O2 - BHO: (no name) - {35E3555A-9046-9F0D-675A-023421D28DEA} - C:\WINDOWS\system32\uyrpbee.dll
O2 - BHO: (no name) - {50B8EF84-D4F8-72FD-F005-09FDEF1034C7} - C:\WINDOWS\system32\qdjwten.dll
O2 - BHO: (no name) - {a43385f0-7113-496d-96d7-b9b550e3fcca} - C:\WINDOWS\system32\ixt0.dll (file missing)
O4 - HKLM\..\Run: [ixfivgg.dll] C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\ixfivgg.dll,fivplce
O4 - HKLM\..\Run: [dahomah.dll] C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\dahomah.dll,ftrttbf
O4 - HKCU\..\Run: [Wdeo] "C:\DOCUME~1\JOECUR~1\MYDOCU~1\ASKS~1\msconfig.exe" -vt yazb
O4 - HKCU\..\Run: [Lzwtrq] C:\Program Files\Common Files\?asks\w?nspool.exe
O20 - Winlogon Notify: ddaya - C:\WINDOWS\system32\ddaya.dll
O20 - Winlogon Notify: winbue32 - winbue32.dll (file missing)
Close all programs but HJT and all browser windows, then click on "Fix Checked"
(some files may be gone, do not miss any)
C:\WINDOWS\system32\dahomah.dll <<< delete that file
C:\WINDOWS\system32\ixfivgg.dll <<< delete that file
C:\DOCUMENT & SETTINGS~1\JOECUR~1\MYDOCUMENTS~1\ASKS~1\ <<< delete that folder
C:\Program Files\Common Files\?asks\ <<< delete that folder
Run ATF Cleaner
Double-click ATF-Cleaner.exe to run the program.
Click Select All found at the bottom of the list.
Click the Empty Selected button.
Click Exit on the Main menu to close the program.
Restart the computer and post the results of the VundoFix, a new HJT log and let me know how the computer is running now.
Thanks
Please check your Java program for an update, see this information:
http://forums.spybot.info/showpost.php?p=12880&postcount=2
This was a badly infected computer, I was wondering if you know where you acquired all of this junk?
The sounds like the finishing touch, Ill let you know how its running after a bit. thanks again
VundoFix V6.1.6
Checking Java version...
Java version is 1.5.0.4
Java version is 1.5.0.6
Scan started at 10:46:36 PM 10/2/2006
Listing files found while scanning....
No infected files were found.
VundoFix V6.2.2
Checking Java version...
Java version is 1.5.0.4
Java version is 1.5.0.6
Scan started at 8:08:31 PM 10/13/2006
Listing files found while scanning....
C:\WINDOWS\system32\ddaya.dll
C:\WINDOWS\system32\ayadd.ini
C:\WINDOWS\system32\ayadd.bak1
C:\WINDOWS\system32\ayadd.bak2
C:\WINDOWS\system32\ayadd.ini2
C:\WINDOWS\system32\ayadd.tmp
C:\WINDOWS\system32\hiuaqaqt.dll
C:\WINDOWS\system32\qdjwten.dll
C:\WINDOWS\system32\ddaya.dll
C:\WINDOWS\system32\ayadd.ini
C:\WINDOWS\system32\ayadd.bak1
C:\WINDOWS\system32\ayadd.bak2
C:\WINDOWS\system32\ayadd.ini2
C:\WINDOWS\system32\ayadd.tmp
C:\WINDOWS\system32\ayadd.ini
C:\WINDOWS\system32\ayadd.bak1
C:\WINDOWS\system32\ayadd.bak2
C:\WINDOWS\system32\ayadd.ini2
C:\WINDOWS\system32\ayadd.tmp
Beginning removal...
Attempting to delete C:\WINDOWS\system32\ddaya.dll
C:\WINDOWS\system32\ddaya.dll Could not be deleted.
Attempting to delete C:\WINDOWS\system32\ayadd.ini
C:\WINDOWS\system32\ayadd.ini Has been deleted!
Attempting to delete C:\WINDOWS\system32\ayadd.bak1
C:\WINDOWS\system32\ayadd.bak1 Has been deleted!
Attempting to delete C:\WINDOWS\system32\ayadd.bak2
C:\WINDOWS\system32\ayadd.bak2 Has been deleted!
Attempting to delete C:\WINDOWS\system32\ayadd.ini2
C:\WINDOWS\system32\ayadd.ini2 Has been deleted!
Attempting to delete C:\WINDOWS\system32\ayadd.tmp
C:\WINDOWS\system32\ayadd.tmp Has been deleted!
Attempting to delete C:\WINDOWS\system32\hiuaqaqt.dll
C:\WINDOWS\system32\hiuaqaqt.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\qdjwten.dll
C:\WINDOWS\system32\qdjwten.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\ddaya.dll
C:\WINDOWS\system32\ddaya.dll Could not be deleted.
Performing Repairs to the registry.
Done!
Beginning removal...
Attempting to delete C:\WINDOWS\system32\ddaya.dll
C:\WINDOWS\system32\ddaya.dll Has been deleted!
Performing Repairs to the registry.
Done!
Logfile of HijackThis v1.99.1
Scan saved at 8:40:20 PM, on 10/13/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\NMSSvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\WINDOWS\system32\devldr32.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Hijackthis\joec11.exe
C:\WINDOWS\System32\svchost.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [NAV CfgWiz] C:\Program Files\Common Files\Symantec Shared\SymProbe.exe -r "C:\Program Files\Norton AntiVirus\CfgWiz.exe" /GUID {0D7956A2-5A08-4ec2-A72C-DF8495A66016} /MODE CfgWiz /CMDLINE "REBOOT"
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [AIM] C:\PROGRA~1\AIM95\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R
O4 - Global Startup: Microsoft Office.lnk = Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://bittercup.spaces.msn.com//PhotoUpload/MsnPUpld.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{EBBE12D5-1829-42EC-A8E2-3B7F37237D18}: NameServer = 192.168.0.1
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Intel(R) NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\system32\NMSSvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
pskelley
2006-10-14, 11:53
Great job with that Vundo infection, let's pursue this a bit further to make sure you are clean, nothing hidden.
1) First I see this Norton item: O4 - HKLM\..\Run: [NAV CfgWiz] C:\Program Files\Common Files\Symantec Shared\SymProbe.exe -r "C:\Program Files\Norton AntiVirus\CfgWiz.exe" /GUID {0D7956A2-5A08-4ec2-A72C-DF8495A66016} /MODE CfgWiz /CMDLINE A search returns this kind of information:
http://www.bleepingcomputer.com/startups/NAV_CfgWiz-3575.html
http://www.google.com/search?sourceid=navclient&ie=UTF-8&rls=GGLG,GGLG:2006-16,GGLG:en&q=NAV+CfgWiz
Sounds like it should be something you should get rid of. I would take it up with Norton if you have any doubts:
http://www.symantec.com/techsupp/
2) I need to say Java is still not showing updated, this may well be how you got the Vundo trojan, and I would do this now.
3) Follow these instructions to clean the System Restore files:
System Restore does not know the good files from the bad. In case bad stuff has gotten into your System Restore files, follow the instructions in this link to get clean System Restore files. Turn it off, reboot then turn it back on:
http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2001111912274039?Open&src=sec_doc_nam
4) Once System Restore is cleaned, then check AVG for updates and run a complete system scan, delete what it finds unless you know it is not bad, post the results. How is the computer running now.
Thanks
Hey thanks so much for your help. I did this scan two days ago and waited to see how the pc is running befor i replied. Its runnin great. no more of those annyoing persistent super pop.ups. Here are the alst two logfiles. any extra advice? thanks again. joe
---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------
+ Created at: 2:34:04 PM 10/14/2006
+ Scan result:
:mozilla.58:C:\Documents and Settings\Joe Currie\Application Data\Mozilla\Firefox\Profiles\cn12t7dp.Default User\cookies.txt -> TrackingCookie.247realmedia : Cleaned.
:mozilla.59:C:\Documents and Settings\Joe Currie\Application Data\Mozilla\Firefox\Profiles\cn12t7dp.Default User\cookies.txt -> TrackingCookie.247realmedia : Cleaned.
:mozilla.60:C:\Documents and Settings\Joe Currie\Application Data\Mozilla\Firefox\Profiles\cn12t7dp.Default User\cookies.txt -> TrackingCookie.247realmedia : Cleaned.
:mozilla.21:C:\Documents and Settings\Joe Currie\Application Data\Mozilla\Firefox\Profiles\cn12t7dp.Default User\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.22:C:\Documents and Settings\Joe Currie\Application Data\Mozilla\Firefox\Profiles\cn12t7dp.Default User\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.23:C:\Documents and Settings\Joe Currie\Application Data\Mozilla\Firefox\Profiles\cn12t7dp.Default User\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.26:C:\Documents and Settings\Joe Currie\Application Data\Mozilla\Firefox\Profiles\cn12t7dp.Default User\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.27:C:\Documents and Settings\Joe Currie\Application Data\Mozilla\Firefox\Profiles\cn12t7dp.Default User\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.40:C:\Documents and Settings\Joe Currie\Application Data\Mozilla\Firefox\Profiles\cn12t7dp.Default User\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
:mozilla.57:C:\Documents and Settings\Joe Currie\Application Data\Mozilla\Firefox\Profiles\cn12t7dp.Default User\cookies.txt -> TrackingCookie.Bluestreak : Cleaned.
:mozilla.24:C:\Documents and Settings\Joe Currie\Application Data\Mozilla\Firefox\Profiles\cn12t7dp.Default User\cookies.txt -> TrackingCookie.Clickhype : Cleaned.
:mozilla.25:C:\Documents and Settings\Joe Currie\Application Data\Mozilla\Firefox\Profiles\cn12t7dp.Default User\cookies.txt -> TrackingCookie.Clickhype : Cleaned.
:mozilla.32:C:\Documents and Settings\Joe Currie\Application Data\Mozilla\Firefox\Profiles\cn12t7dp.Default User\cookies.txt -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.14:C:\Documents and Settings\Joe Currie\Application Data\Mozilla\Firefox\Profiles\cn12t7dp.Default User\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.15:C:\Documents and Settings\Joe Currie\Application Data\Mozilla\Firefox\Profiles\cn12t7dp.Default User\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.16:C:\Documents and Settings\Joe Currie\Application Data\Mozilla\Firefox\Profiles\cn12t7dp.Default User\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.17:C:\Documents and Settings\Joe Currie\Application Data\Mozilla\Firefox\Profiles\cn12t7dp.Default User\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.18:C:\Documents and Settings\Joe Currie\Application Data\Mozilla\Firefox\Profiles\cn12t7dp.Default User\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.19:C:\Documents and Settings\Joe Currie\Application Data\Mozilla\Firefox\Profiles\cn12t7dp.Default User\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.20:C:\Documents and Settings\Joe Currie\Application Data\Mozilla\Firefox\Profiles\cn12t7dp.Default User\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
::Report end
Logfile of HijackThis v1.99.1
Scan saved at 1:40:09 AM, on 10/17/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\NMSSvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\WINDOWS\system32\devldr32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\Downloads\utorrent.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Hijackthis\joec11.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
pskelley
2006-10-17, 13:57
Sounds good, if you want help controlling those junk cookies, use this information:
http://privacy.getnetwise.org/browsing/tools/firefox1/ffdisablecookies
http://www.mozilla.org/projects/security/pki/psm/help_21/using_priv_help.html
Joe, your last HJT log looked fine, you cut this one in half. If you wish me to look at it you will need to post a complete log.
AVG Anti-Spyware is a good program but it does use some resources. Once the trial is over you can update and use the scanner for as long as you wish, but unless you purchase it you should turn it off completely so it does not run unless you start it manually.
Here is some great information from Tony Klein, Texruss, ChrisRLG and Grinler to help you stay clean and safe online:
http://forums.spybot.info/showthread.php?t=279
http://russelltexas.com/malware/allclear.htm
http://forum.malwareremoval.com/viewtopic.php?t=14
http://www.bleepingcomputer.com/forums/topict2520.html
http://cybercoyote.org/security/not-admin.shtml
Safe surfing...tashi:) will close the topic in a few days.
Thanks...pskelley
Safer Networking Forums
http://www.spybot.info/en/donate/index.html
If you are reading this information...thank a teacher,
If you are reading it in English...thank a soldier.
As the problem appears to be resolved this topic has been archived.
If you need it re-opened please send me or your helper a private message (pm) and provide a link to the thread; this applies only to the original topic starter.
Glad we could help, cheers. :)