Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

hijack my log [CLOSED]


  • This topic is locked This topic is locked

#16
Vero_

Vero_

    Member

  • Topic Starter
  • Member
  • PipPip
  • 48 posts
This is after TF cleaner:

Threats with free disinfection (1)
Low danger level (1)
Bck/VB.XB Virus
Latent
Show + Info
Not disinfectable
1. C:\Documents and Settings\Veronica\Desktop\Co...ix.exe[327882R2FWJFW\NirCmdC.cfexe]
2. C:\Documents and Settings\Veronica\Local Sett...C06d01[327882R2FWJFW\NirCmdC.cfexe]
Only available for registered users.
Register free - I'm registered
Threats disinfected with the paid version (24)
Low danger level (24)
Adware/DnsInsi... Adware
Latent
Hide + Info
1. C:\Documents and Settings\Veronica\Applicatio...Anti-Malware\Quarantine\QUAR1.15148
Cookie/Apmebf Tracking Cookie
Latent
Hide + Info
1. C:\Documents and Settings\Veronica\Applicatio...r.default\cookies.bk0[.apmebf.com/]
Cookie/Traffic... Tracking Cookie
Latent
Hide + Info
1. C:\Documents and Settings\Veronica\Applicatio...efault\cookies.bk0[.trafficmp.com/]
2. C:\Documents and Settings\Veronica\Applicatio...efault\cookies.txt[.trafficmp.com/]
Cookie/Atwola Tracking Cookie
Latent
Hide + Info
1. C:\Documents and Settings\Veronica\Applicatio...r.default\cookies.txt[.atwola.com/]
Cookie/BurstNe... Tracking Cookie
Latent
Hide + Info
1. C:\Documents and Settings\Veronica\Applicatio...default\cookies.bk0[.burstnet.com/]
Cookie/Server.... Tracking Cookie
Latent
Hide + Info
1. C:\Documents and Settings\Veronica\Applicatio...ies.txt[server.iad.liveperson.net/]
2. C:\Documents and Settings\Veronica\Applicatio...ver.iad.liveperson.net/hc/19452074]
Cookie/Serving... Tracking Cookie
Latent
Hide + Info
1. C:\Documents and Settings\Veronica\Applicatio...t\cookies.txt[.bs.serving-sys.com/]
Cookie/RealMed... Tracking Cookie
Latent
Hide + Info
1. C:\Documents and Settings\Veronica\Applicatio...efault\cookies.txt[.realmedia.com/]
2. C:\Documents and Settings\Veronica\Applicatio...efault\cookies.bk0[.realmedia.com/]
Cookie/YieldMa... Tracking Cookie
Latent
Hide + Info
1. C:\Documents and Settings\Veronica\Applicatio...t\cookies.txt[ad.yieldmanager.com/]
2. C:\Documents and Settings\Veronica\Applicatio...t\cookies.bk0[ad.yieldmanager.com/]
Cookie/Serving... Tracking Cookie
Latent
Hide + Info
1. C:\Documents and Settings\Veronica\Applicatio...ault\cookies.txt[.serving-sys.com/]
Cookie/Questio... Tracking Cookie
Latent
Hide + Info
1. C:\Documents and Settings\Veronica\Applicatio...t\cookies.txt[.questionmarket.com/]
Cookie/Yadro Tracking Cookie
Latent
Hide + Info
1. C:\Documents and Settings\Veronica\Applicatio...g2r.default\cookies.txt[.yadro.ru/]
Cookie/Tribalf... Tracking Cookie
Latent
Hide + Info
1. C:\Documents and Settings\Veronica\Applicatio...ult\cookies.txt[.tribalfusion.com/]
Cookie/Adverti... Tracking Cookie
Latent
Hide + Info
1. C:\Documents and Settings\Veronica\Applicatio...ault\cookies.txt[.advertising.com/]
2. C:\Documents and Settings\Veronica\Applicatio...ault\cookies.bk0[.advertising.com/]
Cookie/FastCli... Tracking Cookie
Latent
Hide + Info
1. C:\Documents and Settings\Veronica\Applicatio...efault\cookies.bk0[.fastclick.net/]
Cookie/Adrevol... Tracking Cookie
Latent
Hide + Info
1. C:\Documents and Settings\Veronica\Applicatio...fault\cookies.bk0[.adrevolver.com/]
Cookie/Com.com Tracking Cookie
Latent
Hide + Info
1. C:\Documents and Settings\Veronica\Applicatio...eg2r.default\cookies.txt[.com.com/]
application/er... Tracking Application
Latent
Hide + Info
1. HKEY_CURRENT_USER\Software\Microsoft\Windows\...5ff73b-ca67-11d5-99dd-444553540006}
Cookie/Atlas D... Tracking Cookie
Latent
Hide + Info
1. C:\Documents and Settings\Veronica\Applicatio...2r.default\cookies.txt[.atdmt.com/]
2. C:\Documents and Settings\Veronica\Applicatio...2r.default\cookies.bk0[.atdmt.com/]
Cookie/did-it Tracking Cookie
Latent
Hide + Info
1. C:\Documents and Settings\Veronica\Applicatio...r.default\cookies.txt[.did-it.com/]
Cookie/Overtur... Tracking Cookie
Latent
Hide + Info
1. C:\Documents and Settings\Veronica\Applicatio...lt\cookies.txt[.perf.overture.com/]
Cookie/PointRo... Tracking Cookie
Latent
Hide + Info
1. C:\Documents and Settings\Veronica\Applicatio...lt\cookies.txt[.ads.pointroll.com/]
Cookie/HotLog Tracking Cookie
Latent
Hide + Info
1. C:\Documents and Settings\Veronica\Applicatio...2r.default\cookies.txt[.hotlog.ru/]
Cookie/Doublec... Tracking Cookie
Latent
Hide + Info
1. C:\Documents and Settings\Veronica\Applicatio...ault\cookies.bk0[.doubleclick.net/]
  • 0

Advertisements


#17
greyknight17

greyknight17

    Malware Expert

  • Visiting Consultant
  • 16,560 posts
Most of them are still just cookies. You can delete them manually if you are concerned.

The rest are either not harmful or are in a quarantined state which you can remove from the program itself (like the Malwarebytes Anti-Malware program).
  • 0

#18
Vero_

Vero_

    Member

  • Topic Starter
  • Member
  • PipPip
  • 48 posts
Threats with free disinfection (1)
Low danger level (1)
Bck/VB.XB Virus
Latent
Show + Info
Not disinfectable
1. C:\Documents and Settings\Veronica\Desktop\Co...ix.exe[327882R2FWJFW\NirCmdC.cfexe]
2. C:\Documents and Settings\Veronica\Local Sett...C06d01[327882R2FWJFW\NirCmdC.cfexe]
Only available for registered users.
Register free - I'm registered
Threats disinfected with the paid version (24)
Low danger level (24)
Adware/DnsInsi... Adware
Latent
Hide + Info
1. C:\Documents and Settings\Veronica\Applicatio...Anti-Malware\Quarantine\QUAR1.15148
Cookie/Apmebf Tracking Cookie
Latent
Hide + Info
1. C:\Documents and Settings\Veronica\Applicatio...r.default\cookies.bk0[.apmebf.com/]
Cookie/Traffic... Tracking Cookie
Latent
Hide + Info
1. C:\Documents and Settings\Veronica\Applicatio...efault\cookies.bk0[.trafficmp.com/]
2. C:\Documents and Settings\Veronica\Applicatio...efault\cookies.txt[.trafficmp.com/]
Cookie/Atwola Tracking Cookie
Latent
Hide + Info
1. C:\Documents and Settings\Veronica\Applicatio...r.default\cookies.txt[.atwola.com/]
Cookie/BurstNe... Tracking Cookie
Latent
Hide + Info
1. C:\Documents and Settings\Veronica\Applicatio...default\cookies.bk0[.burstnet.com/]
Cookie/Server.... Tracking Cookie
Latent
Hide + Info
1. C:\Documents and Settings\Veronica\Applicatio...ies.txt[server.iad.liveperson.net/]
2. C:\Documents and Settings\Veronica\Applicatio...ver.iad.liveperson.net/hc/19452074]
Cookie/Serving... Tracking Cookie
Latent
Hide + Info
1. C:\Documents and Settings\Veronica\Applicatio...t\cookies.txt[.bs.serving-sys.com/]
Cookie/RealMed... Tracking Cookie
Latent
Hide + Info
1. C:\Documents and Settings\Veronica\Applicatio...efault\cookies.txt[.realmedia.com/]
2. C:\Documents and Settings\Veronica\Applicatio...efault\cookies.bk0[.realmedia.com/]
Cookie/YieldMa... Tracking Cookie
Latent
Hide + Info
1. C:\Documents and Settings\Veronica\Applicatio...t\cookies.txt[ad.yieldmanager.com/]
2. C:\Documents and Settings\Veronica\Applicatio...t\cookies.bk0[ad.yieldmanager.com/]
Cookie/Serving... Tracking Cookie
Latent
Hide + Info
1. C:\Documents and Settings\Veronica\Applicatio...ault\cookies.txt[.serving-sys.com/]
Cookie/Questio... Tracking Cookie
Latent
Hide + Info
1. C:\Documents and Settings\Veronica\Applicatio...t\cookies.txt[.questionmarket.com/]
Cookie/Yadro Tracking Cookie
Latent
Hide + Info
1. C:\Documents and Settings\Veronica\Applicatio...g2r.default\cookies.txt[.yadro.ru/]
Cookie/Tribalf... Tracking Cookie
Latent
Hide + Info
1. C:\Documents and Settings\Veronica\Applicatio...ult\cookies.txt[.tribalfusion.com/]
Cookie/Adverti... Tracking Cookie
Latent
Hide + Info
1. C:\Documents and Settings\Veronica\Applicatio...ault\cookies.txt[.advertising.com/]
2. C:\Documents and Settings\Veronica\Applicatio...ault\cookies.bk0[.advertising.com/]
Cookie/FastCli... Tracking Cookie
Latent
Hide + Info
1. C:\Documents and Settings\Veronica\Applicatio...efault\cookies.bk0[.fastclick.net/]
Cookie/Adrevol... Tracking Cookie
Latent
Hide + Info
1. C:\Documents and Settings\Veronica\Applicatio...fault\cookies.bk0[.adrevolver.com/]
Cookie/Com.com Tracking Cookie
Latent
Hide + Info
1. C:\Documents and Settings\Veronica\Applicatio...eg2r.default\cookies.txt[.com.com/]
application/er... Tracking Application
Latent
Hide + Info
1. HKEY_CURRENT_USER\Software\Microsoft\Windows\...5ff73b-ca67-11d5-99dd-444553540006}
Cookie/Atlas D... Tracking Cookie
Latent
Hide + Info
1. C:\Documents and Settings\Veronica\Applicatio...2r.default\cookies.txt[.atdmt.com/]
2. C:\Documents and Settings\Veronica\Applicatio...2r.default\cookies.bk0[.atdmt.com/]
Cookie/did-it Tracking Cookie
Latent
Hide + Info
1. C:\Documents and Settings\Veronica\Applicatio...r.default\cookies.txt[.did-it.com/]
Cookie/Overtur... Tracking Cookie
Latent
Hide + Info
1. C:\Documents and Settings\Veronica\Applicatio...lt\cookies.txt[.perf.overture.com/]
Cookie/PointRo... Tracking Cookie
Latent
Hide + Info
1. C:\Documents and Settings\Veronica\Applicatio...lt\cookies.txt[.ads.pointroll.com/]
Cookie/HotLog Tracking Cookie
Latent
Hide + Info
1. C:\Documents and Settings\Veronica\Applicatio...2r.default\cookies.txt[.hotlog.ru/]
Cookie/Doublec... Tracking Cookie
Latent
Hide + Info
1. C:\Documents and Settings\Veronica\Applicatio...ault\cookies.bk0[.doubleclick.net/]
  • 0

#19
Vero_

Vero_

    Member

  • Topic Starter
  • Member
  • PipPip
  • 48 posts
Thats after ATF
  • 0

#20
Vero_

Vero_

    Member

  • Topic Starter
  • Member
  • PipPip
  • 48 posts
Oh ok. sorry, i didnt see ur reply before. Spybot didnt find anything. THANK YOU SSOOOO MUCH!!!!
  • 0

#21
greyknight17

greyknight17

    Malware Expert

  • Visiting Consultant
  • 16,560 posts
Pretty much harmless from what I see. I just can't make out this entry (this one looks suspicious):

HKEY_CURRENT_USER\Software\Microsoft\Windows\...5ff73b-ca67-11d5-99dd-444553540006}

I can't see the full path to it. You can probably remove that from the registry if you are comfortable working in the registry.

Please go to Start->Run and type in Combofix /u and hit OK to remove it since you ran it again.

If all is well now, you should be set to go.
  • 0

#22
Vero_

Vero_

    Member

  • Topic Starter
  • Member
  • PipPip
  • 48 posts
where can i find this file?
  • 0

#23
greyknight17

greyknight17

    Malware Expert

  • Visiting Consultant
  • 16,560 posts
Go to Start->Run and type in regedit and hit OK. Go to File->Export and save the registry somewhere as a backup. Then from there, navigate from HKEY_CURRENT_USER to Software...Windows....etc....until you get to that value there (I can't see the full name). Click on it once and then hit the delete button on your keyboard. Close the Registry Editor. Make sure you don't change anything else as it's live.

Any other issues?
  • 0

#24
Vero_

Vero_

    Member

  • Topic Starter
  • Member
  • PipPip
  • 48 posts
I could not find that program but if you say its nothing serious i should not be worry about it. Mail Agent still pops up when i start my computer. And my comp is still a little slow, is this because its old (almost 3 years)
  • 0

#25
greyknight17

greyknight17

    Malware Expert

  • Visiting Consultant
  • 16,560 posts
Can you give me the full path for this entry?

HKEY_CURRENT_USER\Software\Microsoft\Windows\...5ff73b-ca67-11d5-99dd-444553540006}

The 3 dots does not help...we need the actual path that's missing (replaced by the 3 dots).

Post a new HijackThis log here.

A slow machine could be due to many reasons:

- having too many programs running
- too much junk build up in the computer (whether it's files or registry entries)
- fragmented hard drive

If you haven't run disk defragmenter for a while, you might want to run it now to see if it helps. Use a registry cleaner from Easy Cleaner to remove junk entries. You may also use that program to clean out your temp files.
  • 0

Advertisements


#26
Vero_

Vero_

    Member

  • Topic Starter
  • Member
  • PipPip
  • 48 posts
This is full Panda report. Can you see that file here?

;*******************************************************************************
*********************************************************************************
*******************
ANALYSIS: 2008-04-23 11:42:56
PROTECTIONS: 1
MALWARE: 27
SUSPECTS: 0
;*******************************************************************************
*********************************************************************************
*******************
PROTECTIONS
Description Version Active Updated
;===============================================================================
=================================================================================
===================
AVG 7.5.524 7.5.524 Yes Yes
;===============================================================================
=================================================================================
===================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;===============================================================================
=================================================================================
===================
00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No C:\Documents and Settings\Veronica\Application Data\Mozilla\Firefox\Profiles\dmpneg2r.default\cookies.txt[.trafficmp.com/]
00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No C:\Documents and Settings\Veronica\Application Data\Mozilla\Firefox\Profiles\dmpneg2r.default\cookies.txt[.trafficmp.com/]
00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No C:\Documents and Settings\Veronica\Application Data\Mozilla\Firefox\Profiles\dmpneg2r.default\cookies.txt[.trafficmp.com/]
00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No C:\Documents and Settings\Veronica\Application Data\Mozilla\Firefox\Profiles\dmpneg2r.default\cookies.txt[.trafficmp.com/]
00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No C:\Documents and Settings\Veronica\Application Data\Mozilla\Firefox\Profiles\dmpneg2r.default\cookies.txt[.trafficmp.com/]
00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No C:\Documents and Settings\Veronica\Application Data\Mozilla\Firefox\Profiles\dmpneg2r.default\cookies.txt[.trafficmp.com/]
00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No C:\Documents and Settings\Veronica\Application Data\Mozilla\Firefox\Profiles\dmpneg2r.default\cookies.bk0[.trafficmp.com/]
00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No C:\Documents and Settings\Veronica\Application Data\Mozilla\Firefox\Profiles\dmpneg2r.default\cookies.txt[.trafficmp.com/]
00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No C:\Documents and Settings\Veronica\Application Data\Mozilla\Firefox\Profiles\dmpneg2r.default\cookies.bk0[.trafficmp.com/]
00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No C:\Documents and Settings\Veronica\Application Data\Mozilla\Firefox\Profiles\dmpneg2r.default\cookies.bk0[.trafficmp.com/]
00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No C:\Documents and Settings\Veronica\Application Data\Mozilla\Firefox\Profiles\dmpneg2r.default\cookies.bk0[.trafficmp.com/]
00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No C:\Documents and Settings\Veronica\Application Data\Mozilla\Firefox\Profiles\dmpneg2r.default\cookies.bk0[.trafficmp.com/]
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Documents and Settings\Veronica\Application Data\Mozilla\Firefox\Profiles\dmpneg2r.default\cookies.bk0[.doubleclick.net/]
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Documents and Settings\Veronica\Application Data\Mozilla\Firefox\Profiles\dmpneg2r.default\cookies.txt[.atdmt.com/]
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Documents and Settings\Veronica\Application Data\Mozilla\Firefox\Profiles\dmpneg2r.default\cookies.bk0[.atdmt.com/]
00145405 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\Veronica\Application Data\Mozilla\Firefox\Profiles\dmpneg2r.default\cookies.txt[.247realmedia.com/]
00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\Documents and Settings\Veronica\Application Data\Mozilla\Firefox\Profiles\dmpneg2r.default\cookies.bk0[.fastclick.net/]
00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\Documents and Settings\Veronica\Application Data\Mozilla\Firefox\Profiles\dmpneg2r.default\cookies.bk0[.fastclick.net/]
00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\Documents and Settings\Veronica\Application Data\Mozilla\Firefox\Profiles\dmpneg2r.default\cookies.bk0[.fastclick.net/]
00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\Documents and Settings\Veronica\Application Data\Mozilla\Firefox\Profiles\dmpneg2r.default\cookies.bk0[.fastclick.net/]
00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\Documents and Settings\Veronica\Application Data\Mozilla\Firefox\Profiles\dmpneg2r.default\cookies.bk0[.fastclick.net/]
00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\Documents and Settings\Veronica\Application Data\Mozilla\Firefox\Profiles\dmpneg2r.default\cookies.bk0[.fastclick.net/]
00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No C:\Documents and Settings\Veronica\Application Data\Mozilla\Firefox\Profiles\dmpneg2r.default\cookies.txt[.tribalfusion.com/]
00167642 Cookie/Com.com TrackingCookie No 0 Yes No C:\Documents and Settings\Veronica\Application Data\Mozilla\Firefox\Profiles\dmpneg2r.default\cookies.txt[.com.com/]
00167647 Cookie/Yadro TrackingCookie No 0 Yes No C:\Documents and Settings\Veronica\Application Data\Mozilla\Firefox\Profiles\dmpneg2r.default\cookies.txt[.yadro.ru/]
00167724 Cookie/HotLog TrackingCookie No 0 Yes No C:\Documents and Settings\Veronica\Application Data\Mozilla\Firefox\Profiles\dmpneg2r.default\cookies.txt[.hotlog.ru/]
00168048 Cookie/Overture TrackingCookie No 0 Yes No C:\Documents and Settings\Veronica\Application Data\Mozilla\Firefox\Profiles\dmpneg2r.default\cookies.txt[.perf.overture.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Veronica\Application Data\Mozilla\Firefox\Profiles\dmpneg2r.default\cookies.bk0[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Veronica\Application Data\Mozilla\Firefox\Profiles\dmpneg2r.default\cookies.bk0[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Veronica\Application Data\Mozilla\Firefox\Profiles\dmpneg2r.default\cookies.bk0[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Veronica\Application Data\Mozilla\Firefox\Profiles\dmpneg2r.default\cookies.txt[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Veronica\Application Data\Mozilla\Firefox\Profiles\dmpneg2r.default\cookies.txt[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Veronica\Application Data\Mozilla\Firefox\Profiles\dmpneg2r.default\cookies.bk0[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Veronica\Application Data\Mozilla\Firefox\Profiles\dmpneg2r.default\cookies.txt[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Veronica\Application Data\Mozilla\Firefox\Profiles\dmpneg2r.default\cookies.txt[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Veronica\Application Data\Mozilla\Firefox\Profiles\dmpneg2r.default\cookies.txt[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Veronica\Application Data\Mozilla\Firefox\Profiles\dmpneg2r.default\cookies.bk0[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Veronica\Application Data\Mozilla\Firefox\Profiles\dmpneg2r.default\cookies.bk0[ad.yieldmanager.com/]
00168061 Cookie/Apmebf TrackingCookie No 0 Yes No C:\Documents and Settings\Veronica\Application Data\Mozilla\Firefox\Profiles\dmpneg2r.default\cookies.bk0[.apmebf.com/]
00168076 Cookie/BurstNet TrackingCookie No 0 Yes No C:\Documents and Settings\Veronica\Application Data\Mozilla\Firefox\Profiles\dmpneg2r.default\cookies.bk0[.burstnet.com/]
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\Veronica\Application Data\Mozilla\Firefox\Profiles\dmpneg2r.default\cookies.txt[.serving-sys.com/]
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\Veronica\Application Data\Mozilla\Firefox\Profiles\dmpneg2r.default\cookies.txt[.serving-sys.com/]
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\Veronica\Application Data\Mozilla\Firefox\Profiles\dmpneg2r.default\cookies.txt[.serving-sys.com/]
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\Veronica\Application Data\Mozilla\Firefox\Profiles\dmpneg2r.default\cookies.txt[.serving-sys.com/]
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\Veronica\Application Data\Mozilla\Firefox\Profiles\dmpneg2r.default\cookies.txt[.serving-sys.com/]
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\Veronica\Application Data\Mozilla\Firefox\Profiles\dmpneg2r.default\cookies.txt[.serving-sys.com/]
00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\Veronica\Application Data\Mozilla\Firefox\Profiles\dmpneg2r.default\cookies.txt[.bs.serving-sys.com/]
00168110 Cookie/Server.iad.Liveperson TrackingCookie No 0 Yes No C:\Documents and Settings\Veronica\Application Data\Mozilla\Firefox\Profiles\dmpneg2r.default\cookies.txt[server.iad.liveperson.net/hc/19452074]
00168110 Cookie/Server.iad.Liveperson TrackingCookie No 0 Yes No C:\Documents and Settings\Veronica\Application Data\Mozilla\Firefox\Profiles\dmpneg2r.default\cookies.txt[server.iad.liveperson.net/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\Veronica\Application Data\Mozilla\Firefox\Profiles\dmpneg2r.default\cookies.txt[.advertising.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\Veronica\Application Data\Mozilla\Firefox\Profiles\dmpneg2r.default\cookies.txt[.advertising.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\Veronica\Application Data\Mozilla\Firefox\Profiles\dmpneg2r.default\cookies.bk0[.advertising.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\Veronica\Application Data\Mozilla\Firefox\Profiles\dmpneg2r.default\cookies.bk0[.advertising.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\Veronica\Application Data\Mozilla\Firefox\Profiles\dmpneg2r.default\cookies.txt[.advertising.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\Veronica\Application Data\Mozilla\Firefox\Profiles\dmpneg2r.default\cookies.bk0[.advertising.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\Veronica\Application Data\Mozilla\Firefox\Profiles\dmpneg2r.default\cookies.txt[.advertising.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\Veronica\Application Data\Mozilla\Firefox\Profiles\dmpneg2r.default\cookies.bk0[.advertising.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\Veronica\Application Data\Mozilla\Firefox\Profiles\dmpneg2r.default\cookies.bk0[.advertising.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\Veronica\Application Data\Mozilla\Firefox\Profiles\dmpneg2r.default\cookies.txt[.advertising.com/]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\Veronica\Application Data\Mozilla\Firefox\Profiles\dmpneg2r.default\cookies.txt[.ads.pointroll.com/]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\Veronica\Application Data\Mozilla\Firefox\Profiles\dmpneg2r.default\cookies.txt[.ads.pointroll.com/]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\Veronica\Application Data\Mozilla\Firefox\Profiles\dmpneg2r.default\cookies.txt[.ads.pointroll.com/]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\Veronica\Application Data\Mozilla\Firefox\Profiles\dmpneg2r.default\cookies.txt[.ads.pointroll.com/]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\Veronica\Application Data\Mozilla\Firefox\Profiles\dmpneg2r.default\cookies.txt[.ads.pointroll.com/]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\Veronica\Application Data\Mozilla\Firefox\Profiles\dmpneg2r.default\cookies.txt[.ads.pointroll.com/]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\Veronica\Application Data\Mozilla\Firefox\Profiles\dmpneg2r.default\cookies.txt[.ads.pointroll.com/]
00170556 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\Veronica\Application Data\Mozilla\Firefox\Profiles\dmpneg2r.default\cookies.bk0[.realmedia.com/]
00170556 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\Veronica\Application Data\Mozilla\Firefox\Profiles\dmpneg2r.default\cookies.bk0[.realmedia.com/]
00170556 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\Veronica\Application Data\Mozilla\Firefox\Profiles\dmpneg2r.default\cookies.txt[.realmedia.com/]
00170556 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\Veronica\Application Data\Mozilla\Firefox\Profiles\dmpneg2r.default\cookies.txt[.realmedia.com/]
00170556 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\Veronica\Application Data\Mozilla\Firefox\Profiles\dmpneg2r.default\cookies.txt[.realmedia.com/]
00170556 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\Veronica\Application Data\Mozilla\Firefox\Profiles\dmpneg2r.default\cookies.txt[.realmedia.com/]
00170556 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\Veronica\Application Data\Mozilla\Firefox\Profiles\dmpneg2r.default\cookies.bk0[.realmedia.com/]
00170556 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\Veronica\Application Data\Mozilla\Firefox\Profiles\dmpneg2r.default\cookies.bk0[.realmedia.com/]
00170556 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\Veronica\Application Data\Mozilla\Firefox\Profiles\dmpneg2r.default\cookies.txt[.realmedia.com/]
00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No C:\Documents and Settings\Veronica\Application Data\Mozilla\Firefox\Profiles\dmpneg2r.default\cookies.txt[.questionmarket.com/]
00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No C:\Documents and Settings\Veronica\Application Data\Mozilla\Firefox\Profiles\dmpneg2r.default\cookies.txt[.questionmarket.com/]
00184846 Cookie/Adrevolver TrackingCookie No 0 Yes No C:\Documents and Settings\Veronica\Application Data\Mozilla\Firefox\Profiles\dmpneg2r.default\cookies.bk0[.adrevolver.com/]
00187950 Cookie/bravenetA TrackingCookie No 0 Yes No C:\Documents and Settings\Veronica\Application Data\Mozilla\Firefox\Profiles\dmpneg2r.default\cookies.txt[.bravenet.com/]
00187950 Cookie/bravenetA TrackingCookie No 0 Yes No C:\Documents and Settings\Veronica\Application Data\Mozilla\Firefox\Profiles\dmpneg2r.default\cookies.txt[.bravenet.com/]
00194327 Cookie/Go TrackingCookie No 0 Yes No C:\Documents and Settings\Veronica\Application Data\Mozilla\Firefox\Profiles\dmpneg2r.default\cookies.txt[.go.com/]
00194327 Cookie/Go TrackingCookie No 0 Yes No C:\Documents and Settings\Veronica\Application Data\Mozilla\Firefox\Profiles\dmpneg2r.default\cookies.txt[.go.com/]
00194327 Cookie/Go TrackingCookie No 0 Yes No C:\Documents and Settings\Veronica\Application Data\Mozilla\Firefox\Profiles\dmpneg2r.default\cookies.txt[.go.com/]
00194327 Cookie/Go TrackingCookie No 0 Yes No C:\Documents and Settings\Veronica\Application Data\Mozilla\Firefox\Profiles\dmpneg2r.default\cookies.txt[.go.com/]
00194327 Cookie/Go TrackingCookie No 0 Yes No C:\Documents and Settings\Veronica\Application Data\Mozilla\Firefox\Profiles\dmpneg2r.default\cookies.txt[.go.com/]
00194327 Cookie/Go TrackingCookie No 0 Yes No C:\Documents and Settings\Veronica\Application Data\Mozilla\Firefox\Profiles\dmpneg2r.default\cookies.txt[.go.com/]
00207862 Cookie/did-it TrackingCookie No 0 Yes No C:\Documents and Settings\Veronica\Application Data\Mozilla\Firefox\Profiles\dmpneg2r.default\cookies.txt[.did-it.com/]
00207862 Cookie/did-it TrackingCookie No 0 Yes No C:\Documents and Settings\Veronica\Application Data\Mozilla\Firefox\Profiles\dmpneg2r.default\cookies.txt[.did-it.com/]
00207862 Cookie/did-it TrackingCookie No 0 Yes No C:\Documents and Settings\Veronica\Application Data\Mozilla\Firefox\Profiles\dmpneg2r.default\cookies.txt[.did-it.com/]
00217978 application/errorguard HackTools No 0 Yes No HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{205ff73b-ca67-11d5-99dd-444553540006}
00262020 Cookie/Atwola TrackingCookie No 0 Yes No C:\Documents and Settings\Veronica\Application Data\Mozilla\Firefox\Profiles\dmpneg2r.default\cookies.txt[.atwola.com/]
00262020 Cookie/Atwola TrackingCookie No 0 Yes No C:\Documents and Settings\Veronica\Application Data\Mozilla\Firefox\Profiles\dmpneg2r.default\cookies.txt[.atwola.com/]
02688464 Adware/DnsInsider Adware No 0 Yes No C:\Documents and Settings\Veronica\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine\QUAR1.15148
;===============================================================================
=================================================================================
===================
SUSPECTS
Sent Location u|
;===============================================================================
=================================================================================
===================
;===============================================================================
=================================================================================
===================
VULNERABILITIES
Id Severity Description u|
;===============================================================================
=================================================================================
===================
;===============================================================================
=================================================================================
===================
  • 0

#27
greyknight17

greyknight17

    Malware Expert

  • Visiting Consultant
  • 16,560 posts
Yes, much better now :)

Go to Start->Run and type in regedit and hit OK. Go to File->Export and save the registry somewhere as a backup. Close the Registry Editor now. Go to Start->Run and type in notepad and hit OK. Then copy and paste the following into Notepad:

REGEDIT4
[-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{205ff73b-ca67-11d5-99dd-444553540006}]


Save the file as "delete.reg". Make sure to save it with the quotes. Close Notepad. Double click on the delete.reg file and choose Yes to merge/add it to the registry. You may delete the file afterwards.


Download SmitfraudFix at http://siri.urz.free...mitfraudFix.zip and extract the content (a folder named SmitfraudFix) to your desktop.

Open the SmitfraudFix folder. Double-click on smitfraudfix.cmd and select option #1 - Search by typing 1 and press Enter. A text file will appear, which lists infected files (if present). Please copy/paste the content of that report into your next reply.

IMPORTANT: Do NOT run option #2 or any other option until you are directed to do so!

NOTE: process.exe is detected by some antivirus programs as a Risk Tool. It is not a virus. If you get this detected, ignore it.


Post your HijackThis log here...
  • 0

#28
Vero_

Vero_

    Member

  • Topic Starter
  • Member
  • PipPip
  • 48 posts
SmitFraudFix v2.317

Scan done at 13:50:11.31, Wed 04/23/2008
Run from C:\Documents and Settings\Veronica\Local Settings\Temp\SmitfraudFix-2\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» Process

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Documents and Settings\Veronica\Application Data\Mail.Ru\Agent\MAgent.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\ToniArts\EasyCleaner\EasyClea.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\cmd.exe

»»»»»»»»»»»»»»»»»»»»»»»» hosts

hosts file corrupted !

127.0.0.1 legal-at-spybot.info
127.0.0.1 www.legal-at-spybot.info

»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Veronica


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Veronica\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Start Menu


»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\Veronica\FAVORI~1


»»»»»»»»»»»»»»»»»»»»»»»» Desktop


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files


»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys


»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"


»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
!!!Attention, following keys are not inevitably infected!!!

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» VACFix
!!!Attention, following keys are not inevitably infected!!!

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» 404Fix
!!!Attention, following keys are not inevitably infected!!!

404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="C:\\PROGRA~1\\Google\\GOOGLE~1\\GOEC62~1.DLL"


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» Rustock



»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: Intel® PRO/100 VE Network Connection - Packet Scheduler Miniport
DNS Server Search Order: 24.29.103.15
DNS Server Search Order: 24.29.103.16

HKLM\SYSTEM\CCS\Services\Tcpip\..\{CBD781AC-BCAB-436A-8D9D-AED8260D58E0}: DhcpNameServer=24.29.103.15 24.29.103.16
HKLM\SYSTEM\CS1\Services\Tcpip\..\{CBD781AC-BCAB-436A-8D9D-AED8260D58E0}: DhcpNameServer=24.29.103.15 24.29.103.16
HKLM\SYSTEM\CS2\Services\Tcpip\..\{CBD781AC-BCAB-436A-8D9D-AED8260D58E0}: DhcpNameServer=24.29.103.15 24.29.103.16
HKLM\SYSTEM\CS3\Services\Tcpip\..\{CBD781AC-BCAB-436A-8D9D-AED8260D58E0}: DhcpNameServer=24.29.103.15 24.29.103.16
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=24.29.103.15 24.29.103.16
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=24.29.103.15 24.29.103.16
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=24.29.103.15 24.29.103.16
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=24.29.103.15 24.29.103.16


»»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection


»»»»»»»»»»»»»»»»»»»»»»»» End
  • 0

#29
Vero_

Vero_

    Member

  • Topic Starter
  • Member
  • PipPip
  • 48 posts
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:55:26 PM, on 4/23/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Documents and Settings\Veronica\Application Data\Mail.Ru\Agent\MAgent.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\ToniArts\EasyCleaner\EasyClea.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll (file missing)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~4\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll (file missing)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll (file missing)
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O4 - HKLM\..\Run: [DLBXCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLBXtime.dll,[email protected]
O4 - HKLM\..\Run: [VirtualCloneDrive] "C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MAgent] C:\Documents and Settings\Veronica\Application Data\Mail.Ru\Agent\MAgent.exe -CU
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil9c.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil9c.exe (User 'Default user')
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 5.0\resources\en-US\local\search.html
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.liv...m/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/229?aa113015613343e1af7152f356ac9551
O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/230?aa113015613343e1af7152f356ac9551
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll (file missing)
O9 - Extra button: Mail.Ru ????? - {7558B7E5-7B26-4201-BEDB-00D5FF534523} - C:\Program Files\Mail.Ru\Agent\magent.exe
O9 - Extra 'Tools' menuitem: Mail.Ru ????? - {7558B7E5-7B26-4201-BEDB-00D5FF534523} - C:\Program Files\Mail.Ru\Agent\magent.exe
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Mail.Ru ????? - {7558B7E5-7B26-4201-BEDB-00D5FF534523} - C:\Documents and Settings\Veronica\Application Data\Mail.Ru\Agent\magent.exe (HKCU)
O9 - Extra 'Tools' menuitem: Mail.Ru ????? - {7558B7E5-7B26-4201-BEDB-00D5FF534523} - C:\Documents and Settings\Veronica\Application Data\Mail.Ru\Agent\magent.exe (HKCU)
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.syma...bin/AvSniff.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www1.snapfish...fishActivia.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace....ploader1005.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitd...can8/oscan8.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~4\Office12\GR99D3~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\508\G2AWinLogon.dll
O23 - Service: McAfee Application Installer Cleanup (0221091208023381) (0221091208023381mcinstcleanup) - Unknown owner - C:\DOCUME~1\Veronica\LOCALS~1\Temp\022109~1.EXE (file missing)
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: dlbx_device - Dell - C:\WINDOWS\system32\dlbxcoms.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist\508\g2aservice.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 11955 bytes
  • 0

#30
greyknight17

greyknight17

    Malware Expert

  • Visiting Consultant
  • 16,560 posts
Uninstall Viewpoint and maybe even Google Desktop Manager to see if it helps.

Run a scan in HijackThis. Check each of the following if they still exist and hit 'Fix Checked' after you checked the last one:

O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - HKCU\..\Run: [MAgent] C:\Documents and Settings\Veronica\Application Data\Mail.Ru\Agent\MAgent.exe -CU
O4 - HKUS\S-1-5-18\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil9c.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil9c.exe (User 'Default user')


That will disable them from startup.

Restart the computer and see how it is now. Mail.Ru should not be booting up.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP