Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

My Hijackthis Log


  • This topic is locked This topic is locked
17 replies to this topic

#1 megadeth_rulez

megadeth_rulez

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:08:54 PM

Posted 01 March 2007 - 12:01 PM

Hi, would someone be able to review my HijackThis log and let me know which items to fix? I'm sure it has something to do with the xxyxyxu.dll file, but I don't know all the related items to fix to get rid of it.

Thank you.

Logfile of HijackThis v1.99.1
Scan saved at 8:47:53 AM, on 3/1/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
C:\Program Files\Common Files\AOL\1135053113\ee\aolsoftware.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\MyLivePromoter\MyLivePromoter.exe
C:\Documents and Settings\Owner\Desktop\HJT.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gatewaybiz.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gatewaybiz.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {0F01FF26-18F5-4613-BFD6-14DE2FBA24C3} - C:\WINDOWS\system32\xxyxyxu.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: (no name) - {B72603C5-2EB5-4DAD-897D-3BF382D8EF8A} - C:\WINDOWS\system32\vtsts.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\Common Files\AOL\Launch\AOLLaunch.exe" /d locale=en-US ee://aol/imApp
O4 - Startup: Privoxy.lnk.disabled
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BigFix.lnk.disabled
O4 - Global Startup: Free WebSite Tools.lnk.disabled
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O15 - Trusted Zone: *.musicmatch.com
O15 - Trusted Zone: *.musicmatch.com (HKLM)
O16 - DPF: {7F8C8173-AD80-4807-AA75-5672F22B4582} -
O16 - DPF: {CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA} (Java Plug-in 1.4.2) -
O20 - Winlogon Notify: vtsts - C:\WINDOWS\system32\vtsts.dll
O20 - Winlogon Notify: xxyxyxu - C:\WINDOWS\SYSTEM32\xxyxyxu.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kerio Personal Firewall 4 (KPF4) - Kerio Technologies - C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
O23 - Service: NTBOOTMGR (NTBOOT) - Unknown owner - C:\WINDOWS\SYSTEM\DRIVER\ntuser.exe (file missing)
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS

BC AdBot (Login to Remove)

 


#2 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:05:54 AM

Posted 01 March 2007 - 12:08 PM

Welcome to BC megadeth_rulez :thumbsup:

Download ATF Cleaner by Atribune:
http://www.atribune.org/ccount/click.php?id=1

Double-click ATF-Cleaner.exe to run the program.
Click 'Select All' found at the bottom of the list.
Click the 'Empty Selected' button.

If you use Firefox browser, do this also:
Click Firefox at the top and choose 'Select All' from the list.
Click the 'Empty Selected' button.
NOTE:
If you would like to keep your saved passwords,please click 'No' at the prompt.

If you use Opera browser,do this also:
Click Opera at the top and choose 'Select All' from the list.
Click the 'Empty Selected' button.
NOTE:
If you would like to keep your saved passwords,please click 'No' at the prompt.

Click 'Exit' on the Main menu to close the program.

**********************************

Please download VundoFix.exe to your desktop.
Double-click VundoFix.exe to run it.
When VundoFix re-opens,click the "Scan for Vundo" button.
Once it's done scanning,click the "Remove Vundo" button.
You will receive a prompt asking if you want to remove the files, click "YES".
Once you click yes, your desktop will go blank as it starts removing Vundo.
When completed,it will prompt that it will reboot your computer,click "OK".
Please post the contents of C:\vundofix.txt into your next reply,along with a new Hijackthis log please.

Note:
It is possible that VundoFix encountered a file it could not remove.
In this case,VundoFix will run on reboot,simply follow the above instructions starting from "Click the Scan for Vundo button." when VundoFix appears at reboot.
Posted Image
Posted Image

#3 megadeth_rulez

megadeth_rulez
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:08:54 PM

Posted 01 March 2007 - 11:32 PM

Thank you for helping me. Here are my logs.

-----------------------

VundoFix V6.3.9

Checking Java version...

Scan started at 10:04:31 AM 3/1/2007

Listing files found while scanning....

C:\WINDOWS\system32\kpyxjuka.dll
C:\WINDOWS\system32\nqsullgq.dll
C:\WINDOWS\system32\qgllusqn.ini
C:\WINDOWS\system32\vtsts.dll

Beginning removal...

Attempting to delete C:\WINDOWS\system32\kpyxjuka.dll
C:\WINDOWS\system32\kpyxjuka.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\nqsullgq.dll
C:\WINDOWS\system32\nqsullgq.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\qgllusqn.ini
C:\WINDOWS\system32\qgllusqn.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\vtsts.dll
C:\WINDOWS\system32\vtsts.dll Has been deleted!

Performing Repairs to the registry.
Done!

VundoFix V6.3.9

Checking Java version...

Scan started at 8:17:21 PM 3/1/2007

Listing files found while scanning....

C:\WINDOWS\system32\awvvu.dll
C:\WINDOWS\system32\baxufavd.dll
C:\WINDOWS\system32\cauboopm.dll
C:\WINDOWS\system32\mpoobuac.ini
C:\WINDOWS\system32\uvvwa.bak1
C:\WINDOWS\system32\uvvwa.ini
C:\WINDOWS\system32\xjihqrtx.dll

Beginning removal...

Attempting to delete C:\WINDOWS\system32\awvvu.dll
C:\WINDOWS\system32\awvvu.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\baxufavd.dll
C:\WINDOWS\system32\baxufavd.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\cauboopm.dll
C:\WINDOWS\system32\cauboopm.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\mpoobuac.ini
C:\WINDOWS\system32\mpoobuac.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\uvvwa.bak1
C:\WINDOWS\system32\uvvwa.bak1 Has been deleted!

Attempting to delete C:\WINDOWS\system32\uvvwa.ini
C:\WINDOWS\system32\uvvwa.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\xjihqrtx.dll
C:\WINDOWS\system32\xjihqrtx.dll Has been deleted!

Performing Repairs to the registry.
Done!


-----------------------
Logfile of HijackThis v1.99.1
Scan saved at 8:28:20 PM, on 3/1/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
C:\Program Files\Common Files\AOL\1135053113\ee\aolsoftware.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Owner\Desktop\HJT.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gatewaybiz.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gatewaybiz.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {08CFB5E5-B43A-4F6C-A296-04AE32F35053} - C:\WINDOWS\system32\awvvu.dll (file missing)
O2 - BHO: (no name) - {0F01FF26-18F5-4613-BFD6-14DE2FBA24C3} - C:\WINDOWS\system32\xxyxyxu.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: (no name) - {B72603C5-2EB5-4DAD-897D-3BF382D8EF8A} - C:\WINDOWS\system32\vtsts.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\Common Files\AOL\Launch\AOLLaunch.exe" /d locale=en-US ee://aol/imApp
O4 - Startup: Privoxy.lnk.disabled
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BigFix.lnk.disabled
O4 - Global Startup: Free WebSite Tools.lnk.disabled
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O15 - Trusted Zone: *.musicmatch.com
O15 - Trusted Zone: *.musicmatch.com (HKLM)
O16 - DPF: {7F8C8173-AD80-4807-AA75-5672F22B4582} -
O16 - DPF: {CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA} (Java Plug-in 1.4.2) -
O20 - Winlogon Notify: xxyxyxu - C:\WINDOWS\SYSTEM32\xxyxyxu.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kerio Personal Firewall 4 (KPF4) - Kerio Technologies - C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
O23 - Service: NTBOOTMGR (NTBOOT) - Unknown owner - C:\WINDOWS\SYSTEM\DRIVER\ntuser.exe (file missing)
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS

#4 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:05:54 AM

Posted 02 March 2007 - 05:06 AM

Download Avenger from the link below:
http://swandog46.geekstogo.com/avenger.zip
Unzip/extract it to your desktop.

Start up Avenger.
Check the 'Input script manually' option.
Click the Magnifying Glass icon.
In the box that opens,copy and paste ALL the following bold blue text:

Files to delete:
C:\WINDOWS\system32\xxyxyxu.dll


Then click on 'Done'.
Click the Traffic Light icon to start the program.
Then press OK at the prompts to reboot your PC.

Post the Avenger output.txt, which you can find at C:\Avenger\.txt when you've done.
Also post a new Hijackthis log please.
Posted Image
Posted Image

#5 megadeth_rulez

megadeth_rulez
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:08:54 PM

Posted 02 March 2007 - 11:24 AM

I ran the Avenger program twice because I normally have Spybot Search & Destroy running and I think when these files are deleted it creates a new one and tries to make a registry change and I deny them.

But I think that might have actually been keeping things from working so I tried it again with Spybot off. The file was successfully deleted the first time. Here is the second log.

//////////////////////////////////////////
Avenger Pre-Processor log
//////////////////////////////////////////

Error: could not create zip file.
Error code: 1813


//////////////////////////////////////////


Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\ghfhnqxa

*******************

Script file located at: \??\C:\Program Files\vvjlpvxd.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:



File C:\WINDOWS\system32\xxyxyxu.dll not found!
Deletion of file C:\WINDOWS\system32\xxyxyxu.dll failed!

Could not process line:
C:\WINDOWS\system32\xxyxyxu.dll
Status: 0xc0000034


Completed script processing.

*******************

Finished! Terminate.

-------------------------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 8:17:48 AM, on 3/2/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Common Files\AOL\1135053113\ee\aolsoftware.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Owner\Desktop\HJT.exe
C:\WINDOWS\system32\wuauclt.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gatewaybiz.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gatewaybiz.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {08CFB5E5-B43A-4F6C-A296-04AE32F35053} - C:\WINDOWS\system32\awvvu.dll (file missing)
O2 - BHO: (no name) - {0F01FF26-18F5-4613-BFD6-14DE2FBA24C3} - C:\WINDOWS\system32\xxyxyxu.dll (file missing)
O2 - BHO: (no name) - {3D835BB5-C7AD-4F47-9C3D-41CBA61185BC} - C:\WINDOWS\system32\gebcb.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: (no name) - {B72603C5-2EB5-4DAD-897D-3BF382D8EF8A} - C:\WINDOWS\system32\vtsts.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\Common Files\AOL\Launch\AOLLaunch.exe" /d locale=en-US ee://aol/imApp
O4 - Startup: Privoxy.lnk.disabled
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BigFix.lnk.disabled
O4 - Global Startup: Free WebSite Tools.lnk.disabled
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O15 - Trusted Zone: *.musicmatch.com
O15 - Trusted Zone: *.musicmatch.com (HKLM)
O16 - DPF: {7F8C8173-AD80-4807-AA75-5672F22B4582} -
O16 - DPF: {CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA} (Java Plug-in 1.4.2) -
O20 - Winlogon Notify: gebcb - C:\WINDOWS\
O20 - Winlogon Notify: xxyxyxu - xxyxyxu.dll (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kerio Personal Firewall 4 (KPF4) - Kerio Technologies - C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
O23 - Service: NTBOOTMGR (NTBOOT) - Unknown owner - C:\WINDOWS\SYSTEM\DRIVER\ntuser.exe (file missing)
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS

#6 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:05:54 AM

Posted 02 March 2007 - 12:01 PM

Click on Start>Run and type Services.msc then hit Ok.
Scroll down and find the service called:
NTBOOTMGR (NTBOOT)
When you find it, double-click on it.
In the next window that opens, click the 'Stop' button.
Then change the 'Startup Type:' to 'Disabled'.
Now press Apply and then Ok and close any open windows.

****************************

Download/install AVG Anti-Spyware 7.5.

Please follow these instructions carefully.

Launch/start up AVG Anti-Spyware.
On the main page click the 'Update' tab,and then 'Start Update'.
Once the updates have been installed,do the following:
Select the 'Scanner' icon at the top of the screen, then select the 'Settings' tab.
Once in the 'Settings' screen,under 'How to act?',then under 'Set default action for detected malware to:', click on 'Recommended actions',then click on 'Quarantine'.
Under 'Reports' select 'Automatically generate report after every scan' and unselect 'Only if threats were found'.
Exit AVG Anti-Spyware,don't run the scan just yet.

You might want to print/copy the following as you need to be in Safe Mode from here on.

Reboot your computer into SAFE MODE" using the F8 method.
To do this,restart your computer and after hearing your computer beep once during startup (but before the Windows icon appears) press the F8 key repeatedly.
A menu will appear with several options.
Use the arrow keys on your keyboard to navigate and select the option to run Windows in "Safe Mode".

Have Hijack This fix the following [If still present], by placing a check in the appropriate boxes and selecting 'Fix checked'.
Make sure all browser and all Windows Explorer windows are closed before fixing:

O2 - BHO: (no name) - {08CFB5E5-B43A-4F6C-A296-04AE32F35053} - C:\WINDOWS\system32\awvvu.dll (file missing)
O2 - BHO: (no name) - {0F01FF26-18F5-4613-BFD6-14DE2FBA24C3} - C:\WINDOWS\system32\xxyxyxu.dll (file missing)
O2 - BHO: (no name) - {3D835BB5-C7AD-4F47-9C3D-41CBA61185BC} - C:\WINDOWS\system32\gebcb.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - (no file)
O2 - BHO: (no name) - {B72603C5-2EB5-4DAD-897D-3BF382D8EF8A} - C:\WINDOWS\system32\vtsts.dll (file missing)
O16 - DPF: {7F8C8173-AD80-4807-AA75-5672F22B4582} -
O16 - DPF: {CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA} (Java Plug-in 1.4.2) -
O20 - Winlogon Notify: gebcb - C:\WINDOWS\
O20 - Winlogon Notify: xxyxyxu - xxyxyxu.dll (file missing)
O23 - Service: NTBOOTMGR (NTBOOT) - Unknown owner - C:\WINDOWS\SYSTEM\DRIVER\ntuser.exe (file missing)


Still in Safe Mode launch AVG Anti-Spyware.
Click the 'Scanner' icon at the top.
To start the scan click on 'Complete System Scan'.
Please be patient,it takes a while for the scan to finish.

Once the scan is complete,do the following.
If AVG Anti-Spyware detected any infected objects:,click on 'Apply All Actions'.
Next click on 'Save Report'.
Copy and paste that report into your next reply.
The report can be found under the 'Reports' tab at the top.
Close AVG Anti-Spyware when you've done.
Reboot normally.

Post the AVG Anti Spyware report and a new Hijackthis log into your next reply please.
Let me know how your pc is running now.
Posted Image
Posted Image

#7 megadeth_rulez

megadeth_rulez
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:08:54 PM

Posted 03 March 2007 - 10:23 AM

Computer seems to be running fine so far.

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 7:03:02 AM 3/3/2007

+ Scan result:



C:\Program Files\Common Files\Real\WeatherBug\MiniBugTransporter.dll -> Adware.Minibug : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Desktop\backups\backup-20070301-000040-605.dll -> Adware.Virtumonde : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP429\A0088352.dll -> Adware.Virtumonde : Cleaned with backup (quarantined).
C:\avenger\backup.zip/avenger/xxyxyxu.dll -> Adware.Virtumonde : Cleaned with backup (quarantined).
:mozilla.121:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\95vybgxl.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.184:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\95vybgxl.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.265:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\95vybgxl.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.327:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\95vybgxl.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.363:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\95vybgxl.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.393:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\95vybgxl.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.408:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\95vybgxl.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.427:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\95vybgxl.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.463:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\95vybgxl.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.482:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\95vybgxl.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.584:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\95vybgxl.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.585:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\95vybgxl.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.595:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\95vybgxl.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.642:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\95vybgxl.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.645:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\95vybgxl.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.646:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\95vybgxl.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.647:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\95vybgxl.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.648:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\95vybgxl.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.649:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\95vybgxl.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.650:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\95vybgxl.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.651:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\95vybgxl.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.652:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\95vybgxl.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.653:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\95vybgxl.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.654:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\95vybgxl.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.655:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\95vybgxl.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.656:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\95vybgxl.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.657:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\95vybgxl.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.658:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\95vybgxl.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.659:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\95vybgxl.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.660:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\95vybgxl.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.661:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\95vybgxl.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.692:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\95vybgxl.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.709:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\95vybgxl.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.718:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\95vybgxl.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.850:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\95vybgxl.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.225:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\95vybgxl.slt\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.232:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\95vybgxl.slt\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.234:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\95vybgxl.slt\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.235:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\95vybgxl.slt\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.291:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\95vybgxl.slt\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.292:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\95vybgxl.slt\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.293:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\95vybgxl.slt\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.294:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\95vybgxl.slt\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.669:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\95vybgxl.slt\cookies.txt -> TrackingCookie.Adtech : Cleaned.
:mozilla.670:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\95vybgxl.slt\cookies.txt -> TrackingCookie.Adtech : Cleaned.
:mozilla.67:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\95vybgxl.slt\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.68:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\95vybgxl.slt\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.69:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\95vybgxl.slt\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.70:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\95vybgxl.slt\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.71:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\95vybgxl.slt\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.25:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\95vybgxl.slt\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
:mozilla.456:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\95vybgxl.slt\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.457:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\95vybgxl.slt\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.458:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\95vybgxl.slt\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.266:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\95vybgxl.slt\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.267:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\95vybgxl.slt\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.268:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\95vybgxl.slt\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.269:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\95vybgxl.slt\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.270:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\95vybgxl.slt\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.358:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\95vybgxl.slt\cookies.txt -> TrackingCookie.Co : Cleaned.
:mozilla.636:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\95vybgxl.slt\cookies.txt -> TrackingCookie.Com : Cleaned.
:mozilla.765:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\95vybgxl.slt\cookies.txt -> TrackingCookie.Dealtime : Cleaned.
:mozilla.766:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\95vybgxl.slt\cookies.txt -> TrackingCookie.Dealtime : Cleaned.
:mozilla.767:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\95vybgxl.slt\cookies.txt -> TrackingCookie.Dealtime : Cleaned.
:mozilla.768:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\95vybgxl.slt\cookies.txt -> TrackingCookie.Dealtime : Cleaned.
:mozilla.769:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\95vybgxl.slt\cookies.txt -> TrackingCookie.Dealtime : Cleaned.
:mozilla.98:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\95vybgxl.slt\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.301:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\95vybgxl.slt\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.302:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\95vybgxl.slt\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.303:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\95vybgxl.slt\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.304:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\95vybgxl.slt\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.194:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\95vybgxl.slt\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.195:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\95vybgxl.slt\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.196:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\95vybgxl.slt\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.197:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\95vybgxl.slt\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.198:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\95vybgxl.slt\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.564:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\95vybgxl.slt\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.565:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\95vybgxl.slt\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.566:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\95vybgxl.slt\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.567:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\95vybgxl.slt\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.26:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\95vybgxl.slt\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.27:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\95vybgxl.slt\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.28:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\95vybgxl.slt\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.29:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\95vybgxl.slt\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.30:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\95vybgxl.slt\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.31:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\95vybgxl.slt\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.33:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\95vybgxl.slt\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.15:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\95vybgxl.slt\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.16:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\95vybgxl.slt\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.17:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\95vybgxl.slt\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.18:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\95vybgxl.slt\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.19:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\95vybgxl.slt\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.414:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\95vybgxl.slt\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.622:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\95vybgxl.slt\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.635:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\95vybgxl.slt\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.9:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\95vybgxl.slt\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.491:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\95vybgxl.slt\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.492:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\95vybgxl.slt\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.113:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\95vybgxl.slt\cookies.txt -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.114:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\95vybgxl.slt\cookies.txt -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.459:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\95vybgxl.slt\cookies.txt -> TrackingCookie.Myaffiliateprogram : Cleaned.
:mozilla.517:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\95vybgxl.slt\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.632:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\95vybgxl.slt\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.606:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\95vybgxl.slt\cookies.txt -> TrackingCookie.Paycounter : Cleaned.
:mozilla.342:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\95vybgxl.slt\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.343:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\95vybgxl.slt\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.344:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\95vybgxl.slt\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.345:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\95vybgxl.slt\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.346:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\95vybgxl.slt\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.122:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\95vybgxl.slt\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.123:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\95vybgxl.slt\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.124:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\95vybgxl.slt\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.108:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\95vybgxl.slt\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.109:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\95vybgxl.slt\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.111:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\95vybgxl.slt\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.112:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\95vybgxl.slt\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.100:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\95vybgxl.slt\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.101:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\95vybgxl.slt\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.102:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\95vybgxl.slt\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.99:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\95vybgxl.slt\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.780:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\95vybgxl.slt\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.781:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\95vybgxl.slt\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.782:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\95vybgxl.slt\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.281:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\95vybgxl.slt\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.282:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\95vybgxl.slt\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.283:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\95vybgxl.slt\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.284:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\95vybgxl.slt\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.285:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\95vybgxl.slt\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.286:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\95vybgxl.slt\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.434:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\95vybgxl.slt\cookies.txt -> TrackingCookie.Smartadserver : Cleaned.
:mozilla.435:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\95vybgxl.slt\cookies.txt -> TrackingCookie.Smartadserver : Cleaned.
:mozilla.436:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\95vybgxl.slt\cookies.txt -> TrackingCookie.Smartadserver : Cleaned.
:mozilla.314:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\95vybgxl.slt\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.315:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\95vybgxl.slt\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.316:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\95vybgxl.slt\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.317:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\95vybgxl.slt\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.318:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\95vybgxl.slt\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.319:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\95vybgxl.slt\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.320:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\95vybgxl.slt\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.243:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\95vybgxl.slt\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.244:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\95vybgxl.slt\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.245:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\95vybgxl.slt\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.246:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\95vybgxl.slt\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.347:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\95vybgxl.slt\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.597:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\95vybgxl.slt\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned.
:mozilla.90:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\95vybgxl.slt\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.91:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\95vybgxl.slt\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.92:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\95vybgxl.slt\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.93:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\95vybgxl.slt\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.94:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\95vybgxl.slt\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.95:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\95vybgxl.slt\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.96:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\95vybgxl.slt\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.97:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\95vybgxl.slt\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.32:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\95vybgxl.slt\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.389:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\95vybgxl.slt\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.47:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\95vybgxl.slt\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.48:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\95vybgxl.slt\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.49:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\95vybgxl.slt\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.50:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\95vybgxl.slt\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.51:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\95vybgxl.slt\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.52:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\95vybgxl.slt\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.125:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\95vybgxl.slt\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.126:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\95vybgxl.slt\cookies.txt -> TrackingCookie.Zedo : Cleaned.


::Report end

------------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 7:17:53 AM, on 3/3/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Common Files\AOL\1135053113\ee\aolsoftware.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\mozilla.org\Mozilla\mozilla.exe
C:\Documents and Settings\Owner\Desktop\HJT.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gatewaybiz.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gatewaybiz.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {08CFB5E5-B43A-4F6C-A296-04AE32F35053} - (no file)
O2 - BHO: (no name) - {0F01FF26-18F5-4613-BFD6-14DE2FBA24C3} - (no file)
O2 - BHO: (no name) - {3D835BB5-C7AD-4F47-9C3D-41CBA61185BC} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: (no name) - {B72603C5-2EB5-4DAD-897D-3BF382D8EF8A} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\Common Files\AOL\Launch\AOLLaunch.exe" /d locale=en-US ee://aol/imApp
O4 - Startup: Privoxy.lnk.disabled
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BigFix.lnk.disabled
O4 - Global Startup: Free WebSite Tools.lnk.disabled
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O15 - Trusted Zone: *.musicmatch.com
O15 - Trusted Zone: *.musicmatch.com (HKLM)
O16 - DPF: {7F8C8173-AD80-4807-AA75-5672F22B4582} -
O16 - DPF: {CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA} (Java Plug-in 1.4.2) -
O20 - Winlogon Notify: gebcb - C:\WINDOWS\
O20 - Winlogon Notify: xxyxyxu - C:\WINDOWS\
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kerio Personal Firewall 4 (KPF4) - Kerio Technologies - C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS

#8 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:05:54 AM

Posted 03 March 2007 - 11:02 AM

Please disable Spybot S&Dís protection,or it will interfere.
You can enable it after you're clean.
Open Spybot and click on 'Mode' and check 'Advanced Mode'.
Click on 'Tools' in bottom left hand corner.
Click on the 'System Startup' icon.
Uncheck 'Teatimer' box and/or uncheck 'Resident'.
Click the 'Allow Change' box.
Then, check next to the computer clock to see if the icon for Spybot is still there.
If it is, right click it and choose 'exit Spybot-S&D Resident'.
Reboot the computer.

Also disable AVG Anti-Spyware Guard from running in the notification area [next to the clock].

******************************

Have Hijack This fix the following by placing a check in the appropriate boxes and selecting 'Fix checked'.
Make sure all browser and all Windows Explorer windows are closed before fixing:
O2 - BHO: (no name) - {08CFB5E5-B43A-4F6C-A296-04AE32F35053} - (no file)
O2 - BHO: (no name) - {0F01FF26-18F5-4613-BFD6-14DE2FBA24C3} - (no file)
O2 - BHO: (no name) - {3D835BB5-C7AD-4F47-9C3D-41CBA61185BC} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - (no file)
O2 - BHO: (no name) - {B72603C5-2EB5-4DAD-897D-3BF382D8EF8A} - (no file)
O16 - DPF: {7F8C8173-AD80-4807-AA75-5672F22B4582} -
O16 - DPF: {CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA} (Java Plug-in 1.4.2) -
O20 - Winlogon Notify: gebcb - C:\WINDOWS\
O20 - Winlogon Notify: xxyxyxu - C:\WINDOWS\

Exit Hijackthis.

******************************

Double-click VundoFix.exe again to run it.
When VundoFix re-opens,click the "Scan for Vundo" button.
Once it's done scanning,click the "Remove Vundo" button.
You will receive a prompt asking if you want to remove the files, click "YES".
Once you click yes, your desktop will go blank as it starts removing Vundo.
When completed,it will prompt that it will reboot your computer,click "OK".
Please post the contents of C:\vundofix.txt into your next reply,along with a new Hijackthis log please.

Note:
It is possible that VundoFix encountered a file it could not remove.
In this case,VundoFix will run on reboot,simply follow the above instructions starting from "Click the Scan for Vundo button." when VundoFix appears at reboot.

Post the C:\vundofix.txt,and a new Hijackthis log into your next reply.
Let me know how your pc is running now please.
Posted Image
Posted Image

#9 megadeth_rulez

megadeth_rulez
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:08:54 PM

Posted 03 March 2007 - 11:52 AM

Wow, I think that might have done it.

-------------------------------

VundoFix V6.3.9

Checking Java version...

Scan started at 8:03:50 AM 3/2/2007

Listing files found while scanning....

C:\WINDOWS\system32\bcbeg.bak1
C:\WINDOWS\system32\bcbeg.ini
C:\WINDOWS\system32\bduiaevi.dll
C:\WINDOWS\system32\bpdfasef.dll
C:\WINDOWS\system32\gebcb.dll

Beginning removal...

Attempting to delete C:\WINDOWS\system32\bcbeg.bak1
C:\WINDOWS\system32\bcbeg.bak1 Has been deleted!

Attempting to delete C:\WINDOWS\system32\bcbeg.ini
C:\WINDOWS\system32\bcbeg.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\bduiaevi.dll
C:\WINDOWS\system32\bduiaevi.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\gebcb.dll
C:\WINDOWS\system32\gebcb.dll Has been deleted!

Performing Repairs to the registry.
Done!

VundoFix V6.3.9

Checking Java version...

Scan started at 8:36:11 AM 3/3/2007

Listing files found while scanning....

C:\WINDOWS\system32\bpdfasef.dll

Beginning removal...

Performing Repairs to the registry.
Done!


---------------------------------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 8:47:27 AM, on 3/3/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Common Files\AOL\1135053113\ee\aolsoftware.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Owner\Desktop\HJT.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gatewaybiz.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gatewaybiz.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\Common Files\AOL\Launch\AOLLaunch.exe" /d locale=en-US ee://aol/imApp
O4 - Startup: Privoxy.lnk.disabled
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BigFix.lnk.disabled
O4 - Global Startup: Free WebSite Tools.lnk.disabled
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll (file missing)
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O15 - Trusted Zone: *.musicmatch.com
O15 - Trusted Zone: *.musicmatch.com (HKLM)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kerio Personal Firewall 4 (KPF4) - Kerio Technologies - C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS

#10 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:05:54 AM

Posted 03 March 2007 - 12:15 PM

Have Hijack This fix the following by placing a check in the appropriate boxes and selecting 'Fix checked'.
Make sure all browser and all Windows Explorer windows are closed before fixing:
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll (file missing)
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll (file missing)
Exit Hijackthis.

*******************************

Your log is clean :thumbsup:
If all's ok,please do the following:

Re-enable Spybots Resident TeaTimer.

Clear your 'System Restore' points by doing the following:
Right-click on 'My Computer' and select 'Properties'.
Select 'System Restore'.
Select 'Turn Off System Restore On All Drives'.
Select 'Apply'.
You will then get the following warning:
"You have chosen to turn off System Restore.
If you continue,all existing restore points will be deleted,and you will not be able to track or undo changes to your computer.
Do you want to turn off System Restore?".
Then select 'Yes',your 'System Restore' directories will be purged.

Turn 'System Restore' back on:
Right click on 'My Computer' and select 'Properties'.
Select 'System Restore'.
Unselect 'Turn Off System Restore On All Drives'.
Select 'Apply',then click 'Ok'.

Create a new 'System Restore' point:
Click on Start/All Programs/Accessories/System Tools/System Restore.
In the 'System Restore' window,click 'Create a Restore Point' button,then click 'Next'.
In the window that appears,enter a description,then click on 'Create',then click 'Close'.
The date and time is created automatically.

You should now go to Windows Update and install any available critical/high priority updates.

Read through the info found here,to help you prevent any possible future infections.
How did I get infected?
http://www.bleepingcomputer.com/forums/t/2520/how-did-i-get-infected/

Please Note:
Your version of Sun Java is out of date.
Older versions have vulnerabilities that malware can use to infect your system.
Please follow these steps to remove older versions of Sun Java,and then update.
1. Download the latest version of Java Runtime Environment (JRE)
2. Scroll down to where it says 'Java Runtime Environment (JRE) 6.0'.
3. Click the "Download" button to the right.
4. Check the box that says: "Accept License Agreement".
5. The page will refresh.
6. Click on the link to download 'Windows Offline Installation, Multi-language' and save to your desktop.
7. Close any programs you may have running - especially your web browser.
8. Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
9. Check any item with Java Runtime Environment (JRE or J2SE) in the name.
10. Click the Change/Remove button.
11. Repeat as many times as necessary to remove each Java versions.
12. Reboot your computer once all Java components are removed.
13. Then from your desktop double-click on jre-6-windows-i586.exe to install the newest version.
Posted Image
Posted Image

#11 megadeth_rulez

megadeth_rulez
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:08:54 PM

Posted 03 March 2007 - 01:17 PM

After I completed all of those things I scanned with Hijackthis and they seem to be back :-(

Logfile of HijackThis v1.99.1
Scan saved at 10:10:06 AM, on 3/3/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\msiexec.exe
C:\Documents and Settings\Owner\Desktop\HJT.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gatewaybiz.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gatewaybiz.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {08CFB5E5-B43A-4F6C-A296-04AE32F35053} - (no file)
O2 - BHO: (no name) - {0F01FF26-18F5-4613-BFD6-14DE2FBA24C3} - (no file)
O2 - BHO: (no name) - {3D835BB5-C7AD-4F47-9C3D-41CBA61185BC} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: (no name) - {B72603C5-2EB5-4DAD-897D-3BF382D8EF8A} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: Privoxy.lnk.disabled
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BigFix.lnk.disabled
O4 - Global Startup: Free WebSite Tools.lnk.disabled
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O15 - Trusted Zone: *.musicmatch.com
O15 - Trusted Zone: *.musicmatch.com (HKLM)
O16 - DPF: {7F8C8173-AD80-4807-AA75-5672F22B4582} -
O16 - DPF: {CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA} -
O16 - DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} (Java Plug-in 1.5.0_10) -
O16 - DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} -
O20 - Winlogon Notify: gebcb - C:\WINDOWS\
O20 - Winlogon Notify: xxyxyxu - C:\WINDOWS\
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kerio Personal Firewall 4 (KPF4) - Kerio Technologies - C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS

#12 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:05:54 AM

Posted 03 March 2007 - 01:33 PM

Ok,please go to Control Panel/Add or Remove Programs and remove Spybot Search & Destroy,then reboot your pc.
You can download\re-install when we're done.

*******************************

Have Hijack This fix the following by placing a check in the appropriate boxes and selecting 'Fix checked'.
Make sure all browser and all Windows Explorer windows are closed before fixing:
O2 - BHO: (no name) - {08CFB5E5-B43A-4F6C-A296-04AE32F35053} - (no file)
O2 - BHO: (no name) - {0F01FF26-18F5-4613-BFD6-14DE2FBA24C3} - (no file)
O2 - BHO: (no name) - {3D835BB5-C7AD-4F47-9C3D-41CBA61185BC} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - (no file)
O2 - BHO: (no name) - {B72603C5-2EB5-4DAD-897D-3BF382D8EF8A} - (no file)
O16 - DPF: {7F8C8173-AD80-4807-AA75-5672F22B4582} -
O16 - DPF: {CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA} -
O16 - DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} (Java Plug-in 1.5.0_10) -
O16 - DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} -
O20 - Winlogon Notify: gebcb - C:\WINDOWS\
O20 - Winlogon Notify: xxyxyxu - C:\WINDOWS\

Exit Hijackthis.

*******************************

Double-click VundoFix.exe again to run it.
When VundoFix re-opens,click the "Scan for Vundo" button.
Once it's done scanning,click the "Remove Vundo" button.
You will receive a prompt asking if you want to remove the files, click "YES".
Once you click yes, your desktop will go blank as it starts removing Vundo.
When completed,it will prompt that it will reboot your computer,click "OK".
Please post the contents of C:\vundofix.txt into your next reply,along with a new Hijackthis log please.

Note:
It is possible that VundoFix encountered a file it could not remove.
In this case,VundoFix will run on reboot,simply follow the above instructions starting from "Click the Scan for Vundo button." when VundoFix appears at reboot.

Post the C:\vundofix.txt and a new Hijackthis log into your next reply.
Posted Image
Posted Image

#13 megadeth_rulez

megadeth_rulez
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:08:54 PM

Posted 03 March 2007 - 02:03 PM

VundoFix V6.3.9

Checking Java version...

Scan started at 10:52:02 AM 3/3/2007

Listing files found while scanning....

C:\WINDOWS\system32\bpdfasef.dll

Beginning removal...

Performing Repairs to the registry.
Done!

-----------------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 11:01:10 AM, on 3/3/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Java\jre1.6.0\bin\jusched.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\mozilla.org\Mozilla\mozilla.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Owner\Desktop\HJT.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gatewaybiz.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gatewaybiz.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"
O4 - Startup: Privoxy.lnk.disabled
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BigFix.lnk.disabled
O4 - Global Startup: Free WebSite Tools.lnk.disabled
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O15 - Trusted Zone: *.musicmatch.com
O15 - Trusted Zone: *.musicmatch.com (HKLM)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kerio Personal Firewall 4 (KPF4) - Kerio Technologies - C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS

#14 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:05:54 AM

Posted 03 March 2007 - 02:28 PM

Download KillBox,unzip/extract it to your desktop.
http://download.bleepingcomputer.com/spyware/KillBox.zip
Start up Killbox and place a check in 'Delete on Reboot'.
In the 'Full path of file to delete' box,copy and paste:

C:\WINDOWS\system32\bpdfasef.dll

Then press the red button with the white cross.
It will then provide a window for your to confirm the delete.
Next it will ask if you now wish to reboot,select YES.
Allow it to reboot.
If it does'nt reboot automatically,reboot manually.

****************************

Download\install Spybot - Search and Destroy:
http://www.snapfiles.com/get/spybot.html

****************************

Reboot once you've done,post a new Hijackthis log into your next reply please.
Let me know how your pc is running now.
Posted Image
Posted Image

#15 megadeth_rulez

megadeth_rulez
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:08:54 PM

Posted 03 March 2007 - 02:47 PM

PC is running with no obvious problems.

Logfile of HijackThis v1.99.1
Scan saved at 11:44:58 AM, on 3/3/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Java\jre1.6.0\bin\jusched.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Owner\Desktop\HJT.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gatewaybiz.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gatewaybiz.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: Privoxy.lnk.disabled
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BigFix.lnk.disabled
O4 - Global Startup: Free WebSite Tools.lnk.disabled
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O15 - Trusted Zone: *.musicmatch.com
O15 - Trusted Zone: *.musicmatch.com (HKLM)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kerio Personal Firewall 4 (KPF4) - Kerio Technologies - C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users