Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Hjt Log - Need Help With Popups, Please


  • This topic is locked This topic is locked
6 replies to this topic

#1 RealGuy

RealGuy

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:09:04 AM

Posted 09 October 2007 - 06:42 PM

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:40:26 PM, on 09/10/2007
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\Program Files\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\System32\PnkBstrA.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Brother\ControlCenter2\brctrcen.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\ATI Multimedia\RemCtrl\ATIRW.exe
C:\WINDOWS\s?mbols\w?wexec.exe
C:\Program Files\WinAble\winable.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\WINDOWS\System32\rundll32.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Documents and Settings\Dzido\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe"
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe /autorun
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton AntiVirus\osCheck.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [SearchIndexer] rundll32.exe "C:\WINDOWS\System32\mrflpuis.dll",sitypnow
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [ATI Launchpad] "C:\Program Files\ATI Multimedia\main\launchpd.exe"
O4 - HKCU\..\Run: [ATI Remote Control] C:\Program Files\ATI Multimedia\RemCtrl\ATIRW.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Hkkr] C:\WINDOWS\s?mbols\w?wexec.exe
O4 - HKCU\..\Run: [WinAble] C:\Program Files\WinAble\winable.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: ATI TV - {44226DFF-747E-4edc-B30C-78752E50CD0C} - C:\Program Files\ATI Multimedia\tv\EXPLBAR.DLL
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1190676422467
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1190676412107
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\System32\PnkBstrA.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: X10 Device Network Service (x10nets) - Unknown owner - C:\PROGRA~1\ATIMUL~1\RemCtrl\x10nets.exe (file missing)
O24 - Desktop Component 0: (no name) - file:///C:/DOCUME~1/Dzido/LOCALS~1/Temp/msohtml1/01/clip_image002.jpg

--
End of file - 8641 bytes

BC AdBot (Login to Remove)

 


#2 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:08:04 AM

Posted 09 October 2007 - 08:30 PM

Hello RealGuy,

Welcome to Bleeping Computer :thumbsup:

Go to start -> control panel -> Display properties -> Desktop -> Customize Desktop... -> Web tab, then uncheck and delete everything you find in there (except for "My current home page"),

Also remove the checkmark from the the Lock Desktop Items box if it is checked.
Apply.
Apply and Exit Display properties.

1. Download this file - combofix.exe
2. Double click combofix.exe & follow the prompts.
3. When finished, it will produce a log for you. Post that log in your next reply please, along with a new HijackThis log.

Note:
Do not mouseclick combofix's window while it's running. That may cause it to stall.

Thanks,
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#3 RealGuy

RealGuy
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:09:04 AM

Posted 09 October 2007 - 11:05 PM

Wow, thanks, you guys are fast. Here are the two new logs:

ComboFix 07-10-10.1 - Dzido 2007-10-09 23:55:09.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.0.1252.1.1033.18.616 [GMT -4:00]
Running from: C:\Documents and Settings\Dzido\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\check_LSA7.txt
C:\Documents and Settings\Dzido\Application Data\WinTouch
C:\Documents and Settings\Dzido\Application Data\WinTouch\wintouch.cfg
C:\Program Files\Insider
C:\Program Files\Insider\UnInstall.exe
C:\Program Files\Temporary\wininstall.exe
C:\Program Files\WinAble
C:\Program Files\WinAble\winable.exe
C:\Program Files\ystem3~1
C:\WINDOWS\cookies.ini
C:\WINDOWS\mcroso~1.net
C:\WINDOWS\mcroso~1.net\M?crosoft.NET\
C:\WINDOWS\smbols~1
C:\WINDOWS\smbols~1\w?wexec.exe
C:\WINDOWS\system32\awtss.dll
C:\WINDOWS\system32\gidymgpp.dll
C:\WINDOWS\system32\mrflpuis.dll
C:\WINDOWS\system32\plysbygj.dll
C:\WINDOWS\system32\ppgmydig.ini
C:\WINDOWS\system32\qpjcwvev.dll
C:\WINDOWS\system32\siuplfrm.ini
C:\WINDOWS\system32\sstwa.bak1
C:\WINDOWS\system32\sstwa.bak1
C:\WINDOWS\system32\sstwa.bak1
C:\WINDOWS\system32\sstwa.bak2
C:\WINDOWS\system32\sstwa.bak2
C:\WINDOWS\system32\sstwa.bak2
C:\WINDOWS\system32\sstwa.ini
C:\WINDOWS\system32\sstwa.ini
C:\WINDOWS\system32\sstwa.ini
C:\WINDOWS\system32\sstwa.ini2
C:\WINDOWS\system32\sstwa.ini2
C:\WINDOWS\system32\sstwa.ini2
C:\WINDOWS\system32\sstwa.tmp
C:\WINDOWS\system32\sstwa.tmp
C:\WINDOWS\system32\sstwa.tmp
C:\WINDOWS\system32\vevwcjpq.ini
C:\WINDOWS\system32\wnsintsu.exe
C:\WINDOWS\system32\wnsintsu.exe
C:\WINDOWS\system32\xqwrghey.ini
C:\WINDOWS\system32\yehgrwqx.dll
F:\Autorun.inf

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\nm


((((((((((((((((((((((((( Files Created from 2007-09-10 to 2007-10-10 )))))))))))))))))))))))))))))))
.

2007-10-09 23:54 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-10-09 17:25 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2007-10-08 13:36 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-10-08 13:36 <DIR> d-------- C:\Program Files\Ad-Aware 2007
2007-10-08 13:36 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2007-10-04 19:25 <DIR> d-------- C:\Program Files\Norton AntiVirus
2007-10-04 19:24 123,952 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2007-10-04 19:24 60,800 --a------ C:\WINDOWS\system32\S32EVNT1.DLL
2007-10-04 19:19 <DIR> d-------- C:\Program Files\Symantec
2007-10-04 18:45 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\WskrnlData
2007-09-29 20:48 <DIR> d-------- C:\Program Files\Mozilla Thunderbird
2007-09-29 20:42 <DIR> d-------- C:\Documents and Settings\JAN.DZID\Application Data\Thunderbird
2007-09-29 20:19 <DIR> d-------- C:\Documents and Settings\JAN.DZID\Application Data\Talkback
2007-09-29 20:18 <DIR> d-------- C:\Documents and Settings\JAN.DZID\Application Data\Thunderbird1
2007-09-27 23:16 <DIR> d-------- C:\Documents and Settings\JAN.DZID\Application Data\NewSoft
2007-09-24 19:52 <DIR> d-------- C:\Program Files\Temporary
2007-09-24 19:45 <DIR> d-------- C:\Documents and Settings\JAN.DZID\Application Data\Symantec
2007-09-24 19:31 <DIR> d-------- C:\WINDOWS\system32\bits
2007-09-24 19:30 361,984 --a--c--- C:\WINDOWS\system32\dllcache\qmgr.dll
2007-09-24 19:30 331,776 --a------ C:\WINDOWS\system32\winhttp.dll
2007-09-24 19:30 158,720 --------- C:\WINDOWS\system32\xpob2res.dll
2007-09-24 19:30 17,408 --a------ C:\WINDOWS\system32\qmgrprxy.dll
2007-09-24 19:30 17,408 --a--c--- C:\WINDOWS\system32\dllcache\qmgrprxy.dll
2007-09-24 19:30 7,680 -----c--- C:\WINDOWS\system32\dllcache\bitsprx2.dll
2007-09-24 19:30 7,680 --------- C:\WINDOWS\system32\bitsprx2.dll
2007-09-24 19:30 7,168 -----c--- C:\WINDOWS\system32\dllcache\bitsprx3.dll
2007-09-24 19:30 7,168 --------- C:\WINDOWS\system32\bitsprx3.dll
2007-09-24 19:27 549,720 --a------ C:\WINDOWS\system32\wuapi.dll
2007-09-24 19:27 325,976 --a------ C:\WINDOWS\system32\wucltui.dll
2007-09-24 19:27 43,352 --a------ C:\WINDOWS\system32\wups2.dll
2007-09-24 19:27 33,624 --a------ C:\WINDOWS\system32\wups.dll
2007-09-18 14:43 317,616 --a------ C:\WINDOWS\system32\drivers\srtspl.sys
2007-09-18 14:43 278,576 --a------ C:\WINDOWS\system32\drivers\srtsp.sys
2007-09-18 14:43 43,696 --a------ C:\WINDOWS\system32\drivers\srtspx.sys
2007-09-11 19:45 <DIR> d-------- C:\Program Files\iTunes
2007-09-11 19:42 <DIR> d-------- C:\Program Files\Apple Software Update
2007-09-11 19:42 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-10-09 22:32 --------- d-----w C:\Documents and Settings\Dzido\Application Data\uTorrent
2007-10-09 22:29 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2007-10-09 22:21 --------- d-----w C:\Program Files\Incomplete
2007-10-09 22:20 --------- d-----w C:\Program Files\LimeWire
2007-10-04 23:44 --------- d-----w C:\Documents and Settings\Dzido\Application Data\AdobeUM
2007-10-04 23:39 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2007-10-04 23:37 805 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.INF
2007-10-04 23:37 10,740 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2007-10-03 00:19 --------- d-----w C:\Documents and Settings\Dzido\Application Data\MSN6
2007-09-24 23:47 --------- d-----w C:\Documents and Settings\JAN.DZID\Application Data\uTorrent
2007-09-22 03:34 --------- d-----w C:\Documents and Settings\JAN.DZID\Application Data\LimeWire
2007-09-18 18:44 10,662 ----a-w C:\WINDOWS\system32\drivers\srtspx.cat
2007-09-18 18:44 10,662 ----a-w C:\WINDOWS\system32\drivers\srtspl.cat
2007-09-18 18:44 10,658 ----a-w C:\WINDOWS\system32\drivers\srtsp.cat
2007-09-18 18:44 1,430 ----a-w C:\WINDOWS\system32\drivers\srtspl.inf
2007-09-18 18:44 1,421 ----a-w C:\WINDOWS\system32\drivers\srtspx.inf
2007-09-18 18:44 1,415 ----a-w C:\WINDOWS\system32\drivers\srtsp.inf
2007-09-11 23:46 --------- d-----w C:\Program Files\iPod
2007-09-11 23:44 --------- d-----w C:\Program Files\QuickTime
2007-09-11 23:43 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2007-09-08 21:16 --------- d-----w C:\Documents and Settings\All Users\Application Data\MSN6
2007-09-08 00:20 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-09-01 17:19 3,532 ----a-w C:\drmHeader.bin
2007-08-26 20:33 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
2007-08-17 00:06 --------- d-----w C:\Documents and Settings\All Users\Application Data\ATI MMC
2007-08-16 04:12 --------- d-----w C:\Documents and Settings\JAN.DZID\Application Data\Vso
2007-08-16 02:50 81,920 ----a-w C:\Documents and Settings\JAN.DZID\Application Data\ezpinst.exe
2007-08-16 02:50 47,360 ----a-w C:\WINDOWS\system32\drivers\pcouffin.sys
2007-08-16 02:50 47,360 ----a-w C:\Documents and Settings\JAN.DZID\Application Data\pcouffin.sys
2007-08-16 02:50 --------- d-----w C:\Program Files\CloneDVD
2007-08-16 02:49 --------- d-----w C:\Documents and Settings\All Users\Application Data\DVDXStudio
2007-04-02 04:04 47,208 ----a-w C:\Documents and Settings\JAN.DZID\Application Data\GDIPFONTCACHEV1.DAT
2006-03-27 22:40 16,760 -c--a-w C:\Documents and Settings\Dzido\Application Data\GDIPFONTCACHEV1.DAT
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"@"="" []
"zBrowser Launcher"="C:\Program Files\Logitech\iTouch\iTouch.exe" [2003-12-01 11:38]
"Logitech Utility"="Logi_MwX.Exe" [2003-11-07 05:50 C:\WINDOWS\LOGI_MWX.EXE]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe" [2006-12-15 04:23]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 06:50]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2003-12-12 12:31]
"SSBkgdUpdate"="C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-09-30 01:14]
"OpwareSE4"="C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" [2006-03-21 14:19]
"PaperPort PTD"="C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe" [2004-04-14 14:46]
"IndexSearch"="C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe" [2004-04-14 15:04]
"ControlCenter2.0"="C:\Program Files\Brother\ControlCenter2\brctrcen.exe" [2005-01-07 17:30]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-06-29 06:24]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-09-07 16:55]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-10 01:59]
"osCheck"="C:\Program Files\Norton AntiVirus\osCheck.exe" [2007-01-14 03:11]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 18:30]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"@"="" []
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" []
"LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2007-09-07 21:57]
"ATI Launchpad"="C:\Program Files\ATI Multimedia\main\launchpd.exe" [2003-12-03 08:17]
"ATI Remote Control"="C:\Program Files\ATI Multimedia\RemCtrl\ATIRW.exe" [2003-11-20 06:10]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" []
"Hkkr"="C:\WINDOWS\s?mbols\w?wexec.exe" []

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"ALUAlert"=C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe

C:\Documents and Settings\JAN.DZID\Start Menu\Programs\Startup\
Tekst manny.lnk - C:\Program Files\Biblia\manna.exe [2007-01-14 21:00:09]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-24 02:05:26]
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2007-09-07 21:57:13]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [2000-01-20 19:15:54]

R3 ATITUNEP;ATI WDM TV Tuner;C:\WINDOWS\System32\DRIVERS\atineuxx.sys
R3 ativraxx;ATI WDM Rage Theater Audio;C:\WINDOWS\System32\DRIVERS\atinraxx.sys
R3 ATIXSAudio;ATI WDM TV Audio Crossbar;C:\WINDOWS\System32\DRIVERS\atinesxx.sys
R3 LCcfltr;Logitech USB Filter Driver;C:\WINDOWS\System32\Drivers\LCcFltr.Sys
R3 PCDCODEC;ATI WDM Specialized PCD Codec;C:\WINDOWS\System32\DRIVERS\atinpdxx.sys

.
Contents of the 'Scheduled Tasks' folder
"2007-10-09 00:00:01 C:\WINDOWS\Tasks\Norton AntiVirus - Run Full System Scan - Dzido.job"
.
**************************************************************************

catchme 0.3.1169 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-10-10 00:01:16
Windows 5.1.2600 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-10-10 0:02:47 - machine was rebooted
.
--- E O F ---


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:03:50 AM, on 10/10/2007
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\Program Files\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\System32\PnkBstrA.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\cmd.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Brother\ControlCenter2\brctrcen.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\ATI Multimedia\main\launchpd.exe
C:\Program Files\ATI Multimedia\RemCtrl\ATIRW.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\notepad.exe
C:\Documents and Settings\Dzido\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe"
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe /autorun
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton AntiVirus\osCheck.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [ATI Launchpad] "C:\Program Files\ATI Multimedia\main\launchpd.exe"
O4 - HKCU\..\Run: [ATI Remote Control] C:\Program Files\ATI Multimedia\RemCtrl\ATIRW.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Hkkr] C:\WINDOWS\s?mbols\w?wexec.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: ATI TV - {44226DFF-747E-4edc-B30C-78752E50CD0C} - C:\Program Files\ATI Multimedia\tv\EXPLBAR.DLL
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1190676422467
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1190676412107
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\System32\PnkBstrA.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: X10 Device Network Service (x10nets) - Unknown owner - C:\PROGRA~1\ATIMUL~1\RemCtrl\x10nets.exe (file missing)
O24 - Desktop Component 0: (no name) - file:///C:/DOCUME~1/Dzido/LOCALS~1/Temp/msohtml1/01/clip_image002.jpg

--
End of file - 8849 bytes





Thanks for the help!

#4 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:08:04 AM

Posted 11 October 2007 - 10:55 AM

Hello,

Please print these instructions or copy them to Notepad (or another word processor), and save it for easier reference. This is because we will be in Safe Mode during the fix and you won’t be able to access the Internet to view these instructions.

Please download AVG Anti-Spyware Free Edition and save that file to your desktop.

This is a 30-day trial of the program -- This means that after 30 days the "background guard" protection will be de-activated. However, this version can continue to be manually updated and used as an on-demand scanner forever.
  • Once you have downloaded AVG Anti-Spyware, locate the icon on the desktop and double-click it to launch the setup program.
  • Once the setup is complete you will need to run AVG Anti-Spyware and update the definition files.
  • On the top of the main screen select the "Update" icon, then under the "Manual update" section click the "Start update" button.
  • The update will start and a progress bar will show the updates being installed.
  • Once the update has completed (the progress bar will display "Update successful!") select the "Scanner" icon at the top of the screen, then select the "Settings" tab.
  • Once in the "Settings" screen:
    • Click on "Recommended actions" -> select "Quarantine".
    • Under "Reports:" -> select "Do not automatically generate reports".
  • Close AVG Anti-Spyware. Please do NOT run a scan yet!
Next, please reboot your computer into Safe Mode by doing the following:
  • Reboot your computer.
  • After hearing your computer beep once during startup, but just before the Windows icon appears, begin tapping the F8 key on your keyboard. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, reboot the computer and try again.
  • Instead of Windows loading as normal, a menu should appear.
  • Using the arrow keys on the keyboard, scroll to and select the "Safe Mode" menu item, and then press "Enter".
Please run HijackThis! and click "Scan." Place checks next to the following entries, if present:

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKCU\..\Run: [Hkkr] C:\WINDOWS\s?mbols\w?wexec.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O24 - Desktop Component 0: (no name) - file:///C:/DOCUME~1/Dzido/LOCALS~1/Temp/msohtml1/01/clip_image002.jpg


Close all browsers and other windows except for HijackThis!, and click "Fix checked".

Then please run a scan with AVG Anti-Spyware:

IMPORTANT: Do NOT open any other windows or programs while AVG Anti-Spyware is scanning, it may interfere with the scanning process.
  • Launch AVG Anti-Spyware by double-clicking the icon on your desktop.
  • Select the "Scanner" icon at the top and then the "Scan" tab. Click on "Complete System Scan".
  • AVG Anti-Spyware will now begin the scanning process, be patient this may take a little time.
  • Once the scan is complete do the following:
    • If you have any infections you will prompted, then select the "Apply all actions" button, AVG Anti-Spyware will then display "All actions have been applied" on the right hand side.
    • Next select the "Save Report" button at the bottom.
    • Then select the "Save report as" button in the lower left hand corner of the screen and save it as a text file on your system (make sure to remember where you saved that file, this is important!).
  • Close AVG Anti-Spyware and reboot your system normally into Windows. Please post the contents of the AVG Anti-Spyware report in your next reply, along with a new HijackThis log.
How is it running now please? :thumbsup:

Thanks,
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#5 RealGuy

RealGuy
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:09:04 AM

Posted 11 October 2007 - 09:53 PM

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 10:47:26 PM 11/10/2007

+ Scan result:



C:\Program Files\Common Files\Real\WeatherBug\MiniBugTransporter.dll -> Adware.Minibug : Cleaned.
C:\System Volume Information\_restore{FE5A8FBE-8B81-492F-8069-E56DF4588CD2}\RP611\A0120480.exe -> Downloader.Adload.lv : Cleaned.
C:\System Volume Information\_restore{FE5A8FBE-8B81-492F-8069-E56DF4588CD2}\RP613\A0132279.exe -> Downloader.Adload.lv : Cleaned.
C:\System Volume Information\_restore{FE5A8FBE-8B81-492F-8069-E56DF4588CD2}\RP618\A0140248.exe -> Downloader.Adload.lv : Cleaned.
C:\qoobox\Quarantine\C\Program Files\WinAble\winable.exe.vir -> Downloader.Adload.lv : Cleaned.
C:\System Volume Information\_restore{FE5A8FBE-8B81-492F-8069-E56DF4588CD2}\RP614\A0139904.exe -> Downloader.Agent.buo : Cleaned.
C:\System Volume Information\_restore{FE5A8FBE-8B81-492F-8069-E56DF4588CD2}\RP614\A0139909.exe -> Downloader.Agent.cbx : Cleaned.
C:\System Volume Information\_restore{FE5A8FBE-8B81-492F-8069-E56DF4588CD2}\RP611\A0119898.exe -> Downloader.Agent.dpn : Cleaned.
C:\System Volume Information\_restore{FE5A8FBE-8B81-492F-8069-E56DF4588CD2}\RP612\A0131053.exe -> Downloader.Agent.dpn : Cleaned.
C:\System Volume Information\_restore{FE5A8FBE-8B81-492F-8069-E56DF4588CD2}\RP614\A0139907.exe -> Downloader.Agent.dpn : Cleaned.
C:\System Volume Information\_restore{FE5A8FBE-8B81-492F-8069-E56DF4588CD2}\RP614\A0139884.exe -> Downloader.Agent.duy : Cleaned.
C:\System Volume Information\_restore{FE5A8FBE-8B81-492F-8069-E56DF4588CD2}\RP614\A0139906.exe -> Downloader.Small.buy : Cleaned.
C:\System Volume Information\_restore{FE5A8FBE-8B81-492F-8069-E56DF4588CD2}\RP614\A0139798.exe -> Logger.SCKeyLog.h : Cleaned.
C:\System Volume Information\_restore{FE5A8FBE-8B81-492F-8069-E56DF4588CD2}\RP614\A0139802.dll -> Logger.SCKeyLog.h : Cleaned.
:mozilla.14:C:\Documents and Settings\Dzido\Application Data\Mozilla\Firefox\Profiles\tye5hd6w.Default User\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.21:C:\Documents and Settings\JAN.DZID\Application Data\Mozilla\Firefox\Profiles\2z7qtp0j.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.22:C:\Documents and Settings\JAN.DZID\Application Data\Mozilla\Firefox\Profiles\2z7qtp0j.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Dzido\Cookies\dzido@sevenloadgmbh.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\JAN.DZID\Cookies\jan@2o7[2].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\JAN.DZID\Cookies\jan@microsoftwga.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\JAN.DZID\Cookies\jan@msnaccountservices.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\JAN.DZID\Cookies\jan@onet.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\JAN.DZID\Cookies\jan@partygaming.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Dzido\Cookies\dzido@ads.adbrite[1].txt -> TrackingCookie.Adbrite : Cleaned.
C:\Documents and Settings\JAN.DZID\Cookies\jan@adbrite[2].txt -> TrackingCookie.Adbrite : Cleaned.
C:\Documents and Settings\JAN.DZID\Cookies\jan@ads.adbrite[1].txt -> TrackingCookie.Adbrite : Cleaned.
C:\Documents and Settings\JAN.DZID\Cookies\jan@www.adengage[1].txt -> TrackingCookie.Adengage : Cleaned.
:mozilla.261:C:\Documents and Settings\Dzido\Application Data\Mozilla\Firefox\Profiles\4tnud2ox.default\cookies.txt -> TrackingCookie.Adobe : Cleaned.
:mozilla.262:C:\Documents and Settings\Dzido\Application Data\Mozilla\Firefox\Profiles\4tnud2ox.default\cookies.txt -> TrackingCookie.Adobe : Cleaned.
C:\Documents and Settings\JAN.DZID\Cookies\jan@adrevolver[1].txt -> TrackingCookie.Adrevolver : Cleaned.
C:\Documents and Settings\JAN.DZID\Cookies\jan@media.adrevolver[2].txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.46:C:\Documents and Settings\Dzido\Application Data\Mozilla\Firefox\Profiles\tye5hd6w.Default User\cookies.txt -> TrackingCookie.Adtech : Cleaned.
F:\Dana\XProfiles\dana\Cookies\dana@adtech[2].txt -> TrackingCookie.Adtech : Cleaned.
:mozilla.17:C:\Documents and Settings\Dzido\Application Data\Mozilla\Firefox\Profiles\tye5hd6w.Default User\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.18:C:\Documents and Settings\Dzido\Application Data\Mozilla\Firefox\Profiles\tye5hd6w.Default User\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.19:C:\Documents and Settings\Dzido\Application Data\Mozilla\Firefox\Profiles\tye5hd6w.Default User\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.20:C:\Documents and Settings\Dzido\Application Data\Mozilla\Firefox\Profiles\tye5hd6w.Default User\cookies.txt -> TrackingCookie.Advertising : Cleaned.
C:\Documents and Settings\JAN.DZID\Cookies\jan@advertising[1].txt -> TrackingCookie.Advertising : Cleaned.
F:\Dana\XProfiles\dana\Cookies\dana@advertising[1].txt -> TrackingCookie.Advertising : Cleaned.
F:\Dana\XProfiles\dana\Cookies\dana@rd.advertising[1].txt -> TrackingCookie.Advertising : Cleaned.
F:\Dana\XProfiles\dana\Cookies\dana@servedby.advertising[1].txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.25:C:\Documents and Settings\Dzido\Application Data\Mozilla\Firefox\Profiles\tye5hd6w.Default User\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
:mozilla.25:C:\Documents and Settings\JAN.DZID\Application Data\Mozilla\Firefox\Profiles\2z7qtp0j.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
C:\Documents and Settings\Dzido\Cookies\dzido@atdmt[1].txt -> TrackingCookie.Atdmt : Cleaned.
C:\Documents and Settings\Dzido\Cookies\dzido@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned.
F:\Dana\XProfiles\dana\Cookies\dana@atdmt[1].txt -> TrackingCookie.Atdmt : Cleaned.
F:\Dana\XProfiles\dana\Cookies\dana@bfast[2].txt -> TrackingCookie.Bfast : Cleaned.
C:\Documents and Settings\JAN.DZID\Cookies\jan@bluestreak[2].txt -> TrackingCookie.Bluestreak : Cleaned.
F:\Dana\XProfiles\dana\Cookies\dana@bluestreak[1].txt -> TrackingCookie.Bluestreak : Cleaned.
F:\Dana\XProfiles\dana\Cookies\dana@citi.bridgetrack[1].txt -> TrackingCookie.Bridgetrack : Cleaned.
:mozilla.108:C:\Documents and Settings\Dzido\Application Data\Mozilla\Firefox\Profiles\4tnud2ox.default\cookies.txt -> TrackingCookie.Burstbeacon : Cleaned.
:mozilla.82:C:\Documents and Settings\Dzido\Application Data\Mozilla\Firefox\Profiles\4tnud2ox.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.83:C:\Documents and Settings\Dzido\Application Data\Mozilla\Firefox\Profiles\4tnud2ox.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
C:\Documents and Settings\JAN.DZID\Cookies\jan@burstnet[1].txt -> TrackingCookie.Burstnet : Cleaned.
C:\Documents and Settings\JAN.DZID\Cookies\jan@www.burstnet[1].txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.7:C:\Documents and Settings\Dzido\Application Data\Mozilla\Firefox\Profiles\4tnud2ox.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.8:C:\Documents and Settings\Dzido\Application Data\Mozilla\Firefox\Profiles\4tnud2ox.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.9:C:\Documents and Settings\Dzido\Application Data\Mozilla\Firefox\Profiles\4tnud2ox.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
C:\Documents and Settings\JAN.DZID\Cookies\jan@casalemedia[2].txt -> TrackingCookie.Casalemedia : Cleaned.
F:\Dana\XProfiles\dana\Cookies\dana@centrport[1].txt -> TrackingCookie.Centrport : Cleaned.
C:\Documents and Settings\JAN.DZID\Cookies\jan@ad1.clickhype[1].txt -> TrackingCookie.Clickhype : Cleaned.
:mozilla.41:C:\Documents and Settings\Dzido\Application Data\Mozilla\Firefox\Profiles\4tnud2ox.default\cookies.txt -> TrackingCookie.Com : Cleaned.
:mozilla.44:C:\Documents and Settings\Dzido\Application Data\Mozilla\Firefox\Profiles\4tnud2ox.default\cookies.txt -> TrackingCookie.Com : Cleaned.
C:\Documents and Settings\JAN.DZID\Cookies\jan@com[2].txt -> TrackingCookie.Com : Cleaned.
F:\Dana\XProfiles\dana\Cookies\dana@www.commission-junction[2].txt -> TrackingCookie.Commission-junction : Cleaned.
C:\Documents and Settings\JAN.DZID\Cookies\jan@connextra[2].txt -> TrackingCookie.Connextra : Cleaned.
F:\Dana\XProfiles\dana\Cookies\dana@bilbo.counted[2].txt -> TrackingCookie.Counted : Cleaned.
C:\Documents and Settings\JAN.DZID\Cookies\jan@cpvfeed[1].txt -> TrackingCookie.Cpvfeed : Cleaned.
:mozilla.16:C:\Documents and Settings\Dzido\Application Data\Mozilla\Firefox\Profiles\tye5hd6w.Default User\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.23:C:\Documents and Settings\JAN.DZID\Application Data\Mozilla\Firefox\Profiles\2z7qtp0j.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.
C:\Documents and Settings\JAN.DZID\Cookies\jan@doubleclick[2].txt -> TrackingCookie.Doubleclick : Cleaned.
F:\Dana\XProfiles\dana\Cookies\dana@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned.
C:\Documents and Settings\JAN.DZID\Cookies\jan@enhance[1].txt -> TrackingCookie.Enhance : Cleaned.
C:\Documents and Settings\Dzido\Cookies\dzido@fastclick[2].txt -> TrackingCookie.Fastclick : Cleaned.
F:\Dana\XProfiles\dana\Cookies\dana@fastclick[2].txt -> TrackingCookie.Fastclick : Cleaned.
F:\Dana\XProfiles\dana\Cookies\dana@flycast[1].txt -> TrackingCookie.Flycast : Cleaned.
F:\Dana\XProfiles\dana\Cookies\dana@focalink[1].txt -> TrackingCookie.Focalink : Cleaned.
F:\Dana\XProfiles\dana\Cookies\dana@fortunecity[2].txt -> TrackingCookie.Fortunecity : Cleaned.
C:\Documents and Settings\JAN.DZID\Cookies\jan@ehg-ctv.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\JAN.DZID\Cookies\jan@ehg-ifilm.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\JAN.DZID\Cookies\jan@ehg-pcsecurityshield.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\JAN.DZID\Cookies\jan@ehg-theviptour.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\JAN.DZID\Cookies\jan@ehg-youtube.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\JAN.DZID\Cookies\jan@hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned.
F:\Dana\XProfiles\dana\Cookies\dana@hg1.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned.
F:\Dana\XProfiles\dana\Cookies\dana@hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.244:C:\Documents and Settings\Dzido\Application Data\Mozilla\Firefox\Profiles\4tnud2ox.default\cookies.txt -> TrackingCookie.Imrworldwide : Cleaned.
:mozilla.245:C:\Documents and Settings\Dzido\Application Data\Mozilla\Firefox\Profiles\4tnud2ox.default\cookies.txt -> TrackingCookie.Imrworldwide : Cleaned.
F:\Dana\XProfiles\dana\Cookies\dana@ads.link4ads[2].txt -> TrackingCookie.Link4ads : Cleaned.
C:\Documents and Settings\JAN.DZID\Cookies\jan@search.live[2].txt -> TrackingCookie.Live : Cleaned.
F:\Dana\XProfiles\dana\Cookies\dana@mainentrypoint[1].txt -> TrackingCookie.Mainentrypoint : Cleaned.
F:\Dana\XProfiles\dana\Cookies\dana@vad.mainentrypoint[1].txt -> TrackingCookie.Mainentrypoint : Cleaned.
:mozilla.49:C:\Documents and Settings\Dzido\Application Data\Mozilla\Firefox\Profiles\tye5hd6w.Default User\cookies.txt -> TrackingCookie.Mediaplex : Cleaned.
C:\Documents and Settings\JAN.DZID\Cookies\jan@mediaplex[1].txt -> TrackingCookie.Mediaplex : Cleaned.
F:\Dana\XProfiles\dana\Cookies\dana@mediaplex[2].txt -> TrackingCookie.Mediaplex : Cleaned.
C:\Documents and Settings\Dzido\Cookies\dzido@auto.search.msn[1].txt -> TrackingCookie.Msn : Cleaned.
C:\Documents and Settings\JAN.DZID\Cookies\jan@auto.search.msn[2].txt -> TrackingCookie.Msn : Cleaned.
C:\Documents and Settings\Dzido\Cookies\dzido@overture[1].txt -> TrackingCookie.Overture : Cleaned.
C:\Documents and Settings\JAN.DZID\Cookies\jan@overture[1].txt -> TrackingCookie.Overture : Cleaned.
C:\Documents and Settings\JAN.DZID\Cookies\jan@perf.overture[1].txt -> TrackingCookie.Overture : Cleaned.
F:\Dana\XProfiles\dana\Cookies\dana@overture[1].txt -> TrackingCookie.Overture : Cleaned.
:mozilla.219:C:\Documents and Settings\Dzido\Application Data\Mozilla\Firefox\Profiles\4tnud2ox.default\cookies.txt -> TrackingCookie.Paypal : Cleaned.
F:\Dana\XProfiles\dana\Cookies\dana@hekate.porntrack[1].txt -> TrackingCookie.Porntrack : Cleaned.
F:\Dana\XProfiles\dana\Cookies\dana@gm.preferences[1].txt -> TrackingCookie.Preferences : Cleaned.
F:\Dana\XProfiles\dana\Cookies\dana@preferences[2].txt -> TrackingCookie.Preferences : Cleaned.
F:\Dana\XProfiles\dana\Cookies\dana@pbid.pro-market[2].txt -> TrackingCookie.Pro-market : Cleaned.
F:\Dana\XProfiles\dana\Cookies\dana@pro-market[2].txt -> TrackingCookie.Pro-market : Cleaned.
F:\Dana\XProfiles\dana\Cookies\dana@www.qksrv[1].txt -> TrackingCookie.Qksrv : Cleaned.
F:\Dana\XProfiles\dana\Cookies\dana@questionmarket[1].txt -> TrackingCookie.Questionmarket : Cleaned.
F:\Dana\XProfiles\dana\Cookies\dana@icover.realmedia[1].txt -> TrackingCookie.Realmedia : Cleaned.
C:\Documents and Settings\Dzido\Cookies\dzido@stats1.reliablestats[1].txt -> TrackingCookie.Reliablestats : Cleaned.
C:\Documents and Settings\JAN.DZID\Cookies\jan@stats1.reliablestats[1].txt -> TrackingCookie.Reliablestats : Cleaned.
C:\RECYCLER\NPROTECT\00210507.TXT -> TrackingCookie.Reliablestats : Cleaned.
C:\RECYCLER\NPROTECT\00210508.TXT -> TrackingCookie.Reliablestats : Cleaned.
C:\RECYCLER\NPROTECT\00210509.TXT -> TrackingCookie.Reliablestats : Cleaned.
C:\RECYCLER\NPROTECT\00210510.TXT -> TrackingCookie.Reliablestats : Cleaned.
C:\RECYCLER\NPROTECT\00210523.TXT -> TrackingCookie.Reliablestats : Cleaned.
C:\RECYCLER\NPROTECT\00210524.TXT -> TrackingCookie.Reliablestats : Cleaned.
C:\RECYCLER\NPROTECT\00210525.TXT -> TrackingCookie.Reliablestats : Cleaned.
C:\Documents and Settings\Dzido\Cookies\dzido@revsci[1].txt -> TrackingCookie.Revsci : Cleaned.
C:\Documents and Settings\JAN.DZID\Cookies\jan@revsci[1].txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.26:C:\Documents and Settings\JAN.DZID\Application Data\Mozilla\Firefox\Profiles\2z7qtp0j.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.27:C:\Documents and Settings\JAN.DZID\Application Data\Mozilla\Firefox\Profiles\2z7qtp0j.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.28:C:\Documents and Settings\JAN.DZID\Application Data\Mozilla\Firefox\Profiles\2z7qtp0j.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.29:C:\Documents and Settings\JAN.DZID\Application Data\Mozilla\Firefox\Profiles\2z7qtp0j.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.30:C:\Documents and Settings\JAN.DZID\Application Data\Mozilla\Firefox\Profiles\2z7qtp0j.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.31:C:\Documents and Settings\JAN.DZID\Application Data\Mozilla\Firefox\Profiles\2z7qtp0j.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
C:\Documents and Settings\JAN.DZID\Cookies\jan@bs.serving-sys[2].txt -> TrackingCookie.Serving-sys : Cleaned.
C:\Documents and Settings\JAN.DZID\Cookies\jan@serving-sys[1].txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.233:C:\Documents and Settings\Dzido\Application Data\Mozilla\Firefox\Profiles\4tnud2ox.default\cookies.txt -> TrackingCookie.Skype : Cleaned.
C:\Documents and Settings\Dzido\Cookies\dzido@statcounter[2].txt -> TrackingCookie.Statcounter : Cleaned.
C:\Documents and Settings\Dzido\Cookies\dzido@statcounter[3].txt -> TrackingCookie.Statcounter : Cleaned.
C:\Documents and Settings\JAN.DZID\Cookies\jan@statcounter[1].txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.17:C:\Documents and Settings\JAN.DZID\Application Data\Mozilla\Firefox\Profiles\2z7qtp0j.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.18:C:\Documents and Settings\JAN.DZID\Application Data\Mozilla\Firefox\Profiles\2z7qtp0j.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.19:C:\Documents and Settings\JAN.DZID\Application Data\Mozilla\Firefox\Profiles\2z7qtp0j.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.20:C:\Documents and Settings\JAN.DZID\Application Data\Mozilla\Firefox\Profiles\2z7qtp0j.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
C:\Documents and Settings\JAN.DZID\Cookies\jan@anad.tacoda[1].txt -> TrackingCookie.Tacoda : Cleaned.
C:\Documents and Settings\JAN.DZID\Cookies\jan@tacoda[2].txt -> TrackingCookie.Tacoda : Cleaned.
C:\Documents and Settings\JAN.DZID\Cookies\jan@tradedoubler[1].txt -> TrackingCookie.Tradedoubler : Cleaned.
F:\Dana\XProfiles\dana\Cookies\dana@tribalfusion[1].txt -> TrackingCookie.Tribalfusion : Cleaned.
F:\Dana\XProfiles\dana\Cookies\dana@valueclick[1].txt -> TrackingCookie.Valueclick : Cleaned.
C:\Documents and Settings\Dzido\Cookies\dzido@m.webtrends[1].txt -> TrackingCookie.Webtrends : Cleaned.
C:\Documents and Settings\JAN.DZID\Cookies\jan@m.webtrends[2].txt -> TrackingCookie.Webtrends : Cleaned.
F:\Dana\XProfiles\dana\Cookies\dana@x10[2].txt -> TrackingCookie.X10 : Cleaned.
C:\Documents and Settings\JAN.DZID\Cookies\jan@yadro[1].txt -> TrackingCookie.Yadro : Cleaned.
C:\Documents and Settings\Dzido\Cookies\dzido@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Cleaned.
C:\Documents and Settings\JAN.DZID\Cookies\jan@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Cleaned.
C:\Documents and Settings\JAN.DZID\Cookies\jan@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Cleaned.
C:\Documents and Settings\JAN.DZID\Cookies\jan@ad.yieldmanager[3].txt -> TrackingCookie.Yieldmanager : Cleaned.
C:\Documents and Settings\JAN.DZID\Cookies\jan@ad.yieldmanager[4].txt -> TrackingCookie.Yieldmanager : Cleaned.
C:\Documents and Settings\JAN.DZID\Cookies\jan@ad.yieldmanager[5].txt -> TrackingCookie.Yieldmanager : Cleaned.
C:\Documents and Settings\JAN.DZID\Cookies\jan@ad.yieldmanager[7].txt -> TrackingCookie.Yieldmanager : Cleaned.
C:\Documents and Settings\JAN.DZID\Cookies\jan@ad.yieldmanager[9].txt -> TrackingCookie.Yieldmanager : Cleaned.
C:\Documents and Settings\Dzido\Cookies\dzido@zedo[1].txt -> TrackingCookie.Zedo : Cleaned.
C:\Documents and Settings\JAN.DZID\Cookies\jan@zedo[2].txt -> TrackingCookie.Zedo : Cleaned.
C:\System Volume Information\_restore{FE5A8FBE-8B81-492F-8069-E56DF4588CD2}\RP614\A0139902.exe -> Trojan.Agent.bnd : Cleaned.
C:\System Volume Information\_restore{FE5A8FBE-8B81-492F-8069-E56DF4588CD2}\RP614\A0139910.exe -> Trojan.Agent.bnd : Cleaned.
C:\System Volume Information\_restore{FE5A8FBE-8B81-492F-8069-E56DF4588CD2}\RP611\A0120533.EXE -> Trojan.Agent.bqn : Cleaned.
C:\System Volume Information\_restore{FE5A8FBE-8B81-492F-8069-E56DF4588CD2}\RP618\A0140252.exe -> Trojan.Agent.bqn : Cleaned.
C:\qoobox\Quarantine\C\Program Files\Temporary\wininstall.exe.vir -> Trojan.Agent.bqn : Cleaned.
C:\RECYCLER\NPROTECT\00210736.exe -> Trojan.Small : Cleaned.
C:\System Volume Information\_restore{FE5A8FBE-8B81-492F-8069-E56DF4588CD2}\RP613\A0132039.exe -> Trojan.Small : Cleaned.
C:\System Volume Information\_restore{FE5A8FBE-8B81-492F-8069-E56DF4588CD2}\RP618\A0140235.exe -> Trojan.Small : Cleaned.
C:\qoobox\Quarantine\C\WINDOWS\system32\wnsintsu.exe.vir -> Trojan.Small : Cleaned.


::Report end




Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:51:08 PM, on 11/10/2007
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\Program Files\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Brother\ControlCenter2\brctrcen.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\ATI Multimedia\main\launchpd.exe
C:\Program Files\ATI Multimedia\RemCtrl\ATIRW.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\System32\PnkBstrA.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Documents and Settings\Dzido\Desktop\Computer Fixing DO NOT TOUCH!!!\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe"
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe /autorun
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton AntiVirus\osCheck.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [ATI Launchpad] "C:\Program Files\ATI Multimedia\main\launchpd.exe"
O4 - HKCU\..\Run: [ATI Remote Control] C:\Program Files\ATI Multimedia\RemCtrl\ATIRW.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: ATI TV - {44226DFF-747E-4edc-B30C-78752E50CD0C} - C:\Program Files\ATI Multimedia\tv\EXPLBAR.DLL
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1190676422467
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1190676412107
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\System32\PnkBstrA.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: X10 Device Network Service (x10nets) - Unknown owner - C:\PROGRA~1\ATIMUL~1\RemCtrl\x10nets.exe (file missing)

--
End of file - 8819 bytes









No pop ups thus far, seems to be running well. Thanks for all the help teacup!

#6 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:08:04 AM

Posted 11 October 2007 - 10:09 PM

Hello,

That's great to know, and you're most welcome for the help. :thumbsup:

Your Java is out of date, which leaves your computer vulnerable.

Updating Java
  • Download the latest version of Java Runtime Environment (JRE) 6u3.
  • Scroll down to where it says "The J2SE Runtime Environment (JRE) allows end-users to run Java applications".
  • Click the "Download" button to the right.
  • Check the box that says: "Accept License Agreement".
  • The page will refresh.
  • Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java version.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6-windows-i586.exe to install the newest version.
Please delete ComboFix and its accompanying folder C:\Qoobox. Empty your Recycle bin and reboot your computer.

How is it running now?
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#7 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:08:04 AM

Posted 19 October 2007 - 02:12 PM

Since this issue appears resolved ... this Topic is closed.

If you need this topic reopened, please request this by sending the moderating team a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users