1. You are viewing our forum as a guest. For full access please Register. WindowsBBS.com is completely free, paid for by advertisers and donations.

yet another axfreeporn/instant access

Discussion in 'Malware and Virus Removal Archive' started by wrench, 2007/03/18.

  1. 2007/03/18
    wrench

    wrench Inactive Thread Starter

    Joined:
    2007/03/18
    Messages:
    8
    Likes Received:
    0
    Logfile of HijackThis v1.99.1
    Scan saved at 7:28:32 PM, on 3/18/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
    C:\Program Files\ewido anti-malware\ewidoctrl.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\wanmpsvc.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
    C:\WINDOWS\system32\VTTimer.exe
    C:\WINDOWS\AGRSMMSG.exe
    C:\WINDOWS\ALCXMNTR.EXE
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Common Files\AOL\1138080167\ee\AOLSoftware.exe
    C:\Program Files\Logitech\MouseWare\system\em_exec.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\WINDOWS\system32\ps2.exe
    C:\Program Files\Logitech\iTouch\iTouch.exe
    C:\PROGRA~1\MI3AA1~1\wcescomm.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\PROGRA~1\MI3AA1~1\rapimgr.exe
    C:\Program Files\Defender Pro LLC\Defender Pro Firewall\KAVPF.exe
    C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
    c:\program files\common files\aol\1138080167\ee\services\antiSpywareApp\ver2_0_32_1\AOLSP Scheduler.exe
    c:\program files\common files\aol\1138080167\ee\aolsoftware.exe
    C:\Program Files\America Online 9.0\waol.exe
    C:\Program Files\America Online 9.0\shellmon.exe
    C:\Program Files\Microsoft Money 2005\MNYCoreFiles\msmoney.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Common Files\Aol\aoltpspd.exe
    C:\Documents and Settings\Momanda\Local Settings\Temp\Temporary Directory 2 for hijackthis.zip\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://myspace.com/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.meloco.com/index.php?i=sm
    R3 - URLSearchHook: (no name) - {D4A8167D-1D2A-D386-68F4-0C3715BDD9CB} - C:\WINDOWS\oufokltr.dll (file missing)
    O2 - BHO: BhoApp Class - {0CB66BA8-5E1F-4963-93D1-E1D6B78FE9A2} - C:\Program Files\WinBudget\bin\matrix.dll
    O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll (file missing)
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O3 - Toolbar: (no name) - {77FBF9B8-1D37-4FF2-9CED-192D8E3ABA6F} - (no file)
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
    O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
    O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
    O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
    O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
    O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
    O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
    O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
    O4 - HKLM\..\Run: [EarthLink Installer] " /C
    O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
    O4 - HKLM\..\Run: [Pure Networks Port Magic] "C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [Linker] C:\WINDOWS\system32\LinkMaker.exe
    O4 - HKLM\..\Run: [ms065072-31996] C:\WINDOWS\ms065072-31996.exe
    O4 - HKLM\..\Run: [win32065072-31996] C:\WINDOWS\win32065072-31996.exe
    O4 - HKLM\..\Run: [YourMonitor] C:\WINDOWS\SYS98
    O4 - HKLM\..\Run: [win3207072-319965] C:\WINDOWS\win3207072-319965.exe
    O4 - HKLM\..\Run: [sys01319965072-] C:\WINDOWS\sys01319965072-.exe
    O4 - HKLM\..\Run: [ms0565072-3199] C:\WINDOWS\ms0565072-3199.exe
    O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1138080167\ee\AOLSoftware.exe
    O4 - HKLM\..\Run: [MTBar] C:\WINDOWS\mirar.exe
    O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe "
    O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
    O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet
    O4 - HKCU\..\Run: [actx1.exe] C:\Documents and Settings\Momanda\Application Data\System Restore\actx1.exe
    O4 - HKCU\..\Run: [zqactx1.exe] C:\Documents and Settings\Momanda\Application Data\System Restore\zqactx1.exe
    O4 - HKCU\..\Run: [mc-110-12-0000122.exe] C:\WINDOWS\system32\mc-110-12-0000122.exe
    O4 - HKCU\..\Run: [fran-super.exe] C:\Documents and Settings\Momanda\Application Data\System Restore\fran-super.exe
    O4 - HKCU\..\Run: [ventbb.exe] C:\WINDOWS\system32\ventbb.exe
    O4 - HKCU\..\Run: [VB1.exe] C:\Documents and Settings\Momanda\Application Data\System Restore\VB1.exe
    O4 - HKCU\..\Run: [Setup75.exe] C:\WINDOWS\system32\Setup75.exe
    O4 - HKCU\..\Run: [ZQInContextactx1.exe] C:\Documents and Settings\Momanda\Application Data\System Restore\ZQInContextactx1.exe
    O4 - HKCU\..\Run: [elts4.exe] C:\Documents and Settings\Momanda\Application Data\System Restore\elts4.exe
    O4 - HKCU\..\Run: [SSK35.exe] C:\Documents and Settings\Momanda\Application Data\System Restore\SSK35.exe
    O4 - HKCU\..\Run: [o3mrk.Stub.exe] C:\Documents and Settings\Momanda\Application Data\System Restore\o3mrk.Stub.exe
    O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\PROGRA~1\MI3AA1~1\wcescomm.exe "
    O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
    O4 - Global Startup: Defender Pro Firewall.lnk = ?
    O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
    O8 - Extra context menu item: &Search - http://ka.bar.need2find.com/KA/menusearch.html?p=KA
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
    O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
    O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
    O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
    O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll (file missing)
    O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll (file missing)
    O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {9E248641-0E24-4DDB-9A1F-705087832AD6} - (no file)
    O9 - Extra 'Tools' menuitem: Java - {9E248641-0E24-4DDB-9A1F-705087832AD6} - (no file)
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {200B3EE9-7242-4EFD-B1E4-D97EE825BA53} (VerifyGMN Class) - http://h20270.www2.hp.com/ediags/gmn/install/hpobjinstaller_gmn.cab
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
    O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com/computercheckup/qdiagcc.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1141443388906
    O16 - DPF: {87056D28-9730-4A47-B9F9-7E890B62C58A} (WildfireActiveXHost Class) - http://aolsvc.aol.com/onlinegames/ghtumblebugs/axhost.cab
    O16 - DPF: {A1426AC5-8CE5-4A00-B71E-011D35709AC6} (Progetto1.int_ver34) - http://advnt01.com/dialer/int_ver34.CAB
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
    O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://aolsvc.aol.com/onlinegames/tryaces/zylomgamesplayer.cab
    O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://aolsvc.aol.com/onlinegames/heavyweapon/popcaploader_v7.cab
    O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{84DD65D3-464D-4E52-A2DC-EC71D8872DED}: NameServer = 205.188.146.145
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
    O20 - AppInit_DLLs:
    O20 - Winlogon Notify: ModuleUsage - C:\WINDOWS\system32\p64u0gh9e64.dll (file missing)
    O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
    O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\Program Files\Common Files\AOL\AOL Spyware Protection\\aolserv.exe (file missing)
    O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Software Jukebox v2.0 Service - Unknown owner - C:\Program Files\Common Files\Microsoft Shared\Service\Software Jukebox v2.0 File.exe
    O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
     
    wrench,
    #1
  2. 2007/03/18
    noahdfear

    noahdfear Inactive

    Joined:
    2003/04/06
    Messages:
    12,178
    Likes Received:
    15
    Welcome to WindowsBBS wrench :)

    You have a host of infections there. :eek:

    Please download AVG Anti-Spyware to your Desktop or to your usual Download Folder.
    http://www.ewido.net/en/download/
    • Install AVG Anti-Spyware by double clicking the installer.
    • Follow the prompts. Make sure that Launch AVG Anti-Spyware is checked.
    • On the main screen under Your Computer's security.
      • Click on Change state next to Resident shield. It should now change to inactive.
      • Click on Change state next to Automatic updates. It should now change to inactive.
      • Next to Last Update, click on Update now. (You will need an active internet connection to perform this)
      • Wait until you see the Update succesful message.
    • Right-click the AVG Anti-Spyware Tray Icon and uncheck Start with Windows.
    • Right-click the AVG Anti-Spyware Tray Icon and select Exit. Confirm by clicking Yes.
    If you are having problems with the updater, you can use this link to manually update ewido.
    AVG Anti-Spyware manual updates.
    Download the Full database to your Desktop or to your usual Download Folder and install it by double clicking the file. Make sure that AVG Anti-Spyware is closed before installing the update.

    Close ALL open Windows / Programs / Folders. Please start AVG Anti-Spyware and run a full scan.
    • Click on Scanner on the toolbar.
    • Click on the Settings tab.
      • Under How to act?
        • Click on Recommended Action and choose Quarantine from the popup menu.
      • Under How to scan?
        • All checkboxes should be ticked.
      • Under Possibly unwanted software:
        • All checkboxes should be ticked.
      • Under Reports:
        • Select Automatically generate report after every scan and uncheck Only if threats were found.
      • Under What to scan?
        • Select Scan every file.
    • Click on the Scan tab.
    • Click on Complete System Scan to start the scan process.
    • Let the program scan the machine.
    • When the scan has finished, follow the instructions below.
      IMPORTANT : Don't click on the "Save Scan Report" button before you did hit the "Apply all Actions" button.
      • Make sure that Set all elements to: shows Quarantine (1), if not click on the link and choose Quarantine from the popup menu. (2)
      • At the bottom of the window click on the Apply all Actions button. (3)
    • When done, click the Save Scan Report button. (4)
      • Click the Save Report as button.
      • Save the report to your Desktop.
    • Right-click the AVG Anti-Spyware Tray Icon and select Exit. Confirm by clicking Yes.
    Reboot.

    Please go HERE to run Panda's ActiveScan
    • Once you are on the Panda site click the Scan your PC now button
    • A new window will open...click the Check Now button
    • Enter your Country
    • Enter your State/Province
    • Enter your e-mail address and click send
    • Select either Home User or Company
    • Select the appropriate Yes or No to recieving marketing information
    • Click the Free Online Scan button
    • If it wants to install an ActiveX component allow it
    • It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
    • When download is complete, click on My Computer to start the scan
    • When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location.
    Post the contents of the ActiveScan report, the AVG Antispyware report and a fresh HijackThis log.
     
    noahdfear,
    #2


  3. to hide this advert.

  4. 2007/03/19
    wrench

    wrench Inactive Thread Starter

    Joined:
    2007/03/18
    Messages:
    8
    Likes Received:
    0
    ---------------------------------------------------------
    AVG Anti-Spyware - Scan Report
    ---------------------------------------------------------

    + Created at: 11:09:54 PM 3/18/2007

    + Scan result:



    C:\Program Files\WinBudget\bin\__delete_on_reboot__m_a_t_r_i_x_._d_l_l_ -> Adware.BHO : No action taken.
    C:\Program Files\WinBudget\bin\****.1168970705.old -> Adware.BHO : No action taken.
    C:\System Volume Information\_restore{55AD45FB-8993-4F27-867B-0B74F04FFF84}\RP593\A0323803.dll -> Adware.BHO : No action taken.
    [3784] C:\Program Files\WinBudget\bin\matrix.dll -> Adware.BHO : No action taken.
    C:\WINDOWS\uninst123.exe -> Adware.DigInk : No action taken.
    C:\RECYCLER\S-1-5-21-1533324351-1763464976-3049104861-1010\Dc376.exe -> Adware.Hoax.Renos : No action taken.
    C:\WINDOWS\Downloaded Program Files\CONFLICT.1\amm06.ocx -> Adware.MediaMotor : No action taken.
    C:\WINDOWS\Downloaded Program Files\CONFLICT.2\amm06.ocx -> Adware.MediaMotor : No action taken.
    C:\WINDOWS\Downloaded Program Files\CONFLICT.3\amm06.ocx -> Adware.MediaMotor : No action taken.
    C:\WINDOWS\Downloaded Program Files\CONFLICT.4\amm06.ocx -> Adware.MediaMotor : No action taken.
    C:\WINDOWS\Downloaded Program Files\amm06.ocx -> Adware.MediaMotor : No action taken.
    C:\WINDOWS\up9.exe -> Adware.MediaMotor : No action taken.
    C:\WINDOWS\chadch.exe -> Adware.SideFind : No action taken.
    C:\WINDOWS\Downloaded Program Files\Install.dll -> Adware.SpywareStorm : No action taken.
    C:\WINDOWS\Temp\ja.exe -> Backdoor.Aebot.r : No action taken.
    C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe -> Downloader.Agent.awf : No action taken.
    C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe -> Downloader.Agent.awf : No action taken.
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe -> Downloader.Agent.awf : No action taken.
    C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe -> Downloader.Agent.awf : No action taken.
    C:\Program Files\Pure Networks\Port Magic\PortAOL.exe -> Downloader.Agent.awf : No action taken.
    C:\System Volume Information\_restore{55AD45FB-8993-4F27-867B-0B74F04FFF84}\RP561\A0320770.rbf -> Downloader.Agent.awf : No action taken.
    C:\System Volume Information\_restore{55AD45FB-8993-4F27-867B-0B74F04FFF84}\RP564\A0321043.EXE -> Downloader.Agent.awf : No action taken.
    C:\System Volume Information\_restore{55AD45FB-8993-4F27-867B-0B74F04FFF84}\RP565\A0321136.exe -> Downloader.Agent.awf : No action taken.
    C:\WINDOWS\SMINST\RECGUARD.EXE -> Downloader.Agent.awf : No action taken.
    C:\WINDOWS\system32\LinkMaker.exe -> Downloader.Agent.awf : No action taken.
    C:\WINDOWS\system32\igfxtray.exe -> Downloader.Agent.awf : No action taken.
    C:\WINDOWS\system\hpsysdrv.exe -> Downloader.Agent.awf : No action taken.
    C:\hp\KBD\KBD.EXE -> Downloader.Agent.awf : No action taken.
    C:\hp\drivers\hplsbwatcher\lsburnwatcher.exe -> Downloader.Agent.awf : No action taken.
    [236] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe -> Downloader.Agent.awf : No action taken.
    C:\60358690.exe -> Downloader.Femad.bd : No action taken.
    C:\Documents and Settings\Momanda\Local Settings\Temp\abc1237olaa.exe -> Heuristic.Win32.Dialer : No action taken.
    C:\Documents and Settings\Momanda\Local Settings\Temp\abc123CSDDa.exe -> Heuristic.Win32.Dialer : No action taken.
    C:\Documents and Settings\Momanda\Local Settings\Temp\abc123Gjaca.exe -> Heuristic.Win32.Dialer : No action taken.
    C:\Documents and Settings\Momanda\Local Settings\Temp\abc123HZPMa.exe -> Heuristic.Win32.Dialer : No action taken.
    C:\Documents and Settings\Momanda\Local Settings\Temp\abc123Rywja.exe -> Heuristic.Win32.Dialer : No action taken.
    C:\Documents and Settings\Momanda\Local Settings\Temp\abc123SXKQa.exe -> Heuristic.Win32.Dialer : No action taken.
    C:\Documents and Settings\Momanda\Local Settings\Temp\abc123SsvLa.exe -> Heuristic.Win32.Dialer : No action taken.
    C:\Documents and Settings\Momanda\Local Settings\Temp\abc123WlqDa.exe -> Heuristic.Win32.Dialer : No action taken.
    C:\Documents and Settings\Momanda\Local Settings\Temp\abc123aLJ3a.exe -> Heuristic.Win32.Dialer : No action taken.
    C:\Documents and Settings\Momanda\Local Settings\Temp\abc123hPJta.exe -> Heuristic.Win32.Dialer : No action taken.
    C:\Documents and Settings\Momanda\Local Settings\Temp\abc123miu8a.exe -> Heuristic.Win32.Dialer : No action taken.
    C:\Documents and Settings\Momanda\Local Settings\Temp\abc123nrO0a.exe -> Heuristic.Win32.Dialer : No action taken.
    C:\Documents and Settings\Momanda\Local Settings\Temp\abc123rOQNa.exe -> Heuristic.Win32.Dialer : No action taken.
    C:\Documents and Settings\Momanda\Local Settings\Temp\ICD1.tmp\UWAS6_0001_N91M1508NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : No action taken.
    C:\Documents and Settings\Momanda\Local Settings\Temp\ICD3.tmp\UWA7P_0001_N91M0809NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : No action taken.
    C:\WINDOWS\Downloaded Program Files\CONFLICT.1\UWA7P_0001_N91M0809NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : No action taken.
    C:\WINDOWS\Downloaded Program Files\CONFLICT.1\UWAS6_0001_N91M1508NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : No action taken.
    C:\WINDOWS\Downloaded Program Files\CONFLICT.2\UWAS6_0001_N91M1508NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : No action taken.
    C:\WINDOWS\Downloaded Program Files\CONFLICT.3\UWAS6_0001_N91M1508NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : No action taken.
    C:\WINDOWS\Downloaded Program Files\CONFLICT.4\UWAS6_0001_N91M1508NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : No action taken.
    C:\WINDOWS\Downloaded Program Files\CONFLICT.5\UWAS6_0001_N91M1508NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : No action taken.
    C:\WINDOWS\Downloaded Program Files\UWA7P_0001_N91M0809NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : No action taken.
    C:\WINDOWS\Downloaded Program Files\UWAS6_0001_N91M1508NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : No action taken.
    C:\WINDOWS\Downloaded Program Files\UWAS7_0001_N91M1112NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : No action taken.
    C:\Documents and Settings\Momanda\Cookies\momanda@2o7[2].txt -> TrackingCookie.2o7 : No action taken.
    C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@ad.admarketplace[1].txt -> TrackingCookie.Admarketplace : No action taken.
    C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Cookies\compaq_owner@ad.admarketplace[1].txt -> TrackingCookie.Admarketplace : No action taken.
    C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Cookies\compaq_owner@admarketplace[2].txt -> TrackingCookie.Admarketplace : No action taken.
    C:\Documents and Settings\Momanda\Cookies\momanda@admarketplace[2].txt -> TrackingCookie.Admarketplace : No action taken.
    C:\Documents and Settings\Momanda\Local Settings\Temp\Cookies\momanda@ad.admarketplace[2].txt -> TrackingCookie.Admarketplace : No action taken.
    C:\Documents and Settings\Momanda\Local Settings\Temp\Cookies\momanda@admarketplace[1].txt -> TrackingCookie.Admarketplace : No action taken.
    C:\Documents and Settings\Momanda\Cookies\momanda@www.adobe[2].txt -> TrackingCookie.Adobe : No action taken.
    C:\Documents and Settings\Momanda\Cookies\momanda@advertising[2].txt -> TrackingCookie.Advertising : No action taken.
    C:\Documents and Settings\Momanda\Cookies\momanda@atdmt[1].txt -> TrackingCookie.Atdmt : No action taken.
    C:\Documents and Settings\Momanda\Cookies\momanda@casalemedia[1].txt -> TrackingCookie.Casalemedia : No action taken.
    C:\Documents and Settings\Momanda\Cookies\momanda@counter.cnw[1].txt -> TrackingCookie.Cnw : No action taken.
    C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@connextra[1].txt -> TrackingCookie.Connextra : No action taken.
    C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Cookies\compaq_owner@connextra[1].txt -> TrackingCookie.Connextra : No action taken.
    C:\Documents and Settings\Momanda\Cookies\momanda@connextra[1].txt -> TrackingCookie.Connextra : No action taken.
    C:\Documents and Settings\Momanda\Local Settings\Temp\Cookies\momanda@connextra[1].txt -> TrackingCookie.Connextra : No action taken.
    C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Cookies\compaq_owner@stat.dealtime[1].txt -> TrackingCookie.Dealtime : No action taken.
    C:\Documents and Settings\Momanda\Cookies\momanda@doubleclick[1].txt -> TrackingCookie.Doubleclick : No action taken.
    C:\Documents and Settings\Momanda\Cookies\momanda@adopt.euroclick[2].txt -> TrackingCookie.Euroclick : No action taken.
    C:\Documents and Settings\Momanda\Cookies\momanda@fastclick[1].txt -> TrackingCookie.Fastclick : No action taken.
    C:\Documents and Settings\Momanda\Local Settings\Temp\Cookies\momanda@fortunecity[1].txt -> TrackingCookie.Fortunecity : No action taken.
    C:\Documents and Settings\Momanda\Cookies\momanda@ehg-equifax.hitbox[2].txt -> TrackingCookie.Hitbox : No action taken.
    C:\Documents and Settings\Momanda\Cookies\momanda@ehg-groupernetworks.hitbox[2].txt -> TrackingCookie.Hitbox : No action taken.
    C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Cookies\compaq_owner@searchportal.information[2].txt -> TrackingCookie.Information : No action taken.
    C:\Documents and Settings\Momanda\Cookies\momanda@searchportal.information[2].txt -> TrackingCookie.Information : No action taken.
    C:\WINDOWS\Temp\Cookies\momanda@searchportal.information[1].txt -> TrackingCookie.Information : No action taken.
    C:\Documents and Settings\Momanda\Cookies\momanda@search.live[1].txt -> TrackingCookie.Live : No action taken.
    C:\Documents and Settings\Momanda\Cookies\momanda@mediaplex[2].txt -> TrackingCookie.Mediaplex : No action taken.
    C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@search.msn[2].txt -> TrackingCookie.Msn : No action taken.
    C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Cookies\compaq_owner@search.msn[2].txt -> TrackingCookie.Msn : No action taken.
    C:\Documents and Settings\Momanda\Cookies\momanda@search.msn[2].txt -> TrackingCookie.Msn : No action taken.
    C:\Documents and Settings\Momanda\Local Settings\Temp\Cookies\momanda@search.msn[1].txt -> TrackingCookie.Msn : No action taken.
    C:\Documents and Settings\Momanda\Cookies\momanda@ssl-hints.netflame[1].txt -> TrackingCookie.Netflame : No action taken.
    C:\Documents and Settings\Momanda\Local Settings\Temp\Cookies\momanda@ssl-hints.netflame[2].txt -> TrackingCookie.Netflame : No action taken.
    C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@www.paypal[1].txt -> TrackingCookie.Paypal : No action taken.
    C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Cookies\compaq_owner@www.paypal[1].txt -> TrackingCookie.Paypal : No action taken.
    C:\Documents and Settings\Momanda\Cookies\momanda@www.paypal[1].txt -> TrackingCookie.Paypal : No action taken.
    C:\Documents and Settings\Momanda\Local Settings\Temp\Cookies\momanda@www.paypal[1].txt -> TrackingCookie.Paypal : No action taken.
    C:\Documents and Settings\Momanda\Cookies\momanda@ads.planetactive[1].txt -> TrackingCookie.Planetactive : No action taken.
    C:\Documents and Settings\Momanda\Cookies\momanda@ads.pointroll[2].txt -> TrackingCookie.Pointroll : No action taken.
    C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Cookies\compaq_owner@real[2].txt -> TrackingCookie.Real : No action taken.
    C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Cookies\compaq_owner@www.real[1].txt -> TrackingCookie.Real : No action taken.
    C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@network.realmedia[1].txt -> TrackingCookie.Realmedia : No action taken.
    C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@realmedia[1].txt -> TrackingCookie.Realmedia : No action taken.
    C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Cookies\compaq_owner@realmedia[1].txt -> TrackingCookie.Realmedia : No action taken.
    C:\Documents and Settings\Momanda\Cookies\momanda@network.realmedia[1].txt -> TrackingCookie.Realmedia : No action taken.
    C:\Documents and Settings\Momanda\Cookies\momanda@realmedia[1].txt -> TrackingCookie.Realmedia : No action taken.
    C:\Documents and Settings\Momanda\Local Settings\Temp\Cookies\momanda@network.realmedia[1].txt -> TrackingCookie.Realmedia : No action taken.
    C:\Documents and Settings\Momanda\Local Settings\Temp\Cookies\momanda@realmedia[1].txt -> TrackingCookie.Realmedia : No action taken.
    C:\WINDOWS\Temp\Cookies\momanda@realmedia[2].txt -> TrackingCookie.Realmedia : No action taken.
    C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@revsci[2].txt -> TrackingCookie.Revsci : No action taken.
    C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Cookies\compaq_owner@revsci[1].txt -> TrackingCookie.Revsci : No action taken.
    C:\Documents and Settings\Momanda\Cookies\momanda@revsci[1].txt -> TrackingCookie.Revsci : No action taken.
    C:\Documents and Settings\Momanda\Local Settings\Temp\Cookies\momanda@revsci[2].txt -> TrackingCookie.Revsci : No action taken.
    C:\WINDOWS\Temp\Cookies\momanda@revsci[1].txt -> TrackingCookie.Revsci : No action taken.
    C:\Documents and Settings\Momanda\Cookies\momanda@edge.ru4[2].txt -> TrackingCookie.Ru4 : No action taken.
    C:\Documents and Settings\Momanda\Cookies\momanda@bs.serving-sys[1].txt -> TrackingCookie.Serving-sys : No action taken.
    C:\Documents and Settings\Momanda\Cookies\momanda@serving-sys[2].txt -> TrackingCookie.Serving-sys : No action taken.
    C:\Documents and Settings\Momanda\Cookies\momanda@statcounter[1].txt -> TrackingCookie.Statcounter : No action taken.
    C:\Documents and Settings\Momanda\Cookies\momanda@toplist[1].txt -> TrackingCookie.Toplist : No action taken.
    C:\Documents and Settings\Momanda\Local Settings\Temp\Cookies\momanda@toplist[1].txt -> TrackingCookie.Toplist : No action taken.
    C:\Documents and Settings\Momanda\Cookies\momanda@trafficmp[2].txt -> TrackingCookie.Trafficmp : No action taken.
    C:\Documents and Settings\Momanda\Cookies\momanda@tribalfusion[2].txt -> TrackingCookie.Tribalfusion : No action taken.
    C:\Documents and Settings\Momanda\Cookies\momanda@reduxads.valuead[2].txt -> TrackingCookie.Valuead : No action taken.
    C:\Documents and Settings\Momanda\Cookies\momanda@m.webtrends[1].txt -> TrackingCookie.Webtrends : No action taken.
    C:\Documents and Settings\Momanda\Cookies\momanda@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : No action taken.


    ::Report end

    panda activescan is still scanning will post that as soon as its done
     
    wrench,
    #3
  5. 2007/03/19
    noahdfear

    noahdfear Inactive

    Joined:
    2003/04/06
    Messages:
    12,178
    Likes Received:
    15
    Hi wrench.

    Unfortunately, there was no action taken by AVG Antispyware on the many infected files it found. You will need to perform the scan again, and when complete, BEFORE you click the 'Save Scan Report' button, you need to make sure that Set all elements to: shows Quarantine (if not click on the link and choose Quarantine from the popup menu), AND at the bottom of the window click on the Apply all Actions button.

    Post the new scan report.
     
    noahdfear,
    #4
  6. 2007/03/19
    wrench

    wrench Inactive Thread Starter

    Joined:
    2007/03/18
    Messages:
    8
    Likes Received:
    0
    i was afraid of that when i read not action taken on them well and now that ive read the instruction agian i see that i missed bright red lettering IMPORTANT : (Don't click on the "Save Scan Report" button before you did hit the "Apply all Actions" button.)" sorry bout that ive spent the last 12 hours scaning with panda activescan its at 600000 files and isnt even half way done but ill redo the avg scan and repost the report
     
    wrench,
    #5
  7. 2007/03/20
    wrench

    wrench Inactive Thread Starter

    Joined:
    2007/03/18
    Messages:
    8
    Likes Received:
    0
    AVG Anti-Spyware - Scan Report
    ---------------------------------------------------------

    + Created at: 2:45:00 PM 3/20/2007

    + Scan result:



    C:\Program Files\WinBudget\bin\****.1168970705.old -> Adware.BHO : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{55AD45FB-8993-4F27-867B-0B74F04FFF84}\RP593\A0323803.dll -> Adware.BHO : Cleaned with backup (quarantined).
    C:\WINDOWS\uninst123.exe -> Adware.DigInk : Cleaned with backup (quarantined).
    C:\RECYCLER\S-1-5-21-1533324351-1763464976-3049104861-1010\Dc376.exe -> Adware.Hoax.Renos : Cleaned with backup (quarantined).
    C:\WINDOWS\Downloaded Program Files\CONFLICT.1\amm06.ocx -> Adware.MediaMotor : Cleaned with backup (quarantined).
    C:\WINDOWS\Downloaded Program Files\CONFLICT.2\amm06.ocx -> Adware.MediaMotor : Cleaned with backup (quarantined).
    C:\WINDOWS\Downloaded Program Files\CONFLICT.3\amm06.ocx -> Adware.MediaMotor : Cleaned with backup (quarantined).
    C:\WINDOWS\Downloaded Program Files\CONFLICT.4\amm06.ocx -> Adware.MediaMotor : Cleaned with backup (quarantined).
    C:\WINDOWS\Downloaded Program Files\amm06.ocx -> Adware.MediaMotor : Cleaned with backup (quarantined).
    C:\WINDOWS\up9.exe -> Adware.MediaMotor : Cleaned with backup (quarantined).
    C:\WINDOWS\chadch.exe -> Adware.SideFind : Cleaned with backup (quarantined).
    C:\WINDOWS\Downloaded Program Files\Install.dll -> Adware.SpywareStorm : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{55AD45FB-8993-4F27-867B-0B74F04FFF84}\RP561\A0320770.rbf -> Downloader.Agent.awf : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{55AD45FB-8993-4F27-867B-0B74F04FFF84}\RP564\A0321043.EXE -> Downloader.Agent.awf : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{55AD45FB-8993-4F27-867B-0B74F04FFF84}\RP565\A0321136.exe -> Downloader.Agent.awf : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{55AD45FB-8993-4F27-867B-0B74F04FFF84}\RP593\A0323804.exe -> Downloader.Agent.awf : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{55AD45FB-8993-4F27-867B-0B74F04FFF84}\RP593\A0323823.EXE -> Downloader.Agent.awf : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{55AD45FB-8993-4F27-867B-0B74F04FFF84}\RP593\A0323830.exe -> Downloader.Agent.awf : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{55AD45FB-8993-4F27-867B-0B74F04FFF84}\RP593\A0323831.exe -> Downloader.Agent.awf : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{55AD45FB-8993-4F27-867B-0B74F04FFF84}\RP593\A0323832.exe -> Downloader.Agent.awf : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{55AD45FB-8993-4F27-867B-0B74F04FFF84}\RP593\A0323833.exe -> Downloader.Agent.awf : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{55AD45FB-8993-4F27-867B-0B74F04FFF84}\RP593\A0323834.exe -> Downloader.Agent.awf : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{55AD45FB-8993-4F27-867B-0B74F04FFF84}\RP593\A0323835.EXE -> Downloader.Agent.awf : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{55AD45FB-8993-4F27-867B-0B74F04FFF84}\RP593\A0323836.exe -> Downloader.Agent.awf : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{55AD45FB-8993-4F27-867B-0B74F04FFF84}\RP593\A0323837.exe -> Downloader.Agent.awf : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{55AD45FB-8993-4F27-867B-0B74F04FFF84}\RP593\A0323854.exe -> Downloader.Agent.awf : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{55AD45FB-8993-4F27-867B-0B74F04FFF84}\RP593\A0323838.exe -> Downloader.Femad.bd : Cleaned with backup (quarantined).
    C:\Documents and Settings\Momanda\Local Settings\Temp\abc1237olaa.exe -> Heuristic.Win32.Dialer : Cleaned with backup (quarantined).
    C:\Documents and Settings\Momanda\Local Settings\Temp\abc123CSDDa.exe -> Heuristic.Win32.Dialer : Cleaned with backup (quarantined).
    C:\Documents and Settings\Momanda\Local Settings\Temp\abc123Gjaca.exe -> Heuristic.Win32.Dialer : Cleaned with backup (quarantined).
    C:\Documents and Settings\Momanda\Local Settings\Temp\abc123HZPMa.exe -> Heuristic.Win32.Dialer : Cleaned with backup (quarantined).
    C:\Documents and Settings\Momanda\Local Settings\Temp\abc123Rywja.exe -> Heuristic.Win32.Dialer : Cleaned with backup (quarantined).
    C:\Documents and Settings\Momanda\Local Settings\Temp\abc123SXKQa.exe -> Heuristic.Win32.Dialer : Cleaned with backup (quarantined).
    C:\Documents and Settings\Momanda\Local Settings\Temp\abc123SsvLa.exe -> Heuristic.Win32.Dialer : Cleaned with backup (quarantined).
    C:\Documents and Settings\Momanda\Local Settings\Temp\abc123WlqDa.exe -> Heuristic.Win32.Dialer : Cleaned with backup (quarantined).
    C:\Documents and Settings\Momanda\Local Settings\Temp\abc123aLJ3a.exe -> Heuristic.Win32.Dialer : Cleaned with backup (quarantined).
    C:\Documents and Settings\Momanda\Local Settings\Temp\abc123hPJta.exe -> Heuristic.Win32.Dialer : Cleaned with backup (quarantined).
    C:\Documents and Settings\Momanda\Local Settings\Temp\abc123miu8a.exe -> Heuristic.Win32.Dialer : Cleaned with backup (quarantined).
    C:\Documents and Settings\Momanda\Local Settings\Temp\abc123nrO0a.exe -> Heuristic.Win32.Dialer : Cleaned with backup (quarantined).
    C:\Documents and Settings\Momanda\Local Settings\Temp\abc123rOQNa.exe -> Heuristic.Win32.Dialer : Cleaned with backup (quarantined).
    C:\Documents and Settings\Momanda\Local Settings\Temp\ICD1.tmp\UWAS6_0001_N91M1508NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : Cleaned with backup (quarantined).
    C:\Documents and Settings\Momanda\Local Settings\Temp\ICD3.tmp\UWA7P_0001_N91M0809NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : Cleaned with backup (quarantined).
    C:\WINDOWS\Downloaded Program Files\CONFLICT.1\UWA7P_0001_N91M0809NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : Cleaned with backup (quarantined).
    C:\WINDOWS\Downloaded Program Files\CONFLICT.1\UWAS6_0001_N91M1508NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : Cleaned with backup (quarantined).
    C:\WINDOWS\Downloaded Program Files\CONFLICT.2\UWAS6_0001_N91M1508NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : Cleaned with backup (quarantined).
    C:\WINDOWS\Downloaded Program Files\CONFLICT.3\UWAS6_0001_N91M1508NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : Cleaned with backup (quarantined).
    C:\WINDOWS\Downloaded Program Files\CONFLICT.4\UWAS6_0001_N91M1508NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : Cleaned with backup (quarantined).
    C:\WINDOWS\Downloaded Program Files\CONFLICT.5\UWAS6_0001_N91M1508NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : Cleaned with backup (quarantined).
    C:\WINDOWS\Downloaded Program Files\UWA7P_0001_N91M0809NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : Cleaned with backup (quarantined).
    C:\WINDOWS\Downloaded Program Files\UWAS6_0001_N91M1508NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : Cleaned with backup (quarantined).
    C:\WINDOWS\Downloaded Program Files\UWAS7_0001_N91M1112NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : Cleaned with backup (quarantined).
    C:\Documents and Settings\Momanda\Cookies\momanda@2o7[2].txt -> TrackingCookie.2o7 : Cleaned.
    C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@ad.admarketplace[1].txt -> TrackingCookie.Admarketplace : Cleaned.
    C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Cookies\compaq_owner@ad.admarketplace[1].txt -> TrackingCookie.Admarketplace : Cleaned.
    C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Cookies\compaq_owner@admarketplace[2].txt -> TrackingCookie.Admarketplace : Cleaned.
    C:\Documents and Settings\Momanda\Cookies\momanda@admarketplace[2].txt -> TrackingCookie.Admarketplace : Cleaned.
    C:\Documents and Settings\Momanda\Local Settings\Temp\Cookies\momanda@ad.admarketplace[2].txt -> TrackingCookie.Admarketplace : Cleaned.
    C:\Documents and Settings\Momanda\Local Settings\Temp\Cookies\momanda@admarketplace[1].txt -> TrackingCookie.Admarketplace : Cleaned.
    C:\Documents and Settings\Momanda\Cookies\momanda@www.adobe[2].txt -> TrackingCookie.Adobe : Cleaned.
    C:\Documents and Settings\Momanda\Cookies\momanda@advertising[1].txt -> TrackingCookie.Advertising : Cleaned.
    C:\Documents and Settings\Momanda\Cookies\momanda@atdmt[1].txt -> TrackingCookie.Atdmt : Cleaned.
    C:\Documents and Settings\Momanda\Cookies\momanda@citi.bridgetrack[1].txt -> TrackingCookie.Bridgetrack : Cleaned.
    C:\Documents and Settings\Momanda\Cookies\momanda@casalemedia[2].txt -> TrackingCookie.Casalemedia : Cleaned.
    C:\Documents and Settings\Momanda\Cookies\momanda@counter.cnw[1].txt -> TrackingCookie.Cnw : Cleaned.
    C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@connextra[1].txt -> TrackingCookie.Connextra : Cleaned.
    C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Cookies\compaq_owner@connextra[1].txt -> TrackingCookie.Connextra : Cleaned.
    C:\Documents and Settings\Momanda\Cookies\momanda@connextra[1].txt -> TrackingCookie.Connextra : Cleaned.
    C:\Documents and Settings\Momanda\Local Settings\Temp\Cookies\momanda@connextra[1].txt -> TrackingCookie.Connextra : Cleaned.
    C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Cookies\compaq_owner@stat.dealtime[1].txt -> TrackingCookie.Dealtime : Cleaned.
    C:\Documents and Settings\Momanda\Cookies\momanda@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned.
    C:\Documents and Settings\Momanda\Cookies\momanda@adopt.euroclick[2].txt -> TrackingCookie.Euroclick : Cleaned.
    C:\Documents and Settings\Momanda\Cookies\momanda@fastclick[1].txt -> TrackingCookie.Fastclick : Cleaned.
    C:\Documents and Settings\Momanda\Local Settings\Temp\Cookies\momanda@fortunecity[1].txt -> TrackingCookie.Fortunecity : Cleaned.
    C:\Documents and Settings\Momanda\Cookies\momanda@ehg-equifax.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned.
    C:\Documents and Settings\Momanda\Cookies\momanda@ehg-groupernetworks.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned.
    C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Cookies\compaq_owner@searchportal.information[2].txt -> TrackingCookie.Information : Cleaned.
    C:\Documents and Settings\Momanda\Cookies\momanda@searchportal.information[2].txt -> TrackingCookie.Information : Cleaned.
    C:\WINDOWS\Temp\Cookies\momanda@searchportal.information[1].txt -> TrackingCookie.Information : Cleaned.
    C:\Documents and Settings\Momanda\Cookies\momanda@search.live[1].txt -> TrackingCookie.Live : Cleaned.
    C:\Documents and Settings\Momanda\Cookies\momanda@mediaplex[2].txt -> TrackingCookie.Mediaplex : Cleaned.
    C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@search.msn[2].txt -> TrackingCookie.Msn : Cleaned.
    C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Cookies\compaq_owner@search.msn[2].txt -> TrackingCookie.Msn : Cleaned.
    C:\Documents and Settings\Momanda\Cookies\momanda@search.msn[2].txt -> TrackingCookie.Msn : Cleaned.
    C:\Documents and Settings\Momanda\Local Settings\Temp\Cookies\momanda@search.msn[1].txt -> TrackingCookie.Msn : Cleaned.
    C:\Documents and Settings\Momanda\Cookies\momanda@ssl-hints.netflame[1].txt -> TrackingCookie.Netflame : Cleaned.
    C:\Documents and Settings\Momanda\Local Settings\Temp\Cookies\momanda@ssl-hints.netflame[2].txt -> TrackingCookie.Netflame : Cleaned.
    C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@www.paypal[1].txt -> TrackingCookie.Paypal : Cleaned.
    C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Cookies\compaq_owner@www.paypal[1].txt -> TrackingCookie.Paypal : Cleaned.
    C:\Documents and Settings\Momanda\Cookies\momanda@www.paypal[1].txt -> TrackingCookie.Paypal : Cleaned.
    C:\Documents and Settings\Momanda\Local Settings\Temp\Cookies\momanda@www.paypal[1].txt -> TrackingCookie.Paypal : Cleaned.
    C:\Documents and Settings\Momanda\Cookies\momanda@ads.planetactive[1].txt -> TrackingCookie.Planetactive : Cleaned.
    C:\Documents and Settings\Momanda\Cookies\momanda@ads.pointroll[1].txt -> TrackingCookie.Pointroll : Cleaned.
    C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Cookies\compaq_owner@real[2].txt -> TrackingCookie.Real : Cleaned.
    C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Cookies\compaq_owner@www.real[1].txt -> TrackingCookie.Real : Cleaned.
    C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@network.realmedia[1].txt -> TrackingCookie.Realmedia : Cleaned.
    C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@realmedia[1].txt -> TrackingCookie.Realmedia : Cleaned.
    C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Cookies\compaq_owner@realmedia[1].txt -> TrackingCookie.Realmedia : Cleaned.
    C:\Documents and Settings\Momanda\Cookies\momanda@network.realmedia[1].txt -> TrackingCookie.Realmedia : Cleaned.
    C:\Documents and Settings\Momanda\Cookies\momanda@realmedia[2].txt -> TrackingCookie.Realmedia : Cleaned.
    C:\Documents and Settings\Momanda\Local Settings\Temp\Cookies\momanda@network.realmedia[1].txt -> TrackingCookie.Realmedia : Cleaned.
    C:\Documents and Settings\Momanda\Local Settings\Temp\Cookies\momanda@realmedia[1].txt -> TrackingCookie.Realmedia : Cleaned.
    C:\WINDOWS\Temp\Cookies\momanda@realmedia[2].txt -> TrackingCookie.Realmedia : Cleaned.
    C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@revsci[2].txt -> TrackingCookie.Revsci : Cleaned.
    C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Cookies\compaq_owner@revsci[1].txt -> TrackingCookie.Revsci : Cleaned.
    C:\Documents and Settings\Momanda\Cookies\momanda@revsci[2].txt -> TrackingCookie.Revsci : Cleaned.
    C:\Documents and Settings\Momanda\Local Settings\Temp\Cookies\momanda@revsci[2].txt -> TrackingCookie.Revsci : Cleaned.
    C:\WINDOWS\Temp\Cookies\momanda@revsci[1].txt -> TrackingCookie.Revsci : Cleaned.
    C:\Documents and Settings\Momanda\Cookies\momanda@edge.ru4[1].txt -> TrackingCookie.Ru4 : Cleaned.
    C:\Documents and Settings\Momanda\Cookies\momanda@bs.serving-sys[1].txt -> TrackingCookie.Serving-sys : Cleaned.
    C:\Documents and Settings\Momanda\Cookies\momanda@serving-sys[2].txt -> TrackingCookie.Serving-sys : Cleaned.
    C:\Documents and Settings\Momanda\Cookies\momanda@statcounter[1].txt -> TrackingCookie.Statcounter : Cleaned.
    C:\Documents and Settings\Momanda\Cookies\momanda@toplist[1].txt -> TrackingCookie.Toplist : Cleaned.
    C:\Documents and Settings\Momanda\Local Settings\Temp\Cookies\momanda@toplist[1].txt -> TrackingCookie.Toplist : Cleaned.
    C:\Documents and Settings\Momanda\Cookies\momanda@trafficmp[2].txt -> TrackingCookie.Trafficmp : Cleaned.
    C:\Documents and Settings\Momanda\Cookies\momanda@tribalfusion[2].txt -> TrackingCookie.Tribalfusion : Cleaned.
    C:\Documents and Settings\Momanda\Cookies\momanda@reduxads.valuead[2].txt -> TrackingCookie.Valuead : Cleaned.
    C:\Documents and Settings\Momanda\Cookies\momanda@m.webtrends[1].txt -> TrackingCookie.Webtrends : Cleaned.
    C:\Documents and Settings\Momanda\Cookies\momanda@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Cleaned.
    C:\Documents and Settings\Momanda\Cookies\momanda@zedo[1].txt -> TrackingCookie.Zedo : Cleaned.


    ::Report end

    also it found :

    c:hp/kbd/kbd.exe
    C:programfiles/java/jre1.5.0_02/bin/jushed.exe
    C:programfiles/Winbudget/bin/matrix.dll

    not while it was scanning
     
    Last edited: 2007/03/20
    wrench,
    #6
  8. 2007/03/20
    wrench

    wrench Inactive Thread Starter

    Joined:
    2007/03/18
    Messages:
    8
    Likes Received:
    0
    Logfile of HijackThis v1.99.1
    Scan saved at 3:16:15 PM, on 3/20/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\Program Files\ewido anti-malware\ewidoctrl.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\wanmpsvc.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\VTTimer.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\AGRSMMSG.exe
    C:\WINDOWS\ALCXMNTR.EXE
    C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
    C:\Program Files\Common Files\AOL\1138080167\ee\AOLSoftware.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\WINDOWS\system32\ps2.exe
    C:\Program Files\Logitech\MouseWare\system\em_exec.exe
    C:\Program Files\Logitech\iTouch\iTouch.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
    C:\PROGRA~1\MI3AA1~1\wcescomm.exe
    C:\PROGRA~1\MI3AA1~1\rapimgr.exe
    C:\Program Files\Defender Pro LLC\Defender Pro Firewall\KAVPF.exe
    C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
    C:\Program Files\HJT\HijackThis.exe
    c:\program files\common files\aol\1138080167\ee\services\antiSpywareApp\ver2_0_32_1\AOLSP Scheduler.exe
    c:\program files\common files\aol\1138080167\ee\aolsoftware.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\America Online 9.0\waol.exe
    C:\Program Files\Common Files\Aol\aoltpspd.exe
    C:\WINDOWS\system32\wuauclt.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://myspace.com/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.meloco.com/index.php?i=sm
    R3 - URLSearchHook: (no name) - {D4A8167D-1D2A-D386-68F4-0C3715BDD9CB} - C:\WINDOWS\oufokltr.dll (file missing)
    O2 - BHO: BhoApp Class - {0CB66BA8-5E1F-4963-93D1-E1D6B78FE9A2} - C:\Program Files\WinBudget\bin\matrix.dll (file missing)
    O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll (file missing)
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O3 - Toolbar: (no name) - {77FBF9B8-1D37-4FF2-9CED-192D8E3ABA6F} - (no file)
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
    O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
    O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
    O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
    O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
    O4 - HKLM\..\Run: [EarthLink Installer] " /C
    O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [ms065072-31996] C:\WINDOWS\ms065072-31996.exe
    O4 - HKLM\..\Run: [win32065072-31996] C:\WINDOWS\win32065072-31996.exe
    O4 - HKLM\..\Run: [YourMonitor] C:\WINDOWS\SYS98
    O4 - HKLM\..\Run: [win3207072-319965] C:\WINDOWS\win3207072-319965.exe
    O4 - HKLM\..\Run: [sys01319965072-] C:\WINDOWS\sys01319965072-.exe
    O4 - HKLM\..\Run: [ms0565072-3199] C:\WINDOWS\ms0565072-3199.exe
    O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1138080167\ee\AOLSoftware.exe
    O4 - HKLM\..\Run: [MTBar] C:\WINDOWS\mirar.exe
    O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe "
    O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
    O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet
    O4 - HKCU\..\Run: [actx1.exe] C:\Documents and Settings\Momanda\Application Data\System Restore\actx1.exe
    O4 - HKCU\..\Run: [zqactx1.exe] C:\Documents and Settings\Momanda\Application Data\System Restore\zqactx1.exe
    O4 - HKCU\..\Run: [mc-110-12-0000122.exe] C:\WINDOWS\system32\mc-110-12-0000122.exe
    O4 - HKCU\..\Run: [fran-super.exe] C:\Documents and Settings\Momanda\Application Data\System Restore\fran-super.exe
    O4 - HKCU\..\Run: [ventbb.exe] C:\WINDOWS\system32\ventbb.exe
    O4 - HKCU\..\Run: [VB1.exe] C:\Documents and Settings\Momanda\Application Data\System Restore\VB1.exe
    O4 - HKCU\..\Run: [Setup75.exe] C:\WINDOWS\system32\Setup75.exe
    O4 - HKCU\..\Run: [ZQInContextactx1.exe] C:\Documents and Settings\Momanda\Application Data\System Restore\ZQInContextactx1.exe
    O4 - HKCU\..\Run: [elts4.exe] C:\Documents and Settings\Momanda\Application Data\System Restore\elts4.exe
    O4 - HKCU\..\Run: [SSK35.exe] C:\Documents and Settings\Momanda\Application Data\System Restore\SSK35.exe
    O4 - HKCU\..\Run: [o3mrk.Stub.exe] C:\Documents and Settings\Momanda\Application Data\System Restore\o3mrk.Stub.exe
    O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\PROGRA~1\MI3AA1~1\wcescomm.exe "
    O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
    O4 - Global Startup: Defender Pro Firewall.lnk = ?
    O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
    O8 - Extra context menu item: &Search - http://ka.bar.need2find.com/KA/menusearch.html?p=KA
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
    O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
    O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
    O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
    O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll (file missing)
    O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll (file missing)
    O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {9E248641-0E24-4DDB-9A1F-705087832AD6} - (no file)
    O9 - Extra 'Tools' menuitem: Java - {9E248641-0E24-4DDB-9A1F-705087832AD6} - (no file)
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {200B3EE9-7242-4EFD-B1E4-D97EE825BA53} (VerifyGMN Class) - http://h20270.www2.hp.com/ediags/gmn/install/hpobjinstaller_gmn.cab
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
    O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com/computercheckup/qdiagcc.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1141443388906
    O16 - DPF: {87056D28-9730-4A47-B9F9-7E890B62C58A} (WildfireActiveXHost Class) - http://aolsvc.aol.com/onlinegames/ghtumblebugs/axhost.cab
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
    O16 - DPF: {A1426AC5-8CE5-4A00-B71E-011D35709AC6} (Progetto1.int_ver34) - http://advnt01.com/dialer/int_ver34.CAB
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
    O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://aolsvc.aol.com/onlinegames/tryaces/zylomgamesplayer.cab
    O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://aolsvc.aol.com/onlinegames/heavyweapon/popcaploader_v7.cab
    O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{84DD65D3-464D-4E52-A2DC-EC71D8872DED}: NameServer = 205.188.146.145
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
    O20 - AppInit_DLLs:
    O20 - Winlogon Notify: ModuleUsage - C:\WINDOWS\system32\p64u0gh9e64.dll (file missing)
    O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
    O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\Program Files\Common Files\AOL\AOL Spyware Protection\\aolserv.exe (file missing)
    O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Software Jukebox v2.0 Service - Unknown owner - C:\Program Files\Common Files\Microsoft Shared\Service\Software Jukebox v2.0 File.exe
    O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
     
    wrench,
    #7
  9. 2007/03/20
    noahdfear

    noahdfear Inactive

    Joined:
    2003/04/06
    Messages:
    12,178
    Likes Received:
    15
    Please download Look2MeDestroyer from the link below, and run it according to the instructions given.

    http://www.atribune.org/content/view/28/2/

    When complete, scan again with HijackThis and place a check next to any of the remaining entries.

    R3 - URLSearchHook: (no name) - {D4A8167D-1D2A-D386-68F4-0C3715BDD9CB} - C:\WINDOWS\oufokltr.dll (file missing)
    O2 - BHO: BhoApp Class - {0CB66BA8-5E1F-4963-93D1-E1D6B78FE9A2} - C:\Program Files\WinBudget\bin\matrix.dll (file missing)
    O3 - Toolbar: (no name) - {77FBF9B8-1D37-4FF2-9CED-192D8E3ABA6F} - (no file)
    O4 - HKLM\..\Run: [ms065072-31996] C:\WINDOWS\ms065072-31996.exe
    O4 - HKLM\..\Run: [win32065072-31996] C:\WINDOWS\win32065072-31996.exe
    O4 - HKLM\..\Run: [YourMonitor] C:\WINDOWS\SYS98
    O4 - HKLM\..\Run: [win3207072-319965] C:\WINDOWS\win3207072-319965.exe
    O4 - HKLM\..\Run: [sys01319965072-] C:\WINDOWS\sys01319965072-.exe
    O4 - HKLM\..\Run: [ms0565072-3199] C:\WINDOWS\ms0565072-3199.exe
    O4 - HKLM\..\Run: [MTBar] C:\WINDOWS\mirar.exe
    O4 - HKCU\..\Run: [actx1.exe] C:\Documents and Settings\Momanda\Application Data\System Restore\actx1.exe
    O4 - HKCU\..\Run: [zqactx1.exe] C:\Documents and Settings\Momanda\Application Data\System Restore\zqactx1.exe
    O4 - HKCU\..\Run: [mc-110-12-0000122.exe] C:\WINDOWS\system32\mc-110-12-0000122.exe
    O4 - HKCU\..\Run: [fran-super.exe] C:\Documents and Settings\Momanda\Application Data\System Restore\fran-super.exe
    O4 - HKCU\..\Run: [ventbb.exe] C:\WINDOWS\system32\ventbb.exe
    O4 - HKCU\..\Run: [VB1.exe] C:\Documents and Settings\Momanda\Application Data\System Restore\VB1.exe
    O4 - HKCU\..\Run: [Setup75.exe] C:\WINDOWS\system32\Setup75.exe
    O4 - HKCU\..\Run: [ZQInContextactx1.exe] C:\Documents and Settings\Momanda\Application Data\System Restore\ZQInContextactx1.exe
    O4 - HKCU\..\Run: [elts4.exe] C:\Documents and Settings\Momanda\Application Data\System Restore\elts4.exe
    O4 - HKCU\..\Run: [SSK35.exe] C:\Documents and Settings\Momanda\Application Data\System Restore\SSK35.exe
    O4 - HKCU\..\Run: [o3mrk.Stub.exe] C:\Documents and Settings\Momanda\Application Data\System Restore\o3mrk.Stub.exe
    O8 - Extra context menu item: &Search - http://ka.bar.need2find.com/KA/menusearch.html?p=KA
    O16 - DPF: {A1426AC5-8CE5-4A00-B71E-011D35709AC6} (Progetto1.int_ver34) - http://advnt01.com/dialer/int_ver34.CAB
    O20 - AppInit_DLLs:
    O20 - Winlogon Notify: ModuleUsage - C:\WINDOWS\system32\p64u0gh9e64.dll (file missing)

    Close all other windows, then click Fix Checked. Exit HijackThis.

    Open Add/Remove programs and uninstall WinBudget if listed.

    You will need to set Windows to show hidden files and folders. Instructions here.

    Delete all of the following files if present.

    C:\WINDOWS\mirar.exe
    C:\WINDOWS\ms0565072-3199.exe
    C:\WINDOWS\ms065072-31996.exe
    C:\WINDOWS\SYS98
    C:\WINDOWS\sys01319965072-.exe
    C:\WINDOWS\win32065072-31996.exe
    C:\WINDOWS\win3207072-319965.exe
    C:\WINDOWS\system32\mc-110-12-0000122.exe
    C:\WINDOWS\system32\Setup75.exe
    C:\WINDOWS\system32\ventbb.exe


    Delete the following folders if present.

    C:\Documents and Settings\Momanda\Application Data\System Restore
    C:\Program Files\WinBudget

    Download ATF Cleaner by Atribune and save it to your Desktop.

    http://www.atribune.org/ccount/click.php?id=1

    Double click ATF-Cleaner.exe to run the program.
    Check the boxes to the left of:

    Windows Temp
    Current User Temp
    All Users Temp
    Temporary Internet Files
    Prefetch
    Java Cache
    Recycle bin


    The rest are optional - if you want it to remove everything it can, check "Select All ".
    Finally, click Empty Selected. When you get the "Done Cleaning" message, click OK.
    When you have finished, click on the Exit button in the Main menu.

    Reboot.

    Download FindAWF.exe from the link below, saving to the desktop.

    http://noahdfear.geekstogo.com/FindAWF.exe

    Double click it to run and follow the prompts.

    Scan again with HijackThis and save the log. Please post the contents of the HijackThis log, the AWF.txt log and the Look2MeDestroyer log.
     
    noahdfear,
    #8
  10. 2007/03/21
    wrench

    wrench Inactive Thread Starter

    Joined:
    2007/03/18
    Messages:
    8
    Likes Received:
    0
    Logfile of HijackThis v1.99.1
    Scan saved at 4:13:37 PM, on 3/21/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\Program Files\ewido anti-malware\ewidoctrl.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\wanmpsvc.exe
    C:\WINDOWS\system32\VTTimer.exe
    C:\WINDOWS\AGRSMMSG.exe
    C:\WINDOWS\ALCXMNTR.EXE
    C:\Program Files\Common Files\AOL\1138080167\ee\AOLSoftware.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Logitech\MouseWare\system\em_exec.exe
    C:\WINDOWS\system32\ps2.exe
    C:\Program Files\Logitech\iTouch\iTouch.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\PROGRA~1\MI3AA1~1\wcescomm.exe
    C:\PROGRA~1\MI3AA1~1\rapimgr.exe
    C:\Program Files\Defender Pro LLC\Defender Pro Firewall\KAVPF.exe
    C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
    c:\program files\common files\aol\1138080167\ee\services\antiSpywareApp\ver2_0_32_1\AOLSP Scheduler.exe
    c:\program files\common files\aol\1138080167\ee\aolsoftware.exe
    C:\Program Files\America Online 9.0\waol.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\system32\NOTEPAD.EXE
    C:\WINDOWS\system32\wscntfy.exe
    C:\Program Files\Common Files\Aol\aoltpspd.exe
    C:\Documents and Settings\Momanda\Desktop\ATF-Cleaner.exe
    C:\WINDOWS\system32\notepad.exe
    C:\Program Files\HJT\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://myspace.com/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.meloco.com/index.php?i=sm
    O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll (file missing)
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
    O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
    O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
    O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
    O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
    O4 - HKLM\..\Run: [EarthLink Installer] " /C
    O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1138080167\ee\AOLSoftware.exe
    O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe "
    O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
    O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet
    O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\PROGRA~1\MI3AA1~1\wcescomm.exe "
    O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
    O4 - Global Startup: Defender Pro Firewall.lnk = ?
    O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
    O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
    O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
    O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
    O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll (file missing)
    O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll (file missing)
    O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {9E248641-0E24-4DDB-9A1F-705087832AD6} - (no file)
    O9 - Extra 'Tools' menuitem: Java - {9E248641-0E24-4DDB-9A1F-705087832AD6} - (no file)
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {200B3EE9-7242-4EFD-B1E4-D97EE825BA53} (VerifyGMN Class) - http://h20270.www2.hp.com/ediags/gmn/install/hpobjinstaller_gmn.cab
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
    O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com/computercheckup/qdiagcc.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1141443388906
    O16 - DPF: {87056D28-9730-4A47-B9F9-7E890B62C58A} (WildfireActiveXHost Class) - http://aolsvc.aol.com/onlinegames/ghtumblebugs/axhost.cab
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
    O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://aolsvc.aol.com/onlinegames/tryaces/zylomgamesplayer.cab
    O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://aolsvc.aol.com/onlinegames/heavyweapon/popcaploader_v7.cab
    O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{84DD65D3-464D-4E52-A2DC-EC71D8872DED}: NameServer = 205.188.146.145
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
    O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
    O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\Program Files\Common Files\AOL\AOL Spyware Protection\\aolserv.exe (file missing)
    O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Software Jukebox v2.0 Service - Unknown owner - C:\Program Files\Common Files\Microsoft Shared\Service\Software Jukebox v2.0 File.exe
    O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe



    Find AWF report by noahdfear ©2006


    bak folders found
    ~~~~~~~~~~~



    Duplicate files of bak directory contents
    ~~~~~~~~~~~~~~~~~~~~~~~



    end of report
     
    wrench,
    #9
  11. 2007/03/21
    wrench

    wrench Inactive Thread Starter

    Joined:
    2007/03/18
    Messages:
    8
    Likes Received:
    0
    Look2Me-Destroyer V1.0.12

    Scanning for infected files.....
    Scan started at 3/21/2007 2:59:04 PM

    Infected! C:\WINDOWS\system32\p64u0gh9e64.dll

    Attempting to delete infected files...

    Making registry repairs.

    Removing: HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ModuleUsage

    Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{AB2E7DF3-4177-4FBD-9369-F79CF4B37709} "
    HKCR\Clsid\{AB2E7DF3-4177-4FBD-9369-F79CF4B37709}

    Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{729B08B5-E575-41F9-986F-0147CB388E88} "
    HKCR\Clsid\{729B08B5-E575-41F9-986F-0147CB388E88}

    Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{9426A474-555B-4179-8EBA-60174FAE6303} "
    HKCR\Clsid\{9426A474-555B-4179-8EBA-60174FAE6303}

    Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{0FFD82C9-2E68-4B81-B26A-2F9526E43782} "
    HKCR\Clsid\{0FFD82C9-2E68-4B81-B26A-2F9526E43782}

    Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{BBB5C1B2-524C-4C98-A6B6-6E16523B5C6A} "
    HKCR\Clsid\{BBB5C1B2-524C-4C98-A6B6-6E16523B5C6A}

    Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{EAACD8BE-661C-4B47-9D9E-FF08BDF41B64} "
    HKCR\Clsid\{EAACD8BE-661C-4B47-9D9E-FF08BDF41B64}

    Restoring Windows certificates.

    Replaced hosts file with default windows hosts file


    Restoring SeDebugPrivilege for Administrators - Succeeded
     
    wrench,
    #10
  12. 2007/03/21
    noahdfear

    noahdfear Inactive

    Joined:
    2003/04/06
    Messages:
    12,178
    Likes Received:
    15
    Looks good. Fix this one entry with HijackThis.

    O4 - HKLM\..\Run: [EarthLink Installer] " /C


    I'm a bit puzzled by the FindAWF report. Your first AVG-AS scan showed several infected legitimate named files, but no action taken. There should have been bak folders with the legitimate files of same name in them. You mentioned a couple of them found and quarantined during the second scan, yet none of the others showed in second scan. Please check the following directories for a folder named bak

    C:\WINDOWS\SMINST
    C:\WINDOWS\system32
    C:\WINDOWS\system
    C:\hp\KBD
    C:\hp\drivers\hplsbwatcher
     
    noahdfear,
    #11
  13. 2007/03/22
    wrench

    wrench Inactive Thread Starter

    Joined:
    2007/03/18
    Messages:
    8
    Likes Received:
    0
    C:\WINDOWS\SMINST
    C:\WINDOWS\system32
    C:\WINDOWS\system
    C:\hp\KBD
    C:\hp\drivers\hplsbwatcher

    all of the above have a bak folder in them so i guess that makes me puzzled to
     
    wrench,
    #12
  14. 2007/03/22
    noahdfear

    noahdfear Inactive

    Joined:
    2003/04/06
    Messages:
    12,178
    Likes Received:
    15
    1. Please navigate to C:\Windows\system32 and locate the file AUTOEXEC.NT (if it's not there, skip to step 3)
    2. Right click and rename to AUTOEXEC.OLD
    3. Navigate to C:\Windows\Repair and copy AUTOEXEC.NT, then paste it into C:\Windows\system32
    4. Run FindAWF again and post the log if it's any different.
     
    noahdfear,
    #13

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...