Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Firefox And Ie Not Working Correctly


  • This topic is locked This topic is locked
9 replies to this topic

#1 cclambie

cclambie

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:04:20 PM

Posted 16 December 2006 - 10:04 PM

Hello all,

Any help would be appreciated. I think I am being taken by a trojan or something, not sure.

I run Windows XP SP2, NEC Versa s900 Centrino 1.5ghz, all windows updates installed.
I run SpyBot S&D, Adaware, Trend Micro Internet Security and SPAM checker.
Use Firefox for most Applications V1.5.0.8
Just got IE 7

I regularily swap from Cat 5 connection to Wireless to USB Network for internet connection.

My issue is Firefox is "hijacked" potentially. When I first open a firefox browser, it takes a long time to open, then a second window opens with WinAntiVirusPro 2006 page. "http://www.winantiviruspro.com/pages/newcontent/?aid=ffnm_sh_wavff_kw2&affid=ffnm_862_5441DD5A7C1011DBB21700167647FA98_1ced4beb+BC89A0F2ED5A4DDAB9FA73509FEA6E1C&lid=f%20prot%3E"

I can also get IE poping up for no reason with a page that doesn't work, is an IP address, sorry don't have it saved for this post.

I have ran all suggested Scans with no real results so far.

Please find my Hijack this Log:
=================================================================
Logfile of HijackThis v1.99.1
Scan saved at 3:39:46 PM, on 16/12/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\necmfk\necmfk.exe
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\ltmoh\Ltmoh.exe
C:\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\ScanSoft\PaperPort\PPScheduler.exe
C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\Autoroute SMTP\AutoSmtp.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\Program Files\NCH Swift Sound\Express Talk\talk.exe
C:\Program Files\Trend Micro\Internet Security 2006\pccguide.exe
C:\Program Files\Winamp\winampa.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Slawdog\Smart Shutdown\Smart Shutdown.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Program Files\Trend Micro\Anti-Spam\TMAS_OL.exe
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Microsoft Office\OFFICE11\MSACCESS.EXE
C:\Program Files\Winamp\winamp.exe
C:\Program Files\EarthTime\EarthTime.exe
C:\Program Files\Mozilla Firefox\firefox.exe
D:\Driver\setup.exe
D:\Driver\setup.exe
C:\Program Files\Vimicro\VM303B\Driver AutoInstall\Action Files\AfterCopy.exe
C:\Documents and Settings\Craig\My Documents\Downloads\Utils\TrendMicro\stng260.exe
D:\VPEYE\Setup.exe
C:\Documents and Settings\Craig\My Documents\Downloads\Utils\TrendMicro\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Solid Converter PDF - {259F616C-A300-44F5-B04A-ED001A26C85C} - C:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\ExploreExtPDF.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: NetXfer - {C16CBAAC-A75C-4DB5-A0DD-CDF5CAFCDD3A} - C:\Program Files\Xi\NetXfer\NXToolBar.dll
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [NECMFK] C:\Program Files\necmfk\necmfk.exe
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [ATIPTA] C:\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] "C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe"
O4 - HKLM\..\Run: [IndexSearch] "C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe"
O4 - HKLM\..\Run: [PPScheduler] "C:\Program Files\ScanSoft\PaperPort\PPScheduler.exe"
O4 - HKLM\..\Run: [Adobe Version Cue CS2] "C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [Autoroute SMTP] C:\Program Files\Autoroute SMTP\AutoSmtp.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [Express TalkRun] "C:\Program Files\NCH Swift Sound\Express Talk\talk.exe" -logon
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2006\pccguide.exe"
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [BigDog303] C:\WINDOWS\VM303_STI.EXE VIMICRO USB PC Camera (ZC0301PLH)
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Slawdog Smart Shutdown] C:\Program Files\Slawdog\Smart Shutdown\Smart Shutdown.exe startup
O8 - Extra context menu item: &Save Flash In This Page by Flash Saver - C:\PROGRA~1\FLASHS~1\save.htm
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Download all by NetXfer - C:\Program Files\Xi\NetXfer\NXAddList.html
O8 - Extra context menu item: Download by NetXfer - C:\Program Files\Xi\NetXfer\NXAddLink.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\Windows Live Toolbar\Components\en-au\msntabres.dll.mui/229?a505acca327d49f5af40d4dc7ca11f62
O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\Windows Live Toolbar\Components\en-au\msntabres.dll.mui/230?a505acca327d49f5af40d4dc7ca11f62
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Flash Saver - {09EA1F80-F40A-11D1-B792-444553540001} - C:\PROGRA~1\FLASHS~1\save.htm
O9 - Extra 'Tools' menuitem: Flash Saver - {09EA1F80-F40A-11D1-B792-444553540001} - C:\PROGRA~1\FLASHS~1\save.htm
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - SolidConverterPDF - (no file) (HKCU)
O11 - Options group: [INTERNATIONAL] International*
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe

===================================================================

And also my FindIT Log

===================================================================

Warning! This utility will find legitimate files in addition to malware.
Do not remove anything unless you are sure you know what you're doing.

Find.bat is running from: C:\Documents and Settings\Craig\My Documents\Downloads\Utils\TrendMicro\Find It NT-2K-XP

------- System Files in System32 Directory -------

Volume in drive C is HDD
Volume Serial Number is 1CED-4BEB

Directory of C:\WINDOWS\System32

16/12/2006 12:29 PM 644,958 uuxbc.ini2
16/12/2006 11:21 AM <DIR> dllcache
15/12/2006 11:40 PM 622,624 uuxbc.bak2
15/12/2006 10:18 AM 37,559 savfccij.ini
12/12/2006 08:31 AM 602,399 uuxbc.bak1
27/11/2006 01:51 PM 623,160 uuxbc.ini
27/11/2006 01:50 PM 623,160 uuxbc.tmp
25/11/2006 10:06 AM 708,660 cbxuu.dll
25/11/2006 10:00 AM 40,973 nnnmkif.dll
27/09/2006 11:10 PM <DIR> Microsoft
8 File(s) 3,903,493 bytes
2 Dir(s) 12,027,838,464 bytes free

------- Hidden Files in System32 Directory -------

Volume in drive C is HDD
Volume Serial Number is 1CED-4BEB

Directory of C:\WINDOWS\System32

16/12/2006 12:29 PM 644,958 uuxbc.ini2
16/12/2006 11:21 AM <DIR> dllcache
15/12/2006 11:40 PM 622,624 uuxbc.bak2
15/12/2006 10:18 AM 37,559 savfccij.ini
12/12/2006 08:31 AM 602,399 uuxbc.bak1
27/11/2006 01:51 PM 623,160 uuxbc.ini
27/11/2006 01:50 PM 623,160 uuxbc.tmp
25/11/2006 10:06 AM 708,660 cbxuu.dll
25/11/2006 10:00 AM 40,973 nnnmkif.dll
27/09/2006 11:04 PM 488 logonui.exe.manifest
27/09/2006 11:04 PM 488 WindowsLogon.manifest
27/09/2006 11:04 PM 749 ncpa.cpl.manifest
27/09/2006 11:04 PM 749 cdplayer.exe.manifest
27/09/2006 11:04 PM 749 nwc.cpl.manifest
27/09/2006 11:04 PM 749 wuaucpl.cpl.manifest
27/09/2006 11:04 PM 749 sapi.cpl.manifest
15 File(s) 3,908,214 bytes
1 Dir(s) 12,029,075,456 bytes free

------------ Files Named "Guard" ---------------

Volume in drive C is HDD
Volume Serial Number is 1CED-4BEB

Directory of C:\WINDOWS\System32


------ Temp Files in System32 Directory ------

Volume in drive C is HDD
Volume Serial Number is 1CED-4BEB

Directory of C:\WINDOWS\System32

27/11/2006 01:50 PM 623,160 uuxbc.tmp
27/11/2006 08:42 AM 0 mcrh.tmp
18/08/2001 01:00 PM 2,577 CONFIG.TMP
3 File(s) 625,737 bytes
0 Dir(s) 12,029,075,456 bytes free

------------------ User Agent ----------------

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]


------------- Keys Under Notify -------------

REGEDIT4

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cbxuu]
"Asynchronous"=dword:00000001
"DllName"="C:\\WINDOWS\\system32\\cbxuu.dll"
"Impersonate"=dword:00000000
"Startup"="SysLogon"
"Logoff"="SysLogoff"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,72,79,70,74,33,32,2e,64,6c,6c,00
"Logoff"="ChainWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,72,79,70,74,6e,65,74,2e,64,6c,6c,00
"Logoff"="CryptnetWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
"DLLName"="cscdll.dll"
"Logon"="WinlogonLogonEvent"
"Logoff"="WinlogonLogoffEvent"
"ScreenSaver"="WinlogonScreenSaverEvent"
"Startup"="WinlogonStartupEvent"
"Shutdown"="WinlogonShutdownEvent"
"StartShell"="WinlogonStartShellEvent"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
"DLLName"="wlnotify.dll"
"Logon"="SCardStartCertProp"
"Logoff"="SCardStopCertProp"
"Lock"="SCardSuspendCertProp"
"Unlock"="SCardResumeCertProp"
"Enabled"=dword:00000001
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,6c,6e,6f,74,69,66,79,2e,64,6c,6c,00
"Impersonate"=dword:00000000
"StartShell"="SchedStartShell"
"Logoff"="SchedEventLogOff"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
"Logoff"="WLEventLogoff"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001
"DllName"=hex(2):73,63,6c,67,6e,74,66,79,2e,64,6c,6c,00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
"DLLName"="WlNotify.dll"
"Lock"="SensLockEvent"
"Logon"="SensLogonEvent"
"Logoff"="SensLogoffEvent"
"Safe"=dword:00000001
"MaxWait"=dword:00000258
"StartScreenSaver"="SensStartScreenSaverEvent"
"StopScreenSaver"="SensStopScreenSaverEvent"
"Startup"="SensStartupEvent"
"Shutdown"="SensShutdownEvent"
"StartShell"="SensStartShellEvent"
"PostShell"="SensPostShellEvent"
"Disconnect"="SensDisconnectEvent"
"Reconnect"="SensReconnectEvent"
"Unlock"="SensUnlockEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,6c,6e,6f,74,69,66,79,2e,64,6c,6c,00
"Impersonate"=dword:00000000
"Logoff"="TSEventLogoff"
"Logon"="TSEventLogon"
"PostShell"="TSEventPostShell"
"Shutdown"="TSEventShutdown"
"StartShell"="TSEventStartShell"
"Startup"="TSEventStartup"
"MaxWait"=dword:00000258
"Reconnect"="TSEventReconnect"
"Disconnect"="TSEventDisconnect"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\winzlo32]
"Asynchronous"=dword:00000001
"DllName"="winzlo32.dll"
"Impersonate"=dword:00000000
"Startup"="EvtStartup"
"Shutdown"="EvtShutdown"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
"DLLName"="wlnotify.dll"
"Logon"="RegisterTicketExpiredNotificationEvent"
"Logoff"="UnregisterTicketExpiredNotificationEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001


------------- Locate.com Results -------------

C:\WINDOWS\SYSTEM32\
cbxuu.dll Sat 25 Nov 2006 10:06:10 ..SH. 708,660 692.05 K
cdplay~1.man Wed 27 Sep 2006 23:04:38 A..HR 749 0.73 K
logonu~1.man Wed 27 Sep 2006 23:04:44 A..HR 488 0.48 K
ncpacp~1.man Wed 27 Sep 2006 23:04:38 A..HR 749 0.73 K
nnnmkif.dll Sat 25 Nov 2006 10:00:38 ..SH. 40,973 40.01 K
nwccpl~1.man Wed 27 Sep 2006 23:04:38 A..HR 749 0.73 K
sapicp~1.man Wed 27 Sep 2006 23:04:38 A..HR 749 0.73 K
savfccij.ini Fri 15 Dec 2006 10:18:56 ..SH. 37,559 36.68 K
uuxbc.ini Mon 27 Nov 2006 13:51:12 A.SH. 623,160 608.55 K
uuxbc.tmp Mon 27 Nov 2006 13:50:36 A.SH. 623,160 608.55 K
uuxbc~1.bak Tue 12 Dec 2006 8:31:18 ..SH. 602,399 588.28 K
uuxbc~1.ini Sat 16 Dec 2006 12:29:22 ..SH. 644,958 629.84 K
uuxbc~2.bak Fri 15 Dec 2006 23:40:40 ..SH. 622,624 608.03 K
window~1.man Wed 27 Sep 2006 23:04:44 A..HR 488 0.48 K
wuaucp~1.man Wed 27 Sep 2006 23:04:38 A..HR 749 0.73 K

15 items found: 15 files, 0 directories.
Total of file sizes: 3,908,214 bytes 3.73 M

-------- Strings.exe Qoologic Results --------


--------- Strings.exe Aspack Results ---------

C:\WINDOWS\system32\MRT.exe: (ASPack)
C:\WINDOWS\system32\MRT.exe: (AsPack2k)
C:\WINDOWS\system32\MRT.exe: (Aspack %s)
C:\WINDOWS\system32\MRT.exe: ASPack 1.61
C:\WINDOWS\system32\MRT.exe: ASPack 1.084
C:\WINDOWS\system32\MRT.exe: ASPack 1.083
C:\WINDOWS\system32\MRT.exe: ASPack 1.08.02b
C:\WINDOWS\system32\MRT.exe: ASPack 1.07b
C:\WINDOWS\system32\MRT.exe: ASPack 1.05b
C:\WINDOWS\system32\MRT.exe: ASPack 1.02
C:\WINDOWS\system32\MRT.exe: aspACK
C:\WINDOWS\system32\MRT.exe: aspACK
C:\WINDOWS\system32\MRT.exe: aspACK
C:\WINDOWS\system32\MRT.exe: aspACK
C:\WINDOWS\system32\MRT.exe: aspACK
C:\WINDOWS\system32\MRT.exe: aspACK
C:\WINDOWS\system32\MRT.exe: aspACK
C:\WINDOWS\system32\MRT.exe: aspACK
C:\WINDOWS\system32\ntdll.dll: .aspack

-------------- HKLM Run Key ----------------

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIModeChange"="Ati2mdxx.exe"
"Apoint"="C:\\Program Files\\Apoint2K\\Apoint.exe"
"NECMFK"="C:\\Program Files\\necmfk\\necmfk.exe"
"Smapp"="C:\\Program Files\\Analog Devices\\SoundMAX\\SMTray.exe"
"AGRSMMSG"="AGRSMMSG.exe"
"LtMoh"="C:\\Program Files\\ltmoh\\Ltmoh.exe"
"ATIPTA"="C:\\ATI Technologies\\ATI Control Panel\\atiptaxx.exe"
"NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"SSBkgdUpdate"="\"C:\\Program Files\\Common Files\\Scansoft Shared\\SSBkgdUpdate\\SSBkgdupdate.exe\" -Embedding -boot"
"PaperPort PTD"="\"C:\\Program Files\\ScanSoft\\PaperPort\\pptd40nt.exe\""
"IndexSearch"="\"C:\\Program Files\\ScanSoft\\PaperPort\\IndexSearch.exe\""
"PPScheduler"="\"C:\\Program Files\\ScanSoft\\PaperPort\\PPScheduler.exe\""
"Adobe Version Cue CS2"="\"C:\\Program Files\\Adobe\\Adobe Version Cue CS2\\ControlPanel\\VersionCueCS2Tray.exe\""
"Acrobat Assistant 7.0"="\"C:\\Program Files\\Adobe\\Adobe Acrobat 7.0\\Distillr\\Acrotray.exe\""
"Autoroute SMTP"="C:\\Program Files\\Autoroute SMTP\\AutoSmtp.exe"
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"Google Desktop Search"="\"C:\\Program Files\\Google\\Google Desktop Search\\GoogleDesktop.exe\" /startup"
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.5.0_09\\bin\\jusched.exe\""
"Express TalkRun"="\"C:\\Program Files\\NCH Swift Sound\\Express Talk\\talk.exe\" -logon"
"pccguide.exe"="\"C:\\Program Files\\Trend Micro\\Internet Security 2006\\pccguide.exe\""
"WinampAgent"="C:\\Program Files\\Winamp\\winampa.exe"
"BigDog303"="C:\\WINDOWS\\VM303_STI.EXE VIMICRO USB PC Camera (ZC0301PLH)"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
"Installed"="1"


====================================================================

any help would be greatly appreciated.

BC AdBot (Login to Remove)

 


#2 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:07:20 AM

Posted 17 December 2006 - 05:40 AM

Hello,

I see you are running Teatimer.
I suggest you to disable it because it can interfere with the changes you'll make on your system.
When everything is done and your log is clean again, you can enable it again.
If teatimer gives you a warning afterwards that some changes were made, allow this instead of blocking it.
How to disable TeaTimer during HijackThis Cleanup
Then, Download ResetTeaTimer.bat.
Double click ResetTeaTimer.bat to remove all entries set by TeaTimer.

* Please download VundoFix.exe to your C:\.
  • Double-click VundoFix.exe to run it.
  • Click the Scan for Vundo button.
  • Once it's done scanning, click the Remove Vundo button.
  • In case it says that nothing was found, Right click the list box (white box) in the main VundoFix window.
  • Select Add More Files? from the menu that comes up. This will open a new VundoFix window.
  • In the Window: copy and paste next in the first field: C:\WINDOWS\System32\cbxuu.dll
  • Copy and paste next in the second field: C:\WINDOWS\System32\winzlo32.dll
  • Click the Add Files button.
  • Click the "Close Window" button.
  • Click the Remove Vundo button.
  • You will receive a prompt asking if you want to remove the files, click YES
  • Once you click yes, your desktop will go blank as it starts removing Vundo.
  • When completed, it will prompt that it will shutdown your computer, click OK.
  • Turn your computer back on.
Note: It is possible that VundoFix encountered a file it could not remove.
In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button." when VundoFix appears at reboot.

After reboot, Post a new hijackthislog and the contents of C:\vundofix.txt in your next reply.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#3 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:07:20 AM

Posted 26 December 2006 - 11:18 AM

Due to the lack of feedback, this Topic is closed.
If you need this topic reopened for continuations of existing problems, please request this by sending me a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#4 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:07:20 AM

Posted 26 December 2006 - 07:08 PM

Topic reopened. Please post the logs in your next reply :thumbsup:
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#5 cclambie

cclambie
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:04:20 PM

Posted 26 December 2006 - 07:32 PM

Ok, ran Vundo and found a few files, added one C:\WINDOWS\System32\winzlo32.dll that it "didn't find"

Hijack This Log
===================================================================
Logfile of HijackThis v1.99.1
Scan saved at 5:41:52 PM, on 22/12/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\necmfk\necmfk.exe
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\ltmoh\Ltmoh.exe
C:\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\ScanSoft\PaperPort\PPScheduler.exe
C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\Autoroute SMTP\AutoSmtp.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Trend Micro\Internet Security 2006\pccguide.exe
C:\Program Files\Winamp\winampa.exe
C:\WINDOWS\VM303_STI.EXE
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Slawdog\Smart Shutdown\Smart Shutdown.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
C:\Program Files\Winamp\winamp.exe
C:\Documents and Settings\Craig\My Documents\Downloads\Utils\TrendMicro\VundoFix.exe
C:\Documents and Settings\Craig\My Documents\Downloads\Utils\TrendMicro\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Adobe Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {11F0EE13-5947-2942-F631-09BEB2706006} - C:\WINDOWS\system32\wirvufc.dll
O2 - BHO: Solid Converter PDF - {259F616C-A300-44F5-B04A-ED001A26C85C} - C:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\ExploreExtPDF.dll
O2 - BHO: (no name) - {3FD6B99C-A275-46ea-8FD1-3D63986E51E4} - C:\WINDOWS\system32\wpibjsdk.dll
O2 - BHO: (no name) - {71E58DC9-129C-415D-8EEE-DFEE5C6431B6} - C:\WINDOWS\system32\cbxuu.dll (file missing)
O2 - BHO: (no name) - {755bbd1a-aa59-456c-afeb-b4c42c4dcb6f} - C:\WINDOWS\system32\ixt0.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: NetXfer - {83B80A9C-D91A-4F22-8DCF-EA7204039F79} - C:\Program Files\Xi\NetXfer\NXIEHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: (no name) - {FDE57DB8-EC0C-EAAB-7801-B9891C5A60C6} - C:\WINDOWS\system32\tqmxqe.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Solid Converter PDF - {259F616C-A300-44F5-B04A-ED001A26C85C} - C:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\ExploreExtPDF.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: NetXfer - {C16CBAAC-A75C-4DB5-A0DD-CDF5CAFCDD3A} - C:\Program Files\Xi\NetXfer\NXToolBar.dll
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [NECMFK] C:\Program Files\necmfk\necmfk.exe
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [ATIPTA] C:\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] "C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe"
O4 - HKLM\..\Run: [IndexSearch] "C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe"
O4 - HKLM\..\Run: [PPScheduler] "C:\Program Files\ScanSoft\PaperPort\PPScheduler.exe"
O4 - HKLM\..\Run: [Adobe Version Cue CS2] "C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [Autoroute SMTP] C:\Program Files\Autoroute SMTP\AutoSmtp.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2006\pccguide.exe"
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [BigDog303] C:\WINDOWS\VM303_STI.EXE VIMICRO USB PC Camera (ZC0301PLH)
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Slawdog Smart Shutdown] C:\Program Files\Slawdog\Smart Shutdown\Smart Shutdown.exe startup
O8 - Extra context menu item: &Save Flash In This Page by Flash Saver - C:\PROGRA~1\FLASHS~1\save.htm
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Download all by NetXfer - C:\Program Files\Xi\NetXfer\NXAddList.html
O8 - Extra context menu item: Download by NetXfer - C:\Program Files\Xi\NetXfer\NXAddLink.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\Windows Live Toolbar\Components\en-au\msntabres.dll.mui/229?a505acca327d49f5af40d4dc7ca11f62
O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\Windows Live Toolbar\Components\en-au\msntabres.dll.mui/230?a505acca327d49f5af40d4dc7ca11f62
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Flash Saver - {09EA1F80-F40A-11D1-B792-444553540001} - C:\PROGRA~1\FLASHS~1\save.htm
O9 - Extra 'Tools' menuitem: Flash Saver - {09EA1F80-F40A-11D1-B792-444553540001} - C:\PROGRA~1\FLASHS~1\save.htm
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - SolidConverterPDF - (no file) (HKCU)
O11 - Options group: [INTERNATIONAL] International*
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: winzlo32 - winzlo32.dll (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe

====================================================================

Vundo.txt
====================================================================

VundoFix V6.2.13

Checking Java version...

Java version is 1.5.0.6

Java version is 1.5.0.9

Scan started at 11:37:53 PM 21/12/2006

Listing files found while scanning....

C:\WINDOWS\system32\cbxuu.dll
C:\WINDOWS\system32\uuxbc.ini
C:\WINDOWS\system32\uuxbc.bak1
C:\WINDOWS\system32\uuxbc.bak2
C:\WINDOWS\system32\uuxbc.ini2
C:\WINDOWS\system32\uuxbc.tmp

Beginning removal...

Attempting to delete C:\WINDOWS\system32\cbxuu.dll
C:\WINDOWS\system32\cbxuu.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\uuxbc.ini
C:\WINDOWS\system32\uuxbc.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\uuxbc.bak1
C:\WINDOWS\system32\uuxbc.bak1 Has been deleted!

Attempting to delete C:\WINDOWS\system32\uuxbc.bak2
C:\WINDOWS\system32\uuxbc.bak2 Has been deleted!

Attempting to delete C:\WINDOWS\system32\uuxbc.ini2
C:\WINDOWS\system32\uuxbc.ini2 Has been deleted!

Attempting to delete C:\WINDOWS\system32\uuxbc.tmp
C:\WINDOWS\system32\uuxbc.tmp Has been deleted!

Performing Repairs to the registry.
Done!

VundoFix V6.2.13

Checking Java version...

Java version is 1.5.0.6

Java version is 1.5.0.9

Scan started at 5:32:44 PM 22/12/2006

Listing files found while scanning....

No infected files were found.

====================================================================

Hope this helps, I'm almost at the point of reformatting, but would appreciate any help I can get would be appreciated.

#6 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:07:20 AM

Posted 27 December 2006 - 03:49 AM

Hello,

* Start HijackThis, close all open windows leaving only HijackThis running. Place a check against each of the following:

O2 - BHO: (no name) - {11F0EE13-5947-2942-F631-09BEB2706006} - C:\WINDOWS\system32\wirvufc.dll
O2 - BHO: (no name) - {3FD6B99C-A275-46ea-8FD1-3D63986E51E4} - C:\WINDOWS\system32\wpibjsdk.dll
O2 - BHO: (no name) - {71E58DC9-129C-415D-8EEE-DFEE5C6431B6} - C:\WINDOWS\system32\cbxuu.dll (file missing)
O2 - BHO: (no name) - {755bbd1a-aa59-456c-afeb-b4c42c4dcb6f} - C:\WINDOWS\system32\ixt0.dll (file missing)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {FDE57DB8-EC0C-EAAB-7801-B9891C5A60C6} - C:\WINDOWS\system32\tqmxqe.dll
O20 - Winlogon Notify: winzlo32 - winzlo32.dll (file missing)


* Click on Fix Checked when finished and exit HijackThis.
Make sure your Internet Explorer is closed when you click Fix Checked!

Your version of Java is outdated and needs to be updated to take advantage of fixes that have eliminated security vulnerabilities.
Updating Java:
  • Download the latest version of Java Runtime Environment (JRE) 6.0.
  • Scroll down to where it says "Java Runtime Environment (JRE) 6".
  • Click the "Download" button to the right.
  • Check the box that says: "Accept License Agreement".
  • The page will refresh.
  • Click on the link to download Windows Offline Installation, Multi-language and save to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
    - Examples of older versions in Add or Remove Programs:
    • Java 2 Runtime Environment, SE v1.4.2
    • J2SE Runtime Environment 5.0
    • J2SE Runtime Environment 5.0 Update 6
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6-windows-i586.exe to install the newest version.
* Clean your Cache and Cookies in IE:
  • Close all instances of Outlook Express and Internet Explorer
  • Go to Control Panel > Internet Options > General tab
  • Under Browsing History, click "Delete".
  • Click "Delete Files", "Delete cookies" and "Delete history"
  • Click Close below.
* Clean your Cache and Cookies in Firefox (In case you also have Firefox installed):
  • Go to Tools > Options.
  • Click Privacy in the menu..
  • Click the Clear now button below.. A new window will popup what to clear.
  • Select all and click the Clear button again.
  • Click OK to close the Options window
* Clean other Temporary files + Recycle bin
  • Go to start > run and type: cleanmgr and click ok.
  • Let it scan your system for files to remove.
  • Make sure Temporary Files, Temporary Internet Files, and Recycle Bin are the only things checked.
  • Press OK to remove them.
Please download, install, and update AVG Anti-Spyware
  • Load AVG Anti-Spyware and then click the Update tab at the top. Under Manual Update click Start update.
  • After the update finishes (the status bar at the bottom will display "Update successful")
  • Then click on the Scanner tab at the top. Click the "Settings" tab and then change the recommended action to Quarantine and click Automatically generate report after every scan. Click back to the "Scan" tab and then click on Complete System Scan. This scan can take quite a while to run, so be prepared.
  • AVG Anti-Spyware will list any infections found on the left hand side. When the scan has finished, it will automatically set the recommended action. Click the Apply all actions button. AVG Anti-Spyware will display "All actions have been applied" on the right hand side.
  • Click on "Save Report", then "Save Report As". This will create a text file. Make sure you know where to find this file again (like on the Desktop).
  • Close AVG Anti-Spyware and reboot!!
  • I need the log later
* Download Combofix to your desktop.
Doubleclick combofix.exe
Follow the prompts.
Don't click on the window while the fix is running, because that will cause your system to hang.

When finished and after reboot, it should open a log, combofix.txt.
Post this log in your next reply together with a new hijackthislog and the log from AVG Antispyware.
You may need several replies to post the logs.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#7 cclambie

cclambie
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:04:20 PM

Posted 03 January 2007 - 07:37 AM

ok, happy new year !!

ComboFix.txt
Craig - 07-01-03 23:09:59.35 Service Pack 2
ComboFix 06.11.27 - Running from: "C:\Documents and Settings\Craig\Desktop"

(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))



~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ Purity ~ ~ ~ ~ ~ ~ ~ ~~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~

Folders Quarantined:

C:\QooBox\Purity\Program Files\RACLE~1
C:\QooBox\Purity\Program Files\RACLE~1\?racle
C:\QooBox\Purity\WINDOWS\system32\YMANTE~1


((((((((((((((((((((((((((((((( Files Created from 2006-12-03 to 2007-01-03 ))))))))))))))))))))))))))))))))))


2007-01-02 14:05 <DIR> d-------- C:\WINDOWS\LastGood
2007-01-02 14:05 <DIR> d-------- C:\Program Files\Windows Live Safety Center
2006-12-31 21:24 <DIR> d-------- C:\Documents and Settings\Craig\My Documents\AWhatwasthat\Advertising\Lists\Apple Computer
2006-12-31 09:54 <DIR> d-------- C:\Documents and Settings\Craig\My Documents\AWhatwasthat\Advertising\Lists\vlc
2006-12-29 18:59 3,968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2006-12-29 18:59 <DIR> d-------- C:\Program Files\Grisoft
2006-12-29 18:46 <DIR> d-------- C:\Program Files\Common Files\Java
2006-12-29 18:29 <DIR> d-------- C:\Documents and Settings\Craig\My Documents\AWhatwasthat\Advertising\Lists\Sun
2006-12-29 18:28 <DIR> d-------- C:\WINDOWS\system32\appmgmt
2006-12-28 18:38 <DIR> d-------- C:\Documents and Settings\Craig\My Documents\AWhatwasthat\Advertising\Lists\SolidDocuments
2006-12-28 18:38 <DIR> d-------- C:\Documents and Settings\Craig\My Documents\AWhatwasthat\Advertising\Lists\Adobe
2006-12-28 03:44 <DIR> d-------- C:\Documents and Settings\Craig\My Documents\AWhatwasthat\Advertising\Lists\Winamp
2006-12-27 21:25 <DIR> d-------- C:\Documents and Settings\Craig\My Documents\AWhatwasthat\Advertising\Lists\Skype
2006-12-27 19:29 <DIR> d-------- C:\Documents and Settings\Craig\My Documents\AWhatwasthat\Advertising\Lists\Macromedia
2006-12-27 19:28 <DIR> d-------- C:\Documents and Settings\Craig\My Documents\AWhatwasthat\Advertising\Lists\Talkback
2006-12-27 19:28 <DIR> d-------- C:\Documents and Settings\Craig\My Documents\AWhatwasthat\Advertising\Lists\Mozilla
2006-12-27 19:25 <DIR> d---s---- C:\Documents and Settings\Craig\My Documents\AWhatwasthat\Advertising\Lists\Microsoft
2006-12-26 18:48 90,112 --a------ C:\WINDOWS\unvise32.exe
2006-12-26 18:48 56 -r-hs---- C:\WINDOWS\system32\FD59F7A0EF.sys
2006-12-26 18:48 5,642 --ahs---- C:\WINDOWS\system32\KGyGaAvL.sys
2006-12-26 18:48 <DIR> d-------- C:\Program Files\DivX
2006-12-21 23:37 <DIR> d-------- C:\VundoFix Backups
2006-12-19 12:39 44,052 --a------ C:\WINDOWS\system32\wpibjsdk.dll
2006-12-18 12:38 44,052 --a------ C:\WINDOWS\system32\tvlgscnr.dll
2006-12-17 13:25 <DIR> d-------- C:\Program Files\Crimson Editor
2006-12-16 23:41 44,052 --a------ C:\WINDOWS\system32\uudnkmdn.dll
2006-12-16 15:21 <DIR> d-------- C:\VP-EYE
2006-12-16 15:19 <DIR> d-------- C:\Program Files\Microvisual Video Center
2006-12-16 15:10 21,504 --a------ C:\WINDOWS\system32\hidserv.dll
2006-12-16 15:09 9,600 --a------ C:\WINDOWS\system32\drivers\hidusb.sys
2006-12-16 12:41 32,768 --a------ C:\WINDOWS\VMZoom.exe
2006-12-16 12:41 307,200 --a------ C:\WINDOWS\vidcap32.Exe
2006-12-16 12:41 24,576 --a------ C:\WINDOWS\VMPipe.dll
2006-12-16 12:40 53,248 --a------ C:\WINDOWS\Sti303.exe
2006-12-16 12:40 <DIR> d-------- C:\WINDOWS\CatRoot
2006-12-16 12:39 <DIR> d-------- C:\WINDOWS\EffectResources
2006-12-16 12:39 <DIR> d-------- C:\Program Files\Vimicro
2006-12-16 11:21 81,920 --a------ C:\WINDOWS\system32\VM303STI.dll
2006-12-16 11:21 61,440 --a------ C:\WINDOWS\VM303_STI.EXE
2006-12-16 11:21 53,760 --a------ C:\WINDOWS\system32\vfwwdm32.dll
2006-12-16 11:21 389,852 --a------ C:\WINDOWS\system32\drivers\usbVM303.sys
2006-12-16 11:21 172,032 --a------ C:\WINDOWS\amcap.exe
2006-12-16 11:21 102,400 --a------ C:\WINDOWS\VM303Cap.exe
2006-12-15 10:18 118,804 --a------ C:\WINDOWS\system32\jiccfvas.dll
2006-12-11 16:04 <DIR> d-------- C:\Temp
2006-12-11 09:23 80 --a------ C:\WINDOWS\gmer_uninstall.cmd
2006-12-11 09:14 <DIR> d-------- C:\Program Files\Xi
2006-12-08 01:31 <DIR> d-------- C:\WINDOWS\WBEM
2006-12-08 01:31 <DIR> d-------- C:\WINDOWS\system32\en-US
2006-12-08 01:24 <DIR> d--h-c--- C:\WINDOWS\ie7
2006-12-08 01:21 121,856 --------- C:\WINDOWS\system32\xmllite.dll
2006-12-08 01:18 <DIR> d-------- C:\WINDOWS\network diagnostic
2006-12-08 01:14 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
2006-12-04 23:45 <DIR> d-------- C:\Program Files\Lavasoft
2006-12-04 06:04 48,424 --a------ C:\WINDOWS\system32\sirenacm.dll


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2007-01-03 14:19 -------- d-------- C:\Program Files\Mozilla Firefox
2006-12-29 18:47 -------- d-------- C:\Program Files\Java
2006-12-29 18:46 -------- d-------- C:\Program Files\Common Files
2006-12-27 19:16 -------- d-------- C:\Program Files\EarthTime
2006-12-22 07:58 -------- d-------- C:\Program Files\Winamp
2006-12-16 12:39 -------- d--h----- C:\Program Files\InstallShield Installation Information
2006-12-15 11:02 -------- d-------- C:\Program Files\MSN Messenger
2006-12-15 09:36 -------- d-------- C:\Program Files\Common Files\System
2006-12-15 08:11 -------- d-------- C:\Program Files\Outlook Express
2006-12-08 09:48 -------- d-------- C:\Program Files\Internet Explorer
2006-12-07 16:29 2374472 --a------ C:\WINDOWS\system32\wmvcore.dll
2006-12-05 06:11 -------- d-------- C:\Program Files\VSAdd-in
2006-12-01 09:00 -------- d-------- C:\Program Files\Giganology
2006-12-01 00:02 0 -rahs---- C:\MSDOS.SYS
2006-12-01 00:02 0 -rahs---- C:\IO.SYS
2006-12-01 00:02 -------- d-------- C:\Program Files\H264 Codec
2006-11-30 11:26 -------- d-------- C:\Program Files\Tweak-XP Pro
2006-11-30 11:25 -------- d-------- C:\Program Files\Common Files\Wise Installation Wizard
2006-11-28 14:25 10 ---hs---- C:\Documents and Settings\Craig\My Documents\AWhatwasthat\Advertising\Lists\_desktop.ini
2006-11-28 14:25 -------- d-------- C:\Documents and Settings\Craig\My Documents\AWhatwasthat\Advertising\Lists\For benPPM
2006-11-27 19:45 60416 --------- C:\WINDOWS\system32\tzchange.exe
2006-11-27 09:09 -------- d-------- C:\Program Files\Spybot - Search & Destroy
2006-11-25 10:06 110612 --a------ C:\WINDOWS\system32\haxhjxxq.exe
2006-11-25 10:02 0 --a------ C:\wvoxqqk.exe
2006-11-25 10:02 0 --a------ C:\lyrth.exe
2006-11-25 10:01 0 --a------ C:\wtwtd.exe
2006-11-25 10:01 0 --a------ C:\nrypyd.exe
2006-11-25 10:01 0 --a------ C:\gexssrq.exe
2006-11-25 10:01 0 --a------ C:\fdjb.exe
2006-11-25 10:00 0 --a------ C:\vkjoe.exe
2006-11-25 10:00 0 --a------ C:\otxq.exe
2006-11-20 10:30 -------- d-------- C:\Program Files\MSXML 4.0
2006-11-16 09:40 -------- d-------- C:\Program Files\VideoLAN
2006-11-12 16:43 -------- d-------- C:\Program Files\NCH Swift Sound
2006-11-12 14:53 -------- d-------- C:\Program Files\ECIClientV5
2006-11-12 13:59 -------- d-------- C:\Program Files\CSI
2006-11-08 16:06 679424 --a------ C:\WINDOWS\system32\inetcomm.dll
2006-11-07 21:03 6049280 --------- C:\WINDOWS\system32\ieframe.dll
2006-11-07 21:03 50688 --------- C:\WINDOWS\system32\msfeedsbs.dll
2006-11-07 21:03 458752 --------- C:\WINDOWS\system32\msfeeds.dll
2006-11-07 21:03 413696 --a------ C:\WINDOWS\system32\vbscript.dll
2006-11-07 21:03 231424 --a------ C:\WINDOWS\system32\webcheck.dll
2006-11-07 21:03 180736 --------- C:\WINDOWS\system32\ieui.dll
2006-11-07 21:03 156160 --a------ C:\WINDOWS\system32\msls31.dll
2006-11-07 03:27 382976 --a------ C:\WINDOWS\system32\iedkcs32.dll
2006-11-07 03:27 229376 --a------ C:\WINDOWS\system32\ieaksie.dll
2006-11-07 03:26 71680 --a------ C:\WINDOWS\system32\admparse.dll
2006-11-07 03:26 55296 --a------ C:\WINDOWS\system32\iesetup.dll
2006-11-07 03:26 54784 --a------ C:\WINDOWS\system32\ie4uinit.exe
2006-11-07 03:26 43008 --a------ C:\WINDOWS\system32\iernonce.dll
2006-11-07 03:26 152064 --a------ C:\WINDOWS\system32\ieakeng.dll
2006-11-07 03:26 13312 --a------ C:\WINDOWS\system32\ieudinit.exe
2006-11-07 03:26 123904 --a------ C:\WINDOWS\system32\advpack.dll
2006-11-07 03:25 161792 --a------ C:\WINDOWS\system32\ieakui.dll
2006-11-05 17:32 -------- d-------- C:\Program Files\Windows Live Toolbar
2006-11-04 14:14 1245696 --a------ C:\WINDOWS\system32\msxml4.dll
2006-11-03 20:21 -------- d-------- C:\Program Files\Common Files\Intuit
2006-11-03 20:20 -------- d-------- C:\Program Files\Common Files\AnswerWorks 4.0
2006-11-03 20:18 -------- d-------- C:\Program Files\Intuit
2006-11-03 14:31 -------- d-------- C:\Program Files\Flash Saver
2006-10-20 00:56 713216 --a------ C:\WINDOWS\system32\sxs.dll
2006-10-17 12:06 78336 --a------ C:\WINDOWS\system32\ieencode.dll
2006-10-17 12:05 40960 --a------ C:\WINDOWS\system32\licmgr10.dll
2006-10-17 12:05 206336 --------- C:\WINDOWS\system32\WinFXDocObj.exe
2006-10-17 12:05 105984 --a------ C:\WINDOWS\system32\url.dll
2006-10-17 12:04 101376 --a------ C:\WINDOWS\system32\occache.dll
2006-10-17 12:03 17408 --a------ C:\WINDOWS\system32\corpol.dll
2006-10-17 11:58 61952 --------- C:\WINDOWS\system32\icardie.dll
2006-10-17 11:58 12288 --------- C:\WINDOWS\system32\msfeedssync.exe
2006-10-17 11:57 36352 --a------ C:\WINDOWS\system32\imgutil.dll
2006-10-17 11:57 266752 --------- C:\WINDOWS\system32\iertutil.dll
2006-10-17 11:56 45568 --a------ C:\WINDOWS\system32\mshta.exe
2006-10-17 11:28 48128 --a------ C:\WINDOWS\system32\mshtmler.dll
2006-10-17 11:27 380928 --------- C:\WINDOWS\system32\ieapfltr.dll
2006-10-13 23:35 65536 --a------ C:\WINDOWS\system32\nwwks.dll
2006-10-13 23:35 64000 --a------ C:\WINDOWS\system32\nwapi32.dll
2006-10-13 23:35 142336 --a------ C:\WINDOWS\system32\nwprovau.dll


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"WelcomePad"=""
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"MsnMsgr"="\"C:\\Program Files\\MSN Messenger\\MsnMsgr.Exe\" /background"
"Skype"="\"C:\\Program Files\\Skype\\Phone\\Skype.exe\" /nosplash /minimized"
"Slawdog Smart Shutdown"="C:\\Program Files\\Slawdog\\Smart Shutdown\\Smart Shutdown.exe startup"
"BlockAds"=""
"TransparentIcons"=""
"Tweak-XP"=""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"ATIModeChange"="Ati2mdxx.exe"
"Apoint"="C:\\Program Files\\Apoint2K\\Apoint.exe"
"NECMFK"="C:\\Program Files\\necmfk\\necmfk.exe"
"Smapp"="C:\\Program Files\\Analog Devices\\SoundMAX\\SMTray.exe"
"ATIPTA"="C:\\ATI Technologies\\ATI Control Panel\\atiptaxx.exe"
"Autoroute SMTP"="C:\\Program Files\\Autoroute SMTP\\AutoSmtp.exe"
"Google Desktop Search"="\"C:\\Program Files\\Google\\Google Desktop Search\\GoogleDesktop.exe\" /startup"
"pccguide.exe"="\"C:\\Program Files\\Trend Micro\\Internet Security 2006\\pccguide.exe\""
"WinampAgent"="C:\\Program Files\\Winamp\\winampa.exe"
"BigDog303"="C:\\WINDOWS\\VM303_STI.EXE VIMICRO USB PC Camera (ZC0301PLH)"
"!AVG Anti-Spyware"="\"C:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized"
"RealTray"="C:\\Program Files\\Real\\RealPlayer\\RealPlay.exe SYSTEMBOOTHIDEPLAYER"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000001

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,77,01,00,00,00,00,00,00,89,03,00,00,b2,03,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\
ff,ff,04,00,00,00
"RestoredStateInfo"=hex:18,00,00,00,f2,01,00,00,a3,00,00,00,7c,00,00,00,5c,00,\
00,00,01,00,00,00

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"WelcomePad"="C:\\Program Files\\Apoint2K\\ApWelcom.exe"

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"WelcomePad"="C:\\Program Files\\Apoint2K\\ApWelcom.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"
"{0bad5052-665d-40d4-a9bd-a2891eaafb42}"="boucicault"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
"NoClose"=dword:00000000

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winzlo32

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"


Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\Check Updates for Windows Live Toolbar.job
C:\WINDOWS\tasks\ISP signup reminder 2.job

Completion time: 07-01-03 23:12:30.38
C:\ComboFix.txt ... 07-01-03 23:12
C:\ComboFix2.txt ... 06-12-11 09:29

========================================
HIjack This Log
========================================

Logfile of HijackThis v1.99.1
Scan saved at 5:41:52 PM, on 22/12/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\necmfk\necmfk.exe
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\ltmoh\Ltmoh.exe
C:\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\ScanSoft\PaperPort\PPScheduler.exe
C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\Autoroute SMTP\AutoSmtp.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Trend Micro\Internet Security 2006\pccguide.exe
C:\Program Files\Winamp\winampa.exe
C:\WINDOWS\VM303_STI.EXE
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Slawdog\Smart Shutdown\Smart Shutdown.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
C:\Program Files\Winamp\winamp.exe
C:\Documents and Settings\Craig\My Documents\Downloads\Utils\TrendMicro\VundoFix.exe
C:\Documents and Settings\Craig\My Documents\Downloads\Utils\TrendMicro\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Adobe Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {11F0EE13-5947-2942-F631-09BEB2706006} - C:\WINDOWS\system32\wirvufc.dll
O2 - BHO: Solid Converter PDF - {259F616C-A300-44F5-B04A-ED001A26C85C} - C:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\ExploreExtPDF.dll
O2 - BHO: (no name) - {3FD6B99C-A275-46ea-8FD1-3D63986E51E4} - C:\WINDOWS\system32\wpibjsdk.dll
O2 - BHO: (no name) - {71E58DC9-129C-415D-8EEE-DFEE5C6431B6} - C:\WINDOWS\system32\cbxuu.dll (file missing)
O2 - BHO: (no name) - {755bbd1a-aa59-456c-afeb-b4c42c4dcb6f} - C:\WINDOWS\system32\ixt0.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: NetXfer - {83B80A9C-D91A-4F22-8DCF-EA7204039F79} - C:\Program Files\Xi\NetXfer\NXIEHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: (no name) - {FDE57DB8-EC0C-EAAB-7801-B9891C5A60C6} - C:\WINDOWS\system32\tqmxqe.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Solid Converter PDF - {259F616C-A300-44F5-B04A-ED001A26C85C} - C:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\ExploreExtPDF.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: NetXfer - {C16CBAAC-A75C-4DB5-A0DD-CDF5CAFCDD3A} - C:\Program Files\Xi\NetXfer\NXToolBar.dll
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [NECMFK] C:\Program Files\necmfk\necmfk.exe
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [ATIPTA] C:\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] "C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe"
O4 - HKLM\..\Run: [IndexSearch] "C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe"
O4 - HKLM\..\Run: [PPScheduler] "C:\Program Files\ScanSoft\PaperPort\PPScheduler.exe"
O4 - HKLM\..\Run: [Adobe Version Cue CS2] "C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [Autoroute SMTP] C:\Program Files\Autoroute SMTP\AutoSmtp.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2006\pccguide.exe"
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [BigDog303] C:\WINDOWS\VM303_STI.EXE VIMICRO USB PC Camera (ZC0301PLH)
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Slawdog Smart Shutdown] C:\Program Files\Slawdog\Smart Shutdown\Smart Shutdown.exe startup
O8 - Extra context menu item: &Save Flash In This Page by Flash Saver - C:\PROGRA~1\FLASHS~1\save.htm
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Download all by NetXfer - C:\Program Files\Xi\NetXfer\NXAddList.html
O8 - Extra context menu item: Download by NetXfer - C:\Program Files\Xi\NetXfer\NXAddLink.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\Windows Live Toolbar\Components\en-au\msntabres.dll.mui/229?a505acca327d49f5af40d4dc7ca11f62
O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\Windows Live Toolbar\Components\en-au\msntabres.dll.mui/230?a505acca327d49f5af40d4dc7ca11f62
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Flash Saver - {09EA1F80-F40A-11D1-B792-444553540001} - C:\PROGRA~1\FLASHS~1\save.htm
O9 - Extra 'Tools' menuitem: Flash Saver - {09EA1F80-F40A-11D1-B792-444553540001} - C:\PROGRA~1\FLASHS~1\save.htm
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - SolidConverterPDF - (no file) (HKCU)
O11 - Options group: [INTERNATIONAL] International*
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: winzlo32 - winzlo32.dll (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe

=================================================
AVG Log
=================================================

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 3:42:54 AM 30/12/2006

+ Scan result:



HKU\S-1-5-21-515967899-484763869-1343024091-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{755BBD1A-AA59-456C-AFEB-B4C42C4DCB6F} -> Adware.Generic : Cleaned.
C:\Documents and Settings\Craig\My Documents\Downloads\Utils\TrendMicro\backups\backup-20061229-181351-694.dll -> Adware.PurityScan : Cleaned.
C:\System Volume Information\_restore{012B57DD-DA91-401E-A21D-784FAEB1C2B7}\RP208\A0046064.dll -> Adware.PurityScan : Cleaned.
C:\System Volume Information\_restore{012B57DD-DA91-401E-A21D-784FAEB1C2B7}\RP193\A0042239.dll -> Adware.SafetyBar : Cleaned.
C:\System Volume Information\_restore{012B57DD-DA91-401E-A21D-784FAEB1C2B7}\RP191\A0039822.exe -> Adware.Softomate : Cleaned.
C:\System Volume Information\_restore{012B57DD-DA91-401E-A21D-784FAEB1C2B7}\RP193\A0042242.dll -> Adware.Softomate : Cleaned.
C:\WINDOWS\system32\nnnmkif.dll -> Adware.Virtumonde : Cleaned.
C:\System Volume Information\_restore{012B57DD-DA91-401E-A21D-784FAEB1C2B7}\RP181\A0036237.exe -> Adware.VirusBurst : Cleaned.
C:\Documents and Settings\Craig\My Documents\Downloads\Cracks\audioconverterv2.05betacia.zip/c_ac205b.exe -> Backdoor.Theef.111 : Cleaned.
C:\Documents and Settings\Craig\My Documents\Downloads\Cracks\av2mp3\c_ac205b.exe -> Backdoor.Theef.111 : Cleaned.
C:\Documents and Settings\Craig\My Documents\Downloads\Utils\TrendMicro\backups\backup-20061229-181351-467.dll -> Downloader.Busky : Cleaned.
C:\WINDOWS\system32\jezmesh.dll -> Downloader.Busky : Cleaned.
C:\WINDOWS\system32\wirvufc.dll -> Downloader.Busky : Cleaned.
C:\QooBox\Purity\WINDOWS\system32\YMANTE~1\rυndll.exe -> Downloader.Purit.co : Cleaned.
C:\System Volume Information\_restore{012B57DD-DA91-401E-A21D-784FAEB1C2B7}\RP181\A0036218.exe -> Downloader.Zlob.bat : Cleaned.
C:\System Volume Information\_restore{012B57DD-DA91-401E-A21D-784FAEB1C2B7}\RP181\A0036232.exe -> Downloader.Zlob.bat : Cleaned.
C:\System Volume Information\_restore{012B57DD-DA91-401E-A21D-784FAEB1C2B7}\RP181\A0036229.exe -> Downloader.Zlob.bau : Cleaned.
C:\System Volume Information\_restore{012B57DD-DA91-401E-A21D-784FAEB1C2B7}\RP181\A0036230.exe -> Downloader.Zlob.bhm : Cleaned.
C:\Documents and Settings\Craig\My Documents\Downloads\Cracks\solid\patch.exe -> Logger.Agent.nbq : Cleaned.
:mozilla.376:C:\Documents and Settings\Craig\Application Data\Mozilla\Firefox\Profiles\gf7z1hte.default\cookies.txt -> TrackingCookie.247realmedia : Cleaned.
:mozilla.10:C:\Documents and Settings\Craig\My Documents\AWhatwasthat\Advertising\Lists\Mozilla\Firefox\Profiles\ckfy5sv5.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.20:C:\Documents and Settings\Craig\My Documents\BackupCubik\Application Data\Mozilla\Profiles\default\7d7r1esj.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.21:C:\Documents and Settings\Craig\My Documents\BackupCubik\Application Data\Mozilla\Profiles\default\7d7r1esj.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.22:C:\Documents and Settings\Craig\My Documents\BackupCubik\Application Data\Mozilla\Profiles\default\7d7r1esj.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.23:C:\Documents and Settings\Craig\My Documents\BackupCubik\Application Data\Mozilla\Profiles\default\7d7r1esj.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.24:C:\Documents and Settings\Craig\My Documents\BackupCubik\Application Data\Mozilla\Profiles\default\7d7r1esj.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.25:C:\Documents and Settings\Craig\Application Data\Mozilla\Firefox\Profiles\gf7z1hte.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.26:C:\Documents and Settings\Craig\Application Data\Mozilla\Firefox\Profiles\gf7z1hte.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.27:C:\Documents and Settings\Craig\Application Data\Mozilla\Firefox\Profiles\gf7z1hte.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.28:C:\Documents and Settings\Craig\Application Data\Mozilla\Firefox\Profiles\gf7z1hte.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.29:C:\Documents and Settings\Craig\Application Data\Mozilla\Firefox\Profiles\gf7z1hte.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.30:C:\Documents and Settings\Craig\Application Data\Mozilla\Firefox\Profiles\gf7z1hte.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.31:C:\Documents and Settings\Craig\Application Data\Mozilla\Firefox\Profiles\gf7z1hte.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.32:C:\Documents and Settings\Craig\Application Data\Mozilla\Firefox\Profiles\gf7z1hte.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.33:C:\Documents and Settings\Craig\Application Data\Mozilla\Firefox\Profiles\gf7z1hte.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.372:C:\Documents and Settings\Craig\Application Data\Mozilla\Firefox\Profiles\gf7z1hte.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.424:C:\Documents and Settings\Craig\Application Data\Mozilla\Firefox\Profiles\gf7z1hte.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.429:C:\Documents and Settings\Craig\Application Data\Mozilla\Firefox\Profiles\gf7z1hte.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.439:C:\Documents and Settings\Craig\Application Data\Mozilla\Firefox\Profiles\gf7z1hte.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.451:C:\Documents and Settings\Craig\Application Data\Mozilla\Firefox\Profiles\gf7z1hte.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.486:C:\Documents and Settings\Craig\Application Data\Mozilla\Firefox\Profiles\gf7z1hte.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.526:C:\Documents and Settings\Craig\Application Data\Mozilla\Firefox\Profiles\gf7z1hte.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.53:C:\Documents and Settings\Craig\My Documents\AWhatwasthat\Advertising\Lists\Mozilla\Firefox\Profiles\ckfy5sv5.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.7:C:\Documents and Settings\Craig\My Documents\AWhatwasthat\Advertising\Lists\Mozilla\Firefox\Profiles\ckfy5sv5.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.82:C:\Documents and Settings\Craig\Application Data\Mozilla\Firefox\Profiles\gf7z1hte.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.8:C:\Documents and Settings\Craig\My Documents\AWhatwasthat\Advertising\Lists\Mozilla\Firefox\Profiles\ckfy5sv5.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.9:C:\Documents and Settings\Craig\My Documents\AWhatwasthat\Advertising\Lists\Mozilla\Firefox\Profiles\ckfy5sv5.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Craig\Cookies\craig@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.320:C:\Documents and Settings\Craig\Application Data\Mozilla\Firefox\Profiles\gf7z1hte.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.321:C:\Documents and Settings\Craig\Application Data\Mozilla\Firefox\Profiles\gf7z1hte.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.101:C:\Documents and Settings\Craig\My Documents\BackupCubik\Application Data\Mozilla\Profiles\default\7d7r1esj.slt\cookies.txt -> TrackingCookie.Adserver : Cleaned.
:mozilla.102:C:\Documents and Settings\Craig\My Documents\BackupCubik\Application Data\Mozilla\Profiles\default\7d7r1esj.slt\cookies.txt -> TrackingCookie.Adserver : Cleaned.
:mozilla.102:C:\Documents and Settings\Craig\Application Data\Mozilla\Firefox\Profiles\gf7z1hte.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.103:C:\Documents and Settings\Craig\Application Data\Mozilla\Firefox\Profiles\gf7z1hte.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.29:C:\Documents and Settings\Craig\My Documents\BackupCubik\Application Data\Mozilla\Profiles\default\7d7r1esj.slt\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.30:C:\Documents and Settings\Craig\My Documents\BackupCubik\Application Data\Mozilla\Profiles\default\7d7r1esj.slt\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.31:C:\Documents and Settings\Craig\My Documents\BackupCubik\Application Data\Mozilla\Profiles\default\7d7r1esj.slt\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.32:C:\Documents and Settings\Craig\My Documents\BackupCubik\Application Data\Mozilla\Profiles\default\7d7r1esj.slt\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.33:C:\Documents and Settings\Craig\My Documents\BackupCubik\Application Data\Mozilla\Profiles\default\7d7r1esj.slt\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.34:C:\Documents and Settings\Craig\My Documents\BackupCubik\Application Data\Mozilla\Profiles\default\7d7r1esj.slt\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.35:C:\Documents and Settings\Craig\My Documents\BackupCubik\Application Data\Mozilla\Profiles\default\7d7r1esj.slt\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.36:C:\Documents and Settings\Craig\My Documents\BackupCubik\Application Data\Mozilla\Profiles\default\7d7r1esj.slt\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.37:C:\Documents and Settings\Craig\My Documents\BackupCubik\Application Data\Mozilla\Profiles\default\7d7r1esj.slt\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.38:C:\Documents and Settings\Craig\My Documents\BackupCubik\Application Data\Mozilla\Profiles\default\7d7r1esj.slt\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.39:C:\Documents and Settings\Craig\My Documents\BackupCubik\Application Data\Mozilla\Profiles\default\7d7r1esj.slt\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.40:C:\Documents and Settings\Craig\My Documents\BackupCubik\Application Data\Mozilla\Profiles\default\7d7r1esj.slt\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.41:C:\Documents and Settings\Craig\My Documents\BackupCubik\Application Data\Mozilla\Profiles\default\7d7r1esj.slt\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.42:C:\Documents and Settings\Craig\My Documents\BackupCubik\Application Data\Mozilla\Profiles\default\7d7r1esj.slt\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.43:C:\Documents and Settings\Craig\My Documents\BackupCubik\Application Data\Mozilla\Profiles\default\7d7r1esj.slt\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.44:C:\Documents and Settings\Craig\My Documents\BackupCubik\Application Data\Mozilla\Profiles\default\7d7r1esj.slt\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.45:C:\Documents and Settings\Craig\My Documents\BackupCubik\Application Data\Mozilla\Profiles\default\7d7r1esj.slt\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.46:C:\Documents and Settings\Craig\My Documents\BackupCubik\Application Data\Mozilla\Profiles\default\7d7r1esj.slt\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.509:C:\Documents and Settings\Craig\Application Data\Mozilla\Firefox\Profiles\gf7z1hte.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.510:C:\Documents and Settings\Craig\Application Data\Mozilla\Firefox\Profiles\gf7z1hte.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.513:C:\Documents and Settings\Craig\Application Data\Mozilla\Firefox\Profiles\gf7z1hte.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.63:C:\Documents and Settings\Craig\Application Data\Mozilla\Firefox\Profiles\gf7z1hte.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
:mozilla.85:C:\Documents and Settings\Craig\My Documents\BackupCubik\Application Data\Mozilla\Profiles\default\7d7r1esj.slt\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
:mozilla.500:C:\Documents and Settings\Craig\Application Data\Mozilla\Firefox\Profiles\gf7z1hte.default\cookies.txt -> TrackingCookie.Bfast : Cleaned.
:mozilla.517:C:\Documents and Settings\Craig\Application Data\Mozilla\Firefox\Profiles\gf7z1hte.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.124:C:\Documents and Settings\Craig\Application Data\Mozilla\Firefox\Profiles\gf7z1hte.default\cookies.txt -> TrackingCookie.Centrport : Cleaned.
:mozilla.87:C:\Documents and Settings\Craig\My Documents\BackupCubik\Application Data\Mozilla\Profiles\default\7d7r1esj.slt\cookies.txt -> TrackingCookie.Centrport : Cleaned.
:mozilla.501:C:\Documents and Settings\Craig\Application Data\Mozilla\Firefox\Profiles\gf7z1hte.default\cookies.txt -> TrackingCookie.Com : Cleaned.
:mozilla.58:C:\Documents and Settings\Craig\My Documents\BackupCubik\Application Data\Mozilla\Profiles\default\7d7r1esj.slt\cookies.txt -> TrackingCookie.Com : Cleaned.
:mozilla.59:C:\Documents and Settings\Craig\My Documents\BackupCubik\Application Data\Mozilla\Profiles\default\7d7r1esj.slt\cookies.txt -> TrackingCookie.Com : Cleaned.
:mozilla.70:C:\Documents and Settings\Craig\My Documents\AWhatwasthat\Advertising\Lists\Mozilla\Firefox\Profiles\ckfy5sv5.default\cookies.txt -> TrackingCookie.Cpvfeed : Cleaned.
:mozilla.77:C:\Documents and Settings\Craig\My Documents\AWhatwasthat\Advertising\Lists\Mozilla\Firefox\Profiles\ckfy5sv5.default\cookies.txt -> TrackingCookie.Cpvfeed : Cleaned.
:mozilla.78:C:\Documents and Settings\Craig\My Documents\AWhatwasthat\Advertising\Lists\Mozilla\Firefox\Profiles\ckfy5sv5.default\cookies.txt -> TrackingCookie.Cpvfeed : Cleaned.
:mozilla.79:C:\Documents and Settings\Craig\My Documents\AWhatwasthat\Advertising\Lists\Mozilla\Firefox\Profiles\ckfy5sv5.default\cookies.txt -> TrackingCookie.Cpvfeed : Cleaned.
C:\Documents and Settings\Craig\Cookies\craig@cpvfeed[2].txt -> TrackingCookie.Cpvfeed : Cleaned.
:mozilla.26:C:\Documents and Settings\Craig\My Documents\BackupCubik\Application Data\Mozilla\Profiles\default\7d7r1esj.slt\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.62:C:\Documents and Settings\Craig\Application Data\Mozilla\Firefox\Profiles\gf7z1hte.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.315:C:\Documents and Settings\Craig\Application Data\Mozilla\Firefox\Profiles\gf7z1hte.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.316:C:\Documents and Settings\Craig\Application Data\Mozilla\Firefox\Profiles\gf7z1hte.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.317:C:\Documents and Settings\Craig\Application Data\Mozilla\Firefox\Profiles\gf7z1hte.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.493:C:\Documents and Settings\Craig\Application Data\Mozilla\Firefox\Profiles\gf7z1hte.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.103:C:\Documents and Settings\Craig\My Documents\BackupCubik\Application Data\Mozilla\Profiles\default\7d7r1esj.slt\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.91:C:\Documents and Settings\Craig\Application Data\Mozilla\Firefox\Profiles\gf7z1hte.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.19:C:\Documents and Settings\Craig\My Documents\BackupCubik\Application Data\Mozilla\Profiles\default\7d7r1esj.slt\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.284:C:\Documents and Settings\Craig\Application Data\Mozilla\Firefox\Profiles\gf7z1hte.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.312:C:\Documents and Settings\Craig\Application Data\Mozilla\Firefox\Profiles\gf7z1hte.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.83:C:\Documents and Settings\Craig\Application Data\Mozilla\Firefox\Profiles\gf7z1hte.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.138:C:\Documents and Settings\Craig\My Documents\BackupCubik\Application Data\Mozilla\Profiles\default\7d7r1esj.slt\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.139:C:\Documents and Settings\Craig\My Documents\BackupCubik\Application Data\Mozilla\Profiles\default\7d7r1esj.slt\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.140:C:\Documents and Settings\Craig\My Documents\BackupCubik\Application Data\Mozilla\Profiles\default\7d7r1esj.slt\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.141:C:\Documents and Settings\Craig\My Documents\BackupCubik\Application Data\Mozilla\Profiles\default\7d7r1esj.slt\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.142:C:\Documents and Settings\Craig\My Documents\BackupCubik\Application Data\Mozilla\Profiles\default\7d7r1esj.slt\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.259:C:\Documents and Settings\Craig\Application Data\Mozilla\Firefox\Profiles\gf7z1hte.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.260:C:\Documents and Settings\Craig\Application Data\Mozilla\Firefox\Profiles\gf7z1hte.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.303:C:\Documents and Settings\Craig\Application Data\Mozilla\Firefox\Profiles\gf7z1hte.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.304:C:\Documents and Settings\Craig\Application Data\Mozilla\Firefox\Profiles\gf7z1hte.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.373:C:\Documents and Settings\Craig\Application Data\Mozilla\Firefox\Profiles\gf7z1hte.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.68:C:\Documents and Settings\Craig\My Documents\BackupCubik\Application Data\Mozilla\Profiles\default\7d7r1esj.slt\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.69:C:\Documents and Settings\Craig\My Documents\BackupCubik\Application Data\Mozilla\Profiles\default\7d7r1esj.slt\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.73:C:\Documents and Settings\Craig\My Documents\BackupCubik\Application Data\Mozilla\Profiles\default\7d7r1esj.slt\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.74:C:\Documents and Settings\Craig\My Documents\BackupCubik\Application Data\Mozilla\Profiles\default\7d7r1esj.slt\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.76:C:\Documents and Settings\Craig\My Documents\BackupCubik\Application Data\Mozilla\Profiles\default\7d7r1esj.slt\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.77:C:\Documents and Settings\Craig\My Documents\BackupCubik\Application Data\Mozilla\Profiles\default\7d7r1esj.slt\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.94:C:\Documents and Settings\Craig\My Documents\BackupCubik\Application Data\Mozilla\Profiles\default\7d7r1esj.slt\cookies.txt -> TrackingCookie.Hitslink : Cleaned.
:mozilla.95:C:\Documents and Settings\Craig\My Documents\BackupCubik\Application Data\Mozilla\Profiles\default\7d7r1esj.slt\cookies.txt -> TrackingCookie.Hitslink : Cleaned.
:mozilla.96:C:\Documents and Settings\Craig\My Documents\BackupCubik\Application Data\Mozilla\Profiles\default\7d7r1esj.slt\cookies.txt -> TrackingCookie.Hitslink : Cleaned.
:mozilla.97:C:\Documents and Settings\Craig\My Documents\BackupCubik\Application Data\Mozilla\Profiles\default\7d7r1esj.slt\cookies.txt -> TrackingCookie.Hitslink : Cleaned.
:mozilla.109:C:\Documents and Settings\Craig\Application Data\Mozilla\Firefox\Profiles\gf7z1hte.default\cookies.txt -> TrackingCookie.Hotlog : Cleaned.
:mozilla.361:C:\Documents and Settings\Craig\Application Data\Mozilla\Firefox\Profiles\gf7z1hte.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.362:C:\Documents and Settings\Craig\Application Data\Mozilla\Firefox\Profiles\gf7z1hte.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.363:C:\Documents and Settings\Craig\Application Data\Mozilla\Firefox\Profiles\gf7z1hte.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.225:C:\Documents and Settings\Craig\Application Data\Mozilla\Firefox\Profiles\gf7z1hte.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.130:C:\Documents and Settings\Craig\Application Data\Mozilla\Firefox\Profiles\gf7z1hte.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.186:C:\Documents and Settings\Craig\Application Data\Mozilla\Firefox\Profiles\gf7z1hte.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.187:C:\Documents and Settings\Craig\Application Data\Mozilla\Firefox\Profiles\gf7z1hte.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.54:C:\Documents and Settings\Craig\My Documents\BackupCubik\Application Data\Mozilla\Profiles\default\7d7r1esj.slt\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.125:C:\Documents and Settings\Craig\Application Data\Mozilla\Firefox\Profiles\gf7z1hte.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.126:C:\Documents and Settings\Craig\Application Data\Mozilla\Firefox\Profiles\gf7z1hte.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.126:C:\Documents and Settings\Craig\My Documents\BackupCubik\Application Data\Mozilla\Profiles\default\7d7r1esj.slt\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.162:C:\Documents and Settings\Craig\Application Data\Mozilla\Firefox\Profiles\gf7z1hte.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.163:C:\Documents and Settings\Craig\Application Data\Mozilla\Firefox\Profiles\gf7z1hte.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.164:C:\Documents and Settings\Craig\Application Data\Mozilla\Firefox\Profiles\gf7z1hte.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.165:C:\Documents and Settings\Craig\Application Data\Mozilla\Firefox\Profiles\gf7z1hte.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.166:C:\Documents and Settings\Craig\Application Data\Mozilla\Firefox\Profiles\gf7z1hte.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.167:C:\Documents and Settings\Craig\Application Data\Mozilla\Firefox\Profiles\gf7z1hte.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.168:C:\Documents and Settings\Craig\Application Data\Mozilla\Firefox\Profiles\gf7z1hte.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.169:C:\Documents and Settings\Craig\Application Data\Mozilla\Firefox\Profiles\gf7z1hte.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.170:C:\Documents and Settings\Craig\Application Data\Mozilla\Firefox\Profiles\gf7z1hte.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.171:C:\Documents and Settings\Craig\Application Data\Mozilla\Firefox\Profi

#8 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:07:20 AM

Posted 03 January 2007 - 07:47 AM

Hi,

Can you post a new Hijackthislog please? Because you posted the same one as the previous one: Scan saved at 5:41:52 PM, on 22/12/2006

So rescan with Hijackthis, click save, let it overwrite the previous log and post the new log in your next reply.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#9 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:07:20 AM

Posted 03 January 2007 - 08:00 AM

Hi,

Anyway, make sure you check and fix next entries in Hijackthis:

O2 - BHO: (no name) - {11F0EE13-5947-2942-F631-09BEB2706006} - C:\WINDOWS\system32\wirvufc.dll
O2 - BHO: (no name) - {3FD6B99C-A275-46ea-8FD1-3D63986E51E4} - C:\WINDOWS\system32\wpibjsdk.dll
O2 - BHO: (no name) - {71E58DC9-129C-415D-8EEE-DFEE5C6431B6} - C:\WINDOWS\system32\cbxuu.dll (file missing)
O2 - BHO: (no name) - {755bbd1a-aa59-456c-afeb-b4c42c4dcb6f} - C:\WINDOWS\system32\ixt0.dll (file missing)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {FDE57DB8-EC0C-EAAB-7801-B9891C5A60C6} - C:\WINDOWS\system32\tqmxqe.dll
O20 - Winlogon Notify: winzlo32 - winzlo32.dll (file missing)


Because I have the feeling you forgot that step or didn't do it properly.

Then reboot your computer!! Important!

After reboot, delete next files and folders:

C:\WINDOWS\system32\wpibjsdk.dll
C:\WINDOWS\system32\tvlgscnr.dll
C:\WINDOWS\system32\uudnkmdn.dll
C:\WINDOWS\system32\jiccfvas.dll
C:\Program Files\VSAdd-in <== folder
C:\WINDOWS\system32\haxhjxxq.exe
C:\wvoxqqk.exe
C:\lyrth.exe
C:\wtwtd.exe
C:\nrypyd.exe
C:\gexssrq.exe
C:\fdjb.exe
C:\vkjoe.exe
C:\otxq.exe

C:\Documents and Settings\Craig\My Documents\AWhatwasthat <== do you know this folder/Program? Because it contains a subfolder Advertising. If you don't know it, delete that folder as well.

Open notepad and copy and paste next present in the quotebox below in it:
(don't forget to copy and paste REGEDIT4)

REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{0bad5052-665d-40d4-a9bd-a2891eaafb42}"=-

[-HKEY_CLASSES_ROOT\CLSID\{0bad5052-665d-40d4-a9bd-a2891eaafb42}]

Save this as fix.reg Choose to save as *all files and place it on your desktop.
It should look like this: Posted Image
Doubleclick on it and when it asks you if you want to merge the contents to the registry, click yes/ok.
(In case you are unsure how to create a reg file, take a look here with screenshots.)

I also don't see from your combofix log that you updated your Sun Java as I asked though, so please do this as well.

Then, after performing above, post a new Hijackthislog in your next reply.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#10 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:07:20 AM

Posted 12 January 2007 - 07:12 PM

Due to the lack of feedback, this Topic is closed.
If you need this topic reopened for continuations of existing problems, please request this by sending me a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users