Mobile/PDA About Us Advertise here
User User name Password  
  Not registered yet? Register here.
Lost your password? Click here. 		 
  Home   News   Guides   Downloads   Glossary   Hardware   Profiles   Forums   v4  
 Advertise at AfterDawn.com     Link to us!     Private messages     Compose a private message     List of all updated threads     Threads without replies     Search messages
Sunday 31.8.2025 / 01:34
Search AfterDawn Forums:        In English   Suomeksi   På svenska
afterdawn.com > forums > software, operating systems and more > windows - virus and spyware problems > logfile help please
Show topics
 
Forums
Forums
Logfile Help Please
  Jump to:
 
Posted Message
Page:12Next >
roblatacz
Member
_ 		9. April 2007 @ 12:26 _ Link to this message    Send private message to this user   
When I go on a website the page redirects and goes on to another site. Can someone see whats wrong and has to be deleted, Thanks.

Here's my computers logfile.

Logfile of HijackThis v1.99.1
Scan saved at 21:19:32, on 09/04/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\system32\bgsvcgen.exe
C:\WINDOWS\system32\libusbd-nt.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\NILaunch.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\WINDOWS\system32\ezSP_Px.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Java\jre1.5.0_11\bin\jucheck.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Hijackthis\HijackThis_v1.99.1.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R3 - URLSearchHook: &Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {0AA6E4D8-AE3C-4860-4799-07E98DDECD82} - C:\WINDOWS\system32\tiydwic.dll
O2 - BHO: (no name) - {49CD0E17-09F4-9E0A-0E29-03457C0D673E} - C:\WINDOWS\system32\tezxwr.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {58605A09-1EA9-A981-9637-09D48B962F75} - C:\WINDOWS\system32\xcsradd.dll
O2 - BHO: (no name) - {6C698B34-C906-6797-3663-014FC41172E2} - C:\WINDOWS\system32\huhylpf.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {9AC5A846-1ECC-480A-8868-039A1C98CE20} - C:\WINDOWS\system32\jkhhh.dll (file missing)
O4 - HKLM\..\Run: [Net-It Launcher] C:\WINDOWS\System32\NILaunch.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\system32\ezSP_Px.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [tezxwr.dll] C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\tezxwr.dll,rcsaxz
O4 - HKLM\..\Run: [Ultimate Cleaner] C:\Program Files\Ultimate Cleaner\App.exe
O4 - HKLM\..\Run: [ctfmon] C:\WINDOWS\system32\dlg\ctfmon.exe
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime Alternative\qttask.exe" -atboottime
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredit...?p=ZJxdm027YYGB
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by126fd.bay126.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v4.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupd...b?1161120896609
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Mes...nt.cab31267.cab
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab
O16 - DPF: {BE833F39-1E0C-468C-BA70-25AAEE55775E} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab.cab
O16 - DPF: {C02226EB-A5D7-4B1F-BD7E-635E46C2288D} (Toontown Installer ActiveX Control) - https://ukplay.toontown.com/download/sv1.0.24.18/ttinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{7E1C9723-BDF6-4AD8-A923-BFE2317A4E6E}: NameServer = 194.168.4.100,194.168.8.100
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - AppInit_DLLs: MsgPlusLoader.dll
O20 - Winlogon Notify: jkhhh - C:\WINDOWS\system32\jkhhh.dll (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\WINDOWS\system32\bgsvcgen.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: LibUsb-Win32 - Daemon, Version 0.1.10.1 (libusbd) - http://libusb-win32.sourceforge.net - C:\WINDOWS\system32\libusbd-nt.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
[ + quote]
Advertisement
_ 		__
KotaGuy
Member
_ 		9. April 2007 @ 17:24 _ Link to this message    Send private message to this user   
Please download VundoFix.exe to your desktop.

[*]Double-click VundoFix.exe to run it.
[*]Click the Scan for Vundo button.
[*]Once it's done scanning, click the Remove Vundo button.
[*]You will receive a prompt asking if you want to remove the files, click YES
[*]Once you click yes, your desktop will go blank as it starts removing Vundo.
[*]When completed, it will prompt that it will reboot your computer, click OK.
[*]Please post the contents of C:\vundofix.txt and a new HijackThis log.

Note: It is possible that VundoFix encountered a file it could not remove.
In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button." when VundoFix appears at reboot.
[ + quote]
roblatacz
Member
_ 		10. April 2007 @ 01:36 _ Link to this message    Send private message to this user   
Ok, Ive done it. I don't know how to post the vundo log but here's a new HijackThis log.

Logfile of HijackThis v1.99.1
Scan saved at 10:33:18, on 10/04/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\system32\bgsvcgen.exe
C:\WINDOWS\system32\libusbd-nt.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\NILaunch.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\WINDOWS\system32\ezSP_Px.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Hijackthis\HijackThis_v1.99.1.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R3 - URLSearchHook: &Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {0AA6E4D8-AE3C-4860-4799-07E98DDECD82} - C:\WINDOWS\system32\tiydwic.dll (file missing)
O2 - BHO: (no name) - {49CD0E17-09F4-9E0A-0E29-03457C0D673E} - C:\WINDOWS\system32\tezxwr.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {58605A09-1EA9-A981-9637-09D48B962F75} - C:\WINDOWS\system32\xcsradd.dll
O2 - BHO: (no name) - {6C698B34-C906-6797-3663-014FC41172E2} - C:\WINDOWS\system32\huhylpf.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {9AC5A846-1ECC-480A-8868-039A1C98CE20} - C:\WINDOWS\system32\jkhhh.dll (file missing)
O4 - HKLM\..\Run: [Net-It Launcher] C:\WINDOWS\System32\NILaunch.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\system32\ezSP_Px.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [tezxwr.dll] C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\tezxwr.dll,rcsaxz
O4 - HKLM\..\Run: [Ultimate Cleaner] C:\Program Files\Ultimate Cleaner\App.exe
O4 - HKLM\..\Run: [ctfmon] C:\WINDOWS\system32\dlg\ctfmon.exe
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime Alternative\qttask.exe" -atboottime
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredit...?p=ZJxdm027YYGB
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by126fd.bay126.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v4.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupd...b?1161120896609
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Mes...nt.cab31267.cab
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab
O16 - DPF: {BE833F39-1E0C-468C-BA70-25AAEE55775E} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab.cab
O16 - DPF: {C02226EB-A5D7-4B1F-BD7E-635E46C2288D} (Toontown Installer ActiveX Control) - https://ukplay.toontown.com/download/sv1.0.24.18/ttinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{7E1C9723-BDF6-4AD8-A923-BFE2317A4E6E}: NameServer = 194.168.4.100,194.168.8.100
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - AppInit_DLLs: MsgPlusLoader.dll
O20 - Winlogon Notify: jkhhh - C:\WINDOWS\system32\jkhhh.dll (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\WINDOWS\system32\bgsvcgen.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: LibUsb-Win32 - Daemon, Version 0.1.10.1 (libusbd) - http://libusb-win32.sourceforge.net - C:\WINDOWS\system32\libusbd-nt.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
[ + quote]
roblatacz
Member
_ 		10. April 2007 @ 01:49 _ Link to this message    Send private message to this user   
Ive tried running HijackThis on my second computer but get an error saying MSVBVM60.DLL was not found.
[ + quote]
KotaGuy
Member
_ 		10. April 2007 @ 05:10 _ Link to this message    Send private message to this user   
There should be a file on your C: drive named VundoFix.txt.

Double click it to open it and copy/paste the contents in your reply please.
[ + quote]
roblatacz
Member
_ 		10. April 2007 @ 08:15 _ Link to this message    Send private message to this user   
Ok, here it is.

VundoFix V6.3.19

Checking Java version...

Java version is 1.5.0.7
Old versions of java are exploitable and should be removed.

Java version is 1.5.0.11

Scan started at 10:23:57 10/04/2007

Listing files found while scanning....

C:\WINDOWS\system32\hhhkj.bak1
C:\WINDOWS\system32\hhhkj.bak2
C:\WINDOWS\system32\hhhkj.ini
C:\WINDOWS\system32\hlaancac.exe
C:\WINDOWS\system32\huhylpf.dll
C:\WINDOWS\system32\jkhhh.dll
C:\WINDOWS\system32\pnnttxde.exe
C:\WINDOWS\system32\tiydwic.dll

Beginning removal...

Attempting to delete C:\WINDOWS\system32\hhhkj.bak1
C:\WINDOWS\system32\hhhkj.bak1 Has been deleted!

Attempting to delete C:\WINDOWS\system32\hhhkj.bak2
C:\WINDOWS\system32\hhhkj.bak2 Has been deleted!

Attempting to delete C:\WINDOWS\system32\hhhkj.ini
C:\WINDOWS\system32\hhhkj.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\hlaancac.exe
C:\WINDOWS\system32\hlaancac.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\huhylpf.dll
C:\WINDOWS\system32\huhylpf.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\pnnttxde.exe
C:\WINDOWS\system32\pnnttxde.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\tiydwic.dll
C:\WINDOWS\system32\tiydwic.dll Has been deleted!

Performing Repairs to the registry.
Done!
[ + quote]
roblatacz
Member
_ 		10. April 2007 @ 09:57 _ Link to this message    Send private message to this user   
Here's the logfile for my second computer. When I log in to hotmail it keeps saying there's something wrong with the websites security certificate.

Logfile of HijackThis v1.99.1
Scan saved at 18:53:09, on 10/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\system32\libusbd-nt.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WUSB54GSv2.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [DrvLsnr] C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\\NeroCheck.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v4.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.5.0) - http://javadl-esd.sun.com/update/1.5.0/j...indows-i586.cab
O16 - DPF: {AA07EBD2-EBDD-4BD6-9F8F-114BD513492C} (NeffyLauncherCtl Class) - http://disteng.nefficient.com/disteng/neffy/NeffyLauncher.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\MAGIX\Common\Database\bin\fbserver.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LibUsb-Win32 - Daemon, Version 0.1.10.1 (libusbd) - http://libusb-win32.sourceforge.net - C:\WINDOWS\system32\libusbd-nt.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: UPnPService - Unknown owner - C:\Program Files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe
O23 - Service: WUSB54GSv2SVC - Unknown owner - C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe" "WUSB54GSv2.exe (file missing)
[ + quote]
KotaGuy
Member
_ 		10. April 2007 @ 15:34 _ Link to this message    Send private message to this user   
Gonna ignore the second computer for now and just focus on the first one.

Print this out for reference during the fix as for part of it you will be in Safe Mode and unable to access this site.

Run and scan with HijackThis and place checks beside the following:

R3 - URLSearchHook: &Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: (no name) - {0AA6E4D8-AE3C-4860-4799-07E98DDECD82} - C:\WINDOWS\system32\tiydwic.dll (file missing)
O2 - BHO: (no name) - {49CD0E17-09F4-9E0A-0E29-03457C0D673E} - C:\WINDOWS\system32\tezxwr.dll
O2 - BHO: (no name) - {58605A09-1EA9-A981-9637-09D48B962F75} - C:\WINDOWS\system32\xcsradd.dll
O2 - BHO: (no name) - {6C698B34-C906-6797-3663-014FC41172E2} - C:\WINDOWS\system32\huhylpf.dll (file missing)
O4 - HKLM\..\Run: [tezxwr.dll] C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\tezxwr.dll,rcsaxz
O4 - HKLM\..\Run: [Ultimate Cleaner] C:\Program Files\Ultimate Cleaner\App.exe
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredit...?p=ZJxdm027YYGB
O20 - Winlogon Notify: jkhhh - C:\WINDOWS\system32\jkhhh.dll (file missing)

Close all open browsers/windows and click the Fix button.

Download ATF (Atribune Temp File) Cleaner© by Atribune to your desktop. Don't run it yet.

Download AVG Anti-Spyware and install it. Update the programs definition files. Don't scan with it yet.

Reboot your computer in Safe Mode.

[*]If the computer is running, shut down Windows, and then turn off the power.
[*]Wait 30 seconds, and then turn the computer on.
[*]Start tapping the F8 key. The Windows Advanced Options Menu appears. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, restart the computer and try again.
[*]Ensure that the Safe Mode option is selected.
[*]Press Enter. The computer then begins to start in Safe mode.
[*]Login on your usual account.

Make sure hidden files/folders are shown...

[*]Close all programs so that you are at your desktop.
[*]Double-click on the My Computer icon (or click Start, then select My Computer)
[*]Select the Tools menu and click Folder Options.
[*]After the new window appears select the View tab.
[*]Put a checkmark in the checkbox labeled Display the contents of system folders.
[*]Under the Hidden files and folders section select the radio button labeled Show hidden files and folders.
[*]Remove the checkmark from the checkbox labeled Hide file extensions for known file types.
[*]Remove the checkmark from the checkbox labeled Hide protected operating system files.
[*]Press the Apply button and then the OK button and shutdown My Computer.

Search for and delete this Folder:

C:\Program Files\Ultimate Cleaner

Search for and delete these Files:

C:\WINDOWS\system32\tezxwr.dll
C:\WINDOWS\system32\xcsradd.dll

Double-click ATF Cleaner.exe to open it.

Under Main choose:

Windows Temp
Current User Temp
All Users Temp
Cookies
Temporary Internet Files
Prefetch
Java Cache

*The other boxes are optional*

Then click the Empty Selected button.

For Firefox:

Click Firefox at the top and choose: Select All
Click the Empty Selected button.

NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

For Opera:

Click Opera at the top and choose: Select All
Click the Empty Selected button.

NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

Click Exit on the Main menu to close the program.

Close ALL open Windows / Programs / Folders. Please start AVG Anti-Spyware and run a full scan.

[*]Click on Scanner on the toolbar.
[*]Click on the Settings tab.

[*]Under How to act?

[*]Click on Recommended Action and choose Quarantine from the popup menu.

[*]Under How to scan?

[*]All checkboxes should be ticked.

[*]Under Possibly unwanted software:

[*]All checkboxes should be ticked.

[*]Under Reports:

[*]Select Automatically generate report after every scan and uncheck Only if threats were found.

[*]Under What to scan?

[*]Select Scan every file.

[*]Click on the Scan tab.
[*]Click on Complete System Scan to start the scan process.
[*]Let the program scan the machine.
[*]When the scan has finished, follow the instructions below.

IMPORTANT : Don't click on the "Save Scan Report" button before you did hit the "Apply all Actions" button.

[*]Make sure that Set all elements to: shows Quarantine (1), if not click on the link and choose Quarantine from the popup menu. (2)
[*]At the bottom of the window click on the Apply all Actions button. (3)




[*]When done, click the Save Scan Report button. (4)

[*]Click the Save Report as button.
[*]Save the report to your Desktop.

[*]Right-click the AVG Anti-Spyware Tray Icon and select Exit. Confirm by clicking Yes.

Empty your Recycle Bin.

Reboot Windows normally.

Please do an online scan with Kaspersky WebScanner

Click on Kaspersky Online Scanner

You will be promted to install an ActiveX component from Kaspersky,
Click Yes.

[*]The program will launch and then begin downloading the latest definition files:
[*]Once the files have been downloaded click on NEXT
[*]Now click on Scan Settings
[*]In the scan settings make that the following are selected:

[*]Scan using the following Anti-Virus database:

Extended (if available otherwise Standard)

[*]Scan Options:

Scan Archives Scan Mail Bases

[*]Click OK
[*]Now under select a target to scan:

Select My Computer

[*]This will program will start and scan your system.
[*]The scan will take a while so be patient and let it run.
[*]Once the scan is complete it will display if your system has been infected.
[*]Now click on the Save as Text button:
[*]Save the file to your desktop.

Post the contents of the Kaspersky scan log, the AVG log and a new HijackThis log please.

Also... do you have eMule installed?
[ + quote]
roblatacz
Member
_ 		11. April 2007 @ 05:17 _ Link to this message    Send private message to this user   
Ive completed everything and here are the results.

AVG Anti-Spyware results:

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 12:13:55 11/04/2007

+ Scan result:



C:\Program Files\DAEMON Tools\SetupDTSB.exe -> Adware.SaveNow : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{1ECDAF7B-E276-4258-8067-2BBA1926186B}\RP374\A0085054.exe -> Adware.Searchcolor : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{1ECDAF7B-E276-4258-8067-2BBA1926186B}\RP374\A0085056.exe -> Adware.Searchcolor : Cleaned with backup (quarantined).
C:\VundoFix Backups\hlaancac.exe.bad -> Adware.Searchcolor : Cleaned with backup (quarantined).
C:\VundoFix Backups\pnnttxde.exe.bad -> Adware.Searchcolor : Cleaned with backup (quarantined).
C:\WINDOWS\system32\mtfjnjot.exe -> Adware.Searchcolor : Cleaned with backup (quarantined).
C:\Documents and Settings\Sebastian\My Documents\WarlordsBattlecryIIISetup-dm.exe -> Adware.Trymedia : Cleaned with backup (quarantined).
C:\Documents and Settings\Natalie\Local Settings\Temp\SAISetup.exe -> Adware.Zango : Cleaned with backup (quarantined).
:mozilla.122:C:\Documents and Settings\Natalie\Application Data\Mozilla\Firefox\Profiles\hyezarrr.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.14:C:\Documents and Settings\Natalie\Application Data\Mozilla\Firefox\Profiles\hyezarrr.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.152:C:\Documents and Settings\Natalie\Application Data\Mozilla\Firefox\Profiles\hyezarrr.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.15:C:\Documents and Settings\Natalie\Application Data\Mozilla\Firefox\Profiles\hyezarrr.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.16:C:\Documents and Settings\Natalie\Application Data\Mozilla\Firefox\Profiles\hyezarrr.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.17:C:\Documents and Settings\Natalie\Application Data\Mozilla\Firefox\Profiles\hyezarrr.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.18:C:\Documents and Settings\Natalie\Application Data\Mozilla\Firefox\Profiles\hyezarrr.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.19:C:\Documents and Settings\Natalie\Application Data\Mozilla\Firefox\Profiles\hyezarrr.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.20:C:\Documents and Settings\Natalie\Application Data\Mozilla\Firefox\Profiles\hyezarrr.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.325:C:\Documents and Settings\Natalie\Application Data\Mozilla\Firefox\Profiles\hyezarrr.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.83:C:\Documents and Settings\Natalie\Application Data\Mozilla\Firefox\Profiles\hyezarrr.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.167:C:\Documents and Settings\Natalie\Application Data\Mozilla\Firefox\Profiles\hyezarrr.default\cookies.txt -> TrackingCookie.Adjuggler : Cleaned.
:mozilla.47:C:\Documents and Settings\Natalie\Application Data\Mozilla\Firefox\Profiles\hyezarrr.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.48:C:\Documents and Settings\Natalie\Application Data\Mozilla\Firefox\Profiles\hyezarrr.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.50:C:\Documents and Settings\Natalie\Application Data\Mozilla\Firefox\Profiles\hyezarrr.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.51:C:\Documents and Settings\Natalie\Application Data\Mozilla\Firefox\Profiles\hyezarrr.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.52:C:\Documents and Settings\Natalie\Application Data\Mozilla\Firefox\Profiles\hyezarrr.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.53:C:\Documents and Settings\Natalie\Application Data\Mozilla\Firefox\Profiles\hyezarrr.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.55:C:\Documents and Settings\Natalie\Application Data\Mozilla\Firefox\Profiles\hyezarrr.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.333:C:\Documents and Settings\Natalie\Application Data\Mozilla\Firefox\Profiles\hyezarrr.default\cookies.txt -> TrackingCookie.Adtech : Cleaned.
:mozilla.334:C:\Documents and Settings\Natalie\Application Data\Mozilla\Firefox\Profiles\hyezarrr.default\cookies.txt -> TrackingCookie.Adtech : Cleaned.
:mozilla.66:C:\Documents and Settings\Natalie\Application Data\Mozilla\Firefox\Profiles\hyezarrr.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.67:C:\Documents and Settings\Natalie\Application Data\Mozilla\Firefox\Profiles\hyezarrr.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.68:C:\Documents and Settings\Natalie\Application Data\Mozilla\Firefox\Profiles\hyezarrr.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.69:C:\Documents and Settings\Natalie\Application Data\Mozilla\Firefox\Profiles\hyezarrr.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.70:C:\Documents and Settings\Natalie\Application Data\Mozilla\Firefox\Profiles\hyezarrr.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.401:C:\Documents and Settings\Natalie\Application Data\Mozilla\Firefox\Profiles\hyezarrr.default\cookies.txt -> TrackingCookie.Adviva : Cleaned.
:mozilla.49:C:\Documents and Settings\Natalie\Application Data\Mozilla\Firefox\Profiles\hyezarrr.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
:mozilla.165:C:\Documents and Settings\Natalie\Application Data\Mozilla\Firefox\Profiles\hyezarrr.default\cookies.txt -> TrackingCookie.Billboard : Cleaned.
:mozilla.21:C:\Documents and Settings\Natalie\Application Data\Mozilla\Firefox\Profiles\hyezarrr.default\cookies.txt -> TrackingCookie.Bluestreak : Cleaned.
:mozilla.356:C:\Documents and Settings\Natalie\Application Data\Mozilla\Firefox\Profiles\hyezarrr.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.304:C:\Documents and Settings\Natalie\Application Data\Mozilla\Firefox\Profiles\hyezarrr.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.363:C:\Documents and Settings\Natalie\Application Data\Mozilla\Firefox\Profiles\hyezarrr.default\cookies.txt -> TrackingCookie.Clickhype : Cleaned.
:mozilla.274:C:\Documents and Settings\Natalie\Application Data\Mozilla\Firefox\Profiles\hyezarrr.default\cookies.txt -> TrackingCookie.Co : Cleaned.
:mozilla.273:C:\Documents and Settings\Natalie\Application Data\Mozilla\Firefox\Profiles\hyezarrr.default\cookies.txt -> TrackingCookie.Com : Cleaned.
:mozilla.383:C:\Documents and Settings\Natalie\Application Data\Mozilla\Firefox\Profiles\hyezarrr.default\cookies.txt -> TrackingCookie.Connextra : Cleaned.
:mozilla.384:C:\Documents and Settings\Natalie\Application Data\Mozilla\Firefox\Profiles\hyezarrr.default\cookies.txt -> TrackingCookie.Connextra : Cleaned.
:mozilla.385:C:\Documents and Settings\Natalie\Application Data\Mozilla\Firefox\Profiles\hyezarrr.default\cookies.txt -> TrackingCookie.Connextra : Cleaned.
:mozilla.10:C:\Documents and Settings\Natalie\Application Data\Mozilla\Firefox\Profiles\hyezarrr.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.293:C:\Documents and Settings\Natalie\Application Data\Mozilla\Firefox\Profiles\hyezarrr.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.300:C:\Documents and Settings\Natalie\Application Data\Mozilla\Firefox\Profiles\hyezarrr.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.308:C:\Documents and Settings\Natalie\Application Data\Mozilla\Firefox\Profiles\hyezarrr.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.311:C:\Documents and Settings\Natalie\Application Data\Mozilla\Firefox\Profiles\hyezarrr.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.314:C:\Documents and Settings\Natalie\Application Data\Mozilla\Firefox\Profiles\hyezarrr.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.315:C:\Documents and Settings\Natalie\Application Data\Mozilla\Firefox\Profiles\hyezarrr.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.320:C:\Documents and Settings\Natalie\Application Data\Mozilla\Firefox\Profiles\hyezarrr.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.327:C:\Documents and Settings\Natalie\Application Data\Mozilla\Firefox\Profiles\hyezarrr.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.338:C:\Documents and Settings\Natalie\Application Data\Mozilla\Firefox\Profiles\hyezarrr.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.340:C:\Documents and Settings\Natalie\Application Data\Mozilla\Firefox\Profiles\hyezarrr.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.348:C:\Documents and Settings\Natalie\Application Data\Mozilla\Firefox\Profiles\hyezarrr.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.364:C:\Documents and Settings\Natalie\Application Data\Mozilla\Firefox\Profiles\hyezarrr.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.369:C:\Documents and Settings\Natalie\Application Data\Mozilla\Firefox\Profiles\hyezarrr.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.370:C:\Documents and Settings\Natalie\Application Data\Mozilla\Firefox\Profiles\hyezarrr.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.403:C:\Documents and Settings\Natalie\Application Data\Mozilla\Firefox\Profiles\hyezarrr.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.411:C:\Documents and Settings\Natalie\Application Data\Mozilla\Firefox\Profiles\hyezarrr.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.351:C:\Documents and Settings\Natalie\Application Data\Mozilla\Firefox\Profiles\hyezarrr.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.8:C:\Documents and Settings\Natalie\Application Data\Mozilla\Firefox\Profiles\hyezarrr.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.9:C:\Documents and Settings\Natalie\Application Data\Mozilla\Firefox\Profiles\hyezarrr.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.307:C:\Documents and Settings\Natalie\Application Data\Mozilla\Firefox\Profiles\hyezarrr.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.375:C:\Documents and Settings\Natalie\Application Data\Mozilla\Firefox\Profiles\hyezarrr.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.376:C:\Documents and Settings\Natalie\Application Data\Mozilla\Firefox\Profiles\hyezarrr.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.377:C:\Documents and Settings\Natalie\Application Data\Mozilla\Firefox\Profiles\hyezarrr.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.354:C:\Documents and Settings\Natalie\Application Data\Mozilla\Firefox\Profiles\hyezarrr.default\cookies.txt -> TrackingCookie.Imrworldwide : Cleaned.
:mozilla.355:C:\Documents and Settings\Natalie\Application Data\Mozilla\Firefox\Profiles\hyezarrr.default\cookies.txt -> TrackingCookie.Imrworldwide : Cleaned.
:mozilla.298:C:\Documents and Settings\Natalie\Application Data\Mozilla\Firefox\Profiles\hyezarrr.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.166:C:\Documents and Settings\Natalie\Application Data\Mozilla\Firefox\Profiles\hyezarrr.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.116:C:\Documents and Settings\Natalie\Application Data\Mozilla\Firefox\Profiles\hyezarrr.default\cookies.txt -> TrackingCookie.Myaffiliateprogram : Cleaned.
:mozilla.84:C:\Documents and Settings\Natalie\Application Data\Mozilla\Firefox\Profiles\hyezarrr.default\cookies.txt -> TrackingCookie.Myaffiliateprogram : Cleaned.
:mozilla.145:C:\Documents and Settings\Natalie\Application Data\Mozilla\Firefox\Profiles\hyezarrr.default\cookies.txt -> TrackingCookie.Netflame : Cleaned.
:mozilla.260:C:\Documents and Settings\Natalie\Application Data\Mozilla\Firefox\Profiles\hyezarrr.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.101:C:\Documents and Settings\Natalie\Application Data\Mozilla\Firefox\Profiles\hyezarrr.default\cookies.txt -> TrackingCookie.Paypal : Cleaned.
:mozilla.316:C:\Documents and Settings\Natalie\Application Data\Mozilla\Firefox\Profiles\hyezarrr.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.317:C:\Documents and Settings\Natalie\Application Data\Mozilla\Firefox\Profiles\hyezarrr.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.318:C:\Documents and Settings\Natalie\Application Data\Mozilla\Firefox\Profiles\hyezarrr.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.319:C:\Documents and Settings\Natalie\Application Data\Mozilla\Firefox\Profiles\hyezarrr.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.138:C:\Documents and Settings\Natalie\Application Data\Mozilla\Firefox\Profiles\hyezarrr.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.139:C:\Documents and Settings\Natalie\Application Data\Mozilla\Firefox\Profiles\hyezarrr.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.153:C:\Documents and Settings\Natalie\Application Data\Mozilla\Firefox\Profiles\hyezarrr.default\cookies.txt -> TrackingCookie.Real : Cleaned.
:mozilla.193:C:\Documents and Settings\Natalie\Application Data\Mozilla\Firefox\Profiles\hyezarrr.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.194:C:\Documents and Settings\Natalie\Application Data\Mozilla\Firefox\Profiles\hyezarrr.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.253:C:\Documents and Settings\Natalie\Application Data\Mozilla\Firefox\Profiles\hyezarrr.default\cookies.txt -> TrackingCookie.Revenue : Cleaned.
:mozilla.254:C:\Documents and Settings\Natalie\Application Data\Mozilla\Firefox\Profiles\hyezarrr.default\cookies.txt -> TrackingCookie.Revenue : Cleaned.
:mozilla.255:C:\Documents and Settings\Natalie\Application Data\Mozilla\Firefox\Profiles\hyezarrr.default\cookies.txt -> TrackingCookie.Revenue : Cleaned.
:mozilla.256:C:\Documents and Settings\Natalie\Application Data\Mozilla\Firefox\Profiles\hyezarrr.default\cookies.txt -> TrackingCookie.Revenue : Cleaned.
:mozilla.257:C:\Documents and Settings\Natalie\Application Data\Mozilla\Firefox\Profiles\hyezarrr.default\cookies.txt -> TrackingCookie.Revenue : Cleaned.
:mozilla.258:C:\Documents and Settings\Natalie\Application Data\Mozilla\Firefox\Profiles\hyezarrr.default\cookies.txt -> TrackingCookie.Revenue : Cleaned.
:mozilla.147:C:\Documents and Settings\Natalie\Application Data\Mozilla\Firefox\Profiles\hyezarrr.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.148:C:\Documents and Settings\Natalie\Application Data\Mozilla\Firefox\Profiles\hyezarrr.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.149:C:\Documents and Settings\Natalie\Application Data\Mozilla\Firefox\Profiles\hyezarrr.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.150:C:\Documents and Settings\Natalie\Application Data\Mozilla\Firefox\Profiles\hyezarrr.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.73:C:\Documents and Settings\Natalie\Application Data\Mozilla\Firefox\Profiles\hyezarrr.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.74:C:\Documents and Settings\Natalie\Application Data\Mozilla\Firefox\Profiles\hyezarrr.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.75:C:\Documents and Settings\Natalie\Application Data\Mozilla\Firefox\Profiles\hyezarrr.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.76:C:\Documents and Settings\Natalie\Application Data\Mozilla\Firefox\Profiles\hyezarrr.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.80:C:\Documents and Settings\Natalie\Application Data\Mozilla\Firefox\Profiles\hyezarrr.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.185:C:\Documents and Settings\Natalie\Application Data\Mozilla\Firefox\Profiles\hyezarrr.default\cookies.txt -> TrackingCookie.Sitestat : Cleaned.
:mozilla.270:C:\Documents and Settings\Natalie\Application Data\Mozilla\Firefox\Profiles\hyezarrr.default\cookies.txt -> TrackingCookie.Sitestat : Cleaned.
:mozilla.271:C:\Documents and Settings\Natalie\Application Data\Mozilla\Firefox\Profiles\hyezarrr.default\cookies.txt -> TrackingCookie.Sitestat : Cleaned.
:mozilla.276:C:\Documents and Settings\Natalie\Application Data\Mozilla\Firefox\Profiles\hyezarrr.default\cookies.txt -> TrackingCookie.Sitestat : Cleaned.
:mozilla.158:C:\Documents and Settings\Natalie\Application Data\Mozilla\Firefox\Profiles\hyezarrr.default\cookies.txt -> TrackingCookie.Starware : Cleaned.
:mozilla.349:C:\Documents and Settings\Natalie\Application Data\Mozilla\Firefox\Profiles\hyezarrr.default\cookies.txt -> TrackingCookie.Starware : Cleaned.
:mozilla.350:C:\Documents and Settings\Natalie\Application Data\Mozilla\Firefox\Profiles\hyezarrr.default\cookies.txt -> TrackingCookie.Starware : Cleaned.
:mozilla.129:C:\Documents and Settings\Natalie\Application Data\Mozilla\Firefox\Profiles\hyezarrr.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.64:C:\Documents and Settings\Natalie\Application Data\Mozilla\Firefox\Profiles\hyezarrr.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.65:C:\Documents and Settings\Natalie\Application Data\Mozilla\Firefox\Profiles\hyezarrr.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.230:C:\Documents and Settings\Natalie\Application Data\Mozilla\Firefox\Profiles\hyezarrr.default\cookies.txt -> TrackingCookie.Toplist : Cleaned.
:mozilla.244:C:\Documents and Settings\Natalie\Application Data\Mozilla\Firefox\Profiles\hyezarrr.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned.
:mozilla.198:C:\Documents and Settings\Natalie\Application Data\Mozilla\Firefox\Profiles\hyezarrr.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.118:C:\Documents and Settings\Natalie\Application Data\Mozilla\Firefox\Profiles\hyezarrr.default\cookies.txt -> TrackingCookie.Valueclick : Cleaned.
:mozilla.126:C:\Documents and Settings\Natalie\Application Data\Mozilla\Firefox\Profiles\hyezarrr.default\cookies.txt -> TrackingCookie.Webtrends : Cleaned.
:mozilla.58:C:\Documents and Settings\Natalie\Application Data\Mozilla\Firefox\Profiles\hyezarrr.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.59:C:\Documents and Settings\Natalie\Application Data\Mozilla\Firefox\Profiles\hyezarrr.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.60:C:\Documents and Settings\Natalie\Application Data\Mozilla\Firefox\Profiles\hyezarrr.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.61:C:\Documents and Settings\Natalie\Application Data\Mozilla\Firefox\Profiles\hyezarrr.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.62:C:\Documents and Settings\Natalie\Application Data\Mozilla\Firefox\Profiles\hyezarrr.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.63:C:\Documents and Settings\Natalie\Application Data\Mozilla\Firefox\Profiles\hyezarrr.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
C:\Documents and Settings\Sebastian\Local Settings\Temp\Cookies\sebastian@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Cleaned.
C:\Documents and Settings\Sebastian\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\Dummy.class-4253870d-127d2e5b.class -> Trojan.ClassLoader.Dummy.d : Cleaned with backup (quarantined).
C:\WINDOWS\system32\drivers\etc\hosts -> Trojan.Qhosts : Cleaned with backup (quarantined).
C:\WINDOWS\system32\drivers\etc\hosts.msn -> Trojan.Qhosts : Cleaned with backup (quarantined).


::Report end


Here's the Kaspersky online results:

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Wednesday, April 11, 2007 2:05:01 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.83.0
Kaspersky Anti-Virus database last update: 11/04/2007
Kaspersky Anti-Virus database records: 295460
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\
E:\
F:\
G:\
H:\
I:\
J:\
K:\

Scan Statistics:
Total number of scanned objects: 111653
Number of viruses found: 6
Number of infected objects: 14 / 0
Number of suspicious objects: 0
Duration of the scan process: 01:35:12

Infected Object Name / Virus Name / Last Action
C:\44aa202ea34f1d39c93683118d\msxml4-KB927978-enu.log Object is locked skipped
C:\8354787cb763758d235eb2d1\update\update.exe Object is locked skipped
C:\8354787cb763758d235eb2d1\update\wpdinstallutil.dll Object is locked skipped
C:\904aa128def7548845\msxml6-KB927977-enu-x86.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\avg7\Log\emc.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log.lck Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\aa7aa13a3aefa360da138b71676f224e_2c2dd6fb-3b56-4a85-920e-dcae7d8c47a9 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Dr Watson\user.dmp Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temp\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temp\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Natalie\Local Settings\Temp\tinst26.exe Infected: not-a-virus:FraudTool.Win32.SecurityCenter.a skipped
C:\Documents and Settings\NetworkService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Robert\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Robert\Local Settings\Application Data\ApplicationHistory\cli.exe.c88dbd71.ini.inuse Object is locked skipped
C:\Documents and Settings\Robert\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Robert\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Robert\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Robert\Local Settings\Temp\Perflib_Perfdata_19c.dat Object is locked skipped
C:\Documents and Settings\Robert\Local Settings\Temp\Perflib_Perfdata_fa8.dat Object is locked skipped
C:\Documents and Settings\Robert\Local Settings\Temp\Perflib_Perfdata_fb4.dat Object is locked skipped
C:\Documents and Settings\Robert\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Robert\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Robert\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Sebastian\Local Settings\Temp\tinst3.exe Infected: not-a-virus:FraudTool.Win32.SecurityCenter.a skipped
C:\e41540989b594e03d1b45c6f62\update\update.exe Object is locked skipped
C:\e41540989b594e03d1b45c6f62\update\updspapi.dll Object is locked skipped
C:\Program Files\Hijackthis\backups\backup-20070411-100459-174.dll Infected: Trojan.Win32.Obfuscated.ev skipped
C:\Program Files\Hijackthis\backups\backup-20070411-100459-977.dll Infected: Trojan.Win32.Obfuscated.ev skipped
C:\Program Files\TightVNC\VNCHooks.dll Infected: not-a-virus:RemoteAdmin.Win32.WinVNC-based.b skipped
C:\Program Files\TightVNC\WinVNC.exe Infected: not-a-virus:RemoteAdmin.Win32.WinVNC-based.h skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{1ECDAF7B-E276-4258-8067-2BBA1926186B}\RP374\A0085055.dll Infected: Trojan.Win32.Obfuscated.ev skipped
C:\System Volume Information\_restore{1ECDAF7B-E276-4258-8067-2BBA1926186B}\RP374\A0085057.dll Infected: Trojan.Win32.Obfuscated.ev skipped
C:\System Volume Information\_restore{1ECDAF7B-E276-4258-8067-2BBA1926186B}\RP375\A0085116.dll Infected: Trojan.Win32.Obfuscated.ev skipped
C:\System Volume Information\_restore{1ECDAF7B-E276-4258-8067-2BBA1926186B}\RP376\A0085126.exe Infected: not-a-virus:AdTool.Win32.WhenU.a skipped
C:\System Volume Information\_restore{1ECDAF7B-E276-4258-8067-2BBA1926186B}\RP376\A0085127.exe Infected: not-a-virus:AdWare.Win32.Searchcolor.a skipped
C:\System Volume Information\_restore{1ECDAF7B-E276-4258-8067-2BBA1926186B}\RP376\A0085130.dll Infected: Trojan.Win32.Obfuscated.ev skipped
C:\System Volume Information\_restore{1ECDAF7B-E276-4258-8067-2BBA1926186B}\RP376\change.log Object is locked skipped
C:\VundoFix Backups\huhylpf.dll.bad Infected: Trojan.Win32.Obfuscated.ev skipped
C:\VundoFix Backups\tiydwic.dll.bad Infected: Trojan.Win32.Obfuscated.ev skipped
C:\WINDOWS\$NtUninstallKB835732$\callcont.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\h323.tsp Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\h323msp.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\helpctr.exe Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\ipnathlp.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\lsasrv.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\mf3216.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\msasn1.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\msgina.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\mst120.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\netapi32.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\nmcom.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\rtcdll.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\schannel.dll Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\EventCache\{ACEADBB2-BDFE-49EF-B90B-67224D4B6847}.bin Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\ACEEvent.evt Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\drivers\sptd.sys Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\LogFiles\WUDF\WUDFTrace.etl Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped

Scan process completed.

And here is a New HijackThis logfile:

Logfile of HijackThis v1.99.1
Scan saved at 14:13:44, on 11/04/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\WINDOWS\System32\NILaunch.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\WINDOWS\system32\ezSP_Px.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\WINDOWS\system32\bgsvcgen.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\libusbd-nt.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Hijackthis\HijackThis_v1.99.1.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {6C698B34-C906-6797-3663-014FC41172E2} - C:\WINDOWS\system32\huhylpf.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {9AC5A846-1ECC-480A-8868-039A1C98CE20} - C:\WINDOWS\system32\jkhhh.dll (file missing)
O4 - HKLM\..\Run: [Net-It Launcher] C:\WINDOWS\System32\NILaunch.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\system32\ezSP_Px.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [ctfmon] C:\WINDOWS\system32\dlg\ctfmon.exe
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime Alternative\qttask.exe" -atboottime
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner...can_unicode.cab
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by126fd.bay126.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v4.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupd...b?1161120896609
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Mes...nt.cab31267.cab
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab
O16 - DPF: {BE833F39-1E0C-468C-BA70-25AAEE55775E} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab.cab
O16 - DPF: {C02226EB-A5D7-4B1F-BD7E-635E46C2288D} (Toontown Installer ActiveX Control) - https://ukplay.toontown.com/download/sv1.0.24.18/ttinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{7E1C9723-BDF6-4AD8-A923-BFE2317A4E6E}: NameServer = 194.168.4.100,194.168.8.100
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - AppInit_DLLs: MsgPlusLoader.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\WINDOWS\system32\bgsvcgen.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: LibUsb-Win32 - Daemon, Version 0.1.10.1 (libusbd) - http://libusb-win32.sourceforge.net - C:\WINDOWS\system32\libusbd-nt.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe

Thanks for all the help.

P.S. In the AVG Anti-Spyware scan it showed that my pc is infected with two high risk trojans:

-Trojan.ClassLoader.Dummy.D
-Trojan.Qhosts

What effects do they have?
[ + quote]
KotaGuy
Member
_ 		11. April 2007 @ 06:00 _ Link to this message    Send private message to this user   
Run and scan with HijackThis and place checks besdie the following:

O2 - BHO: (no name) - {6C698B34-C906-6797-3663-014FC41172E2} - C:\WINDOWS\system32\huhylpf.dll (file missing)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {9AC5A846-1ECC-480A-8868-039A1C98CE20} - C:\WINDOWS\system32\jkhhh.dll (file missing)

Close all open browsers/windows and click the Fix button.

Search for and delete these Files:

C:\Documents and Settings\Natalie\Local Settings\Temp\tinst26.exe
C:\Documents and Settings\Sebastian\Local Settings\Temp\tinst3.exe

Reboot and post a new HijackThis log.

Quote:
P.S. In the AVG Anti-Spyware scan it showed that my pc is infected with two high risk trojans:

-Trojan.ClassLoader.Dummy.D
-Trojan.Qhosts

What effects do they have?
None as it is... AVG cleaned them.
[ + quote]
roblatacz
Member
_ 		11. April 2007 @ 07:32 _ Link to this message    Send private message to this user   
OK, all done, here's the new HijackThis logfile:

Logfile of HijackThis v1.99.1
Scan saved at 16:29:24, on 11/04/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\system32\bgsvcgen.exe
C:\WINDOWS\system32\libusbd-nt.exe
C:\WINDOWS\System32\NILaunch.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\WINDOWS\system32\ezSP_Px.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Hijackthis\HijackThis_v1.99.1.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O4 - HKLM\..\Run: [Net-It Launcher] C:\WINDOWS\System32\NILaunch.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\system32\ezSP_Px.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [ctfmon] C:\WINDOWS\system32\dlg\ctfmon.exe
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime Alternative\qttask.exe" -atboottime
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner...can_unicode.cab
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by126fd.bay126.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v4.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupd...b?1161120896609
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Mes...nt.cab31267.cab
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab
O16 - DPF: {BE833F39-1E0C-468C-BA70-25AAEE55775E} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab.cab
O16 - DPF: {C02226EB-A5D7-4B1F-BD7E-635E46C2288D} (Toontown Installer ActiveX Control) - https://ukplay.toontown.com/download/sv1.0.24.18/ttinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{7E1C9723-BDF6-4AD8-A923-BFE2317A4E6E}: NameServer = 194.168.4.100,194.168.8.100
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - AppInit_DLLs: MsgPlusLoader.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\WINDOWS\system32\bgsvcgen.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: LibUsb-Win32 - Daemon, Version 0.1.10.1 (libusbd) - http://libusb-win32.sourceforge.net - C:\WINDOWS\system32\libusbd-nt.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
[ + quote]
KotaGuy
Member
_ 		11. April 2007 @ 15:45 _ Link to this message    Send private message to this user   
Looks good... though there is one entry I need to know about...

O4 - HKLM\..\Run: [ctfmon] C:\WINDOWS\system32\dlg\ctfmon.exe

Do you have eMule installed?
[ + quote]
roblatacz
Member
_ 		12. April 2007 @ 00:53 _ Link to this message    Send private message to this user   
No, i dont have emule installed, I don't even know what it is.

Do I have to delete that file?
[ + quote]

This message has been edited since posting. Last time this message was edited on 12. April 2007 @ 01:08
roblatacz
Member
_ 		12. April 2007 @ 01:27 _ Link to this message    Send private message to this user   
I have looked under task manager and under the 'processes' tab and ctfmon.exe is running. Should i delete this or do I need it?
[ + quote]
KotaGuy
Member
_ 		12. April 2007 @ 06:02 _ Link to this message    Send private message to this user   
No... you have two of those files running... one is installed with Ofiice. The other, the one I asked about, is typically installed with eMule.

Do you have any other Peer2Peer programs installed?

If not... can I get you to go here and upload the file.

Please post back what the results of the scan is.
[ + quote]

This message has been edited since posting. Last time this message was edited on 12. April 2007 @ 06:02
roblatacz
Member
_ 		12. April 2007 @ 06:14 _ Link to this message    Send private message to this user   
I have utorrent installed which is a peer2peer filesharing application
[ + quote]

This message has been edited since posting. Last time this message was edited on 12. April 2007 @ 06:29
KotaGuy
Member
_ 		12. April 2007 @ 06:27 _ Link to this message    Send private message to this user   
OK... can I get you to upload the file to the link I supplied previously and report back the results of the scan please.
[ + quote]
roblatacz
Member
_ 		12. April 2007 @ 06:54 _ Link to this message    Send private message to this user   
I searched for the file using the windows xp search function and it found two 'ctfmon.exe' files. One is in Windows/system32 and the other in windows/servicepackfiles/i386. They are both 15kb in size.

I've sent both the files to virustotal by email and will post the results when they come.
[ + quote]
roblatacz
Member
_ 		12. April 2007 @ 07:13 _ Link to this message    Send private message to this user   
Here are the results:

Windows/system32/ctfmon.exe

Complete scanning result of "ctfmon.exe", processed in VirusTotal at 04/12/2007
16:53:50 (CET).

[ file data ]
* name: ctfmon.exe
* size: 15360
* md5.: 24232996a38c0b0cf151c2140ae29fc8
* sha1: b36d03b56a30187ffc6257459d632a4faac48af2

[ scan result ]
AhnLab-V3 2007.4.12.0/20070412 found nothing
AntiVir 7.3.1.50/20070412 found nothing
Authentium 4.93.8/20070412 found nothing
Avast 4.7.936.0/20070411 found nothing
AVG 7.5.0.447/20070412 found nothing
BitDefender 7.2/20070412 found nothing
CAT-QuickHeal 9.00/20070411 found nothing
ClamAV devel-20070312/20070412 found nothing
DrWeb 4.33/20070412 found nothing
eSafe 7.0.15.0/20070412 found nothing
eTrust-Vet 30.7.3562/20070412 found nothing
Ewido 4.0/20070412 found nothing
F-Prot 4.3.1.45/20070412 found nothing
F-Secure 6.70.13030.0/20070412 found nothing
FileAdvisor 1/20070412 found [No threat detected]
Fortinet 2.85.0.0/20070412 found nothing
Ikarus T3.1.1.5/20070412 found nothing
Kaspersky 4.0.2.24/20070412 found nothing
McAfee 5006/20070411 found nothing
Microsoft 1.2405/20070411 found nothing
NOD32v2 2184/20070412 found nothing
Norman 5.80.02/20070412 found nothing
Panda 9.0.0.4/20070412 found nothing
Prevx1 V2/20070412 found nothing
Sophos 4.16.0/20070412 found nothing
Sunbelt 2.2.907.0/20070407 found nothing
Symantec 10/20070412 found nothing
TheHacker 6.1.6.088/20070409 found nothing
VBA32 3.11.3/20070412 found nothing
VirusBuster 4.3.7:9/20070412 found nothing
Webwasher-Gateway 6.0.1/20070412 found nothing

[ notes ]
Bit9 info:
http://fileadvisor.bit9.com/services/ext...151c2140ae29fc8

Here's the second one located at windows/servicepackfiles/i386

Complete scanning result of "ctfmon.exe", processed in VirusTotal at 04/12/2007
16:53:50 (CET).

[ file data ]
* name: ctfmon.exe
* size: 15360
* md5.: 24232996a38c0b0cf151c2140ae29fc8
* sha1: b36d03b56a30187ffc6257459d632a4faac48af2

[ scan result ]
AhnLab-V3 2007.4.12.0/20070412 found nothing
AntiVir 7.3.1.50/20070412 found nothing
Authentium 4.93.8/20070412 found nothing
Avast 4.7.936.0/20070411 found nothing
AVG 7.5.0.447/20070412 found nothing
BitDefender 7.2/20070412 found nothing
CAT-QuickHeal 9.00/20070411 found nothing
ClamAV devel-20070312/20070412 found nothing
DrWeb 4.33/20070412 found nothing
eSafe 7.0.15.0/20070412 found nothing
eTrust-Vet 30.7.3562/20070412 found nothing
Ewido 4.0/20070412 found nothing
F-Prot 4.3.1.45/20070412 found nothing
F-Secure 6.70.13030.0/20070412 found nothing
FileAdvisor 1/20070412 found [No threat detected]
Fortinet 2.85.0.0/20070412 found nothing
Ikarus T3.1.1.5/20070412 found nothing
Kaspersky 4.0.2.24/20070412 found nothing
McAfee 5006/20070411 found nothing
Microsoft 1.2405/20070411 found nothing
NOD32v2 2184/20070412 found nothing
Norman 5.80.02/20070412 found nothing
Panda 9.0.0.4/20070412 found nothing
Prevx1 V2/20070412 found nothing
Sophos 4.16.0/20070412 found nothing
Sunbelt 2.2.907.0/20070407 found nothing
Symantec 10/20070412 found nothing
TheHacker 6.1.6.088/20070409 found nothing
VBA32 3.11.3/20070412 found nothing
VirusBuster 4.3.7:9/20070412 found nothing
Webwasher-Gateway 6.0.1/20070412 found nothing

[ notes ]
Bit9 info:
http://fileadvisor.bit9.com/services/ext...151c2140ae29fc8
[ + quote]
KotaGuy
Member
_ 		12. April 2007 @ 17:03 _ Link to this message    Send private message to this user   
Ok... rund and scan with HijackThis and place a check beside the following:

O4 - HKLM\..\Run: [ctfmon] C:\WINDOWS\system32\dlg\ctfmon.exe

Close all open browsers/windows and click the Fix button.

Reboot and post a new HijackThis log please.
[ + quote]
roblatacz
Member
_ 		13. April 2007 @ 00:58 _ Link to this message    Send private message to this user   
Ok, here's the new logfile:

Logfile of HijackThis v1.99.1
Scan saved at 09:57:25, on 13/04/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\system32\bgsvcgen.exe
C:\WINDOWS\System32\NILaunch.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\WINDOWS\system32\libusbd-nt.exe
C:\WINDOWS\system32\ezSP_Px.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Hijackthis\HijackThis_v1.99.1.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O4 - HKLM\..\Run: [Net-It Launcher] C:\WINDOWS\System32\NILaunch.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\system32\ezSP_Px.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime Alternative\qttask.exe" -atboottime
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner...can_unicode.cab
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by126fd.bay126.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v4.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupd...b?1161120896609
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Mes...nt.cab31267.cab
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab
O16 - DPF: {BE833F39-1E0C-468C-BA70-25AAEE55775E} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab.cab
O16 - DPF: {C02226EB-A5D7-4B1F-BD7E-635E46C2288D} (Toontown Installer ActiveX Control) - https://ukplay.toontown.com/download/sv1.0.24.18/ttinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{7E1C9723-BDF6-4AD8-A923-BFE2317A4E6E}: NameServer = 194.168.4.100,194.168.8.100
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - AppInit_DLLs: MsgPlusLoader.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\WINDOWS\system32\bgsvcgen.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: LibUsb-Win32 - Daemon, Version 0.1.10.1 (libusbd) - http://libusb-win32.sourceforge.net - C:\WINDOWS\system32\libusbd-nt.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe

Was the ctfmon.exe a virus then?
[ + quote]
KotaGuy
Member
_ 		13. April 2007 @ 04:51 _ Link to this message    Send private message to this user   
No.... just a leftover.

Your log is clean.

How is the PC behaving?
[ + quote]
roblatacz
Member
_ 		13. April 2007 @ 10:14 _ Link to this message    Send private message to this user   
It's alot better now, when I go on a website I don't get redirected anymore.

Thnaks alot for the help, really appreciate it.

Did I have any bad viruses or tojans? Can I keep all my passwords the same?

And could you please have a look at my second computer now, when I sign into Msn Hotmail a message comes up saying:

There is a problem with this website's security certificate.

The security certificate presented by this website has expired or is not yet valid.

Security certificate problems may indicate an attempt to fool you or intercept any data you send to the server.
We recommend that you close this webpage and do not continue to this website.
-Click here to close this webpage.
-Continue to this website (not recommended).
-More information

If you arrived at this page by clicking a link, check the website address in the address bar to be sure that it is the address you were expecting.
When going to a website with an address such as https://example.com, try adding the 'www' to the address, https://www.example.com.
If you choose to ignore this error and continue, do not enter private information into the website.

For more information, see "Certificate Errors" in Internet Explorer Help.

Is it safe to use hotmail and enter passwords into my second computer?
[ + quote]
KotaGuy
Member
_ 		13. April 2007 @ 15:22 _ Link to this message    Send private message to this user   
None of the infections you had were password stealers. But its a good practice to change them every now and then anyways. That choice is yours.

Need to do one last thing for your first computer. Your restore points are infected so you need to reset them. This will ensure a clean backup to fall upon if you ever need it. To do this:

[*]Right-click My Computer, and then click Properties.
[*]Click the System Restore tab.
[*]Check the "Turn off System Restore" or "Turn off System Restore on all drives"

Reboot your computer, follow the steps above, this time unchecking the "Turn off System Restore" and reboot.

Once done you can post a HjT log from your second computer and we'll take a look at that one.

:)

Edit: Just looked at the other topic you started... I don't see any sign of infection in the log.
[ + quote]

This message has been edited since posting. Last time this message was edited on 13. April 2007 @ 15:27
Advertisement
_ 		__
 
_
roblatacz
Member
_ 		13. April 2007 @ 23:51 _ Link to this message    Send private message to this user   
So should I try lowering the sercurity level?
[ + quote]
 
Page:12Next >
afterdawn.com > forums > software, operating systems and more > windows - virus and spyware problems > logfile help please
 

Digital video: AfterDawn.com | AfterDawn Forums
Music: MP3Lizard.com
Gaming: Blasteroids.com | Blasteroids Forums | Compare game prices
Software: Software downloads
Blogs: User profile pages
RSS feeds: AfterDawn.com News | Software updates | AfterDawn Forums
International: AfterDawn in Finnish | AfterDawn in Swedish | AfterDawn in Norwegian | download.fi
Navigate: Search | Site map
About us: About AfterDawn Ltd | Advertise on our sites | Rules, Restrictions, Legal disclaimer & Privacy policy
Contact us: Send feedback | Contact our media sales team
 
  © 1999-2025 by AfterDawn Ltd.

  IDG TechNetwork