View Full Version : Security warning: your computer may be infected with harmful or unwanted
gianni200573
2006-11-18, 19:42
Having major problems getting rid of this.
I have read the instructions but cannot copy/paste the logs as they are too big.
can anyone help?
Hello.
Go ahead and post the HJT log, taking as many posts as needed, and a helper will assist you as soon as available. :)
gianni200573
2006-11-18, 20:03
This was run in safe mode
Logfile of HijackThis v1.99.1
Scan saved at 14:30:47, on 18/11/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\savedump.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\HJT\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/ycomp/defaults/sb/*http://www.yahoo.com/search/ie.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.google.co.uk/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn4\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {39f25b12-74ff-4079-a51f-1d70f5b08b84} - C:\WINDOWS\system32\ixt0.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: (no name) - {CFE9E8A8-38C0-4EF8-AEC2-5035EFE81030} - C:\WINDOWS\system32\xxyxwuu.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn4\yt.dll
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1132950912\ee\AOLHostManager.exe
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\LogMeInSystray.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~2\LAUNCH~1.EXE -startup
O4 - HKLM\..\Run: [CTDrive] rundll32.exe C:\WINDOWS\system32\drvnup.dll,startup
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: AOL 9.0 Tray Icon.lnk = C:\Program Files\AOL 9.0a\aoltray.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Office10\OSA.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\npjpi150_09.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\npjpi150_09.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRA~1\Yahoo!\Common\yhexbmesuk.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRA~1\Yahoo!\Common\yhexbmesuk.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra button: PartyGammon.com - {59A861EE-32B3-42cd-8CCA-FC130EDF3A44} - C:\Program Files\PartyGaming\PartyGammon\RunBackGammon.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyGammon.com - {59A861EE-32B3-42cd-8CCA-FC130EDF3A44} - C:\Program Files\PartyGaming\PartyGammon\RunBackGammon.exe (file missing)
O9 - Extra button: (no name) - {B4B52284-A248-4c51-9F7C-F0A0C67FCC9D} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {26FCCDF9-A7E1-452A-A73D-7BF7B4D0BA6C} (AOL Pictures Uploader Class) - http://pictures.aolcdn.com/ap/Resources/1.2.0.38b/cab/aolpPlugins.10.1.0.0.cab
O16 - DPF: {38D63471-E630-4492-A986-B8C48B79F2F8} (CVideoEgg_ActiveXCtl Object) - http://update.videoegg.com/wintel/VideoEggPublisher.exe
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aolsvc.aol.co.uk/computercheckup/qdiagcc.cab
O16 - DPF: {54B52E52-8000-4413-BD67-FC7FE24B59F2} (EARTPatchX Class) - http://simcity.ea.com/update/EARTPX.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1122726198031
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://194.168.163.96/activex/AxisCamControl.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/suite/yautocomplete.cab
O16 - DPF: {C36661D7-3590-45B1-80B5-520839E94DAD} (MaxisSimCity4PatcherX Control) - http://simcity.ea.com/update/MaxisSimCity4PatcherX.cab
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/RACtrl.cab
O20 - Winlogon Notify: LMIinit - C:\WINDOWS\SYSTEM32\LMIinit.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: xxyxwuu - C:\WINDOWS\SYSTEM32\xxyxwuu.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\\aolserv.exe (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: EpsonBidirectionalService - Unknown owner - C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
gianni200573
2006-11-18, 21:25
Incident Status Location
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Gentles\Cookies\gentles@2o7[2].txt
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Gentles\Cookies\gentles@mediaplex[1].txt
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\Gentles\Cookies\gentles@server.iad.liveperson[1].txt
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Gentles\Cookies\gentles@serving-sys[1].txt
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Gentles\Cookies\gentles@tribalfusion[1].txt
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Gentles\Desktop\SmitfraudFix\Process.exe
Possible Virus. Not disinfected C:\Documents and Settings\Gentles\Desktop\SmitfraudFix\swsc.exe
Adware:adware/securityerror Not disinfected C:\Documents and Settings\Gentles\Favorites\Antivirus Test Online.url
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Gentles\Local Settings\Temp\Cookies\gentles@ad.yieldmanager[1].txt
Adware:Adware/Adservice Not disinfected C:\Documents and Settings\Gentles\Local Settings\Temp\mst32.tmp
Adware:Adware/DollarRevenue Not disinfected C:\Program Files\Common Files\{38F363F3-047D-2057-0825-03080204002c}\Uninst.exe
Adware:Adware/Maxifiles Not disinfected C:\Program Files\Common Files\{98F363F3-047D-2057-0825-03080204002c}\services.dll
Adware:Adware/SurfAccuracy Not disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\3B5AD781-A9C8-4418-BC4F-61F107\5C5EB25D-D141-40A2-8C7F-55B0D2
Adware:Adware/SurfAccuracy Not disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\3B5AD781-A9C8-4418-BC4F-61F107\6B1F2A58-574C-4EC5-AA27-D1BB8A
Spyware:Spyware/MarketScore Not disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\3CD612CE-4F73-49CA-A62A-B5C944\E4A1A5C9-6124-45FC-9C72-1CAAAE
Adware:Adware/Comet Not disinfected C:\Program Files\Screensavers.com\Installer\bin\siuninst.exe
Adware:Adware/SearchRelevancy Not disinfected C:\Program Files\SearchRelevant\uninstall.exe
Potentially unwanted tool:Application/VirusBursters Not disinfected C:\Program Files\VirusBursters\VirusBursters.exe
Spyware:Cookie/Falkag Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppq10.tmp
Spyware:Cookie/Hitbox Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppq11.tmp
Spyware:Cookie/Serving-sys Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppq12.tmp
Spyware:Cookie/Sextracker Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppq13.tmp
Spyware:Cookie/Sextracker Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppq14.tmp
Spyware:Cookie/Mammamediasolutions Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppq15.tmp
Spyware:Cookie/Tradedoubler Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppq16.tmp
Spyware:Cookie/Adviva Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppq170.tmp
Spyware:Cookie/Serving-sys Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppq171.tmp
Spyware:Cookie/RealMedia Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppq173.tmp
Spyware:Cookie/Zedo Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppq18.tmp
Spyware:Cookie/Versiontracker Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppq1E.tmp
Spyware:Cookie/Intelli-tracker Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppq1F.tmp
Spyware:Cookie/QuestionMarket Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppq20.tmp
Spyware:Cookie/Versiontracker Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppq21.tmp
Spyware:Cookie/Adtech Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppq22.tmp
Spyware:Cookie/Adtech Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppq259.tmp
Spyware:Cookie/Advertising Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppq25A.tmp
Spyware:Cookie/Adviva Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppq25B.tmp
Spyware:Cookie/Falkag Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppq25C.tmp
Spyware:Cookie/Atlas DMT Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppq25D.tmp
Spyware:Cookie/BurstNet Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppq25E.tmp
Spyware:Cookie/Casalemedia Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppq25F.tmp
Spyware:Cookie/Statcounter Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppq26.tmp
Spyware:Cookie/Doubleclick Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppq262.tmp
Spyware:Cookie/FastClick Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppq264.tmp
Spyware:Cookie/Mediaplex Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppq265.tmp
Spyware:Cookie/PayCounter Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppq266.tmp
Spyware:Cookie/QuestionMarket Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppq267.tmp
Spyware:Cookie/Advertising Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppq268.tmp
Spyware:Cookie/Serving-sys Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppq269.tmp
Spyware:Cookie/SexList Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppq26A.tmp
Spyware:Cookie/Sextracker Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppq26B.tmp
Spyware:Cookie/Sextracker Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppq26C.tmp
gianni200573
2006-11-18, 21:28
Spyware:Cookie/Sextracker Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppq26D.tmp
Spyware:Cookie/Sextracker Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppq26E.tmp
Spyware:Cookie/Tradedoubler Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppq26F.tmp
Spyware:Cookie/RealMedia Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppq27.tmp
Spyware:Cookie/Traffic Marketplace Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppq270.tmp
Spyware:Cookie/Tribalfusion Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppq271.tmp
Spyware:Cookie/2o7 Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppq28.tmp
Spyware:Cookie/Advertising Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppq29.tmp
Spyware:Cookie/Falkag Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppq2A.tmp
Spyware:Cookie/Bluestreak Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppq2B.tmp
Spyware:Cookie/Casalemedia Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppq2C.tmp
Spyware:Cookie/Com.com Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppq2D.tmp
Spyware:Cookie/Doubleclick Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppq2E.tmp
Spyware:Cookie/FastClick Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppq2F.tmp
Spyware:Cookie/FortuneCity Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppq30.tmp
Spyware:Cookie/Maxserving Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppq32.tmp
Spyware:Cookie/Statcounter Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppq33.tmp
Spyware:Cookie/Tribalfusion Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppq34.tmp
Spyware:Cookie/Valueclick Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppq35.tmp
Spyware:Cookie/Zedo Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppq38.tmp
Spyware:Cookie/QkSrv Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppq4.tmp
Adware:Adware/WinTools Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppq42.tmp
Spyware:Cookie/RealMedia Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppq43.tmp
Spyware:Cookie/Humanclick Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppq45.tmp
Adware:Adware/WinTools Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppq46.tmp
Adware:Adware/WinTools Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppq49.tmp
Spyware:Cookie/Sextracker Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppq5.tmp
Spyware:Cookie/Findwhat Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppq60.tmp
Spyware:Cookie/Atlas DMT Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppq61.tmp
Spyware:Cookie/Hitbox Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppq62.tmp
Spyware:Cookie/SexList Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppq65.tmp
Spyware:Cookie/Valueclick Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppq66.tmp
Spyware:Cookie/Hitbox Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppq67.tmp
Spyware:Cookie/Mediaplex Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppq6F.tmp
Spyware:Cookie/WUpd Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppq70.tmp
gianni200573
2006-11-18, 21:29
Spyware:Cookie/Adserver Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppq71.tmp
Spyware:Cookie/RealMedia Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppq75.tmp
Spyware:Cookie/BurstNet Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppq76.tmp
Spyware:Cookie/2o7 Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppq77.tmp
Spyware:Cookie/Bfast Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppq7E.tmp
Spyware:Cookie/CentrPort Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppq8.tmp
Spyware:Cookie/Valueclick Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppq80.tmp
Spyware:Cookie/DomainSponsor Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppq82.tmp
Spyware:Cookie/DomainSponsor Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppq83.tmp
Spyware:Cookie/Maxserving Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppq84.tmp
Spyware:Cookie/WUpd Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppq85.tmp
Spyware:Cookie/Bfast Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppq8B.tmp
Spyware:Cookie/HotLog Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppq8C.tmp
Spyware:Cookie/SpyLog Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppq8D.tmp
Spyware:Cookie/bravenetA Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppq8E.tmp
Spyware:Cookie/CentrPort Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppq90.tmp
Spyware:Cookie/FortuneCity Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppq92.tmp
Spyware:Cookie/MetriWeb Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppq96.tmp
Spyware:Cookie/bravenetA Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppq97.tmp
Spyware:Cookie/YieldManager Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppq9A.tmp
Spyware:Cookie/YieldManager Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppq9B.tmp
Spyware:Cookie/Clickbank Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppq9D.tmp
Spyware:Cookie/7search Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppqA.tmp
Spyware:Cookie/Falkag Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppqA4.tmp
Spyware:Cookie/QkSrv Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppqA5.tmp
Spyware:Cookie/SAHAgent Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppqA6.tmp
Spyware:Cookie/YieldManager Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppqA9.tmp
Spyware:Cookie/HotLog Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppqBD.tmp
Spyware:Cookie/Bluestreak Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppqC.tmp
Spyware:Cookie/SpyLog Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppqC0.tmp
Spyware:Cookie/Weborama Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppqC1.tmp
Spyware:Cookie/Traffic Marketplace Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppqC5.tmp
Spyware:Cookie/XXXCounter Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppqC6.tmp
Spyware:Cookie/Advertising Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppqD.tmp
Spyware:Cookie/Mammamediasolutions Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppqE.tmp
Spyware:Cookie/onestat.com Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppqE2.tmp
Spyware:Cookie/Com.com Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppqF.tmp
Potentially unwanted tool:Application/Processor Not disinfected C:\RECYCLER\S-1-5-21-1390067357-1229272821-1801674531-1004\Dc2.zip[SmitfraudFix/Process.exe]
Possible Virus. Not disinfected C:\RECYCLER\S-1-5-21-1390067357-1229272821-1801674531-1004\Dc2.zip[SmitfraudFix/swsc.exe]
Adware:adware/ncase Not disinfected C:\temp\salmau.dat
Adware:Adware/WUpd Not disinfected C:\WINDOWS\Downloaded Program Files\DeskAdX.dll
Potentially unwanted tool:Application/Winantivirus2006 Not disinfected C:\WINDOWS\Downloaded Program Files\UWA6P_0001_N91M1807NetInstaller.exe
Adware:Adware/VirusBurst Not disinfected C:\WINDOWS\system32\components\flx7.dll
Adware:Adware/Adservice Not disinfected C:\WINDOWS\system32\drvnup.dll
Spyware:Spyware/MarketScore Not disinfected C:\WINDOWS\system32\rk.bin
Adware:Adware/Yazzle Not disinfected C:\WINDOWS\system32\xxyxwuu.dll
Virus:Trj/Zapchast.BI Disinfected C:\winupd.bat
gianni200573
2006-11-19, 17:00
This seems to have got rid of the icon in the system tray, however AVG Anti virus still seems to be picking up something periodically.
---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------
+ Created at: 15:42:33 19/11/2006
+ Scan result:
HKU\S-1-5-21-1390067357-1229272821-1801674531-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{052B12F7-86FA-4921-8482-26C42316B522} -> Adware.Generic : Cleaned with backup (quarantined).
HKU\S-1-5-21-1390067357-1229272821-1801674531-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{39F25B12-74FF-4079-A51F-1D70F5B08B84} -> Adware.Generic : Cleaned with backup (quarantined).
HKU\S-1-5-21-1390067357-1229272821-1801674531-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{4A2AACF3-ADF6-11D5-98A9-00E018981B9E} -> Adware.NewDotNet : Cleaned with backup (quarantined).
C:\Program Files\Common Files\{98F363F3-047D-2057-0825-03080204002c}\services.dll -> Adware.Softomate : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{FB02EF98-65D8-4505-8C63-0C840797F845}\RP1030\A0182620.exe -> Adware.Softomate : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{FB02EF98-65D8-4505-8C63-0C840797F845}\RP1030\A0182656.dll -> Adware.Softomate : Cleaned with backup (quarantined).
C:\Program Files\Microsoft AntiSpyware\Quarantine\3B5AD781-A9C8-4418-BC4F-61F107\5C5EB25D-D141-40A2-8C7F-55B0D2 -> Adware.SurfAccuracy : Cleaned with backup (quarantined).
C:\Program Files\Microsoft AntiSpyware\Quarantine\3B5AD781-A9C8-4418-BC4F-61F107\6B1F2A58-574C-4EC5-AA27-D1BB8A -> Adware.SurfAccuracy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\xxyxwuu.dll -> Adware.Virtumonde : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\ins -> Adware.WebRebates : Cleaned with backup (quarantined).
C:\WINDOWS\Downloaded Program Files\DeskAdX.dll -> Adware.WinAD : Cleaned with backup (quarantined).
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq42.tmp -> Adware.Wintol : Cleaned with backup (quarantined).
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq46.tmp -> Adware.Wintol : Cleaned with backup (quarantined).
C:\Program Files\BitComet\Downloads\Panda Antivirus + Firewall 2007 + Product Key.zip/Key.exe -> Backdoor.Agent.aga : Cleaned with backup (quarantined).
C:\WINDOWS\Downloaded Program Files\UWA6P_0001_N91M1807NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{FB02EF98-65D8-4505-8C63-0C840797F845}\RP1032\A0182679.dll -> Not-A-Virus.Hoax.Win32.Renos.fa : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{FB02EF98-65D8-4505-8C63-0C840797F845}\RP1033\A0182700.dll -> Not-A-Virus.Hoax.Win32.Renos.fa : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{FB02EF98-65D8-4505-8C63-0C840797F845}\RP1034\A0182721.dll -> Not-A-Virus.Hoax.Win32.Renos.fa : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{FB02EF98-65D8-4505-8C63-0C840797F845}\RP1036\A0182750.dll -> Not-A-Virus.Hoax.Win32.Renos.fa : Cleaned with backup (quarantined).
C:\WINDOWS\system32\components\flx7.dll -> Not-A-Virus.Hoax.Win32.Renos.fa : Cleaned with backup (quarantined).
C:\Documents and Settings\Gentles\Local Settings\Temp\mst32.tmp -> Not-A-Virus.Hoax.Win32.Renos.fw : Cleaned with backup (quarantined).
C:\WINDOWS\system32\drvnup.dll -> Not-A-Virus.Hoax.Win32.Renos.fw : Cleaned with backup (quarantined).
C:\Documents and Settings\Gentles\Local Settings\Temporary Internet Files\Content.IE5\WJKPBQBT\100 CRACKS & SERIAls\Nero Burning ROM mp3PRO Encoder.zip/Nero.MP3Pro.Plugin.Crack/LS_Nero_mp3PRO_Encoder_Plugin.exe -> Not-A-Virus.VirTool.Win32.AvSpoffer.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Gentles\Local Settings\Temporary Internet Files\Content.IE5\WJKPBQBT\100 CRACKS & SERIAls\Nero Burning ROM mp3PRO Encoder.zip/Nero.SVCD.Plugin.Crack/LS_Nero_SVCD_Plugin.exe -> Not-A-Virus.VirTool.Win32.AvSpoffer.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Gentles\Local Settings\Temporary Internet Files\Content.IE5\WJKPBQBT\100 CRACKS & SERIAls\PerfectDisk[1].7.0.Build.xx.GENERiC_CRK-FFF.zip/Crack.exe -> Not-A-Virus.VirTool.Win32.AvSpoffer.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Gentles\Local Settings\Temporary Internet Files\Content.IE5\WJKPBQBT\100 CRACKS & SERIAls\avast_Antivirus_v4[1].x_Pro_Edition_Repack_20040228 (www.lomalka.ru).zip/fff-ap4x.exe -> Not-A-Virus.VirTool.Win32.AvSpoffer.a : Cleaned with backup (quarantined).
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq43.tmp -> TrackingCookie.247realmedia : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq75.tmp -> TrackingCookie.247realmedia : Cleaned.
C:\Documents and Settings\Gentles\Cookies\gentles@2o7[2].txt -> TrackingCookie.2o7 : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq28.tmp -> TrackingCookie.2o7 : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq77.tmp -> TrackingCookie.2o7 : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppqA.tmp -> TrackingCookie.7search : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq63.tmp -> TrackingCookie.Ad-logics : Cleaned.
C:\Documents and Settings\Gentles\Cookies\gentles@adbrite[1].txt -> TrackingCookie.Adbrite : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq71.tmp -> TrackingCookie.Adserver : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq22.tmp -> TrackingCookie.Adtech : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq259.tmp -> TrackingCookie.Adtech : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq25A.tmp -> TrackingCookie.Advertising : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq268.tmp -> TrackingCookie.Advertising : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq29.tmp -> TrackingCookie.Advertising : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppqD.tmp -> TrackingCookie.Advertising : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq170.tmp -> TrackingCookie.Adviva : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq25B.tmp -> TrackingCookie.Adviva : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq25D.tmp -> TrackingCookie.Atdmt : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq61.tmp -> TrackingCookie.Atdmt : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq7E.tmp -> TrackingCookie.Bfast : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq8B.tmp -> TrackingCookie.Bfast : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq2B.tmp -> TrackingCookie.Bluestreak : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppqC.tmp -> TrackingCookie.Bluestreak : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq25E.tmp -> TrackingCookie.Burstnet : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq76.tmp -> TrackingCookie.Burstnet : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq25F.tmp -> TrackingCookie.Casalemedia : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq2C.tmp -> TrackingCookie.Casalemedia : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq8.tmp -> TrackingCookie.Centrport : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq90.tmp -> TrackingCookie.Centrport : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq9D.tmp -> TrackingCookie.Clickbank : Cleaned.
C:\Documents and Settings\Gentles\Cookies\gentles@ad1.clickhype[2].txt -> TrackingCookie.Clickhype : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq2D.tmp -> TrackingCookie.Com : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppqF.tmp -> TrackingCookie.Com : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq261.tmp -> TrackingCookie.Commission-junction : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq262.tmp -> TrackingCookie.Doubleclick : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq2E.tmp -> TrackingCookie.Doubleclick : Cleaned.
C:\Documents and Settings\Gentles\Cookies\gentles@e-2dj6wgk4qjazekp.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq10.tmp -> TrackingCookie.Falkag : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq25C.tmp -> TrackingCookie.Falkag : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq2A.tmp -> TrackingCookie.Falkag : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppqA4.tmp -> TrackingCookie.Falkag : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq264.tmp -> TrackingCookie.Fastclick : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq2F.tmp -> TrackingCookie.Fastclick : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq60.tmp -> TrackingCookie.Findwhat : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq11.tmp -> TrackingCookie.Hitbox : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq62.tmp -> TrackingCookie.Hitbox : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq64.tmp -> TrackingCookie.Hitbox : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq67.tmp -> TrackingCookie.Hitbox : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq78.tmp -> TrackingCookie.Hitbox : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq9.tmp -> TrackingCookie.Hitbox : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq8C.tmp -> TrackingCookie.Hotlog : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppqBD.tmp -> TrackingCookie.Hotlog : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq73.tmp -> TrackingCookie.Hypertracker : Cleaned.
C:\Documents and Settings\Gentles\Cookies\gentles@server.iad.liveperson[1].txt -> TrackingCookie.Liveperson : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq265.tmp -> TrackingCookie.Mediaplex : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq6F.tmp -> TrackingCookie.Mediaplex : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppqE2.tmp -> TrackingCookie.Onestat : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq266.tmp -> TrackingCookie.Paycounter : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq4.tmp -> TrackingCookie.Qksrv : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppqA5.tmp -> TrackingCookie.Qksrv : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq20.tmp -> TrackingCookie.Questionmarket : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq267.tmp -> TrackingCookie.Questionmarket : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq94.tmp -> TrackingCookie.Realtracker : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppqA7.tmp -> TrackingCookie.Realtracker : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq70.tmp -> TrackingCookie.Revenue : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq85.tmp -> TrackingCookie.Revenue : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq263.tmp -> TrackingCookie.Ru4 : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq40.tmp -> TrackingCookie.Ru4 : Cleaned.
C:\Documents and Settings\Gentles\Cookies\gentles@serving-sys[1].txt -> TrackingCookie.Serving-sys : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq12.tmp -> TrackingCookie.Serving-sys : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq171.tmp -> TrackingCookie.Serving-sys : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq269.tmp -> TrackingCookie.Serving-sys : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq26A.tmp -> TrackingCookie.Sexlist : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq65.tmp -> TrackingCookie.Sexlist : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq13.tmp -> TrackingCookie.Sextracker : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq14.tmp -> TrackingCookie.Sextracker : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq26B.tmp -> TrackingCookie.Sextracker : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq26C.tmp -> TrackingCookie.Sextracker : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq26D.tmp -> TrackingCookie.Sextracker : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq26E.tmp -> TrackingCookie.Sextracker : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq5.tmp -> TrackingCookie.Sextracker : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppqA6.tmp -> TrackingCookie.Shopathomeselect : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq8D.tmp -> TrackingCookie.Spylog : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppqC0.tmp -> TrackingCookie.Spylog : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq26.tmp -> TrackingCookie.Statcounter : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq33.tmp -> TrackingCookie.Statcounter : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq9C.tmp -> TrackingCookie.Tacoda : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq15.tmp -> TrackingCookie.Targetnet : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppqE.tmp -> TrackingCookie.Targetnet : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq16.tmp -> TrackingCookie.Tradedoubler : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq26F.tmp -> TrackingCookie.Tradedoubler : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq270.tmp -> TrackingCookie.Trafficmp : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppqC5.tmp -> TrackingCookie.Trafficmp : Cleaned.
C:\Documents and Settings\Gentles\Cookies\gentles@tribalfusion[1].txt -> TrackingCookie.Tribalfusion : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq271.tmp -> TrackingCookie.Tribalfusion : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq34.tmp -> TrackingCookie.Tribalfusion : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq35.tmp -> TrackingCookie.Valueclick : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq66.tmp -> TrackingCookie.Valueclick : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq80.tmp -> TrackingCookie.Valueclick : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppqC1.tmp -> TrackingCookie.Weborama : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppqC6.tmp -> TrackingCookie.Xxxcounter : Cleaned.
C:\Documents and Settings\Gentles\Local Settings\Temp\Cookies\gentles@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq9A.tmp -> TrackingCookie.Yieldmanager : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq9B.tmp -> TrackingCookie.Yieldmanager : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppqA9.tmp -> TrackingCookie.Yieldmanager : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq18.tmp -> TrackingCookie.Zedo : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq38.tmp -> TrackingCookie.Zedo : Cleaned.
::Report end
Hello and sorry for the wait, this topic appears to have been overlooked.
If you have not resolved the problem, we do have this sticky:
If you have waited four days for advice post here. (http://forums.spybot.info/showthread.php?p=4836#post4836)
Hello
after having proved your report we need some suspicious files we found in your bug report of your system for further and direct examination.
Please download the suspicious file packer from our website on the following page to make this action easier:
http://www.safer-networking.org/files/sfp.zip
Then install and open it. Simply copy the paths given below by copy/paste to the Step1 and press "continue". By pressing this button a file will be created on your desktop which contains the files below. Then please reply to this email with the file in the attachment.
With the help of these entries we will improve Spybot-S&D`s database so that the threats you have encountered can be removed by one of the very next updates.
If you recognize some of the files cannot be found or copied to the file packer please try again the procedure in Windows Safe Mode (restart Windows and press F8 while booting).
(Please understand that we cannot know all process names or applications. If we list files that you know from and that are definitely installed by yourself you do not need to add those files. But for example many important windows files have corrupted equivalents. So please make sure you know from the files given below that they are really good ones if you wish not to add them.)
===[-]========
C:\WINDOWS\system32\xxyxwuu.dll -> Vitumonde/Vundo Adware
C:\WINDOWS\system32\drvnup.dll -> most probably part of Smitfraud
malware
===[-]========
Also you should delete the following entries from your registry.
-> Open your HJT again and fix:
O2 - BHO: (no name) - {39f25b12-74ff-4079-a51f-1d70f5b08b84} - C:\WINDOWS\system32\ixt0.dll (file missing)
O9 - Extra button: PartyGammon.com - {59A861EE-32B3-42cd-8CCA-FC130EDF3A44} - C:\Program Files\PartyGaming\PartyGammon\RunBackGammon.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyGammon.com - {59A861EE-32B3-42cd-8CCA-FC130EDF3A44} - C:\Program Files\PartyGaming\PartyGammon\RunBackGammon.exe (file missing)
O9 - Extra button: (no name) - {B4B52284-A248-4c51-9F7C-F0A0C67FCC9D}
---------------------------------------------------------------------
! There will be no answer to your email as the sent files get directly under examination of our detection team. Solutions to any found threats will be put to the very next update. ;)!
gianni200573
2006-11-28, 14:31
Hi there. Thanks for the response.
I've decided to take drastic measures and significantly upgrade my PC...new everything basically. It's not as a direct result of this virus (although it did help) but it was a couple of years old and there was more stuff on there that I didn't know about than I did.
Thanks again for your time and effort.
Very much appreciated.
You can now close this thread.
LonnyRJones
2006-12-06, 12:18
Im Glad we could help
Since the problems are solved Im going to close the topic now, this keeps others with similar problems from posting there logs/question here, they should start a new topic.
If you should need to post another log for the same PC let one of us know via a PM (personal message).