Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Possible Outerinfo Infection


  • Please log in to reply

#1
Ringlord

Ringlord

    New Member

  • Member
  • Pip
  • 9 posts
Hello, everyone. Just another newcomer to the forums here. :blink:

Alright, a couple weeks back, it seems a "rogue" popup has succeeded in installed the much-maligned "Outerinfo" spyware, laced with trojans that keep coming out of nowhere every odd day. A couple days back, I found some free time to assess the situation, through which I pumped Spybot, AVG, and Ad-Aware through my computer in an effort to remove many of the files, which it seemingly did. However, due to the infamous popups Outerinfo is known to put out, I was able to determine that the root of the problem was not entirely solved. Looking at my HijackThis log, nothing really struck me as odd, except the files under the "WinLogon" category.

Anyway, here's my HijackThis log, hopefully you guys might be able to find something I missed. Thanks a lot. :whistling:

Logfile of HijackThis v1.99.1
Scan saved at 7:12:59 PM, on 5/13/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe
C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WMP54Gv4.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopDisplay.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\Program Files\Java\jre1.5.0_10\bin\jucheck.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\notepad.exe
C:\Documents and Settings\user\Desktop\HijackThis\aaa.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {3F9D0C61-737D-44D1-BD80-91AF857061CC} - C:\WINDOWS\system32\nnnnllj.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {93B91AB5-2066-4DA5-BE8D-39D37D154461} - C:\WINDOWS\system32\mljjh.dll
O2 - BHO: (no name) - {A5422C57-4F49-452A-A68F-D882BAAC47EC} - C:\WINDOWS\system32\gebca.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: (no name) - {D127618E-C057-430F-89E2-1D83821A9868} - C:\WINDOWS\system32\hncrsywd.dll (file missing)
O2 - BHO: (no name) - {E2EE5C44-C66D-499d-BEAE-A2A79189A63A} - C:\WINDOWS\system32\rrjvtduc.dll
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe"
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [WindowsUpdate] rundll32.exe "C:\WINDOWS\system32\lnojybhv.dll",realset
O4 - HKLM\..\Run: [RecordPadRun] "C:\Program Files\NCH Swift Sound\RecordPad\recordpad.exe" -logon
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.t...ivex/hcImpl.cab
O16 - DPF: {BE833F39-1E0C-468C-BA70-25AAEE55775E} (System Requirements Lab) - http://www.systemreq...m/sysreqlab.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: gebca - C:\WINDOWS\system32\gebca.dll (file missing)
O20 - Winlogon Notify: mljjh - C:\WINDOWS\system32\mljjh.dll
O20 - Winlogon Notify: nnnnllj - C:\WINDOWS\SYSTEM32\nnnnllj.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: WMP54Gv4SVC - Unknown owner - C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe" "WMP54Gv4.exe (file missing)
  • 0

Advertisements


#2
loophole

loophole

    Malware Expert

  • Retired Staff
  • 9,798 posts
Hello

Download ComboFix from Here or Here to your Desktop.
  • Double click combofix.exe and follow the prompts.
  • When finished, it shall produce a log for you. Post that log and a HiJackthis log in your next reply
Note: Do not mouseclick combofix's window while its running. That may cause it to stall
  • 0

#3
Ringlord

Ringlord

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
Done. Here are the logs from both scans (ComboFix first):

"user" - 2007-05-13 20:36:53 Service Pack 2
ComboFix 07-05.13.V - Running from: "C:\Documents and Settings\user\Desktop\"


(((((((((((((((((((((((((((((((((((((((((((((((((( V Log )))))))))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\system32\efcyvsr.dll
C:\WINDOWS\system32\kpjegjgk.dll
C:\WINDOWS\system32\lnojybhv.dll
C:\WINDOWS\system32\rrjvtduc.dll
C:\WINDOWS\system32\yaywtss.dll
C:\WINDOWS\system32\vhbyjonl.ini
C:\WINDOWS\system32\nnnnllj.dll


* * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *



(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\Program Files\Common Files\Yazzle1281OinUninstaller.exe
C:\WINDOWS\system32\~.exe
~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ Purity ~ ~ ~ ~ ~ ~ ~ ~~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~
Folders Quarantined:
C:\qoobox\purity\C\Program Files\Common Files\SCURIT~1


((((((((((((((((((((((((((((((( Files Created from 2007-04-05 to 2007-05-13 ))))))))))))))))))))))))))))))))))


2007-05-13 20:43 4,083 --a------ C:\WINDOWS\system32\awtqn.dll
2007-05-13 18:17 24,064 -ra------ C:\WINDOWS\system32\PostProc.dll
2007-05-13 18:16 36,352 --a------ C:\WINDOWS\system32\drivers\AmdK8.sys
2007-05-13 18:16 <DIR> d-------- C:\WINDOWS\NV1364888.TMP
2007-05-13 18:16 <DIR> d-------- C:\Program Files\AMD
2007-05-13 18:11 <DIR> d-------- C:\WINDOWS\Prefetch
2007-05-13 17:36 24,661 --a------ C:\WINDOWS\system32\spxcoins.dll
2007-05-13 17:36 13,312 --a------ C:\WINDOWS\system32\irclass.dll
2007-05-13 14:27 <DIR> d-------- C:\DOCUME~1\user\APPLIC~1\RecordPad
2007-05-13 14:27 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\NCH Swift Sound
2007-05-12 22:52 956,797 --ahs---- C:\WINDOWS\system32\hjjlm.bak2
2007-05-11 16:02 262,708 --ahs---- C:\WINDOWS\system32\mljjh.dll
2007-05-08 10:10 <DIR> d-------- C:\DOCUME~1\user\APPLIC~1\InterVideo
2007-05-08 10:08 <DIR> d-------- C:\Program Files\InterVideo
2007-05-06 14:15 <DIR> d-------- C:\Program Files\AutoHotkey
2007-05-01 20:18 <DIR> d-------- C:\DOCUME~1\user\APPLIC~1\Azureus
2007-05-01 20:18 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Azureus
2007-05-01 20:12 <DIR> d-------- C:\DOCUME~1\user\APPLIC~1\uTorrent
2007-04-25 17:11 76,560 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys
2007-04-25 17:04 <DIR> d-------- C:\DOCUME~1\user\.housecall6.6
2007-04-25 16:19 930,247 --ahs---- C:\WINDOWS\system32\acbeg.bak2
2007-04-25 16:16 524,288 --ah----- C:\DOCUME~1\ADMINI~1\NTUSER.DAT
2007-04-23 22:40 866,492 --ahs---- C:\WINDOWS\system32\acbeg.bak1
2007-04-16 21:07 <DIR> d-------- C:\Program Files\GraphCalc


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2007-05-14 03:46:00 -------- d-----w C:\Program Files\Steam
2007-05-14 01:16:44 -------- d--h--w C:\Program Files\InstallShield Installation Information
2007-05-14 01:03:20 22,720 ----a-w C:\WINDOWS\system32\emptyregdb.dat
2007-05-14 01:02:53 -------- d-----w C:\Program Files\Messenger
2007-05-13 21:27:39 -------- d-----w C:\Program Files\NCH Swift Sound
2007-05-13 21:27:36 -------- d-----w C:\DOCUME~1\user\APPLIC~1\NCH Swift Sound
2007-05-12 05:05:37 -------- d-----w C:\Program Files\Ubisoft
2007-05-08 03:27:43 -------- d-----w C:\Program Files\PeerGuardian2
2007-05-06 20:40:26 -------- d-----w C:\Program Files\CAPCOM
2007-04-25 23:35:24 2,933 ----a-w C:\WINDOWS\mozver.dat
2007-04-22 01:48:55 -------- d-----w C:\DOCUME~1\user\APPLIC~1\RipIt4Me
2007-04-22 01:13:53 -------- d-----w C:\Program Files\Diablo II
2007-04-07 23:08:21 -------- d-----w C:\Program Files\VentSrv
2007-04-07 23:08:00 -------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2007-03-26 03:56:20 -------- d-----w C:\Program Files\RipIt4Me
2007-03-26 03:47:35 -------- d-----w C:\Program Files\Cucusoft
2007-03-23 00:43:00 -------- d-----w C:\Program Files\THQ
2007-03-22 19:16:11 -------- d-----w C:\DOCUME~1\user\APPLIC~1\dvdcss
2007-03-19 23:04:35 -------- d-----w C:\Program Files\ScummVM
2007-03-18 22:04:15 -------- d-----w C:\Program Files\Advent Rising
2007-03-18 21:08:44 -------- d-----w C:\Program Files\EA GAMES
2007-03-12 00:16:33 -------- d-----w C:\Program Files\SEGA
2007-03-08 01:52:13 -------- d-----w C:\Program Files\Quick Screen Recorder
2007-02-23 23:42:59 31,248 ----a-w C:\DOCUME~1\user\APPLIC~1\GDIPFONTCACHEV1.DAT


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}=C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2006-01-12 21:38]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}=C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll [2006-11-09 16:21]
{A5422C57-4F49-452A-A68F-D882BAAC47EC}=C:\WINDOWS\system32\gebca.dll []
{AA58ED58-01DD-4d91-8333-CF10577473F7}=c:\program files\google\googletoolbar4.dll [2007-01-20 00:55]
{D127618E-C057-430F-89E2-1D83821A9868}=C:\WINDOWS\system32\hncrsywd.dll []
{E63685A5-8ABE-4BDC-8CB5-C0A4309A7201}=C:\WINDOWS\system32\mljjh.dll [2007-05-11 16:03]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"SoundMAX"="\"C:\\Program Files\\Analog Devices\\SoundMAX\\Smax4.exe\" /tray"
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"nwiz"="nwiz.exe /install"
"AVG7_CC"="C:\\PROGRA~1\\Grisoft\\AVG7\\avgcc.exe /STARTUP"
"IMJPMIG8.1"="\"C:\\WINDOWS\\IME\\imjp8_1\\IMJPMIG.EXE\" /Spoil /RemAdvDef /Migration32"
"MSPY2002"="C:\\WINDOWS\\system32\\IME\\PINTLGNT\\ImScInst.exe /SYNC"
"PHIME2002ASync"="C:\\WINDOWS\\system32\\IME\\TINTLGNT\\TINTSETP.EXE /SYNC"
"PHIME2002A"="C:\\WINDOWS\\system32\\IME\\TINTLGNT\\TINTSETP.EXE /IMEName"
"itype"="\"C:\\Program Files\\Microsoft IntelliType Pro\\itype.exe\""
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE"
"LVCOMSX"="C:\\WINDOWS\\system32\\LVCOMSX.EXE"
"LogitechVideoRepair"="C:\\Program Files\\Logitech\\Video\\ISStart.exe "
"LogitechVideoTray"="C:\\Program Files\\Logitech\\Video\\LogiTray.exe"
"NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.5.0_10\\bin\\jusched.exe\""
"Google Desktop Search"="\"C:\\Program Files\\Google\\Google Desktop Search\\GoogleDesktop.exe\" /startup"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"RecordPadRun"="\"C:\\Program Files\\NCH Swift Sound\\RecordPad\\recordpad.exe\" -logon"
"NvMediaCenter"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvMcTray.dll,NvTaskbarInit"
"SoundMAXPnP"="C:\\Program Files\\Analog Devices\\Core\\smax4pnp.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAX"="C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" [2006-04-10 09:19]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-10-22 13:22]
"nwiz"="nwiz.exe" [2006-10-22 13:22 C:\WINDOWS\system32\nwiz.exe])
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-04-27 15:59]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" [2004-08-03 18:07]
"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" []
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" []
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" []
"itype"="C:\Program Files\Microsoft IntelliType Pro\itype.exe" [2005-12-04 16:38]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [])
"LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2005-07-19 17:32]
"LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [2005-06-08 15:24]
"LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [2005-06-08 15:14]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe" [2006-11-09 16:07]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2006-10-16 18:19]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-10-25 19:58]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2006-10-30 10:36]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2006-12-30 19:03]
"RecordPadRun"="C:\Program Files\NCH Swift Sound\RecordPad\recordpad.exe" [2007-05-13 14:27]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-10-22 13:22]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2006-04-30 19:07]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 18:07]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 13:54]
"Steam"="c:\program files\steam\steam.exe" [2007-01-09 17:22]
"LogitechSoftwareUpdate"="C:\Program Files\Logitech\Video\ManifestEngine.exe" [2005-06-08 14:44]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2007-01-26 00:24]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"MsnMsgr"="\"C:\\Program Files\\MSN Messenger\\MsnMsgr.Exe\" /background"
"Steam"="\"c:\\program files\\steam\\steam.exe\" -silent"
"LogitechSoftwareUpdate"="\"C:\\Program Files\\Logitech\\Video\\ManifestEngine.exe\" boot"
"swg"="C:\\Program Files\\Google\\GoogleToolbarNotifier\\1.2.1128.5462\\GoogleToolbarNotifier.exe"


HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\gebca
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\mljjh

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"appinit_dlls"="C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL"

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa
Authentication Packages msv1_0\0\0
Security Packages kerberos\0msv1_0\0schannel\0wdigest\0\0
Notification Packages scecli\0\0

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ipwins
C:\Program Files\Ipwindows\ipwins.exe

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\printdrive
rundll32.exe "C:\WINDOWS\system32\kpjegjgk.dll",setvm


[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost]
HTTPFilter HTTPFilter\0\0
LocalService Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService DnsCache\0\0
DcomLaunch DcomLaunch\0TermService\0\0
rpcss RpcSs\0\0
imgsvc StiSvc\0\0
termsvcs TermService\0\0

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost

*newlycreated* - HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\LEGACY_GTNDIS5

Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\AppleSoftwareUpdate.job

********************************************************************

catchme 0.3.660 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-05-13 20:47:18
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


********************************************************************

Completion time: 2007-05-13 20:50:29 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-05-13 20:50


And the HijackThis log:

Logfile of HijackThis v1.99.1
Scan saved at 9:07:27 PM, on 5/13/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe
C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WMP54Gv4.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\user\Desktop\HijackThis\aaa.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {0CE9A6FD-44B9-4F05-8CB2-010A01E5A1BC} - C:\WINDOWS\system32\mljjh.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {A5422C57-4F49-452A-A68F-D882BAAC47EC} - C:\WINDOWS\system32\gebca.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: (no name) - {D127618E-C057-430F-89E2-1D83821A9868} - C:\WINDOWS\system32\hncrsywd.dll (file missing)
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe"
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [RecordPadRun] "C:\Program Files\NCH Swift Sound\RecordPad\recordpad.exe" -logon
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.t...ivex/hcImpl.cab
O16 - DPF: {BE833F39-1E0C-468C-BA70-25AAEE55775E} (System Requirements Lab) - http://www.systemreq...m/sysreqlab.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: gebca - C:\WINDOWS\system32\gebca.dll (file missing)
O20 - Winlogon Notify: mljjh - C:\WINDOWS\system32\mljjh.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: WMP54Gv4SVC - Unknown owner - C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe" "WMP54Gv4.exe (file missing)
  • 0

#4
loophole

loophole

    Malware Expert

  • Retired Staff
  • 9,798 posts
Hi

A couple more post and we will have it

Please download VundoFix.exe to your desktop
  • Double-click VundoFix.exe to run it.
  • Click the Scan for Vundo button.
  • Once it's done scanning, click the Remove Vundo button.
  • You will receive a prompt asking if you want to remove the files, click YES
  • Once you click yes, your desktop will go blank as it starts removing Vundo.
  • When completed, it will prompt that it will reboot your computer, click OK.
  • Please post the contents of C:\vundofix.txt and a new HiJackThis log in a reply to this thread.
Note: It is possible that VundoFix encountered a file it could not remove. In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button" when VundoFix appears upon rebooting.


Also rescan with combofix and post the log.

Thanks :whistling:
  • 0

#5
Ringlord

Ringlord

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
Sorry for the delay, I've just been really busy for the last couple days to even get to this stage. Anyway, first the VundoFix log:


VundoFix V6.3.21

Checking Java version...

Java version is 1.5.0.7
Old versions of java are exploitable and should be removed.

Java version is 1.5.0.10

Scan started at 9:25:15 PM 5/16/2007

Listing files found while scanning....

C:\WINDOWS\system32\acbeg.bak1
C:\WINDOWS\system32\acbeg.bak2
C:\WINDOWS\system32\acbeg.tmp
C:\WINDOWS\system32\gebca.dll
C:\WINDOWS\system32\mljjh.dll

Beginning removal...

Attempting to delete C:\WINDOWS\system32\acbeg.bak1
C:\WINDOWS\system32\acbeg.bak1 Has been deleted!

Attempting to delete C:\WINDOWS\system32\acbeg.bak2
C:\WINDOWS\system32\acbeg.bak2 Has been deleted!

Attempting to delete C:\WINDOWS\system32\acbeg.tmp
C:\WINDOWS\system32\acbeg.tmp Has been deleted!

Attempting to delete C:\WINDOWS\system32\mljjh.dll
C:\WINDOWS\system32\mljjh.dll Has been deleted!

Performing Repairs to the registry.
Done!


And the new ComboFix log:

"user" - 2007-05-16 21:32:13 Service Pack 2
ComboFix 07-05.13.V - Running from: "C:\Documents and Settings\user\Desktop\"


(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ Purity ~ ~ ~ ~ ~ ~ ~ ~~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~
Folders Quarantined:
C:\qoobox\purity\C\Program Files\Common Files\SCURIT~1


((((((((((((((((((((((((((((((( Files Created from 2007-04-05 to 2007-05-16 ))))))))))))))))))))))))))))))))))


2007-05-16 21:25 <DIR> d-------- C:\VundoFix Backups
2007-05-13 20:50 49,152 --a------ C:\WINDOWS\nircmd.exe
2007-05-13 20:43 5,543 --a------ C:\WINDOWS\system32\awtqn.dll
2007-05-13 18:17 24,064 -ra------ C:\WINDOWS\system32\PostProc.dll
2007-05-13 18:16 36,352 --a------ C:\WINDOWS\system32\drivers\AmdK8.sys
2007-05-13 18:16 <DIR> d-------- C:\WINDOWS\NV1364888.TMP
2007-05-13 18:16 <DIR> d-------- C:\Program Files\AMD
2007-05-13 18:11 <DIR> d-------- C:\WINDOWS\Prefetch
2007-05-13 17:36 24,661 --a------ C:\WINDOWS\system32\spxcoins.dll
2007-05-13 17:36 13,312 --a------ C:\WINDOWS\system32\irclass.dll
2007-05-13 14:27 <DIR> d-------- C:\DOCUME~1\user\APPLIC~1\RecordPad
2007-05-13 14:27 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\NCH Swift Sound
2007-05-12 22:52 956,797 --ahs---- C:\WINDOWS\system32\hjjlm.bak2
2007-05-08 10:10 <DIR> d-------- C:\DOCUME~1\user\APPLIC~1\InterVideo
2007-05-08 10:08 <DIR> d-------- C:\Program Files\InterVideo
2007-05-06 14:15 <DIR> d-------- C:\Program Files\AutoHotkey
2007-05-01 20:18 <DIR> d-------- C:\DOCUME~1\user\APPLIC~1\Azureus
2007-05-01 20:18 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Azureus
2007-05-01 20:12 <DIR> d-------- C:\DOCUME~1\user\APPLIC~1\uTorrent
2007-04-25 17:11 76,560 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys
2007-04-25 17:04 <DIR> d-------- C:\DOCUME~1\user\.housecall6.6
2007-04-25 16:16 348,160 --a------ C:\DOCUME~1\ADMINI~1\NTUSER.DAT
2007-04-16 21:07 <DIR> d-------- C:\Program Files\GraphCalc


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2007-05-17 04:30:13 -------- d-----w C:\Program Files\Steam
2007-05-16 23:34:07 -------- d-----w C:\Program Files\ScummVM
2007-05-16 22:53:49 -------- d-----w C:\Program Files\CAPCOM
2007-05-16 03:39:05 -------- d-----w C:\Program Files\PeerGuardian2
2007-05-14 01:16:44 -------- d--h--w C:\Program Files\InstallShield Installation Information
2007-05-14 01:03:20 22,720 ----a-w C:\WINDOWS\system32\emptyregdb.dat
2007-05-14 01:02:53 -------- d-----w C:\Program Files\Messenger
2007-05-13 21:27:39 -------- d-----w C:\Program Files\NCH Swift Sound
2007-05-13 21:27:36 -------- d-----w C:\DOCUME~1\user\APPLIC~1\NCH Swift Sound
2007-05-12 05:05:37 -------- d-----w C:\Program Files\Ubisoft
2007-04-25 23:35:24 2,933 ----a-w C:\WINDOWS\mozver.dat
2007-04-22 01:48:55 -------- d-----w C:\DOCUME~1\user\APPLIC~1\RipIt4Me
2007-04-22 01:13:53 -------- d-----w C:\Program Files\Diablo II
2007-04-07 23:08:21 -------- d-----w C:\Program Files\VentSrv
2007-04-07 23:08:00 -------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2007-03-26 03:56:20 -------- d-----w C:\Program Files\RipIt4Me
2007-03-26 03:47:35 -------- d-----w C:\Program Files\Cucusoft
2007-03-23 00:43:00 -------- d-----w C:\Program Files\THQ
2007-03-22 19:16:11 -------- d-----w C:\DOCUME~1\user\APPLIC~1\dvdcss
2007-03-18 22:04:15 -------- d-----w C:\Program Files\Advent Rising
2007-03-18 21:08:44 -------- d-----w C:\Program Files\EA GAMES
2007-03-12 00:16:33 -------- d-----w C:\Program Files\SEGA
2007-03-08 01:52:13 -------- d-----w C:\Program Files\Quick Screen Recorder
2007-02-23 23:42:59 31,248 ----a-w C:\DOCUME~1\user\APPLIC~1\GDIPFONTCACHEV1.DAT


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}=C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2006-01-12 21:38]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}=C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll [2006-11-09 16:21]
{A5422C57-4F49-452A-A68F-D882BAAC47EC}=C:\WINDOWS\system32\gebca.dll []
{AA58ED58-01DD-4d91-8333-CF10577473F7}=c:\program files\google\googletoolbar4.dll [2007-01-20 00:55]
{D127618E-C057-430F-89E2-1D83821A9868}=C:\WINDOWS\system32\hncrsywd.dll []
{F7CD8648-FDAB-4326-B4AB-E8E03C0E77BD}=C:\WINDOWS\system32\mljjh.dll []

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"SoundMAX"="\"C:\\Program Files\\Analog Devices\\SoundMAX\\Smax4.exe\" /tray"
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"nwiz"="nwiz.exe /install"
"IMJPMIG8.1"="\"C:\\WINDOWS\\IME\\imjp8_1\\IMJPMIG.EXE\" /Spoil /RemAdvDef /Migration32"
"MSPY2002"="C:\\WINDOWS\\system32\\IME\\PINTLGNT\\ImScInst.exe /SYNC"
"PHIME2002ASync"="C:\\WINDOWS\\system32\\IME\\TINTLGNT\\TINTSETP.EXE /SYNC"
"PHIME2002A"="C:\\WINDOWS\\system32\\IME\\TINTLGNT\\TINTSETP.EXE /IMEName"
"itype"="\"C:\\Program Files\\Microsoft IntelliType Pro\\itype.exe\""
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE"
"LVCOMSX"="C:\\WINDOWS\\system32\\LVCOMSX.EXE"
"LogitechVideoRepair"="C:\\Program Files\\Logitech\\Video\\ISStart.exe "
"LogitechVideoTray"="C:\\Program Files\\Logitech\\Video\\LogiTray.exe"
"NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.5.0_10\\bin\\jusched.exe\""
"Google Desktop Search"="\"C:\\Program Files\\Google\\Google Desktop Search\\GoogleDesktop.exe\" /startup"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"RecordPadRun"="\"C:\\Program Files\\NCH Swift Sound\\RecordPad\\recordpad.exe\" -logon"
"NvMediaCenter"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvMcTray.dll,NvTaskbarInit"
"SoundMAXPnP"="C:\\Program Files\\Analog Devices\\Core\\smax4pnp.exe"
"AVG7_CC"="C:\\PROGRA~1\\Grisoft\\AVG7\\avgcc.exe /STARTUP"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAX"="C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" [2006-04-10 09:19]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-10-22 13:22]
"nwiz"="nwiz.exe" [2006-10-22 13:22 C:\WINDOWS\system32\nwiz.exe])
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" [2004-08-03 18:07]
"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" []
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" []
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" []
"itype"="C:\Program Files\Microsoft IntelliType Pro\itype.exe" [2005-12-04 16:38]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [])
"LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2005-07-19 17:32]
"LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [2005-06-08 15:24]
"LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [2005-06-08 15:14]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe" [2006-11-09 16:07]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2006-10-16 18:19]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-10-25 19:58]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2006-10-30 10:36]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2006-12-30 19:03]
"RecordPadRun"="C:\Program Files\NCH Swift Sound\RecordPad\recordpad.exe" [2007-05-13 14:27]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-10-22 13:22]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2006-04-30 19:07]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-05-15 16:54]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 18:07]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 13:54]
"Steam"="c:\program files\steam\steam.exe" [2007-01-09 17:22]
"LogitechSoftwareUpdate"="C:\Program Files\Logitech\Video\ManifestEngine.exe" [2005-06-08 14:44]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2007-01-26 00:24]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"MsnMsgr"="\"C:\\Program Files\\MSN Messenger\\MsnMsgr.Exe\" /background"
"Steam"="\"c:\\program files\\steam\\steam.exe\" -silent"
"LogitechSoftwareUpdate"="\"C:\\Program Files\\Logitech\\Video\\ManifestEngine.exe\" boot"
"swg"="C:\\Program Files\\Google\\GoogleToolbarNotifier\\1.2.1128.5462\\GoogleToolbarNotifier.exe"


HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\gebca

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"appinit_dlls"="C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL"

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa
Authentication Packages msv1_0\0\0
Security Packages kerberos\0msv1_0\0schannel\0wdigest\0\0
Notification Packages scecli\0\0

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ipwins
C:\Program Files\Ipwindows\ipwins.exe

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\printdrive
rundll32.exe "C:\WINDOWS\system32\kpjegjgk.dll",setvm


[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost]
HTTPFilter HTTPFilter\0\0
LocalService Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService DnsCache\0\0
DcomLaunch DcomLaunch\0TermService\0\0
rpcss RpcSs\0\0
imgsvc StiSvc\0\0
termsvcs TermService\0\0

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost

*newlycreated* - HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\LEGACY_GTNDIS5

Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\AppleSoftwareUpdate.job

********************************************************************

catchme 0.3.660 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-05-16 21:38:27
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


********************************************************************

Completion time: 2007-05-16 21:38:35
C:\ComboFix-quarantined-files.txt ... 2007-05-16 21:38
C:\ComboFix2.txt ... 2007-05-13 20:50
  • 0

#6
loophole

loophole

    Malware Expert

  • Retired Staff
  • 9,798 posts
Hi

No problem on the delay, been busy myself

Locate Hijackthis.exe on your desktop and right click it and select rename. Rename it to HJT.exe (or whatever you want) then rescan with HJT.exe and post the resulting log
  • 0

#7
Ringlord

Ringlord

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
Here you go:

Logfile of HijackThis v1.99.1
Scan saved at 4:53:14 PM, on 5/17/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe
C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WMP54Gv4.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\NCH Swift Sound\RecordPad\recordpad.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\user\Desktop\HJT.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {A5422C57-4F49-452A-A68F-D882BAAC47EC} - C:\WINDOWS\system32\gebca.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: (no name) - {D127618E-C057-430F-89E2-1D83821A9868} - C:\WINDOWS\system32\hncrsywd.dll (file missing)
O2 - BHO: (no name) - {F7CD8648-FDAB-4326-B4AB-E8E03C0E77BD} - C:\WINDOWS\system32\mljjh.dll (file missing)
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe"
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [RecordPadRun] "C:\Program Files\NCH Swift Sound\RecordPad\recordpad.exe" -logon
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.t...ivex/hcImpl.cab
O16 - DPF: {BE833F39-1E0C-468C-BA70-25AAEE55775E} (System Requirements Lab) - http://www.systemreq...m/sysreqlab.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: gebca - C:\WINDOWS\system32\gebca.dll (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: WMP54Gv4SVC - Unknown owner - C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe" "WMP54Gv4.exe (file missing)
  • 0

#8
loophole

loophole

    Malware Expert

  • Retired Staff
  • 9,798 posts
Hello :whistling:

Lets get to the final clean up

Please re-open HiJackThis and scan. Check the boxes next to all the entries listed below.

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {A5422C57-4F49-452A-A68F-D882BAAC47EC} - C:\WINDOWS\system32\gebca.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: (no name) - {D127618E-C057-430F-89E2-1D83821A9868} - C:\WINDOWS\system32\hncrsywd.dll (file missing)
O2 - BHO: (no name) - {F7CD8648-FDAB-4326-B4AB-E8E03C0E77BD} - C:\WINDOWS\system32\mljjh.dll (file missing)
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O20 - Winlogon Notify: gebca - C:\WINDOWS\system32\gebca.dll (file missing)

Now close all windows other than HiJackThis, then click Fix Checked.
Close HiJackThis.

Browse for and delete the following fies using windows explorer (right click start, left click explore):

C:\WINDOWS\system32\awtqn.dll
C:\WINDOWS\system32\hjjlm.bak2

Please go HERE to run Panda's ActiveScan
  • Once you are on the Panda site click the Scan your PC button
  • A new window will open...click the Check Now button
  • Enter your Country
  • Enter your State/Province
  • Enter your e-mail address and click send
  • Select either Home User or Company
  • Click the big Scan Now button
  • If it wants to install an ActiveX component allow it
  • It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
  • When download is complete, click on My Computer to start the scan
  • When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location. Post the contents of the ActiveScan report along with a new hijackthis log.

  • 0

#9
Ringlord

Ringlord

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
Alright. Finally got around to all this, did everything except delete the file hjjlm.bak2 as it was nowhere to be found in the target directory. Anyway, here's the ActiveScan report (Three pages long, sorry):


Incident Status Location

Potentially unwanted tool:application/winfixer2005 Not disinfected c:\windows\downloaded program files\UWA7P_0001_N91M0809NetInstaller.exe
Dialer:dialer.su Not disinfected hkey_local_machine\software\microsoft\windows\currentversion\uninstall\Switch
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\4h60pk3c.default\cookies.txt[.doubleclick.net/]
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\4h60pk3c.default\cookies.txt[.atdmt.com/]
Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\4h60pk3c.default\cookies.txt[.ads.pointroll.com/]
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\4h60pk3c.default\cookies.txt[.com.com/]
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\4h60pk3c.default\cookies.txt[.tribalfusion.com/]
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\4h60pk3c.default\cookies.txt[ad.yieldmanager.com/]
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\4h60pk3c.default\cookies.txt[.bs.serving-sys.com/]
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\4h60pk3c.default\cookies.txt[.serving-sys.com/]
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\4h60pk3c.default\cookies.txt[.advertising.com/]
Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\4h60pk3c.default\cookies.txt[.casalemedia.com/]
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\4h60pk3c.default\cookies.txt[.2o7.net/]
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\4h60pk3c.default\cookies.txt[.fastclick.net/]
Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\4h60pk3c.default\cookies.txt[.hitbox.com/]
Spyware:Cookie/adultfriendfinder Not disinfected C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\4h60pk3c.default\cookies.txt[.adultfriendfinder.com/]
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\4h60pk3c.default\cookies.txt[.mediaplex.com/]
Spyware:Cookie/BurstNet Not disinfected C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\4h60pk3c.default\cookies.txt[.burstnet.com/]
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\4h60pk3c.default\cookies.txt[.questionmarket.com/]
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\4h60pk3c.default\cookies.txt[.247realmedia.com/]
Spyware:Cookie/HotLog Not disinfected C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\4h60pk3c.default\cookies.txt[.hotlog.ru/]
Spyware:Cookie/Yadro Not disinfected C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\4h60pk3c.default\cookies.txt[.yadro.ru/]
Spyware:Cookie/SpyLog Not disinfected C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\4h60pk3c.default\cookies.txt[.spylog.com/]
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\4h60pk3c.default\cookies.txt[.adrevolver.com/]
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\4h60pk3c.default\cookies.txt[.zedo.com/]
Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\4h60pk3c.default\cookies.txt[.statcounter.com/]
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\4h60pk3c.default\cookies.txt[.perf.overture.com/]
Spyware:Cookie/Reliablestats Not disinfected C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\4h60pk3c.default\cookies.txt[stats1.reliablestats.com/]
Spyware:Cookie/Systemdoctor Not disinfected C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\4h60pk3c.default\cookies.txt[.systemdoctor.com/]
Spyware:Cookie/Reliablestats Not disinfected C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\4h60pk3c.default\cookies.txt[stats1.reliablestats.com/]
Spyware:Cookie/Systemdoctor Not disinfected C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\4h60pk3c.default\cookies.txt[.systemdoctor.com/]
Spyware:Cookie/Adtech Not disinfected C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\4h60pk3c.default\cookies.txt[.adtech.de/]
Spyware:Cookie/NewMedia Not disinfected C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\4h60pk3c.default\cookies.txt[.anm.co.uk/]
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\4h60pk3c.default\cookies.txt[.atwola.com/]
Spyware:Cookie/bravenetA Not disinfected C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\4h60pk3c.default\cookies.txt[.bravenet.com/]
Spyware:Cookie/cs.sexcounter Not disinfected C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\4h60pk3c.default\cookies.txt[.cs.sexcounter.com/]
Spyware:Cookie/Screensavers Not disinfected C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\4h60pk3c.default\cookies.txt[.i.screensavers.com/]
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\4h60pk3c.default\cookies.txt[.realmedia.com/]
Spyware:Cookie/WUpd Not disinfected C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\4h60pk3c.default\cookies.txt[.revenue.net/]
Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\4h60pk3c.default\cookies.txt[.trafficmp.com/]
Spyware:Cookie/Weborama Not disinfected C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\4h60pk3c.default\cookies.txt[.weborama.fr/]
Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\4h60pk3c.default\cookies.txt[.xiti.com/]
Spyware:Cookie/Adserver Not disinfected C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\4h60pk3c.default\cookies.txt[adserver.filefront.com/]
Spyware:Cookie/Searchportal Not disinfected C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\4h60pk3c.default\cookies.txt[searchportal.information.com/]
Spyware:Cookie/BurstBeacon Not disinfected C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\4h60pk3c.default\cookies.txt[www.burstbeacon.com/]
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\user\Cookies\[email protected][1].txt
Spyware:Cookie/Hbmediapro Not disinfected C:\Documents and Settings\user\Cookies\[email protected][2].txt
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\user\Cookies\[email protected][1].txt
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\user\Cookies\[email protected][1].txt
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\user\Cookies\[email protected][2].txt
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\user\Cookies\[email protected][1].txt
Spyware:Cookie/BurstNet Not disinfected C:\Documents and Settings\user\Cookies\[email protected][2].txt
Spyware:Cookie/Cd Freaks Not disinfected C:\Documents and Settings\user\Cookies\[email protected][1].txt
Spyware:Cookie/Cgi-bin Not disinfected C:\Documents and Settings\user\Cookies\[email protected][1].txt
Spyware:Cookie/Cgi-bin Not disinfected C:\Documents and Settings\user\Cookies\[email protected][3].txt
Spyware:Cookie/Cgi-bin Not disinfected C:\Documents and Settings\user\Cookies\[email protected][4].txt
Spyware:Cookie/Cgi-bin Not disinfected C:\Documents and Settings\user\Cookies\[email protected][9].txt
Spyware:Cookie/Cd Freaks Not disinfected C:\Documents and Settings\user\Cookies\[email protected][1].txt
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\user\Cookies\[email protected][1].txt
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\user\Cookies\[email protected][1].txt
Spyware:Cookie/Toplist Not disinfected C:\Documents and Settings\user\Cookies\[email protected][1].txt
Spyware:Cookie/Tucows Not disinfected C:\Documents and Settings\user\Cookies\[email protected][2].txt
Spyware:Cookie/BurstBeacon Not disinfected C:\Documents and Settings\user\Cookies\[email protected][1].txt
Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\user\Cookies\[email protected][1].txt
Spyware:Cookie/Yadro Not disinfected C:\Documents and Settings\user\Cookies\[email protected][2].txt
Potentially unwanted tool:Application/NirCmd.A Not disinfected C:\Documents and Settings\user\Desktop\ComboFix.exe[ComboFixT\nircmd.exe]
Potentially unwanted tool:Application/FileProtec.A Not disinfected C:\Documents and Settings\user\Desktop\Old HDDs\DMITRI (F)\MACOSX\FlyakiteOSX v3.5.exe[wfpdisable.exe]
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\user\Desktop\Old HDDs\Old D\Documents and Settings\007\Application Data\Mozilla\Firefox\Profiles\7fni0kzy.default\cookies.txt[.atdmt.com/]
Spyware:Cookie/HotLog Not disinfected C:\Documents and Settings\user\Desktop\Old HDDs\Old D\Documents and Settings\007\Application Data\Mozilla\Firefox\Profiles\7fni0kzy.default\cookies.txt[.hotlog.ru/]
Spyware:Cookie/Yadro Not disinfected C:\Documents and Settings\user\Desktop\Old HDDs\Old D\Documents and Settings\007\Application Data\Mozilla\Firefox\Profiles\7fni0kzy.default\cookies.txt[.yadro.ru/]
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\user\Desktop\Old HDDs\Old D\Documents and Settings\007\Application Data\Mozilla\Firefox\Profiles\7fni0kzy.default\cookies.txt[ad.yieldmanager.com/]
Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\user\Desktop\Old HDDs\Old D\Documents and Settings\007\Application Data\Mozilla\Firefox\Profiles\7fni0kzy.default\cookies.txt[.ads.pointroll.com/]
Spyware:Cookie/Falkag Not disinfected C:\Documents and Settings\user\Desktop\Old HDDs\Old D\Documents and Settings\007\Application Data\Mozilla\Firefox\Profiles\7fni0kzy.default\cookies.txt[.as-eu.falkag.net/]
Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\user\Desktop\Old HDDs\Old D\Documents and Settings\007\Application Data\Mozilla\Firefox\Profiles\7fni0kzy.default\cookies.txt[.statcounter.com/]
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\user\Desktop\Old HDDs\Old D\Documents and Settings\007\Application Data\Mozilla\Firefox\Profiles\7fni0kzy.default\cookies.txt[.realmedia.com/]
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\user\Desktop\Old HDDs\Old D\Documents and Settings\007\Application Data\Mozilla\Firefox\Profiles\7fni0kzy.default\cookies.txt[.questionmarket.com/]
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\user\Desktop\Old HDDs\Old D\Documents and Settings\007\Application Data\Mozilla\Firefox\Profiles\7fni0kzy.default\cookies.txt[.com.com/]
Spyware:Cookie/CentrPort Not disinfected C:\Documents and Settings\user\Desktop\Old HDDs\Old D\Documents and Settings\007\Application Data\Mozilla\Firefox\Profiles\7fni0kzy.default\cookies.txt[.centrport.net/]
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\user\Desktop\Old HDDs\Old D\Documents and Settings\007\Application Data\Mozilla\Firefox\Profiles\7fni0kzy.default\cookies.txt[.serving-sys.com/]
Spyware:Cookie/SpyLog Not disinfected C:\Documents and Settings\user\Desktop\Old HDDs\Old D\Documents and Settings\007\Application Data\Mozilla\Firefox\Profiles\7fni0kzy.default\cookies.txt[.spylog.com/]
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\user\Desktop\Old HDDs\Old D\Documents and Settings\007\Application Data\Mozilla\Firefox\Profiles\7fni0kzy.default\cookies.txt[.tribalfusion.com/]
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\user\Desktop\Old HDDs\Old D\Documents and Settings\007\Application Data\Mozilla\Firefox\Profiles\7fni0kzy.default\cookies.txt[bs.serving-sys.com/]
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\user\Desktop\Old HDDs\Old D\Documents and Settings\007\Application Data\Mozilla\Profiles\lennikov\t52xd3je.slt\cookies.txt[.atwola.com/]
Spyware:Cookie/CentrPort Not disinfected C:\Documents and Settings\user\Desktop\Old HDDs\Old D\Documents and Settings\007\Application Data\Mozilla\Profiles\lennikov\t52xd3je.slt\cookies.txt[.centrport.net/]
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\user\Desktop\Old HDDs\Old D\Documents and Settings\007\Application Data\Mozilla\Profiles\lennikov\t52xd3je.slt\cookies.txt[.tribalfusion.com/]
Spyware:Cookie/Yadro Not disinfected C:\Documents and Settings\user\Desktop\Old HDDs\Old D\Documents and Settings\007\Application Data\Mozilla\Profiles\lennikov\t52xd3je.slt\cookies.txt[.yadro.ru/]
Spyware:Cookie/Rightmedia Not disinfected C:\Documents and Settings\user\Desktop\Old HDDs\Old D\Documents and Settings\007\Application Data\Mozilla\Profiles\lennikov\t52xd3je.slt\cookies.txt[rightmedia.net/]
Spyware:Cookie/64.62.232 Not disinfected C:\Documents and Settings\user\Desktop\Old HDDs\Old D\Documents and Settings\007\Cookies\[email protected][4].txt
Spyware:Cookie/888 Not disinfected C:\Documents and Settings\user\Desktop\Old HDDs\Old D\Documents and Settings\007\Cookies\[email protected][1].txt
Spyware:Cookie/888 Not disinfected C:\Documents and Settings\user\Desktop\Old HDDs\Old D\Documents and Settings\007\Cookies\[email protected][2].txt
Spyware:Cookie/888 Not disinfected C:\Documents and Settings\user\Desktop\Old HDDs\Old D\Documents and Settings\007\Cookies\[email protected][3].txt
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\user\Desktop\Old HDDs\Old D\Documents and Settings\007\Cookies\[email protected][1].txt
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\user\Desktop\Old HDDs\Old D\Documents and Settings\007\Cookies\[email protected][1].txt
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\user\Desktop\Old HDDs\Old D\Documents and Settings\007\Cookies\[email protected][2].txt
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\user\Desktop\Old HDDs\Old D\Documents and Settings\007\Cookies\[email protected][4].txt
Spyware:Cookie/Hbmediapro Not disinfected C:\Documents and Settings\user\Desktop\Old HDDs\Old D\Documents and Settings\007\Cookies\[email protected][1].txt
Spyware:Cookie/Hbmediapro Not disinfected C:\Documents and Settings\user\Desktop\Old HDDs\Old D\Documents and Settings\007\Cookies\[email protected][3].txt
Spyware:Cookie/Hbmediapro Not disinfected C:\Documents and Settings\user\Desktop\Old HDDs\Old D\Documents and Settings\007\Cookies\[email protected][4].txt
Spyware:Cookie/Hbmediapro Not disinfected C:\Documents and Settings\user\Desktop\Old HDDs\Old D\Documents and Settings\007\Cookies\[email protected][5].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\user\Desktop\Old HDDs\Old D\Documents and Settings\007\Cookies\[email protected][1].txt
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\user\Desktop\Old HDDs\Old D\Documents and Settings\007\Cookies\[email protected][1].txt
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\user\Desktop\Old HDDs\Old D\Documents and Settings\007\Cookies\[email protected][2].txt
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\user\Desktop\Old HDDs\Old D\Documents and Settings\007\Cookies\[email protected][3].txt
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\user\Desktop\Old HDDs\Old D\Documents and Settings\007\Cookies\[email protected][4].txt
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\user\Desktop\Old HDDs\Old D\Documents and Settings\007\Cookies\[email protected][5].txt
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\user\Desktop\Old HDDs\Old D\Documents and Settings\007\Cookies\[email protected][6].txt
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\user\Desktop\Old HDDs\Old D\Documents and Settings\007\Cookies\[email protected][7].txt
Spyware:Cookie/Banner Not disinfected C:\Documents and Settings\user\Desktop\Old HDDs\Old D\Documents and Settings\007\Cookies\[email protected][1].txt
Spyware:Cookie/Banner Not disinfected C:\Documents and Settings\user\Desktop\Old HDDs\Old D\Documents and Settings\007\Cookies\[email protected][3].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\user\Desktop\Old HDDs\Old D\Documents and Settings\007\Cookies\[email protected][2].txt
Spyware:Cookie/BurstNet Not disinfected C:\Documents and Settings\user\Desktop\Old HDDs\Old D\Documents and Settings\007\Cookies\[email protected][1].txt
Spyware:Cookie/BurstNet Not disinfected C:\Documents and Settings\user\Desktop\Old HDDs\Old D\Documents and Settings\007\Cookies\[email protected][2].txt
Spyware:Cookie/BurstNet Not disinfected C:\Documents and Settings\user\Desktop\Old HDDs\Old D\Documents and Settings\007\Cookies\[email protected][3].txt
Spyware:Cookie/BurstNet Not disinfected C:\Documents and Settings\user\Desktop\Old HDDs\Old D\Documents and Settings\007\Cookies\[email protected][5].txt
Spyware:Cookie/Enhance Not disinfected C:\Documents and Settings\user\Desktop\Old HDDs\Old D\Documents and Settings\007\Cookies\[email protected][1].txt
Spyware:Cookie/GoStats Not disinfected C:\Documents and Settings\user\Desktop\Old HDDs\Old D\Documents and Settings\007\Cookies\[email protected][2].txt
Spyware:Cookie/Cassava Not disinfected C:\Documents and Settings\user\Desktop\Old HDDs\Old D\Documents and Settings\007\Cookies\[email protected][1].txt
Spyware:Cookie/Ccbill Not disinfected C:\Documents and Settings\user\Desktop\Old HDDs\Old D\Documents and Settings\007\Cookies\[email protected][2].txt
Spyware:Cookie/Cd Freaks Not disinfected C:\Documents and Settings\user\Desktop\Old HDDs\Old D\Documents and Settings\007\Cookies\[email protected][1].txt
Spyware:Cookie/Cd Freaks Not disinfected C:\Documents and Settings\user\Desktop\Old HDDs\Old D\Documents and Settings\007\Cookies\[email protected][3].txt
Spyware:Cookie/Cd Freaks Not disinfected C:\Documents and Settings\user\Desktop\Old HDDs\Old D\Documents and Settings\007\Cookies\[email protected][4].txt
Spyware:Cookie/Cd Freaks Not disinfected C:\Documents and Settings\user\Desktop\Old HDDs\Old D\Documents and Settings\007\Cookies\[email protected][5].txt
Spyware:Cookie/Cgi-bin Not disinfected C:\Documents and Settings\user\Desktop\Old HDDs\Old D\Documents and Settings\007\Cookies\[email protected][1].txt
Spyware:Cookie/Cgi-bin Not disinfected C:\Documents and Settings\user\Desktop\Old HDDs\Old D\Documents and Settings\007\Cookies\[email protected][3].txt
Spyware:Cookie/Cd Freaks Not disinfected C:\Documents and Settings\user\Desktop\Old HDDs\Old D\Documents and Settings\007\Cookies\[email protected][1].txt
Spyware:Cookie/Cd Freaks Not disinfected C:\Documents and Settings\user\Desktop\Old HDDs\Old D\Documents and Settings\007\Cookies\[email protected][3].txt
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\user\Desktop\Old HDDs\Old D\Documents and Settings\007\Cookies\[email protected][1].txt
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\user\Desktop\Old HDDs\Old D\Documents and Settings\007\Cookies\[email protected][2].txt
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\user\Desktop\Old HDDs\Old D\Documents and Settings\007\Cookies\[email protected][3].txt
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\user\Desktop\Old HDDs\Old D\Documents and Settings\007\Cookies\[email protected][4].txt
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\user\Desktop\Old HDDs\Old D\Documents and Settings\007\Cookies\[email protected][5].txt
Spyware:Cookie/360i Not disinfected C:\Documents and Settings\user\Desktop\Old HDDs\Old D\Documents and Settings\007\Cookies\[email protected][1].txt
Spyware:Cookie/did-it Not disinfected C:\Documents and Settings\user\Desktop\Old HDDs\Old D\Documents and Settings\007\Cookies\[email protected][1].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\user\Desktop\Old HDDs\Old D\Documents and Settings\007\Cookies\[email protected][1].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\user\Desktop\Old HDDs\Old D\Documents and Settings\007\Cookies\[email protected][2].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\user\Desktop\Old HDDs\Old D\Documents and Settings\007\Cookies\[email protected][4].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\user\Desktop\Old HDDs\Old D\Documents and Settings\007\Cookies\[email protected][5].txt
Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\user\Desktop\Old HDDs\Old D\Documents and Settings\007\Cookies\[email protected][1].txt
Spyware:Cookie/Entrepreneur Not disinfected C:\Documents and Settings\user\Desktop\Old HDDs\Old D\Documents and Settings\007\Cookies\[email protected][1].txt
Spyware:Cookie/GoStats Not disinfected C:\Documents and Settings\user\Desktop\Old HDDs\Old D\Documents and Settings\007\Cookies\[email protected][2].txt
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\user\Desktop\Old HDDs\Old D\Documents and Settings\007\Cookies\[email protected][2].txt
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\user\Desktop\Old HDDs\Old D\Documents and Settings\007\Cookies\[email protected][3].txt
Spyware:Cookie/Screensavers Not disinfected C:\Documents and Settings\user\Desktop\Old HDDs\Old D\Documents and Settings\007\Cookies\[email protected][1].txt
Spyware:Cookie/Screensavers Not disinfected C:\Documents and Settings\user\Desktop\Old HDDs\Old D\Documents and Settings\007\Cookies\[email protected][2].txt
Spyware:Cookie/LinkExchange Not disinfected C:\Documents and Settings\user\Desktop\Old HDDs\Old D\Documents and Settings\007\Cookies\[email protected][1].txt
Spyware:Cookie/LinkExchange Not disinfected C:\Documents and Settings\user\Desktop\Old HDDs\Old D\Documents and Settings\007\Cookies\[email protected][2].txt
Spyware:Cookie/OfferOptimizer Not disinfected C:\Documents and Settings\user\Desktop\Old HDDs\Old D\Documents and Settings\007\Cookies\[email protected][2].txt
Spyware:Cookie/Paypopup Not disinfected C:\Documents and Settings\user\Desktop\Old HDDs\Old D\Documents and Settings\007\Cookies\[email protected][2].txt
Spyware:Cookie/Paypopup Not disinfected C:\Documents and Settings\user\Desktop\Old HDDs\Old D\Documents and Settings\007\Cookies\[email protected][3].txt
Spyware:Cookie/Mircx Not disinfected C:\Documents and Settings\user\Desktop\Old HDDs\Old D\Documents and Settings\007\Cookies\[email protected][1].txt
Spyware:Cookie/Mircx Not disinfected C:\Documents and Settings\user\Desktop\Old HDDs\Old D\Documents and Settings\007\Cookies\[email protected][2].txt
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\user\Desktop\Old HDDs\Old D\Documents and Settings\007\Cookies\[email protected][1].txt
Spyware:Cookie/Rightmedia Not disinfected C:\Documents and Settings\user\Desktop\Old HDDs\Old D\Documents and Settings\007\Cookies\[email protected][2].txt
Spyware:Cookie/Rn11 Not disinfected C:\Documents and Settings\user\Desktop\Old HDDs\Old D\Documents and Settings\007\Cookies\[email protected][1].txt
Spyware:Cookie/Rn11 Not disinfected C:\Documents and Settings\user\Desktop\Old HDDs\Old D\Documents and Settings\007\Cookies\[email protected][2].txt
Spyware:Cookie/Rn11 Not disinfected C:\Documents and Settings\user\Desktop\Old HDDs\Old D\Documents and Settings\007\Cookies\[email protected][3].txt
Spyware:Cookie/Rn11 Not disinfected C:\Documents and Settings\user\Desktop\Old HDDs\Old D\Documents and Settings\007\Cookies\[email protected][4]

Edited by Ringlord, 21 May 2007 - 03:14 PM.

  • 0

#10
Ringlord

Ringlord

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
Spyware:Cookie/Rn11 Not disinfected C:\Documents and Settings\user\Desktop\Old HDDs\Old D\Documents and Settings\007\Cookies\[email protected][5].txt
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\user\Desktop\Old HDDs\Old D\Documents and Settings\007\Cookies\[email protected][1].txt
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\user\Desktop\Old HDDs\Old D\Documents and Settings\007\Cookies\[email protected][4].txt
Spyware:Cookie/Reliablestats Not disinfected C:\Documents and Settings\user\Desktop\Old HDDs\Old D\Documents and Settings\007\Cookies\[email protected][2].txt
Spyware:Cookie/Toplist Not disinfected C:\Documents and Settings\user\Desktop\Old HDDs\Old D\Documents and Settings\007\Cookies\[email protected][1].txt
Spyware:Cookie/Toplist Not disinfected C:\Documents and Settings\user\Desktop\Old HDDs\Old D\Documents and Settings\007\Cookies\[email protected][2].txt
Spyware:Cookie/Tucows Not disinfected C:\Documents and Settings\user\Desktop\Old HDDs\Old D\Documents and Settings\007\Cookies\[email protected][1].txt
Spyware:Cookie/Tucows Not disinfected C:\Documents and Settings\user\Desktop\Old HDDs\Old D\Documents and Settings\007\Cookies\[email protected][2].txt
Spyware:Cookie/Tucows Not disinfected C:\Documents and Settings\user\Desktop\Old HDDs\Old D\Documents and Settings\007\Cookies\[email protected][3].txt
Spyware:Cookie/WinFixer Not disinfected C:\Documents and Settings\user\Desktop\Old HDDs\Old D\Documents and Settings\007\Cookies\[email protected][2].txt
Spyware:Cookie/Advnt Not disinfected C:\Documents and Settings\user\Desktop\Old HDDs\Old D\Documents and Settings\007\Cookies\[email protected][1].txt
Spyware:Cookie/Advnt Not disinfected C:\Documents and Settings\user\Desktop\Old HDDs\Old D\Documents and Settings\007\Cookies\[email protected][2].txt
Spyware:Cookie/Affiliate fuel Not disinfected C:\Documents and Settings\user\Desktop\Old HDDs\Old D\Documents and Settings\007\Cookies\[email protected][1].txt
Spyware:Cookie/BurstBeacon Not disinfected C:\Documents and Settings\user\Desktop\Old HDDs\Old D\Documents and Settings\007\Cookies\[email protected][1].txt
Spyware:Cookie/BurstBeacon Not disinfected C:\Documents and Settings\user\Desktop\Old HDDs\Old D\Documents and Settings\007\Cookies\[email protected][2].txt
Spyware:Cookie/BurstBeacon Not disinfected C:\Documents and Settings\user\Desktop\Old HDDs\Old D\Documents and Settings\007\Cookies\[email protected][3].txt
Spyware:Cookie/BurstBeacon Not disinfected C:\Documents and Settings\user\Desktop\Old HDDs\Old D\Documents and Settings\007\Cookies\[email protected][4].txt
Spyware:Cookie/myaffiliateprogram Not disinfected C:\Documents and Settings\user\Desktop\Old HDDs\Old D\Documents and Settings\007\Cookies\[email protected][2].txt
Spyware:Cookie/myaffiliateprogram Not disinfected C:\Documents and Settings\user\Desktop\Old HDDs\Old D\Documents and Settings\007\Cookies\[email protected][3].txt
Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\user\Desktop\Old HDDs\Old D\Documents and Settings\007\Cookies\[email protected][1].txt
Spyware:Cookie/Yadro Not disinfected C:\Documents and Settings\user\Desktop\Old HDDs\Old D\Documents and Settings\007\Cookies\[email protected][1].txt
Spyware:Cookie/Yadro Not disinfected C:\Documents and Settings\user\Desktop\Old HDDs\Old D\Documents and Settings\007\Cookies\[email protected][2].txt
Spyware:Cookie/Yadro Not disinfected C:\Documents and Settings\user\Desktop\Old HDDs\Old D\Documents and Settings\007\Cookies\[email protected][3].txt
Spyware:Cookie/Yadro Not disinfected C:\Documents and Settings\user\Desktop\Old HDDs\Old D\Documents and Settings\007\Cookies\[email protected][4].txt
Spyware:Cookie/Yadro Not disinfected C:\Documents and Settings\user\Desktop\Old HDDs\Old D\Documents and Settings\007\Cookies\[email protected][5].txt
Spyware:Cookie/Yadro Not disinfected C:\Documents and Settings\user\Desktop\Old HDDs\Old D\Documents and Settings\007\Cookies\[email protected][6].txt
Spyware:Cookie/BurstNet Not disinfected C:\Documents and Settings\user\Desktop\Old HDDs\Old D\Documents and Settings\007\Local Settings\Temp\Cookies\[email protected][2].txt
Spyware:Cookie/Cd Freaks Not disinfected C:\Documents and Settings\user\Desktop\Old HDDs\Old D\Documents and Settings\007\Local Settings\Temp\Cookies\[email protected][1].txt
Spyware:Cookie/Cgi-bin Not disinfected C:\Documents and Settings\user\Desktop\Old HDDs\Old D\Documents and Settings\007\Local Settings\Temp\Cookies\00[email protected][1].txt
Spyware:Cookie/Cd Freaks Not disinfected C:\Documents and Settings\user\Desktop\Old HDDs\Old D\Documents and Settings\007\Local Settings\Temp\Cookies\[email protected][1].txt
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\user\Desktop\Old HDDs\Old D\Documents and Settings\007\Local Settings\Temp\Cookies\[email protected][1].txt
Spyware:Cookie/fe.lea.lycos Not disinfected C:\Documents and Settings\user\Desktop\Old HDDs\Old D\Documents and Settings\007\Local Settings\Temp\Cookies\[email protected][1].txt
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\user\Desktop\Old HDDs\Old D\Documents and Settings\007\Local Settings\Temp\Cookies\[email protected][1].txt
Spyware:Cookie/BurstBeacon Not disinfected C:\Documents and Settings\user\Desktop\Old HDDs\Old D\Documents and Settings\007\Local Settings\Temp\Cookies\[email protected][1].txt
Spyware:Cookie/Yadro Not disinfected C:\Documents and Settings\user\Desktop\Old HDDs\Old D\Documents and Settings\007\Local Settings\Temp\Cookies\[email protected][1].txt
Spyware:Cookie/BurstNet Not disinfected C:\Documents and Settings\user\Desktop\Old HDDs\Old D\Documents and Settings\Irina\Cookies\[email protected][2].txt
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\user\Desktop\Old HDDs\Old D\Documents and Settings\Irina\Cookies\[email protected][2].txt
Spyware:Cookie/did-it Not disinfected C:\Documents and Settings\user\Desktop\Old HDDs\Old D\Documents and Settings\Irina\Cookies\[email protected][1].txt
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\user\Desktop\Old HDDs\Old D\Documents and Settings\Irina\Cookies\[email protected][2].txt
Spyware:Cookie/BurstBeacon Not disinfected C:\Documents and Settings\user\Desktop\Old HDDs\Old D\Documents and Settings\Irina\Cookies\[email protected][2].txt
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\user\Desktop\Old HDDs\Old D\Documents and Settings\Mikhail\Application Data\Mozilla\Firefox\Profiles\ap9vl7g6.default\cookies.txt[.doubleclick.net/]
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\user\Desktop\Old HDDs\Old D\Documents and Settings\Mikhail\Application Data\Mozilla\Firefox\Profiles\ap9vl7g6.default\cookies.txt[.realmedia.com/]
Spyware:Cookie/WebtrendsLive Not disinfected C:\Documents and Settings\user\Desktop\Old HDDs\Old D\Documents and Settings\Mikhail\Application Data\Mozilla\Firefox\Profiles\ap9vl7g6.default\cookies.txt[statse.webtrendslive.com/S150247]
Spyware:Cookie/WebtrendsLive Not disinfected C:\Documents and Settings\user\Desktop\Old HDDs\Old D\Documents and Settings\Mikhail\Application Data\Mozilla\Firefox\Profiles\ap9vl7g6.default\cookies.txt[statse.webtrendslive.com/]
Spyware:Cookie/WebtrendsLive Not disinfected C:\Documents and Settings\user\Desktop\Old HDDs\Old D\Documents and Settings\Mikhail\Application Data\Mozilla\Firefox\Profiles\ap9vl7g6.default\cookies.txt[statse.webtrendslive.com/S150247]
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\user\Desktop\Old HDDs\Old D\Documents and Settings\Mikhail\Application Data\Mozilla\Firefox\Profiles\ap9vl7g6.default\cookies.txt[.atdmt.com/]
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\user\Desktop\Old HDDs\Old D\Documents and Settings\Mikhail\Application Data\Mozilla\Firefox\Profiles\ap9vl7g6.default\cookies.txt[server.iad.liveperson.net/hc/75768208]
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\user\Desktop\Old HDDs\Old D\Documents and Settings\Mikhail\Application Data\Mozilla\Firefox\Profiles\ap9vl7g6.default\cookies.txt[server.iad.liveperson.net/]
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\user\Desktop\Old HDDs\Old D\Documents and Settings\Mikhail\Application Data\Mozilla\Firefox\Profiles\ap9vl7g6.default\cookies.txt[.overture.com/]
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\user\Desktop\Old HDDs\Old D\Documents and Settings\Mikhail\Application Data\Mozilla\Firefox\Profiles\ap9vl7g6.default\cookies.txt[ad.yieldmanager.com/]
Spyware:Cookie/Bluestreak Not disinfected C:\Documents and Settings\user\Desktop\Old HDDs\Old D\Documents and Settings\Mikhail\Application Data\Mozilla\Firefox\Profiles\ap9vl7g6.default\cookies.txt[.bluestreak.com/]
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\user\Desktop\Old HDDs\Old D\Documents and Settings\Mikhail\Application Data\Mozilla\Firefox\Profiles\ap9vl7g6.default\cookies.txt[ad.yieldmanager.com/]
Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\user\Desktop\Old HDDs\Old D\Documents and Settings\Mikhail\Application Data\Mozilla\Firefox\Profiles\ap9vl7g6.default\cookies.txt[.statcounter.com/]
Spyware:Cookie/Falkag Not disinfected C:\Documents and Settings\user\Desktop\Old HDDs\Old D\Documents and Settings\Mikhail\Application Data\Mozilla\Firefox\Profiles\ap9vl7g6.default\cookies.txt[.as-eu.falkag.net/]
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\user\Desktop\Old HDDs\Old D\Documents and Settings\Mikhail\Application Data\Mozilla\Firefox\Profiles\ap9vl7g6.default\cookies.txt[.perf.overture.com/]
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\user\Desktop\Old HDDs\Old D\Documents and Settings\Mikhail\Application Data\Mozilla\Firefox\Profiles\ap9vl7g6.default\cookies.txt[.tribalfusion.com/]
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\user\Desktop\Old HDDs\Old D\Documents and Settings\Mikhail\Application Data\Mozilla\Firefox\Profiles\ap9vl7g6.default\cookies.txt[.2o7.net/]
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\user\Desktop\Old HDDs\Old D\Documents and Settings\Mikhail\Application Data\Mozilla\Firefox\Profiles\ap9vl7g6.default\cookies.txt[.112.2o7.net/]
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\user\Desktop\Old HDDs\Old D\Documents and Settings\Mikhail\Application Data\Mozilla\Firefox\Profiles\ap9vl7g6.default\cookies.txt[.2o7.net/]
Spyware:Cookie/Adtech Not disinfected C:\Documents and Settings\user\Desktop\Old HDDs\Old D\Documents and Settings\Mikhail\Application Data\Mozilla\Firefox\Profiles\ap9vl7g6.default\cookies.txt[.adtech.de/]
Spyware:Cookie/Apmebf Not disinfected C:\Documents and Settings\user\Desktop\Old HDDs\Old D\Documents and Settings\Mikhail\Application Data\Mozilla\Firefox\Profiles\ap9vl7g6.default\cookies.txt[.apmebf.com/]
Spyware:Cookie/bravenetA Not disinfected C:\Documents and Settings\user\Desktop\Old HDDs\Old D\Documents and Settings\Mikhail\Application Data\Mozilla\Firefox\Profiles\ap9vl7g6.default\cookies.txt[.bravenet.com/]
Spyware:Cookie/BurstNet Not disinfected C:\Documents and Settings\user\Desktop\Old HDDs\Old D\Documents and Settings\Mikhail\Application Data\Mozilla\Firefox\Profiles\ap9vl7g6.default\cookies.txt[.burstnet.com/]
Spyware:Cookie/CentrPort Not disinfected C:\Documents and Settings\user\Desktop\Old HDDs\Old D\Documents and Settings\Mikhail\Application Data\Mozilla\Firefox\Profiles\ap9vl7g6.default\cookies.txt[.centrport.net/]
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\user\Desktop\Old HDDs\Old D\Documents and Settings\Mikhail\Application Data\Mozilla\Firefox\Profiles\ap9vl7g6.default\cookies.txt[.com.com/]
Spyware:Cookie/cs.sexcounter Not disinfected C:\Documents and Settings\user\Desktop\Old HDDs\Old D\Documents and Settings\Mikhail\Application Data\Mozilla\Firefox\Profiles\ap9vl7g6.default\cookies.txt[.cs.sexcounter.com/]
Spyware:Cookie/360i Not disinfected C:\Documents and Settings\user\Desktop\Old HDDs\Old D\Documents and Settings\Mikhail\Application Data\Mozilla\Firefox\Profiles\ap9vl7g6.default\cookies.txt[.ct.360i.com/]
Spyware:Cookie/FortuneCity Not disinfected C:\Documents and Settings\user\Desktop\Old HDDs\Old D\Documents and Settings\Mikhail\Application Data\Mozilla\Firefox\Profiles\ap9vl7g6.default\cookies.txt[.fortunecity.com/]
Spyware:Cookie/GoStats Not disinfected C:\Documents and Settings\user\Desktop\Old HDDs\Old D\Documents and Settings\Mikhail\Application Data\Mozilla\Firefox\Profiles\ap9vl7g6.default\cookies.txt[.gostats.com/]
Spyware:Cookie/HotLog Not disinfected C:\Documents and Settings\user\Desktop\Old HDDs\Old D\Documents and Settings\Mikhail\Application Data\Mozilla\Firefox\Profiles\ap9vl7g6.default\cookies.txt[.hotlog.ru/]
Spyware:Cookie/LinkExchange Not disinfected C:\Documents and Settings\user\Desktop\Old HDDs\Old D\Documents and Settings\Mikhail\Application Data\Mozilla\Firefox\Profiles\ap9vl7g6.default\cookies.txt[.linkexchange.ru/]
Spyware:Cookie/Maxserving Not disinfected C:\Documents and Settings\user\Desktop\Old HDDs\Old D\Documents and Settings\Mikhail\Application Data\Mozilla\Firefox\Profiles\ap9vl7g6.default\cookies.txt[.maxserving.com/]
Spyware:Cookie/PayCounter Not disinfected C:\Documents and Settings\user\Desktop\Old HDDs\Old D\Documents and Settings\Mikhail\Application Data\Mozilla\Firefox\Profiles\ap9vl7g6.default\cookies.txt[.paycounter.com/]
Spyware:Cookie/QkSrv Not disinfected C:\Documents and Settings\user\Desktop\Old HDDs\Old D\Documents and Settings\Mikhail\Application Data\Mozilla\Firefox\Profiles\ap9vl7g6.default\cookies.txt[.qksrv.net/]
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\user\Desktop\Old HDDs\Old D\Documents and Settings\Mikhail\Application Data\Mozilla\Firefox\Profiles\ap9vl7g6.default\cookies.txt[.questionmarket.com/]
Spyware:Cookie/WUpd Not disinfected C:\Documents and Settings\user\Desktop\Old HDDs\Old D\Documents and Settings\Mikhail\Application Data\Mozilla\Firefox\Profiles\ap9vl7g6.default\cookies.txt[.revenue.net/]
Spyware:Cookie/onestat.com Not disinfected C:\Documents and Settings\user\Desktop\Old HDDs\Old D\Documents and Settings\Mikhail\Application Data\Mozilla\Firefox\Profiles\ap9vl7g6.default\cookies.txt[.stat.onestat.com/]
Spyware:Cookie/web-stat Not disinfected C:\Documents and Settings\user\Desktop\Old HDDs\Old D\Documents and Settings\Mikhail\Application Data\Mozilla\Firefox\Profiles\ap9vl7g6.default\cookies.txt[.www.web-stat.com/]
Spyware:Cookie/web-stat Not disinfected C:\Documents and Settings\user\Desktop\Old HDDs\Old D\Documents and Settings\Mikhail\Application Data\Mozilla\Firefox\Profiles\ap9vl7g6.default\cookies.txt[.www.web-stat.com/ENGLISH/CGI-BIN/]
Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\user\Desktop\Old HDDs\Old D\Documents and Settings\Mikhail\Application Data\Mozilla\Firefox\Profiles\ap9vl7g6.default\cookies.txt[.xiti.com/]
Spyware:Cookie/Yadro Not disinfected C:\Documents and Settings\user\Desktop\Old HDDs\Old D\Documents and Settings\Mikhail\Application Data\Mozilla\Firefox\Profiles\ap9vl7g6.default\cookies.txt[.yadro.ru/]
Spyware:Cookie/Adserver Not disinfected C:\Documents and Settings\user\Desktop\Old HDDs\Old D\Documents and Settings\Mikhail\Application Data\Mozilla\Firefox\Profiles\ap9vl7g6.default\cookies.txt[.z1.adserver.com/]
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\user\Desktop\Old HDDs\Old D\Documents and Settings\Mikhail\Application Data\Mozilla\Firefox\Profiles\ap9vl7g6.default\cookies.txt[.zedo.com/]
Spyware:Cookie/GoClick Not disinfected C:\Documents and Settings\user\Desktop\Old HDDs\Old D\Documents and Settings\Mikhail\Application Data\Mozilla\Firefox\Profiles\ap9vl7g6.default\cookies.txt[c.goclick.com/]
Spyware:Cookie/GoStats Not disinfected C:\Documents and Settings\user\Desktop\Old HDDs\Old D\Documents and Settings\Mikhail\Application Data\Mozilla\Firefox\Profiles\ap9vl7g6.default\cookies.txt[c3.gostats.com/]
Spyware:Cookie/Comclick Not disinfected C:\Documents and Settings\user\Desktop\Old HDDs\Old D\Documents and Settings\Mikhail\Application Data\Mozilla\Firefox\Profiles\ap9vl7g6.default\cookies.txt[fl01.ct2.comclick.com/]
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\user\Desktop\Old HDDs\Old D\Documents and Settings\Mikhail\Application Data\Mozilla\Firefox\Profiles\ap9vl7g6.default\cookies.txt[server.iad.liveperson.net/hc/72658094]
Spyware:Cookie/onestat.com Not disinfected C:\Documents and Settings\user\Desktop\Old HDDs\Old D\Documents and Settings\Mikhail\Application Data\Mozilla\Firefox\Profiles\ap9vl7g6.default\cookies.txt[stat.onestat.com/]
Spyware:Cookie/Reliablestats Not disinfected C:\Documents and Settings\user\Desktop\Old HDDs\Old D\Documents and Settings\Mikhail\Application Data\Mozilla\Firefox\Profiles\ap9vl7g6.default\cookies.txt[stats1.reliablestats.com/]
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\user\Desktop\Old HDDs\Old D\Documents and Settings\Mikhail\Application Data\Mozilla\Profiles\lennikov\cn6u6fs8.slt\cookies.txt[.advertising.com/]
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\user\Desktop\Old HDDs\Old D\Documents and Settings\Mikhail\Application Data\Mozilla\Profiles\lennikov\cn6u6fs8.slt\cookies.txt[.atwola.com/]
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\user\Desktop\Old HDDs\Old D\Documents and Settings\Mikhail\Application Data\Mozilla\Profiles\lennikov\cn6u6fs8.slt\cookies.txt[.doubleclick.net/]
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\user\Desktop\Old HDDs\Old D\Documents and Settings\Mikhail\Application Data\Mozilla\Profiles\lennikov\cn6u6fs8.slt\cookies.txt[.advertising.com/]
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\user\Desktop\Old HDDs\Old D\Documents and Settings\Mikhail\Application Data\Mozilla\Profiles\lennikov\cn6u6fs8.slt\cookies.txt[.atdmt.com/]
Spyware:Cookie/SpyLog Not disinfected C:\Documents and Settings\user\Desktop\Old HDDs\Old D\Documents and Settings\Mikhail\Application Data\Mozilla\Profiles\lennikov\cn6u6fs8.slt\cookies.txt[.spylog.com/]
Spyware:Cookie/HotLog Not disinfected C:\Documents and Settings\user\Desktop\Old HDDs\Old D\Documents and Settings\Mikhail\Application Data\Mozilla\Profiles\lennikov\cn6u6fs8.slt\cookies.txt[.hotlog.ru/]
Spyware:Cookie/Yadro Not disinfected C:\Documents and Settings\user\Desktop\Old HDDs\Old D\Documents and Settings\Mikhail\Application Data\Mozilla\Profiles\lennikov\cn6u6fs8.slt\cookies.txt[.yadro.ru/]
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\user\Desktop\Old HDDs\Old D\Documents and Settings\Mikhail\Application Data\Mozilla\Profiles\lennikov\cn6u6fs8.slt\cookies.txt[.2o7.net/]
Spyware:Cookie/CentrPort Not disinfected C:\Documents and Settings\user\Desktop\Old HDDs\Old D\Documents and Settings\Mikhail\Application Data\Mozilla\Profiles\lennikov\cn6u6fs8.slt\cookies.txt[.centrport.net/]
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\user\Desktop\Old HDDs\Old D\Documents and Settings\Mikhail\Application Data\Mozilla\Profiles\lennikov\cn6u6fs8.slt\cookies.txt[.tribalfusion.com/]
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\user\Desktop\Old HDDs\Old D\Documents and Settings\Mikhail\Application Data\Mozilla\Profiles\lennikov\cn6u6fs8.slt\cookies.txt[ad.yieldmanager.com/]
Spyware:Cookie/Rightmedia Not disinfected C:\Documents and Settings\user\Desktop\Old HDDs\Old D\Documents and Settings\Mikhail\Application Data\Mozilla\Profiles\lennikov\cn6u6fs8.slt\cookies.txt[rightmedia.net/]
Virus:W97M/Kukudro.A!CME-745 Disinfected C:\Documents and Settings\user\Desktop\Old HDDs\Old D\Documents and Settings\Mikhail\Application Data\Mozilla\Profiles\lennikov\cn6u6fs8.slt\Mail\pop.interchange.ubc.ca\Inbox[sony_prices.zip][my_Notebook.doc]
Spyware:Cookie/64.62.232 Not disinfected C:\Documents and Settings\user\Desktop\Old HDDs\Old D\Documents and Settings\Mikhail\Cookies\[email protected][4].txt
Spyware:Cookie/888 Not disinfected C:\Documents and Settings\user\Desktop\Old HDDs\Old D\Documents and Settings\Mikhail\Cookies\[email protected][1].txt
Spyware:Cookie/888 Not disinfected C:\Documents and Settings\user\Desktop\Old HDDs\Old D\Documents and Settings\Mikhail\Cookies\[email protected][2].txt
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\user\Desktop\Old HDDs\Old D\Documents and Settings\Mikhail\Cookies\[email protected][2].txt
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\user\Desktop\Old HDDs\Old D\Documents and Settings\Mikhail\Cookies\[email protected][2].txt
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\user\Desktop\Old HDDs\Old D\Documents and Settings\Mikhail\Cookies\[email protected][2].txt
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\user\Desktop\Old HDDs\Old D\Documents and Settings\Mikhail\Cookies\[email protected][3].txt
Spyware:Cookie/Hbmediapro Not disinfected C:\Documents and Settings\user\Desktop\Old HDDs\Old D\Documents and Settings\Mikhail\Cookies\[email protected][1].txt
Spyware:Cookie/Hbmediapro Not disinfected C:\Documents and Settings\user\Desktop\Old HDDs\Old D\Documents and Settings\Mikhail\Cookies\[email protected][3].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\user\Desktop\Old HDDs\Old D\Documents and Settings\Mikhail\Cookies\[email protected][1].txt
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\user\Desktop\Old HDDs\Old D\Documents and Settings\Mikhail\Cookies\[email protected][1].txt
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\user\Desktop\Old HDDs\Old D\Documents and Settings\Mikhail\Cookies\[email protected][2].txt
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\user\Desktop\Old HDDs\Old D\Documents and Settings\Mikhail\Cookies\[email protected][4].txt
Spyware:Cookie/Banner Not disinfected C:\Documents and Settings\user\Desktop\Old HDDs\Old D\Documents and Settings\Mikhail\Cookies\[email protected][1].txt
Spyware:Cookie/Banner Not disinfected C:\Documents and Settings\user\Desktop\Old HDDs\Old D\Documents and Settings\Mikhail\Cookies\[email protected][3].txt
Spyware:Cookie/BurstNet Not disinfected C:\Documents and Settings\user\Desktop\Old HDDs\Old D\Documents and Settings\Mikhail\Cookies\[email protected][1].txt
Spyware:Cookie/BurstNet Not disinfected C:\Documents and Settings\user\Desktop\Old HDDs\Old D\Documents and Settings\Mikhail\Cookies\[email protected][2].txt
Spyware:Cookie/BurstNet Not disinfected C:\Documents and Settings\user\Desktop\Old HDDs\Old D\Documents and Settings\Mikhail\Cookies\[email protected][3].txt
Spyware:Cookie/Enhance Not disinfected C:\Documents and Settings\user\Desktop\Old HDDs\Old D\Documents and Settings\Mikhail\Cookies\[email protected][1].txt
Spyware:Cookie/Cassava Not disinfected C:\Documents and Settings\user\Desktop\Old HDDs\Old D\Documents and Settings\Mikhail\Cookies\[email protected][1].txt
Spyware:Cookie/Cgi-bin Not disinfected C:\Documents and Settings\user\Desktop\Old HDDs\Old D\Documents and Settings\Mikhail\Cookies\[email protected][3].txt
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\user\Desktop\Old HDDs\Old D\Documents and Settings\Mikhail\Cookies\[email protected][1].txt
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\user\Desktop\Old HDDs\Old D\Documents and Settings\Mikhail\Cookies\[email protected][2].txt
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\user\Desktop\Old HDDs\Old D\Documents and Settings\Mikhail\Cookies\[email protected][3].txt
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\user\Desktop\Old HDDs\Old D\Documents and Settings\Mikhail\Cookies\[email protected][5].txt
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\user\Desktop\Old HDDs\Old D\Documents and Settings\Mikhail\Cookies\[email protected][6].txt
Spyware:Cookie/360i Not disinfected C:\Documents and Settings\user\Desktop\Old HDDs\Old D\Documents and Settings\Mikhail\Cookies\[email protected][2].txt
Spyware:Cookie/did-it Not disinfected C:\Documents and Settings\user\Desktop\Old HDDs\Old D\Documents and Settings\Mikhail\Cookies\[email protected][2].txt
Spyware:Cookie/did-it Not disinfected C:\Documents and Settings\user\Desktop\Old HDDs\Old D\Documents and Settings\Mikhail\Cookies\[email protected][3].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\user\Desktop\Old HDDs\Old D\Documents and Settings\Mikhail\Cookies\[email protected][2].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\user\Desktop\Old HDDs\Old D\Documents and Settings\Mikhail\Cookies\[email protected][3].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\user\Desktop\Old HDDs\Old D\Documents and Settings\Mikhail\Cookies\[email protected][4].txt
Spyware:Cookie/Entrepreneur Not disinfected C:\Documents and Settings\user\Desktop\Old HDDs\Old D\Documents and Settings\Mikhail\Cookies\[email protected][1].txt
Spyware:Cookie/fe.lea.lycos Not disinfected C:\Documents and Settings\user\Desktop\Old HDDs\Old D\Documents and Settings\Mikhail\Cookies\[email protected][2].txt
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\user\Desktop\Old HDDs\Old D\Documents and Settings\Mikhail\Cookies\[email protected][2].txt
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\user\Desktop\Old HDDs\Old D\Documents and Settings\Mikhail\Cookies\[email protected][1].txt
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\user\Desktop\Old HDDs\Old D\Documents and Settings\Mikhail\Cookies\[email protected][2].txt
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\user\Desktop\Old HDDs\Old D\Documents and Settings\Mikhail\Cookies\[email protected][3].txt
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\user\Desktop\Old HDDs\Old D\Documents and Settings\Mikhail\Cookies\[email protected][4].txt
Spyware:Cookie/Kmpads Not disinfected C:\Documents and Settings\user\Desktop\Old HDDs\Old D\Documents and Settings\Mikhail\Cookies\[email protected][1].txt
Spyware:Cookie/LinkExchange Not disinfected C:\Documents and Settings\user\Desktop\Old HDDs\Old D\Documents and Settings\Mikhail\Cookies\[email protected][1].txt
Spyware:Cookie/LinkExchange Not disinfected C:\Documents and Settings\user\Desktop\Old HDDs\Old D\Documents and Settings\Mikhail\Cookies\[email protected][2].txt
Spyware:Cookie/Lop Not disinfected C:\Documents and Settings\user\Desktop\Old HDDs\Old D\Documents and Settings\Mikhail\Cookies\[email protected][2].txt
Spyware:Cookie/Paypopup Not disinfected C:\Documents and Settings\user\Desktop\Old HDDs\Old D\Documents and Settings\Mikhail\Cookies\[email protected][1].txt
Spyware:Cookie/Paypopup Not disinfected C:\Documents and Settings\user\Desktop\Old HDDs\Old D\Documents and Settings\Mikhail\Cookies\[email protected][2].txt
Spyware:Cookie/Mircx Not disinfected C:\Documents and Settings\user\Desktop\Old HDDs\Old D\Documents and Settings\Mikhail\Cookies\[email protected][1].txt
Spyware:Cookie/Rightmedia Not disinfected C:\Documents and Settings\user\Desktop\Old HDDs\Old D\Documents and Settings\Mikhail\Cookies\[email protected][2].txt
Spyware:Cookie/Rn11 Not disinfected C:\Documents and Settings\user\Desktop\Old HDDs\Old D\Documents and Settings\Mikhail\Cookies\[email protected][1].txt
Spyware:Cookie/Rn11 Not disinfected C:\Documents and Settings\user\Desktop\Old HDDs\Old D\Documents and Settings\Mikhail\Cookies\[email protected][3].txt
Spyware:Cookie/Rn11 Not disinfected C:\Documents and Settings\user\Desktop\Old HDDs\Old D\Documents and Settings\Mikhail\Cookies\[email protected][4].txt
Spyware:Cookie/Reliablestats Not disinfected C:\Documents and Settings\user\Desktop\Old HDDs\Old D\Documents and Settings\Mikhail\Cookies\[email protected][2].txt
  • 0

Advertisements


#11
Ringlord

Ringlord

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\user\Desktop\Old HDDs\Old D\Documents and Settings\Mikhail\Cookies\[email protected][1].txt
Spyware:Cookie/Toplist Not disinfected C:\Documents and Settings\user\Desktop\Old HDDs\Old D\Documents and Settings\Mikhail\Cookies\[email protected][1].txt
Spyware:Cookie/Toplist Not disinfected C:\Documents and Settings\user\Desktop\Old HDDs\Old D\Documents and Settings\Mikhail\Cookies\[email protected][3].txt
Spyware:Cookie/Tucows Not disinfected C:\Documents and Settings\user\Desktop\Old HDDs\Old D\Documents and Settings\Mikhail\Cookies\[email protected][1].txt
Spyware:Cookie/Tucows Not disinfected C:\Documents and Settings\user\Desktop\Old HDDs\Old D\Documents and Settings\Mikhail\Cookies\[email protected][2].txt
Spyware:Cookie/Tucows Not disinfected C:\Documents and Settings\user\Desktop\Old HDDs\Old D\Documents and Settings\Mikhail\Cookies\[email protected][3].txt
Spyware:Cookie/Tucows Not disinfected C:\Documents and Settings\user\Desktop\Old HDDs\Old D\Documents and Settings\Mikhail\Cookies\[email protected][5].txt
Spyware:Cookie/Tickle Not disinfected C:\Documents and Settings\user\Desktop\Old HDDs\Old D\Documents and Settings\Mikhail\Cookies\[email protected][2].txt
Spyware:Cookie/Advnt Not disinfected C:\Documents and Settings\user\Desktop\Old HDDs\Old D\Documents and Settings\Mikhail\Cookies\[email protected][1].txt
Spyware:Cookie/Advnt Not disinfected C:\Documents and Settings\user\Desktop\Old HDDs\Old D\Documents and Settings\Mikhail\Cookies\[email protected][2].txt
Spyware:Cookie/Advnt Not disinfected C:\Documents and Settings\user\Desktop\Old HDDs\Old D\Documents and Settings\Mikhail\Cookies\[email protected][3].txt
Spyware:Cookie/Affiliate fuel Not disinfected C:\Documents and Settings\user\Desktop\Old HDDs\Old D\Documents and Settings\Mikhail\Cookies\[email protected][1].txt
Spyware:Cookie/BurstBeacon Not disinfected C:\Documents and Settings\user\Desktop\Old HDDs\Old D\Documents and Settings\Mikhail\Cookies\[email protected][1].txt
Spyware:Cookie/BurstBeacon Not disinfected C:\Documents and Settings\user\Desktop\Old HDDs\Old D\Documents and Settings\Mikhail\Cookies\[email protected][2].txt
Spyware:Cookie/BurstBeacon Not disinfected C:\Documents and Settings\user\Desktop\Old HDDs\Old D\Documents and Settings\Mikhail\Cookies\[email protected][4].txt
Spyware:Cookie/myaffiliateprogram Not disinfected C:\Documents and Settings\user\Desktop\Old HDDs\Old D\Documents and Settings\Mikhail\Cookies\[email protected][1].txt
Spyware:Cookie/myaffiliateprogram Not disinfected C:\Documents and Settings\user\Desktop\Old HDDs\Old D\Documents and Settings\Mikhail\Cookies\[email protected][2].txt
Spyware:Cookie/myaffiliateprogram Not disinfected C:\Documents and Settings\user\Desktop\Old HDDs\Old D\Documents and Settings\Mikhail\Cookies\[email protected][3].txt
Spyware:Cookie/myaffiliateprogram Not disinfected C:\Documents and Settings\user\Desktop\Old HDDs\Old D\Documents and Settings\Mikhail\Cookies\[email protected][4].txt
Spyware:Cookie/web-stat Not disinfected C:\Documents and Settings\user\Desktop\Old HDDs\Old D\Documents and Settings\Mikhail\Cookies\[email protected][2].txt
Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\user\Desktop\Old HDDs\Old D\Documents and Settings\Mikhail\Cookies\[email protected][1].txt
Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\user\Desktop\Old HDDs\Old D\Documents and Settings\Mikhail\Cookies\[email protected][2].txt
Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\user\Desktop\Old HDDs\Old D\Documents and Settings\Mikhail\Cookies\[email protected][3].txt
Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\user\Desktop\Old HDDs\Old D\Documents and Settings\Mikhail\Cookies\[email protected][4].txt
Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\user\Desktop\Old HDDs\Old D\Documents and Settings\Mikhail\Cookies\[email protected][5].txt
Spyware:Cookie/Yadro Not disinfected C:\Documents and Settings\user\Desktop\Old HDDs\Old D\Documents and Settings\Mikhail\Cookies\[email protected][1].txt
Spyware:Cookie/Yadro Not disinfected C:\Documents and Settings\user\Desktop\Old HDDs\Old D\Documents and Settings\Mikhail\Cookies\[email protected][2].txt
Spyware:Cookie/Yadro Not disinfected C:\Documents and Settings\user\Desktop\Old HDDs\Old D\Documents and Settings\Mikhail\Cookies\[email protected][3].txt
Spyware:Cookie/Yadro Not disinfected C:\Documents and Settings\user\Desktop\Old HDDs\Old D\Documents and Settings\Mikhail\Cookies\[email protected][4].txt
Spyware:Cookie/Yadro Not disinfected C:\Documents and Settings\user\Desktop\Old HDDs\Old D\Documents and Settings\Mikhail\Cookies\[email protected][5].txt
Spyware:Cookie/Yadro Not disinfected C:\Documents and Settings\user\Desktop\Old HDDs\Old D\Documents and Settings\Mikhail\Cookies\[email protected][6].txt
Spyware:Cookie/Yadro Not disinfected C:\Documents and Settings\user\Desktop\Old HDDs\Old D\Documents and Settings\Mikhail\Cookies\[email protected][7].txt
Potentially unwanted tool:Application/PRScheduler Not disinfected C:\Documents and Settings\user\Desktop\Old HDDs\Old D\WINDOWS\pss\PowerReg Scheduler V3.exeStartup
Potentially unwanted tool:Application/PRScheduler Not disinfected C:\Documents and Settings\user\Desktop\Old HDDs\Old D\WINDOWS\pss\PowerReg Scheduler.exeStartup
Adware:Adware/Yazzle Not disinfected C:\QooBox\Quarantine\C\Program Files\Common Files\Yazzle1281OinUninstaller.exe.vir
Spyware:Spyware/Virtumonde Not disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\efcyvsr.dll.vir
Spyware:Spyware/Virtumonde Not disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\kpjegjgk.dll.vir
Spyware:Spyware/Virtumonde Not disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\lnojybhv.dll.vir
Spyware:Spyware/Virtumonde Not disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\nnnnllj.dll.vir
Virus:Trj/Agent.EAZ Disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\rrjvtduc.dll.vir
Spyware:Spyware/Virtumonde Not disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\yaywtss.dll.vir
Potentially unwanted tool:Application/NirCmd.A Not disinfected C:\WINDOWS\nircmd.exe

Whew, that's a long list. And now, the HijackThis log:

Logfile of HijackThis v1.99.1
Scan saved at 2:06:58 PM, on 5/21/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe
C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WMP54Gv4.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre1.5.0_10\bin\jucheck.exe
C:\Documents and Settings\user\Desktop\HJT.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe"
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [RecordPadRun] "C:\Program Files\NCH Swift Sound\RecordPad\recordpad.exe" -logon
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.t...ivex/hcImpl.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {BE833F39-1E0C-468C-BA70-25AAEE55775E} (System Requirements Lab) - http://www.systemreq...m/sysreqlab.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: WMP54Gv4SVC - Unknown owner - C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe" "WMP54Gv4.exe (file missing)
  • 0

#12
loophole

loophole

    Malware Expert

  • Retired Staff
  • 9,798 posts
Hi

and sorry for the delay.

Most of that is just cookies which arent a real threat.

A lot of that is here C:\Documents and Settings\user\Desktop\Old HDDs\Old D\Documents and Settings\Mikhail\Cookies\ Looks like maybe you had a hard drive you transferred the info to this computer? Just delete the cookies folder from the directory above as that isnt active anymore

Please download ATF Cleaner by Atribune.
This program is for XP and Windows 2000 only Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.

Please download the OTMoveIt by OldTimer.
  • Save it to your desktop.
  • Please double-click OTMoveIt.exe to run it.
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):

    c:\windows\downloaded program files\UWA7P_0001_N91M0809NetInstaller.exe

  • Return to OTMoveIt, right click on the "Paste List of Files/Folders to be moved" window and choose Paste.
  • Click the red Moveit! button.
  • Close OTMoveIt
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

Please double-click OTMoveIt.exe to run it.
  • Click the Clean up button
  • Click YES at the next prompt (list downloaded, Do you want to begin cleanup process?)
  • Click NO to the reboot, and just delete the OTmove it program from your desktop

How are things running?
  • 0

#13
Ringlord

Ringlord

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
Hello. Sorry, but I've also been busy this past week myself, so no worries on the delay. My computer has been running pretty smoothly, thanks. I've ran those two programs, and should I now upload a fresh HijackThis log, or are we pretty much done with the cleanup?
  • 0

#14
loophole

loophole

    Malware Expert

  • Retired Staff
  • 9,798 posts
I think we are done :whistling:

Congratulations :blink:

Now that you are clean, please follow these simple steps in order to keep your computer clean and secure:
  • Disable and Enable System Restore. - If you are using Windows ME or XP then you should disable and re-enable system restore to make sure there are no infected files found in a restore point.

    You can find instructions on how to enable and reenable system restore here:

    Windows XP System Restore Guide

  • Updating your AntiVirus Software - It is imperitive that you update your Antivirus software at least once a week (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out.

  • Use a Firewall - I can not stress how important it is that you use a Firewall on your computer. Without a firewall your computer is succeptible to being hacked and taken over.Simply using a Firewall in its default configuration can lower your risk greatly.

    For a tutorial on Firewalls and a listing of some available ones see the link below:

    Understanding and Using Firewalls

  • Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.

  • Install SpywareBlaster - SpywareBlaster will added a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs.

    A tutorial on installing & using this product can be found here:

    Using SpywareBlaster to protect your computer from Spyware and Malware

  • Update all these programs regularly - Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.
Follow this list and your potential for being infected again will reduce dramatically.

here are some additional utilities that will enhance your safety
  • IE/Spyad <= IE/Spyad places over 4000 websites and domains in the IE Restricted list which will severely impair attempts to infect your system. It basically prevents any downloads (Cookies etc) from the sites listed, although you will still be able to connect to the sites.
  • MVPS Hosts file <= The MVPS Hosts file replaces your current HOSTS file with one containing well know ad sites etc. Basically, this prevents your coputer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer
  • Google Toolbar <= Get the free google toolbar to help stop pop up windows.
  • Winpatrol <= Download and install the free version of Winpatrol. a tutorial for this product is located here:

    Using Winpatrol to protect your computer from malicious software

To learn more about how to protect yourself while on the internet read this article by Tony Klien: So how did I get infected in the first place?

Have a safe and happy computing day!
  • 0

#15
Ringlord

Ringlord

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
Yay, thanks a million loophole. You're a lifesaver :whistling:
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP