1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Trojan.Vundo - need help removing it!

Discussion in 'Virus & Other Malware Removal' started by holcar, Feb 13, 2007.

Thread Status:
Not open for further replies.
Advertisement
  1. holcar

    holcar Thread Starter

    Joined:
    Feb 13, 2007
    Messages:
    28
    Well it seems I got a pack of viruses when I opened up a dodgy .exe file. Problem was at the time of running it I had NO anti-virus installed so the viruses seemed to have thoroughly spread themselves.

    I am running Windows XP SP2, I used Kaspersky initially (came free with my motherboard). Managed to clear some stuff up with that. Then ran adaware and it cleaned up some of the nasties. Found an old NAV 2002 disc and updated definitions and then done a full scan, I will post the log further down along with HJT log. There were 2 viruses it couldn't handle, Trojan.vundo however keeps being detected by Auto-Protect and it can't deal with it. I ran Symantecs removal tool, followed all the instructions but the virus couldn't be found on the system.

    Heres the NAV log:

    Date: 2/13/2007, Time: 13:49:52, Michael on MICHAEL-ZHAJBP0
    The file
    C:\WINDOWS\system32\nosrnfql.dll
    is infected with the Trojan.Vundo virus.
    Access to the file was denied.


    Date: 2/13/2007, Time: 13:50:06, Michael on MICHAEL-ZHAJBP0
    The file
    C:\WINDOWS\system32\nosrnfql.dll
    is infected with the Trojan.Vundo virus.
    Unable to repair this file.


    Date: 2/13/2007, Time: 13:50:06, Michael on MICHAEL-ZHAJBP0
    The file
    C:\WINDOWS\system32\nosrnfql.dll
    is infected with the Trojan.Vundo virus.
    Access to the file was denied.


    Date: 2/13/2007, Time: 13:54:26, Michael on MICHAEL-ZHAJBP0
    The file
    C:\DOCUME~1\Michael\LOCALS~1\Temp\vojfeqye.exe
    is infected with the Trojan.Vundo virus.
    Unable to repair this file.


    Date: 2/13/2007, Time: 13:54:26, Michael on MICHAEL-ZHAJBP0
    The file
    C:\DOCUME~1\Michael\LOCALS~1\Temp\vojfeqye.exe
    is infected with the Trojan.Vundo virus.
    Access to the file was denied.


    Date: 2/13/2007, Time: 13:56:20, Michael on MICHAEL-ZHAJBP0
    The file C:\Program Files\VSAdd-in\VSAdd-in.dll is infected with the Trojan.Vundo virus.
    The file was quarantined.



    Date: 2/13/2007, Time: 13:56:20, Michael on MICHAEL-ZHAJBP0
    The file C:\WINDOWS\system32\byhyepio.dll is infected with the Trojan.Adclicker virus.
    The file was quarantined.



    Date: 2/13/2007, Time: 13:56:20, Michael on MICHAEL-ZHAJBP0
    The file C:\WINDOWS\system32\dkhjihwc.dll is infected with the Trojan.Adclicker virus.
    The file was quarantined.



    Date: 2/13/2007, Time: 13:56:20, Michael on MICHAEL-ZHAJBP0
    The file C:\WINDOWS\system32\kothuypm.exe is infected with the Trojan.Vundo virus.
    The file was quarantined.



    Date: 2/13/2007, Time: 13:56:20, Michael on MICHAEL-ZHAJBP0
    The file C:\WINDOWS\system32\kvxogwvs.exe is infected with the Trojan.Vundo virus.
    The file was quarantined.



    Date: 2/13/2007, Time: 13:56:20, Michael on MICHAEL-ZHAJBP0
    The file C:\WINDOWS\system32\nosrnfql.dll is infected with the Trojan.Vundo virus.
    Unable to delete the file.



    Date: 2/13/2007, Time: 13:56:20, Michael on MICHAEL-ZHAJBP0
    The file C:\WINDOWS\system32\opvxfdi.dll is infected with the Trojan.Busky virus.
    The file was quarantined.



    Date: 2/13/2007, Time: 13:56:20, Michael on MICHAEL-ZHAJBP0
    The file C:\WINDOWS\system32\qbpmatli.exe is infected with the Trojan.Vundo virus.
    The file was quarantined.



    Date: 2/13/2007, Time: 13:56:20, Michael on MICHAEL-ZHAJBP0
    The file C:\WINDOWS\system32\vtutq.dll is infected with the Bloodhound.Packed.10 virus.
    Unable to delete the file.


    Here is the error Auto-Protect displays which I copied from the log.


    Date: 2/13/2007, Time: 17:31:38, SYSTEM on MICHAEL-ZHAJBP0
    The file
    C:\WINDOWS\SYSTEM32\NOSRNFQL.DLL
    is infected with the Trojan.Vundo virus.
    Access to the file was denied.


    A similar error appears in the same instance, but looks like this instead:

    C:\WINDOWS\system32\nosrnfql.dll

    Any ideas?

    HJT Result:

    Logfile of HijackThis v1.99.1
    Scan saved at 6:04:02 PM, on 2/13/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.5730.0011)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Program Files\Norton AntiVirus\navapsvc.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
    C:\WINDOWS\System32\JMRaidTool.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\Program Files\Analog Devices\Core\smax4pnp.exe
    C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
    C:\Program Files\ASUS\AASP\1.00.12\aaCenter.exe
    C:\PROGRA~1\NORTON~1\navapw32.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
    C:\Program Files\MSN Messenger\MsnMsgr.Exe
    C:\Program Files\Valve\Steam\Steam.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\NMain.exe
    C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
    C:\Program Files\MSN Messenger\usnsvc.exe
    C:\Documents and Settings\Michael\Desktop\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O4 - HKLM\..\Run: [JMB36X Configure] C:\WINDOWS\System32\JMRaidTool.exe boot
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe"
    O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
    O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
    O4 - HKLM\..\Run: [{985C9F9F-074A-1033-1222-060627060001}] "C:\Program Files\Common Files\{985C9F9F-074A-1033-1222-060627060001}\Update.exe" mc-110-12-0000272
    O4 - HKLM\..\Run: [DllRunning] rundll32.exe "C:\WINDOWS\system32\nosrnfql.dll",setvm
    O4 - HKLM\..\Run: [KAVPersonal50] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe" /minimize
    O4 - HKLM\..\Run: [AsusServiceProvider] C:\Program Files\ASUS\AASP\1.00.12\aaCenter.exe
    O4 - HKLM\..\Run: [AsusStartupHelp] C:\Program Files\ASUS\AASP\1.00.12\AsRunHelp.exe
    O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [Steam] C:\Program Files\Valve\Steam\\Steam.exe -silent
    O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: SWF Capture tool - C:\Program Files\Eltima Software\Flash Decompiler\iebt.html
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra button: Flash Decompiler SWF Capture tool - {86B4FC19-8FA4-4FD3-B243-9AEDB42FA2D5} - C:\Program Files\Eltima Software\Flash Decompiler\iebt.dll (HKCU)
    O9 - Extra 'Tools' menuitem: Flash Decompiler SWF Capture tool menu - {86B4FC19-8FA4-4FD3-B243-9AEDB42FA2D5} - C:\Program Files\Eltima Software\Flash Decompiler\iebt.dll (HKCU)
    O11 - Options group: [INTERNATIONAL] International*
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: COM+ Messages - Unknown owner - C:\WINDOWS\system32\svchosts.exe" -e mc-110-12-0000272 (file missing)
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: kavsvc - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvc.exe
    O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
    O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe



    As for it harming system performance it doesn't appear to do much, until Auto-Protect detects it again and then it seems to grind the system to a halt for a while. Also spawns pop-ups in IE and almost certain it can does it in firefox as well. Seems to have also caused issues with firefox crashing, but not certain.

    So, what do I do to clean my system? More than willing to co-operate with other programs and spend some time fixing it. The system is fairly new and custom built. If I were to re-format would all traces of the virus be removed? I would only be willing to do it as a last resort as I have a lot of other software installed.


    Thanks
     
  2. JSntgRvr

    JSntgRvr Moderator Malware Specialist

    Joined:
    Jul 1, 2003
    Messages:
    18,552
    First Name:
    José
    Hi, holcar :)

    Welcome to TSG.

    Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version of Java components and upgrade the application. Beware it is NOT supported for use in 9x or ME and probably will not install in those systems

    Ugrading Java:
    • Download the latest version of Java Runtime Environment (JRE) 6.
    • Scroll down to where it says "The J2SE Runtime Environment (JRE) allows end-users to run Java applications".
    • Click the "Download" button to the right.
    • Check the box that says: "Accept License Agreement".
    • The page will refresh.
    • Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
    • Close any programs you may have running - especially your web browser.
    • Go to Start > Control Panel, double-click on Add/Remove programs and remove all older versions of Java.
    • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
    • Click the Remove or Change/Remove button.
    • Repeat as many times as necessary to remove each Java version.
    • Reboot your computer once all Java components are removed.
    • Then from your desktop double-click on the download to install the newest version.
    Download SDFix and save it to your Desktop.

    Double click SDFix.exe and it will extract the files to %systemdrive%
    (Drive that contains the Windows Directory, typically C:\SDFix)

    Please then reboot your computer in Safe Mode by doing the following :
    • Restart your computer
    • After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
    • Instead of Windows loading as normal, the Advanced Options Menu should appear;
    • Select the first option, to run Windows in Safe Mode, then press Enter.
    • Choose your usual account.
    • Open the extracted SDFix folder and double click RunThis.bat to start the script.
    • Type Y to begin the cleanup process.
    • It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
    • Press any Key and it will restart the PC.
    • When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
    • Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
      (Report.txt will also be copied to Clipboard ready for posting back on the forum).
    • Finally paste the contents of the Report.txt back on the forum with a new HijackThis log
     
  3. holcar

    holcar Thread Starter

    Joined:
    Feb 13, 2007
    Messages:
    28
    The finnish registry process seens to be taking forever, it disappeared and then windows loaded, then it reappeared and is still going. Been nearly 2 hours now. No programs seem to be able to load and posting this from another computer.

    Any ideas?

    Edit: Ok system crashed while running SDFix. After restart it started back up again and finished the process, here is the log it gave out along with the HJT log.


    SDFix: Version 1.64

    Run by: Michael - Tue 02/13/2007 @ 19:26:55.90

    Microsoft Windows XP [Version 5.1.2600]

    Running From: C:\SDFix

    Safe Mode:
    Checking Services:

    Name:
    COM+ Messages

    Path:
    "C:\WINDOWS\system32\svchosts.exe" -e mc-110-12-0000272

    COM+ Messages Deleted

    Restoring Windows Registry Entries
    Restoring Default Hosts File


    Rebooting...

    Normal Mode:
    Checking Files:

    Below files will be copied to Backups folder then removed:

    C:\DOCUME~1\Michael\LOCALS~1\Temp\nsu2E.tmp\nsProcess.dll - Deleted
    C:\DOCUME~1\Michael\LOCALS~1\Temp\nsvB.tmp\nsProcess.dll - Deleted
    C:\DOCUME~1\Michael\LOCALS~1\Temp\win13.tmp.exe - Deleted
    C:\WINDOWS\system32\unsvchosts.lzma - Deleted
    C:\WINDOWS\Temp\win*.tmp - Deleted



    ADS Check:

    C:\WINDOWS\system32
    No streams found.

    Final Check:


    Authorized Application Key Export:

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:mad:xpsp2res.dll,-22019"
    "C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
    "C:\\Program Files\\EA GAMES\\Battlefield 2\\BF2.exe"="C:\\Program Files\\EA GAMES\\Battlefield 2\\BF2.exe:*:Enabled:Battlefield 2"
    "C:\\Program Files\\EA GAMES\\Command & Conquer Generals Zero Hour\\game.dat"="C:\\Program Files\\EA GAMES\\Command & Conquer Generals Zero Hour\\game.dat:*:Enabled:game"
    "C:\\Program Files\\Sierra\\FEARCombat\\FEARMP.exe"="C:\\Program Files\\Sierra\\FEARCombat\\FEARMP.exe:*:Enabled:FEAR Combat"
    "C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
    "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
    "C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
    "C:\\DOCUME~1\\Michael\\LOCALS~1\\Temp\\win1CA.tmp.exe"="C:\\DOCUME~1\\Michael\\LOCALS~1\\Temp\\win1CA.tmp.exe:*:Enabled:win1CA.tmp"
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:mad:xpsp3res.dll,-20000"


    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:mad:xpsp2res.dll,-22019"
    "C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
    "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
    "C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:mad:xpsp3res.dll,-20000"


    Remaining Files:
    ---------------

    Backups Folder: - C:\SDFix\backups\backups.zip


    Checking For Files with Hidden Attributes :

    C:\WINDOWS\system32\geeba.dll
    C:\WINDOWS\system32\rqrqrpm.dll
    C:\WINDOWS\system32\vtutq.dll
    C:\Program Files\Common Files\Adobe\ESD\DLMCleanup.exe
    C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp
    C:\Documents and Settings\Michael\Local Settings\Temp\~18.tmp
    C:\WINDOWS\system32\abeeg.tmp

    Finished


    -------------------------------------------------------------------------------------------------------------------

    Logfile of HijackThis v1.99.1
    Scan saved at 9:56:51 PM, on 2/13/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.5730.0011)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Program Files\Norton AntiVirus\navapsvc.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Analog Devices\Core\smax4pnp.exe
    C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
    C:\Program Files\ASUS\AASP\1.00.12\aaCenter.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\PROGRA~1\NORTON~1\navapw32.exe
    C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
    C:\Program Files\Java\jre1.6.0\bin\jusched.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\Program Files\MSN Messenger\MsnMsgr.Exe
    C:\Program Files\Valve\Steam\Steam.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\MSN Messenger\usnsvc.exe
    C:\WINDOWS\system32\notepad.exe
    C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
    C:\Documents and Settings\Michael\Desktop\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O4 - HKLM\..\Run: [JMB36X Configure] C:\WINDOWS\System32\JMRaidTool.exe boot
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
    O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
    O4 - HKLM\..\Run: [{985C9F9F-074A-1033-1222-060627060001}] "C:\Program Files\Common Files\{985C9F9F-074A-1033-1222-060627060001}\Update.exe" mc-110-12-0000272
    O4 - HKLM\..\Run: [DllRunning] rundll32.exe "C:\WINDOWS\system32\nosrnfql.dll",setvm
    O4 - HKLM\..\Run: [KAVPersonal50] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe" /minimize
    O4 - HKLM\..\Run: [AsusServiceProvider] C:\Program Files\ASUS\AASP\1.00.12\aaCenter.exe
    O4 - HKLM\..\Run: [AsusStartupHelp] C:\Program Files\ASUS\AASP\1.00.12\AsRunHelp.exe
    O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [Steam] C:\Program Files\Valve\Steam\\Steam.exe -silent
    O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: SWF Capture tool - C:\Program Files\Eltima Software\Flash Decompiler\iebt.html
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra button: Flash Decompiler SWF Capture tool - {86B4FC19-8FA4-4FD3-B243-9AEDB42FA2D5} - C:\Program Files\Eltima Software\Flash Decompiler\iebt.dll (HKCU)
    O9 - Extra 'Tools' menuitem: Flash Decompiler SWF Capture tool menu - {86B4FC19-8FA4-4FD3-B243-9AEDB42FA2D5} - C:\Program Files\Eltima Software\Flash Decompiler\iebt.dll (HKCU)
    O11 - Options group: [INTERNATIONAL] International*
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: kavsvc - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvc.exe
    O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
    O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
     
  4. JSntgRvr

    JSntgRvr Moderator Malware Specialist

    Joined:
    Jul 1, 2003
    Messages:
    18,552
    First Name:
    José
    Hi, holcar :)

    Download ComboFix from Here or Here. to your Desktop.

    Reboot to Safe mode:

    Restart your computer and begin tapping the F8 key on your keyboard just before Windows starts to load. If done right a Windows Advanced Options menu will appear. Select the Safe Mode option and press Enter.

    Perform the following actions in Safe Mode.
    • Double click combofix.exe and follow the prompts.
    • When finished, it shall produce a log for you. Post that log and a HiJackthis log in your next reply
    Note: Do not mouseclick combofix's window while its running. That may cause it to stall
     
  5. holcar

    holcar Thread Starter

    Joined:
    Feb 13, 2007
    Messages:
    28
    Combofix:

    "Michael" - 07-02-13 23:34:08 Service Pack 2
    ComboFix 07-02-11 - Running from: "C:\Documents and Settings\Michael\Desktop"

    (((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


    C:\WINDOWS\system32\unsvchosts.exe
    C:\WINDOWS\system32\wapisvsu.exe
    C:\Program Files\Common Files\{985C9~1
    C:\Program Files\InetGet2
    C:\Program Files\VSAdd-in
    ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ Purity ~ ~ ~ ~ ~ ~ ~ ~~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~
    Folders Quarantined:
    C:\qoobox\purity\Program Files\WNSXS~1


    ((((((((((((((((((((((((((((((( Files Created from 2007-01-13 to 2007-02-13 ))))))))))))))))))))))))))))))))))


    2007-02-13 21:06 787,469 ---hs---- C:\WINDOWS\system32\abeeg.ini2
    2007-02-13 19:19 <DIR> d-------- C:\SDFix
    2007-02-13 19:17 <DIR> d-------- C:\Program Files\Java
    2007-02-13 19:17 <DIR> d-------- C:\Program Files\Common Files\Java
    2007-02-13 13:05 57,696 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS
    2007-02-13 13:05 4,032 --a------ C:\WINDOWS\system32\SYMEVNT1.DLL
    2007-02-13 13:05 36,864 --a------ C:\WINDOWS\system32\S32EVNT1.DLL
    2007-02-13 13:05 <DIR> d-------- C:\Program Files\Symantec
    2007-02-13 13:05 <DIR> d-------- C:\Program Files\Norton AntiVirus
    2007-02-13 13:05 <DIR> d-------- C:\Program Files\Common Files\Symantec Shared
    2007-02-13 13:05 <DIR> d-------- C:\DOCUME~1\Michael\Application Data\Symantec
    2007-02-13 13:05 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\Symantec
    2007-02-13 12:51 6,752 --a------ C:\WINDOWS\system32\PfModNT.sys
    2007-02-13 12:51 <DIR> d-------- C:\Program Files\Creative
    2007-02-13 00:09 5,685 -ra------ C:\WINDOWS\system32\drivers\AsIO.sys
    2007-02-13 00:09 24,576 -ra------ C:\WINDOWS\system32\AsIO.dll
    2007-02-13 00:09 12,096 --a------ C:\WINDOWS\system32\drivers\AsInsHelp64.sys
    2007-02-13 00:09 10,304 --a------ C:\WINDOWS\system32\drivers\AsInsHelp32.sys
    2007-02-12 15:19 3,120 --a------ C:\WINDOWS\system32\2d2ca2ce-704a-428c-8cbe-0736b29190aa.dll
    2007-02-12 15:19 <DIR> d-------- C:\Program Files\AARONS CLIKER
    2007-02-11 21:57 <DIR> d-------- C:\Program Files\Ventrilo
    2007-02-11 21:57 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
    2007-02-11 21:57 <DIR> d-------- C:\DOCUME~1\Michael\Application Data\Ventrilo
    2007-02-11 13:53 793,814 ---hs---- C:\WINDOWS\system32\abeeg.bak2
    2007-02-10 22:56 <DIR> d-------- C:\Program Files\Common Files\Adobe Systems Shared
    2007-02-10 22:56 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\Adobe Systems
    2007-02-10 22:22 <DIR> d--h----- C:\WINDOWS\PIF
    2007-02-10 21:17 <DIR> d-------- C:\WINDOWS\pss
    2007-02-10 19:44 <DIR> d-------- C:\Program Files\Kaspersky Lab
    2007-02-10 19:44 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\Kaspersky Anti-Virus Personal
    2007-02-10 19:26 <DIR> d-------- C:\WINDOWS\WBEM
    2007-02-10 19:26 <DIR> d-------- C:\WINDOWS\system32\en-US
    2007-02-10 19:25 <DIR> d--h-c--- C:\WINDOWS\ie7
    2007-02-10 19:24 121,856 --------- C:\WINDOWS\system32\xmllite.dll
    2007-02-10 19:23 <DIR> d-------- C:\WINDOWS\network diagnostic
    2007-02-10 19:20 <DIR> d-------- C:\27b997e6a2d156413240f7f4f3c81e27
    2007-02-10 14:11 <DIR> d-------- C:\Program Files\Eltima Software
    2007-02-10 14:11 <DIR> d-------- C:\DOCUME~1\Michael\Application Data\Eltima Software
    2007-02-10 13:53 780,619 ---hs---- C:\WINDOWS\system32\abeeg.bak1
    2007-02-10 13:53 277,296 ---hs---- C:\WINDOWS\system32\geeba.dll
    2007-02-10 13:53 118,804 --a------ C:\WINDOWS\system32\nosrnfql.dll
    2007-02-10 13:48 22,726 ---hs---- C:\WINDOWS\system32\rqrqrpm.dll
    2007-02-08 00:34 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
    2007-02-08 00:34 <DIR> d-------- C:\Program Files\Windows Media Connect 2
    2007-02-08 00:33 <DIR> d-------- C:\3031b5de91a97781b9
    2007-02-07 17:01 <DIR> d-------- C:\Program Files\Guild Wars
    2007-02-06 19:22 94,080 -ra------ C:\WINDOWS\system32\drivers\aeaudio.sys
    2007-02-06 19:22 247,296 -ra------ C:\WINDOWS\system32\drivers\ADIHdAud.sys
    2007-02-06 19:22 24,064 -ra------ C:\WINDOWS\system32\PostProc.dll
    2007-02-06 19:22 139,776 -ra------ C:\WINDOWS\system32\drivers\adidts.sys
    2007-02-06 19:21 57,600 --a------ C:\WINDOWS\system32\drivers\usbhub.sys
    2007-02-06 19:21 53,248 --------- C:\WINDOWS\system32\wdmioctl.dll
    2007-02-06 19:21 49,152 --------- C:\WINDOWS\system32\DSndUp.exe
    2007-02-06 19:21 45,056 --------- C:\WINDOWS\system32\CleanUp.exe
    2007-02-06 19:21 1,285,632 --------- C:\WINDOWS\system32\SMMedia.dll
    2007-02-06 19:21 <DIR> d-------- C:\Program Files\Analog Devices
    2007-02-06 19:18 <DIR> d-------- C:\WINDOWS\system32\drivers\system32
    2007-01-19 12:53 51,056 --a------ C:\WINDOWS\system32\sirenacm.dll


    (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


    2007-02-13 23:31 -------- d-------- C:\Program Files\mozilla firefox
    2007-02-13 01:53 96256 --a------ C:\WINDOWS\system32\drivers\sptd7549.sys
    2007-02-13 00:09 -------- d-------- C:\Program Files\asus
    2007-02-13 00:08 -------- d--h----- C:\Program Files\installshield installation information
    2007-02-11 21:58 -------- d---s---- C:\DOCUME~1\Michael\Application Data\microsoft
    2007-02-10 22:59 -------- d-------- C:\DOCUME~1\Michael\Application Data\adobe
    2007-02-10 22:58 -------- d-------- C:\Program Files\Common Files\adobe
    2007-02-10 19:11 -------- d-------- C:\Program Files\google
    2007-02-10 13:51 -------- d-------- C:\DOCUME~1\Michael\Application Data\macromedia
    2007-02-10 13:43 -------- d-------- C:\Program Files\macromedia
    2007-02-10 13:43 -------- d-------- C:\Program Files\Common Files\macromedia
    2007-02-08 16:11 -------- d-------- C:\DOCUME~1\Michael\Application Data\google
    2007-02-08 10:11 -------- d-------- C:\Program Files\msn messenger
    2007-02-06 20:55 86016 --a------ C:\WINDOWS\system32\openal32.dll
    2007-02-06 20:55 262144 --a------ C:\WINDOWS\system32\wrap_oal.dll


    (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

    *Note* empty entries & legit default entries are not shown

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
    "CTFMON.EXE"="C:\\WINDOWS\\system32\\ctfmon.exe"
    "swg"="C:\\Program Files\\Google\\GoogleToolbarNotifier\\1.2.1128.5462\\GoogleToolbarNotifier.exe"
    "MsnMsgr"="\"C:\\Program Files\\MSN Messenger\\MsnMsgr.Exe\" /background"
    "Steam"="C:\\Program Files\\Valve\\Steam\\\\Steam.exe -silent"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
    "JMB36X Configure"="C:\\WINDOWS\\System32\\JMRaidTool.exe boot"
    "RTHDCPL"="RTHDCPL.EXE"
    "Alcmtr"="ALCMTR.EXE"
    "NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
    "nwiz"="nwiz.exe /install"
    "QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
    "NvMediaCenter"="RunDLL32.exe NvMCTray.dll,NvTaskbarInit"
    "SoundMAXPnP"="C:\\Program Files\\Analog Devices\\Core\\smax4pnp.exe"
    "SoundMAX"="\"C:\\Program Files\\Analog Devices\\SoundMAX\\Smax4.exe\" /tray"
    "DllRunning"="rundll32.exe \"C:\\WINDOWS\\system32\\nosrnfql.dll\",setvm"
    "KAVPersonal50"="\"C:\\Program Files\\Kaspersky Lab\\Kaspersky Anti-Virus Personal\\kav.exe\" /minimize"
    "AsusServiceProvider"="C:\\Program Files\\ASUS\\AASP\\1.00.12\\aaCenter.exe"
    "AsusStartupHelp"="C:\\Program Files\\ASUS\\AASP\\1.00.12\\AsRunHelp.exe"
    "NAV Agent"="C:\\PROGRA~1\\NORTON~1\\navapw32.exe"
    "SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.6.0\\bin\\jusched.exe\""

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
    "Installed"="1"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
    "Installed"="1"
    "NoChange"="1"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
    "Installed"="1"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTDrive]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="drvzuk"
    "hkey"="HKLM"
    "command"="rundll32.exe C:\\WINDOWS\\system32\\drvzuk.dll,startup"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\opvxfdi.dll]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="opvxfdi"
    "hkey"="HKLM"
    "command"="C:\\WINDOWS\\system32\\rundll32.exe \"C:\\Documents and Settings\\Michael\\Local Settings\\Application Data\\opvxfdi.dll\",xavgzrc"
    "inimapping"="0"


    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
    "{313300DA-0267-4825-B7F5-841E3503FE31}"=""

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
    "WPDShServiceObj"="{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"

    HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\geeba
    HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\rqrqrpm
    HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winosz32

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
    "SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

    [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
    LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
    NetworkService REG_MULTI_SZ DnsCache\0\0
    rpcss REG_MULTI_SZ RpcSs\0\0
    imgsvc REG_MULTI_SZ StiSvc\0\0
    termsvcs REG_MULTI_SZ TermService\0\0
    HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
    DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
    WudfServiceGroup REG_MULTI_SZ WUDFSvc\0\0


    [HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\E]
    Shell\AutoRun\command E:\OblivionLauncher.exe


    Contents of the 'Scheduled Tasks' folder
    C:\WINDOWS\tasks\Symantec NetDetect.job


    ********************************************************************

    catchme 0.1 W2K/XP - userland rootkit detector by Gmer, 17 October 2006
    http://www.gmer.net

    scanning hidden processes ...

    scanning hidden services ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden processes: 0
    hidden services: 0
    hidden files: 0

    ********************************************************************

    Completion time: 07-02-13 23:38:09


    ----------------------------------------------------------------------------

    HJT:

    Logfile of HijackThis v1.99.1
    Scan saved at 11:53:20 PM, on 2/13/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.5730.0011)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Program Files\Norton AntiVirus\navapsvc.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
    C:\WINDOWS\System32\JMRaidTool.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\WINDOWS\system32\RunDLL32.exe
    C:\Program Files\Analog Devices\Core\smax4pnp.exe
    C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
    C:\Program Files\ASUS\AASP\1.00.12\aaCenter.exe
    C:\PROGRA~1\NORTON~1\navapw32.exe
    C:\Program Files\Java\jre1.6.0\bin\jusched.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
    C:\Program Files\MSN Messenger\MsnMsgr.Exe
    C:\Program Files\Valve\Steam\Steam.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\MSN Messenger\usnsvc.exe
    C:\Documents and Settings\Michael\Desktop\HijackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O4 - HKLM\..\Run: [JMB36X Configure] C:\WINDOWS\System32\JMRaidTool.exe boot
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
    O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
    O4 - HKLM\..\Run: [DllRunning] rundll32.exe "C:\WINDOWS\system32\nosrnfql.dll",setvm
    O4 - HKLM\..\Run: [KAVPersonal50] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe" /minimize
    O4 - HKLM\..\Run: [AsusServiceProvider] C:\Program Files\ASUS\AASP\1.00.12\aaCenter.exe
    O4 - HKLM\..\Run: [AsusStartupHelp] C:\Program Files\ASUS\AASP\1.00.12\AsRunHelp.exe
    O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [Steam] C:\Program Files\Valve\Steam\\Steam.exe -silent
    O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: SWF Capture tool - C:\Program Files\Eltima Software\Flash Decompiler\iebt.html
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra button: Flash Decompiler SWF Capture tool - {86B4FC19-8FA4-4FD3-B243-9AEDB42FA2D5} - C:\Program Files\Eltima Software\Flash Decompiler\iebt.dll (HKCU)
    O9 - Extra 'Tools' menuitem: Flash Decompiler SWF Capture tool menu - {86B4FC19-8FA4-4FD3-B243-9AEDB42FA2D5} - C:\Program Files\Eltima Software\Flash Decompiler\iebt.dll (HKCU)
    O11 - Options group: [INTERNATIONAL] International*
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: kavsvc - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvc.exe
    O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
    O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe



    Also, after running combofix, it created a new IE icon on my desktop and changed my defualt browser to IE. Normal? Changed it back to Firefox

    Another thing, this link opens up in a new tab from time to time.

    http://89.188.16.10/trafc-2/rfe.php...oving.html#post4445701&affid=66973&lid=vundo>

    Opens up a blank page. Sorry if all this is irrelevant, i'm just curious.

    Thanks
     
  6. JSntgRvr

    JSntgRvr Moderator Malware Specialist

    Joined:
    Jul 1, 2003
    Messages:
    18,552
    First Name:
    José
    Hi, holcar :)

    Please download VundoFix.exe to your desktop.
    • Double-click VundoFix.exe to run it.
    • You will receive a message saying vundofix will close and re-open in a minute or less. Click OK
    • When VundoFix re-opens, click the Scan for Vundo button.
    • Once it's done scanning, click the Remove Vundo button.
    • You will receive a prompt asking if you want to remove the files, click YES
    • Once you click yes, your desktop will go blank as it starts removing Vundo.
    • When completed, it will prompt that it will shutdown your computer, click OK.
    • Turn your computer back on.
    • Please post the contents of C:\vundofix.txt and a new HiJackThis log.
    Note: It is possible that VundoFix encountered a file it could not remove. In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button" when VundoFix appears at reboot.
     
  7. holcar

    holcar Thread Starter

    Joined:
    Feb 13, 2007
    Messages:
    28
    VundoFix:


    VundoFix V6.3.6

    Checking Java version...

    Scan started at 12:32:35 AM 2/14/2007

    Listing files found while scanning....

    C:\WINDOWS\system32\abeeg.bak1
    C:\WINDOWS\system32\abeeg.bak2
    C:\WINDOWS\system32\abeeg.ini
    C:\WINDOWS\system32\abeeg.ini2
    C:\WINDOWS\system32\abeeg.tmp
    C:\WINDOWS\system32\geeba.dll
    C:\WINDOWS\system32\rqrqrpm.dll
    C:\WINDOWS\system32\shoqkqal.dll

    Beginning removal...

    Attempting to delete C:\WINDOWS\system32\abeeg.bak1
    C:\WINDOWS\system32\abeeg.bak1 Has been deleted!

    Attempting to delete C:\WINDOWS\system32\abeeg.bak2
    C:\WINDOWS\system32\abeeg.bak2 Has been deleted!

    Attempting to delete C:\WINDOWS\system32\abeeg.ini
    C:\WINDOWS\system32\abeeg.ini Has been deleted!

    Attempting to delete C:\WINDOWS\system32\abeeg.ini2
    C:\WINDOWS\system32\abeeg.ini2 Has been deleted!

    Attempting to delete C:\WINDOWS\system32\abeeg.tmp
    C:\WINDOWS\system32\abeeg.tmp Has been deleted!

    Attempting to delete C:\WINDOWS\system32\geeba.dll
    C:\WINDOWS\system32\geeba.dll Could not be deleted.

    Attempting to delete C:\WINDOWS\system32\rqrqrpm.dll
    C:\WINDOWS\system32\rqrqrpm.dll Could not be deleted.

    Performing Repairs to the registry.
    Done!

    Beginning removal...

    Attempting to delete C:\WINDOWS\system32\geeba.dll
    C:\WINDOWS\system32\geeba.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\rqrqrpm.dll
    C:\WINDOWS\system32\rqrqrpm.dll Has been deleted!

    Performing Repairs to the registry.
    Done!


    --------------------------------------------------------------------------

    HJT:

    Logfile of HijackThis v1.99.1
    Scan saved at 1:12:45 AM, on 2/14/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.5730.0011)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\System32\JMRaidTool.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Analog Devices\Core\smax4pnp.exe
    C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
    C:\Program Files\ASUS\AASP\1.00.12\aaCenter.exe
    C:\PROGRA~1\NORTON~1\navapw32.exe
    C:\Program Files\Java\jre1.6.0\bin\jusched.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Program Files\Norton AntiVirus\navapsvc.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\Program Files\MSN Messenger\MsnMsgr.Exe
    C:\Program Files\Valve\Steam\Steam.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
    C:\WINDOWS\System32\svchost.exe
    C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\MSN Messenger\usnsvc.exe
    C:\Documents and Settings\Michael\Desktop\HijackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {313300DA-0267-4825-B7F5-841E3503FE31} - C:\WINDOWS\system32\rqrqrpm.dll (file missing)
    O2 - BHO: (no name) - {68D5CF1D-EC5C-4bdd-A9EF-F0E517565D50} - C:\WINDOWS\system32\shoqkqal.dll (file missing)
    O2 - BHO: (no name) - {7510289C-BAD2-8109-8724-08E4C2920395} - C:\WINDOWS\system32\lpjbmbh.dll (file missing)
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O2 - BHO: (no name) - {C8353A95-04C8-4889-93A9-A76297C13A50} - C:\WINDOWS\system32\geeba.dll (file missing)
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O4 - HKLM\..\Run: [JMB36X Configure] C:\WINDOWS\System32\JMRaidTool.exe boot
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
    O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
    O4 - HKLM\..\Run: [KAVPersonal50] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe" /minimize
    O4 - HKLM\..\Run: [AsusServiceProvider] C:\Program Files\ASUS\AASP\1.00.12\aaCenter.exe
    O4 - HKLM\..\Run: [AsusStartupHelp] C:\Program Files\ASUS\AASP\1.00.12\AsRunHelp.exe
    O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [Steam] C:\Program Files\Valve\Steam\\Steam.exe -silent
    O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: SWF Capture tool - C:\Program Files\Eltima Software\Flash Decompiler\iebt.html
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra button: Flash Decompiler SWF Capture tool - {86B4FC19-8FA4-4FD3-B243-9AEDB42FA2D5} - C:\Program Files\Eltima Software\Flash Decompiler\iebt.dll (HKCU)
    O9 - Extra 'Tools' menuitem: Flash Decompiler SWF Capture tool menu - {86B4FC19-8FA4-4FD3-B243-9AEDB42FA2D5} - C:\Program Files\Eltima Software\Flash Decompiler\iebt.dll (HKCU)
    O11 - Options group: [INTERNATIONAL] International*
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O20 - Winlogon Notify: winosz32 - winosz32.dll (file missing)
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: kavsvc - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvc.exe
    O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
    O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
     
  8. JSntgRvr

    JSntgRvr Moderator Malware Specialist

    Joined:
    Jul 1, 2003
    Messages:
    18,552
    First Name:
    José
    Hi, holcar :)

    Please re-open HiJackThis and scan. Check the boxes next to all the entries listed below.

    O2 - BHO: (no name) - {313300DA-0267-4825-B7F5-841E3503FE31} - C:\WINDOWS\system32\rqrqrpm.dll (file missing)
    O2 - BHO: (no name) - {68D5CF1D-EC5C-4bdd-A9EF-F0E517565D50} - C:\WINDOWS\system32\shoqkqal.dll (file missing)
    O2 - BHO: (no name) - {7510289C-BAD2-8109-8724-08E4C2920395} - C:\WINDOWS\system32\lpjbmbh.dll (file missing)
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: (no name) - {C8353A95-04C8-4889-93A9-A76297C13A50} - C:\WINDOWS\system32\geeba.dll (file missing)
    O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
    O20 - Winlogon Notify: winosz32 - winosz32.dll (file missing)


    Now close all windows and browsers, other than HiJackThis, then click Fix Checked.

    Close Hijackthis.

    The rest of the log looks clear. How is the computer doing?
     
  9. holcar

    holcar Thread Starter

    Joined:
    Feb 13, 2007
    Messages:
    28
    Computer appears to be ok, havn't had any IE pop-up spawns since. Seems to start up a little slower than usual though.

    Here is a new HJT log, look clean?

    Logfile of HijackThis v1.99.1
    Scan saved at 5:42:59 PM, on 2/14/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.5730.0011)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\QuickTime\qttask.exe
    C:\WINDOWS\system32\RunDLL32.exe
    C:\Program Files\Analog Devices\Core\smax4pnp.exe
    C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
    C:\Program Files\ASUS\AASP\1.00.12\aaCenter.exe
    C:\PROGRA~1\NORTON~1\navapw32.exe
    C:\Program Files\Java\jre1.6.0\bin\jusched.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
    C:\Program Files\MSN Messenger\MsnMsgr.Exe
    C:\Program Files\Valve\Steam\Steam.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Program Files\Norton AntiVirus\navapsvc.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
    C:\WINDOWS\System32\svchost.exe
    C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
    C:\Program Files\MSN Messenger\usnsvc.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Documents and Settings\Michael\Desktop\HijackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O4 - HKLM\..\Run: [JMB36X Configure] C:\WINDOWS\System32\JMRaidTool.exe boot
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
    O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
    O4 - HKLM\..\Run: [AsusServiceProvider] C:\Program Files\ASUS\AASP\1.00.12\aaCenter.exe
    O4 - HKLM\..\Run: [AsusStartupHelp] C:\Program Files\ASUS\AASP\1.00.12\AsRunHelp.exe
    O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [Steam] C:\Program Files\Valve\Steam\\Steam.exe -silent
    O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: SWF Capture tool - C:\Program Files\Eltima Software\Flash Decompiler\iebt.html
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra button: Flash Decompiler SWF Capture tool - {86B4FC19-8FA4-4FD3-B243-9AEDB42FA2D5} - C:\Program Files\Eltima Software\Flash Decompiler\iebt.dll (HKCU)
    O9 - Extra 'Tools' menuitem: Flash Decompiler SWF Capture tool menu - {86B4FC19-8FA4-4FD3-B243-9AEDB42FA2D5} - C:\Program Files\Eltima Software\Flash Decompiler\iebt.dll (HKCU)
    O11 - Options group: [INTERNATIONAL] International*
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
    O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe



    Thanks
     
  10. JSntgRvr

    JSntgRvr Moderator Malware Specialist

    Joined:
    Jul 1, 2003
    Messages:
    18,552
    First Name:
    José
    Hi, holcar :)

    Lets se if thereis anything else:

    [​IMG]Please download ATF Cleaner by Atribune.
    This program is for XP and Windows 2000 only

    • Double-click ATF-Cleaner.exe to run the program.
      Under Main choose: Select All
      Click the Empty Selected button.
    If you use Firefox browser
    • Click Firefox at the top and choose: Select All
      Click the Empty Selected button.
      NOTE: If you would like to keep your saved passwords, please click No at the prompt.
    If you use Opera browser
    • Click Opera at the top and choose: Select All
      Click the Empty Selected button.
      NOTE: If you would like to keep your saved passwords, please click No at the prompt.
    Click Exit on the Main menu to close the program.
    For Technical Support, double-click the e-mail address located at the bottom of each menu.

    [​IMG]Download AVG Anti-Spyware from HERE and save that file to your desktop.
    This is a 30 day trial of the program
    1. Once you have downloaded AVG Anti-Spyware, locate the icon on the desktop and double-click it to launch the set up program.
    2. Once the setup is complete you will need run AVG Anti-Spyware and update the definition files.
    3. On the main screen select the icon "Update" then select the "Update now" link.
      • Next select the "Start Update" button, the update will start and a progress bar will show the updates being installed.
    4. Once the update has completed select the "Scanner" icon at the top of the screen, then select the "Settings" tab.
    5. Once in the Settings screen click on "Recommended actions" and then select "Quarantine".
    6. Under "Reports"
      • Select "Automatically generate report after every scan"
      • Un-Select "Only if threats were found"
    Close AVG Anti-Spyware, Do Not run a scan just yet, we will shortly

    Now copy these instructions to notepad and save them to your desktop. You will need them to refer to in safe mode.

    Boot into Safe Mode:

    Restart your computer and as soon as it starts booting up again continuously tap F8. A menu should come up where you will be given the option to enter Safe Mode.

    Perform the following steps in safe mode:

    1. IMPORTANT: Do not open any other windows or programs while AVG Anti-Spyware is scanning, it may interfere with the scanning proccess:
    2. Lauch AVG Anti-Spyware by double-clicking the icon on your desktop.
    3. Select the "Scanner" icon at the top and then the "Scan" tab then click on "Complete System Scan".
    4. AVG Anti-Spyware will now begin the scanning process, be patient this may take a little time.
      Once the scan is complete do the following:
    5. If you have any infections you will prompted, then select "Apply all actions"
    6. Next select the "Reports" icon at the top.
    7. Select the "Save report as" button in the lower left hand of the screen and save it to a text file on your system (make sure to remember where you saved that file, this is important).
    8. Close AVG Anti-Spyware .
    Restart back into Windows normally now.

    Please go HERE to run Panda's ActiveScan
    • Once you are on the Panda site click the Scan your PC button
    • A new window will open...click the Check Now button
    • Enter your Country
    • Enter your State/Province
    • Enter your e-mail address and click send
    • Select either Home User or Company
    • Click the big Scan Now button
    • If it wants to install an ActiveX component allow it
    • It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
    • When download is complete, click on My Computer to start the scan
    • When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location.
    Post a fresh Hijackthis log along with the AVG Anti-spyware and ActiveScan reports.
     
  11. holcar

    holcar Thread Starter

    Joined:
    Feb 13, 2007
    Messages:
    28
    HJT:

    Logfile of HijackThis v1.99.1
    Scan saved at 9:50:53 PM, on 2/14/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.5730.0011)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Program Files\Norton AntiVirus\navapsvc.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
    C:\WINDOWS\system32\RunDLL32.exe
    C:\Program Files\Analog Devices\Core\smax4pnp.exe
    C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
    C:\Program Files\ASUS\AASP\1.00.12\aaCenter.exe
    C:\PROGRA~1\NORTON~1\navapw32.exe
    C:\Program Files\Java\jre1.6.0\bin\jusched.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
    C:\Program Files\MSN Messenger\MsnMsgr.Exe
    C:\Program Files\Valve\Steam\Steam.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\MSN Messenger\usnsvc.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
    C:\Documents and Settings\Michael\Desktop\HijackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O4 - HKLM\..\Run: [JMB36X Configure] C:\WINDOWS\System32\JMRaidTool.exe boot
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
    O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
    O4 - HKLM\..\Run: [AsusServiceProvider] C:\Program Files\ASUS\AASP\1.00.12\aaCenter.exe
    O4 - HKLM\..\Run: [AsusStartupHelp] C:\Program Files\ASUS\AASP\1.00.12\AsRunHelp.exe
    O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [Steam] C:\Program Files\Valve\Steam\\Steam.exe -silent
    O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: SWF Capture tool - C:\Program Files\Eltima Software\Flash Decompiler\iebt.html
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra button: Flash Decompiler SWF Capture tool - {86B4FC19-8FA4-4FD3-B243-9AEDB42FA2D5} - C:\Program Files\Eltima Software\Flash Decompiler\iebt.dll (HKCU)
    O9 - Extra 'Tools' menuitem: Flash Decompiler SWF Capture tool menu - {86B4FC19-8FA4-4FD3-B243-9AEDB42FA2D5} - C:\Program Files\Eltima Software\Flash Decompiler\iebt.dll (HKCU)
    O11 - Options group: [INTERNATIONAL] International*
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
    O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

    --------------------------------------------------------------------------------

    ---------------------------------------------------------
    AVG Anti-Spyware - Scan Report
    ---------------------------------------------------------

    + Created at: 8:57:00 PM 2/14/2007

    + Scan result:



    C:\SDFix\backups\backups.zip/backups/win13.tmp.exe -> Dialer.InstantAccess.k : Cleaned.
    :mozilla.550:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\xz62h3v2.default\cookies.txt -> TrackingCookie.247realmedia : Cleaned.
    :mozilla.180:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\xz62h3v2.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
    :mozilla.181:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\xz62h3v2.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
    :mozilla.182:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\xz62h3v2.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
    :mozilla.183:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\xz62h3v2.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
    :mozilla.184:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\xz62h3v2.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
    :mozilla.185:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\xz62h3v2.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
    :mozilla.186:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\xz62h3v2.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
    :mozilla.235:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\xz62h3v2.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
    :mozilla.605:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\xz62h3v2.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
    :mozilla.620:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\xz62h3v2.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
    :mozilla.128:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\xz62h3v2.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
    :mozilla.129:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\xz62h3v2.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
    :mozilla.130:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\xz62h3v2.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
    :mozilla.133:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\xz62h3v2.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
    :mozilla.134:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\xz62h3v2.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
    :mozilla.217:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\xz62h3v2.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
    :mozilla.218:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\xz62h3v2.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
    :mozilla.236:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\xz62h3v2.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
    :mozilla.237:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\xz62h3v2.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
    :mozilla.507:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\xz62h3v2.default\cookies.txt -> TrackingCookie.Adjuggler : Cleaned.
    :mozilla.508:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\xz62h3v2.default\cookies.txt -> TrackingCookie.Adjuggler : Cleaned.
    :mozilla.509:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\xz62h3v2.default\cookies.txt -> TrackingCookie.Adjuggler : Cleaned.
    :mozilla.510:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\xz62h3v2.default\cookies.txt -> TrackingCookie.Adjuggler : Cleaned.
    :mozilla.205:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\xz62h3v2.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
    :mozilla.206:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\xz62h3v2.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
    :mozilla.207:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\xz62h3v2.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
    :mozilla.208:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\xz62h3v2.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
    :mozilla.209:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\xz62h3v2.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
    :mozilla.527:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\xz62h3v2.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
    :mozilla.528:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\xz62h3v2.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
    :mozilla.529:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\xz62h3v2.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
    :mozilla.187:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\xz62h3v2.default\cookies.txt -> TrackingCookie.Adtech : Cleaned.
    :mozilla.188:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\xz62h3v2.default\cookies.txt -> TrackingCookie.Adtech : Cleaned.
    :mozilla.42:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\xz62h3v2.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
    :mozilla.46:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\xz62h3v2.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
    :mozilla.47:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\xz62h3v2.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
    :mozilla.48:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\xz62h3v2.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
    :mozilla.49:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\xz62h3v2.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
    :mozilla.22:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\xz62h3v2.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
    :mozilla.285:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\xz62h3v2.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
    :mozilla.286:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\xz62h3v2.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
    :mozilla.287:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\xz62h3v2.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
    :mozilla.288:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\xz62h3v2.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
    :mozilla.289:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\xz62h3v2.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
    :mozilla.290:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\xz62h3v2.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
    :mozilla.291:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\xz62h3v2.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
    :mozilla.292:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\xz62h3v2.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
    :mozilla.196:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\xz62h3v2.default\cookies.txt -> TrackingCookie.Com : Cleaned.
    :mozilla.23:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\xz62h3v2.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.
    :mozilla.523:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\xz62h3v2.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
    :mozilla.524:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\xz62h3v2.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
    :mozilla.525:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\xz62h3v2.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
    :mozilla.526:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\xz62h3v2.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
    :mozilla.166:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\xz62h3v2.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
    :mozilla.167:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\xz62h3v2.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
    :mozilla.168:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\xz62h3v2.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
    :mozilla.169:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\xz62h3v2.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
    :mozilla.170:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\xz62h3v2.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
    :mozilla.171:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\xz62h3v2.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
    :mozilla.172:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\xz62h3v2.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
    :mozilla.173:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\xz62h3v2.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
    :mozilla.174:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\xz62h3v2.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
    :mozilla.175:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\xz62h3v2.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
    :mozilla.337:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\xz62h3v2.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
    :mozilla.393:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\xz62h3v2.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
    :mozilla.591:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\xz62h3v2.default\cookies.txt -> TrackingCookie.Hotlog : Cleaned.
    :mozilla.430:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\xz62h3v2.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
    :mozilla.432:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\xz62h3v2.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
    :mozilla.436:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\xz62h3v2.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
    :mozilla.242:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\xz62h3v2.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned.
    :mozilla.243:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\xz62h3v2.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned.
    :mozilla.121:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\xz62h3v2.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
    :mozilla.177:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\xz62h3v2.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
    :mozilla.178:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\xz62h3v2.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
    :mozilla.179:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\xz62h3v2.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
    :mozilla.255:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\xz62h3v2.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
    :mozilla.256:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\xz62h3v2.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
    :mozilla.303:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\xz62h3v2.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
    :mozilla.304:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\xz62h3v2.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
    :mozilla.305:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\xz62h3v2.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
    :mozilla.306:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\xz62h3v2.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
    :mozilla.307:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\xz62h3v2.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
    :mozilla.308:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\xz62h3v2.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
    :mozilla.309:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\xz62h3v2.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
    :mozilla.310:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\xz62h3v2.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
    :mozilla.311:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\xz62h3v2.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
    :mozilla.312:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\xz62h3v2.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
    :mozilla.313:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\xz62h3v2.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
    :mozilla.316:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\xz62h3v2.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
    :mozilla.317:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\xz62h3v2.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
    :mozilla.318:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\xz62h3v2.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
    :mozilla.319:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\xz62h3v2.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
    :mozilla.320:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\xz62h3v2.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
    :mozilla.333:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\xz62h3v2.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
    :mozilla.503:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\xz62h3v2.default\cookies.txt -> TrackingCookie.Sexlist : Cleaned.
    :mozilla.293:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\xz62h3v2.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
    :mozilla.294:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\xz62h3v2.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
    :mozilla.295:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\xz62h3v2.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
    :mozilla.296:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\xz62h3v2.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
    :mozilla.297:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\xz62h3v2.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
    :mozilla.298:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\xz62h3v2.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
    :mozilla.299:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\xz62h3v2.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
    :mozilla.281:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\xz62h3v2.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
    :mozilla.282:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\xz62h3v2.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
    :mozilla.283:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\xz62h3v2.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
    :mozilla.284:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\xz62h3v2.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
    :mozilla.614:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\xz62h3v2.default\cookies.txt -> TrackingCookie.Targetnet : Cleaned.
    :mozilla.615:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\xz62h3v2.default\cookies.txt -> TrackingCookie.Targetnet : Cleaned.
    :mozilla.356:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\xz62h3v2.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned.
    :mozilla.357:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\xz62h3v2.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned.
    :mozilla.260:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\xz62h3v2.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
    :mozilla.261:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\xz62h3v2.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
    :mozilla.262:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\xz62h3v2.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
    :mozilla.263:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\xz62h3v2.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
    :mozilla.264:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\xz62h3v2.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
    :mozilla.265:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\xz62h3v2.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
    :mozilla.266:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\xz62h3v2.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
    :mozilla.267:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\xz62h3v2.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
    :mozilla.158:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\xz62h3v2.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
    :mozilla.352:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\xz62h3v2.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
    :mozilla.60:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\xz62h3v2.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
    :mozilla.61:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\xz62h3v2.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
    :mozilla.62:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\xz62h3v2.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
    :mozilla.63:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\xz62h3v2.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
    :mozilla.64:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\xz62h3v2.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
    :mozilla.65:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\xz62h3v2.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
    :mozilla.66:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\xz62h3v2.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
    :mozilla.67:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\xz62h3v2.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
    :mozilla.68:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\xz62h3v2.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
    :mozilla.230:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\xz62h3v2.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
    :mozilla.231:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\xz62h3v2.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
    :mozilla.232:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\xz62h3v2.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
    :mozilla.233:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\xz62h3v2.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
    :mozilla.234:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\xz62h3v2.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.


    ::Report end

    -----------------------------------------------------------------------------------
     
  12. holcar

    holcar Thread Starter

    Joined:
    Feb 13, 2007
    Messages:
    28
    Panda Active Scan


    Incident Status Location

    Adware:adware/securityerror Not disinfected C:\Documents and Settings\Michael\Favorites\Antivirus Test Online.url
    Spyware:Cookie/Apmebf Not disinfected C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\xz62h3v2.default\cookies.txt[.apmebf.com/]
    Spyware:Cookie/DriveCleaner Not disinfected C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\xz62h3v2.default\cookies.txt[.drivecleaner.com/]
    Spyware:Cookie/DriveCleaner Not disinfected C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\xz62h3v2.default\cookies.txt[www.drivecleaner.com/]
    Spyware:Cookie/DriveCleaner Not disinfected C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\xz62h3v2.default\cookies.txt[.drivecleaner.com/]
    Spyware:Cookie/DriveCleaner Not disinfected C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\xz62h3v2.default\cookies.txt[www.drivecleaner.com/]
    Spyware:Cookie/DriveCleaner Not disinfected C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\xz62h3v2.default\cookies.txt[.drivecleaner.com/]
    Spyware:Cookie/Hbmediapro Not disinfected C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\xz62h3v2.default\cookies.txt[.adopt.hbmediapro.com/]
    Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\xz62h3v2.default\cookies.txt[.xiti.com/]
    Spyware:Cookie/Winantivirus Not disinfected C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\xz62h3v2.default\cookies.txt[.winantivirus.com/]
    Spyware:Cookie/ErrorSafe Not disinfected C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\xz62h3v2.default\cookies.txt[.errorsafe.com/]
    Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Michael\Cookies\[email protected][2].txt
    Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Michael\Desktop\SDFix.exe[SDFix\apps\Process.exe]
    Potentially unwanted tool:Application/Processor Not disinfected C:\SDFix\apps\Process.exe
    Spyware:Spyware/Virtumonde Not disinfected C:\VundoFix Backups\rqrqrpm.dll.bad
     
  13. JSntgRvr

    JSntgRvr Moderator Malware Specialist

    Joined:
    Jul 1, 2003
    Messages:
    18,552
    First Name:
    José
    Hi, holcar :)

    Please download SmitfraudFix (by S!Ri) to your Desktop.

    Double-click SmitfraudFix.exe
    Select option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).
    Please copy/paste the content of that report into your next reply.

    **If the tool fails to launch from the Desktop, please move SmitfraudFix.exe directly to the root of the system drive (usually C:), and launch from there.

    Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.
    http://www.beyondlogic.org/consulting/proc...processutil.htm

    Warning : running option #2 on a non infected computer will remove your Desktop background.
     
  14. holcar

    holcar Thread Starter

    Joined:
    Feb 13, 2007
    Messages:
    28
    SmitFraudFix v2.142

    Scan done at 22:51:56.50, Wed 02/14/2007
    Run from C:\Documents and Settings\Michael\SmitfraudFix
    OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
    The filesystem type is NTFS
    Fix run in normal mode

    »»»»»»»»»»»»»»»»»»»»»»»» hosts


    »»»»»»»»»»»»»»»»»»»»»»»» C:\


    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32


    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles


    »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Michael


    »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Michael\Application Data


    »»»»»»»»»»»»»»»»»»»»»»»» Start Menu


    »»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\Michael\FAVORI~1

    C:\DOCUME~1\Michael\FAVORI~1\Antivirus Test Online.url FOUND !

    »»»»»»»»»»»»»»»»»»»»»»»» Desktop


    »»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files


    »»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys


    »»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
    "Source"="About:Home"
    "SubscribedURL"="About:Home"
    "FriendlyName"="My Current Home Page"


    »»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
    !!!Attention, following keys are not inevitably infected!!!

    SrchSTS.exe by S!Ri
    Search SharedTaskScheduler's .dll


    »»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
    !!!Attention, following keys are not inevitably infected!!!

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "AppInit_DLLs"=""


    »»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
    !!!Attention, following keys are not inevitably infected!!!

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
    "System"=""


    »»»»»»»»»»»»»»»»»»»»»»»» pe386-msguard-lzx32-huy32


    »»»»»»»»»»»»»»»»»»»»»»»» Scanning wininet.dll infection


    »»»»»»»»»»»»»»»»»»»»»»»» End
     
  15. JSntgRvr

    JSntgRvr Moderator Malware Specialist

    Joined:
    Jul 1, 2003
    Messages:
    18,552
    First Name:
    José
    Hi, holcar :)

    I am not going to run that program for just one entry. Using Windows Explorer (to get there right-click your Start button and go to "Explore"), please navigate to and delete the following file:

    C:\Documents and Settings\Michael\Favorites\Antivirus Test Online.url

    How is it feels now?
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/543761

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice