Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Got infected really bad! Help


  • This topic is locked This topic is locked

#1
minnie25

minnie25

    Member

  • Member
  • PipPip
  • 21 posts
Hello, I was wondering if you could help me get rid of this horrible virus, it's taking control over my pc, pop ups are non stop, my initial homepage has changed and it won't go back to normal, it's totally messed up...
Help please!!
  • 0

Advertisements


#2
Flrman1

Flrman1

    Malware Assassin

  • Retired Staff
  • 6,596 posts
Hello again minnie25. Welcome to GTG! :whistling:

I'll be glad to try and help you again, but if I do please stick with me and follow through with the recommendations I give and post any logs I ask for after you complete the steps I give you. Stay with me until I'm sure you are clean. I helped you before here:

http://www.geekstogo...s...=101080&hl=

You never did finish with me there. If you develop a habit of starting threads and not following through with them to completion, the staff here will become reluctant to help you as it appears that our efforts and time have been wasted.

Please do this:

* Click here to download HJTsetup.exe
  • Save HJTsetup.exe to your desktop.
  • Doubleclick on the HJTsetup.exe icon on your desktop.
  • By default it will install to C:\Program Files\Hijack This.
  • Continue to click Next in the setup dialogue boxes until you get to the Select Addition Tasks dialogue.
  • Put a check by Create a desktop icon then click Next again.
  • Continue to follow the rest of the prompts from there.
  • At the final dialogue box click Finish and it will launch Hijack This.
  • Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
  • Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT have Hijack This fix anything yet. Most of what it finds will be harmless or even required.
* Also open Hijack This and click on the "Open the Misc Tools section" button. Click on the "Open Uninstall Manager" button. Click the "Save List" button. After you click the "Save List" button, you will be asked where to save the file. Pick a place to save it then the list should open in notepad. Copy and paste that list here.

Edited by Flrman1, 26 November 2006 - 05:11 PM.

  • 0

#3
minnie25

minnie25

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts
hey Flrman1, thank you so much for your help, i promise I will follow all the instructions this time, for some reason my pc got so messed up, I also want to let you know that when I restart my computer, a box appears saying something like windows cannot file this file... But there's like more than 50 files missing, do you know what happened? Anyways, here's the report you asked me...

Logfile of HijackThis v1.99.1
Scan saved at 19:03, on 06-11-28
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RmFicmljaW8gQXpldmVkbw\command.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\Network Monitor\netmon.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\inet20126\services.exe
C:\Program Files\Gold Codec\isamonitor.exe
C:\Program Files\Gold Codec\pmsngr.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Gold Codec\pmmon.exe
C:\Program Files\Gold Codec\isamini.exe
C:\windows\system32\winclean.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\safe-share\SafeShare.exe
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Common Files\{E4CDB972-0AE7-1033-1202-030512200001}\Update.exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\DOCUME~1\FABRIC~1\APPLIC~1\CURITY~1\logonui.exe
C:\PROGRA~1\COMMON~1\mufr\mufrm.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\inet20126\wpcem.exe
C:\WINDOWS\system32\LVComS.exe
C:\WINDOWS\inet20126\wpcem.exe
C:\WINDOWS\inet20126\OEM.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
C:\WINDOWS\inet20126\wpcem.exe
C:\WINDOWS\inet20126\OEM.exe
C:\WINDOWS\inet20126\wpcem.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\inet20126\wpcem.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\inet20126\mmx649.exe
C:\WINDOWS\inet20126\wpcem.exe
C:\WINDOWS\inet20126\wpcem.exe
C:\WINDOWS\inet20126\wpcem.exe
C:\WINDOWS\inet20126\wpcem.exe
C:\WINDOWS\inet20126\wpcem.exe
C:\WINDOWS\inet20126\wpcem.exe
C:\WINDOWS\inet20126\wpcem.exe
C:\PROGRA~1\COMMON~1\mufr\mufra.exe
C:\WINDOWS\inet20126\wpcem.exe
C:\WINDOWS\inet20126\free.exe
C:\WINDOWS\inet20126\wpcem.exe
C:\Program Files\Hijackthis\HijackThis.exe
C:\Program Files\Internet Explorer\iexplore.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Yahoo!
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
R3 - URLSearchHook: (no name) - {ADE800CE-922D-CC8C-7C05-C9891E2F62C5} - C:\WINDOWS\system32\ksjfbf.dll
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
F3 - REG:win.ini: run=C:\WINDOWS\inet20126\services.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: edit_html Class - {14D1A72D-8705-11D8-B120-0040F46CB696} - C:\WINDOWS\inet20126\11290169.dll
O2 - BHO: (no name) - {73364D99-1240-4dff-B12A-67E448373148} - C:\WINDOWS\system32\ipv6mons.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: (no name) - {ae18da4e-be15-4925-81bb-890c04af0200} - C:\Program Files\Gold Codec\isaddon.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: 888Bar - {C004DEC2-2623-438e-9CA2-C9043AB28508} - C:\Program Files\Common Files\{34CDB972-0AE7-1033-1202-030512200001}\888.dll
O3 - Toolbar: OIN Search - {B9F6E8EB-A4E3-478E-88A4-D3995B5C45C8} - C:\Program Files\OIN Search\OINSearch.dll
O3 - Toolbar: Protection Bar - {96ebbe6a-2864-4345-b32b-26ee9be524b5} - C:\Program Files\Gold Codec\iesplugin.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [IpWins] C:\Program Files\ipwins\ipwins.exe
O4 - HKLM\..\Run: [winclean] c:\windows\system32\winclean.exe
O4 - HKLM\..\Run: [wupdate] rundll32.exe c:\wupdate.dll,wupdate
O4 - HKLM\..\Run: [Unshare] C:\Program Files\safe-share\SafeShare.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [Microsoft WWW] C:\WINDOWS\inet20126\free.exe
O4 - HKLM\..\Run: [Microsoft WPCEmail] C:\WINDOWS\inet20126\svchost.exe
O4 - HKLM\..\Run: [xp_system] C:\WINDOWS\inet20126\services.exe
O4 - HKLM\..\RunOnce: [wupdatepotyqrxc] c:\potyqrxc.exe
O4 - HKLM\..\RunOnce: [wupdatecnnendah] c:\cnnendah.exe
O4 - HKLM\..\RunOnce: [wupdatelupkycju] c:\lupkycju.exe
O4 - HKLM\..\RunOnce: [wupdategcyhojfm] c:\gcyhojfm.exe
O4 - HKLM\..\RunOnce: [wupdatejjjihdwe] c:\jjjihdwe.exe
O4 - HKLM\..\RunOnce: [wupdateyazefpxi] c:\yazefpxi.exe
O4 - HKLM\..\RunOnce: [wupdatekhhyxsoz] c:\khhyxsoz.exe
O4 - HKLM\..\RunOnce: [wupdatectqxywoo] c:\ctqxywoo.exe
O4 - HKLM\..\RunOnce: [wupdaterwsmxtzc] c:\rwsmxtzc.exe
O4 - HKLM\..\RunOnce: [wupdateppnioftd] c:\ppnioftd.exe
O4 - HKLM\..\RunOnce: [wupdateexunjekb] c:\exunjekb.exe
O4 - HKLM\..\RunOnce: [wupdateosllkrwa] c:\osllkrwa.exe
O4 - HKLM\..\RunOnce: [wupdateilkmnwxm] c:\ilkmnwxm.exe
O4 - HKLM\..\RunOnce: [wupdatejactrerj] c:\jactrerj.exe
O4 - HKLM\..\RunOnce: [wupdateyupbamtn] c:\yupbamtn.exe
O4 - HKLM\..\RunOnce: [wupdateagutoldc] c:\agutoldc.exe
O4 - HKLM\..\RunOnce: [wupdateklirbpef] c:\klirbpef.exe
O4 - HKLM\..\RunOnce: [wupdategrejhzbh] c:\grejhzbh.exe
O4 - HKLM\..\RunOnce: [wupdatezahxolea] c:\zahxolea.exe
O4 - HKLM\..\RunOnce: [wupdateqguknbrq] c:\qguknbrq.exe
O4 - HKLM\..\RunOnce: [wupdateagjxjwbe] c:\agjxjwbe.exe
O4 - HKLM\..\RunOnce: [wupdatexkxzklow] c:\xkxzklow.exe
O4 - HKLM\..\RunOnce: [wupdateyvovomfh] c:\yvovomfh.exe
O4 - HKLM\..\RunOnce: [wupdatedabywqbe] c:\dabywqbe.exe
O4 - HKLM\..\RunOnce: [wupdatepjljkito] c:\pjljkito.exe
O4 - HKLM\..\RunOnce: [wupdateunxjppfr] c:\unxjppfr.exe
O4 - HKLM\..\RunOnce: [wupdatemidzszfi] c:\midzszfi.exe
O4 - HKLM\..\RunOnce: [wupdateamvvorhv] c:\amvvorhv.exe
O4 - HKLM\..\RunOnce: [wupdateudqpykfo] c:\udqpykfo.exe
O4 - HKLM\..\RunOnce: [wupdateyxmdvrlx] c:\yxmdvrlx.exe
O4 - HKLM\..\RunOnce: [wupdateruwxlyfe] c:\ruwxlyfe.exe
O4 - HKLM\..\RunOnce: [wupdatenzvjbtpk] c:\nzvjbtpk.exe
O4 - HKLM\..\RunOnce: [wupdatekbbrrffo] c:\kbbrrffo.exe
O4 - HKLM\..\RunOnce: [wupdateezltnhym] c:\ezltnhym.exe
O4 - HKLM\..\RunOnce: [wupdatepirmiehz] c:\pirmiehz.exe
O4 - HKLM\..\RunOnce: [wupdateokmuiwri] c:\okmuiwri.exe
O4 - HKLM\..\RunOnce: [wupdatekoxwkukc] c:\koxwkukc.exe
O4 - HKLM\..\RunOnce: [wupdateaqespgsv] c:\aqespgsv.exe
O4 - HKLM\..\RunOnce: [wupdaterfnathde] c:\rfnathde.exe
O4 - HKLM\..\RunOnce: [wupdateserdsgjr] c:\serdsgjr.exe
O4 - HKLM\..\RunOnce: [wupdatebelauvgv] c:\belauvgv.exe
O4 - HKLM\..\RunOnce: [wupdaterhrgkrcc] c:\rhrgkrcc.exe
O4 - HKLM\..\RunOnce: [wupdatelrnhcplf] c:\lrnhcplf.exe
O4 - HKLM\..\RunOnce: [wupdategfakajad] c:\gfakajad.exe
O4 - HKLM\..\RunOnce: [wupdatevibfkuap] c:\vibfkuap.exe
O4 - HKLM\..\RunOnce: [wupdatebxnosyuc] c:\bxnosyuc.exe
O4 - HKLM\..\RunOnce: [wupdatesztiuhqs] c:\sztiuhqs.exe
O4 - HKLM\..\RunOnce: [wupdategannoyec] c:\gannoyec.exe
O4 - HKLM\..\RunOnce: [wupdategqdzwxwh] c:\gqdzwxwh.exe
O4 - HKLM\..\RunOnce: [wupdateuxusuqug] c:\uxusuqug.exe
O4 - HKLM\..\RunOnce: [wupdatekkmqbezl] c:\kkmqbezl.exe
O4 - HKLM\..\RunOnce: [wupdatelmygazum] c:\lmygazum.exe
O4 - HKLM\..\RunOnce: [wupdatefngirgrb] c:\fngirgrb.exe
O4 - HKLM\..\RunOnce: [wupdateeghriqmp] c:\eghriqmp.exe
O4 - HKLM\..\RunOnce: [wupdateuezceyqi] c:\uezceyqi.exe
O4 - HKLM\..\RunOnce: [wupdateecmfpucz] c:\ecmfpucz.exe
O4 - HKLM\..\RunOnce: [wupdatesoxniohc] c:\soxniohc.exe
O4 - HKLM\..\RunOnce: [wupdateflgindlw] c:\flgindlw.exe
O4 - HKLM\..\RunOnce: [wupdateerqzjymk] c:\erqzjymk.exe
O4 - HKLM\..\RunOnce: [wupdateqxazxxrw] c:\qxazxxrw.exe
O4 - HKLM\..\RunOnce: [wupdateaiwhgjfu] c:\aiwhgjfu.exe
O4 - HKLM\..\RunOnce: [wupdatermojxotj] c:\rmojxotj.exe
O4 - HKLM\..\RunOnce: [wupdateeeyyulhw] c:\eeyyulhw.exe
O4 - HKLM\..\RunOnce: [wupdateqjxabcla] c:\qjxabcla.exe
O4 - HKLM\..\RunOnce: [wupdatepkusvbzq] c:\pkusvbzq.exe
O4 - HKLM\..\RunOnce: [wupdatezxsmppsc] c:\zxsmppsc.exe
O4 - HKLM\..\RunOnce: [wupdatepzkanirb] c:\pzkanirb.exe
O4 - HKLM\..\RunOnce: [wupdaterneqpmqa] c:\rneqpmqa.exe
O4 - HKLM\..\RunOnce: [wupdateajohkpti] c:\ajohkpti.exe
O4 - HKLM\..\RunOnce: [wupdategsrecfyr] c:\gsrecfyr.exe
O4 - HKLM\..\RunOnce: [wupdatekmpqribk] c:\kmpqribk.exe
O4 - HKLM\..\RunOnce: [wupdateaxkbmjua] c:\axkbmjua.exe
O4 - HKLM\..\RunOnce: [wupdateeuayhxro] c:\euayhxro.exe
O4 - HKLM\..\RunOnce: [wupdatehlcwkokk] c:\hlcwkokk.exe
O4 - HKLM\..\RunOnce: [wupdatevbgqgwqp] c:\vbgqgwqp.exe
O4 - HKLM\..\RunOnce: [wupdateootjejvy] c:\ootjejvy.exe
O4 - HKLM\..\RunOnce: [wupdatedjgxspqj] c:\djgxspqj.exe
O4 - HKLM\..\RunOnce: [wupdatereewxfmd] c:\reewxfmd.exe
O4 - HKLM\..\RunOnce: [wupdategaegfgoh] c:\gaegfgoh.exe
O4 - HKLM\..\RunOnce: [wupdateabwqpjze] c:\abwqpjze.exe
O4 - HKLM\..\RunOnce: [wupdatecqfwwzjt] c:\cqfwwzjt.exe
O4 - HKLM\..\RunOnce: [wupdateqnqjmwtk] c:\qnqjmwtk.exe
O4 - HKLM\..\RunOnce: [wupdatehvdcnmrm] c:\hvdcnmrm.exe
O4 - HKLM\..\RunOnce: [wupdateqmdsbmtw] c:\qmdsbmtw.exe
O4 - HKLM\..\RunOnce: [wupdateoibwyglz] c:\oibwyglz.exe
O4 - HKLM\..\RunOnce: [wupdatednvmloem] c:\dnvmloem.exe
O4 - HKLM\..\RunOnce: [wupdatetwcdahsd] c:\twcdahsd.exe
O4 - HKLM\..\RunOnce: [wupdateomlkkcbt] c:\omlkkcbt.exe
O4 - HKLM\..\RunOnce: [wupdatedcbizggk] c:\dcbizggk.exe
O4 - HKLM\..\RunOnce: [wupdateuusfpobc] c:\uusfpobc.exe
O4 - HKLM\..\RunOnce: [wupdatepobunghl] c:\pobunghl.exe
O4 - HKLM\..\RunOnce: [wupdateldejwxbg] c:\ldejwxbg.exe
O4 - HKLM\..\RunOnce: [wupdatetpldcsbl] c:\tpldcsbl.exe
O4 - HKLM\..\RunOnce: [wupdateymtjflau] c:\ymtjflau.exe
O4 - HKLM\..\RunOnce: [wupdatecjdvwqss] c:\cjdvwqss.exe
O4 - HKLM\..\RunOnce: [wupdateubleevjl] c:\ubleevjl.exe
O4 - HKLM\..\RunOnce: [wupdatekopmgbwv] c:\kopmgbwv.exe
O4 - HKLM\..\RunOnce: [wupdatesfasxazq] c:\sfasxazq.exe
O4 - HKLM\..\RunOnce: [wupdateqsklunhk] c:\qsklunhk.exe
O4 - HKLM\..\RunOnce: [wupdateukuhmctx] c:\ukuhmctx.exe
O4 - HKLM\..\RunOnce: [wupdatekszammph] c:\kszammph.exe
O4 - HKLM\..\RunOnce: [wupdatetdfzwigj] c:\tdfzwigj.exe
O4 - HKLM\..\RunOnce: [wupdatewbeeytzd] c:\wbeeytzd.exe
O4 - HKLM\..\RunOnce: [wupdatefwmbkclb] c:\fwmbkclb.exe
O4 - HKLM\..\RunOnce: [wupdatefsdtqyxt] c:\fsdtqyxt.exe
O4 - HKLM\..\RunOnce: [wupdatepznqrtll] c:\pznqrtll.exe
O4 - HKLM\..\RunOnce: [wupdatepytzzxsp] c:\pytzzxsp.exe
O4 - HKLM\..\RunOnce: [wupdaterqhtaqzv] c:\rqhtaqzv.exe
O4 - HKLM\..\RunOnce: [wupdatemjqaqfjg] c:\mjqaqfjg.exe
O4 - HKLM\..\RunOnce: [wupdatekwtdkxlu] c:\kwtdkxlu.exe
O4 - HKLM\..\RunOnce: [wupdatevwnfnjes] c:\vwnfnjes.exe
O4 - HKLM\..\RunOnce: [wupdateljnlvret] c:\ljnlvret.exe
O4 - HKLM\..\RunOnce: [wupdatedlergsja] c:\dlergsja.exe
O4 - HKLM\..\RunOnce: [wupdateamjvmrne] c:\amjvmrne.exe
O4 - HKLM\..\RunOnce: [wupdatevhyqchwm] c:\vhyqchwm.exe
O4 - HKLM\..\RunOnce: [wupdatelgcfvlge] c:\lgcfvlge.exe
O4 - HKLM\..\RunOnce: [wupdategrnxitaj] c:\grnxitaj.exe
O4 - HKLM\..\RunOnce: [wupdateadgwydhw] c:\adgwydhw.exe
O4 - HKLM\..\RunOnce: [wupdatezvpignec] c:\zvpignec.exe
O4 - HKLM\..\RunOnce: [wupdatejcpxmnqx] c:\jcpxmnqx.exe
O4 - HKLM\..\RunOnce: [wupdatebxnfoklu] c:\bxnfoklu.exe
O4 - HKLM\..\RunOnce: [wupdatermzldurv] c:\rmzldurv.exe
O4 - HKLM\..\RunOnce: [wupdatezybujthu] c:\zybujthu.exe
O4 - HKLM\..\RunOnce: [wupdateqbajprem] c:\qbajprem.exe
O4 - HKLM\..\RunOnce: [wupdatebxbqpjky] c:\bxbqpjky.exe
O4 - HKLM\..\RunOnce: [wupdateyurnygwp] c:\yurnygwp.exe
O4 - HKLM\..\RunOnce: [wupdatephczykfb] c:\phczykfb.exe
O4 - HKLM\..\RunOnce: [wupdategychpybc] c:\gychpybc.exe
O4 - HKLM\..\RunOnce: [wupdatezmemdgqn] c:\zmemdgqn.exe
O4 - HKLM\..\RunOnce: [wupdatenwbyrlmm] c:\nwbyrlmm.exe
O4 - HKLM\..\RunOnce: [wupdateyklfhrtl] c:\yklfhrtl.exe
O4 - HKLM\..\RunOnce: [wupdatebaafertn] c:\baafertn.exe
O4 - HKLM\..\RunOnce: [wupdatesnxmtkpl] c:\snxmtkpl.exe
O4 - HKLM\..\RunOnce: [wupdateuykocqji] c:\uykocqji.exe
O4 - HKLM\..\RunOnce: [wupdatefwacsmqs] c:\fwacsmqs.exe
O4 - HKLM\..\RunOnce: [wupdatembqrrlce] c:\mbqrrlce.exe
O4 - HKLM\..\RunOnce: [wupdatehwkvzxrt] c:\hwkvzxrt.exe
O4 - HKLM\..\RunOnce: [wupdatevvozlgvr] c:\vvozlgvr.exe
O4 - HKLM\..\RunOnce: [wupdatewirumqis] c:\wirumqis.exe
O4 - HKLM\..\RunOnce: [wupdatetkizscff] c:\tkizscff.exe
O4 - HKLM\..\RunOnce: [wupdatecjyzipzr] c:\cjyzipzr.exe
O4 - HKLM\..\RunOnce: [wupdatelvzukajq] c:\lvzukajq.exe
O4 - HKLM\..\RunOnce: [wupdateoknswoek] c:\oknswoek.exe
O4 - HKLM\..\RunOnce: [wupdatesvclmuoi] c:\svclmuoi.exe
O4 - HKLM\..\RunOnce: [wupdateoyuxfcnm] c:\oyuxfcnm.exe
O4 - HKLM\..\RunOnce: [wupdatecuqlazwa] c:\cuqlazwa.exe
O4 - HKLM\..\RunOnce: [wupdateesqsanhz] c:\esqsanhz.exe
O4 - HKLM\..\RunOnce: [wupdatearmeowyw] c:\armeowyw.exe
O4 - HKLM\..\RunOnce: [wupdatelmiwbudr] c:\lmiwbudr.exe
O4 - HKLM\..\RunOnce: [wupdatezbehzjog] c:\zbehzjog.exe
O4 - HKLM\..\RunOnce: [wupdateszdccnsr] c:\szdccnsr.exe
O4 - HKLM\..\RunOnce: [wupdatexvqezzmw] c:\xvqezzmw.exe
O4 - HKLM\..\RunOnce: [wupdateqwapfwlv] c:\qwapfwlv.exe
O4 - HKLM\..\RunOnce: [wupdateamtnftzl] c:\amtnftzl.exe
O4 - HKLM\..\RunOnce: [wupdateluimckfz] c:\luimckfz.exe
O4 - HKLM\..\RunOnce: [wupdatekqflibry] c:\kqflibry.exe
O4 - HKLM\..\RunOnce: [wupdatefcleafyr] c:\fcleafyr.exe
O4 - HKLM\..\RunOnce: [wupdatevkchhwah] c:\vkchhwah.exe
O4 - HKLM\..\RunOnce: [wupdatewxowdskk] c:\wxowdskk.exe
O4 - HKLM\..\RunOnce: [wupdateezotmigl] c:\ezotmigl.exe
O4 - HKLM\..\RunOnce: [wupdateobfbsoxd] c:\obfbsoxd.exe
O4 - HKLM\..\RunOnce: [wupdatequopbwvd] c:\quopbwvd.exe
O4 - HKLM\..\RunOnce: [wupdateqaetesvr] c:\qaetesvr.exe
O4 - HKLM\..\RunOnce: [wupdatesgmvydif] c:\sgmvydif.exe
O4 - HKLM\..\RunOnce: [wupdateduzdmhmf] c:\duzdmhmf.exe
O4 - HKLM\..\RunOnce: [wupdatenzajazza] c:\nzajazza.exe
O4 - HKLM\..\RunOnce: [wupdateqvswensr] c:\qvswensr.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Winsvr] C:\3611010322516384.exe
O4 - HKCU\..\Run: [WinMedia] "C:\zagiropd275243890.exe "
O4 - HKCU\..\Run: [Winstz] C:\3611010322521592359.exe
O4 - HKCU\..\Run: [Winstu] C:\3611010322521592359.exe
O4 - HKCU\..\Run: [googletalk] "C:\Program Files\Google\Google Talk\googletalk.exe" /autostart
O4 - HKCU\..\Run: [Eata] "C:\DOCUME~1\FABRIC~1\APPLIC~1\CURITY~1\logonui.exe" -vt yazr
O4 - HKCU\..\Run: [Ufstea] C:\Program Files\W?nSxS\?xplorer.exe
O4 - HKCU\..\Run: [mufr] C:\PROGRA~1\COMMON~1\mufr\mufrm.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [xp_system] C:\WINDOWS\inet20126\services.exe
O4 - Startup: PowerReg Scheduler V3.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Display All Images with Full Quality - "res://C:\Program Files\NetZero\qsacc\appres.dll/228"
O8 - Extra context menu item: Display Image with Full Quality - "res://C:\Program Files\NetZero\qsacc\appres.dll/227"
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\sniffer.dll
O10 - Unknown file in Winsock LSP: c:\sniffer.dll
O10 - Unknown file in Winsock LSP: c:\sniffer.dll
O10 - Unknown file in Winsock LSP: c:\sniffer.dll
O11 - Options group: [INTERNATIONAL] International*
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {9D190AE6-C81E-4039-8061-978EBAD10073} (F-Secure Online Scanner 3.0) - http://support.f-sec.../ols3/fscax.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - AppInit_DLLs:
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: rpcc - C:\WINDOWS\system32\rpcc.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O21 - SSODL: gimmicks - {40dcff6e-af8d-4183-8ebe-a82270ac449e} - C:\WINDOWS\system32\dcvwaah.dll
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\RmFicmljaW8gQXpldmVkbw\command.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
  • 0

#4
minnie25

minnie25

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts
888Bar
Abacast Client
Acoustica MP3 CD Burner
Adobe Acrobat - Reader 6.0.2 Update
Adobe Acrobat 5.0
Adobe Reader 6.0.1
Apple Software Update
Broadcom Management Programs
Comcast High-Speed Internet Install Wizard
Command
Conexant D850 56K V.9x DFVc Modem
Cowabanga by OIN
Dell Digital Jukebox Driver
Dell Driver Reset Tool
Dell Media Experience
Dell Media Experience Update
Dell Support
DesignPro 5.0 Limited Edition
Digimax i5
Digimax Reader
Digimax Viewer 2.1
Digital Line Detect
Easy Language 61
eMule
EPSON Printer Software
Eyeball Chat 2.2
GameSpy Arcade
Gold Codec 4.0
Google Earth
Google Talk (remove only)
Google Toolbar for Internet Explorer
Hijackthis 1.99.1
HijackThis 1.99.1
Hollywood FX 5.5 Additional Effects
Hotfix for Windows XP (KB915865)
Intel® Extreme Graphics Driver
InterActual Player
Internet Explorer Default Page
Internet Explorer Security Plugin 2006
IpWins
iTunes
Java 2 Runtime Environment, SE v1.4.2_03
LiveUpdate 2.6 (Symantec Corporation)
Lofty Batch Video Converter version 1.02
Logitech Print Service
Logitech QuickCam
MasterCook Deluxe
MediaTickets by OIN
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB886903)
Microsoft Encarta Encyclopedia Standard 2004
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Money 2004
Microsoft Money 2004 System Pack
Microsoft National Language Support Downlevel APIs
Microsoft Picture It! Photo Premium 9
Microsoft Plus! Digital Media Edition Installer
Microsoft Plus! Photo Story 2 LE
Microsoft PowerPoint Viewer 97
Microsoft Streets and Trips 2004
Microsoft Word 2002
Microsoft Works
Microsoft Works 2004 Setup Launcher
Microsoft Works Suite Add-in for Microsoft Word
Modem Helper
Monopoly
MP3 Player Utilities 3.68
MSN Messenger 7.5
Musicmatch for Windows Media Player
Musicmatch® Jukebox
Network Monitor
Norton WMI Update
OIN Search
OpenMG Jukebox
Pierresoft Adesign 1.5
Pinnacle Hollywood FX 5
Pinnacle Hollywood FX for Studio
Pinnacle PCI Performance Enhancer
PowerDVD 5.3
proDAD Heroglyph 1.0
Public Messenger ver 2.03
Qualxserve Service Agreement
Safety Alert 2006
Security Update for Step By Step Interactive Training (KB898458)
Shockwave
SmartSound Quicktracks Plugin
Sonic DLA
Sonic MyDVD
Sonic RecordNow!
Sonic Update Manager
Studio 9
Studio 9 Content CD/DVD
TargetSaver
ToolBar888
Video iCodec 3.15
Viewpoint Media Player
Virtual DJ - Atomix Productions
WebCam for MSN Messenger
Windows Genuine Advantage v1.3.0254.0
Windows Internet Explorer 7
Windows Media Format 11 runtime
Windows Media Format Runtime
Windows Media Player 10
Windows Media Player 11
Yahoo! Toolbar for Internet Explorer
  • 0

#5
Flrman1

Flrman1

    Malware Assassin

  • Retired Staff
  • 6,596 posts
* The first thing that I notice is that your antivirus is not running. I assume that you have Norton installed so you need to make sure that all protection is enabled immediately. Right now you are wide open to all sorts of attacks.

* Edit: Looking through your Uninstall list, all I see of Norton installed is this:

Norton WMI Update

If you do not have an antivirus, you need to get the free version of AVG and install it now. If you want us to help you, you need to do some things to help yourself. The first step in doing that is to get an antivirus. Go here to download and install the free version of AVG. Install it and update the virus definitons. Make sure that all active protection is enabled.


* Now let me point out that this is a badly infected computer. You have multiple infections. It is going to take some time and several tools to clean it all up. Stick with me, be diligent and patient. We'll get there. I'll be here until at least midnight Eastern time tonight so depending on how much time you have and how fast you can get these things done, we should be able to make considerable progress tonight.


* Go to Add/Remove programs and uninstall these:

888Bar
Command
Cowabanga by OIN
IpWins
Java 2 Runtime Environment, SE v1.4.2_03
MediaTickets by OIN
Network Monitor
Norton WMI Update
OIN Search
Safety Alert 2006
ToolBar888
Video iCodec 3.15
Viewpoint Media Player



Note: If you have trouble uninstalling any of these or one of them will not uninstall, skip it and move on with the rest.


* Now go here and install the latest version of Java.


* Go here to download AlcanShorty_en.exe and save it to your desktop.
  • Doubleclick the alcanShorty.exe file and follow prompts.
  • It will make a folder on desktop called Alcan Shorty
  • Open the Alcan Shorty folder & double click the run.bat file to run it.
  • This will download a file called BFU.exe and a BFU script.
  • If your firewall asks for permission to connect to the internet, you must allow it.
  • A message box will pop up saying complete.
  • Be patient and wait for the message box to appear as it may take some time.
  • Press OK then BFU.exe will open.
  • Select the option to "Show log after script ends"
  • Execute the script by clicking the Execute button.
  • Note that you should see a progress bar while the script is being executed.
  • When the script has finished press copy & that will make a copy of the report in your clipboard.
  • Paste the log into notepad and save it to your desktop to post back here later.
Note: If you have any questions about the use of BFU please read here.


* Click here to download SmitfraudFix.zip and save it to your desktop.
  • Unzip (extract) the contents of SmitfraudFix.zip to a new SmitfraudFix folder on your desktop.
  • Don't do anything with it yet. You'll run it later in safe mode.
Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.
http://www.beyondlog...processutil.htm


* Download the trial version of AVG Anti-Spyware 7.5 here.
  • Click on the "Download Now" button and save the setup file to your desktop.
  • Doubleclick on the avgas-setup file to begin the installation.
  • When the installation is complete, open AVG Anti-Spyware and update the definition files.
  • On the main screen click on the "Update now" link and the update should begin immediately.
    • If the update does not begin, select the "Start Update" button, the update will start and a progress bar will show the updates being installed.
  • When the update has completed select the "Scanner" icon at the top of the screen, then select the "Settings" tab.
  • Once in the Settings screen click on "Recommended actions" and then select "Quarantine".
  • Under "Reports"
    • Select "Automatically generate report after every scan"
    • Un-Select "Only if threats were found"
  • If you cannot download the updates, update manuallly according to the directions here.
  • If you do the manual update, look under "Full database" and click the "Download now" button.
  • DO NOT run a scan yet. You will do that later in safe mode.
* Click here for info on how to boot to safe mode if you don't already know how.


* Now copy these instructions to notepad and save them to your desktop. You will need them to refer to in safe mode.


* Restart your computer into safe mode now. Perform the following steps in safe mode:


* Run AVG Anti-Spyware:
  • Launch AVG Anti-Spyware by double-clicking the icon on your desktop.
  • Select the "Scanner" icon at the top and then the "Scan" tab then click on "Complete System Scan".
  • It will then begin the scanning process, be patient it may take a while for the scan to complete.
  • When the scan is complete, you must select an action.
  • Select "Apply all actions"
  • Next select the "Reports" icon at the top.
  • Select the "Save report as" button in the lower left hand of the screen
  • Save the report as a text file and save it to your desktop.
  • Close AVG Anti-Spyware.
* Run the SmitfraudFix:
  • Open the SmitfraudFix folder again and double-click the smitfraudfix.cmd file.
  • Select option #2 - Clean by typing 2 and press "Enter" to delete the infected files.
  • You will receive this prompt:
    • "Registry cleaning - Do you want to clean the registry ?"
  • Answer "Yes" by typing Y and press "Enter" and it will begin cleaning the infection.
  • Next the tool will check to see if wininet.dll is infected.
  • You may be prompted to replace the infected wininet.dll file if it is found.
  • Answer "Yes" by typing Y and press "Enter".
  • The tool may need to restart your computer to finish the cleaning process.
  • If it doesn't restart your computer automatically when it is finished, restart it back to Windows normally yourself.
  • A text file will appear onscreen, with results from the cleaning process.
  • Copy and paste the contents of that report into your next reply to this thread along with a new Hijack This log.
  • If the report doesn't open after you restart back to Windows normally, the report can be found at the root of the system drive, usually C:\rapport.txt.
* Come back here and post a new HijackThis log, The c:\raport.txt file created by the Smitfraudfix, the log from the AVG Anti-Spyware scan and the report from the Alcanshorty fix.

Edited by Flrman1, 28 November 2006 - 07:40 PM.

  • 0

#6
Flrman1

Flrman1

    Malware Assassin

  • Retired Staff
  • 6,596 posts
I had to edit my post. Please check it again before you proceed.
  • 0

#7
minnie25

minnie25

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts
ok. Doing everything now, will post as soon as I get the results. Thank you
  • 0

#8
Flrman1

Flrman1

    Malware Assassin

  • Retired Staff
  • 6,596 posts
:whistling:
  • 0

#9
minnie25

minnie25

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts
hey Flrman1, i did everything you told me to, but in the end of the AVG scan I saved the report but I closed the program without selecting the "apply all actions". Do I have to do a new scan?

Edited by minnie25, 28 November 2006 - 09:22 PM.

  • 0

#10
Flrman1

Flrman1

    Malware Assassin

  • Retired Staff
  • 6,596 posts
Yes. If you didn't have it apply the actions, it didn't clean anything so you do have to do another scan in safe mode.
  • 0

Advertisements


#11
minnie25

minnie25

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts
ok. That's fine, I'll do it again. Thank you for being so attentive with me. Really appreciate it :whistling:
  • 0

#12
Flrman1

Flrman1

    Malware Assassin

  • Retired Staff
  • 6,596 posts
No problem. :whistling:

I'll check back in here one more time before I go to bed to see if you have finished. I'll be back on here again tomorrow around 10 or 11 AM.
  • 0

#13
minnie25

minnie25

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts
hey Flrman1, here are the reports you asked me for:



Logfile of HijackThis v1.99.1
Scan saved at 02:35, on 06-11-29
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\safe-share\SafeShare.exe
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\WINDOWS\inet20126\wpcem.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\LVComS.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Symantec Shared\AdBlocking\NSMdtr.exe
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Yahoo!
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
F3 - REG:win.ini: run=C:\WINDOWS\inet20126\services.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {73364D99-1240-4dff-B12A-67E448373148} - C:\WINDOWS\system32\ipv6mons.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: (no name) - {ae18da4e-be15-4925-81bb-890c04af0200} - C:\Program Files\Gold Codec\isaddon.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Protection Bar - {96ebbe6a-2864-4345-b32b-26ee9be524b5} - C:\Program Files\Gold Codec\iesplugin.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [wupdate] rundll32.exe c:\wupdate.dll,wupdate
O4 - HKLM\..\Run: [Unshare] C:\Program Files\safe-share\SafeShare.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Microsoft WPCEmail] C:\WINDOWS\inet20126\svchost.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\RunOnce: [wupdateiuqatgbj] c:\iuqatgbj.exe
O4 - HKLM\..\RunOnce: [wupdatezdeojcuf] c:\zdeojcuf.exe
O4 - HKCU\..\Run: [Winsvr] C:\3611010322516384.exe
O4 - HKCU\..\Run: [Winstz] C:\3611010322521592359.exe
O4 - HKCU\..\Run: [Winstu] C:\3611010322521592359.exe
O4 - HKCU\..\Run: [googletalk] "C:\Program Files\Google\Google Talk\googletalk.exe" /autostart
O4 - HKCU\..\Run: [mufr] C:\PROGRA~1\COMMON~1\mufr\mufrm.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Startup: PowerReg Scheduler V3.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Display All Images with Full Quality - "res://C:\Program Files\NetZero\qsacc\appres.dll/228"
O8 - Extra context menu item: Display Image with Full Quality - "res://C:\Program Files\NetZero\qsacc\appres.dll/227"
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.5.0) - http://javadl-esd.su...ows-i586-jc.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {9D190AE6-C81E-4039-8061-978EBAD10073} (F-Secure Online Scanner 3.0) - http://support.f-sec.../ols3/fscax.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - AppInit_DLLs:
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: rpcc - C:\WINDOWS\system32\rpcc.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O21 - SSODL: gimmicks - {40dcff6e-af8d-4183-8ebe-a82270ac449e} - (no file)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

-----------------------------------------------------------------------------------------------------------------------------

SmitFraudFix v2.100

Scan done at 2:41:34.48, 06-11-29
Run from C:\Documents and Settings\Fabricio Azevedo\Desktop\SmitfraudFix\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
Fix ran in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Fabricio Azevedo


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Fabricio Azevedo\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Start Menu


»»»»»»»»»»»»»»»»»»»»»»»»


»»»»»»»»»»»»»»»»»»»»»»»» Desktop


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files


»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys


»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components



»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{40dcff6e-af8d-4183-8ebe-a82270ac449e}"="gimmicks"



»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=" "


»»»»»»»»»»»»»»»»»»»»»»»» pe386-msguard-lzx32


»»»»»»»»»»»»»»»»»»»»»»»» Scanning wininet.dll infection


»»»»»»»»»»»»»»»»»»»»»»»» End

-----------------------------------------------------------------------------------------------------------------------------


---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 02:20 06-11-29

+ Scan result:



C:\system.dll -> Adware.BHO : Cleaned with backup (quarantined).
C:\WINDOWS\RmFicmljaW8gQXpldmVkbw\command.exe -> Adware.CommAd : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Internet Security Add-On -> Adware.Generic : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Public Messenger ver 2.03 -> Adware.Generic : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Internet Explorer Security Plugin 2006 -> Adware.IntCodec : Cleaned with backup (quarantined).
HKU\S-1-5-21-844365937-3093516254-1592431860-1006\Software\Internet Security -> Adware.IntCodec : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP10\A0003301.exe -> Adware.Maxifiles : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP10\A0003297.exe -> Adware.MediaTicket : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP2\A0002037.exe -> Adware.MediaTicket : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP10\A0003265.dll -> Adware.PurityScan : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP11\A0003408.dll -> Adware.PurityScan : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP2\A0002029.dll -> Adware.PurityScan : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP9\A0002345.dll -> Adware.PurityScan : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\dhljn.dll -> Adware.PurityScan : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\xars.dll -> Adware.PurityScan : Cleaned with backup (quarantined).
C:\Program Files\Common Files\{34CDB972-0AE7-1033-1202-030512200001}\MyToolBar.dll -> Adware.Softomate : Cleaned with backup (quarantined).
C:\Program Files\Common Files\{34CDB972-0AE7-1033-1202-030512200001}\Uninstall.exe -> Adware.Softomate : Cleaned with backup (quarantined).
C:\Program Files\Common Files\{E4CDB972-0AE7-1033-1202-030512200001}\Update.exe -> Adware.Softomate : Cleaned with backup (quarantined).
C:\Program Files\Common Files\{E4CDB972-0AE7-1033-1202-030512200001}\system.dll -> Adware.Softomate : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP2\A0002043.dll -> Adware.Softomate : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP2\A0002044.dll -> Adware.Softomate : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP2\A0002045.exe -> Adware.Softomate : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP7\A0002204.exe -> Adware.Softomate : Cleaned with backup (quarantined).
C:\Program Files\Common Files\mufr\mufrd\mufrc.dll -> Adware.TargetServer : Cleaned with backup (quarantined).
C:\Program Files\Virus-Bursters -> Adware.VirusBursters : Cleaned with backup (quarantined).
C:\Program Files\Virus-Bursters\virusburster.ini -> Adware.VirusBursters : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{40dcff6e-af8d-4183-8ebe-a82270ac449e} -> Adware.VirusBursters : Cleaned with backup (quarantined).
C:\3611010322516384.0XE -> Downloader.Agent.ayy : Cleaned with backup (quarantined).
C:\Program Files\Analog Devices\Core\SMAX4PNP.0XE -> Downloader.Agent.ayy : Cleaned with backup (quarantined).
C:\Program Files\MSN Messenger\msnmsgr.exe -> Downloader.Agent.ayy : Cleaned with backup (quarantined).
C:\Program Files\iTunes\ITUNESHELPER.0XE -> Downloader.Agent.ayy : Cleaned with backup (quarantined).
C:\Program Files\iTunes\iTunesHelper.exe -> Downloader.Agent.ayy : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\HKCMD.0XE -> Downloader.Agent.ayy : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\IGFXTRAY.0XE -> Downloader.Agent.ayy : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\WZIP32.0XE -> Downloader.Banload.aoo : Cleaned with backup (quarantined).
C:\WINDOWS\inet20126\services.exe -> Downloader.CWS.af : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP10\A0003248.exe -> Downloader.PurityScan.da : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP2\A0002038.exe -> Downloader.PurityScan.da : Cleaned with backup (quarantined).
C:\Documents and Settings\Fabricio Azevedo\EUDNQOTK.0XE -> Downloader.Small.cpg : Cleaned with backup (quarantined).
C:\Documents and Settings\Fabricio Azevedo\GWIICIJT.0XE -> Downloader.Small.cpg : Cleaned with backup (quarantined).
C:\Documents and Settings\Fabricio Azevedo\MBSGDEJR.0XE -> Downloader.Small.cpg : Cleaned with backup (quarantined).
C:\Documents and Settings\Fabricio Azevedo\VHBNPYOE.0XE -> Downloader.Small.cpg : Cleaned with backup (quarantined).
C:\Documents and Settings\Fabricio Azevedo\YFGOHVBT.0XE -> Downloader.Small.cpg : Cleaned with backup (quarantined).
C:\bak\WINSTALL.0XE -> Downloader.Small.cpg : Cleaned with backup (quarantined).
C:\Documents and Settings\Fabricio Azevedo\My Documents\xoeksmfa.dll -> Downloader.Small.dto : Cleaned with backup (quarantined).
C:\Documents and Settings\Fabricio Azevedo\xoeksmfa.dll -> Downloader.Small.dto : Cleaned with backup (quarantined).
C:\Documents and Settings\fdfdgf\xoeksmfa.dll -> Downloader.Small.dto : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP13\A0004297.dll -> Downloader.Small.dzp : Cleaned with backup (quarantined).
C:\361101032253584.0XE -> Downloader.Tiny.cl : Cleaned with backup (quarantined).
C:\Program Files\Common Files\mufr\mufrp.exe -> Downloader.TSUpdate.f : Cleaned with backup (quarantined).
C:\Program Files\Common Files\mufr\mufrd\vocabulary -> Downloader.TSUpdate.j : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP13\A0004295.exe -> Downloader.TSUpdate.l : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP13\A0004294.exe -> Downloader.TSUpdate.n : Cleaned with backup (quarantined).
C:\Program Files\Common Files\mufr\mufrl.exe -> Downloader.TSUpdate.r : Cleaned with backup (quarantined).
C:\Program Files\Gold Codec\isaddon.dll -> Downloader.Zlob.azk : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP10\A0003271.dll -> Downloader.Zlob.azk : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP12\A0004270.dll -> Downloader.Zlob.azk : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP8\A0002312.dll -> Downloader.Zlob.azk : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP9\A0003213.dll -> Downloader.Zlob.azk : Cleaned with backup (quarantined).
C:\Program Files\Gold Codec\isamini.exe -> Downloader.Zlob.azl : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP10\A0003273.exe -> Downloader.Zlob.azl : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP12\A0004271.exe -> Downloader.Zlob.azl : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP8\A0002314.exe -> Downloader.Zlob.azl : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP9\A0003214.exe -> Downloader.Zlob.azl : Cleaned with backup (quarantined).
C:\Program Files\Gold Codec\isamonitor.exe -> Downloader.Zlob.azm : Cleaned with backup (quarantined).
C:\Program Files\Gold Codec\pmmon.exe -> Downloader.Zlob.bai : Cleaned with backup (quarantined).
C:\Program Files\Gold Codec\pmsngr.exe -> Downloader.Zlob.bai : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP10\A0003272.exe -> Downloader.Zlob.bai : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP12\A0004272.exe -> Downloader.Zlob.bai : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP8\A0002313.exe -> Downloader.Zlob.bai : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP9\A0003215.exe -> Downloader.Zlob.bai : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP11\A0003411.exe -> Dropper.Small : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP10\A0003243.dll -> Hijacker.Agent.hz : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP10\A0003252.dll -> Hijacker.Agent.hz : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP10\A0003281.dll -> Hijacker.Agent.hz : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP10\A0003282.dll -> Hijacker.Agent.hz : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP10\A0003283.dll -> Hijacker.Agent.hz : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP10\A0003284.dll -> Hijacker.Agent.hz : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1\A0000012.dll -> Hijacker.Agent.hz : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1\A0000013.dll -> Hijacker.Agent.hz : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1\A0001058.dll -> Hijacker.Agent.hz : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1\A0002014.dll -> Hijacker.Agent.hz : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP2\A0002023.dll -> Hijacker.Agent.hz : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP2\A0002024.dll -> Hijacker.Agent.hz : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP3\A0002050.dll -> Hijacker.Agent.hz : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP3\A0002057.dll -> Hijacker.Agent.hz : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP8\A0002326.dll -> Hijacker.Agent.hz : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP8\A0002327.dll -> Hijacker.Agent.hz : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP8\A0002328.dll -> Hijacker.Agent.hz : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP9\A0002348.dll -> Hijacker.Agent.hz : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP9\A0003225.exe -> Hijacker.Agent.hz : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP9\A0003228.dll -> Hijacker.Agent.hz : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP9\A0003229.dll -> Hijacker.Agent.hz : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP9\A0003230.dll -> Hijacker.Agent.hz : Cleaned with backup (quarantined).
C:\WINDOWS\inet20126\112924922.dll -> Hijacker.Agent.hz : Cleaned with backup (quarantined).
C:\WINDOWS\inet20126\arcac.exe.bak -> Hijacker.Agent.hz : Cleaned with backup (quarantined).
C:\3611010322521592359.0XE -> Hijacker.Small.lt : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP13\A0004296.dll -> Logger.Agent.pa : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\ipv6mons.dll -> Logger.BZub.fh : Cleaned with backup (quarantined).
C:\Documents and Settings\Fabricio Azevedo\ctbjnbqt.exe -> Not-A-Virus.Hoax.Win32.Renos.eo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP13\A0004288.exe -> Not-A-Virus.Monitor.Win32.NetMon.a : Cleaned with backup (quarantined).
C:\Program Files\Safe-Share\giFT\giFT.dll -> Not-A-Virus.PornTool.Win32.Porn2Peer.a : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP10\A0003291.exe -> Proxy.Agent.jw : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1\A0000015.exe -> Proxy.Agent.jw : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1\A0001061.exe -> Proxy.Agent.jw : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1\A0002017.exe -> Proxy.Agent.jw : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP2\A0002032.exe -> Proxy.Agent.jw : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP8\A0002331.exe -> Proxy.Agent.jw : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP9\A0003235.exe -> Proxy.Agent.jw : Cleaned with backup (quarantined).
C:\WINDOWS\inet20126\OEM.exe -> Proxy.Agent.jw : Cleaned with backup (quarantined).
C:\WINDOWS\inet20126\OEM.exe.bak -> Proxy.Agent.jw : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP8\A0002315.exe -> Proxy.Delf.an : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP8\A0002334.exe -> Proxy.Delf.an : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP8\A0002335.exe -> Proxy.Delf.an : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP9\A0002349.exe -> Proxy.Delf.an : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP9\A0002350.exe -> Proxy.Delf.an : Cleaned with backup (quarantined).
C:\WINDOWS\inet20126\mmx110.exe -> Proxy.Delf.an : Cleaned with backup (quarantined).
C:\WINDOWS\inet20126\mmx127.exe -> Proxy.Delf.an : Cleaned with backup (quarantined).
C:\WINDOWS\inet20126\mmx193.exe -> Proxy.Delf.an : Cleaned with backup (quarantined).
C:\WINDOWS\inet20126\mmx234.exe -> Proxy.Delf.an : Cleaned with backup (quarantined).
C:\WINDOWS\inet20126\mmx269.exe -> Proxy.Delf.an : Cleaned with backup (quarantined).
C:\WINDOWS\inet20126\mmx305.exe -> Proxy.Delf.an : Cleaned with backup (quarantined).
C:\WINDOWS\inet20126\mmx306.exe -> Proxy.Delf.an : Cleaned with backup (quarantined).
C:\WINDOWS\inet20126\mmx312.exe -> Proxy.Delf.an : Cleaned with backup (quarantined).
C:\WINDOWS\inet20126\mmx330.exe -> Proxy.Delf.an : Cleaned with backup (quarantined).
C:\WINDOWS\inet20126\mmx335.exe -> Proxy.Delf.an : Cleaned with backup (quarantined).
C:\WINDOWS\inet20126\mmx37.exe -> Proxy.Delf.an : Cleaned with backup (quarantined).
C:\WINDOWS\inet20126\mmx370.exe -> Proxy.Delf.an : Cleaned with backup (quarantined).
C:\WINDOWS\inet20126\mmx372.exe -> Proxy.Delf.an : Cleaned with backup (quarantined).
C:\WINDOWS\inet20126\mmx4.exe -> Proxy.Delf.an : Cleaned with backup (quarantined).
C:\WINDOWS\inet20126\mmx403.exe -> Proxy.Delf.an : Cleaned with backup (quarantined).
C:\WINDOWS\inet20126\mmx404.exe -> Proxy.Delf.an : Cleaned with backup (quarantined).
C:\WINDOWS\inet20126\mmx466.exe -> Proxy.Delf.an : Cleaned with backup (quarantined).
C:\WINDOWS\inet20126\mmx501.exe -> Proxy.Delf.an : Cleaned with backup (quarantined).
C:\WINDOWS\inet20126\mmx503.exe -> Proxy.Delf.an : Cleaned with backup (quarantined).
C:\WINDOWS\inet20126\mmx512.exe -> Proxy.Delf.an : Cleaned with backup (quarantined).
C:\WINDOWS\inet20126\mmx520.exe -> Proxy.Delf.an : Cleaned with backup (quarantined).
C:\WINDOWS\inet20126\mmx527.exe.bak -> Proxy.Delf.an : Cleaned with backup (quarantined).
C:\WINDOWS\inet20126\mmx530.exe -> Proxy.Delf.an : Cleaned with backup (quarantined).
C:\WINDOWS\inet20126\mmx537.exe -> Proxy.Delf.an : Cleaned with backup (quarantined).
C:\WINDOWS\inet20126\mmx541.exe.bak -> Proxy.Delf.an : Cleaned with backup (quarantined).
C:\WINDOWS\inet20126\mmx722.exe -> Proxy.Delf.an : Cleaned with backup (quarantined).
C:\WINDOWS\inet20126\mmx788.exe -> Proxy.Delf.an : Cleaned with backup (quarantined).
C:\WINDOWS\inet20126\mmx865.exe.bak -> Proxy.Delf.an : Cleaned with backup (quarantined).
C:\WINDOWS\inet20126\mmx87.exe -> Proxy.Delf.an : Cleaned with backup (quarantined).
C:\WINDOWS\inet20126\mmx898.exe.bak -> Proxy.Delf.an : Cleaned with backup (quarantined).
C:\WINDOWS\inet20126\mmx917.exe -> Proxy.Delf.an : Cleaned with backup (quarantined).
C:\WINDOWS\inet20126\mmx927.exe -> Proxy.Delf.an : Cleaned with backup (quarantined).
C:\WINDOWS\inet20126\mmx986.exe -> Proxy.Delf.an : Cleaned with backup (quarantined).
C:\Documents and Settings\Fabricio Azevedo\Cookies\fabricio_azevedo@247realmedia[1].txt -> TrackingCookie.247realmedia : Cleaned.
C:\Documents and Settings\Fabricio Azevedo\Cookies\fabricio_azevedo@2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Fabricio Azevedo\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Fabricio Azevedo\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Fabricio Azevedo\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Fabricio Azevedo\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Fabricio Azevedo\Cookies\fabricio_azevedo@adbrite[2].txt -> TrackingCookie.Adbrite : Cleaned.
C:\Documents and Settings\Fabricio Azevedo\Cookies\fabricio_azevedo@adrevolver[2].txt -> TrackingCookie.Adrevolver : Cleaned.
C:\Documents and Settings\Fabricio Azevedo\Cookies\[email protected][1].txt -> TrackingCookie.Adserver : Cleaned.
C:\Documents and Settings\Fabricio Azevedo\Cookies\fabricio_azevedo@advertising[2].txt -> TrackingCookie.Advertising : Cleaned.
C:\Documents and Settings\Fabricio Azevedo\Cookies\fabricio_azevedo@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned.
C:\Documents and Settings\Fabricio Azevedo\Cookies\fabricio_azevedo@bluestreak[2].txt -> TrackingCookie.Bluestreak : Cleaned.
C:\Documents and Settings\Fabricio Azevedo\Cookies\[email protected][1].txt -> TrackingCookie.Burstbeacon : Cleaned.
C:\Documents and Settings\Fabricio Azevedo\Cookies\fabricio_azevedo@casalemedia[1].txt -> TrackingCookie.Casalemedia : Cleaned.
C:\Documents and Settings\Fabricio Azevedo\Cookies\fabricio_azevedo@cpvfeed[2].txt -> TrackingCookie.Cpvfeed : Cleaned.
C:\Documents and Settings\Fabricio Azevedo\Cookies\fabricio_azevedo@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned.
C:\Documents and Settings\Fabricio Azevedo\Cookies\fabricio_azevedo@enhance[1].txt -> TrackingCookie.Enhance : Cleaned.
C:\Documents and Settings\LocalService\Cookies\system@enhance[1].txt -> TrackingCookie.Enhance : Cleaned.
C:\Documents and Settings\Fabricio Azevedo\Cookies\[email protected][2].txt -> TrackingCookie.Euroclick : Cleaned.
C:\Documents and Settings\Fabricio Azevedo\Cookies\[email protected][2].txt -> TrackingCookie.Falkag : Cleaned.
C:\Documents and Settings\Fabricio Azevedo\Cookies\fabricio_azevedo@fastclick[2].txt -> TrackingCookie.Fastclick : Cleaned.
C:\Documents and Settings\LocalService\Cookies\system@fastclick[2].txt -> TrackingCookie.Fastclick : Cleaned.
C:\Documents and Settings\Fabricio Azevedo\Cookies\fabricio_azevedo@findwhat[1].txt -> TrackingCookie.Findwhat : Cleaned.
C:\Documents and Settings\LocalService\Cookies\system@findwhat[1].txt -> TrackingCookie.Findwhat : Cleaned.
C:\Documents and Settings\Fabricio Azevedo\Cookies\fabricio_azevedo@goclick[1].txt -> TrackingCookie.Goclick : Cleaned.
C:\Documents and Settings\LocalService\Cookies\system@goclick[2].txt -> TrackingCookie.Goclick : Cleaned.
C:\Documents and Settings\Fabricio Azevedo\Cookies\[email protected][1].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\Fabricio Azevedo\Cookies\[email protected][2].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\Fabricio Azevedo\Cookies\fabricio_azevedo@hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\LocalService\Cookies\[email protected][1].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\LocalService\Cookies\system@hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\Fabricio Azevedo\Cookies\[email protected][1].txt -> TrackingCookie.Liveperson : Cleaned.
C:\Documents and Settings\Fabricio Azevedo\Cookies\fabricio_azevedo@mediaplex[1].txt -> TrackingCookie.Mediaplex : Cleaned.
C:\Documents and Settings\Fabricio Azevedo\Cookies\[email protected][1].txt -> TrackingCookie.Overture : Cleaned.
C:\Documents and Settings\Fabricio Azevedo\Cookies\[email protected][1].txt -> TrackingCookie.Overture : Cleaned.
C:\Documents and Settings\Fabricio Azevedo\Cookies\[email protected][1].txt -> TrackingCookie.Pointroll : Cleaned.
C:\Documents and Settings\Fabricio Azevedo\Cookies\fabricio_azevedo@questionmarket[2].txt -> TrackingCookie.Questionmarket : Cleaned.
C:\Documents and Settings\Fabricio Azevedo\Cookies\[email protected][2].txt -> TrackingCookie.Reliablestats : Cleaned.
C:\Documents and Settings\Fabricio Azevedo\Cookies\[email protected][1].txt -> TrackingCookie.Ru4 : Cleaned.
C:\Documents and Settings\Fabricio Azevedo\Cookies\[email protected][1].txt -> TrackingCookie.Sextracker : Cleaned.
C:\Documents and Settings\Fabricio Azevedo\Cookies\fabricio_azevedo@sextracker[1].txt -> TrackingCookie.Sextracker : Cleaned.
C:\Documents and Settings\LocalService\Cookies\system@statcounter[2].txt -> TrackingCookie.Statcounter : Cleaned.
C:\Documents and Settings\Fabricio Azevedo\Cookies\[email protected][2].txt -> TrackingCookie.Tacoda : Cleaned.
C:\Documents and Settings\Fabricio Azevedo\Cookies\[email protected][2].txt -> TrackingCookie.Tacoda : Cleaned.
C:\Documents and Settings\Fabricio Azevedo\Cookies\fabricio_azevedo@tacoda[1].txt -> TrackingCookie.Tacoda : Cleaned.
C:\Documents and Settings\Fabricio Azevedo\Cookies\[email protected][1].txt -> TrackingCookie.Tracking101 : Cleaned.
C:\Documents and Settings\Fabricio Azevedo\Cookies\fabricio_azevedo@tradedoubler[1].txt -> TrackingCookie.Tradedoubler : Cleaned.
C:\Documents and Settings\Fabricio Azevedo\Cookies\fabricio_azevedo@trafficmp[1].txt -> TrackingCookie.Trafficmp : Cleaned.
C:\Documents and Settings\Fabricio Azevedo\Cookies\fabricio_azevedo@tribalfusion[1].txt -> TrackingCookie.Tribalfusion : Cleaned.
C:\Documents and Settings\LocalService\Cookies\system@web-stat[2].txt -> TrackingCookie.Web-stat : Cleaned.
C:\Documents and Settings\Fabricio Azevedo\Cookies\[email protected][1].txt -> TrackingCookie.Yieldmanager : Cleaned.
C:\Documents and Settings\Fabricio Azevedo\Cookies\fabricio_azevedo@zedo[1].txt -> TrackingCookie.Zedo : Cleaned.
C:\WINDOWS\SYSTEM32\winclean.exe -> Trojan.Agent.aaw : Cleaned with backup (quarantined).
C:\bak\3611010322516384.0XE -> Trojan.Agent.tv : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP10\A0003242.exe -> Trojan.Agent.ws : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP10\A0003279.exe -> Trojan.Agent.ws : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1\A0000011.exe -> Trojan.Agent.ws : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1\A0002013.exe -> Trojan.Agent.ws : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP2\A0002022.exe -> Trojan.Agent.ws : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP3\A0002049.exe -> Trojan.Agent.ws : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP8\A0002325.exe -> Trojan.Agent.ws : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP9\A0002340.exe -> Trojan.Agent.ws : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP9\A0003227.exe -> Trojan.Agent.ws : Cleaned with backup (quarantined).
C:\WINDOWS\inet20126\Icq.exe -> Trojan.Agent.ws : Cleaned with backup (quarantined).
C:\WINDOWS\inet20126\Icq.exe.bak -> Trojan.Agent.ws : Cleaned with backup (quarantined).
C:\WINDOWS\inet20126\free.exe -> Trojan.Agent.ws : Cleaned with backup (quarantined).
C:\WINDOWS\inet20126\free.exe.bak -> Trojan.Agent.ws : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP10\A0003251.exe -> Trojan.Conycspa.i : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP3\A0002055.exe -> Trojan.Conycspa.i : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP8\A0002336.exe -> Trojan.Conycspa.i : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP9\A0003236.exe -> Trojan.Conycspa.i : Cleaned with backup (quarantined).
C:\WINDOWS\inet20126\mmx107.exe -> Trojan.Conycspa.i : Cleaned with backup (quarantined).
C:\WINDOWS\inet20126\mmx108.exe -> Trojan.Conycspa.i : Cleaned with backup (quarantined).
C:\WINDOWS\inet20126\mmx113.exe -> Trojan.Conycspa.i : Cleaned with backup (quarantined).
C:\WINDOWS\inet20126\mmx116.exe -> Trojan.Conycspa.i : Cleaned with backup (quarantined).
C:\WINDOWS\inet20126\mmx122.exe -> Trojan.Conycspa.i : Cleaned with backup (quarantined).
C:\WINDOWS\inet20126\mmx136.exe -> Trojan.Conycspa.i : Cleaned with backup (quarantined).
C:\WINDOWS\inet20126\mmx149.exe -> Trojan.Conycspa.i : Cleaned with backup (quarantined).
C:\WINDOWS\inet20126\mmx15.exe -> Trojan.Conycspa.i : Cleaned with backup (quarantined).
C:\WINDOWS\inet20126\mmx162.exe -> Trojan.Conycspa.i : Cleaned with backup (quarantined).
C:\WINDOWS\inet20126\mmx168.exe -> Trojan.Conycspa.i : Cleaned with backup (quarantined).
C:\WINDOWS\inet20126\mmx17.exe -> Trojan.Conycspa.i : Cleaned with backup (quarantined).
C:\WINDOWS\inet20126\mmx174.exe -> Trojan.Conycspa.i : Cleaned with backup (quarantined).
C:\WINDOWS\inet20126\mmx180.exe -> Trojan.Conycspa.i : Cleaned with backup (quarantined).
C:\WINDOWS\inet20126\mmx243.exe -> Trojan.Conycspa.i : Cleaned with backup (quarantined).
C:\WINDOWS\inet20126\mmx243.exe.bak -> Trojan.Conycspa.i : Cleaned with backup (quarantined).
C:\WINDOWS\inet20126\mmx254.exe -> Trojan.Conycspa.i : Cleaned with backup (quarantined).
C:\WINDOWS\inet20126\mmx264.exe -> Trojan.Conycspa.i : Cleaned with backup (quarantined).
C:\WINDOWS\inet20126\mmx287.exe -> Trojan.Conycspa.i : Cleaned with backup (quarantined).
C:\WINDOWS\inet20126\mmx288.exe -> Trojan.Conycspa.i : Cleaned with backup (quarantined).
C:\WINDOWS\inet20126\mmx292.exe -> Trojan.Conycspa.i : Cleaned with backup (quarantined).
C:\WINDOWS\inet20126\mmx294.exe -> Trojan.Conycspa.i : Cleaned with backup (quarantined).
C:\WINDOWS\inet20126\mmx294.exe.bak -> Trojan.Conycspa.i : Cleaned with backup (quarantined).
C:\WINDOWS\inet20126\mmx304.exe -> Trojan.Conycspa.i : Cleaned with backup (quarantined).
C:\WINDOWS\inet20126\mmx323.exe -> Trojan.Conycspa.i : Cleaned with backup (quarantined).
C:\WINDOWS\inet20126\mmx348.exe -> Trojan.Conycspa.i : Cleaned with backup (quarantined).
C:\WINDOWS\inet20126\mmx377.exe -> Trojan.Conycspa.i : Cleaned with backup (quarantined).
C:\WINDOWS\inet20126\mmx38.exe -> Trojan.Conycspa.i : Cleaned with backup (quarantined).
C:\WINDOWS\inet20126\mmx395.exe -> Trojan.Conycspa.i : Cleaned with backup (quarantined).
C:\WINDOWS\inet20126\mmx402.exe -> Trojan.Conycspa.i : Cleaned with backup (quarantined).
C:\WINDOWS\inet20126\mmx408.exe -> Trojan.Conycspa.i : Cleaned with backup (quarantined).
C:\WINDOWS\inet20126\mmx419.exe -> Trojan.Conycspa.i : Cleaned with backup (quarantined).
C:\WINDOWS\inet20126\mmx420.exe -> Trojan.Conycspa.i : Cleaned with backup (quarantined).
C:\WINDOWS\inet20126\mmx424.exe -> Trojan.Conycspa.i : Cleaned with backup (quarantined).
C:\WINDOWS\inet20126\mmx425.exe -> Trojan.Conycspa.i : Cleaned with backup (quarantined).
C:\WINDOWS\inet20126\mmx43.exe -> Trojan.Conycspa.i : Cleaned with backup (quarantined).
C:\WINDOWS\inet20126\mmx445.exe -> Trojan.Conycspa.i : Cleaned with backup (quarantined).
C:\WINDOWS\inet20126\mmx451.exe -> Trojan.Conycspa.i : Cleaned with backup (quarantined).
C:\WINDOWS\inet20126\mmx456.exe -> Trojan.Conycspa.i : Cleaned with backup (quarantined).
C:\WINDOWS\inet20126\mmx461.exe -> Trojan.Conycspa.i : Cleaned with backup (quarantined).
C:\WINDOWS\inet20126\mmx489.exe -> Trojan.Conycspa.i : Cleaned with backup (quarantined).
C:\WINDOWS\inet20126\mmx51.exe -> Trojan.Conycspa.i : Cleaned with backup (quarantined).
C:\WINDOWS\inet20126\mmx518.exe -> Trojan.Conycspa.i : Cleaned with backup (quarantined).
C:\WINDOWS\inet20126\mmx525.exe -> Trojan.Conycspa.i : Cleaned with backup (quarantined).
C:\WINDOWS\inet20126\mmx527.exe -> Trojan.Conycspa.i : Cleaned with backup (quarantined).
C:\WINDOWS\inet20126\mmx532.exe -> Trojan.Conycspa.i : Cleaned with backup (quarantined).
C:\WINDOWS\inet20126\mmx535.exe -> Trojan.Conycspa.i : Cleaned with backup (quarantined).
C:\WINDOWS\inet20126\mmx540.exe -> Trojan.Conycspa.i : Cleaned with backup (quarantined).
C:\WINDOWS\inet20126\mmx541.exe -> Trojan.Conycspa.i : Cleaned with backup (quarantined).
C:\WINDOWS\inet20126\mmx545.exe -> Trojan.Conycspa.i : Cleaned with backup (quarantined).
C:\WINDOWS\inet20126\mmx548.exe -> Trojan.Conycspa.i : Cleaned with backup (quarantined).
C:\WINDOWS\inet20126\mmx558.exe -> Trojan.Conycspa.i : Cleaned with backup (quarantined).
C:\WINDOWS\inet20126\mmx569.exe -> Trojan.Conycspa.i : Cleaned with backup (quarantined).
C:\WINDOWS\inet20126\mmx57.exe -> Trojan.Conycspa.i : Cleaned with backup (quarantined).
C:\WINDOWS\inet20126\mmx576.exe -> Trojan.Conycspa.i : Cleaned with backup (quarantined).
C:\WINDOWS\inet20126\mmx579.exe -> Trojan.Conycspa.i : Cleaned with backup (quarantined).
C:\WINDOWS\inet20126\mmx580.exe -> Trojan.Conycspa.i : Cleaned with backup (quarantined).
C:\WINDOWS\inet20126\mmx598.exe -> Trojan.Conycspa.i : Cleaned with backup (quarantined).
C:\WINDOWS\inet20126\mmx599.exe -> Trojan.Conycspa.i : Cleaned with backup (quarantined).
C:\WINDOWS\inet20126\mmx6.exe -> Trojan.Conycspa.i : Cleaned with backup (quarantined).
C:\WINDOWS\inet20126\mmx612.exe -> Trojan.Conycspa.i : Cleaned with backup (quarantined).
C:\WINDOWS\inet20126\mmx615.exe -> Trojan.Conycspa.i : Cleaned with backup (quarantined).
C:\WINDOWS\inet20126\mmx631.exe -> Trojan.Conycspa.i : Cleaned with backup (quarantined).
C:\WINDOWS\inet20126\mmx633.exe -> Trojan.Conycspa.i : Cleaned with backup (quarantined).
C:\WINDOWS\inet20126\mmx649.exe -> Trojan.Conycspa.i : Cleaned with backup (quarantined).
C:\WINDOWS\inet20126\mmx650.exe -> Trojan.Conycspa.i : Cleaned with backup (quarantined).
C:\WINDOWS\inet20126\mmx672.exe -> Trojan.Conycspa.i : Cleaned with backup (quarantined).
C:\WINDOWS\inet20126\mmx683.exe -> Trojan.Conycspa.i : Cleaned with backup (quarantined).
C:\WINDOWS\inet20126\mmx686.exe -> Trojan.Conycspa.i : Cleaned with backup (quarantined).
C:\WINDOWS\inet20126\mmx688.exe -> Trojan.Conycspa.i : Cleaned with backup (quarantined).
C:\WINDOWS\inet20126\mmx697.exe -> Trojan.Conycspa.i : Cleaned with backup (quarantined).
C:\WINDOWS\inet20126\mmx700.exe -> Trojan.Conycspa.i : Cleaned with backup (quarantined).
C:\WINDOWS\inet20126\mmx713.exe -> Trojan.Conycspa.i : Cleaned with backup (quarantined).
C:\WINDOWS\inet20126\mmx718.exe -> Trojan.Conycspa.i : Cleaned with backup (quarantined).
C:\WINDOWS\inet20126\mmx72.exe -> Trojan.Conycspa.i : Cleaned with backup (quarantined).
C:\WINDOWS\inet20126\mmx723.exe -> Trojan.Conycspa.i : Cleaned with backup (quarantined).
C:\WINDOWS\inet20126\mmx728.exe -> Trojan.Conycspa.i : Cleaned with backup (quarantined).
C:\WINDOWS\inet20126\mmx73.exe -> Trojan.Conycspa.i : Cleaned with backup (quarantined).
C:\WINDOWS\inet20126\mmx733.exe -> Trojan.Conycspa.i : Cleaned with backup (quarantined).
C:\WINDOWS\inet20126\mmx75.exe -> Trojan.Conycspa.i : Cleaned with backup (quarantined).
C:\WINDOWS\inet20126\mmx754.exe -> Trojan.Conycspa.i : Cleaned with backup (quarantined).
C:\WINDOWS\inet20126\mmx756.exe -> Trojan.Conycspa.i : Cleaned with backup (quarantined).
C:\WINDOWS\inet20126\mmx756.exe.bak -> Trojan.Conycspa.i : Cleaned with backup (quarantined).
C:\WINDOWS\inet20126\mmx766.exe -> Trojan.Conycspa.i : Cleaned with backup (quarantined).
C:\WINDOWS\inet20126\mmx766.exe.bak -> Trojan.Conycspa.i : Cleaned with backup (quarantined).
C:\WINDOWS\inet20126\mmx768.exe -> Trojan.Conycspa.i : Cleaned with backup (quarantined).
C:\WINDOWS\inet20126\mmx769.exe -> Trojan.Conycspa.i : Cleaned with backup (quarantined).
C:\WINDOWS\inet20126\mmx789.exe -> Trojan.Conycspa.i : Cleaned with backup (quarantined).
C:\WINDOWS\inet20126\mmx789.exe.bak -> Trojan.Conycspa.i : Cleaned with backup (quarantined).
C:\WINDOWS\inet20126\mmx79.exe -> Trojan.Conycspa.i : Cleaned with backup (quarantined).
C:\WINDOWS\inet20126\mmx807.exe -> Trojan.Conycspa.i : Cleaned with backup (quarantined).
C:\WINDOWS\inet20126\mmx81.exe -> Trojan.Conycspa.i : Cleaned with backup (quarantined).
C:\WINDOWS\inet20126\mmx814.exe -> Trojan.Conycspa.i : Cleaned with backup (quarantined).
C:\WINDOWS\inet20126\mmx833.exe -> Trojan.Conycspa.i : Cleaned with backup (quarantined).
C:\WINDOWS\inet20126\mmx838.exe -> Trojan.Conycspa.i : Cleaned with backup (quarantined).
C:\WINDOWS\inet20126\mmx84.exe -> Trojan.Conycspa.i : Cleaned with backup (quarantined).
C:\WINDOWS\inet20126\mmx846.exe -> Trojan.Conycspa.i : Cleaned with backup (quarantined).
C:\WINDOWS\inet20126\mmx847.exe -> Trojan.Conycspa.i : Cleaned with backup (quarantined).
C:\WINDOWS\inet20126\mmx865.exe -> Trojan.Conycspa.i : Cleaned with backup (quarantined).
C:\WINDOWS\inet20126\mmx874.exe -> Trojan.Conycspa.i : Cleaned with backup (quarantined).
C:\WINDOWS\inet20126\mmx898.exe -> Trojan.Conycspa.i : Cleaned with backup (quarantined).
C:\WINDOWS\inet20126\mmx926.exe -> Trojan.Conycspa.i : Cleaned with backup (quarantined).
C:\WINDOWS\inet20126\mmx930.exe -> Trojan.Conycspa.i : Cleaned with backup (quarantined).
C:\WINDOWS\inet20126\mmx946.exe -> Trojan.Conycspa.i : Cleaned with backup (quarantined).
C:\WINDOWS\inet20126\mmx953.exe -> Trojan.Conycspa.i : Cleaned with backup (quarantined).
C:\WINDOWS\inet20126\mmx961.exe -> Trojan.Conycspa.i : Cleaned with backup (quarantined).
C:\WINDOWS\inet20126\mmx973.exe -> Trojan.Conycspa.i : Cleaned with backup (quarantined).
C:\WINDOWS\inet20126\mmx977.exe -> Trojan.Conycspa.i : Cleaned with backup (quarantined).
C:\EJ.0XE -> Trojan.LowZones.dt : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP13\A0004287.vbs -> Trojan.Small : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP2\A0002046.exe -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\RmFicmljaW8gQXpldmVkbw\lAI2wA53uqf0krD5xAp4vT.vbs -> Trojan.Small : Cleaned with backup (quarantined).


::Report end

-----------------------------------------------------------------------------------------------------------------------------


BFU v1.00.9
Windows XP SP2 (WinNT 5.01.2600 SP2)
Script started at 21:16:52, on 06-11-28

Option Unload Explorer: Yes
Failed: DllUnregister C:\WINDOWS\DH.dll|1 (file not found)
Failed: DllUnregister C:\Program Files\Deskbar\deskbar.dll|1 (file not found)
Failed: DllUnregister \asappsrv.dll|1 (file not found)
Failed: DllUnregister \MyToolBar.dll|1 (file not found)
Failed: DllUnregister \888Bar.dll|1 (file not found)
Failed: ServiceStop Network Monitor (service not found)
Failed: ServiceStop cmdService (operation failed)
Failed: ServiceDisable Network Monitor (service not found)
Failed: ServiceDisable cmdService (operation failed)
Failed: ServiceDelete Network Monitor (service not found)
Failed: ServiceDelete cmdService (operation failed)
Failed: RegDelValue HKCU\System\CurrentControlSet\Control\Lsa|p2pnetwork (key not found)
Failed: RegDelValue HKCU\Microsoft\Windows\CurrentVersion\policies\Explorer\Run|WinUpdate.exe (key not found)
Option pause between commands: 300 ms
Option pause between commands: 50 ms
Failed: FolderDelete C:\Program Files\MsConfigs (folder not found)
Failed: FolderDelete C:\Program Files\winupdates (folder not found)
Failed: FolderDelete C:\Program Files\winupdate (folder not found)
Failed: FolderDelete C:\Program Files\winsupdater (folder not found)
Failed: FolderDelete C:\Program Files\MsUpdate (folder not found)
Failed: FolderDelete C:\Program Files\MsMovies (folder not found)
Failed: FolderDelete C:\Program Files\wmplayer (folder not found)
Failed: FolderDelete C:\Program Files\outlook (folder not found)
Failed: FileDelete C:\Program Files\Common Files\Windows\mc-*-*.exe (operation failed)
Failed: FileDelete C:\Program Files\Common Files\Download\mc-*-*.exe (operation failed)
Failed: FileDelete C:\Program Files\common files\{*-*-1033-*-*}\update.exe (operation failed)
Failed: FileDelete C:\Program Files\common files\{*-*-1033-*-*}\services.dll (operation failed)
Failed: FileDelete C:\Program Files\common files\{*-*-1033-*-*}\activate.exe (operation failed)
Failed: FileDelete C:\Program Files\common files\{*-*-1033-*-*}\MyToolBar.dll (operation failed)
Failed: FileDelete C:\Program Files\common files\{*-*-2057-*-*}\update.exe (operation failed)
Failed: FileDelete C:\Program Files\common files\{*-*-2057-*-*}\services.dll (operation failed)
Failed: FileDelete C:\Program Files\common files\{*-*-2057-*-*}\activate.exe (operation failed)
Failed: FileDelete C:\Program Files\common files\{*-*-2057-*-*}\MyToolBar.dll (operation failed)
Failed: FolderDelete C:\Program Files\toolbar888 (folder not found)
Failed: FolderDelete C:\Program Files\e-mailpaysu toolbar (folder not found)
Failed: FolderDelete C:\Program Files\EMUSIC TOOLBAR (folder not found)
Failed: FolderDelete C:\Program Files\find dvd toolbar (folder not found)
Failed: FolderDelete C:\Program Files\GULESIDER VERKTøYLINJE (folder not found)
Failed: FolderDelete C:\Program Files\sesam-p4 toolbar (folder not found)
Failed: FolderDelete C:\Program Files\slownik ling (folder not found)
Failed: FolderDelete C:\Program Files\MediaPipe (folder not found)
Failed: FolderDelete C:\Program Files\p2pnetworks (folder not found)
Failed: FileDelete C:\DOCUME~1\FABRIC~1\LOCALS~1\Temp\Perflib_Perfdata_6a0.dat (operation failed)
Failed: FolderDelete C:\DOCUME~1\FABRIC~1\LOCALS~1\Temp\WPDNSE (operation failed)
Failed: FileDelete C:\DOCUME~1\FABRIC~1\LOCALS~1\Temp\~DFC2FD.tmp (operation failed)
Failed: FileDelete C:\DOCUME~1\FABRIC~1\LOCALS~1\Temp\~DFC30A.tmp
  • 0

#14
Flrman1

Flrman1

    Malware Assassin

  • Retired Staff
  • 6,596 posts
* Click here to download ATF Cleaner by Atribune and save it to your desktop.


* Click Here and download Killbox and save it to your desktop.


* Click here for info on how to boot to safe mode if you don't already know how.


* Now copy these instructions to notepad and save them to your desktop. You will need them to refer to.


* Run Hijack This again and put a check by these. Close ALL windows except HijackThis and click "Fix checked"

F3 - REG:win.ini: run=C:\WINDOWS\inet20126\services.exe

O2 - BHO: (no name) - {73364D99-1240-4dff-B12A-67E448373148} - C:\WINDOWS\system32\ipv6mons.dll (file missing)

O2 - BHO: (no name) - {ae18da4e-be15-4925-81bb-890c04af0200} - C:\Program Files\Gold Codec\isaddon.dll (file missing)

O3 - Toolbar: Protection Bar - {96ebbe6a-2864-4345-b32b-26ee9be524b5} - C:\Program Files\Gold Codec\iesplugin.dll

O4 - HKLM\..\Run: [wupdate] rundll32.exe c:\wupdate.dll,wupdate

O4 - HKLM\..\Run: [Microsoft WPCEmail] C:\WINDOWS\inet20126\svchost.exe

O4 - HKLM\..\RunOnce: [wupdateiuqatgbj] c:\iuqatgbj.exe

O4 - HKLM\..\RunOnce: [wupdatezdeojcuf] c:\zdeojcuf.exe

O4 - HKCU\..\Run: [Winsvr] C:\3611010322516384.exe

O4 - HKCU\..\Run: [Winstz] C:\3611010322521592359.exe

O4 - HKCU\..\Run: [Winstu] C:\3611010322521592359.exe

O4 - HKCU\..\Run: [mufr] C:\PROGRA~1\COMMON~1\mufr\mufrm.exe

O4 - Startup: PowerReg Scheduler V3.exe

O20 - AppInit_DLLs:

O20 - Winlogon Notify: rpcc - C:\WINDOWS\system32\rpcc.dll

O21 - SSODL: gimmicks - {40dcff6e-af8d-4183-8ebe-a82270ac449e} - (no file)




* Restart your computer into safe mode now. Perform the following steps in safe mode:


* Double-click on Killbox.exe to run it.
  • Put a tick by Standard File Kill.
  • In the "Full Path of File to Delete" box, copy and paste each of the following lines one at a time:

    C:\Program Files\Gold Codec

    c:\wupdate.dll

    C:\WINDOWS\inet20126

    c:\iuqatgbj.exe

    c:\zdeojcuf.exe

    C:\3611010322516384.exe

    C:\3611010322521592359.exe

    C:\3611010322521592359.exe

    C:\Program Files\Common Files\mufr

    C:\WINDOWS\system32\rpcc.dll


  • Click on the button that has the red circle with the X in the middle after you enter each file.
  • It will ask for confimation to delete the file.
  • Click Yes.
  • Continue with that procedure until you have pasted all of these in the "Paste Full Path of File to Delete" box.
  • Killbox may tell you that one or more files do not exist.
  • If that happens, just continue on with all the files. Be sure you don't miss any.
  • Exit the Killbox.
* Run ATF Cleaner:
  • Double-click ATF-Cleaner.exe to run the program.
  • Under Main choose: Select All
  • Click the Empty Selected button.
  • If you use Firefox:
  • Click Firefox at the top and choose: Select All
  • Click the Empty Selected button.
  • NOTE: If you would like to keep your saved passwords, please click No at the prompt.
  • If you use Opera:
  • Click Opera at the top and choose: Select All
  • Click the Empty Selected button.
  • NOTE: If you would like to keep your saved passwords, please click No at the prompt.
[*]Click Exit on the Main menu to close the program.
[/list]
* Restart back into Windows normally now.


* Go here and do the BitDefender online virus scan.
  • Click "I Agree" to agree to the EULA.
  • Allow the ActiveX control to install when prompted.
  • Click "Click here to scan" to begin the scan.
  • Please refrain from using the computer until the scan is finished.
  • When the scan is finished, click on "Click here to export the scan results"
  • Save the report to your desktop then come back here and attach it to your next reply along with a new Hijack This log..

  • 0

#15
Flrman1

Flrman1

    Malware Assassin

  • Retired Staff
  • 6,596 posts
You have a downloader trojan called Downloader.Agent.awf or Downloader.Agent.ayy. This trojan replaces legitimate files that are common on almost every computer in existance with a copy of itself and moves the legitimate file to a bak folder. Please follow the directions below to run FindAWF so we can identify the files that have been infected and the backups.

* Click here to download FindAWF.exe and save it to your desktop.
  • Double-click on the FindAWF.exe file to run it.
  • It will open a command prompt and ask you to "Press any key to continue".
  • Press any key and the FindAWF tool will begin scanning your computer for the infected AWF files and the backups the trojan created.
  • It may take a few minutes to complete so be patient.
  • When it is complete, it will open a text file in notepad called AWF.txt which will automatically be saved to your desktop or whatever location you ran the file from.
  • Come back here to this thread and copy and paste the contents of the AWF.txt file in your next reply.

Edited by Flrman1, 29 November 2006 - 11:26 AM.

  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP