View Full Version : I too, thought I got it all... Help!
Well, even being an IT guy for almost 15 years still shows that you can't know everything.
I have run Spybot, AdAware, and NOD32, and all three in safe mode. I got the BHO variants, but I'm still getting random popups in IE, and I'm still worried I might have more bugs in here.
Below is the log file. Let me know what you see that I've missed!
Thanks in advance!!!
Logfile of HijackThis v1.99.1
Scan saved at 7:22:03 PM, on 12/22/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5700.0006)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
d:\Program Files\DigitalPersona\Bin\DpHost.exe
d:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
d:\Program Files\DigitalPersona\Bin\DPFUSMgr.exe
C:\WINDOWS\Explorer.EXE
D:\Program Files\DigitalPersona\Bin\DPAgnt.exe
C:\Program Files\MSI\Live Update 3\LMonitor.exe
D:\Program Files\Eset\nod32kui.exe
C:\WINDOWS\system32\RUNDLL32.EXE
D:\Program Files\eFax Messenger 4.2\J2GDllCmd.exe
C:\WINDOWS\system32\LVCOMSX.EXE
D:\Program Files\Logitech\Video\LogiTray.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
D:\PROGRA~1\AIM\aim.exe
D:\Program Files\Skype\Phone\Skype.exe
D:\Program Files\Microsoft ActiveSync\Wcescomm.exe
C:\WINDOWS\system32\ctfmon.exe
D:\PROGRA~1\MICROS~4\rapimgr.exe
D:\Program Files\Logitech\Video\FxSvr2.exe
D:\Program Files\SEC\MagicTune3.6\GammaTray.exe
D:\Program Files\eFax Messenger 4.2\J2GTray.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
D:\Program Files\SEC\MagicTune3.6\MagicTune.exe
d:\Program Files\Webshots\webshots.scr
D:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Program Files\Internet Explorer\iexplore.exe
D:\downloads\hijackthis\scanner.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=54729
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=55245&clcid={SUB_CLCID}
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: 70.91.164.100 capone.adwinternational.com
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {3FD6B99C-A275-46ea-8FD1-3D63986E51E4} - C:\WINDOWS\system32\jvikrwgn.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {9E28602D-2826-4A93-A763-5AF53E9145BA} - C:\WINDOWS\system\das.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: Picture Ace - {CC7C8206-344B-45AB-B898-78D06229268F} - d:\Program Files\Picture Ace\PictureAce.dll
O2 - BHO: (no name) - {DA14D766-2E78-4627-91BC-BD104C55E4Fe} - C:\WINDOWS\system32\vkkipite.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [DPAgnt] d:\Program Files\DigitalPersona\Bin\DPAgnt.exe
O4 - HKLM\..\Run: [LiveMonitor] C:\Program Files\MSI\Live Update 3\LMonitor.exe
O4 - HKLM\..\Run: [nod32kui] "d:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [CloneCDTray] "d:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [eFax 4.2] "d:\Program Files\eFax Messenger 4.2\J2GDllCmd.exe" /R
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] d:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] d:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [DllRunning] rundll32.exe "C:\WINDOWS\system32\howbrwbt.dll",setvm
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [AIM] D:\PROGRA~1\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [Skype] "D:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [H/PC Connection Agent] "D:\Program Files\Microsoft ActiveSync\Wcescomm.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] d:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: Webshots.lnk = D:\Program Files\Webshots\Launcher.exe
O4 - Global Startup: .protected
O4 - Global Startup: Color Calibration.lnk = ?
O4 - Global Startup: eFax 4.2.lnk = D:\Program Files\eFax Messenger 4.2\J2GTray.exe
O4 - Global Startup: MagicTune 3.6.lnk = ?
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - d:\Program Files\Java\j2re1.4.1_02\bin\npjpi141_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - d:\Program Files\Java\j2re1.4.1_02\bin\npjpi141_02.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - D:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - D:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - D:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - D:\PROGRA~1\AIM\aim.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = adwinternational.com
O17 - HKLM\Software\..\Telephony: DomainName = adwinternational.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{F57611EA-CFFB-45E1-86DD-C4DFE1DD8F13}: NameServer = 192.168.1.1,192.168.1.200
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = adwinternational.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = adwinternational.com
O20 - Winlogon Notify: das - C:\WINDOWS\system\das.dll
O20 - Winlogon Notify: DPWLN - C:\WINDOWS\system32\DPWLEvHd.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: winemx32 - winemx32.dll (file missing)
O23 - Service: Windows XP FUS Manager (DPFUSMgr) - DigitalPersona, Inc. - d:\Program Files\DigitalPersona\Bin\DPFUSMgr.exe
O23 - Service: Biometric Authentication Service (DpHost) - DigitalPersona, Inc. - d:\Program Files\DigitalPersona\Bin\DpHost.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - d:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
Angelfire777
2006-12-23, 06:34
Hi, Welcome to Spybot Forums! :D:
Please download VundoFix.exe (http://www.atribune.org/ccount/click.php?id=4) to your Desktop.
Double-click VundoFix.exe to run it.
Click the Scan for Vundo button.
Once it's done scanning, click the Remove Vundo button.
You will receive a prompt asking if you want to remove the files, click YES.
Once you click yes, your desktop will go blank as it starts removing Vundo.
When completed, it will prompt that it will reboot your computer, click OK.
Please post the contents of C:\vundofix.txt and a new HiJackThis log.
Note: It is possible that VundoFix encountered a file it could not remove.
In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button." when VundoFix appears at reboot.
Please download SmitfraudFix (http://siri.urz.free.fr/Fix/SmitfraudFix.exe) (by S!Ri)
Extract the content (a folder named SmitfraudFix) to your Desktop.
Double-click SmitfraudFix.exe
Select option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).
Please copy/paste the content of that report into your next reply.
IMPORTANT: Do NOT run any other options except for Option # 1.
Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.
http://www.beyondlogic.org/consulting/proc...processutil.htm (http://www.beyondlogic.org/consulting/processutil/processutil.htm)
If the tool fails to launch from the Desktop, please move SmitfraudFix.exe directly to the root of the system drive (usually C:), and launch from there.
On your next reply, please include a fresh hijackThis log, vundofix log and the smitfraudfix log.
Thanks in advance.... but one question is how did you know these two items were in here? What clued you in? Always trying to increase my repetoire....
Here is the log file for Smitfraud:
SmitFraudFix v2.131
Scan done at 17:37:02.92, Sat 12/23/2006
Run from C:\Documents and Settings\dan\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode
»»»»»»»»»»»»»»»»»»»»»»»» C:\
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS
C:\WINDOWS\.protected FOUND !
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32
C:\WINDOWS\system32\issearch.exe FOUND !
C:\WINDOWS\system32\ot.ico FOUND !
C:\WINDOWS\system32\1024\ FOUND !
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\dan
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\dan\Application Data
»»»»»»»»»»»»»»»»»»»»»»»» Start Menu
C:\DOCUME~1\ALLUSE~1\STARTM~1\Online Security Guide.url FOUND !
C:\DOCUME~1\ALLUSE~1\STARTM~1\Security Troubleshooting.url FOUND !
C:\DOCUME~1\ALLUSE~1\STARTM~1\Programs\Startup\.protected FOUND !
»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\dan\FAVORI~1
C:\DOCUME~1\dan\FAVORI~1\Antivirus Test Online.url FOUND !
»»»»»»»»»»»»»»»»»»»»»»»» Desktop
»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files
»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys
»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"incestuously"="{03413bf7-e34c-445b-bfc0-a2b127255871}"
»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""
»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""
»»»»»»»»»»»»»»»»»»»»»»»» pe386-msguard-lzx32
»»»»»»»»»»»»»»»»»»»»»»»» Scanning wininet.dll infection
»»»»»»»»»»»»»»»»»»»»»»»» End
Vundo:
VundoFix V6.2.13
Checking Java version...
Sun Java not detected
Scan started at 5:07:06 PM 12/23/2006
Listing files found while scanning....
C:\WINDOWS\system32\abdefshb.dll
C:\WINDOWS\system32\buunuegm.dll
C:\WINDOWS\system32\gebcd.dll
C:\WINDOWS\system32\gtagoqib.dll
C:\WINDOWS\system32\ogexgmwd.dll
C:\WINDOWS\system32\sdyovrux.dll
C:\WINDOWS\system32\vdkxtkaf.dll
C:\WINDOWS\system32\hvgbstuk.exe
C:\WINDOWS\system32\mdhgeocc.exe
C:\Program Files\Common Files\{E02A20B3-0710-1033-0112-050729050001}\services.dll
C:\WINDOWS\system\das.dll
C:\WINDOWS\system\das.dll
C:\WINDOWS\system\sad.ini
C:\WINDOWS\system\sad.bak1
C:\WINDOWS\system\sad.bak2
C:\WINDOWS\system\sad.ini2
C:\WINDOWS\system\sad.tmp
C:\WINDOWS\system\sad.ini
C:\WINDOWS\system\sad.bak1
C:\WINDOWS\system\sad.bak2
C:\WINDOWS\system\sad.ini2
C:\WINDOWS\system\sad.tmp
Beginning removal...
Attempting to delete C:\WINDOWS\system32\abdefshb.dll
C:\WINDOWS\system32\abdefshb.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\buunuegm.dll
C:\WINDOWS\system32\buunuegm.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\gebcd.dll
C:\WINDOWS\system32\gebcd.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\gtagoqib.dll
C:\WINDOWS\system32\gtagoqib.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\ogexgmwd.dll
C:\WINDOWS\system32\ogexgmwd.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\sdyovrux.dll
C:\WINDOWS\system32\sdyovrux.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\vdkxtkaf.dll
C:\WINDOWS\system32\vdkxtkaf.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\hvgbstuk.exe
C:\WINDOWS\system32\hvgbstuk.exe Has been deleted!
Attempting to delete C:\WINDOWS\system32\mdhgeocc.exe
C:\WINDOWS\system32\mdhgeocc.exe Has been deleted!
Attempting to delete C:\Program Files\Common Files\{E02A20B3-0710-1033-0112-050729050001}\services.dll
C:\Program Files\Common Files\{E02A20B3-0710-1033-0112-050729050001}\services.dll Has been deleted!
Attempting to delete C:\WINDOWS\system\das.dll
C:\WINDOWS\system\das.dll Has been deleted!
Attempting to delete C:\WINDOWS\system\sad.ini
C:\WINDOWS\system\sad.ini Has been deleted!
Attempting to delete C:\WINDOWS\system\sad.bak1
C:\WINDOWS\system\sad.bak1 Has been deleted!
Attempting to delete C:\WINDOWS\system\sad.bak2
C:\WINDOWS\system\sad.bak2 Has been deleted!
Attempting to delete C:\WINDOWS\system\sad.ini2
C:\WINDOWS\system\sad.ini2 Has been deleted!
Attempting to delete C:\WINDOWS\system\sad.tmp
C:\WINDOWS\system\sad.tmp Has been deleted!
Performing Repairs to the registry.
Done!
Logfile of HijackThis v1.99.1
Scan saved at 5:42:24 PM, on 12/23/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5700.0006)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
d:\Program Files\DigitalPersona\Bin\DpHost.exe
d:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
d:\Program Files\DigitalPersona\Bin\DPFUSMgr.exe
C:\WINDOWS\Explorer.EXE
D:\Program Files\DigitalPersona\Bin\DPAgnt.exe
C:\Program Files\MSI\Live Update 3\LMonitor.exe
D:\Program Files\Eset\nod32kui.exe
C:\WINDOWS\system32\RUNDLL32.EXE
D:\Program Files\eFax Messenger 4.2\J2GDllCmd.exe
C:\WINDOWS\system32\LVCOMSX.EXE
D:\Program Files\Logitech\Video\LogiTray.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
D:\PROGRA~1\AIM\aim.exe
D:\Program Files\Skype\Phone\Skype.exe
D:\Program Files\Microsoft ActiveSync\Wcescomm.exe
C:\WINDOWS\system32\ctfmon.exe
D:\PROGRA~1\MICROS~4\rapimgr.exe
D:\Program Files\SEC\MagicTune3.6\GammaTray.exe
D:\Program Files\eFax Messenger 4.2\J2GTray.exe
D:\Program Files\SEC\MagicTune3.6\MagicTune.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
D:\Program Files\Logitech\Video\FxSvr2.exe
d:\Program Files\Webshots\webshots.scr
C:\Program Files\Internet Explorer\iexplore.exe
D:\downloads\hijackthis\scanner.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=54729
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=55245&clcid={SUB_CLCID}
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: 70.91.164.100 capone.adwinternational.com
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {3FD6B99C-A275-46ea-8FD1-3D63986E51E4} - C:\WINDOWS\system32\jvikrwgn.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {9E28602D-2826-4A93-A763-5AF53E9145BA} - C:\WINDOWS\system\das.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: Picture Ace - {CC7C8206-344B-45AB-B898-78D06229268F} - d:\Program Files\Picture Ace\PictureAce.dll
O2 - BHO: (no name) - {DA14D766-2E78-4627-91BC-BD104C55E4Fe} - C:\WINDOWS\system32\vkkipite.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [DPAgnt] d:\Program Files\DigitalPersona\Bin\DPAgnt.exe
O4 - HKLM\..\Run: [LiveMonitor] C:\Program Files\MSI\Live Update 3\LMonitor.exe
O4 - HKLM\..\Run: [nod32kui] "d:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [CloneCDTray] "d:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [eFax 4.2] "d:\Program Files\eFax Messenger 4.2\J2GDllCmd.exe" /R
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] d:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] d:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [DllRunning] rundll32.exe "C:\WINDOWS\system32\howbrwbt.dll",setvm
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [AIM] D:\PROGRA~1\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [Skype] "D:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [H/PC Connection Agent] "D:\Program Files\Microsoft ActiveSync\Wcescomm.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] d:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: Webshots.lnk = D:\Program Files\Webshots\Launcher.exe
O4 - Global Startup: .protected
O4 - Global Startup: Color Calibration.lnk = ?
O4 - Global Startup: eFax 4.2.lnk = D:\Program Files\eFax Messenger 4.2\J2GTray.exe
O4 - Global Startup: MagicTune 3.6.lnk = ?
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - d:\Program Files\Java\j2re1.4.1_02\bin\npjpi141_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - d:\Program Files\Java\j2re1.4.1_02\bin\npjpi141_02.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - D:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - D:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - D:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - D:\PROGRA~1\AIM\aim.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = adwinternational.com
O17 - HKLM\Software\..\Telephony: DomainName = adwinternational.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{F57611EA-CFFB-45E1-86DD-C4DFE1DD8F13}: NameServer = 192.168.1.1,192.168.1.200
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = adwinternational.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = adwinternational.com
O20 - Winlogon Notify: DPWLN - C:\WINDOWS\system32\DPWLEvHd.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: winemx32 - winemx32.dll (file missing)
O23 - Service: Windows XP FUS Manager (DPFUSMgr) - DigitalPersona, Inc. - d:\Program Files\DigitalPersona\Bin\DPFUSMgr.exe
O23 - Service: Biometric Authentication Service (DpHost) - DigitalPersona, Inc. - d:\Program Files\DigitalPersona\Bin\DpHost.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - d:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
Angelfire777
2006-12-24, 01:52
Thanks in advance.... but one question is how did you know these two items were in here? What clued you in? Always trying to increase my repetoire....
I've been training for the past few months that's why I know the "tell tales" of different infections..
Please print out or copy these instructions to Notepad as the internet will not be (while in Safe Mode) available to you at certain points of the removal process. If there's anything that you don't understand, ask your question(s) before moving on with the fixes.
Please download AVG Anti-Spyware to your Desktop or to your usual Download Folder.
http://www.ewido.net/en/download/
Install AVG Anti-Spyware by double clicking the installer.
Follow the prompts. Make sure that Launch AVG Anti-Spyware is checked.
On the main screen under Your Computer's security.
Click on Change state next to Resident shield. It should now change to inactive.
Click on Change state next to Automatic updates. It should now change to inactive.
Next to Last Update, click on Update now. (You will need an active internet connection to perform this)
Wait until you see the Update succesfull message.
Right-click the AVG Anti-Spyware Tray Icon and uncheck Start with Windows.
Right-click the AVG Anti-Spyware Tray Icon and select Exit. Confirm by clicking Yes.
If you are having problems with the updater, you can use this link to manually update ewido.
AVG Anti-Spyware manual updates (http://www.ewido.net/en/download/updates/).
Download the Full database to your Desktop or to your usual Download Folder and install it by double clicking the file. Make sure that AVG Anti-Spyware is closed before installing the update. Do not use it yet!
*Download ATF Cleaner (http://www.atribune.org/ccount/click.php?id=1) by Atribune
DO NOT USE IT YET!!
______________________________
Reboot into Safe Mode
To enter Safe Mode..
Click start > turn off computer > Restart > Tap F8 key just before Windows starts to load, > this will bring up a menu > use your keyboard to scroll to Safe Mode> hit enter
______________________________
Open the SmitfraudFix Folder, then double-click smitfraudfix.cmd file to start the tool.
Select option #2 - Clean by typing 2 and press Enter.
Wait for the tool to complete and disk cleanup to finish.
You will be prompted : "Registry cleaning - Do you want to clean the registry ?" answer Yes by typing Y and hit Enter.
The tool will also check if wininet.dll is infected. If a clean version is found, you will be prompted to replace wininet.dll. Answer Yes to the question "Replace infected file ?" by typing Y and hit Enter.
A reboot may be needed to finish the cleaning process, if you computer does not restart automatically please do it yourself manually. Reboot in Safe Mode.
The tool will create a log named rapport.txt in the root of your drive, eg: Local Disk C: or partition where your operating system is installed. Please post that log along with all others requested in your next reply.
______________________________
Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browser
Click Firefox at the top and choose:Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click
No at the prompt.
If you use Opera browser
Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE:If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
______________________________
Please run AVG AntiSpyware, and run a full scan as follow:
IMPORTANT: Do not open any other windows or programs while AVG AntiSpyware is scanning, it may interfere with the scanning process.
Launch AVG AntiSpyware by double-clicking the icon on your desktop.
Select the "Scanner" icon at the top and then the "Scan" tab then click on "Complete System Scan".
Ewido will now begin the scanning process, be patient this may take a little time.
Once the scan is complete do the following:
If you have any infections you will prompted, then select "Apply all actions"
Next select the "Reports" icon at the top.
Select the "Save Report As" button in the lower left hand of the screen and save it to a text file on your system. (Make sure to remember where you saved that file, this is important).
Close AVG AntiSpyware.
Reboot to normal mode.
______________________________
Please post:
c:\rapport.txt
AVG AntiSpyware log
A new HijackThis log
OK. All looks OK so far.
Here are the logs:
Logfile of HijackThis v1.99.1
Scan saved at 12:42:54 AM, on 12/25/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5700.0006)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
d:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
d:\Program Files\DigitalPersona\Bin\DpHost.exe
d:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
d:\Program Files\DigitalPersona\Bin\DPFUSMgr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\Explorer.EXE
D:\Program Files\DigitalPersona\Bin\DPAgnt.exe
C:\Program Files\MSI\Live Update 3\LMonitor.exe
D:\Program Files\Eset\nod32kui.exe
C:\WINDOWS\system32\RUNDLL32.EXE
D:\Program Files\eFax Messenger 4.2\J2GDllCmd.exe
C:\WINDOWS\system32\LVCOMSX.EXE
D:\Program Files\Logitech\Video\LogiTray.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
D:\PROGRA~1\AIM\aim.exe
D:\Program Files\Skype\Phone\Skype.exe
D:\Program Files\Microsoft ActiveSync\Wcescomm.exe
D:\PROGRA~1\MICROS~4\rapimgr.exe
C:\WINDOWS\system32\ctfmon.exe
D:\Program Files\Logitech\Video\FxSvr2.exe
C:\WINDOWS\system32\notepad.exe
D:\Program Files\SEC\MagicTune3.6\GammaTray.exe
D:\Program Files\eFax Messenger 4.2\J2GTray.exe
D:\Program Files\SEC\MagicTune3.6\MagicTune.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
d:\Program Files\Webshots\webshots.scr
D:\downloads\hijackthis\scanner.exe
C:\Program Files\Internet Explorer\iexplore.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: 70.91.164.100 capone.adwinternational.com
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {3FD6B99C-A275-46ea-8FD1-3D63986E51E4} - C:\WINDOWS\system32\jvikrwgn.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {9E28602D-2826-4A93-A763-5AF53E9145BA} - C:\WINDOWS\system\das.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: Picture Ace - {CC7C8206-344B-45AB-B898-78D06229268F} - d:\Program Files\Picture Ace\PictureAce.dll
O2 - BHO: (no name) - {DA14D766-2E78-4627-91BC-BD104C55E4Fe} - C:\WINDOWS\system32\vkkipite.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [DPAgnt] d:\Program Files\DigitalPersona\Bin\DPAgnt.exe
O4 - HKLM\..\Run: [LiveMonitor] C:\Program Files\MSI\Live Update 3\LMonitor.exe
O4 - HKLM\..\Run: [nod32kui] "d:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [CloneCDTray] "d:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [eFax 4.2] "d:\Program Files\eFax Messenger 4.2\J2GDllCmd.exe" /R
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] d:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] d:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [DllRunning] rundll32.exe "C:\WINDOWS\system32\howbrwbt.dll",setvm
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [AIM] D:\PROGRA~1\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [Skype] "D:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [H/PC Connection Agent] "D:\Program Files\Microsoft ActiveSync\Wcescomm.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] d:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: Webshots.lnk = D:\Program Files\Webshots\Launcher.exe
O4 - Global Startup: .protected
O4 - Global Startup: Color Calibration.lnk = ?
O4 - Global Startup: eFax 4.2.lnk = D:\Program Files\eFax Messenger 4.2\J2GTray.exe
O4 - Global Startup: MagicTune 3.6.lnk = ?
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - d:\Program Files\Java\j2re1.4.1_02\bin\npjpi141_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - d:\Program Files\Java\j2re1.4.1_02\bin\npjpi141_02.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - D:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - D:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - D:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - D:\PROGRA~1\AIM\aim.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = adwinternational.com
O17 - HKLM\Software\..\Telephony: DomainName = adwinternational.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{F57611EA-CFFB-45E1-86DD-C4DFE1DD8F13}: NameServer = 192.168.1.1,192.168.1.200
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = adwinternational.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = adwinternational.com
O20 - Winlogon Notify: DPWLN - C:\WINDOWS\system32\DPWLEvHd.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: winemx32 - winemx32.dll (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - d:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Windows XP FUS Manager (DPFUSMgr) - DigitalPersona, Inc. - d:\Program Files\DigitalPersona\Bin\DPFUSMgr.exe
O23 - Service: Biometric Authentication Service (DpHost) - DigitalPersona, Inc. - d:\Program Files\DigitalPersona\Bin\DpHost.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - d:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
------------------------------------
SmitFraudFix v2.131
Scan done at 12:11:32.82, Sun 12/24/2006
Run from C:\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in safe mode
»»»»»»»»»»»»»»»»»»»»»»»» Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"incestuously"="{03413bf7-e34c-445b-bfc0-a2b127255871}"
»»»»»»»»»»»»»»»»»»»»»»»» Killing process
»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix
GenericRenosFix by S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files
C:\WINDOWS\.protected Deleted
C:\WINDOWS\system32\issearch.exe Deleted
C:\WINDOWS\system32\ot.ico Deleted
C:\WINDOWS\system32\1024\ Deleted
\.protected Deleted
»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files
»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""
»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning
Registry Cleaning done.
»»»»»»»»»»»»»»»»»»»»»»»» After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» End
(part 2 incoming)
---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------
+ Created at: 12:34:44 AM 12/25/2006
+ Scan result:
D:\Old Windows\WINDOWS.old\system32\mscjjn.dll -> Adware.180Solutions : Ignored.
C:\Program Files\Common Files\Yazzle1122OinUninstaller.exe -> Adware.ClickSpring : Ignored.
D:\Old Windows\WINDOWS.old\system32\msiaih.dll -> Adware.Ipend : Ignored.
C:\WINDOWS\NDNuninstall6_98.exe -> Adware.NewDotNet : Ignored.
C:\WINDOWS\NDNuninstall7_14.exe -> Adware.NewDotNet : Ignored.
D:\Old Windows\WINDOWS.old\NDNuninstall4_80.exe -> Adware.NewDotNet : Ignored.
D:\Firefox\extensions\{BEE3E87E-E1C6-4bfe-BE9D-48E84271AB34}\components\whenu_ff.dll -> Adware.SaveNow : Ignored.
C:\WINDOWS\system32\mrcpjqyb.dll -> Adware.Winfixer : Ignored.
C:\WINDOWS\system32\naeprbdb.dll -> Adware.Winfixer : Ignored.
C:\System Volume Information\_restore{C007E31E-27B2-46F7-B1D1-2529D96E003E}\RP631\A0065673.exe -> Downloader.Zlob.agw : Cleaned with backup (quarantined).
C:\WINDOWS\system32\ixt0.dll_tobedeleted -> Downloader.Zlob.agw : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{C007E31E-27B2-46F7-B1D1-2529D96E003E}\RP630\A0065627.dll -> Logger.VBStat.e : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{C007E31E-27B2-46F7-B1D1-2529D96E003E}\RP630\A0065628.dll -> Logger.VBStat.e : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{C007E31E-27B2-46F7-B1D1-2529D96E003E}\RP630\A0065630.dll -> Logger.VBStat.e : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{C007E31E-27B2-46F7-B1D1-2529D96E003E}\RP630\A0065631.dll -> Logger.VBStat.e : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{C007E31E-27B2-46F7-B1D1-2529D96E003E}\RP630\A0065632.dll -> Logger.VBStat.e : Cleaned with backup (quarantined).
C:\VundoFix Backups\abdefshb.dll.bad -> Logger.VBStat.e : Cleaned with backup (quarantined).
C:\VundoFix Backups\buunuegm.dll.bad -> Logger.VBStat.e : Cleaned with backup (quarantined).
C:\VundoFix Backups\gtagoqib.dll.bad -> Logger.VBStat.e : Cleaned with backup (quarantined).
C:\VundoFix Backups\ogexgmwd.dll.bad -> Logger.VBStat.e : Cleaned with backup (quarantined).
C:\VundoFix Backups\sdyovrux.dll.bad -> Logger.VBStat.e : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{C007E31E-27B2-46F7-B1D1-2529D96E003E}\RP630\A0065634.exe -> Not-A-Virus.Downloader.Win32.WinFixer.r : Cleaned.
C:\System Volume Information\_restore{C007E31E-27B2-46F7-B1D1-2529D96E003E}\RP630\A0065635.exe -> Not-A-Virus.Downloader.Win32.WinFixer.r : Cleaned.
C:\VundoFix Backups\hvgbstuk.exe.bad -> Not-A-Virus.Downloader.Win32.WinFixer.r : Cleaned.
C:\VundoFix Backups\mdhgeocc.exe.bad -> Not-A-Virus.Downloader.Win32.WinFixer.r : Cleaned.
D:\downloads\James\Tools\L0phtcrack 1.5\lc15exe.zip/LC_CLI.EXE -> Not-A-Virus.PSWTool.Win32.MDupdate : Ignored.
D:\downloads\James\Tools\L0phtcrack 1.5\pwdump3v2.zip/LsaExt.dll -> Not-A-Virus.PSWTool.Win32.PWDump.3 : Ignored.
D:\downloads\James\Tools\L0phtcrack 1.5\pwdump3e.zip/LsaExt.dll -> Not-A-Virus.PSWTool.Win32.PWDump3 : Ignored.
D:\downloads\James\Tools\L0phtcrack 1.5\pwdump3e.zip/PwDump3e.exe -> Not-A-Virus.PSWTool.Win32.PWDump3 : Ignored.
D:\downloads\James\Tools\L0phtcrack 1.5\pwdump3e.zip/pwservice.exe -> Not-A-Virus.PSWTool.Win32.PWDump3 : Ignored.
D:\downloads\James\Tools\L0phtcrack 1.5\pwdump3v2.zip/PwDump3.exe -> Not-A-Virus.PSWTool.Win32.PWDump3 : Ignored.
D:\downloads\James\Tools\L0phtcrack 1.5\pwdump3v2.zip/pwservice.exe -> Not-A-Virus.PSWTool.Win32.PWDump3 : Ignored.
D:\downloads\James\VNC\vnc-3.3.3r9_x86_win32.zip/vnc_x86_win32/vncviewer/vncviewer.exe -> Not-A-Virus.RemoteAdmin.Win32.WinVNC.333 : Ignored.
D:\downloads\James\VNC\vncviewer.exe -> Not-A-Virus.RemoteAdmin.Win32.WinVNC.333 : Ignored.
D:\Old Windows\Documents and Settings.old\Dan Walsh\Desktop\msn7patch.exe -> Not-A-Virus.VirTool.Win32.AvSpoffer.a : Cleaned.
:mozilla.130:C:\Documents and Settings\dan\Application Data\Mozilla\Firefox\Profiles\g7msxaql.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.14:C:\Documents and Settings\dan\Application Data\Mozilla\Firefox\Profiles\g7msxaql.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.15:C:\Documents and Settings\dan\Application Data\Mozilla\Firefox\Profiles\g7msxaql.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.162:C:\Documents and Settings\dan\Application Data\Mozilla\Firefox\Profiles\g7msxaql.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.16:C:\Documents and Settings\dan\Application Data\Mozilla\Firefox\Profiles\g7msxaql.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.17:C:\Documents and Settings\dan\Application Data\Mozilla\Firefox\Profiles\g7msxaql.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.18:C:\Documents and Settings\dan\Application Data\Mozilla\Firefox\Profiles\g7msxaql.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.19:C:\Documents and Settings\dan\Application Data\Mozilla\Firefox\Profiles\g7msxaql.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.20:C:\Documents and Settings\dan\Application Data\Mozilla\Firefox\Profiles\g7msxaql.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.21:C:\Documents and Settings\dan\Application Data\Mozilla\Firefox\Profiles\g7msxaql.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.22:C:\Documents and Settings\dan\Application Data\Mozilla\Firefox\Profiles\g7msxaql.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.23:C:\Documents and Settings\dan\Application Data\Mozilla\Firefox\Profiles\g7msxaql.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.348:C:\Documents and Settings\dan\Application Data\Mozilla\Firefox\Profiles\g7msxaql.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.367:C:\Documents and Settings\dan\Application Data\Mozilla\Firefox\Profiles\g7msxaql.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.397:C:\Documents and Settings\dan\Application Data\Mozilla\Firefox\Profiles\g7msxaql.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.466:C:\Documents and Settings\dan\Application Data\Mozilla\Firefox\Profiles\g7msxaql.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
G:\Users\Dan\AppData\Roaming\Microsoft\Windows\Cookies\Low\dan@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.66:C:\Documents and Settings\dan\Application Data\Mozilla\Firefox\Profiles\g7msxaql.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.67:C:\Documents and Settings\dan\Application Data\Mozilla\Firefox\Profiles\g7msxaql.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.120:C:\Documents and Settings\dan\Application Data\Mozilla\Firefox\Profiles\g7msxaql.default\cookies.txt -> TrackingCookie.Addynamix : Cleaned.
:mozilla.643:C:\Documents and Settings\dan\Application Data\Mozilla\Firefox\Profiles\g7msxaql.default\cookies.txt -> TrackingCookie.Adjuggler : Cleaned.
:mozilla.644:C:\Documents and Settings\dan\Application Data\Mozilla\Firefox\Profiles\g7msxaql.default\cookies.txt -> TrackingCookie.Adjuggler : Cleaned.
:mozilla.640:C:\Documents and Settings\dan\Application Data\Mozilla\Firefox\Profiles\g7msxaql.default\cookies.txt -> TrackingCookie.Bridgetrack : Cleaned.
:mozilla.641:C:\Documents and Settings\dan\Application Data\Mozilla\Firefox\Profiles\g7msxaql.default\cookies.txt -> TrackingCookie.Bridgetrack : Cleaned.
:mozilla.687:C:\Documents and Settings\dan\Application Data\Mozilla\Firefox\Profiles\g7msxaql.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.187:C:\Documents and Settings\dan\Application Data\Mozilla\Firefox\Profiles\g7msxaql.default\cookies.txt -> TrackingCookie.Com : Cleaned.
:mozilla.188:C:\Documents and Settings\dan\Application Data\Mozilla\Firefox\Profiles\g7msxaql.default\cookies.txt -> TrackingCookie.Com : Cleaned.
:mozilla.189:C:\Documents and Settings\dan\Application Data\Mozilla\Firefox\Profiles\g7msxaql.default\cookies.txt -> TrackingCookie.Com : Cleaned.
:mozilla.190:C:\Documents and Settings\dan\Application Data\Mozilla\Firefox\Profiles\g7msxaql.default\cookies.txt -> TrackingCookie.Com : Cleaned.
:mozilla.191:C:\Documents and Settings\dan\Application Data\Mozilla\Firefox\Profiles\g7msxaql.default\cookies.txt -> TrackingCookie.Com : Cleaned.
:mozilla.192:C:\Documents and Settings\dan\Application Data\Mozilla\Firefox\Profiles\g7msxaql.default\cookies.txt -> TrackingCookie.Com : Cleaned.
:mozilla.636:C:\Documents and Settings\dan\Application Data\Mozilla\Firefox\Profiles\g7msxaql.default\cookies.txt -> TrackingCookie.Com : Cleaned.
:mozilla.637:C:\Documents and Settings\dan\Application Data\Mozilla\Firefox\Profiles\g7msxaql.default\cookies.txt -> TrackingCookie.Com : Cleaned.
:mozilla.703:C:\Documents and Settings\dan\Application Data\Mozilla\Firefox\Profiles\g7msxaql.default\cookies.txt -> TrackingCookie.Directnetadvertising : Cleaned.
:mozilla.10:C:\Documents and Settings\dan\Application Data\Mozilla\Firefox\Profiles\g7msxaql.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.110:C:\Documents and Settings\dan\Application Data\Mozilla\Firefox\Profiles\g7msxaql.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.111:C:\Documents and Settings\dan\Application Data\Mozilla\Firefox\Profiles\g7msxaql.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.112:C:\Documents and Settings\dan\Application Data\Mozilla\Firefox\Profiles\g7msxaql.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.113:C:\Documents and Settings\dan\Application Data\Mozilla\Firefox\Profiles\g7msxaql.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.114:C:\Documents and Settings\dan\Application Data\Mozilla\Firefox\Profiles\g7msxaql.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.725:C:\Documents and Settings\dan\Application Data\Mozilla\Firefox\Profiles\g7msxaql.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.726:C:\Documents and Settings\dan\Application Data\Mozilla\Firefox\Profiles\g7msxaql.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.68:C:\Documents and Settings\dan\Application Data\Mozilla\Firefox\Profiles\g7msxaql.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.69:C:\Documents and Settings\dan\Application Data\Mozilla\Firefox\Profiles\g7msxaql.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.70:C:\Documents and Settings\dan\Application Data\Mozilla\Firefox\Profiles\g7msxaql.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.71:C:\Documents and Settings\dan\Application Data\Mozilla\Firefox\Profiles\g7msxaql.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.645:C:\Documents and Settings\dan\Application Data\Mozilla\Firefox\Profiles\g7msxaql.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.646:C:\Documents and Settings\dan\Application Data\Mozilla\Firefox\Profiles\g7msxaql.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.647:C:\Documents and Settings\dan\Application Data\Mozilla\Firefox\Profiles\g7msxaql.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.648:C:\Documents and Settings\dan\Application Data\Mozilla\Firefox\Profiles\g7msxaql.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.654:C:\Documents and Settings\dan\Application Data\Mozilla\Firefox\Profiles\g7msxaql.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.655:C:\Documents and Settings\dan\Application Data\Mozilla\Firefox\Profiles\g7msxaql.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.656:C:\Documents and Settings\dan\Application Data\Mozilla\Firefox\Profiles\g7msxaql.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.657:C:\Documents and Settings\dan\Application Data\Mozilla\Firefox\Profiles\g7msxaql.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.658:C:\Documents and Settings\dan\Application Data\Mozilla\Firefox\Profiles\g7msxaql.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.77:C:\Documents and Settings\dan\Application Data\Mozilla\Firefox\Profiles\g7msxaql.default\cookies.txt -> TrackingCookie.Onestat : Cleaned.
:mozilla.78:C:\Documents and Settings\dan\Application Data\Mozilla\Firefox\Profiles\g7msxaql.default\cookies.txt -> TrackingCookie.Onestat : Cleaned.
:mozilla.79:C:\Documents and Settings\dan\Application Data\Mozilla\Firefox\Profiles\g7msxaql.default\cookies.txt -> TrackingCookie.Onestat : Cleaned.
:mozilla.391:C:\Documents and Settings\dan\Application Data\Mozilla\Firefox\Profiles\g7msxaql.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.404:C:\Documents and Settings\dan\Application Data\Mozilla\Firefox\Profiles\g7msxaql.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.121:C:\Documents and Settings\dan\Application Data\Mozilla\Firefox\Profiles\g7msxaql.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.122:C:\Documents and Settings\dan\Application Data\Mozilla\Firefox\Profiles\g7msxaql.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.123:C:\Documents and Settings\dan\Application Data\Mozilla\Firefox\Profiles\g7msxaql.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.124:C:\Documents and Settings\dan\Application Data\Mozilla\Firefox\Profiles\g7msxaql.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.414:C:\Documents and Settings\dan\Application Data\Mozilla\Firefox\Profiles\g7msxaql.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.415:C:\Documents and Settings\dan\Application Data\Mozilla\Firefox\Profiles\g7msxaql.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.416:C:\Documents and Settings\dan\Application Data\Mozilla\Firefox\Profiles\g7msxaql.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.417:C:\Documents and Settings\dan\Application Data\Mozilla\Firefox\Profiles\g7msxaql.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.226:C:\Documents and Settings\dan\Application Data\Mozilla\Firefox\Profiles\g7msxaql.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.227:C:\Documents and Settings\dan\Application Data\Mozilla\Firefox\Profiles\g7msxaql.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.228:C:\Documents and Settings\dan\Application Data\Mozilla\Firefox\Profiles\g7msxaql.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.229:C:\Documents and Settings\dan\Application Data\Mozilla\Firefox\Profiles\g7msxaql.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.230:C:\Documents and Settings\dan\Application Data\Mozilla\Firefox\Profiles\g7msxaql.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.231:C:\Documents and Settings\dan\Application Data\Mozilla\Firefox\Profiles\g7msxaql.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.232:C:\Documents and Settings\dan\Application Data\Mozilla\Firefox\Profiles\g7msxaql.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.233:C:\Documents and Settings\dan\Application Data\Mozilla\Firefox\Profiles\g7msxaql.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.234:C:\Documents and Settings\dan\Application Data\Mozilla\Firefox\Profiles\g7msxaql.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.453:C:\Documents and Settings\dan\Application Data\Mozilla\Firefox\Profiles\g7msxaql.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.454:C:\Documents and Settings\dan\Application Data\Mozilla\Firefox\Profiles\g7msxaql.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.455:C:\Documents and Settings\dan\Application Data\Mozilla\Firefox\Profiles\g7msxaql.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.456:C:\Documents and Settings\dan\Application Data\Mozilla\Firefox\Profiles\g7msxaql.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.457:C:\Documents and Settings\dan\Application Data\Mozilla\Firefox\Profiles\g7msxaql.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.115:C:\Documents and Settings\dan\Application Data\Mozilla\Firefox\Profiles\g7msxaql.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.116:C:\Documents and Settings\dan\Application Data\Mozilla\Firefox\Profiles\g7msxaql.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.117:C:\Documents and Settings\dan\Application Data\Mozilla\Firefox\Profiles\g7msxaql.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.118:C:\Documents and Settings\dan\Application Data\Mozilla\Firefox\Profiles\g7msxaql.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.119:C:\Documents and Settings\dan\Application Data\Mozilla\Firefox\Profiles\g7msxaql.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.493:C:\Documents and Settings\dan\Application Data\Mozilla\Firefox\Profiles\g7msxaql.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.494:C:\Documents and Settings\dan\Application Data\Mozilla\Firefox\Profiles\g7msxaql.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.495:C:\Documents and Settings\dan\Application Data\Mozilla\Firefox\Profiles\g7msxaql.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.597:C:\Documents and Settings\dan\Application Data\Mozilla\Firefox\Profiles\g7msxaql.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.598:C:\Documents and Settings\dan\Application Data\Mozilla\Firefox\Profiles\g7msxaql.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.500:C:\Documents and Settings\dan\Application Data\Mozilla\Firefox\Profiles\g7msxaql.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.501:C:\Documents and Settings\dan\Application Data\Mozilla\Firefox\Profiles\g7msxaql.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.502:C:\Documents and Settings\dan\Application Data\Mozilla\Firefox\Profiles\g7msxaql.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.503:C:\Documents and Settings\dan\Application Data\Mozilla\Firefox\Profiles\g7msxaql.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.504:C:\Documents and Settings\dan\Application Data\Mozilla\Firefox\Profiles\g7msxaql.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.505:C:\Documents and Settings\dan\Application Data\Mozilla\Firefox\Profiles\g7msxaql.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.506:C:\Documents and Settings\dan\Application Data\Mozilla\Firefox\Profiles\g7msxaql.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.507:C:\Documents and Settings\dan\Application Data\Mozilla\Firefox\Profiles\g7msxaql.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.508:C:\Documents and Settings\dan\Application Data\Mozilla\Firefox\Profiles\g7msxaql.default\cookies.txt -> TrackingCookie.Trafic : Cleaned.
:mozilla.509:C:\Documents and Settings\dan\Application Data\Mozilla\Firefox\Profiles\g7msxaql.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.510:C:\Documents and Settings\dan\Application Data\Mozilla\Firefox\Profiles\g7msxaql.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.511:C:\Documents and Settings\dan\Application Data\Mozilla\Firefox\Profiles\g7msxaql.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.512:C:\Documents and Settings\dan\Application Data\Mozilla\Firefox\Profiles\g7msxaql.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.513:C:\Documents and Settings\dan\Application Data\Mozilla\Firefox\Profiles\g7msxaql.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.591:C:\Documents and Settings\dan\Application Data\Mozilla\Firefox\Profiles\g7msxaql.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.592:C:\Documents and Settings\dan\Application Data\Mozilla\Firefox\Profiles\g7msxaql.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.593:C:\Documents and Settings\dan\Application Data\Mozilla\Firefox\Profiles\g7msxaql.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.86:C:\Documents and Settings\dan\Application Data\Mozilla\Firefox\Profiles\g7msxaql.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.87:C:\Documents and Settings\dan\Application Data\Mozilla\Firefox\Profiles\g7msxaql.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
C:\System Volume Information\_restore{C007E31E-27B2-46F7-B1D1-2529D96E003E}\RP630\A0065636.dll -> Trojan.Small : Cleaned with backup (quarantined).
C:\VundoFix Backups\services.dll.bad -> Trojan.Small : Cleaned with backup (quarantined).
::Report end
Thanks again, and I hope you have a very Merry Christmas, and Happy Holidays!!!!
Dan
Angelfire777
2006-12-25, 09:26
Hi, Merry Christmas too :)
I'll be offline starting tomorrow till friday afternoon. Is it ok if you wait till then or do you want me to get another helper for you?
*We need to temporarily disable Spybot's TeaTimer, it may stop our fix.
Disable Spybot's TeaTimer. This is a two step process.
First:
- Right click Spybot in the System Tray (looks like a calendar with a padlock symbol)
- Choose Exit Spybot S&D Resident
Second:
- Open Spybot S&D
- Click Mode, check Advanced Mode
- Go To Left Panel, Click Tools, then also in left panel, click Resident
- If your firewall raises a question, say OK
- Uncheck the box labeled Resident Tea-Timer and OK any prompts.
- Use File, Exit to terminate Spybot
- Reboot your machine for the changes to take effect.
*Open HijackThis > choose Scan Only > Place a checkmark in the boxes beside these entries in bold.
O1 - Hosts: 70.91.164.100 capone.adwinternational.com
O2 - BHO: (no name) - {3FD6B99C-A275-46ea-8FD1-3D63986E51E4} - C:\WINDOWS\system32\jvikrwgn.dll
O2 - BHO: (no name) - {9E28602D-2826-4A93-A763-5AF53E9145BA} - C:\WINDOWS\system\das.dll (file missing)
O2 - BHO: (no name) - {DA14D766-2E78-4627-91BC-BD104C55E4Fe} - C:\WINDOWS\system32\vkkipite.dll (file missing)
O4 - HKLM\..\Run: [DllRunning] rundll32.exe "C:\WINDOWS\system32\howbrwbt.dll",setvm
O4 - Global Startup: .protected
O20 - Winlogon Notify: winemx32 - winemx32.dll (file missing)
Close your browsers and all open windows except for HijackThis, then click "Fix checked".
*boot to safe mode again
*Configure your machine to view hidden files:
Windows XP
Click Start.
Open My Computer..
Select the Tools menu and click Folder Options.
Select the View Tab.
Under the "Hidden files and folders" heading select Show hidden files and folders.
Uncheck the Hide Protected Operating System Files Option.
Click Yes to confirm.
Click OK.
*Using Windows Explorer, find and delete these files:
C:\WINDOWS\system32\jvikrwgn.dll
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\.protected
C:\WINDOWS\system32\howbrwbt.dll
C:\windows\system32\winemx32.dll
Delete the following folder:
C:\Program Files\Common Files\{E02A20B3-0710-1033-0112-050729050001}
Empty your recycle bin.
*Please run AVG antispyware one more time and this time please make sure that you click the "apply all actions" button first before clicking the "save report" button. Reboot to normal mode.
on your next reply, please include a fresh Hijackthis log and the AVG Antispyware log.
Angelfire777
2007-01-01, 13:19
Hi, how are you doing with the fix?
This topic is closed due to lack of a response to helper, :sad: if you need it re-opened please send me a private message (pm) and provide a link to the thread.
Applies only to the original topic starter.