Background Problem - Page 3

kzm007 · 07-21-2007

After the first 'yes' I get the error message and the input box closes itself; I can't post the Avenger log. HJT's log is below:

Logfile of HijackThis v1.99.1
Scan saved at 10:53:31 PM, on 7/20/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE
C:\Program Files\LimeWire\LimeWire.exe
C:\Documents and Settings\Owner\Desktop\avenger.exe
C:\Documents and Settings\Owner\Desktop\Rename.exe.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Yahoo! SearchBar Home Page
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Yahoo!
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = InboxDollars - Earn CASH for E-Mail, Surveys, Games, and More!
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Yahoo!
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = Yahoo! SearchBar Home Page
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Yahoo!
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = Yahoo!
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = Yahoo!
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Yahoo!
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton AntiVirus\osCheck.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: ActiveGS.cab - http://www.virtualapple.org/activegs.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/...toUploader.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {85D1F3B2-2A21-11D7-97B9-0010DC2A6243} (SecureLogin class) - http://secure2.comned.com/signuptemp...ogin-devel.cab
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: LiveUpdate Notice Service - Unknown owner - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifEng.dll (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe

chiaz · 07-21-2007

Did you have this set as your homepage??
InboxDollars - Earn CASH for E-Mail, Surveys, Games, and More!

Your HijackThis log appears clean. However, since HijackThis does not scan the entire system, there may be some remnants left. Please run Panda ActiveScan.

Once you are on the Panda site click the Scan your PC button

A new window will open...click the Check Now button

Enter your Country

Enter your State/Province

Enter your e-mail address and click send

Select either Home User or Company

Click the big Scan Now button

If it wants to install an ActiveX component allow it

It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)

When download is complete, click on My Computer to start the scan

When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location. Post the contents of the ActiveScan report.

kzm007 · 07-21-2007

My text is too long; how do I remedy this? I have posted two logs before, I believe. Thanks

chiaz · 07-21-2007

Attaching the text file to your reply should do the trick.

Click the "Post Reply" button, instead of using Quick Reply.
Then simply click the [Manage Attachments] button at the bottom of the post composition page, and locate the file that you want to attach from your local hard drive.

After posting, the image attachments may display a thumbnail, depending on the forum settings. To view the contents of the attachment (if it is not already displayed) simply click the filename link that appears next to the attachment icon.

kzm007 · 07-21-2007

Logfile of HijackThis v1.99.1
Scan saved at 3:32:47 AM, on 7/21/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\LimeWire\LimeWire.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Documents and Settings\Owner\Desktop\Rename.exe.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Yahoo! SearchBar Home Page
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Yahoo!
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = InboxDollars - Earn CASH for E-Mail, Surveys, Games, and More!
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Yahoo!
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = Yahoo! SearchBar Home Page
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Yahoo!
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = Yahoo!
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = Yahoo!
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Yahoo!
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton AntiVirus\osCheck.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: ActiveGS.cab - http://www.virtualapple.org/activegs.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/...toUploader.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {85D1F3B2-2A21-11D7-97B9-0010DC2A6243} (SecureLogin class) - http://secure2.comned.com/signuptemp...ogin-devel.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: LiveUpdate Notice Service - Unknown owner - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifEng.dll (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
-----------------

kzm007 · 07-21-2007

Incident Status Location
Adware:adware/emediacodec Not disinfected c:\windows\system32\ldr67B.tmp
Potentially unwanted tool:application/mywebsearch Not disinfected hkey_classes_root\clsid\{9AFB8248-617F-460d-9366-D71CDEDA3179}
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Andrew\Cookies\andrew@2o7[1].txt
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Andrew\Cookies\andrew@2o7[2].txt
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Andrew\Cookies\andrew@ad.yieldmanager[2].txt
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Andrew\Cookies\andrew@adrevolver[2].txt
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Andrew\Cookies\andrew@adrevolver[3].txt
Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\Andrew\Cookies\andrew@ads.pointroll[2].txt
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Andrew\Cookies\andrew@advertising[1].txt
Spyware:Cookie/Apmebf Not disinfected C:\Documents and Settings\Andrew\Cookies\andrew@apmebf[1].txt
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Andrew\Cookies\andrew@atdmt[2].txt
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Andrew\Cookies\andrew@atwola[2].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Andrew\Cookies\andrew@belnk[1].txt
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Andrew\Cookies\andrew@bs.serving-sys[1].txt
Spyware:Cookie/BurstNet Not disinfected C:\Documents and Settings\Andrew\Cookies\andrew@burstnet[1].txt
Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\Andrew\Cookies\andrew@casalemedia[1].txt
Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\Andrew\Cookies\andrew@casalemedia[2].txt
Spyware:Cookie/Ccbill Not disinfected C:\Documents and Settings\Andrew\Cookies\andrew@ccbill[1].txt
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Andrew\Cookies\andrew@com[1].txt
Spyware:Cookie/Hitslink Not disinfected C:\Documents and Settings\Andrew\Cookies\andrew@counter.hitslink[1].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Andrew\Cookies\andrew@dist.belnk[2].txt
Spyware:Cookie/DriveCleaner Not disinfected C:\Documents and Settings\Andrew\Cookies\andrew@drivecleaner[1].txt
Spyware:Cookie/ErrorSafe Not disinfected C:\Documents and Settings\Andrew\Cookies\andrew@errorsafe[2].txt
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Andrew\Cookies\andrew@fastclick[1].txt
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Andrew\Cookies\andrew@fastclick[3].txt
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Andrew\Cookies\andrew@fastclick[4].txt
Spyware:Cookie/DriveCleaner Not disinfected C:\Documents and Settings\Andrew\Cookies\andrew@klik.klikadvertisin g[1].txt
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Andrew\Cookies\andrew@mediaplex[1].txt
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Andrew\Cookies\andrew@realmedia[1].txt
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Andrew\Cookies\andrew@realmedia[2].txt
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Andrew\Cookies\andrew@realmedia[3].txt
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\Andrew\Cookies\andrew@server.iad.livepers on[1].txt
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Andrew\Cookies\andrew@serving-sys[1].txt
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Andrew\Cookies\andrew@serving-sys[2].txt
Spyware:Cookie/Sextracker Not disinfected C:\Documents and Settings\Andrew\Cookies\andrew@sextracker[2].txt
Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\Andrew\Cookies\andrew@statcounter[1].txt
Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\Andrew\Cookies\andrew@statcounter[2].txt
Spyware:Cookie/DriveCleaner Not disinfected C:\Documents and Settings\Andrew\Cookies\andrew@stats.drivecleaner[2].txt
Spyware:Cookie/Reliablestats Not disinfected C:\Documents and Settings\Andrew\Cookies\andrew@stats1.reliablestat s[2].txt
Spyware:Cookie/Tradedoubler Not disinfected C:\Documents and Settings\Andrew\Cookies\andrew@tradedoubler[1].txt
Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\Andrew\Cookies\andrew@trafficmp[1].txt
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Andrew\Cookies\andrew@tribalfusion[1].txt
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Andrew\Cookies\andrew@tribalfusion[2].txt
Spyware:Cookie/Tucows Not disinfected C:\Documents and Settings\Andrew\Cookies\andrew@tucows[2].txt
Spyware:Cookie/BurstBeacon Not disinfected C:\Documents and Settings\Andrew\Cookies\andrew@www.burstbeacon[1].txt
Spyware:Cookie/DriveCleaner Not disinfected C:\Documents and Settings\Andrew\Cookies\andrew@www.drivecleaner[2].txt
Spyware:Cookie/ErrorSafe Not disinfected C:\Documents and Settings\Andrew\Cookies\andrew@www.errorsafe[1].txt
Spyware:Cookie/Yadro Not disinfected C:\Documents and Settings\Andrew\Cookies\andrew@yadro[2].txt
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Andrew\Cookies\andrew@zedo[1].txt
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Andrew\Cookies\andrew@zedo[2].txt
Virus:Trj/Downloader.PCQ Disinfected C:\Documents and Settings\Andrew\Local Settings\Temp\qpxusnoc.exe
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\David\Cookies\david@247realmedia[2].txt
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\David\Cookies\david@2o7[2].txt
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\David\Cookies\david@ad.yieldmanager[1].txt
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\David\Cookies\david@ad.yieldmanager[2].txt
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\David\Cookies\david@adrevolver[1].txt
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\David\Cookies\david@adrevolver[2].txt
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\David\Cookies\david@adrevolver[3].txt
Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\David\Cookies\david@ads.pointroll[1].txt
Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\David\Cookies\david@ads.pointroll[3].txt
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\David\Cookies\david@advertising[2].txt
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\David\Cookies\david@atdmt[2].txt
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\David\Cookies\david@atdmt[3].txt
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\David\Cookies\david@atwola[1].txt
Spyware:Cookie/Azjmp Not disinfected C:\Documents and Settings\David\Cookies\david@azjmp[1].txt
Spyware:Cookie/Bluestreak Not disinfected C:\Documents and Settings\David\Cookies\david@bluestreak[2].txt
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\David\Cookies\david@bs.serving-sys[1].txt
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\David\Cookies\david@bs.serving-sys[3].txt
Spyware:Cookie/BurstNet Not disinfected C:\Documents and Settings\David\Cookies\david@burstnet[2].txt
Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\David\Cookies\david@casalemedia[1].txt
Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\David\Cookies\david@casalemedia[2].txt
Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\David\Cookies\david@casalemedia[4].txt
Spyware:Cookie/Bridgetrack Not disinfected C:\Documents and Settings\David\Cookies\david@citi.bridgetrack[2].txt
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\David\Cookies\david@com[1].txt
Spyware:Cookie/DriveCleaner Not disinfected C:\Documents and Settings\David\Cookies\david@drivecleaner[1].txt
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\David\Cookies\david@fastclick[2].txt
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\David\Cookies\david@mediaplex[1].txt
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\David\Cookies\david@mediaplex[2].txt
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\David\Cookies\david@overture[1].txt
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\David\Cookies\david@overture[2].txt
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\David\Cookies\david@questionmarket[2].txt
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\David\Cookies\david@questionmarket[3].txt
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\David\Cookies\david@realmedia[1].txt
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\David\Cookies\david@server.iad.liveperson[1].txt
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\David\Cookies\david@serving-sys[1].txt
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\David\Cookies\david@serving-sys[2].txt
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\David\Cookies\david@serving-sys[4].txt
Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\David\Cookies\david@statcounter[1].txt
Spyware:Cookie/Reliablestats Not disinfected C:\Documents and Settings\David\Cookies\david@stats1.reliablestats[1].txt
Spyware:Cookie/Reliablestats Not disinfected C:\Documents and Settings\David\Cookies\david@stats1.reliablestats[2].txt
Spyware:Cookie/Tradedoubler Not disinfected C:\Documents and Settings\David\Cookies\david@tradedoubler[1].txt
Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\David\Cookies\david@trafficmp[2].txt
Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\David\Cookies\david@trafficmp[3].txt
Spyware:Cookie/Winantivirus Not disinfected C:\Documents and Settings\David\Cookies\david@winantispyware[2].txt
Spyware:Cookie/Winantivirus Not disinfected C:\Documents and Settings\David\Cookies\david@winantivirus[1].txt
Spyware:Cookie/BurstBeacon Not disinfected C:\Documents and Settings\David\Cookies\david@www.burstbeacon[1].txt
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\David\Cookies\david@zedo[1].txt
Virus:Trj/Downloader.PCQ Disinfected C:\Documents and Settings\David\Local Settings\Temp\vbcxoxlb.exe
Virus:Trj/Downloader.PJT Disinfected C:\Documents and Settings\David\Local Settings\Temp\ydcqyqng.exe
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Owner\Cookies\owner@247realmedia[2].txt
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Owner\Cookies\owner@2o7[2].txt
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Owner\Cookies\owner@adrevolver[1].txt
Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\Owner\Cookies\owner@ads.pointroll[1].txt
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Owner\Cookies\owner@atdmt[3].txt
Spyware:Cookie/Azjmp Not disinfected C:\Documents and Settings\Owner\Cookies\owner@azjmp[1].txt
Spyware:Cookie/Bluestreak Not disinfected C:\Documents and Settings\Owner\Cookies\owner@bluestreak[2].txt
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Owner\Cookies\owner@bs.serving-sys[2].txt
Spyware:Cookie/BurstNet Not disinfected C:\Documents and Settings\Owner\Cookies\owner@burstnet[1].txt
Spyware:Cookie/Bridgetrack Not disinfected C:\Documents and Settings\Owner\Cookies\owner@citi.bridgetrack[1].txt
Spyware:Cookie/Clickbank Not disinfected C:\Documents and Settings\Owner\Cookies\owner@clickbank[1].txt
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Owner\Cookies\owner@fastclick[2].txt
Spyware:Cookie/Findwhat Not disinfected C:\Documents and Settings\Owner\Cookies\owner@findwhat[1].txt
Spyware:Cookie/GoClick Not disinfected C:\Documents and Settings\Owner\Cookies\owner@goclick[2].txt
Spyware:Cookie/GoStats Not disinfected C:\Documents and Settings\Owner\Cookies\owner@gostats[1].txt
Spyware:Cookie/Screensavers Not disinfected C:\Documents and Settings\Owner\Cookies\owner@i.screensavers[1].txt
Spyware:Cookie/Linksynergy Not disinfected C:\Documents and Settings\Owner\Cookies\owner@linksynergy[1].txt
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Owner\Cookies\owner@media.adrevolver[2].txt
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Owner\Cookies\owner@mediaplex[1].txt
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Owner\Cookies\owner@overture[1].txt
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\Owner\Cookies\owner@questionmarket[1].txt
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Owner\Cookies\owner@realmedia[2].txt
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\Owner\Cookies\owner@server.iad.liveperson[2].txt
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Owner\Cookies\owner@serving-sys[1].txt
Spyware:Cookie/onestat.com Not disinfected C:\Documents and Settings\Owner\Cookies\owner@stat.onestat[1].txt
Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\Owner\Cookies\owner@statcounter[2].txt
Spyware:Cookie/Tradedoubler Not disinfected C:\Documents and Settings\Owner\Cookies\owner@tradedoubler[1].txt
Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\Owner\Cookies\owner@trafficmp[1].txt
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Owner\Cookies\owner@tribalfusion[2].txt
Spyware:Cookie/BurstBeacon Not disinfected C:\Documents and Settings\Owner\Cookies\owner@www.burstbeacon[1].txt
Spyware:Cookie/myaffiliateprogram Not disinfected C:\Documents and Settings\Owner\Cookies\owner@www.myaffiliateprogra m[1].txt
Spyware:Cookie/Cgi-bin Not disinfected C:\Documents and Settings\Owner\Cookies\owner@www3.addfreestats[1].txt
Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\Owner\Cookies\owner@xiti[1].txt
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Owner\Cookies\owner@zedo[1].txt
Virus:Trj/Downloader.PJT Disinfected C:\Documents and Settings\Owner\Local Settings\Temp\fymqdgtq.exe
Virus:Trj/Downloader.PJT Disinfected C:\Documents and Settings\Owner\Local Settings\Temp\rmycyspd.exe
Virus:Trj/Downloader.PJT Disinfected C:\Documents and Settings\Owner\Local Settings\Temp\vfirehff.exe
Virus:Trj/Downloader.OZB Disinfected C:\VundoFix Backups\ajrxfikl.dll.bad
Spyware:Spyware/Virtumonde Not disinfected C:\VundoFix Backups\dhuoxmos.dll.bad
Virus:Trj/Downloader.OZB Disinfected C:\VundoFix Backups\iitcsyla.dll.bad
Virus:Trj/Downloader.OZB Disinfected C:\VundoFix Backups\iwltkikd.dll.bad
Virus:Trj/Downloader.OZB Disinfected C:\VundoFix Backups\kxhvdbni.dll.bad
Spyware:Spyware/Virtumonde Not disinfected C:\VundoFix Backups\lxvkclbk.dll.bad
Virus:Trj/Downloader.OZB Disinfected C:\VundoFix Backups\undnagwr.dll.bad
Spyware:Spyware/Virtumonde Not disinfected C:\VundoFix Backups\viuqujtk.dll.bad

chiaz · 07-21-2007

Download: CCleaner (freeware)
|MG| Free Download - CCleaner Slim (No Yahoo Toolbar, English) 1.41.544
Run the installer, and uncheck the option to install Yahoo toolbar (unless you want Yahoo toolbar).
Once installed, run CCleaner click the Windows [tab]
The following should be selected by default, if not, please select:

Next: click Options click the Settings tab
Uncheck: "Only delete files older than 48 hrs.", click Ok
Then click Run Cleaner (bottom right) then Exit

Now click Start » Run » type: Notepad » OK
Copy (Ctrl+C) and paste (Ctrl+V) the following text inside the quote box below (starting with REGEDIT4) to Notepad.

REGEDIT4

[-hkey_classes_root\clsid\{9AFB8248-617F-460d-9366-D71CDEDA3179} ]
Make sure there are no black spaces before REGEDIT4 and there should be one blank line at the end.
Click File at the top and then choose Save As.
Change Save As Type to All Files.
Name it FixME.reg and save it on your desktop.
Its icon should look like this :
Double click FixME.reg. It will ask you if you want to merge it to the registry, click Yes.

Now navigate to and delete the following folder:
C:\VundoFix Backups\

Run Avenger again. Check the 'Input script manually' option.
Click the Magnifying Glass icon.
In the box that opens, paste this:

Files to delete:
c:\windows\system32\ldr67B.tmp

and click 'Done'.

Click the Traffic Light icon to start the program, and OK the prompts to reboot your PC.

Post the Avenger output.txt, which you can find at C:\Avenger\.txt, as well as a new Panda ActiveScan log. I'll keep my fingers crossed this time.

07-21-2007	#16
chiaz Senior Security Analyst Join Date: Jun 2006 Location: Singapore Posts: 5,176 PC Experience: PC Guru	Did you have this set as your homepage?? InboxDollars - Earn CASH for E-Mail, Surveys, Games, and More! Your HijackThis log appears clean. However, since HijackThis does not scan the entire system, there may be some remnants left. Please run Panda ActiveScan. Once you are on the Panda site click the Scan your PC button A new window will open...click the Check Now button Enter your Country Enter your State/Province Enter your e-mail address and click send Select either Home User or Company Click the big Scan Now button If it wants to install an ActiveX component allow it It will start downloading the files it requires for the scan (Note: It may take a couple of minutes) When download is complete, click on My Computer to start the scan When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location. Post the contents of the ActiveScan report.

07-21-2007	#19
kzm007 Bronze Member Join Date: Jul 2007 Posts: 27	Part one of logfiles Logfile of HijackThis v1.99.1 Scan saved at 3:32:47 AM, on 7/21/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16473) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\WINDOWS\system32\dllhost.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\Windows Defender\MSASCui.exe C:\Program Files\QuickTime\qttask.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe C:\Program Files\LimeWire\LimeWire.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe C:\Documents and Settings\Owner\Desktop\Rename.exe.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Yahoo! SearchBar Home Page R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Yahoo! R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = InboxDollars - Earn CASH for E-Mail, Surveys, Games, and More! R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Yahoo! R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = Yahoo! SearchBar Home Page R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Yahoo! R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = Yahoo! R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = Yahoo! R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Yahoo! R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = .local O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton AntiVirus\osCheck.exe" O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll" O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O11 - Options group: [INTERNATIONAL] International O16 - DPF: ActiveGS.cab - http://www.virtualapple.org/activegs.cab O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/...toUploader.cab O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab O16 - DPF: {85D1F3B2-2A21-11D7-97B9-0010DC2A6243} (SecureLogin class) - http://secure2.comned.com/signuptemp...ogin-devel.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing) O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing) O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing) O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\isPwdSvc.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing) O23 - Service: LiveUpdate Notice Service - Unknown owner - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifEng.dll (file missing) O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe -----------------

07-21-2007	#20
kzm007 Bronze Member Join Date: Jul 2007 Posts: 27	Part two of logfiles Incident Status Location Adware:adware/emediacodec Not disinfected c:\windows\system32\ldr67B.tmp Potentially unwanted tool:application/mywebsearch Not disinfected hkey_classes_root\clsid\{9AFB8248-617F-460d-9366-D71CDEDA3179} Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Andrew\Cookies\andrew@2o7[1].txt Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Andrew\Cookies\andrew@2o7[2].txt Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Andrew\Cookies\andrew@ad.yieldmanager[2].txt Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Andrew\Cookies\andrew@adrevolver[2].txt Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Andrew\Cookies\andrew@adrevolver[3].txt Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\Andrew\Cookies\andrew@ads.pointroll[2].txt Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Andrew\Cookies\andrew@advertising[1].txt Spyware:Cookie/Apmebf Not disinfected C:\Documents and Settings\Andrew\Cookies\andrew@apmebf[1].txt Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Andrew\Cookies\andrew@atdmt[2].txt Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Andrew\Cookies\andrew@atwola[2].txt Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Andrew\Cookies\andrew@belnk[1].txt Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Andrew\Cookies\andrew@bs.serving-sys[1].txt Spyware:Cookie/BurstNet Not disinfected C:\Documents and Settings\Andrew\Cookies\andrew@burstnet[1].txt Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\Andrew\Cookies\andrew@casalemedia[1].txt Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\Andrew\Cookies\andrew@casalemedia[2].txt Spyware:Cookie/Ccbill Not disinfected C:\Documents and Settings\Andrew\Cookies\andrew@ccbill[1].txt Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Andrew\Cookies\andrew@com[1].txt Spyware:Cookie/Hitslink Not disinfected C:\Documents and Settings\Andrew\Cookies\andrew@counter.hitslink[1].txt Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Andrew\Cookies\andrew@dist.belnk[2].txt Spyware:Cookie/DriveCleaner Not disinfected C:\Documents and Settings\Andrew\Cookies\andrew@drivecleaner[1].txt Spyware:Cookie/ErrorSafe Not disinfected C:\Documents and Settings\Andrew\Cookies\andrew@errorsafe[2].txt Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Andrew\Cookies\andrew@fastclick[1].txt Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Andrew\Cookies\andrew@fastclick[3].txt Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Andrew\Cookies\andrew@fastclick[4].txt Spyware:Cookie/DriveCleaner Not disinfected C:\Documents and Settings\Andrew\Cookies\andrew@klik.klikadvertisin g[1].txt Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Andrew\Cookies\andrew@mediaplex[1].txt Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Andrew\Cookies\andrew@realmedia[1].txt Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Andrew\Cookies\andrew@realmedia[2].txt Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Andrew\Cookies\andrew@realmedia[3].txt Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\Andrew\Cookies\andrew@server.iad.livepers on[1].txt Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Andrew\Cookies\andrew@serving-sys[1].txt Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Andrew\Cookies\andrew@serving-sys[2].txt Spyware:Cookie/Sextracker Not disinfected C:\Documents and Settings\Andrew\Cookies\andrew@sextracker[2].txt Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\Andrew\Cookies\andrew@statcounter[1].txt Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\Andrew\Cookies\andrew@statcounter[2].txt Spyware:Cookie/DriveCleaner Not disinfected C:\Documents and Settings\Andrew\Cookies\andrew@stats.drivecleaner[2].txt Spyware:Cookie/Reliablestats Not disinfected C:\Documents and Settings\Andrew\Cookies\andrew@stats1.reliablestat s[2].txt Spyware:Cookie/Tradedoubler Not disinfected C:\Documents and Settings\Andrew\Cookies\andrew@tradedoubler[1].txt Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\Andrew\Cookies\andrew@trafficmp[1].txt Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Andrew\Cookies\andrew@tribalfusion[1].txt Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Andrew\Cookies\andrew@tribalfusion[2].txt Spyware:Cookie/Tucows Not disinfected C:\Documents and Settings\Andrew\Cookies\andrew@tucows[2].txt Spyware:Cookie/BurstBeacon Not disinfected C:\Documents and Settings\Andrew\Cookies\andrew@www.burstbeacon[1].txt Spyware:Cookie/DriveCleaner Not disinfected C:\Documents and Settings\Andrew\Cookies\andrew@www.drivecleaner[2].txt Spyware:Cookie/ErrorSafe Not disinfected C:\Documents and Settings\Andrew\Cookies\andrew@www.errorsafe[1].txt Spyware:Cookie/Yadro Not disinfected C:\Documents and Settings\Andrew\Cookies\andrew@yadro[2].txt Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Andrew\Cookies\andrew@zedo[1].txt Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Andrew\Cookies\andrew@zedo[2].txt Virus:Trj/Downloader.PCQ Disinfected C:\Documents and Settings\Andrew\Local Settings\Temp\qpxusnoc.exe Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\David\Cookies\david@247realmedia[2].txt Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\David\Cookies\david@2o7[2].txt Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\David\Cookies\david@ad.yieldmanager[1].txt Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\David\Cookies\david@ad.yieldmanager[2].txt Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\David\Cookies\david@adrevolver[1].txt Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\David\Cookies\david@adrevolver[2].txt Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\David\Cookies\david@adrevolver[3].txt Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\David\Cookies\david@ads.pointroll[1].txt Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\David\Cookies\david@ads.pointroll[3].txt Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\David\Cookies\david@advertising[2].txt Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\David\Cookies\david@atdmt[2].txt Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\David\Cookies\david@atdmt[3].txt Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\David\Cookies\david@atwola[1].txt Spyware:Cookie/Azjmp Not disinfected C:\Documents and Settings\David\Cookies\david@azjmp[1].txt Spyware:Cookie/Bluestreak Not disinfected C:\Documents and Settings\David\Cookies\david@bluestreak[2].txt Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\David\Cookies\david@bs.serving-sys[1].txt Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\David\Cookies\david@bs.serving-sys[3].txt Spyware:Cookie/BurstNet Not disinfected C:\Documents and Settings\David\Cookies\david@burstnet[2].txt Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\David\Cookies\david@casalemedia[1].txt Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\David\Cookies\david@casalemedia[2].txt Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\David\Cookies\david@casalemedia[4].txt Spyware:Cookie/Bridgetrack Not disinfected C:\Documents and Settings\David\Cookies\david@citi.bridgetrack[2].txt Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\David\Cookies\david@com[1].txt Spyware:Cookie/DriveCleaner Not disinfected C:\Documents and Settings\David\Cookies\david@drivecleaner[1].txt Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\David\Cookies\david@fastclick[2].txt Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\David\Cookies\david@mediaplex[1].txt Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\David\Cookies\david@mediaplex[2].txt Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\David\Cookies\david@overture[1].txt Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\David\Cookies\david@overture[2].txt Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\David\Cookies\david@questionmarket[2].txt Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\David\Cookies\david@questionmarket[3].txt Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\David\Cookies\david@realmedia[1].txt Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\David\Cookies\david@server.iad.liveperson[1].txt Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\David\Cookies\david@serving-sys[1].txt Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\David\Cookies\david@serving-sys[2].txt Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\David\Cookies\david@serving-sys[4].txt Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\David\Cookies\david@statcounter[1].txt Spyware:Cookie/Reliablestats Not disinfected C:\Documents and Settings\David\Cookies\david@stats1.reliablestats[1].txt Spyware:Cookie/Reliablestats Not disinfected C:\Documents and Settings\David\Cookies\david@stats1.reliablestats[2].txt Spyware:Cookie/Tradedoubler Not disinfected C:\Documents and Settings\David\Cookies\david@tradedoubler[1].txt Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\David\Cookies\david@trafficmp[2].txt Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\David\Cookies\david@trafficmp[3].txt Spyware:Cookie/Winantivirus Not disinfected C:\Documents and Settings\David\Cookies\david@winantispyware[2].txt Spyware:Cookie/Winantivirus Not disinfected C:\Documents and Settings\David\Cookies\david@winantivirus[1].txt Spyware:Cookie/BurstBeacon Not disinfected C:\Documents and Settings\David\Cookies\david@www.burstbeacon[1].txt Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\David\Cookies\david@zedo[1].txt Virus:Trj/Downloader.PCQ Disinfected C:\Documents and Settings\David\Local Settings\Temp\vbcxoxlb.exe Virus:Trj/Downloader.PJT Disinfected C:\Documents and Settings\David\Local Settings\Temp\ydcqyqng.exe Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Owner\Cookies\owner@247realmedia[2].txt Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Owner\Cookies\owner@2o7[2].txt Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Owner\Cookies\owner@adrevolver[1].txt Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\Owner\Cookies\owner@ads.pointroll[1].txt Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Owner\Cookies\owner@atdmt[3].txt Spyware:Cookie/Azjmp Not disinfected C:\Documents and Settings\Owner\Cookies\owner@azjmp[1].txt Spyware:Cookie/Bluestreak Not disinfected C:\Documents and Settings\Owner\Cookies\owner@bluestreak[2].txt Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Owner\Cookies\owner@bs.serving-sys[2].txt Spyware:Cookie/BurstNet Not disinfected C:\Documents and Settings\Owner\Cookies\owner@burstnet[1].txt Spyware:Cookie/Bridgetrack Not disinfected C:\Documents and Settings\Owner\Cookies\owner@citi.bridgetrack[1].txt Spyware:Cookie/Clickbank Not disinfected C:\Documents and Settings\Owner\Cookies\owner@clickbank[1].txt Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Owner\Cookies\owner@fastclick[2].txt Spyware:Cookie/Findwhat Not disinfected C:\Documents and Settings\Owner\Cookies\owner@findwhat[1].txt Spyware:Cookie/GoClick Not disinfected C:\Documents and Settings\Owner\Cookies\owner@goclick[2].txt Spyware:Cookie/GoStats Not disinfected C:\Documents and Settings\Owner\Cookies\owner@gostats[1].txt Spyware:Cookie/Screensavers Not disinfected C:\Documents and Settings\Owner\Cookies\owner@i.screensavers[1].txt Spyware:Cookie/Linksynergy Not disinfected C:\Documents and Settings\Owner\Cookies\owner@linksynergy[1].txt Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Owner\Cookies\owner@media.adrevolver[2].txt Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Owner\Cookies\owner@mediaplex[1].txt Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Owner\Cookies\owner@overture[1].txt Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\Owner\Cookies\owner@questionmarket[1].txt Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Owner\Cookies\owner@realmedia[2].txt Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\Owner\Cookies\owner@server.iad.liveperson[2].txt Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Owner\Cookies\owner@serving-sys[1].txt Spyware:Cookie/onestat.com Not disinfected C:\Documents and Settings\Owner\Cookies\owner@stat.onestat[1].txt Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\Owner\Cookies\owner@statcounter[2].txt Spyware:Cookie/Tradedoubler Not disinfected C:\Documents and Settings\Owner\Cookies\owner@tradedoubler[1].txt Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\Owner\Cookies\owner@trafficmp[1].txt Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Owner\Cookies\owner@tribalfusion[2].txt Spyware:Cookie/BurstBeacon Not disinfected C:\Documents and Settings\Owner\Cookies\owner@www.burstbeacon[1].txt Spyware:Cookie/myaffiliateprogram Not disinfected C:\Documents and Settings\Owner\Cookies\owner@www.myaffiliateprogra m[1].txt Spyware:Cookie/Cgi-bin Not disinfected C:\Documents and Settings\Owner\Cookies\owner@www3.addfreestats[1].txt Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\Owner\Cookies\owner@xiti[1].txt Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Owner\Cookies\owner@zedo[1].txt Virus:Trj/Downloader.PJT Disinfected C:\Documents and Settings\Owner\Local Settings\Temp\fymqdgtq.exe Virus:Trj/Downloader.PJT Disinfected C:\Documents and Settings\Owner\Local Settings\Temp\rmycyspd.exe Virus:Trj/Downloader.PJT Disinfected C:\Documents and Settings\Owner\Local Settings\Temp\vfirehff.exe Virus:Trj/Downloader.OZB Disinfected C:\VundoFix Backups\ajrxfikl.dll.bad Spyware:Spyware/Virtumonde Not disinfected C:\VundoFix Backups\dhuoxmos.dll.bad Virus:Trj/Downloader.OZB Disinfected C:\VundoFix Backups\iitcsyla.dll.bad Virus:Trj/Downloader.OZB Disinfected C:\VundoFix Backups\iwltkikd.dll.bad Virus:Trj/Downloader.OZB Disinfected C:\VundoFix Backups\kxhvdbni.dll.bad Spyware:Spyware/Virtumonde Not disinfected C:\VundoFix Backups\lxvkclbk.dll.bad Virus:Trj/Downloader.OZB Disinfected C:\VundoFix Backups\undnagwr.dll.bad Spyware:Spyware/Virtumonde Not disinfected C:\VundoFix Backups\viuqujtk.dll.bad

07-21-2007	#21
chiaz Senior Security Analyst Join Date: Jun 2006 Location: Singapore Posts: 5,176 PC Experience: PC Guru	Download: CCleaner (freeware) \|MG\| Free Download - CCleaner Slim (No Yahoo Toolbar, English) 1.41.544 Run the installer, and uncheck the option to install Yahoo toolbar (unless you want Yahoo toolbar). Once installed, run CCleaner click the Windows [tab] The following should be selected by default, if not, please select: Next: click Options click the Settings tab Uncheck: "Only delete files older than 48 hrs.", click Ok Then click Run Cleaner (bottom right) then Exit Now click Start » Run » type: Notepad » OK Copy (Ctrl+C) and paste (Ctrl+V) the following text inside the quote box below (starting with REGEDIT4) to Notepad. REGEDIT4 [-hkey_classes_root\clsid\{9AFB8248-617F-460d-9366-D71CDEDA3179} ] Make sure there are no black spaces before REGEDIT4 and there should be one blank line at the end. Click File at the top and then choose Save As. Change Save As Type to All Files. Name it FixME.reg and save it on your desktop. Its icon should look like this : Double click FixME.reg. It will ask you if you want to merge it to the registry, click Yes. Now navigate to and delete the following folder: C:\VundoFix Backups\ Run Avenger again. Check the 'Input script manually' option. Click the Magnifying Glass icon. In the box that opens, paste this: Files to delete: c:\windows\system32\ldr67B.tmp and click 'Done'. Click the Traffic Light icon to start the program, and OK the prompts to reboot your PC. Post the Avenger output.txt, which you can find at C:\Avenger\.txt, as well as a new Panda ActiveScan log. I'll keep my fingers crossed this time. Last edited by chiaz; 07-21-2007 at 04:00 PM.

Thread Tools
Show Printable Version Email this Page
Display Modes
Linear Mode Switch to Hybrid Mode Switch to Threaded Mode