PDA

View Full Version : Smitfraud-C.Toolbar888



Platinum griff
2006-11-05, 02:22
Like an idiot i got a bunch of crap into my machine. I was able to remove most of it by booting in safe-mode and running Spy bot and ad-aware and all but Smitfraud-C.Toolbar888 gets cleaned off. I got Smitfraudfix but it doesnt help as Smitfraud-C.Toolbar888 stays on my machine and each time i start in nomral mode it grabs a bunch of other crap.

Below is the HJT log and the avtivescan log from the panda scan.

Logfile of HijackThis v1.99.1
Scan saved at 4:00:56 AM, on 11/4/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Owner\Desktop\hijackthis\HijackThis.exe

O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: X10 Device Network Service (x10nets) - Unknown owner - C:\PROGRA~1\ATIMUL~1\RemCtrl\x10nets.exe (file missing)

Spyware:Spyware/Virtumonde Not disinfected C:\Documents and Settings\Owner\Local Settings\Temp\mst461.tmp
Adware:Adware/YazzleSudoku Not disinfected C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\83YZIV2F\116[1].net
Possible Virus. Not disinfected C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\83YZIV2F\l11[1].exe
Adware:Adware/Maxifiles Not disinfected C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\83YZIV2F\wlzip32[1].exe
Possible Virus. Not disinfected C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\I7W9M5CD\ff3[1]
Dialer:Dialer.HLD Not disinfected C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\I7W9M5CD\srvnys[1].exe
Dialer:Dialer.HLD Not disinfected C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\I7W9M5CD\srvyfr[1].exe
Dialer:Dialer.HLD Not disinfected C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\I7W9M5CD\srvzjf[1].exe
Potentially unwanted tool:Application/Winantivirus2006 Not disinfected C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\I7W9M5CD\WinAntiVirusPro2006FreeInstall[1].cab[UWA6P_0001_N91M1807NetInstaller.exe]
Adware:Adware/Maxifiles Not disinfected C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\MBCZE52F\122[1].net
Possible Virus. Not disinfected C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\MBCZE52F\anti4[1].exe
Dialer:Dialer.HLD Not disinfected C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\MBCZE52F\srvvea[1].exe
Dialer:Dialer.HLD Not disinfected C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\MBCZE52F\srvwdt[1].exe
Adware:Adware/Yazzle Not disinfected C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\U1SDO50D\mulbin32[1].exe
Possible Virus. Not disinfected C:\Documents and Settings\Owner\My Documents\a?sembly\csrss.exe
Adware:Adware/PurityScan Not disinfected C:\Program Files\Common Files\Yazzle1162OinAdmin.exe
Adware:Adware/Yazzle Not disinfected C:\Program Files\Common Files\Yazzle1162OinUninstaller.exe
Adware:Adware/Maxifiles Not disinfected C:\Program Files\Common Files\{3CE2FB23-06A3-1033-0217-050208050001}\Activate.exe
Adware:Adware/DollarRevenue Not disinfected C:\Program Files\Common Files\{3CE2FB23-06A3-1033-0217-050208050001}\Uninst.exe
Possible Virus. Renamed C:\Program Files\?ppPatch\w?nword.exe
Potentially unwanted tool:Application/Winantivirus2006 Not disinfected C:\WINDOWS\Downloaded Program Files\CONFLICT.1\UWA6P_0001_N91M1807NetInstaller.exe
Potentially unwanted tool:Application/Winantivirus2006 Not disinfected C:\WINDOWS\Downloaded Program Files\CONFLICT.2\UWA6P_0001_N91M1807NetInstaller.exe
Possible Virus. Not disinfected C:\WINDOWS\system32\components\flx7.dll
Possible Virus. Not disinfected C:\WINDOWS\system32\jkkhhii.dll
Potentially unwanted tool:Application/Kill&Clean Not disinfected C:\WINDOWS\system32\{941A08EB-5AED-4619-B399-2BF0A5E57FB9}.exe[KillAndClean.exe]
Potentially unwanted tool:Application/Kill&Clean Not disinfected C:\WINDOWS\system32\{941A08EB-5AED-4619-B399-2BF0A5E57FB9}.exe[KillAndCleanUpdate.exe]
Adware:Adware/CWS Not disinfected C:\WINDOWS\system32\{DFA461FB-7886-4C11-BFA4-09E5C62397E4}.exe
Adware:Adware/Maxifiles Not disinfected C:\WINDOWS\Temp\nse2F.tmp\nsProcess.dll
Dialer:Dialer.HLD Not disinfected C:\WINDOWS\Temp\win159.tmp.exe
Dialer:Dialer.HLD Not disinfected C:\WINDOWS\Temp\win1D.tmp.exe
Adware:Adware/Maxifiles Not disinfected C:\WINDOWS\Temp\win2A.tmp.exe
Dialer:Dialer.HLD Not disinfected C:\WINDOWS\Temp\win31.tmp.exe
Adware:Adware/Yazzle Not disinfected C:\WINDOWS\Temp\win32.tmp.exe
Dialer:Dialer.HLD Not disinfected C:\WINDOWS\Temp\win41F.tmp.exe
Dialer:Dialer.HLD Not disinfected C:\WINDOWS\Temp\win74.tmp.exe
Dialer:Dialer.HLD Not disinfected C:\WINDOWS\Temp\win77.tmp.exe
Dialer:Dialer.HLD Not disinfected C:\WINDOWS\Temp\win83.tmp.exe
Dialer:Dialer.HLD

illukka
2006-11-05, 15:07
1. Download this file -

combofix.exe (http://download.bleepingcomputer.com/sUBs/combofix.exe)
2. Double click combofix.exe & follow the prompts.
3. When finished, it shall produce a log for you. Post that log in your next

reply

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to

stall

Platinum griff
2006-11-06, 03:10
Not sure if that was supposed to fix it all but it didnt, regardless here is the log it created.

Owner - 06-11-05 19:59:38.23 Service Pack 2
ComboFix 06.10.19 - Running from: "C:\Documents and Settings\Owner\Desktop"

(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\system32\ismini.exe
C:\WINDOWS\system32\components
C:\Program Files\Common Files\{3CE2FB23-06A3-1033-0217-050208050001}
C:\Program Files\Common Files\{4CE2FB23-06A3-1033-0217-050208050001}

~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ Purity ~ ~ ~ ~ ~ ~ ~ ~~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~

Folders Quarantined:

C:\QooBox\Purity\Documents and Settings\Owner\My Documents\ASEMBL~1
C:\QooBox\Purity\Documents and Settings\Owner\My Documents\WNSXS~1
C:\QooBox\Purity\Documents and Settings\Owner\My Documents\ASEMBL~1\a?sembly
C:\QooBox\Purity\Documents and Settings\Owner\My Documents\ASEMBL~1\csrss.exe


((((((((((((((((((((((((((((((( Files Created from 2006-10-05 to 2006-11-05 ))))))))))))))))))))))))))))))))))


2006-11-05 03:54 611,267 ---hs---- C:\WINDOWS\system32\npqss.bak2
2006-11-04 22:28 40,973 ---hs---- C:\WINDOWS\system32\ddcbaxv.dll
2006-11-04 22:28 131,072 --a------ C:\WINDOWS\system32\tjb.dll
2006-11-04 18:59 53,248 --a------ C:\WINDOWS\system32\Process.exe
2006-11-04 18:59 40,960 --a------ C:\WINDOWS\system32\swsc.exe
2006-11-04 18:59 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2006-11-04 18:59 135,168 --a------ C:\WINDOWS\system32\swreg.exe
2006-11-04 18:01 94,208 --a------ C:\WINDOWS\system32\usotswi.dll
2006-11-04 18:01 72,704 --a------ C:\WINDOWS\system32\jkfumwn.dll
2006-11-04 18:01 40,973 ---hs---- C:\WINDOWS\system32\ddcdeeb.dll
2006-11-04 04:19 94,208 --a------ C:\WINDOWS\system32\lhzjhse.dll
2006-11-04 04:19 73,216 --a------ C:\WINDOWS\system32\yacvdxi.dll
2006-11-04 04:19 59,392 --a------ C:\WINDOWS\system32\drvtem.dll
2006-11-04 04:19 40,973 ---hs---- C:\WINDOWS\system32\opnomki.dll
2006-11-04 01:15 110,612 --a------ C:\WINDOWS\system32\mgkxsmpc.exe
2006-11-04 01:14 692,276 ---hs---- C:\WINDOWS\system32\ssqpn.dll
2006-11-04 01:14 602,245 ---hs---- C:\WINDOWS\system32\npqss.bak1
2006-11-04 01:14 60,436 --a------ C:\WINDOWS\system32\goeemqyn.dll
2006-11-04 01:09 94,208 --a------ C:\WINDOWS\system32\xtwgtvj.dll
2006-11-04 01:09 72,192 --a------ C:\WINDOWS\system32\yzjudad.dll
2006-11-04 01:09 2 --a------ C:\WINDOWS\system32\wtsit.exe
2006-11-04 01:08 59,392 --a------ C:\WINDOWS\system32\drvlan.dll
2006-11-04 01:08 40,973 ---hs---- C:\WINDOWS\system32\jkkhhii.dll
2006-11-04 01:08 15,872 --a------ C:\WINDOWS\system32\winzss32.dll


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2006-11-05 20:00 -------- d-------- C:\Program Files\Common Files
2006-11-05 18:08 -------- d-------- C:\Program Files\Mozilla Firefox
2006-11-04 17:24 -------- d-------- C:\Program Files\xerox
2006-11-04 17:02 -------- d-------- C:\Documents and Settings\Owner\Application Data\Lavasoft
2006-11-04 17:01 -------- d-------- C:\Program Files\Lavasoft
2006-11-04 16:02 -------- d-------- C:\Program Files\Internet Explorer
2006-11-04 03:14 -------- d-------- C:\Program Files\WinRAR
2006-11-04 03:03 -------- d-------- C:\Program Files\ATI Multimedia
2006-11-04 01:02 -------- d-------- C:\Documents and Settings\Owner\Application Data\Adobe
2006-11-04 00:54 -------- d-------- C:\Program Files\Adobe
2006-11-04 00:53 -------- d-------- C:\Program Files\Common Files\Adobe Systems Shared
2006-11-04 00:53 -------- d-------- C:\Program Files\Common Files\Adobe
2006-11-03 23:47 -------- d-------- C:\Program Files\Burning Crusade Closed Beta
2006-10-24 02:50 -------- d-------- C:\Program Files\Common Files\Blizzard Entertainment
2006-10-24 01:32 -------- d-------- C:\Documents and Settings\Owner\Application Data\Macromedia
2006-10-24 01:20 -------- d-------- C:\Program Files\Windows Journal Viewer
2006-10-03 10:40 -------- d-------- C:\Program Files\Yahoo!
2006-09-26 14:13 -------- d-------- C:\Program Files\World of Warcraft
2006-09-25 18:52 -------- d-------- C:\Documents and Settings\Owner\Application Data\ATI
2006-09-14 15:09 -------- d-------- C:\Documents and Settings\Owner\Application Data\Apple Computer
2006-09-13 00:01 1084416 --a------ C:\WINDOWS\system32\msxml3.dll
2006-09-05 04:29 -------- d-------- C:\Program Files\BitComet
2006-09-01 00:48 2560 --a------ C:\WINDOWS\system32\BitCometRes.dll
2006-08-25 10:45 617472 --a------ C:\WINDOWS\system32\comctl32.dll
2006-08-21 07:21 16896 --a------ C:\WINDOWS\system32\fltlib.dll
2006-08-21 04:14 23040 --a------ C:\WINDOWS\system32\fltmc.exe
2006-08-16 06:58 100352 --a------ C:\WINDOWS\system32\6to4svc.dll


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
@=""
"Erar"="\"C:\\DOCUME~1\\Owner\\MYDOCU~1\\ASEMBL~1\\csrss.exe\" -vt yazb"
"Sflrpr"="C:\\Program Files\\?ppPatch\\w?nword.exe"
"msnmsgr"="\"C:\\Program Files\\MSN Messenger\\msnmsgr.exe\" /background"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"SoundMAXPnP"="C:\\Program Files\\Analog Devices\\SoundMAX\\SMax4PNP.exe"
"SoundMAX"="\"C:\\Program Files\\Analog Devices\\SoundMAX\\Smax4.exe\" /tray"
"ATIPTA"="C:\\Program Files\\ATI Technologies\\ATI Control Panel\\atiptaxx.exe"
"CTDrive"="rundll32.exe C:\\WINDOWS\\system32\\drvtem.dll,startup"
"lhzjhse.dll"="C:\\WINDOWS\\system32\\rundll32.exe C:\\WINDOWS\\system32\\lhzjhse.dll,lthohnf"
"usotswi.dll"="C:\\WINDOWS\\system32\\rundll32.exe C:\\WINDOWS\\system32\\usotswi.dll,oknxzqc"

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000001

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,80,00,00,00,00,00,00,00,00,02,00,00,c4,01,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\
ff,ff,04,00,00,00
"RestoredStateInfo"=hex:18,00,00,00,f2,01,00,00,23,00,00,00,7c,00,00,00,72,00,\
00,00,01,00,00,00

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"
"{d7bdd42a-7e69-4bb8-aac3-d76ff65a3aa3}"="archenteric"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{F7999166-FDE6-49DA-9AFC-1F6A79E9D1F2}"=""

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
"NoBandCustomize"=dword:00000000

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="msmsgs"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="MsnMsgr"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\MSN Messenger\\MsnMsgr.Exe\" /background"
"inimapping"="0"

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\opnomki
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ssqpn
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winzss32

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

Completion time: 06-11-05 20:01:46.93
C:\ComboFix.txt ... 06-11-05 20:01

illukka
2006-11-06, 08:14
ok, now post a fresh hiajckthis log.

NOTE:
before scanning for the log rename hiajckthis to scanner
then proceed to scan for the log

Platinum griff
2006-11-06, 18:07
Logfile of HijackThis v1.99.1
Scan saved at 11:07:14 AM, on 11/6/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\{4CE2FB23-06A3-1033-0217-050208050001}\Update.exe
C:\WINDOWS\system32\ishost.exe
C:\WINDOWS\system32\ismini.exe
C:\WINDOWS\system32\SSTEM3~1\dexplore.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Owner\Desktop\hijackthis\Scanner.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
R3 - URLSearchHook: (no name) - {BA0806E1-9A2A-91D9-73E1-C19E8C4157BB} - C:\WINDOWS\system32\bluunew.dll
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {21756D36-9460-1941-E1A9-027993B877B9} - C:\WINDOWS\system32\jkfumwn.dll
O2 - BHO: (no name) - {39f25b12-74ff-4079-a51f-1d70f5b08b84} - C:\WINDOWS\system32\ixt0.dll (file missing)
O2 - BHO: (no name) - {3D4C77D3-7466-F61A-1867-062DE6E30D5B} - C:\WINDOWS\system32\yacvdxi.dll
O2 - BHO: (no name) - {4947A57C-AADE-44E8-9463-0668A1BDE510} - C:\WINDOWS\system32\ghgchrh.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {71BF1F17-27C5-414B-7C68-045CF2F85FCD} - C:\WINDOWS\system32\yzjudad.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {BA0806E1-9A2A-91D9-73E1-C19E8C4157BB} - C:\WINDOWS\system32\bluunew.dll
O2 - BHO: ToolBar888 - {C004DEC2-2623-438e-9CA2-C9043AB28508} - C:\Program Files\Common Files\{3CE2FB23-06A3-1033-0217-050208050001}\MyToolBar.dll
O2 - BHO: (no name) - {D2EDFC52-CD3A-44B8-A22A-67690F03A69D} - C:\WINDOWS\system32\ssqpn.dll
O2 - BHO: (no name) - {F18F04B0-9CF1-4b93-B004-77A288BEE28B} - C:\WINDOWS\system32\goeemqyn.dll
O2 - BHO: (no name) - {F7999166-FDE6-49DA-9AFC-1F6A79E9D1F2} - C:\WINDOWS\system32\opnomki.dll
O3 - Toolbar: ToolBar888 - {C004DEC2-2623-438e-9CA2-C9043AB28508} - C:\Program Files\Common Files\{3CE2FB23-06A3-1033-0217-050208050001}\MyToolBar.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [CTDrive] rundll32.exe C:\WINDOWS\system32\drvtem.dll,startup
O4 - HKLM\..\Run: [lhzjhse.dll] C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\lhzjhse.dll,lthohnf
O4 - HKLM\..\Run: [usotswi.dll] C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\usotswi.dll,oknxzqc
O4 - HKLM\..\Run: [afgbxr.dll] C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\afgbxr.dll,rujtulc
O4 - HKCU\..\Run: [Erar] "C:\WINDOWS\system32\SSTEM3~1\dexplore.exe" -vt yazb
O4 - HKCU\..\Run: [Sflrpr] C:\Program Files\?ppPatch\w?nword.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O20 - Winlogon Notify: opnomki - C:\WINDOWS\SYSTEM32\opnomki.dll
O20 - Winlogon Notify: ssqpn - C:\WINDOWS\system32\ssqpn.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: winzss32 - C:\WINDOWS\SYSTEM32\winzss32.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: X10 Device Network Service (x10nets) - Unknown owner - C:\PROGRA~1\ATIMUL~1\RemCtrl\x10nets.exe (file missing)

illukka
2006-11-08, 07:42
First download AVG Anti-Spyware from HERE (http://www.ewido.net/en/download/) and save that file to your desktop.
This is a 30 day trial of the program
Once you have downloaded AVG Anti-Spyware, locate the icon on the desktop and double-click it to launch the set up program.
Once the setup is complete you will need run AVG Anti-Spyware and update the definition files.
On the main screen select the icon "Update" then select the "Update now" link.
Next select the "Start Update" button, the update will start and a progress bar will show the updates being installed.

Once the update has completed select the "Scanner" icon at the top of the screen, then select the "Settings" tab.
Once in the Settings screen click on "Recommended actions" and then select "Quarantine".
Under "Reports"
Select "Automatically generate report after every scan"
Un-Select "Only if threats were found"

Close AVG Anti-Spyware, Do Not run a scan just yet, we will shortly.


Please download VundoFix.exe (http://www.atribune.org/ccount/click.php?id=4) to your desktop
Double-click VundoFix.exe to run it.
Click the Scan for Vundo button.
Once it's done scanning, click the Remove Vundo button.
You will receive a prompt asking if you want to remove the files, click YES
Once you click yes, your desktop will go blank as it starts removing Vundo.
When completed, it will prompt that it will reboot your computer, click OK.
Please post the contents of C:\vundofix.txt in a reply to this thread.Note: It is possible that VundoFix encountered a file it could not remove. In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button" when VundoFix appears upon rebooting.
Reboot your computer into SafeMode. You can do this by restarting your computer and continually tapping the F8 key until a menu appears. Use your up arrow key to highlight SafeMode then hit enter.
IMPORTANT: Do not open any other windows or programs while AVG Anti-Spyware is scanning, it may interfere with the scanning proccess:
Lauch AVG Anti-Spyware by double-clicking the icon on your desktop.
Select the "Scanner" icon at the top and then the "Scan" tab then click on "Complete System Scan".
AVG Anti-Spyware will now begin the scanning process, be patient this may take a little time.
Once the scan is complete do the following:
If you have any infections you will prompted, then select "Apply all actions"
Next select the "Reports" icon at the top.
Select the "Save report as" button in the lower left hand of the screen and save it to a text file on your system (make sure to remember where you saved that file, this is important).
Close AVG Anti-Spyware and reboot your system back into Normal Mode and post the results of the AVG Anti-Spyware report scan.


so what i need is:

vundofix.txt
the avg antispyware scan report
and a new HiJackThis log

Platinum griff
2006-11-09, 18:34
Vundo log, AVG log and a new hjt log...the vundo might be a little off i couldnt find the text fil and ran it a second time after avg. the post is also too long so it'll be split over two posts.



VundoFix V6.2.8

Checking Java version...

Java version is 1.5.0.3

Java version is 1.5.0.6

Scan started at 9:42:13 AM 11/9/2006

Listing files found while scanning....

C:\WINDOWS\system32\ghgchrh.dll
C:\WINDOWS\system32\jkfumwn.dll
C:\WINDOWS\system32\lhzjhse.dll
C:\WINDOWS\system32\usotswi.dll
C:\WINDOWS\system32\winzss32.dll
C:\WINDOWS\system32\xtwgtvj.dll
C:\WINDOWS\system32\yacvdxi.dll
C:\WINDOWS\system32\yzjudad.dll
C:\WINDOWS\system32\ssqpn.dll
C:\WINDOWS\system32\npqss.ini
C:\WINDOWS\system32\npqss.bak1
C:\WINDOWS\system32\npqss.bak2

Beginning removal...

Attempting to delete C:\WINDOWS\system32\ghgchrh.dll
C:\WINDOWS\system32\ghgchrh.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\jkfumwn.dll
C:\WINDOWS\system32\jkfumwn.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\lhzjhse.dll
C:\WINDOWS\system32\lhzjhse.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\usotswi.dll
C:\WINDOWS\system32\usotswi.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\winzss32.dll
C:\WINDOWS\system32\winzss32.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\xtwgtvj.dll
C:\WINDOWS\system32\xtwgtvj.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\yacvdxi.dll
C:\WINDOWS\system32\yacvdxi.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\yzjudad.dll
C:\WINDOWS\system32\yzjudad.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\ssqpn.dll
C:\WINDOWS\system32\ssqpn.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\npqss.ini
C:\WINDOWS\system32\npqss.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\npqss.bak1
C:\WINDOWS\system32\npqss.bak1 Has been deleted!

Attempting to delete C:\WINDOWS\system32\npqss.bak2
C:\WINDOWS\system32\npqss.bak2 Has been deleted!

Performing Repairs to the registry.
Done!

VundoFix V6.2.8

Checking Java version...

Java version is 1.5.0.3

Java version is 1.5.0.6

Scan started at 11:19:52 AM 11/9/2006

Listing files found while scanning....

No infected files were found.

_________________________________________________

Logfile of HijackThis v1.99.1
Scan saved at 11:29:21 AM, on 11/9/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Owner\Desktop\hijackthis\Scanner.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
R3 - URLSearchHook: (no name) - {059D52E4-9571-CE8B-2A54-CACE19C8BAB0} - C:\WINDOWS\system32\csuh.dll (file missing)
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: (no name) - {059D52E4-9571-CE8B-2A54-CACE19C8BAB0} - C:\WINDOWS\system32\csuh.dll (file missing)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {21756D36-9460-1941-E1A9-027993B877B9} - C:\WINDOWS\system32\jkfumwn.dll (file missing)
O2 - BHO: (no name) - {39f25b12-74ff-4079-a51f-1d70f5b08b84} - C:\WINDOWS\system32\ixt0.dll (file missing)
O2 - BHO: (no name) - {3D4C77D3-7466-F61A-1867-062DE6E30D5B} - C:\WINDOWS\system32\yacvdxi.dll (file missing)
O2 - BHO: (no name) - {4947A57C-AADE-44E8-9463-0668A1BDE510} - C:\WINDOWS\system32\ghgchrh.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {71BF1F17-27C5-414B-7C68-045CF2F85FCD} - C:\WINDOWS\system32\yzjudad.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {B400604F-3D4B-4949-86EC-C5825A80C17D} - C:\WINDOWS\system32\ssqpn.dll (file missing)
O2 - BHO: ToolBar888 - {C004DEC2-2623-438e-9CA2-C9043AB28508} - C:\Program Files\Common Files\{3CE2FB23-06A3-1033-0217-050208050001}\MyToolBar.dll (file missing)
O2 - BHO: (no name) - {F18F04B0-9CF1-4b93-B004-77A288BEE28B} - C:\WINDOWS\system32\goeemqyn.dll (file missing)
O2 - BHO: (no name) - {F7999166-FDE6-49DA-9AFC-1F6A79E9D1F2} - C:\WINDOWS\system32\opnomki.dll
O3 - Toolbar: ToolBar888 - {C004DEC2-2623-438e-9CA2-C9043AB28508} - C:\Program Files\Common Files\{3CE2FB23-06A3-1033-0217-050208050001}\MyToolBar.dll (file missing)
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [CTDrive] rundll32.exe C:\WINDOWS\system32\drvtem.dll,startup
O4 - HKLM\..\Run: [lhzjhse.dll] C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\lhzjhse.dll,lthohnf
O4 - HKLM\..\Run: [usotswi.dll] C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\usotswi.dll,oknxzqc
O4 - HKLM\..\Run: [afgbxr.dll] C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\afgbxr.dll,rujtulc
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [Sflrpr] C:\Program Files\?ppPatch\w?nword.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O20 - Winlogon Notify: opnomki - C:\WINDOWS\SYSTEM32\opnomki.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: X10 Device Network Service (x10nets) - Unknown owner - C:\PROGRA~1\ATIMUL~1\RemCtrl\x10nets.exe (file missing)

Platinum griff
2006-11-09, 18:38
---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 11:15:55 AM 11/9/2006

+ Scan result:



C:\System Volume Information\_restore{1EE25797-B8F0-46D2-8299-6738E8599CF1}\RP180\A0044885.dll -> Adware.Agent : Cleaned.
C:\System Volume Information\_restore{1EE25797-B8F0-46D2-8299-6738E8599CF1}\RP180\A0043850.dll -> Adware.PurityScan : Cleaned.
C:\System Volume Information\_restore{1EE25797-B8F0-46D2-8299-6738E8599CF1}\RP180\A0045345.dll -> Adware.PurityScan : Cleaned.
C:\System Volume Information\_restore{1EE25797-B8F0-46D2-8299-6738E8599CF1}\RP180\A0045377.dll -> Adware.PurityScan : Cleaned.
C:\System Volume Information\_restore{1EE25797-B8F0-46D2-8299-6738E8599CF1}\RP181\A0045425.dll -> Adware.PurityScan : Cleaned.
C:\System Volume Information\_restore{1EE25797-B8F0-46D2-8299-6738E8599CF1}\RP182\A0045437.dll -> Adware.PurityScan : Cleaned.
C:\System Volume Information\_restore{1EE25797-B8F0-46D2-8299-6738E8599CF1}\RP183\A0045450.dll -> Adware.PurityScan : Cleaned.
C:\WINDOWS\system32\csuh.dll -> Adware.PurityScan : Cleaned.
C:\Program Files\Common Files\{3CE2FB23-06A3-1033-0217-050208050001}\MyToolBar.dll -> Adware.Softomate : Cleaned.
C:\Program Files\Common Files\{4CE2FB23-06A3-1033-0217-050208050001}\Update.exe -> Adware.Softomate : Cleaned.
C:\Program Files\Common Files\{4CE2FB23-06A3-1033-0217-050208050001}\services.dll -> Adware.Softomate : Cleaned.
C:\System Volume Information\_restore{1EE25797-B8F0-46D2-8299-6738E8599CF1}\RP181\A0045400.dll -> Adware.Softomate : Cleaned.
C:\System Volume Information\_restore{1EE25797-B8F0-46D2-8299-6738E8599CF1}\RP181\A0045401.dll -> Adware.Softomate : Cleaned.
C:\System Volume Information\_restore{1EE25797-B8F0-46D2-8299-6738E8599CF1}\RP181\A0045402.exe -> Adware.Softomate : Cleaned.
C:\System Volume Information\_restore{1EE25797-B8F0-46D2-8299-6738E8599CF1}\RP180\A0043854.exe -> Downloader.Agent.uj : Cleaned.
C:\Program Files\Common Files\Yazzle1162OinAdmin.exe -> Downloader.PurityScan.dc : Cleaned.
C:\System Volume Information\_restore{1EE25797-B8F0-46D2-8299-6738E8599CF1}\RP180\A0043849.exe -> Downloader.PurityScan.dc : Cleaned.
C:\System Volume Information\_restore{1EE25797-B8F0-46D2-8299-6738E8599CF1}\RP180\A0045065.exe -> Downloader.PurityScan.dc : Cleaned.
C:\System Volume Information\_restore{1EE25797-B8F0-46D2-8299-6738E8599CF1}\RP180\A0045367.exe -> Downloader.PurityScan.dc : Cleaned.
C:\System Volume Information\_restore{1EE25797-B8F0-46D2-8299-6738E8599CF1}\RP181\A0045406.exe -> Downloader.PurityScan.dc : Cleaned.
C:\QooBox\Purity\Documents and Settings\Owner\My Documents\ASEMBL~1\csrss.exe -> Downloader.PurityScan.dt : Cleaned.
C:\WINDOWS\system32\sуstem32\dexplore.exe -> Downloader.PurityScan.dt : Cleaned.
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\8PUVWTI7\L2[1].exe -> Downloader.Small.dod : Cleaned.
C:\System Volume Information\_restore{1EE25797-B8F0-46D2-8299-6738E8599CF1}\RP180\A0044861.exe -> Downloader.Zlob.aew : Cleaned.
C:\System Volume Information\_restore{1EE25797-B8F0-46D2-8299-6738E8599CF1}\RP180\A0045046.exe -> Downloader.Zlob.atw : Cleaned.
C:\System Volume Information\_restore{1EE25797-B8F0-46D2-8299-6738E8599CF1}\RP180\A0045063.exe -> Downloader.Zlob.atw : Cleaned.
C:\System Volume Information\_restore{1EE25797-B8F0-46D2-8299-6738E8599CF1}\RP180\A0045342.exe -> Downloader.Zlob.atw : Cleaned.
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\83YZIV2F\l11[1].exe -> Downloader.Zlob.auv : Cleaned.
C:\System Volume Information\_restore{1EE25797-B8F0-46D2-8299-6738E8599CF1}\RP180\A0045350.exe -> Downloader.Zlob.auv : Cleaned.
C:\System Volume Information\_restore{1EE25797-B8F0-46D2-8299-6738E8599CF1}\RP180\A0045351.exe -> Downloader.Zlob.auv : Cleaned.
C:\System Volume Information\_restore{1EE25797-B8F0-46D2-8299-6738E8599CF1}\RP180\A0045384.exe -> Downloader.Zlob.auv : Cleaned.
C:\System Volume Information\_restore{1EE25797-B8F0-46D2-8299-6738E8599CF1}\RP181\A0045404.exe -> Downloader.Zlob.auv : Cleaned.
C:\System Volume Information\_restore{1EE25797-B8F0-46D2-8299-6738E8599CF1}\RP181\A0045408.exe -> Downloader.Zlob.auv : Cleaned.
C:\System Volume Information\_restore{1EE25797-B8F0-46D2-8299-6738E8599CF1}\RP183\A0045449.exe -> Downloader.Zlob.auv : Cleaned.
C:\WINDOWS\system32\ishost.exe -> Downloader.Zlob.auv : Cleaned.
C:\WINDOWS\system32\ismini.exe -> Downloader.Zlob.auv : Cleaned.
C:\System Volume Information\_restore{1EE25797-B8F0-46D2-8299-6738E8599CF1}\RP180\A0043852.exe -> Dropper.Small : Cleaned.
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\I7W9M5CD\antzom[1].exe -> Hijacker.Small.lr : Cleaned.
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\I7W9M5CD\WinAntiVirusPro2006FreeInstall[1].cab/UWA6P_0001_N91M1807NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : Cleaned.
C:\WINDOWS\Downloaded Program Files\CONFLICT.1\UWA6P_0001_N91M1807NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : Cleaned.
C:\WINDOWS\Downloaded Program Files\CONFLICT.2\UWA6P_0001_N91M1807NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : Cleaned.
C:\WINDOWS\Downloaded Program Files\UWA6P_0001_N91M1807NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : Cleaned.
C:\WINDOWS\Downloaded Program Files\USDR6_0001_D19M2108NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.q : Cleaned.
:mozilla.305:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\w8213f3t.default\cookies.txt -> TrackingCookie.247realmedia : Cleaned.
:mozilla.306:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\w8213f3t.default\cookies.txt -> TrackingCookie.247realmedia : Cleaned.
:mozilla.307:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\w8213f3t.default\cookies.txt -> TrackingCookie.247realmedia : Cleaned.
:mozilla.128:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\w8213f3t.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.164:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\w8213f3t.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.548:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\w8213f3t.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.71:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\w8213f3t.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.72:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\w8213f3t.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.73:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\w8213f3t.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.74:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\w8213f3t.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.75:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\w8213f3t.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.76:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\w8213f3t.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.77:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\w8213f3t.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.78:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\w8213f3t.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.79:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\w8213f3t.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.80:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\w8213f3t.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.81:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\w8213f3t.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.82:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\w8213f3t.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.83:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\w8213f3t.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.84:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\w8213f3t.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.85:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\w8213f3t.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.86:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\w8213f3t.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.87:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\w8213f3t.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.88:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\w8213f3t.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.89:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\w8213f3t.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.90:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\w8213f3t.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.91:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\w8213f3t.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Owner\Cookies\owner@2o7[2].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Owner\Cookies\owner@microsofteup.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Owner\Cookies\owner@microsoftwga.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Owner\Cookies\owner@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Owner\Cookies\owner@partygaming.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.124:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\w8213f3t.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.125:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\w8213f3t.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.126:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\w8213f3t.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
C:\Documents and Settings\Owner\Cookies\owner@adbrite[2].txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.111:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\w8213f3t.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.112:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\w8213f3t.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.113:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\w8213f3t.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.114:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\w8213f3t.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.115:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\w8213f3t.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.314:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\w8213f3t.default\cookies.txt -> TrackingCookie.Adtech : Cleaned.
:mozilla.315:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\w8213f3t.default\cookies.txt -> TrackingCookie.Adtech : Cleaned.
:mozilla.41:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\w8213f3t.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.42:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\w8213f3t.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.45:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\w8213f3t.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.46:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\w8213f3t.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.34:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\w8213f3t.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
C:\Documents and Settings\Owner\Cookies\owner@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned.
C:\Documents and Settings\Owner\Cookies\owner@bluestreak[1].txt -> TrackingCookie.Bluestreak : Cleaned.
:mozilla.628:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\w8213f3t.default\cookies.txt -> TrackingCookie.Bridgetrack : Cleaned.
:mozilla.629:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\w8213f3t.default\cookies.txt -> TrackingCookie.Bridgetrack : Cleaned.
:mozilla.630:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\w8213f3t.default\cookies.txt -> TrackingCookie.Bridgetrack : Cleaned.
:mozilla.742:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\w8213f3t.default\cookies.txt -> TrackingCookie.Burstbeacon : Cleaned.
C:\Documents and Settings\Owner\Cookies\owner@www.burstbeacon[1].txt -> TrackingCookie.Burstbeacon : Cleaned.
:mozilla.333:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\w8213f3t.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.743:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\w8213f3t.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
C:\Documents and Settings\Owner\Cookies\owner@burstnet[2].txt -> TrackingCookie.Burstnet : Cleaned.
C:\Documents and Settings\Owner\Cookies\owner@www.burstnet[2].txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.148:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\w8213f3t.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.149:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\w8213f3t.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.710:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\w8213f3t.default\cookies.txt -> TrackingCookie.Casinotropez : Cleaned.
:mozilla.224:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\w8213f3t.default\cookies.txt -> TrackingCookie.Clickzs : Cleaned.
:mozilla.225:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\w8213f3t.default\cookies.txt -> TrackingCookie.Clickzs : Cleaned.
:mozilla.226:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\w8213f3t.default\cookies.txt -> TrackingCookie.Clickzs : Cleaned.
:mozilla.234:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\w8213f3t.default\cookies.txt -> TrackingCookie.Clickzs : Cleaned.
:mozilla.235:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\w8213f3t.default\cookies.txt -> TrackingCookie.Clickzs : Cleaned.
C:\Documents and Settings\Owner\Cookies\owner@cz11.clickzs[1].txt -> TrackingCookie.Clickzs : Cleaned.
C:\Documents and Settings\Owner\Cookies\owner@cz9.clickzs[2].txt -> TrackingCookie.Clickzs : Cleaned.
C:\Documents and Settings\Owner\Cookies\owner@com[1].txt -> TrackingCookie.Com : Cleaned.
:mozilla.47:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\w8213f3t.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.
C:\Documents and Settings\Owner\Cookies\owner@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.63:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\w8213f3t.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.64:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\w8213f3t.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.65:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\w8213f3t.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.66:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\w8213f3t.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.122:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\w8213f3t.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.123:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\w8213f3t.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.711:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\w8213f3t.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.712:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\w8213f3t.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.713:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\w8213f3t.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.714:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\w8213f3t.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.715:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\w8213f3t.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.237:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\w8213f3t.default\cookies.txt -> TrackingCookie.Masterstats : Cleaned.
:mozilla.301:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\w8213f3t.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned.
C:\Documents and Settings\Owner\Cookies\owner@mediaplex[1].txt -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.445:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\w8213f3t.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.446:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\w8213f3t.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.461:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\w8213f3t.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.454:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\w8213f3t.default\cookies.txt -> TrackingCookie.Paycounter : Cleaned.
:mozilla.470:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\w8213f3t.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.471:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\w8213f3t.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.472:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\w8213f3t.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
C:\Documents and Settings\Owner\Cookies\owner@questionmarket[2].txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.130:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\w8213f3t.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.131:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\w8213f3t.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.

Platinum griff
2006-11-09, 18:43
:mozilla.134:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\w8213f3t.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.135:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\w8213f3t.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.136:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\w8213f3t.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.137:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\w8213f3t.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.138:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\w8213f3t.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.139:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\w8213f3t.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.140:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\w8213f3t.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.141:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\w8213f3t.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
C:\Documents and Settings\Owner\Cookies\owner@stats1.reliablestats[2].txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.332:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\w8213f3t.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.512:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\w8213f3t.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.513:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\w8213f3t.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.514:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\w8213f3t.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.515:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\w8213f3t.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.516:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\w8213f3t.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
C:\Documents and Settings\Owner\Cookies\owner@serving-sys[1].txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.174:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\w8213f3t.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.175:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\w8213f3t.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.176:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\w8213f3t.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.177:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\w8213f3t.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.178:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\w8213f3t.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.179:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\w8213f3t.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.180:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\w8213f3t.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.181:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\w8213f3t.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.182:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\w8213f3t.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.183:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\w8213f3t.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.184:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\w8213f3t.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.185:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\w8213f3t.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.186:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\w8213f3t.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.187:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\w8213f3t.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.188:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\w8213f3t.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.189:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\w8213f3t.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.190:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\w8213f3t.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.191:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\w8213f3t.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.192:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\w8213f3t.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.193:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\w8213f3t.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.194:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\w8213f3t.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.195:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\w8213f3t.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.196:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\w8213f3t.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.197:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\w8213f3t.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.198:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\w8213f3t.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.199:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\w8213f3t.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.200:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\w8213f3t.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.201:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\w8213f3t.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.202:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\w8213f3t.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.203:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\w8213f3t.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.204:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\w8213f3t.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.205:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\w8213f3t.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.206:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\w8213f3t.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.207:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\w8213f3t.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.208:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\w8213f3t.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.209:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\w8213f3t.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.210:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\w8213f3t.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.211:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\w8213f3t.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.212:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\w8213f3t.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.213:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\w8213f3t.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.214:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\w8213f3t.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.215:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\w8213f3t.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.216:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\w8213f3t.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.217:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\w8213f3t.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.218:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\w8213f3t.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.219:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\w8213f3t.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.220:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\w8213f3t.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.221:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\w8213f3t.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.222:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\w8213f3t.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.223:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\w8213f3t.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.572:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\w8213f3t.default\cookies.txt -> TrackingCookie.Smartadserver : Cleaned.
:mozilla.573:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\w8213f3t.default\cookies.txt -> TrackingCookie.Smartadserver : Cleaned.
:mozilla.574:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\w8213f3t.default\cookies.txt -> TrackingCookie.Smartadserver : Cleaned.
:mozilla.816:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\w8213f3t.default\cookies.txt -> TrackingCookie.Smartadserver : Cleaned.
:mozilla.259:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\w8213f3t.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.260:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\w8213f3t.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.262:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\w8213f3t.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
C:\Documents and Settings\Owner\Cookies\owner@tacoda[2].txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.150:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\w8213f3t.default\cookies.txt -> TrackingCookie.Targetnet : Cleaned.

Platinum griff
2006-11-09, 18:44
:mozilla.151:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\w8213f3t.default\cookies.txt -> TrackingCookie.Targetnet : Cleaned.
C:\Documents and Settings\Owner\Cookies\owner@login.tracking101[2].txt -> TrackingCookie.Tracking101 : Cleaned.
:mozilla.636:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\w8213f3t.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.67:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\w8213f3t.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.68:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\w8213f3t.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.69:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\w8213f3t.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
C:\Documents and Settings\Owner\Cookies\owner@tribalfusion[1].txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.463:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\w8213f3t.default\cookies.txt -> TrackingCookie.Valuead : Cleaned.
:mozilla.464:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\w8213f3t.default\cookies.txt -> TrackingCookie.Valuead : Cleaned.
:mozilla.465:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\w8213f3t.default\cookies.txt -> TrackingCookie.Valuead : Cleaned.
:mozilla.466:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\w8213f3t.default\cookies.txt -> TrackingCookie.Valuead : Cleaned.
:mozilla.116:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\w8213f3t.default\cookies.txt -> TrackingCookie.Valueclick : Cleaned.
:mozilla.38:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\w8213f3t.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned.
:mozilla.107:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\w8213f3t.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.108:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\w8213f3t.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.109:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\w8213f3t.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.110:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\w8213f3t.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
C:\Documents and Settings\Owner\Cookies\owner@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Cleaned.
C:\System Volume Information\_restore{1EE25797-B8F0-46D2-8299-6738E8599CF1}\RP183\A0045456.dll -> Trojan.Agent.vg : Cleaned.
C:\VundoFix Backups\winzss32.dll.bad -> Trojan.Agent.vg : Cleaned.
C:\WINDOWS\system32\goeemqyn.dll -> Trojan.BHO.g : Cleaned.
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\83YZIV2F\srvamo[1].exe -> Trojan.Dialer.qs : Cleaned.
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\83YZIV2F\srviiq[1].exe -> Trojan.Dialer.qs : Cleaned.
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\83YZIV2F\srvrvp[1].exe -> Trojan.Dialer.qs : Cleaned.
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\I7W9M5CD\srvcmo[1].exe -> Trojan.Dialer.qs : Cleaned.
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\I7W9M5CD\srvyvd[1].exe -> Trojan.Dialer.qs : Cleaned.
C:\WINDOWS\Temp\win2E9.tmp.exe -> Trojan.Dialer.qs : Cleaned.
C:\WINDOWS\Temp\win32D.tmp.exe -> Trojan.Dialer.qs : Cleaned.
C:\WINDOWS\Temp\win32F.tmp.exe -> Trojan.Dialer.qs : Cleaned.
C:\WINDOWS\Temp\win455.tmp.exe -> Trojan.Dialer.qs : Cleaned.
C:\WINDOWS\Temp\win464.tmp.exe -> Trojan.Dialer.qs : Cleaned.
C:\WINDOWS\system32\{DFA461FB-7886-4C11-BFA4-09E5C62397E4}.exe -> Trojan.Puper.bx : Cleaned.
C:\System Volume Information\_restore{1EE25797-B8F0-46D2-8299-6738E8599CF1}\RP111\A0028919.exe -> Trojan.Small.fb : Cleaned.
C:\System Volume Information\_restore{1EE25797-B8F0-46D2-8299-6738E8599CF1}\RP111\A0028930.exe -> Trojan.Small.fb : Cleaned.
C:\System Volume Information\_restore{1EE25797-B8F0-46D2-8299-6738E8599CF1}\RP111\A0028937.exe -> Trojan.Small.fb : Cleaned.
C:\System Volume Information\_restore{1EE25797-B8F0-46D2-8299-6738E8599CF1}\RP117\A0029010.exe -> Trojan.Small.fb : Cleaned.
C:\System Volume Information\_restore{1EE25797-B8F0-46D2-8299-6738E8599CF1}\RP120\A0031010.exe -> Trojan.Small.fb : Cleaned.
C:\System Volume Information\_restore{1EE25797-B8F0-46D2-8299-6738E8599CF1}\RP120\A0031017.exe -> Trojan.Small.fb : Cleaned.
C:\System Volume Information\_restore{1EE25797-B8F0-46D2-8299-6738E8599CF1}\RP120\A0031027.exe -> Trojan.Small.fb : Cleaned.
C:\System Volume Information\_restore{1EE25797-B8F0-46D2-8299-6738E8599CF1}\RP120\A0031034.exe -> Trojan.Small.fb : Cleaned.
C:\System Volume Information\_restore{1EE25797-B8F0-46D2-8299-6738E8599CF1}\RP125\A0031069.exe -> Trojan.Small.fb : Cleaned.
C:\System Volume Information\_restore{1EE25797-B8F0-46D2-8299-6738E8599CF1}\RP129\A0032069.exe -> Trojan.Small.fb : Cleaned.
C:\System Volume Information\_restore{1EE25797-B8F0-46D2-8299-6738E8599CF1}\RP129\A0033069.exe -> Trojan.Small.fb : Cleaned.
C:\System Volume Information\_restore{1EE25797-B8F0-46D2-8299-6738E8599CF1}\RP130\A0034069.exe -> Trojan.Small.fb : Cleaned.
C:\System Volume Information\_restore{1EE25797-B8F0-46D2-8299-6738E8599CF1}\RP133\A0034121.exe -> Trojan.Small.fb : Cleaned.
C:\System Volume Information\_restore{1EE25797-B8F0-46D2-8299-6738E8599CF1}\RP133\A0034229.exe -> Trojan.Small.fb : Cleaned.
C:\System Volume Information\_restore{1EE25797-B8F0-46D2-8299-6738E8599CF1}\RP135\A0034396.exe -> Trojan.Small.fb : Cleaned.
C:\System Volume Information\_restore{1EE25797-B8F0-46D2-8299-6738E8599CF1}\RP137\A0034444.exe -> Trojan.Small.fb : Cleaned.
C:\System Volume Information\_restore{1EE25797-B8F0-46D2-8299-6738E8599CF1}\RP137\A0034450.exe -> Trojan.Small.fb : Cleaned.
C:\System Volume Information\_restore{1EE25797-B8F0-46D2-8299-6738E8599CF1}\RP140\A0034471.exe -> Trojan.Small.fb : Cleaned.
C:\System Volume Information\_restore{1EE25797-B8F0-46D2-8299-6738E8599CF1}\RP141\A0034482.exe -> Trojan.Small.fb : Cleaned.
C:\System Volume Information\_restore{1EE25797-B8F0-46D2-8299-6738E8599CF1}\RP144\A0034922.exe -> Trojan.Small.fb : Cleaned.
C:\System Volume Information\_restore{1EE25797-B8F0-46D2-8299-6738E8599CF1}\RP147\A0036928.exe -> Trojan.Small.fb : Cleaned.
C:\System Volume Information\_restore{1EE25797-B8F0-46D2-8299-6738E8599CF1}\RP147\A0036944.exe -> Trojan.Small.fb : Cleaned.
C:\System Volume Information\_restore{1EE25797-B8F0-46D2-8299-6738E8599CF1}\RP148\A0036959.exe -> Trojan.Small.fb : Cleaned.
C:\System Volume Information\_restore{1EE25797-B8F0-46D2-8299-6738E8599CF1}\RP148\A0036966.exe -> Trojan.Small.fb : Cleaned.
C:\System Volume Information\_restore{1EE25797-B8F0-46D2-8299-6738E8599CF1}\RP149\A0036981.exe -> Trojan.Small.fb : Cleaned.
C:\System Volume Information\_restore{1EE25797-B8F0-46D2-8299-6738E8599CF1}\RP152\A0037008.exe -> Trojan.Small.fb : Cleaned.
C:\System Volume Information\_restore{1EE25797-B8F0-46D2-8299-6738E8599CF1}\RP154\A0038008.exe -> Trojan.Small.fb : Cleaned.
C:\System Volume Information\_restore{1EE25797-B8F0-46D2-8299-6738E8599CF1}\RP154\A0039008.exe -> Trojan.Small.fb : Cleaned.
C:\System Volume Information\_restore{1EE25797-B8F0-46D2-8299-6738E8599CF1}\RP155\A0039036.exe -> Trojan.Small.fb : Cleaned.
C:\System Volume Information\_restore{1EE25797-B8F0-46D2-8299-6738E8599CF1}\RP155\A0039044.exe -> Trojan.Small.fb : Cleaned.
C:\System Volume Information\_restore{1EE25797-B8F0-46D2-8299-6738E8599CF1}\RP156\A0039062.exe -> Trojan.Small.fb : Cleaned.
C:\System Volume Information\_restore{1EE25797-B8F0-46D2-8299-6738E8599CF1}\RP163\A0039206.exe -> Trojan.Small.fb : Cleaned.
C:\System Volume Information\_restore{1EE25797-B8F0-46D2-8299-6738E8599CF1}\RP163\A0040200.exe -> Trojan.Small.fb : Cleaned.
C:\System Volume Information\_restore{1EE25797-B8F0-46D2-8299-6738E8599CF1}\RP165\A0040237.exe -> Trojan.Small.fb : Cleaned.
C:\System Volume Information\_restore{1EE25797-B8F0-46D2-8299-6738E8599CF1}\RP165\A0042252.exe -> Trojan.Small.fb : Cleaned.
C:\System Volume Information\_restore{1EE25797-B8F0-46D2-8299-6738E8599CF1}\RP165\A0042260.exe -> Trojan.Small.fb : Cleaned.
C:\System Volume Information\_restore{1EE25797-B8F0-46D2-8299-6738E8599CF1}\RP166\A0042271.exe -> Trojan.Small.fb : Cleaned.
C:\System Volume Information\_restore{1EE25797-B8F0-46D2-8299-6738E8599CF1}\RP170\A0042420.exe -> Trojan.Small.fb : Cleaned.
C:\System Volume Information\_restore{1EE25797-B8F0-46D2-8299-6738E8599CF1}\RP171\A0043410.exe -> Trojan.Small.fb : Cleaned.
C:\System Volume Information\_restore{1EE25797-B8F0-46D2-8299-6738E8599CF1}\RP173\A0043452.exe -> Trojan.Small.fb : Cleaned.
C:\System Volume Information\_restore{1EE25797-B8F0-46D2-8299-6738E8599CF1}\RP174\A0043466.exe -> Trojan.Small.fb : Cleaned.
C:\System Volume Information\_restore{1EE25797-B8F0-46D2-8299-6738E8599CF1}\RP180\A0043855.exe -> Trojan.Small.fb : Cleaned.


::Report end

illukka
2006-11-09, 19:02
hi

much better

next:


Please download FixWareout from one of these sites:
http://downloads.subratam.org/Fixwareout.exe
http://www.bleepingcomputer.com/files/lonny/Fixwareout.exe

Save it to your desktop and run it. Click Next, then Install, make sure "Run fixit" is checked and click Finish.
The fix will begin; follow the prompts.
You will be asked to reboot your computer; please do so.
Your system may take longer than usual to load; this is normal.
Once the desktop loads post the text that will open (report.txt) and a new Hijackthis log in the forum please.

Platinum griff
2006-11-10, 22:26
Ive noticed two windows warnings when the windows explorer starts up about .dll in the system32 folder that aren't aren't working since one of the cleanings. If you wanna know more about it I can post the exact errors. Its not interfearing with anything just annoying to see them each time the computer is rebooted.

Fixwareout ver 1.003
Last edited 8/11/2006
Post this report in the forums please

Reg Entries that were deleted
...

Microsoft (R) Windows Script Host Version 5.6
Random Runs removed from HKLM
...

PLEASE NOTE, There WILL be LEGITIMATE FILES LISTED. IF YOU ARE UNSURE OF WHAT IT IS LEAVE THEM ALONE.

»»»»» Searching by size/names...

»»»»»
Search five digit cs, dm and jb files.
This WILL/CAN also list Legit Files, Submit them at Virustotal

Other suspects.
Directory of C:\WINDOWS\system32
{941A08EB-5AED-4619-B399-2BF0A5E57FB9}.exe

»»»»» Misc files.

»»»»» Checking for older varients covered by the Rem3 tool.


Logfile of HijackThis v1.99.1
Scan saved at 3:24:53 PM, on 11/10/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Owner\Desktop\hijackthis\Scanner.exe

R3 - URLSearchHook: (no name) - {059D52E4-9571-CE8B-2A54-CACE19C8BAB0} - C:\WINDOWS\system32\csuh.dll (file missing)
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: (no name) - {059D52E4-9571-CE8B-2A54-CACE19C8BAB0} - C:\WINDOWS\system32\csuh.dll (file missing)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {21756D36-9460-1941-E1A9-027993B877B9} - C:\WINDOWS\system32\jkfumwn.dll (file missing)
O2 - BHO: (no name) - {39f25b12-74ff-4079-a51f-1d70f5b08b84} - C:\WINDOWS\system32\ixt0.dll (file missing)
O2 - BHO: (no name) - {3D4C77D3-7466-F61A-1867-062DE6E30D5B} - C:\WINDOWS\system32\yacvdxi.dll (file missing)
O2 - BHO: (no name) - {4947A57C-AADE-44E8-9463-0668A1BDE510} - C:\WINDOWS\system32\ghgchrh.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {70A0248F-84CD-4EA8-AD8F-39883E8F8D6F} - C:\WINDOWS\system32\pmkji.dll
O2 - BHO: (no name) - {71BF1F17-27C5-414B-7C68-045CF2F85FCD} - C:\WINDOWS\system32\yzjudad.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {B400604F-3D4B-4949-86EC-C5825A80C17D} - C:\WINDOWS\system32\ssqpn.dll (file missing)
O2 - BHO: ToolBar888 - {C004DEC2-2623-438e-9CA2-C9043AB28508} - C:\Program Files\Common Files\{3CE2FB23-06A3-1033-0217-050208050001}\MyToolBar.dll (file missing)
O2 - BHO: (no name) - {F18F04B0-9CF1-4b93-B004-77A288BEE28B} - C:\WINDOWS\system32\goeemqyn.dll (file missing)
O3 - Toolbar: ToolBar888 - {C004DEC2-2623-438e-9CA2-C9043AB28508} - C:\Program Files\Common Files\{3CE2FB23-06A3-1033-0217-050208050001}\MyToolBar.dll (file missing)
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [CTDrive] rundll32.exe C:\WINDOWS\system32\drvtem.dll,startup
O4 - HKLM\..\Run: [lhzjhse.dll] C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\lhzjhse.dll,lthohnf
O4 - HKLM\..\Run: [usotswi.dll] C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\usotswi.dll,oknxzqc
O4 - HKLM\..\Run: [afgbxr.dll] C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\afgbxr.dll,rujtulc
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [Sflrpr] C:\Program Files\?ppPatch\w?nword.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B64F4A7C-97C9-11DA-8BDE-F66BAD1E3F3A} - http://download.cdn.winsoftware.com/files/installers/cab/WinAntiVirusPro2006FreeInstall.cab
O20 - Winlogon Notify: pmkji - C:\WINDOWS\system32\pmkji.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: X10 Device Network Service (x10nets) - Unknown owner - C:\PROGRA~1\ATIMUL~1\RemCtrl\x10nets.exe (file missing)

illukka
2006-11-13, 07:52
hi

open hiajckthis
click do a system scan only
checkmark these
R3 - URLSearchHook: (no name) - {059D52E4-9571-CE8B-2A54-CACE19C8BAB0} - C:\WINDOWS\system32\csuh.dll (file missing)
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: (no name) - {059D52E4-9571-CE8B-2A54-CACE19C8BAB0} - C:\WINDOWS\system32\csuh.dll (file missing)
O2 - BHO: (no name) - {21756D36-9460-1941-E1A9-027993B877B9} - C:\WINDOWS\system32\jkfumwn.dll (file missing)
O2 - BHO: (no name) - {39f25b12-74ff-4079-a51f-1d70f5b08b84} - C:\WINDOWS\system32\ixt0.dll (file missing)
O2 - BHO: (no name) - {3D4C77D3-7466-F61A-1867-062DE6E30D5B} - C:\WINDOWS\system32\yacvdxi.dll (file missing)
O2 - BHO: (no name) - {4947A57C-AADE-44E8-9463-0668A1BDE510} - C:\WINDOWS\system32\ghgchrh.dll (file missing)
O2 - BHO: (no name) - {B400604F-3D4B-4949-86EC-C5825A80C17D} - C:\WINDOWS\system32\ssqpn.dll (file missing)
O2 - BHO: ToolBar888 - {C004DEC2-2623-438e-9CA2-C9043AB28508} - C:\Program Files\Common Files\{3CE2FB23-06A3-1033-0217-050208050001}\MyToolBar.dll (file missing)
O2 - BHO: (no name) - {F18F04B0-9CF1-4b93-B004-77A288BEE28B} - C:\WINDOWS\system32\goeemqyn.dll (file missing)
O3 - Toolbar: ToolBar888 - {C004DEC2-2623-438e-9CA2-C9043AB28508} - C:\Program Files\Common Files\{3CE2FB23-06A3-1033-0217-050208050001}\MyToolBar.dll (file missing)
O4 - HKLM\..\Run: [lhzjhse.dll] C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\lhzjhse.dll,lthohnf
O4 - HKLM\..\Run: [usotswi.dll] C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\usotswi.dll,oknxzqc
O4 - HKLM\..\Run: [afgbxr.dll] C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\afgbxr.dll,rujtulc
O4 - HKCU\..\Run: [Sflrpr] C:\Program Files\?ppPatch\w?nword.exe
O16 - DPF: {B64F4A7C-97C9-11DA-8BDE-F66BAD1E3F3A} - http://download.cdn.winsoftware.com/...reeInstall.cab
O20 - Winlogon Notify: pmkji - C:\WINDOWS\system32\pmkji.dll


then close all browsers and explorer windows

and click fix checked

reboot

rescan with hijackthis and post a new log

Platinum griff
2006-11-13, 22:57
Logfile of HijackThis v1.99.1
Scan saved at 3:56:42 PM, on 11/13/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Owner\Desktop\hijackthis\Scanner.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {71BF1F17-27C5-414B-7C68-045CF2F85FCD} - C:\WINDOWS\system32\yzjudad.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {A0FCEC44-3727-4937-B8CF-289AB8259167} - C:\WINDOWS\system32\pmkji.dll
O2 - BHO: (no name) - {F18F04B0-9CF1-4b93-B004-77A288BEE28B} - C:\WINDOWS\system32\goeemqyn.dll (file missing)
O3 - Toolbar: (no name) - {C004DEC2-2623-438e-9CA2-C9043AB28508} - (no file)
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [CTDrive] rundll32.exe C:\WINDOWS\system32\drvtem.dll,startup
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O20 - Winlogon Notify: pmkji - C:\WINDOWS\system32\pmkji.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: X10 Device Network Service (x10nets) - Unknown owner - C:\PROGRA~1\ATIMUL~1\RemCtrl\x10nets.exe (file missing)

illukka
2006-11-14, 07:36
Please download VundoFix.exe (http://www.atribune.org/ccount/click.php?id=4) to your desktop
Double-click VundoFix.exe to run it.
Click the Scan for Vundo button.
Once it's done scanning, click the Remove Vundo button.
You will receive a prompt asking if you want to remove the files, click YES
Once you click yes, your desktop will go blank as it starts removing Vundo.
When completed, it will prompt that it will reboot your computer, click OK.
Please post the contents of C:\vundofix.txt and a new HiJackThis log in a reply to this thread.Note: It is possible that VundoFix encountered a file it could not remove. In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button" when VundoFix appears upon rebooting.

Platinum griff
2006-11-14, 09:58
Logfile of HijackThis v1.99.1
Scan saved at 2:58:10 AM, on 11/14/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Owner\Desktop\hijackthis\Scanner.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {71BF1F17-27C5-414B-7C68-045CF2F85FCD} - C:\WINDOWS\system32\yzjudad.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {A0FCEC44-3727-4937-B8CF-289AB8259167} - C:\WINDOWS\system32\pmkji.dll (file missing)
O2 - BHO: (no name) - {F18F04B0-9CF1-4b93-B004-77A288BEE28B} - C:\WINDOWS\system32\goeemqyn.dll (file missing)
O3 - Toolbar: (no name) - {C004DEC2-2623-438e-9CA2-C9043AB28508} - (no file)
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [CTDrive] rundll32.exe C:\WINDOWS\system32\drvtem.dll,startup
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B64F4A7C-97C9-11DA-8BDE-F66BAD1E3F3A} - http://download.cdn.winsoftware.com/files/installers/cab/WinAntiSpyware2006FreeInstall.cab
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: X10 Device Network Service (x10nets) - Unknown owner - C:\PROGRA~1\ATIMUL~1\RemCtrl\x10nets.exe (file missing)

illukka
2006-11-14, 10:34
hi


Updating Java and Clearing Cache

Go to Start > Control Panel double-click on the Java Icon (coffee cup) in the Control Panel.
It will say "Java Plug-in" under the icon.
Please find the update button or tab in the Java Control Panel. Update your Java then reboot.
If you are unable to update you can manually update by going here:

http://www.java.com/en/download/manual.jsp (http://www.java.com/en/download/manual.jsp)

After the reboot, go back into the Control Panel and double-click the Java Icon.
Under Temporary Internet Files, click the Delete Files button.
There are three options in the window to clear the cache - Leave ALL 3 Checked

Downloaded Applets
Downloaded Applications
Other Files

Click OK on Delete Temporary Files Window
Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.
Click OK to leave the Java Control Panel.


next open hijackthis. click do a system scan only
checkmark these
O2 - BHO: (no name) - {71BF1F17-27C5-414B-7C68-045CF2F85FCD} - C:\WINDOWS\system32\yzjudad.dll (file missing)
O2 - BHO: (no name) - {A0FCEC44-3727-4937-B8CF-289AB8259167} - C:\WINDOWS\system32\pmkji.dll (file missing)
O2 - BHO: (no name) - {F18F04B0-9CF1-4b93-B004-77A288BEE28B} - C:\WINDOWS\system32\goeemqyn.dll (file missing)
O3 - Toolbar: (no name) - {C004DEC2-2623-438e-9CA2-C9043AB28508} - (no file)
O16 - DPF: {B64F4A7C-97C9-11DA-8BDE-F66BAD1E3F3A} - http://download.cdn.winsoftware.com/...reeInstall.cab

then close all explorer and browser windows
and click fix checked

reboot

Please download ATF Cleaner (http://www.atribune.org/ccount/click.php?id=1) by Atribune.
This program is for XP and Windows 2000 only
Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.

next:
Please run the F-Secure Online Scanner (http://support.f-secure.com/enu/home/ols3.shtml#)

Note: This Scanner is for Internet Explorer Only!
Follow the Instruction Here (http://support.f-secure.com/enu/home/ols3.shtml) for installation.
Accept the License Agreement.
Once the ActiveX installs,Click Full System Scan
Once the download completes,the scan will begin automatically.
The scan will take some time to finish,so please be patient.
When the scan completes, click the Automatic cleaning (recommended) button.
Click the Show Report button and Copy&Paste the entire report in your next reply.


when you get back post the fsecure report and a fresh hijackthis log

Platinum griff
2006-11-15, 04:20
Scanning Report
Tuesday, November 14, 2006 19:38:33 - 21:15:52

Computer name: HARDAC
Scanning type: Scan system for viruses, rootkits, spyware
Target: C:\
Result: 3 malware found
Adware.MyToolbar (spyware)

* System (Disinfected)

Tracking Cookie (spyware)

* System (Disinfected)

not-virus:Hoax.Win32.Renos.ge (virus)

* C:\WINDOWS\SYSTEM32\DRVLAN.DLL

Statistics
Scanned:

* Files: 22248
* System: 3607
* Not scanned: 2

Actions:

* Disinfected: 2
* Renamed: 0
* Deleted: 0
* None: 1
* Submitted: 0

Files not scanned:

* C:\PAGEFILE.SYS
* C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT

Options
Scanning engines:

* F-Secure Libra: 2.4.2, 2006-11-14
* F-Secure AVP: 7.0.171, 2006-11-14
* F-Secure Orion: 1.2.37, 2006-11-14
* F-Secure Blacklight: 1.0.31, 0000-00-00
* F-Secure Draco: 1.0.35, 0260-02-44
* F-Secure Pegasus: 1.19.0, 2006-08-29

Scanning options:

* Scan defined files: COM EXE SYS OV? BIN SCR DLL SHS HTM HTML HTT VBS JS INF VXD DO? XL? RTF CPL WIZ HTA PP? PWZ P?T MSO PIF . ACM ASP AX CNV CSC DRV INI MDB MPD MPP MPT OBD OBT OCX PCI TLB TSP WBK WBT WPC WSH VWP WML BOO HLP TD0 TT6 MSG ASD JSE VBE WSC CHM EML PRC SHB LNK WSF {* PDF ZL? XML ZIP XXX
* Use Advanced heuristics

Logfile of HijackThis v1.99.1
Scan saved at 9:17:20 PM, on 11/14/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Owner\Desktop\hijackthis\Scanner.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [CTDrive] rundll32.exe C:\WINDOWS\system32\drvtem.dll,startup
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {9D190AE6-C81E-4039-8061-978EBAD10073} (F-Secure Online Scanner 3.0) - http://support.f-secure.com/ols3/fscax.cab
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: X10 Device Network Service (x10nets) - Unknown owner - C:\PROGRA~1\ATIMUL~1\RemCtrl\x10nets.exe (file missing)

illukka
2006-11-15, 08:01
Please download SmitfraudFix (http://siri.urz.free.fr/Fix/SmitfraudFix.zip) (by S!Ri)
Extract the content (a folder named SmitfraudFix) to your Desktop.

Open the SmitfraudFix folder and double-click smitfraudfix.cmd
Select option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).
Please copy/paste the content of that report into your next reply.

Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.
http://www.beyondlogic.org/consulting/proc...processutil.htm (http://www.beyondlogic.org/consulting/processutil/processutil.htm)

Platinum griff
2006-11-15, 17:00
SmitFraudFix v2.121

Scan done at 9:59:13.32, Wed 11/15/2006
Run from C:\Documents and Settings\Owner\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
Fix run in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32

C:\WINDOWS\system32\components\flx?.dll FOUND !
C:\WINDOWS\system32\components\flx??.dll FOUND !
C:\WINDOWS\system32\components\flx???.dll FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Owner


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Owner\Application Data

C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\VirusBursters 6.2.lnk FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» Start Menu

C:\DOCUME~1\Owner\STARTM~1\VirusBursters 6.2.lnk FOUND !
C:\DOCUME~1\ALLUSE~1\STARTM~1\Online Security Guide.url FOUND !
C:\DOCUME~1\ALLUSE~1\STARTM~1\Security Troubleshooting.url FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\Owner\FAVORI~1

C:\DOCUME~1\Owner\FAVORI~1\Antivirus Test Online.url FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» Desktop


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files


»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys


»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"


»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{d7bdd42a-7e69-4bb8-aac3-d76ff65a3aa3}"="archenteric"



»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""


»»»»»»»»»»»»»»»»»»»»»»»» pe386-msguard-lzx32


»»»»»»»»»»»»»»»»»»»»»»»» Scanning wininet.dll infection


»»»»»»»»»»»»»»»»»»»»»»»» End

illukka
2006-11-15, 21:15
You should print out these instructions, or copy them to a NotePad file for reading while in Safe Mode, because you will not be able to connect to the Internet to read from this site.

Next, please reboot your computer in Safe Mode by doing the following :
Restart your computer
After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
Instead of Windows loading as normal, a menu with options should appear;
Select the first option, to run Windows in Safe Mode, then press "Enter".
Choose your usual account.
Once in Safe Mode, open the SmitfraudFix folder again and double-click smitfraudfix.cmd
Select option #2 - Clean by typing 2 and press "Enter" to delete infected files.

You will be prompted : "Registry cleaning - Do you want to clean the registry ?"; answer "Yes" by typing Y and press "Enter" in order to remove the Desktop background and clean registry keys associated with the infection.

The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found); answer "Yes" by typing Y and press "Enter".

The tool may need to restart your computer to finish the cleaning process; if it doesn't, please restart it into Normal Windows.
A text file will appear onscreen, with results from the cleaning process; please copy/paste the content of that report into your next reply.
The report can also be found at the root of the system drive, usually at C:\rapport.txt

Warning : running option #2 on a non infected computer will remove your Desktop background.

Platinum griff
2006-11-15, 23:28
The scan ended after cleaning the registry and did not prompt about checking Wininet.dll


SmitFraudFix v2.121

Scan done at 16:22:43.68, Wed 11/15/2006
Run from C:\Documents and Settings\Owner\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
Fix run in safe mode

»»»»»»»»»»»»»»»»»»»»»»»» Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{d7bdd42a-7e69-4bb8-aac3-d76ff65a3aa3}"="archenteric"


»»»»»»»»»»»»»»»»»»»»»»»» Killing process


»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files

C:\WINDOWS\system32\components\flx?.dll Deleted
C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\VirusBursters 6.2.lnk Deleted
C:\DOCUME~1\Owner\FAVORI~1\Antivirus Test Online.url Deleted
C:\DOCUME~1\Owner\STARTM~1\VirusBursters 6.2.lnk Deleted
C:\DOCUME~1\ALLUSE~1\STARTM~1\Online Security Guide.url Deleted
C:\DOCUME~1\ALLUSE~1\STARTM~1\Security Troubleshooting.url Deleted

»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files


»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

Registry Cleaning done.

»»»»»»»»»»»»»»»»»»»»»»»» After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» End

illukka
2006-11-16, 07:14
hi

good work

next:

Please run the F-Secure Online Scanner (http://support.f-secure.com/enu/home/ols3.shtml#)

Note: This Scanner is for Internet Explorer Only!
Follow the Instruction Here (http://support.f-secure.com/enu/home/ols3.shtml) for installation.
Accept the License Agreement.
Once the ActiveX installs,Click Full System Scan
Once the download completes,the scan will begin automatically.
The scan will take some time to finish,so please be patient.
When the scan completes, click the Automatic cleaning (recommended) button.
Click the Show Report button and Copy&Paste the entire report in your next reply.


also post a final hjt log

LonnyRJones
2006-11-26, 00:45
Platinum griff ?

tashi
2006-11-28, 00:07
Platinum griff: http://forums.spybot.info/showthread.php?t=288

Towards the end of a cleanup please make sure you follow through with any final log requested even if it appears to you that your computer is back to normal operation.
As much as we like our members ;) we would rather not see you back in a few weeks because there was no follow up with the helper.

This topic has been archived.

If you need it re-opened please send me a private message (pm) and provide a link to the thread. Applies only to the original topic starter.

Thank you illukka.