Mobile/PDA About Us Advertise here
User User name Password  
  Not registered yet? Register here.
Lost your password? Click here. 		 
  Home   News   Guides   Downloads   Glossary   Hardware   Profiles   Forums   v4  
 Advertise at AfterDawn.com     Link to us!     Private messages     Compose a private message     List of all updated threads     Threads without replies     Search messages
Thursday 28.11.2024 / 21:46
Search AfterDawn Forums:        In English   Suomeksi   På svenska
afterdawn.com > forums > software, operating systems and more > windows - virus and spyware problems > winantiviruspro problem
Show topics
 
Forums
Forums
WinAntiVirusPro Problem
  Jump to:
 
Posted Message
Name05
Newbie
_ 		22. July 2006 @ 00:24 _ Link to this message    Send private message to this user   
My HjT log

Logfile of HijackThis v1.99.1
Scan saved at 4:23:54 AM, on 7/22/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\system32\WgaTray.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PccGuide.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe
C:\Program Files\Roxio\Roxio DVDMax Player\PDVDServ.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Common Files\{C898C5E8-08A2-1033-1214-050303060001}\Update.exe
C:\Program Files\Steam\Steam.exe
C:\Program Files\Xfire\Xfire.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\WINDOWS\system32\ntvdm.exe
C:\Documents and Settings\\Desktop\HijackThis_v1.99.1.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} - C:\WINDOWS\system32\efcdbaa.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {873eb32d-ae1a-4183-89bd-45a77f761be4} - C:\WINDOWS\system32\ixt1.dll
O2 - BHO: ToolBar888 - {CBCC61FA-0221-4ccc-B409-CEE865CACA3A} - C:\Program Files\ToolBar888\MyToolBar.dll (file missing)
O3 - Toolbar: ToolBar888 - {CBCC61FA-0221-4ccc-B409-CEE865CACA3A} - C:\Program Files\ToolBar888\MyToolBar.dll (file missing)
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2005\pccguide.exe"
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe"
O4 - HKLM\..\Run: [RemoteControl] C:\Program Files\Roxio\Roxio DVDMax Player\PDVDServ.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [Steam] C:\Program Files\Steam\Steam.exe -silent
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\Xfire.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/cl...
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Trend Micro ActiveX Scan Agent 6.5) - http://housecall65.trendmicro.com/housecall/applet/html/native/x8...
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: efcdbaa - C:\WINDOWS\SYSTEM32\efcdbaa.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: winjyp32 - winjyp32.dll (file missing)
O21 - SSODL: cinnamomum - {93ac7c30-3878-4eaa-9420-7977285df5b1} - C:\WINDOWS\system32\pmnqguh.dll (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe


any help will be greatly appreciated
[ + quote]

This message has been edited since posting. Last time this message was edited on 22. July 2006 @ 15:45
Advertisement
_ 		__
JaPK
Senior Member
_ 		22. July 2006 @ 22:29 _ Link to this message    Send private message to this user   
Hi again Name05 :)

You got infections...

Download SmitfraudFix.zip to your desktop -> http://siri.urz.free.fr/Fix/SmitfraudFix.zip

Unzip it (folder named SmitFraudFix) to your desktop:

Open the folder SmitfraudFix and doubleclick smitfraudfix.cmd
Choose option #1 - Search by typing 1 and pressing "Enter"; a textfile opens and lists the infected files (if those exist)

Post the contents of this textfile to here.

(Some antiviruses recognises process.exe as a malware. It is not malware, it is a program that stops processes)

[ + quote]
I have moved from AD, I won''t be taking new HijackThis logs from here. Reason: The AD''s Unsupportive athmosphere.
Name05
Newbie
_ 		23. July 2006 @ 07:44 _ Link to this message    Send private message to this user   
Here is my smitfraud log

SmitFraudFix v2.74

Scan done at 11:43:50.60, Sun 07/23/2006
Run from C:\Documents and Settings\Juston Worthington\Desktop\SmitfraudFix\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
Fix ran in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32

C:\WINDOWS\system32\ixt?.dll FOUND !
C:\WINDOWS\system32\ixt??.dll FOUND !
C:\WINDOWS\system32\ot.ico FOUND !
C:\WINDOWS\system32\components\flx?.dll FOUND !
C:\WINDOWS\system32\components\flx??.dll FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Juston Worthington\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Start Menu


»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\JUSTON~1\FAVORI~1

C:\DOCUME~1\JUSTON~1\FAVORI~1\Antivirus Test Online.url FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» Desktop


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files


»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys


»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"


»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"cinnamomum"="{93ac7c30-3878-4eaa-9420-7977285df5b1}"


»»»»»»»»»»»»»»»»»»»»»»»» Scanning wininet.dll infection


»»»»»»»»»»»»»»»»»»»»»»»» End
[ + quote]
JaPK
Senior Member
_ 		23. July 2006 @ 09:38 _ Link to this message    Send private message to this user   
Ok we'll continue...

Cleaning instructions:

Download and install Ewido Anti-Spyware 4.0 -> http://www.ewido.net/en/download/

-> Open Ewido Anti-Spyware
-> Click the Update icon at the top of the window
-> Click the Start update button
-> Wait for the update to download and install
-> Quit the program, we'll use this later.

Download ATF Cleaner by Atribune to your desktop -> http://www.atribune.org/ccount/click.php?id=1
Do NOT run yet.

Go to Control Panel -> Add/Remove programs -> Remove ToolBar888 if found

Download VundoFix.exe to your desktop -> http://www.atribune.org/ccount/click.php?id=4

* Double-click VundoFix.exe to run it.
* Put a check next to Run VundoFix as a task.
* You will receive a message saying vundofix will close and re-open in a minute or less. Click OK
* When VundoFix re-opens, click the Scan for Vundo button.
* Once it's done scanning, click the Remove Vundo button.
* You will receive a prompt asking if you want to remove the files, click YES
* Once you click yes, your desktop will go blank as it starts removing Vundo.
* When completed, it will prompt that it will shutdown your computer, click OK.
* Turn your computer back on

Run HijackThis. Press Do a system scan only, then close all other windows, checkmark the following entries and press Fix checked

O2 - BHO: (no name) - {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} - C:\WINDOWS\system32\efcdbaa.dll
O2 - BHO: (no name) - {873eb32d-ae1a-4183-89bd-45a77f761be4} - C:\WINDOWS\system32\ixt1.dll
O2 - BHO: ToolBar888 - {CBCC61FA-0221-4ccc-B409-CEE865CACA3A} - C:\Program Files\ToolBar888\MyToolBar.dll (file missing)
O3 - Toolbar: ToolBar888 - {CBCC61FA-0221-4ccc-B409-CEE865CACA3A} - C:\Program Files\ToolBar888\MyToolBar.dll (file missing)
O20 - Winlogon Notify: efcdbaa - C:\WINDOWS\SYSTEM32\efcdbaa.dll
O20 - Winlogon Notify: winjyp32 - winjyp32.dll (file missing)
O21 - SSODL: cinnamomum - {93ac7c30-3878-4eaa-9420-7977285df5b1} - C:\WINDOWS\system32\pmnqguh.dll (file missing)

Make your hidden files visible -> http://www.bleepingcomputer.com/tutorials/tutorial62.html
Restart your computer to the safemode -> http://www.pchell.com/support/safemode.shtml

Delete these folders (if found):
C:\Program Files\ToolBar888

Use the Windows "search" function
-> Start
-> Search
-> All files and folders
-> More advanced options

Checkmark these options:
- "Search system folders"
- "Search hidden files and folders"
- "Search subfolders"

->Search for this and delete if found: winjyp32.dll

Run ATF Cleaner -> Check select all -> Press Empty selected

When in safemode, open SmitfraudFix folder and doubleclick the file smitfraudfix.cmd
Choose option #2 - Clean by typing 2 and pressing "Enter" in order to remove the infected files.

You are asked: "Registry cleaning - Do you want to clean the registry ?"; answer "Yes" by typing Y and press "Enter" in order to remove your desktop wallpaper and the infected registry keys.

The tool checks if wininet.dll file is infected. You might be asked to replace the infected .dll (if found); answer "Yes" by typing Y and press "Enter".

The tool might have to restart your computer; if it won't do it, restart your computer back to normal mode.
A textfile will appear after the cleaning process, copy this file and paste it to here.

Tha log is saved to your local diskdrive, usually C:\rapport.txt.

Warning : Running option 2 in a clean computer will delete your desktop wallpaper.

-> Open Ewido Anti-Spyware
-> Click the Scanner icon at the top of the window
-> Click the Settings tab then select Recommended Options and choose Quarantine
-> Click the Scan tab
-> Select Complete System Scan. The scanning begins.

-> When the scan has completed:
-> If infections were found you'll be prompted about what to do.
-> Please make sure that the Set all elements to is set to Quarantine (in downleft corner of the window)
-> Then press Apply all actions and answer yes to all if it asks about something
-> Click on the Save Scan Report button and save the scan to your Desktop.
-> Copy and paste the scan results into your next post

Post the following logs to here:
-> a fresh HijackThis log
-> Ewido's log
-> Contents of C:\Rapport.txt
-> Contents of C:\Vundofix.txt
[ + quote]
I have moved from AD, I won''t be taking new HijackThis logs from here. Reason: The AD''s Unsupportive athmosphere.

This message has been edited since posting. Last time this message was edited on 23. July 2006 @ 09:39
Name05
Newbie
_ 		23. July 2006 @ 14:34 _ Link to this message    Send private message to this user   
HijackThis
Logfile of HijackThis v1.99.1
Scan saved at 6:31:35 PM, on 7/23/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Trend Micro\Internet Security 2005\pccguide.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe
C:\Program Files\Roxio\Roxio DVDMax Player\PDVDServ.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\Program Files\Steam\Steam.exe
C:\WINDOWS\system32\WgaTray.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\Winamp\Winamp.exe
C:\Documents and Settings\Juston Worthington\Desktop\HijackThis_v1.99.1.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2005\pccguide.exe"
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe"
O4 - HKLM\..\Run: [RemoteControl] C:\Program Files\Roxio\Roxio DVDMax Player\PDVDServ.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKCU\..\Run: [Steam] C:\Program Files\Steam\Steam.exe -silent
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\Xfire.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/cl...
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Trend Micro ActiveX Scan Agent 6.5) - http://housecall65.trendmicro.com/housecall/applet/html/native/x8...
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe

Ewido
---------------------------------------------------------
ewido anti-spyware - Scan Report
---------------------------------------------------------

+ Created at: 6:30:18 PM 7/23/2006

+ Scan result:



C:\VundoFix Backups\awtqn.dll -> Adware.Virtumonde : No action taken.
C:\VundoFix Backups\awtqo.dll -> Adware.Virtumonde : No action taken.
C:\VundoFix Backups\awtqp.dll -> Adware.Virtumonde : No action taken.
C:\VundoFix Backups\awtqq.dll -> Adware.Virtumonde : No action taken.
C:\VundoFix Backups\awtqr.dll -> Adware.Virtumonde : No action taken.
C:\VundoFix Backups\awtsp.dll -> Adware.Virtumonde : No action taken.
C:\VundoFix Backups\awtsq.dll -> Adware.Virtumonde : No action taken.
C:\VundoFix Backups\awtsr.dll -> Adware.Virtumonde : No action taken.
C:\VundoFix Backups\awtss.dll -> Adware.Virtumonde : No action taken.
C:\VundoFix Backups\awtst.dll -> Adware.Virtumonde : No action taken.
C:\VundoFix Backups\awvtq.dll -> Adware.Virtumonde : No action taken.
C:\VundoFix Backups\awvtr.dll -> Adware.Virtumonde : No action taken.
C:\VundoFix Backups\awvts.dll -> Adware.Virtumonde : No action taken.
C:\VundoFix Backups\awvtt.dll -> Adware.Virtumonde : No action taken.
C:\VundoFix Backups\awvtu.dll -> Adware.Virtumonde : No action taken.
C:\VundoFix Backups\awvvs.dll -> Adware.Virtumonde : No action taken.
C:\VundoFix Backups\awvvt.dll -> Adware.Virtumonde : No action taken.
C:\VundoFix Backups\awvvu.dll -> Adware.Virtumonde : No action taken.
C:\VundoFix Backups\awvvv.dll -> Adware.Virtumonde : No action taken.
C:\VundoFix Backups\awvvw.dll -> Adware.Virtumonde : No action taken.
C:\VundoFix Backups\ddaba.dll -> Adware.Virtumonde : No action taken.
C:\VundoFix Backups\ddabb.dll -> Adware.Virtumonde : No action taken.
C:\VundoFix Backups\ddabc.dll -> Adware.Virtumonde : No action taken.
C:\VundoFix Backups\ddabx.dll -> Adware.Virtumonde : No action taken.
C:\VundoFix Backups\ddaby.dll -> Adware.Virtumonde : No action taken.
C:\VundoFix Backups\ddaya.dll -> Adware.Virtumonde : No action taken.
C:\VundoFix Backups\ddayv.dll -> Adware.Virtumonde : No action taken.
C:\VundoFix Backups\ddayw.dll -> Adware.Virtumonde : No action taken.
C:\VundoFix Backups\ddayx.dll -> Adware.Virtumonde : No action taken.
C:\VundoFix Backups\ddayy.dll -> Adware.Virtumonde : No action taken.
C:\VundoFix Backups\ddcca.dll -> Adware.Virtumonde : No action taken.
C:\VundoFix Backups\ddccb.dll -> Adware.Virtumonde : No action taken.
C:\VundoFix Backups\ddccc.dll -> Adware.Virtumonde : No action taken.
C:\VundoFix Backups\ddccd.dll -> Adware.Virtumonde : No action taken.
C:\VundoFix Backups\ddccy.dll -> Adware.Virtumonde : No action taken.
C:\VundoFix Backups\ddcya.dll -> Adware.Virtumonde : No action taken.
C:\VundoFix Backups\ddcyv.dll -> Adware.Virtumonde : No action taken.
C:\VundoFix Backups\ddcyw.dll -> Adware.Virtumonde : No action taken.
C:\VundoFix Backups\ddcyx.dll -> Adware.Virtumonde : No action taken.
C:\VundoFix Backups\ddcyy.dll -> Adware.Virtumonde : No action taken.
C:\VundoFix Backups\efcdbaa.dll -> Adware.Virtumonde : No action taken.
C:\VundoFix Backups\gebca.dll -> Adware.Virtumonde : No action taken.
C:\VundoFix Backups\gebcb.dll -> Adware.Virtumonde : No action taken.
C:\VundoFix Backups\gebcc.dll -> Adware.Virtumonde : No action taken.
C:\VundoFix Backups\gebcd.dll -> Adware.Virtumonde : No action taken.
C:\VundoFix Backups\gebcy.dll -> Adware.Virtumonde : No action taken.
C:\VundoFix Backups\gebya.dll -> Adware.Virtumonde : No action taken.
C:\VundoFix Backups\gebyv.dll -> Adware.Virtumonde : No action taken.
C:\VundoFix Backups\gebyw.dll -> Adware.Virtumonde : No action taken.
C:\VundoFix Backups\gebyx.dll -> Adware.Virtumonde : No action taken.
C:\VundoFix Backups\gebyy.dll -> Adware.Virtumonde : No action taken.
C:\VundoFix Backups\geeba.dll -> Adware.Virtumonde : No action taken.
C:\VundoFix Backups\geebb.dll -> Adware.Virtumonde : No action taken.
C:\VundoFix Backups\geebc.dll -> Adware.Virtumonde : No action taken.
C:\VundoFix Backups\geebx.dll -> Adware.Virtumonde : No action taken.
C:\VundoFix Backups\geeby.dll -> Adware.Virtumonde : No action taken.
C:\VundoFix Backups\geeda.dll -> Adware.Virtumonde : No action taken.
C:\VundoFix Backups\geedb.dll -> Adware.Virtumonde : No action taken.
C:\VundoFix Backups\geedc.dll -> Adware.Virtumonde : No action taken.
C:\VundoFix Backups\geedd.dll -> Adware.Virtumonde : No action taken.
C:\VundoFix Backups\geede.dll -> Adware.Virtumonde : No action taken.
C:\VundoFix Backups\jkhfc.dll -> Adware.Virtumonde : No action taken.
C:\VundoFix Backups\jkhfd.dll -> Adware.Virtumonde : No action taken.
C:\VundoFix Backups\jkhfe.dll -> Adware.Virtumonde : No action taken.
C:\VundoFix Backups\jkhff.dll -> Adware.Virtumonde : No action taken.
C:\VundoFix Backups\jkhfg.dll -> Adware.Virtumonde : No action taken.
C:\VundoFix Backups\jkhhe.dll -> Adware.Virtumonde : No action taken.
C:\VundoFix Backups\jkhhf.dll -> Adware.Virtumonde : No action taken.
C:\VundoFix Backups\jkhhg.dll -> Adware.Virtumonde : No action taken.
C:\VundoFix Backups\jkhhh.dll -> Adware.Virtumonde : No action taken.
C:\VundoFix Backups\jkhhi.dll -> Adware.Virtumonde : No action taken.
C:\VundoFix Backups\jkkjg.dll -> Adware.Virtumonde : No action taken.
C:\VundoFix Backups\jkkjh.dll -> Adware.Virtumonde : No action taken.
C:\VundoFix Backups\jkkji.dll -> Adware.Virtumonde : No action taken.
C:\VundoFix Backups\jkkjj.dll -> Adware.Virtumonde : No action taken.
C:\VundoFix Backups\jkkjk.dll -> Adware.Virtumonde : No action taken.
C:\VundoFix Backups\jkkli.dll -> Adware.Virtumonde : No action taken.
C:\VundoFix Backups\jkklj.dll -> Adware.Virtumonde : No action taken.
C:\VundoFix Backups\jkklk.dll -> Adware.Virtumonde : No action taken.
C:\VundoFix Backups\jkkll.dll -> Adware.Virtumonde : No action taken.
C:\VundoFix Backups\jkklm.dll -> Adware.Virtumonde : No action taken.
C:\VundoFix Backups\mljgd.dll -> Adware.Virtumonde : No action taken.
C:\VundoFix Backups\mljge.dll -> Adware.Virtumonde : No action taken.
C:\VundoFix Backups\mljgf.dll -> Adware.Virtumonde : No action taken.
C:\VundoFix Backups\mljgg.dll -> Adware.Virtumonde : No action taken.
C:\VundoFix Backups\mljgh.dll -> Adware.Virtumonde : No action taken.
C:\VundoFix Backups\mljjg.dll -> Adware.Virtumonde : No action taken.
C:\VundoFix Backups\mljjh.dll -> Adware.Virtumonde : No action taken.
C:\VundoFix Backups\mljji.dll -> Adware.Virtumonde : No action taken.
C:\VundoFix Backups\mljjj.dll -> Adware.Virtumonde : No action taken.
C:\VundoFix Backups\mljjk.dll -> Adware.Virtumonde : No action taken.
C:\VundoFix Backups\mlljg.dll -> Adware.Virtumonde : No action taken.
C:\VundoFix Backups\mlljh.dll -> Adware.Virtumonde : No action taken.
C:\VundoFix Backups\mllji.dll -> Adware.Virtumonde : No action taken.
C:\VundoFix Backups\mlljj.dll -> Adware.Virtumonde : No action taken.
C:\VundoFix Backups\mlljk.dll -> Adware.Virtumonde : No action taken.
C:\VundoFix Backups\mllmj.dll -> Adware.Virtumonde : No action taken.
C:\VundoFix Backups\mllmk.dll -> Adware.Virtumonde : No action taken.
C:\VundoFix Backups\mllml.dll -> Adware.Virtumonde : No action taken.
C:\VundoFix Backups\mllmm.dll -> Adware.Virtumonde : No action taken.
C:\VundoFix Backups\mllmn.dll -> Adware.Virtumonde : No action taken.
C:\VundoFix Backups\pmkhe.dll -> Adware.Virtumonde : No action taken.
C:\VundoFix Backups\pmkhf.dll -> Adware.Virtumonde : No action taken.
C:\VundoFix Backups\pmkhg.dll -> Adware.Virtumonde : No action taken.
C:\VundoFix Backups\pmkhh.dll -> Adware.Virtumonde : No action taken.
C:\VundoFix Backups\pmkhi.dll -> Adware.Virtumonde : No action taken.
C:\VundoFix Backups\pmkjg.dll -> Adware.Virtumonde : No action taken.
C:\VundoFix Backups\pmkjh.dll -> Adware.Virtumonde : No action taken.
C:\VundoFix Backups\pmkji.dll -> Adware.Virtumonde : No action taken.
C:\VundoFix Backups\pmkjj.dll -> Adware.Virtumonde : No action taken.
C:\VundoFix Backups\pmkjk.dll -> Adware.Virtumonde : No action taken.
C:\VundoFix Backups\pmnli.dll -> Adware.Virtumonde : No action taken.
C:\VundoFix Backups\pmnlj.dll -> Adware.Virtumonde : No action taken.
C:\VundoFix Backups\pmnlk.dll -> Adware.Virtumonde : No action taken.
C:\VundoFix Backups\pmnll.dll -> Adware.Virtumonde : No action taken.
C:\VundoFix Backups\pmnlm.dll -> Adware.Virtumonde : No action taken.
C:\VundoFix Backups\pmnnk.dll -> Adware.Virtumonde : No action taken.
C:\VundoFix Backups\pmnnl.dll -> Adware.Virtumonde : No action taken.
C:\VundoFix Backups\pmnnm.dll -> Adware.Virtumonde : No action taken.
C:\VundoFix Backups\pmnnn.dll -> Adware.Virtumonde : No action taken.
C:\VundoFix Backups\pmnno.dll -> Adware.Virtumonde : No action taken.
C:\VundoFix Backups\ssqpm.dll -> Adware.Virtumonde : No action taken.
C:\VundoFix Backups\ssqpn.dll -> Adware.Virtumonde : No action taken.
C:\VundoFix Backups\ssqpo.dll -> Adware.Virtumonde : No action taken.
C:\VundoFix Backups\ssqpp.dll -> Adware.Virtumonde : No action taken.
C:\VundoFix Backups\ssqpq.dll -> Adware.Virtumonde : No action taken.
C:\VundoFix Backups\ssqro.dll -> Adware.Virtumonde : No action taken.
C:\VundoFix Backups\ssqrp.dll -> Adware.Virtumonde : No action taken.
C:\VundoFix Backups\ssqrq.dll -> Adware.Virtumonde : No action taken.
C:\VundoFix Backups\ssqrr.dll -> Adware.Virtumonde : No action taken.
C:\VundoFix Backups\ssqrs.dll -> Adware.Virtumonde : No action taken.
C:\VundoFix Backups\sstqn.dll -> Adware.Virtumonde : No action taken.
C:\VundoFix Backups\sstqo.dll -> Adware.Virtumonde : No action taken.
C:\VundoFix Backups\sstqp.dll -> Adware.Virtumonde : No action taken.
C:\VundoFix Backups\sstqq.dll -> Adware.Virtumonde : No action taken.
C:\VundoFix Backups\sstqr.dll -> Adware.Virtumonde : No action taken.
C:\VundoFix Backups\ssttq.dll -> Adware.Virtumonde : No action taken.
C:\VundoFix Backups\ssttr.dll -> Adware.Virtumonde : No action taken.
C:\VundoFix Backups\sstts.dll -> Adware.Virtumonde : No action taken.
C:\VundoFix Backups\ssttt.dll -> Adware.Virtumonde : No action taken.
C:\VundoFix Backups\ssttu.dll -> Adware.Virtumonde : No action taken.
C:\VundoFix Backups\vtsqn.dll -> Adware.Virtumonde : No action taken.
C:\VundoFix Backups\vtsqo.dll -> Adware.Virtumonde : No action taken.
C:\VundoFix Backups\vtsqp.dll -> Adware.Virtumonde : No action taken.
C:\VundoFix Backups\vtsqq.dll -> Adware.Virtumonde : No action taken.
C:\VundoFix Backups\vtsqr.dll -> Adware.Virtumonde : No action taken.
C:\VundoFix Backups\vtstq.dll -> Adware.Virtumonde : No action taken.
C:\VundoFix Backups\vtstr.dll -> Adware.Virtumonde : No action taken.
C:\VundoFix Backups\vtsts.dll -> Adware.Virtumonde : No action taken.
C:\VundoFix Backups\vtstt.dll -> Adware.Virtumonde : No action taken.
C:\VundoFix Backups\vtstu.dll -> Adware.Virtumonde : No action taken.
C:\VundoFix Backups\vturo.dll -> Adware.Virtumonde : No action taken.
C:\VundoFix Backups\vturp.dll -> Adware.Virtumonde : No action taken.
C:\VundoFix Backups\vturq.dll -> Adware.Virtumonde : No action taken.
C:\VundoFix Backups\vturr.dll -> Adware.Virtumonde : No action taken.
C:\VundoFix Backups\vturs.dll -> Adware.Virtumonde : No action taken.
C:\VundoFix Backups\vtutq.dll -> Adware.Virtumonde : No action taken.
C:\VundoFix Backups\vtutr.dll -> Adware.Virtumonde : No action taken.
C:\VundoFix Backups\vtuts.dll -> Adware.Virtumonde : No action taken.
C:\VundoFix Backups\vtutt.dll -> Adware.Virtumonde : No action taken.
C:\VundoFix Backups\vtutu.dll -> Adware.Virtumonde : No action taken.
:mozilla.196:C:\Documents and Settings\Juston Worthington\Application Data\Mozilla\Firefox\Profiles\nirqj598.default\cookies.txt -> TrackingCookie.247realmedia : No action taken.
:mozilla.178:C:\Documents and Settings\Juston Worthington\Application Data\Mozilla\Firefox\Profiles\nirqj598.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.180:C:\Documents and Settings\Juston Worthington\Application Data\Mozilla\Firefox\Profiles\nirqj598.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.181:C:\Documents and Settings\Juston Worthington\Application Data\Mozilla\Firefox\Profiles\nirqj598.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.182:C:\Documents and Settings\Juston Worthington\Application Data\Mozilla\Firefox\Profiles\nirqj598.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.192:C:\Documents and Settings\Juston Worthington\Application Data\Mozilla\Firefox\Profiles\nirqj598.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.64:C:\Documents and Settings\Juston Worthington\Application Data\Mozilla\Firefox\Profiles\nirqj598.default\cookies.txt -> TrackingCookie.Adbrite : No action taken.
:mozilla.184:C:\Documents and Settings\Juston Worthington\Application Data\Mozilla\Firefox\Profiles\nirqj598.default\cookies.txt -> TrackingCookie.Addynamix : No action taken.
:mozilla.68:C:\Documents and Settings\Juston Worthington\Application Data\Mozilla\Firefox\Profiles\nirqj598.default\cookies.txt -> TrackingCookie.Adrevolver : No action taken.
:mozilla.69:C:\Documents and Settings\Juston Worthington\Application Data\Mozilla\Firefox\Profiles\nirqj598.default\cookies.txt -> TrackingCookie.Adrevolver : No action taken.
:mozilla.70:C:\Documents and Settings\Juston Worthington\Application Data\Mozilla\Firefox\Profiles\nirqj598.default\cookies.txt -> TrackingCookie.Adrevolver : No action taken.
:mozilla.71:C:\Documents and Settings\Juston Worthington\Application Data\Mozilla\Firefox\Profiles\nirqj598.default\cookies.txt -> TrackingCookie.Adrevolver : No action taken.
:mozilla.72:C:\Documents and Settings\Juston Worthington\Application Data\Mozilla\Firefox\Profiles\nirqj598.default\cookies.txt -> TrackingCookie.Adrevolver : No action taken.
:mozilla.38:C:\Documents and Settings\Juston Worthington\Application Data\Mozilla\Firefox\Profiles\nirqj598.default\cookies.txt -> TrackingCookie.Advertising : No action taken.
:mozilla.39:C:\Documents and Settings\Juston Worthington\Application Data\Mozilla\Firefox\Profiles\nirqj598.default\cookies.txt -> TrackingCookie.Advertising : No action taken.
:mozilla.40:C:\Documents and Settings\Juston Worthington\Application Data\Mozilla\Firefox\Profiles\nirqj598.default\cookies.txt -> TrackingCookie.Advertising : No action taken.
:mozilla.41:C:\Documents and Settings\Juston Worthington\Application Data\Mozilla\Firefox\Profiles\nirqj598.default\cookies.txt -> TrackingCookie.Advertising : No action taken.
:mozilla.42:C:\Documents and Settings\Juston Worthington\Application Data\Mozilla\Firefox\Profiles\nirqj598.default\cookies.txt -> TrackingCookie.Advertising : No action taken.
:mozilla.36:C:\Documents and Settings\Juston Worthington\Application Data\Mozilla\Firefox\Profiles\nirqj598.default\cookies.txt -> TrackingCookie.Atdmt : No action taken.
:mozilla.198:C:\Documents and Settings\Juston Worthington\Application Data\Mozilla\Firefox\Profiles\nirqj598.default\cookies.txt -> TrackingCookie.Burstnet : No action taken.
:mozilla.199:C:\Documents and Settings\Juston Worthington\Application Data\Mozilla\Firefox\Profiles\nirqj598.default\cookies.txt -> TrackingCookie.Burstnet : No action taken.
:mozilla.200:C:\Documents and Settings\Juston Worthington\Application Data\Mozilla\Firefox\Profiles\nirqj598.default\cookies.txt -> TrackingCookie.Burstnet : No action taken.
:mozilla.82:C:\Documents and Settings\Juston Worthington\Application Data\Mozilla\Firefox\Profiles\nirqj598.default\cookies.txt -> TrackingCookie.Casalemedia : No action taken.
:mozilla.83:C:\Documents and Settings\Juston Worthington\Application Data\Mozilla\Firefox\Profiles\nirqj598.default\cookies.txt -> TrackingCookie.Casalemedia : No action taken.
:mozilla.304:C:\Documents and Settings\Juston Worthington\Application Data\Mozilla\Firefox\Profiles\nirqj598.default\cookies.txt -> TrackingCookie.Clickbank : No action taken.
:mozilla.54:C:\Documents and Settings\Juston Worthington\Application Data\Mozilla\Firefox\Profiles\nirqj598.default\cookies.txt -> TrackingCookie.Doubleclick : No action taken.
:mozilla.216:C:\Documents and Settings\Juston Worthington\Application Data\Mozilla\Firefox\Profiles\nirqj598.default\cookies.txt -> TrackingCookie.Falkag : No action taken.
:mozilla.217:C:\Documents and Settings\Juston Worthington\Application Data\Mozilla\Firefox\Profiles\nirqj598.default\cookies.txt -> TrackingCookie.Falkag : No action taken.
:mozilla.218:C:\Documents and Settings\Juston Worthington\Application Data\Mozilla\Firefox\Profiles\nirqj598.default\cookies.txt -> TrackingCookie.Falkag : No action taken.
:mozilla.223:C:\Documents and Settings\Juston Worthington\Application Data\Mozilla\Firefox\Profiles\nirqj598.default\cookies.txt -> TrackingCookie.Falkag : No action taken.
:mozilla.60:C:\Documents and Settings\Juston Worthington\Application Data\Mozilla\Firefox\Profiles\nirqj598.default\cookies.txt -> TrackingCookie.Fastclick : No action taken.
:mozilla.61:C:\Documents and Settings\Juston Worthington\Application Data\Mozilla\Firefox\Profiles\nirqj598.default\cookies.txt -> TrackingCookie.Fastclick : No action taken.
:mozilla.62:C:\Documents and Settings\Juston Worthington\Application Data\Mozilla\Firefox\Profiles\nirqj598.default\cookies.txt -> TrackingCookie.Fastclick : No action taken.
:mozilla.63:C:\Documents and Settings\Juston Worthington\Application Data\Mozilla\Firefox\Profiles\nirqj598.default\cookies.txt -> TrackingCookie.Fastclick : No action taken.
:mozilla.305:C:\Documents and Settings\Juston Worthington\Application Data\Mozilla\Firefox\Profiles\nirqj598.default\cookies.txt -> TrackingCookie.Googleadservices : No action taken.
:mozilla.207:C:\Documents and Settings\Juston Worthington\Application Data\Mozilla\Firefox\Profiles\nirqj598.default\cookies.txt -> TrackingCookie.Hitbox : No action taken.
:mozilla.208:C:\Documents and Settings\Juston Worthington\Application Data\Mozilla\Firefox\Profiles\nirqj598.default\cookies.txt -> TrackingCookie.Hitbox : No action taken.
:mozilla.209:C:\Documents and Settings\Juston Worthington\Application Data\Mozilla\Firefox\Profiles\nirqj598.default\cookies.txt -> TrackingCookie.Hitbox : No action taken.
:mozilla.219:C:\Documents and Settings\Juston Worthington\Application Data\Mozilla\Firefox\Profiles\nirqj598.default\cookies.txt -> TrackingCookie.Hitbox : No action taken.
:mozilla.222:C:\Documents and Settings\Juston Worthington\Application Data\Mozilla\Firefox\Profiles\nirqj598.default\cookies.txt -> TrackingCookie.Hitbox : No action taken.
:mozilla.265:C:\Documents and Settings\Juston Worthington\Application Data\Mozilla\Firefox\Profiles\nirqj598.default\cookies.txt -> TrackingCookie.Hitbox : No action taken.
:mozilla.266:C:\Documents and Settings\Juston Worthington\Application Data\Mozilla\Firefox\Profiles\nirqj598.default\cookies.txt -> TrackingCookie.Hitbox : No action taken.
:mozilla.232:C:\Documents and Settings\Juston Worthington\Application Data\Mozilla\Firefox\Profiles\nirqj598.default\cookies.txt -> TrackingCookie.Hitslink : No action taken.
:mozilla.233:C:\Documents and Settings\Juston Worthington\Application Data\Mozilla\Firefox\Profiles\nirqj598.default\cookies.txt -> TrackingCookie.Hitslink : No action taken.
:mozilla.234:C:\Documents and Settings\Juston Worthington\Application Data\Mozilla\Firefox\Profiles\nirqj598.default\cookies.txt -> TrackingCookie.Hitslink : No action taken.
:mozilla.235:C:\Documents and Settings\Juston Worthington\Application Data\Mozilla\Firefox\Profiles\nirqj598.default\cookies.txt -> TrackingCookie.Hitslink : No action taken.
:mozilla.194:C:\Documents and Settings\Juston Worthington\Application Data\Mozilla\Firefox\Profiles\nirqj598.default\cookies.txt -> TrackingCookie.Mediaplex : No action taken.
:mozilla.278:C:\Documents and Settings\Juston Worthington\Application Data\Mozilla\Firefox\Profiles\nirqj598.default\cookies.txt -> TrackingCookie.Qksrv : No action taken.
:mozilla.282:C:\Documents and Settings\Juston Worthington\Application Data\Mozilla\Firefox\Profiles\nirqj598.default\cookies.txt -> TrackingCookie.Qksrv : No action taken.
:mozilla.175:C:\Documents and Settings\Juston Worthington\Application Data\Mozilla\Firefox\Profiles\nirqj598.default\cookies.txt -> TrackingCookie.Questionmarket : No action taken.
:mozilla.176:C:\Documents and Settings\Juston Worthington\Application Data\Mozilla\Firefox\Profiles\nirqj598.default\cookies.txt -> TrackingCookie.Questionmarket : No action taken.
:mozilla.177:C:\Documents and Settings\Juston Worthington\Application Data\Mozilla\Firefox\Profiles\nirqj598.default\cookies.txt -> TrackingCookie.Questionmarket : No action taken.
:mozilla.290:C:\Documents and Settings\Juston Worthington\Application Data\Mozilla\Firefox\Profiles\nirqj598.default\cookies.txt -> TrackingCookie.Reliablestats : No action taken.
:mozilla.293:C:\Documents and Settings\Juston Worthington\Application Data\Mozilla\Firefox\Profiles\nirqj598.default\cookies.txt -> TrackingCookie.Reliablestats : No action taken.
:mozilla.294:C:\Documents and Settings\Juston Worthington\Application Data\Mozilla\Firefox\Profiles\nirqj598.default\cookies.txt -> TrackingCookie.Reliablestats : No action taken.
:mozilla.295:C:\Documents and Settings\Juston Worthington\Application Data\Mozilla\Firefox\Profiles\nirqj598.default\cookies.txt -> TrackingCookie.Reliablestats : No action taken.
:mozilla.251:C:\Documents and Settings\Juston Worthington\Application Data\Mozilla\Firefox\Profiles\nirqj598.default\cookies.txt -> TrackingCookie.Ru4 : No action taken.
:mozilla.252:C:\Documents and Settings\Juston Worthington\Application Data\Mozilla\Firefox\Profiles\nirqj598.default\cookies.txt -> TrackingCookie.Ru4 : No action taken.
:mozilla.90:C:\Documents and Settings\Juston Worthington\Application Data\Mozilla\Firefox\Profiles\nirqj598.default\cookies.txt -> TrackingCookie.Serving-sys : No action taken.
:mozilla.91:C:\Documents and Settings\Juston Worthington\Application Data\Mozilla\Firefox\Profiles\nirqj598.default\cookies.txt -> TrackingCookie.Serving-sys : No action taken.
:mozilla.92:C:\Documents and Settings\Juston Worthington\Application Data\Mozilla\Firefox\Profiles\nirqj598.default\cookies.txt -> TrackingCookie.Serving-sys : No action taken.
:mozilla.93:C:\Documents and Settings\Juston Worthington\Application Data\Mozilla\Firefox\Profiles\nirqj598.default\cookies.txt -> TrackingCookie.Serving-sys : No action taken.
:mozilla.297:C:\Documents and Settings\Juston Worthington\Application Data\Mozilla\Firefox\Profiles\nirqj598.default\cookies.txt -> TrackingCookie.Statcounter : No action taken.
:mozilla.311:C:\Documents and Settings\Juston Worthington\Application Data\Mozilla\Firefox\Profiles\nirqj598.default\cookies.txt -> TrackingCookie.Tracking101 : No action taken.
:mozilla.8:C:\Documents and Settings\Juston Worthington\Application Data\Mozilla\Firefox\Profiles\nirqj598.default\cookies.txt -> TrackingCookie.Tribalfusion : No action taken.
:mozilla.9:C:\Documents and Settings\Juston Worthington\Application Data\Mozilla\Firefox\Profiles\nirqj598.default\cookies.txt -> TrackingCookie.Tribalfusion : No action taken.
:mozilla.55:C:\Documents and Settings\Juston Worthington\Application Data\Mozilla\Firefox\Profiles\nirqj598.default\cookies.txt -> TrackingCookie.Yieldmanager : No action taken.
:mozilla.56:C:\Documents and Settings\Juston Worthington\Application Data\Mozilla\Firefox\Profiles\nirqj598.default\cookies.txt -> TrackingCookie.Yieldmanager : No action taken.
:mozilla.57:C:\Documents and Settings\Juston Worthington\Application Data\Mozilla\Firefox\Profiles\nirqj598.default\cookies.txt -> TrackingCookie.Yieldmanager : No action taken.
:mozilla.58:C:\Documents and Settings\Juston Worthington\Application Data\Mozilla\Firefox\Profiles\nirqj598.default\cookies.txt -> TrackingCookie.Yieldmanager : No action taken.
:mozilla.59:C:\Documents and Settings\Juston Worthington\Application Data\Mozilla\Firefox\Profiles\nirqj598.default\cookies.txt -> TrackingCookie.Yieldmanager : No action taken.


::Report end

Rapport.txt
SmitFraudFix v2.74

Scan done at 18:09:17.42, Sun 07/23/2006
Run from C:\Documents and Settings\Juston Worthington\Desktop\SmitfraudFix\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
Fix ran in safe mode

»»»»»»»»»»»»»»»»»»»»»»»» Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"cinnamomum"="{93ac7c30-3878-4eaa-9420-7977285df5b1}"


»»»»»»»»»»»»»»»»»»»»»»»» Killing process


»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files

C:\WINDOWS\system32\ixt?.dll Deleted
C:\WINDOWS\system32\ot.ico Deleted
C:\WINDOWS\system32\components\flx?.dll Deleted
C:\DOCUME~1\JUSTON~1\FAVORI~1\Antivirus Test Online.url Deleted

»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files


»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

Registry Cleaning done.

»»»»»»»»»»»»»»»»»»»»»»»» After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» End

VundoFix.txt
VundoFix V5.1.5

Running as SYSTEM
from c:\windows\system32\VundoFix.exe

Checking Java version...

Java version is 1.5.0.3

Java version is 1.5.0.6

Scan started at 1:50:03 PM 7/23/2006

Listing files found while scanning....

C:\windows\system32\awtqn.dll
C:\windows\system32\awtqo.dll
C:\windows\system32\awtqp.dll
C:\windows\system32\awtqq.dll
C:\windows\system32\awtqr.dll
C:\windows\system32\awtsp.dll
C:\windows\system32\awtsq.dll
C:\windows\system32\awtsr.dll
C:\windows\system32\awtss.dll
C:\windows\system32\awtst.dll
C:\windows\system32\awvtq.dll
C:\windows\system32\awvtr.dll
C:\windows\system32\awvts.dll
C:\windows\system32\awvtt.dll
C:\windows\system32\awvtu.dll
C:\windows\system32\awvvs.dll
C:\windows\system32\awvvt.dll
C:\windows\system32\awvvu.dll
C:\windows\system32\awvvv.dll
C:\windows\system32\awvvw.dll
C:\windows\system32\ddaba.dll
C:\windows\system32\ddabb.dll
C:\windows\system32\ddabc.dll
C:\windows\system32\ddabx.dll
C:\windows\system32\ddaby.dll
C:\windows\system32\ddaya.dll
C:\windows\system32\ddayv.dll
C:\windows\system32\ddayw.dll
C:\windows\system32\ddayx.dll
C:\windows\system32\ddayy.dll
C:\windows\system32\ddcca.dll
C:\windows\system32\ddccb.dll
C:\windows\system32\ddccc.dll
C:\windows\system32\ddccd.dll
C:\windows\system32\ddccy.dll
C:\windows\system32\ddcya.dll
C:\windows\system32\ddcyv.dll
C:\windows\system32\ddcyw.dll
C:\windows\system32\ddcyx.dll
C:\windows\system32\ddcyy.dll
C:\windows\system32\efcdbaa.dll
C:\windows\system32\gebca.dll
C:\windows\system32\gebcb.dll
C:\windows\system32\gebcc.dll
C:\windows\system32\gebcd.dll
C:\windows\system32\gebcy.dll
C:\windows\system32\gebya.dll
C:\windows\system32\gebyv.dll
C:\windows\system32\gebyw.dll
C:\windows\system32\gebyx.dll
C:\windows\system32\gebyy.dll
C:\windows\system32\geeba.dll
C:\windows\system32\geebb.dll
C:\windows\system32\geebc.dll
C:\windows\system32\geebx.dll
C:\windows\system32\geeby.dll
C:\windows\system32\geeda.dll
C:\windows\system32\geedb.dll
C:\windows\system32\geedc.dll
C:\windows\system32\geedd.dll
C:\windows\system32\geede.dll
C:\windows\system32\jkhfc.dll
C:\windows\system32\jkhfd.dll
C:\windows\system32\jkhfe.dll
C:\windows\system32\jkhff.dll
C:\windows\system32\jkhfg.dll
C:\windows\system32\jkhhe.dll
C:\windows\system32\jkhhf.dll
C:\windows\system32\jkhhg.dll
C:\windows\system32\jkhhh.dll
C:\windows\system32\jkhhi.dll
C:\windows\system32\jkkjg.dll
C:\windows\system32\jkkjh.dll
C:\windows\system32\jkkji.dll
C:\windows\system32\jkkjj.dll
C:\windows\system32\jkkjk.dll
C:\windows\system32\jkkli.dll
C:\windows\system32\jkklj.dll
C:\windows\system32\jkklk.dll
C:\windows\system32\jkkll.dll
C:\windows\system32\jkklm.dll
C:\windows\system32\mljgd.dll
C:\windows\system32\mljge.dll
C:\windows\system32\mljgf.dll
C:\windows\system32\mljgg.dll
C:\windows\system32\mljgh.dll
C:\windows\system32\mljjg.dll
C:\windows\system32\mljjh.dll
C:\windows\system32\mljji.dll
C:\windows\system32\mljjj.dll
C:\windows\system32\mljjk.dll
C:\windows\system32\mlljg.dll
C:\windows\system32\mlljh.dll
C:\windows\system32\mllji.dll
C:\windows\system32\mlljj.dll
C:\windows\system32\mlljk.dll
C:\windows\system32\mllmj.dll
C:\windows\system32\mllmk.dll
C:\windows\system32\mllml.dll
C:\windows\system32\mllmm.dll
C:\windows\system32\mllmn.dll
C:\windows\system32\pmkhe.dll
C:\windows\system32\pmkhf.dll
C:\windows\system32\pmkhg.dll
C:\windows\system32\pmkhh.dll
C:\windows\system32\pmkhi.dll
C:\windows\system32\pmkjg.dll
C:\windows\system32\pmkjh.dll
C:\windows\system32\pmkji.dll
C:\windows\system32\pmkjj.dll
C:\windows\system32\pmkjk.dll
C:\windows\system32\pmnli.dll
C:\windows\system32\pmnlj.dll
C:\windows\system32\pmnlk.dll
C:\windows\system32\pmnll.dll
C:\windows\system32\pmnlm.dll
C:\windows\system32\pmnnk.dll
C:\windows\system32\pmnnl.dll
C:\windows\system32\pmnnm.dll
C:\windows\system32\pmnnn.dll
C:\windows\system32\pmnno.dll
C:\windows\system32\ssqpm.dll
C:\windows\system32\ssqpn.dll
C:\windows\system32\ssqpo.dll
C:\windows\system32\ssqpp.dll
C:\windows\system32\ssqpq.dll
C:\windows\system32\ssqro.dll
C:\windows\system32\ssqrp.dll
C:\windows\system32\ssqrq.dll
C:\windows\system32\ssqrr.dll
C:\windows\system32\ssqrs.dll
C:\windows\system32\sstqn.dll
C:\windows\system32\sstqo.dll
C:\windows\system32\sstqp.dll
C:\windows\system32\sstqq.dll
C:\windows\system32\sstqr.dll
C:\windows\system32\ssttq.dll
C:\windows\system32\ssttr.dll
C:\windows\system32\sstts.dll
C:\windows\system32\ssttt.dll
C:\windows\system32\ssttu.dll
C:\windows\system32\vtsqn.dll
C:\windows\system32\vtsqo.dll
C:\windows\system32\vtsqp.dll
C:\windows\system32\vtsqq.dll
C:\windows\system32\vtsqr.dll
C:\windows\system32\vtstq.dll
C:\windows\system32\vtstr.dll
C:\windows\system32\vtsts.dll
C:\windows\system32\vtstt.dll
C:\windows\system32\vtstu.dll
C:\windows\system32\vturo.dll
C:\windows\system32\vturp.dll
C:\windows\system32\vturq.dll
C:\windows\system32\vturr.dll
C:\windows\system32\vturs.dll
C:\windows\system32\vtutq.dll
C:\windows\system32\vtutr.dll
C:\windows\system32\vtuts.dll
C:\windows\system32\vtutt.dll
C:\windows\system32\vtutu.dll

Beginning removal...

The process smss.exe was successfully stopped

The process winlogon.exe was successfully stopped

The process explorer.exe was successfully stopped

The process iexplore.exe was successfully stopped

The process rundll32.exe was successfully stopped

Attempting to delete C:\windows\system32\awtqn.dll
C:\windows\system32\awtqn.dll Has been deleted!

Attempting to delete C:\windows\system32\awtqo.dll
C:\windows\system32\awtqo.dll Has been deleted!

Attempting to delete C:\windows\system32\awtqp.dll
C:\windows\system32\awtqp.dll Has been deleted!

Attempting to delete C:\windows\system32\awtqq.dll
C:\windows\system32\awtqq.dll Has been deleted!

Attempting to delete C:\windows\system32\awtqr.dll
C:\windows\system32\awtqr.dll Has been deleted!

Attempting to delete C:\windows\system32\awtsp.dll
C:\windows\system32\awtsp.dll Has been deleted!

Attempting to delete C:\windows\system32\awtsq.dll
C:\windows\system32\awtsq.dll Has been deleted!

Attempting to delete C:\windows\system32\awtsr.dll
C:\windows\system32\awtsr.dll Has been deleted!

Attempting to delete C:\windows\system32\awtss.dll
C:\windows\system32\awtss.dll Has been deleted!

Attempting to delete C:\windows\system32\awtst.dll
C:\windows\system32\awtst.dll Has been deleted!

Attempting to delete C:\windows\system32\awvtq.dll
C:\windows\system32\awvtq.dll Has been deleted!

Attempting to delete C:\windows\system32\awvtr.dll
C:\windows\system32\awvtr.dll Has been deleted!

Attempting to delete C:\windows\system32\awvts.dll
C:\windows\system32\awvts.dll Has been deleted!

Attempting to delete C:\windows\system32\awvtt.dll
C:\windows\system32\awvtt.dll Has been deleted!

Attempting to delete C:\windows\system32\awvtu.dll
C:\windows\system32\awvtu.dll Has been deleted!

Attempting to delete C:\windows\system32\awvvs.dll
C:\windows\system32\awvvs.dll Has been deleted!

Attempting to delete C:\windows\system32\awvvt.dll
C:\windows\system32\awvvt.dll Has been deleted!

Attempting to delete C:\windows\system32\awvvu.dll
C:\windows\system32\awvvu.dll Has been deleted!

Attempting to delete C:\windows\system32\awvvv.dll
C:\windows\system32\awvvv.dll Has been deleted!

Attempting to delete C:\windows\system32\awvvw.dll
C:\windows\system32\awvvw.dll Has been deleted!

Attempting to delete C:\windows\system32\ddaba.dll
C:\windows\system32\ddaba.dll Has been deleted!

Attempting to delete C:\windows\system32\ddabb.dll
C:\windows\system32\ddabb.dll Has been deleted!

Attempting to delete C:\windows\system32\ddabc.dll
C:\windows\system32\ddabc.dll Has been deleted!

Attempting to delete C:\windows\system32\ddabx.dll
C:\windows\system32\ddabx.dll Has been deleted!

Attempting to delete C:\windows\system32\ddaby.dll
C:\windows\system32\ddaby.dll Has been deleted!

Attempting to delete C:\windows\system32\ddaya.dll
C:\windows\system32\ddaya.dll Has been deleted!

Attempting to delete C:\windows\system32\ddayv.dll
C:\windows\system32\ddayv.dll Has been deleted!

Attempting to delete C:\windows\system32\ddayw.dll
C:\windows\system32\ddayw.dll Has been deleted!

Attempting to delete C:\windows\system32\ddayx.dll
C:\windows\system32\ddayx.dll Has been deleted!

Attempting to delete C:\windows\system32\ddayy.dll
C:\windows\system32\ddayy.dll Has been deleted!

Attempting to delete C:\windows\system32\ddcca.dll
C:\windows\system32\ddcca.dll Has been deleted!

Attempting to delete C:\windows\system32\ddccb.dll
C:\windows\system32\ddccb.dll Has been deleted!

Attempting to delete C:\windows\system32\ddccc.dll
C:\windows\system32\ddccc.dll Has been deleted!

Attempting to delete C:\windows\system32\ddccd.dll
C:\windows\system32\ddccd.dll Has been deleted!

Attempting to delete C:\windows\system32\ddccy.dll
C:\windows\system32\ddccy.dll Has been deleted!

Attempting to delete C:\windows\system32\ddcya.dll
C:\windows\system32\ddcya.dll Has been deleted!

Attempting to delete C:\windows\system32\ddcyv.dll
C:\windows\system32\ddcyv.dll Has been deleted!

Attempting to delete C:\windows\system32\ddcyw.dll
C:\windows\system32\ddcyw.dll Has been deleted!

Attempting to delete C:\windows\system32\ddcyx.dll
C:\windows\system32\ddcyx.dll Has been deleted!

Attempting to delete C:\windows\system32\ddcyy.dll
C:\windows\system32\ddcyy.dll Has been deleted!

Attempting to delete C:\windows\system32\efcdbaa.dll
C:\windows\system32\efcdbaa.dll Has been deleted!

Attempting to delete C:\windows\system32\gebca.dll
C:\windows\system32\gebca.dll Has been deleted!

Attempting to delete C:\windows\system32\gebcb.dll
C:\windows\system32\gebcb.dll Has been deleted!

Attempting to delete C:\windows\system32\gebcc.dll
C:\windows\system32\gebcc.dll Has been deleted!

Attempting to delete C:\windows\system32\gebcd.dll
C:\windows\system32\gebcd.dll Has been deleted!

Attempting to delete C:\windows\system32\gebcy.dll
C:\windows\system32\gebcy.dll Has been deleted!

Attempting to delete C:\windows\system32\gebya.dll
C:\windows\system32\gebya.dll Has been deleted!

Attempting to delete C:\windows\system32\gebyv.dll
C:\windows\system32\gebyv.dll Has been deleted!

Attempting to delete C:\windows\system32\gebyw.dll
C:\windows\system32\gebyw.dll Has been deleted!

Attempting to delete C:\windows\system32\gebyx.dll
C:\windows\system32\gebyx.dll Has been deleted!

Attempting to delete C:\windows\system32\gebyy.dll
C:\windows\system32\gebyy.dll Has been deleted!

Attempting to delete C:\windows\system32\geeba.dll
C:\windows\system32\geeba.dll Has been deleted!

Attempting to delete C:\windows\system32\geebb.dll
C:\windows\system32\geebb.dll Has been deleted!

Attempting to delete C:\windows\system32\geebc.dll
C:\windows\system32\geebc.dll Has been deleted!

Attempting to delete C:\windows\system32\geebx.dll
C:\windows\system32\geebx.dll Has been deleted!

Attempting to delete C:\windows\system32\geeby.dll
C:\windows\system32\geeby.dll Has been deleted!

Attempting to delete C:\windows\system32\geeda.dll
C:\windows\system32\geeda.dll Has been deleted!

Attempting to delete C:\windows\system32\geedb.dll
C:\windows\system32\geedb.dll Has been deleted!

Attempting to delete C:\windows\system32\geedc.dll
C:\windows\system32\geedc.dll Has been deleted!

Attempting to delete C:\windows\system32\geedd.dll
C:\windows\system32\geedd.dll Has been deleted!

Attempting to delete C:\windows\system32\geede.dll
C:\windows\system32\geede.dll Has been deleted!

Attempting to delete C:\windows\system32\jkhfc.dll
C:\windows\system32\jkhfc.dll Has been deleted!

Attempting to delete C:\windows\system32\jkhfd.dll
C:\windows\system32\jkhfd.dll Has been deleted!

Attempting to delete C:\windows\system32\jkhfe.dll
C:\windows\system32\jkhfe.dll Has been deleted!

Attempting to delete C:\windows\system32\jkhff.dll
C:\windows\system32\jkhff.dll Has been deleted!

Attempting to delete C:\windows\system32\jkhfg.dll
C:\windows\system32\jkhfg.dll Has been deleted!

Attempting to delete C:\windows\system32\jkhhe.dll
C:\windows\system32\jkhhe.dll Has been deleted!

Attempting to delete C:\windows\system32\jkhhf.dll
C:\windows\system32\jkhhf.dll Has been deleted!

Attempting to delete C:\windows\system32\jkhhg.dll
C:\windows\system32\jkhhg.dll Has been deleted!

Attempting to delete C:\windows\system32\jkhhh.dll
C:\windows\system32\jkhhh.dll Has been deleted!

Attempting to delete C:\windows\system32\jkhhi.dll
C:\windows\system32\jkhhi.dll Has been deleted!

Attempting to delete C:\windows\system32\jkkjg.dll
C:\windows\system32\jkkjg.dll Has been deleted!

Attempting to delete C:\windows\system32\jkkjh.dll
C:\windows\system32\jkkjh.dll Has been deleted!

Attempting to delete C:\windows\system32\jkkji.dll
C:\windows\system32\jkkji.dll Has been deleted!

Attempting to delete C:\windows\system32\jkkjj.dll
C:\windows\system32\jkkjj.dll Has been deleted!

Attempting to delete C:\windows\system32\jkkjk.dll
C:\windows\system32\jkkjk.dll Has been deleted!

Attempting to delete C:\windows\system32\jkkli.dll
C:\windows\system32\jkkli.dll Has been deleted!

Attempting to delete C:\windows\system32\jkklj.dll
C:\windows\system32\jkklj.dll Has been deleted!

Attempting to delete C:\windows\system32\jkklk.dll
C:\windows\system32\jkklk.dll Has been deleted!

Attempting to delete C:\windows\system32\jkkll.dll
C:\windows\system32\jkkll.dll Has been deleted!

Attempting to delete C:\windows\system32\jkklm.dll
C:\windows\system32\jkklm.dll Has been deleted!

Attempting to delete C:\windows\system32\mljgd.dll
C:\windows\system32\mljgd.dll Has been deleted!

Attempting to delete C:\windows\system32\mljge.dll
C:\windows\system32\mljge.dll Has been deleted!

Attempting to delete C:\windows\system32\mljgf.dll
C:\windows\system32\mljgf.dll Has been deleted!

Attempting to delete C:\windows\system32\mljgg.dll
C:\windows\system32\mljgg.dll Has been deleted!

Attempting to delete C:\windows\system32\mljgh.dll
C:\windows\system32\mljgh.dll Has been deleted!

Attempting to delete C:\windows\system32\mljjg.dll
C:\windows\system32\mljjg.dll Has been deleted!

Attempting to delete C:\windows\system32\mljjh.dll
C:\windows\system32\mljjh.dll Has been deleted!

Attempting to delete C:\windows\system32\mljji.dll
C:\windows\system32\mljji.dll Has been deleted!

Attempting to delete C:\windows\system32\mljjj.dll
C:\windows\system32\mljjj.dll Has been deleted!

Attempting to delete C:\windows\system32\mljjk.dll
C:\windows\system32\mljjk.dll Has been deleted!

Attempting to delete C:\windows\system32\mlljg.dll
C:\windows\system32\mlljg.dll Has been deleted!

Attempting to delete C:\windows\system32\mlljh.dll
C:\windows\system32\mlljh.dll Has been deleted!

Attempting to delete C:\windows\system32\mllji.dll
C:\windows\system32\mllji.dll Has been deleted!

Attempting to delete C:\windows\system32\mlljj.dll
C:\windows\system32\mlljj.dll Has been deleted!

Attempting to delete C:\windows\system32\mlljk.dll
C:\windows\system32\mlljk.dll Has been deleted!

Attempting to delete C:\windows\system32\mllmj.dll
C:\windows\system32\mllmj.dll Has been deleted!

Attempting to delete C:\windows\system32\mllmk.dll
C:\windows\system32\mllmk.dll Has been deleted!

Attempting to delete C:\windows\system32\mllml.dll
C:\windows\system32\mllml.dll Has been deleted!

Attempting to delete C:\windows\system32\mllmm.dll
C:\windows\system32\mllmm.dll Has been deleted!

Attempting to delete C:\windows\system32\mllmn.dll
C:\windows\system32\mllmn.dll Has been deleted!

Attempting to delete C:\windows\system32\pmkhe.dll
C:\windows\system32\pmkhe.dll Has been deleted!

Attempting to delete C:\windows\system32\pmkhf.dll
C:\windows\system32\pmkhf.dll Has been deleted!

Attempting to delete C:\windows\system32\pmkhg.dll
C:\windows\system32\pmkhg.dll Has been deleted!

Attempting to delete C:\windows\system32\pmkhh.dll
C:\windows\system32\pmkhh.dll Has been deleted!

Attempting to delete C:\windows\system32\pmkhi.dll
C:\windows\system32\pmkhi.dll Has been deleted!

Attempting to delete C:\windows\system32\pmkjg.dll
C:\windows\system32\pmkjg.dll Has been deleted!

Attempting to delete C:\windows\system32\pmkjh.dll
C:\windows\system32\pmkjh.dll Has been deleted!

Attempting to delete C:\windows\system32\pmkji.dll
C:\windows\system32\pmkji.dll Has been deleted!

Attempting to delete C:\windows\system32\pmkjj.dll
C:\windows\system32\pmkjj.dll Has been deleted!

Attempting to delete C:\windows\system32\pmkjk.dll
C:\windows\system32\pmkjk.dll Has been deleted!

Attempting to delete C:\windows\system32\pmnli.dll
C:\windows\system32\pmnli.dll Has been deleted!

Attempting to delete C:\windows\system32\pmnlj.dll
C:\windows\system32\pmnlj.dll Has been deleted!

Attempting to delete C:\windows\system32\pmnlk.dll
C:\windows\system32\pmnlk.dll Has been deleted!

Attempting to delete C:\windows\system32\pmnll.dll
C:\windows\system32\pmnll.dll Has been deleted!

Attempting to delete C:\windows\system32\pmnlm.dll
C:\windows\system32\pmnlm.dll Has been deleted!

Attempting to delete C:\windows\system32\pmnnk.dll
C:\windows\system32\pmnnk.dll Has been deleted!

Attempting to delete C:\windows\system32\pmnnl.dll
C:\windows\system32\pmnnl.dll Has been deleted!

Attempting to delete C:\windows\system32\pmnnm.dll
C:\windows\system32\pmnnm.dll Has been deleted!

Attempting to delete C:\windows\system32\pmnnn.dll
C:\windows\system32\pmnnn.dll Has been deleted!

Attempting to delete C:\windows\system32\pmnno.dll
C:\windows\system32\pmnno.dll Has been deleted!

Attempting to delete C:\windows\system32\ssqpm.dll
C:\windows\system32\ssqpm.dll Has been deleted!

Attempting to delete C:\windows\system32\ssqpn.dll
C:\windows\system32\ssqpn.dll Has been deleted!

Attempting to delete C:\windows\system32\ssqpo.dll
C:\windows\system32\ssqpo.dll Has been deleted!

Attempting to delete C:\windows\system32\ssqpp.dll
C:\windows\system32\ssqpp.dll Has been deleted!

Attempting to delete C:\windows\system32\ssqpq.dll
C:\windows\system32\ssqpq.dll Has been deleted!

Attempting to delete C:\windows\system32\ssqro.dll
C:\windows\system32\ssqro.dll Has been deleted!

Attempting to delete C:\windows\system32\ssqrp.dll
C:\windows\system32\ssqrp.dll Has been deleted!

Attempting to delete C:\windows\system32\ssqrq.dll
C:\windows\system32\ssqrq.dll Has been deleted!

Attempting to delete C:\windows\system32\ssqrr.dll
C:\windows\system32\ssqrr.dll Has been deleted!

Attempting to delete C:\windows\system32\ssqrs.dll
C:\windows\system32\ssqrs.dll Has been deleted!

Attempting to delete C:\windows\system32\sstqn.dll
C:\windows\system32\sstqn.dll Has been deleted!

Attempting to delete C:\windows\system32\sstqo.dll
C:\windows\system32\sstqo.dll Has been deleted!

Attempting to delete C:\windows\system32\sstqp.dll
C:\windows\system32\sstqp.dll Has been deleted!

Attempting to delete C:\windows\system32\sstqq.dll
C:\windows\system32\sstqq.dll Has been deleted!

Attempting to delete C:\windows\system32\sstqr.dll
C:\windows\system32\sstqr.dll Has been deleted!

Attempting to delete C:\windows\system32\ssttq.dll
C:\windows\system32\ssttq.dll Has been deleted!

Attempting to delete C:\windows\system32\ssttr.dll
C:\windows\system32\ssttr.dll Has been deleted!

Attempting to delete C:\windows\system32\sstts.dll
C:\windows\system32\sstts.dll Has been deleted!

Attempting to delete C:\windows\system32\ssttt.dll
C:\windows\system32\ssttt.dll Has been deleted!

Attempting to delete C:\windows\system32\ssttu.dll
C:\windows\system32\ssttu.dll Has been deleted!

Attempting to delete C:\windows\system32\vtsqn.dll
C:\windows\system32\vtsqn.dll Has been deleted!

Attempting to delete C:\windows\system32\vtsqo.dll
C:\windows\system32\vtsqo.dll Has been deleted!

Attempting to delete C:\windows\system32\vtsqp.dll
C:\windows\system32\vtsqp.dll Has been deleted!

Attempting to delete C:\windows\system32\vtsqq.dll
C:\windows\system32\vtsqq.dll Has been deleted!

Attempting to delete C:\windows\system32\vtsqr.dll
C:\windows\system32\vtsqr.dll Has been deleted!

Attempting to delete C:\windows\system32\vtstq.dll
C:\windows\system32\vtstq.dll Has been deleted!

Attempting to delete C:\windows\system32\vtstr.dll
C:\windows\system32\vtstr.dll Has been deleted!

Attempting to delete C:\windows\system32\vtsts.dll
C:\windows\system32\vtsts.dll Has been deleted!

Attempting to delete C:\windows\system32\vtstt.dll
C:\windows\system32\vtstt.dll Has been deleted!

Attempting to delete C:\windows\system32\vtstu.dll
C:\windows\system32\vtstu.dll Has been deleted!

Attempting to delete C:\windows\system32\vturo.dll
C:\windows\system32\vturo.dll Has been deleted!

Attempting to delete C:\windows\system32\vturp.dll
C:\windows\system32\vturp.dll Has been deleted!

Attempting to delete C:\windows\system32\vturq.dll
C:\windows\system32\vturq.dll Has been deleted!

Attempting to delete C:\windows\system32\vturr.dll
C:\windows\system32\vturr.dll Has been deleted!

Attempting to delete C:\windows\system32\vturs.dll
C:\windows\system32\vturs.dll Has been deleted!

Attempting to delete C:\windows\system32\vtutq.dll
C:\windows\system32\vtutq.dll Has been deleted!

Attempting to delete C:\windows\system32\vtutr.dll
C:\windows\system32\vtutr.dll Has been deleted!

Attempting to delete C:\windows\system32\vtuts.dll
C:\windows\system32\vtuts.dll Has been deleted!

Attempting to delete C:\windows\system32\vtutt.dll
C:\windows\system32\vtutt.dll Has been deleted!

Attempting to delete C:\windows\system32\vtutu.dll
C:\windows\system32\vtutu.dll Has been deleted!

Performing Repairs to the registry.
Done!


I couldnt find "winjyp32.dll" thru the search function, and
"O20 - Winlogon Notify: efcdbaa - C:\WINDOWS\SYSTEM32\efcdbaa.dll "
wasnt there anymore when i ran HijackThis again. And the toolbar888 folder/Add/Remove wasnt found :o


So far much appreciated, just hope nothing else is wrong :D
[ + quote]
Advertisement
_ 		__
 
_
JaPK
Senior Member
_ 		24. July 2006 @ 10:34 _ Link to this message    Send private message to this user   
Ok looks clean now :)

You seem to have two antiviruses running at the same time, AVG & Trendmicro. This is not recommended since it may cause severe problems.

I recommend that you remove either AVG or TrendMicro though "Control Panel" -> "Add/Remove Programs"

If you decide to remove TrendMicro, you need to install a new firewall too. In that case, these are good (free) firewalls:
ZoneAlarm --> http://www.zonelabs.com
Kerio--> http://www.sunbelt-software.com/Kerio.cfm
Outpost-> http://www.agnitum.com

You should update your Java (old version has all kinds of vulnerabilities)

1. Click "Start"-> "Control panel" -> Double-click Java icon (coffee cup)
2. Move to "Update" tab and update Java by clicking "Update Now". After that do a restart.
3. If you can't make automatic update, get new version manually from here -> http://www.java.com/en/download/manual.jsp
4. After updating, uninstall the old Java (if found) from Add/Remove Programs, named as
J2SE Runtime Environment 5.0 Update 3
J2SE Runtime Environment 5.0 Update 6

Then you can make your hidden files hidden again.

Then you can clean Ewido's quarantine:
-> Open Ewido
-> Choose "Infections"
-> Click "Select all"
-> Click "Remove finally"
-> Close Ewido

Now that you're clean, here are some tips how to stay clean.

-> Stand Up and Be Counted, Malware Complaints -> http://www.malwarecomplaints.info
The site offers people who have been (or are) victims of malware the opportunity to document their story and, in that way, launch a complaint against the malware and the makers of the malware.

-> Clear your system restore -> http://www.microsoft.com/windowsxp/using/helpandsupport/learnmore...
This will clear the system restore folders from possible malware that was left behind during the cleaning process. Remember to create a new restore point after the cleaning.

-> Use CCleaner -> http://www.ccleaner.com
Download and install CCleaner. Clean your registry and temporary files with it regularly.

-> Use Ad-Aware -> http://www.bleepingcomputer.com/forums/?showtutorial=48
Download and install Ad-Aware. Update it and scan your computer regularly with it.

-> Use Ewido -> http://www.ewido.net/en
Download and install Ewido. Update it and scan your computer regularly with it.

-> Install SpywareBlaster -> http://www.javacoolsoftware.com/spywareblaster.html
SpywareBlaster will prevent spyware from being installed to your computer.

-> Install MVPS Hosts file -> http://mvps.org/winhelp2002/hosts.htm
This prevents your computer from connecting to harmful sites.

-> Change your browser to Firefox -> http://www.mozilla.org
Firefox is faster, safer and quicker browser than Internet Explorer.

-> Keep your systen up-to-date -> http://windowsupdate.microsoft.com
Visit Windows Update regularly.

-> Keep your antivirus and firewall up-to-date
Scan your computer regularly with your antivirus.

-> Read this article by TonyKlein -> http://castlecops.com/postlite7736-.html
So how did I get infected in the first place?

Stay clean ;)
[ + quote]
I have moved from AD, I won''t be taking new HijackThis logs from here. Reason: The AD''s Unsupportive athmosphere.

This message has been edited since posting. Last time this message was edited on 24. July 2006 @ 10:35
afterdawn.com > forums > software, operating systems and more > windows - virus and spyware problems > winantiviruspro problem
 

Digital video: AfterDawn.com | AfterDawn Forums
Music: MP3Lizard.com
Gaming: Blasteroids.com | Blasteroids Forums | Compare game prices
Software: Software downloads
Blogs: User profile pages
RSS feeds: AfterDawn.com News | Software updates | AfterDawn Forums
International: AfterDawn in Finnish | AfterDawn in Swedish | AfterDawn in Norwegian | download.fi
Navigate: Search | Site map
About us: About AfterDawn Ltd | Advertise on our sites | Rules, Restrictions, Legal disclaimer & Privacy policy
Contact us: Send feedback | Contact our media sales team
 
  © 1999-2024 by AfterDawn Ltd.

  IDG TechNetwork