1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Logfile Help Please

Discussion in 'Windows - Virus and spyware problems' started by roblatacz, Apr 9, 2007.

  1. roblatacz

    roblatacz Regular member

    Joined:
    Sep 6, 2006
    Messages:
    174
    Likes Received:
    0
    Trophy Points:
    26
    When I go on a website the page redirects and goes on to another site. Can someone see whats wrong and has to be deleted, Thanks.

    Here's my computers logfile.

    Logfile of HijackThis v1.99.1
    Scan saved at 21:19:32, on 09/04/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    C:\WINDOWS\system32\bgsvcgen.exe
    C:\WINDOWS\system32\libusbd-nt.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\MSN Messenger\usnsvc.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\System32\NILaunch.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
    C:\WINDOWS\system32\ezSP_Px.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\Program Files\MessengerPlus! 3\MsgPlus.exe
    C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\Microsoft IntelliType Pro\type32.exe
    C:\Program Files\Microsoft IntelliPoint\point32.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Java\jre1.5.0_11\bin\jucheck.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Hijackthis\HijackThis_v1.99.1.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
    R3 - URLSearchHook: &Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {0AA6E4D8-AE3C-4860-4799-07E98DDECD82} - C:\WINDOWS\system32\tiydwic.dll
    O2 - BHO: (no name) - {49CD0E17-09F4-9E0A-0E29-03457C0D673E} - C:\WINDOWS\system32\tezxwr.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: (no name) - {58605A09-1EA9-A981-9637-09D48B962F75} - C:\WINDOWS\system32\xcsradd.dll
    O2 - BHO: (no name) - {6C698B34-C906-6797-3663-014FC41172E2} - C:\WINDOWS\system32\huhylpf.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: (no name) - {9AC5A846-1ECC-480A-8868-039A1C98CE20} - C:\WINDOWS\system32\jkhhh.dll (file missing)
    O4 - HKLM\..\Run: [Net-It Launcher] C:\WINDOWS\System32\NILaunch.exe
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\system32\ezSP_Px.exe
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
    O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
    O4 - HKLM\..\Run: [tezxwr.dll] C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\tezxwr.dll,rcsaxz
    O4 - HKLM\..\Run: [Ultimate Cleaner] C:\Program Files\Ultimate Cleaner\App.exe
    O4 - HKLM\..\Run: [ctfmon] C:\WINDOWS\system32\dlg\ctfmon.exe
    O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
    O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime Alternative\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
    O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
    O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZJxdm027YYGB
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
    O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204
    O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by126fd.bay126.hotmail.msn.com/resources/MsnPUpld.cab
    O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v4.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1161120896609
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
    O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab
    O16 - DPF: {BE833F39-1E0C-468C-BA70-25AAEE55775E} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab.cab
    O16 - DPF: {C02226EB-A5D7-4B1F-BD7E-635E46C2288D} (Toontown Installer ActiveX Control) - https://ukplay.toontown.com/download/sv1.0.24.18/ttinst.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{7E1C9723-BDF6-4AD8-A923-BFE2317A4E6E}: NameServer = 194.168.4.100,194.168.8.100
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O20 - AppInit_DLLs: MsgPlusLoader.dll
    O20 - Winlogon Notify: jkhhh - C:\WINDOWS\system32\jkhhh.dll (file missing)
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\WINDOWS\system32\bgsvcgen.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
    O23 - Service: LibUsb-Win32 - Daemon, Version 0.1.10.1 (libusbd) - http://libusb-win32.sourceforge.net - C:\WINDOWS\system32\libusbd-nt.exe
    O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
    O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
    O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe
    O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
    O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
     
  2. KotaGuy

    KotaGuy Regular member

    Joined:
    Feb 14, 2007
    Messages:
    485
    Likes Received:
    0
    Trophy Points:
    26
    Please download VundoFix.exe to your desktop.

    [*]Double-click VundoFix.exe to run it.
    [*]Click the Scan for Vundo button.
    [*]Once it's done scanning, click the Remove Vundo button.
    [*]You will receive a prompt asking if you want to remove the files, click YES
    [*]Once you click yes, your desktop will go blank as it starts removing Vundo.
    [*]When completed, it will prompt that it will reboot your computer, click OK.
    [*]Please post the contents of C:\vundofix.txt and a new HiJackThis log.

    Note: It is possible that VundoFix encountered a file it could not remove.
    In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button." when VundoFix appears at reboot.
     
  3. roblatacz

    roblatacz Regular member

    Joined:
    Sep 6, 2006
    Messages:
    174
    Likes Received:
    0
    Trophy Points:
    26
    Ok, Ive done it. I don't know how to post the vundo log but here's a new hijackthis log.

    Logfile of HijackThis v1.99.1
    Scan saved at 10:33:18, on 10/04/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    C:\WINDOWS\system32\bgsvcgen.exe
    C:\WINDOWS\system32\libusbd-nt.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\NILaunch.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
    C:\WINDOWS\system32\ezSP_Px.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\Program Files\MessengerPlus! 3\MsgPlus.exe
    C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\Microsoft IntelliType Pro\type32.exe
    C:\Program Files\Microsoft IntelliPoint\point32.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
    C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Hijackthis\HijackThis_v1.99.1.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
    R3 - URLSearchHook: &Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {0AA6E4D8-AE3C-4860-4799-07E98DDECD82} - C:\WINDOWS\system32\tiydwic.dll (file missing)
    O2 - BHO: (no name) - {49CD0E17-09F4-9E0A-0E29-03457C0D673E} - C:\WINDOWS\system32\tezxwr.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: (no name) - {58605A09-1EA9-A981-9637-09D48B962F75} - C:\WINDOWS\system32\xcsradd.dll
    O2 - BHO: (no name) - {6C698B34-C906-6797-3663-014FC41172E2} - C:\WINDOWS\system32\huhylpf.dll (file missing)
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: (no name) - {9AC5A846-1ECC-480A-8868-039A1C98CE20} - C:\WINDOWS\system32\jkhhh.dll (file missing)
    O4 - HKLM\..\Run: [Net-It Launcher] C:\WINDOWS\System32\NILaunch.exe
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\system32\ezSP_Px.exe
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
    O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
    O4 - HKLM\..\Run: [tezxwr.dll] C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\tezxwr.dll,rcsaxz
    O4 - HKLM\..\Run: [Ultimate Cleaner] C:\Program Files\Ultimate Cleaner\App.exe
    O4 - HKLM\..\Run: [ctfmon] C:\WINDOWS\system32\dlg\ctfmon.exe
    O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
    O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime Alternative\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
    O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
    O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZJxdm027YYGB
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
    O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204
    O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by126fd.bay126.hotmail.msn.com/resources/MsnPUpld.cab
    O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v4.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1161120896609
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
    O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab
    O16 - DPF: {BE833F39-1E0C-468C-BA70-25AAEE55775E} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab.cab
    O16 - DPF: {C02226EB-A5D7-4B1F-BD7E-635E46C2288D} (Toontown Installer ActiveX Control) - https://ukplay.toontown.com/download/sv1.0.24.18/ttinst.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{7E1C9723-BDF6-4AD8-A923-BFE2317A4E6E}: NameServer = 194.168.4.100,194.168.8.100
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O20 - AppInit_DLLs: MsgPlusLoader.dll
    O20 - Winlogon Notify: jkhhh - C:\WINDOWS\system32\jkhhh.dll (file missing)
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\WINDOWS\system32\bgsvcgen.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
    O23 - Service: LibUsb-Win32 - Daemon, Version 0.1.10.1 (libusbd) - http://libusb-win32.sourceforge.net - C:\WINDOWS\system32\libusbd-nt.exe
    O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
    O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
    O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe
    O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
    O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
     
  4. roblatacz

    roblatacz Regular member

    Joined:
    Sep 6, 2006
    Messages:
    174
    Likes Received:
    0
    Trophy Points:
    26
    Ive tried running hijackthis on my second computer but get an error saying MSVBVM60.DLL was not found.
     
  5. KotaGuy

    KotaGuy Regular member

    Joined:
    Feb 14, 2007
    Messages:
    485
    Likes Received:
    0
    Trophy Points:
    26
    There should be a file on your C: drive named VundoFix.txt.

    Double click it to open it and copy/paste the contents in your reply please.
     
  6. roblatacz

    roblatacz Regular member

    Joined:
    Sep 6, 2006
    Messages:
    174
    Likes Received:
    0
    Trophy Points:
    26
    Ok, here it is.

    VundoFix V6.3.19

    Checking Java version...

    Java version is 1.5.0.7
    Old versions of java are exploitable and should be removed.

    Java version is 1.5.0.11

    Scan started at 10:23:57 10/04/2007

    Listing files found while scanning....

    C:\WINDOWS\system32\hhhkj.bak1
    C:\WINDOWS\system32\hhhkj.bak2
    C:\WINDOWS\system32\hhhkj.ini
    C:\WINDOWS\system32\hlaancac.exe
    C:\WINDOWS\system32\huhylpf.dll
    C:\WINDOWS\system32\jkhhh.dll
    C:\WINDOWS\system32\pnnttxde.exe
    C:\WINDOWS\system32\tiydwic.dll

    Beginning removal...

    Attempting to delete C:\WINDOWS\system32\hhhkj.bak1
    C:\WINDOWS\system32\hhhkj.bak1 Has been deleted!

    Attempting to delete C:\WINDOWS\system32\hhhkj.bak2
    C:\WINDOWS\system32\hhhkj.bak2 Has been deleted!

    Attempting to delete C:\WINDOWS\system32\hhhkj.ini
    C:\WINDOWS\system32\hhhkj.ini Has been deleted!

    Attempting to delete C:\WINDOWS\system32\hlaancac.exe
    C:\WINDOWS\system32\hlaancac.exe Has been deleted!

    Attempting to delete C:\WINDOWS\system32\huhylpf.dll
    C:\WINDOWS\system32\huhylpf.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\pnnttxde.exe
    C:\WINDOWS\system32\pnnttxde.exe Has been deleted!

    Attempting to delete C:\WINDOWS\system32\tiydwic.dll
    C:\WINDOWS\system32\tiydwic.dll Has been deleted!

    Performing Repairs to the registry.
    Done!
     
  7. roblatacz

    roblatacz Regular member

    Joined:
    Sep 6, 2006
    Messages:
    174
    Likes Received:
    0
    Trophy Points:
    26
    Here's the logfile for my second computer. When I log in to hotmail it keeps saying there's something wrong with the websites security certificate.

    Logfile of HijackThis v1.99.1
    Scan saved at 18:53:09, on 10/01/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16414)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
    C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
    C:\WINDOWS\system32\libusbd-nt.exe
    C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe
    C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WUSB54GSv2.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\hkcmd.exe
    C:\WINDOWS\system32\igfxpers.exe
    C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe
    C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Microsoft IntelliType Pro\type32.exe
    C:\Program Files\Microsoft IntelliPoint\point32.exe
    C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\hijackthis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
    O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
    O4 - HKLM\..\Run: [DrvLsnr] C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe
    O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\\NeroCheck.exe
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
    O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O11 - Options group: [INTERNATIONAL] International*
    O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v4.cab
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.5.0) - http://javadl-esd.sun.com/update/1.5.0/jinstall-1_5-windows-i586.cab
    O16 - DPF: {AA07EBD2-EBDD-4BD6-9F8F-114BD513492C} (NeffyLauncherCtl Class) - http://disteng.nefficient.com/disteng/neffy/NeffyLauncher.cab
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
    O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
    O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
    O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\MAGIX\Common\Database\bin\fbserver.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: LibUsb-Win32 - Daemon, Version 0.1.10.1 (libusbd) - http://libusb-win32.sourceforge.net - C:\WINDOWS\system32\libusbd-nt.exe
    O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    O23 - Service: UPnPService - Unknown owner - C:\Program Files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe
    O23 - Service: WUSB54GSv2SVC - Unknown owner - C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe" "WUSB54GSv2.exe (file missing)

     
  8. KotaGuy

    KotaGuy Regular member

    Joined:
    Feb 14, 2007
    Messages:
    485
    Likes Received:
    0
    Trophy Points:
    26
    Gonna ignore the second computer for now and just focus on the first one.

    Print this out for reference during the fix as for part of it you will be in Safe Mode and unable to access this site.

    Run and scan with HijackThis and place checks beside the following:

    R3 - URLSearchHook: &Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
    O2 - BHO: (no name) - {0AA6E4D8-AE3C-4860-4799-07E98DDECD82} - C:\WINDOWS\system32\tiydwic.dll (file missing)
    O2 - BHO: (no name) - {49CD0E17-09F4-9E0A-0E29-03457C0D673E} - C:\WINDOWS\system32\tezxwr.dll
    O2 - BHO: (no name) - {58605A09-1EA9-A981-9637-09D48B962F75} - C:\WINDOWS\system32\xcsradd.dll
    O2 - BHO: (no name) - {6C698B34-C906-6797-3663-014FC41172E2} - C:\WINDOWS\system32\huhylpf.dll (file missing)
    O4 - HKLM\..\Run: [tezxwr.dll] C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\tezxwr.dll,rcsaxz
    O4 - HKLM\..\Run: [Ultimate Cleaner] C:\Program Files\Ultimate Cleaner\App.exe
    O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredit...?p=ZJxdm027YYGB
    O20 - Winlogon Notify: jkhhh - C:\WINDOWS\system32\jkhhh.dll (file missing)


    Close all open browsers/windows and click the Fix button.

    Download ATF (Atribune Temp File) Cleaner© by Atribune to your desktop. Don't run it yet.

    Download AVG Anti-Spyware and install it. Update the programs definition files. Don't scan with it yet.

    Reboot your computer in Safe Mode.

    [*]If the computer is running, shut down Windows, and then turn off the power.
    [*]Wait 30 seconds, and then turn the computer on.
    [*]Start tapping the F8 key. The Windows Advanced Options Menu appears. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, restart the computer and try again.
    [*]Ensure that the Safe Mode option is selected.
    [*]Press Enter. The computer then begins to start in Safe mode.
    [*]Login on your usual account.

    Make sure hidden files/folders are shown...

    [*]Close all programs so that you are at your desktop.
    [*]Double-click on the My Computer icon (or click Start, then select My Computer)
    [*]Select the Tools menu and click Folder Options.
    [*]After the new window appears select the View tab.
    [*]Put a checkmark in the checkbox labeled Display the contents of system folders.
    [*]Under the Hidden files and folders section select the radio button labeled Show hidden files and folders.
    [*]Remove the checkmark from the checkbox labeled Hide file extensions for known file types.
    [*]Remove the checkmark from the checkbox labeled Hide protected operating system files.
    [*]Press the Apply button and then the OK button and shutdown My Computer.

    Search for and delete this Folder:

    C:\Program Files\Ultimate Cleaner

    Search for and delete these Files:

    C:\WINDOWS\system32\tezxwr.dll
    C:\WINDOWS\system32\xcsradd.dll

    Double-click ATF Cleaner.exe to open it.

    Under Main choose:

    Windows Temp
    Current User Temp
    All Users Temp
    Cookies
    Temporary Internet Files
    Prefetch
    Java Cache


    *The other boxes are optional*

    Then click the Empty Selected button.

    For Firefox:

    Click Firefox at the top and choose: Select All
    Click the Empty Selected button.

    NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

    For Opera:

    Click Opera at the top and choose: Select All
    Click the Empty Selected button.

    NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

    Click Exit on the Main menu to close the program.

    Close ALL open Windows / Programs / Folders. Please start AVG Anti-Spyware and run a full scan.

    [*]Click on Scanner on the toolbar.
    [*]Click on the Settings tab.

    [*]Under How to act?

    [*]Click on Recommended Action and choose Quarantine from the popup menu.

    [*]Under How to scan?

    [*]All checkboxes should be ticked.

    [*]Under Possibly unwanted software:

    [*]All checkboxes should be ticked.

    [*]Under Reports:

    [*]Select Automatically generate report after every scan and uncheck Only if threats were found.

    [*]Under What to scan?

    [*]Select Scan every file.

    [*]Click on the Scan tab.
    [*]Click on Complete System Scan to start the scan process.
    [*]Let the program scan the machine.
    [*]When the scan has finished, follow the instructions below.

    IMPORTANT : Don't click on the "Save Scan Report" button before you did hit the "Apply all Actions" button.

    [*]Make sure that Set all elements to: shows Quarantine (1), if not click on the link and choose Quarantine from the popup menu. (2)
    [*]At the bottom of the window click on the Apply all Actions button. (3)

    [​IMG]

    [*]When done, click the Save Scan Report button. (4)

    [*]Click the Save Report as button.
    [*]Save the report to your Desktop.

    [*]Right-click the AVG Anti-Spyware Tray Icon and select Exit. Confirm by clicking Yes.

    Empty your Recycle Bin.

    Reboot Windows normally.

    Please do an online scan with Kaspersky WebScanner

    Click on Kaspersky Online Scanner

    You will be promted to install an ActiveX component from Kaspersky,
    Click Yes.

    [*]The program will launch and then begin downloading the latest definition files:
    [*]Once the files have been downloaded click on NEXT
    [*]Now click on Scan Settings
    [*]In the scan settings make that the following are selected:

    [*]Scan using the following Anti-Virus database:

    Extended (if available otherwise Standard)

    [*]Scan Options:

    Scan Archives Scan Mail Bases

    [*]Click OK
    [*]Now under select a target to scan:

    Select My Computer

    [*]This will program will start and scan your system.
    [*]The scan will take a while so be patient and let it run.
    [*]Once the scan is complete it will display if your system has been infected.
    [*]Now click on the Save as Text button:
    [*]Save the file to your desktop.

    Post the contents of the Kaspersky scan log, the AVG log and a new HijackThis log please.

    Also... do you have eMule installed?
     
  9. roblatacz

    roblatacz Regular member

    Joined:
    Sep 6, 2006
    Messages:
    174
    Likes Received:
    0
    Trophy Points:
    26
    Ive completed everything and here are the results.

    AVG Anti-Spyware results:

    ---------------------------------------------------------
    AVG Anti-Spyware - Scan Report
    ---------------------------------------------------------

    + Created at: 12:13:55 11/04/2007

    + Scan result:



    C:\Program Files\DAEMON Tools\SetupDTSB.exe -> Adware.SaveNow : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{1ECDAF7B-E276-4258-8067-2BBA1926186B}\RP374\A0085054.exe -> Adware.Searchcolor : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{1ECDAF7B-E276-4258-8067-2BBA1926186B}\RP374\A0085056.exe -> Adware.Searchcolor : Cleaned with backup (quarantined).
    C:\VundoFix Backups\hlaancac.exe.bad -> Adware.Searchcolor : Cleaned with backup (quarantined).
    C:\VundoFix Backups\pnnttxde.exe.bad -> Adware.Searchcolor : Cleaned with backup (quarantined).
    C:\WINDOWS\system32\mtfjnjot.exe -> Adware.Searchcolor : Cleaned with backup (quarantined).
    C:\Documents and Settings\Sebastian\My Documents\WarlordsBattlecryIIISetup-dm.exe -> Adware.Trymedia : Cleaned with backup (quarantined).
    C:\Documents and Settings\Natalie\Local Settings\Temp\SAISetup.exe -> Adware.Zango : Cleaned with backup (quarantined).
    :mozilla.122:C:\Documents and Settings\Natalie\Application Data\Mozilla\Firefox\Profiles\hyezarrr.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
    :mozilla.14:C:\Documents and Settings\Natalie\Application Data\Mozilla\Firefox\Profiles\hyezarrr.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
    :mozilla.152:C:\Documents and Settings\Natalie\Application Data\Mozilla\Firefox\Profiles\hyezarrr.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
    :mozilla.15:C:\Documents and Settings\Natalie\Application Data\Mozilla\Firefox\Profiles\hyezarrr.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
    :mozilla.16:C:\Documents and Settings\Natalie\Application Data\Mozilla\Firefox\Profiles\hyezarrr.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
    :mozilla.17:C:\Documents and Settings\Natalie\Application Data\Mozilla\Firefox\Profiles\hyezarrr.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
    :mozilla.18:C:\Documents and Settings\Natalie\Application Data\Mozilla\Firefox\Profiles\hyezarrr.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
    :mozilla.19:C:\Documents and Settings\Natalie\Application Data\Mozilla\Firefox\Profiles\hyezarrr.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
    :mozilla.20:C:\Documents and Settings\Natalie\Application Data\Mozilla\Firefox\Profiles\hyezarrr.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
    :mozilla.325:C:\Documents and Settings\Natalie\Application Data\Mozilla\Firefox\Profiles\hyezarrr.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
    :mozilla.83:C:\Documents and Settings\Natalie\Application Data\Mozilla\Firefox\Profiles\hyezarrr.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
    :mozilla.167:C:\Documents and Settings\Natalie\Application Data\Mozilla\Firefox\Profiles\hyezarrr.default\cookies.txt -> TrackingCookie.Adjuggler : Cleaned.
    :mozilla.47:C:\Documents and Settings\Natalie\Application Data\Mozilla\Firefox\Profiles\hyezarrr.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
    :mozilla.48:C:\Documents and Settings\Natalie\Application Data\Mozilla\Firefox\Profiles\hyezarrr.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
    :mozilla.50:C:\Documents and Settings\Natalie\Application Data\Mozilla\Firefox\Profiles\hyezarrr.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
    :mozilla.51:C:\Documents and Settings\Natalie\Application Data\Mozilla\Firefox\Profiles\hyezarrr.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
    :mozilla.52:C:\Documents and Settings\Natalie\Application Data\Mozilla\Firefox\Profiles\hyezarrr.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
    :mozilla.53:C:\Documents and Settings\Natalie\Application Data\Mozilla\Firefox\Profiles\hyezarrr.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
    :mozilla.55:C:\Documents and Settings\Natalie\Application Data\Mozilla\Firefox\Profiles\hyezarrr.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
    :mozilla.333:C:\Documents and Settings\Natalie\Application Data\Mozilla\Firefox\Profiles\hyezarrr.default\cookies.txt -> TrackingCookie.Adtech : Cleaned.
    :mozilla.334:C:\Documents and Settings\Natalie\Application Data\Mozilla\Firefox\Profiles\hyezarrr.default\cookies.txt -> TrackingCookie.Adtech : Cleaned.
    :mozilla.66:C:\Documents and Settings\Natalie\Application Data\Mozilla\Firefox\Profiles\hyezarrr.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
    :mozilla.67:C:\Documents and Settings\Natalie\Application Data\Mozilla\Firefox\Profiles\hyezarrr.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
    :mozilla.68:C:\Documents and Settings\Natalie\Application Data\Mozilla\Firefox\Profiles\hyezarrr.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
    :mozilla.69:C:\Documents and Settings\Natalie\Application Data\Mozilla\Firefox\Profiles\hyezarrr.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
    :mozilla.70:C:\Documents and Settings\Natalie\Application Data\Mozilla\Firefox\Profiles\hyezarrr.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
    :mozilla.401:C:\Documents and Settings\Natalie\Application Data\Mozilla\Firefox\Profiles\hyezarrr.default\cookies.txt -> TrackingCookie.Adviva : Cleaned.
    :mozilla.49:C:\Documents and Settings\Natalie\Application Data\Mozilla\Firefox\Profiles\hyezarrr.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
    :mozilla.165:C:\Documents and Settings\Natalie\Application Data\Mozilla\Firefox\Profiles\hyezarrr.default\cookies.txt -> TrackingCookie.Billboard : Cleaned.
    :mozilla.21:C:\Documents and Settings\Natalie\Application Data\Mozilla\Firefox\Profiles\hyezarrr.default\cookies.txt -> TrackingCookie.Bluestreak : Cleaned.
    :mozilla.356:C:\Documents and Settings\Natalie\Application Data\Mozilla\Firefox\Profiles\hyezarrr.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
    :mozilla.304:C:\Documents and Settings\Natalie\Application Data\Mozilla\Firefox\Profiles\hyezarrr.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
    :mozilla.363:C:\Documents and Settings\Natalie\Application Data\Mozilla\Firefox\Profiles\hyezarrr.default\cookies.txt -> TrackingCookie.Clickhype : Cleaned.
    :mozilla.274:C:\Documents and Settings\Natalie\Application Data\Mozilla\Firefox\Profiles\hyezarrr.default\cookies.txt -> TrackingCookie.Co : Cleaned.
    :mozilla.273:C:\Documents and Settings\Natalie\Application Data\Mozilla\Firefox\Profiles\hyezarrr.default\cookies.txt -> TrackingCookie.Com : Cleaned.
    :mozilla.383:C:\Documents and Settings\Natalie\Application Data\Mozilla\Firefox\Profiles\hyezarrr.default\cookies.txt -> TrackingCookie.Connextra : Cleaned.
    :mozilla.384:C:\Documents and Settings\Natalie\Application Data\Mozilla\Firefox\Profiles\hyezarrr.default\cookies.txt -> TrackingCookie.Connextra : Cleaned.
    :mozilla.385:C:\Documents and Settings\Natalie\Application Data\Mozilla\Firefox\Profiles\hyezarrr.default\cookies.txt -> TrackingCookie.Connextra : Cleaned.
    :mozilla.10:C:\Documents and Settings\Natalie\Application Data\Mozilla\Firefox\Profiles\hyezarrr.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.
    :mozilla.293:C:\Documents and Settings\Natalie\Application Data\Mozilla\Firefox\Profiles\hyezarrr.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
    :mozilla.300:C:\Documents and Settings\Natalie\Application Data\Mozilla\Firefox\Profiles\hyezarrr.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
    :mozilla.308:C:\Documents and Settings\Natalie\Application Data\Mozilla\Firefox\Profiles\hyezarrr.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
    :mozilla.311:C:\Documents and Settings\Natalie\Application Data\Mozilla\Firefox\Profiles\hyezarrr.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
    :mozilla.314:C:\Documents and Settings\Natalie\Application Data\Mozilla\Firefox\Profiles\hyezarrr.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
    :mozilla.315:C:\Documents and Settings\Natalie\Application Data\Mozilla\Firefox\Profiles\hyezarrr.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
    :mozilla.320:C:\Documents and Settings\Natalie\Application Data\Mozilla\Firefox\Profiles\hyezarrr.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
    :mozilla.327:C:\Documents and Settings\Natalie\Application Data\Mozilla\Firefox\Profiles\hyezarrr.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
    :mozilla.338:C:\Documents and Settings\Natalie\Application Data\Mozilla\Firefox\Profiles\hyezarrr.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
    :mozilla.340:C:\Documents and Settings\Natalie\Application Data\Mozilla\Firefox\Profiles\hyezarrr.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
    :mozilla.348:C:\Documents and Settings\Natalie\Application Data\Mozilla\Firefox\Profiles\hyezarrr.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
    :mozilla.364:C:\Documents and Settings\Natalie\Application Data\Mozilla\Firefox\Profiles\hyezarrr.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
    :mozilla.369:C:\Documents and Settings\Natalie\Application Data\Mozilla\Firefox\Profiles\hyezarrr.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
    :mozilla.370:C:\Documents and Settings\Natalie\Application Data\Mozilla\Firefox\Profiles\hyezarrr.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
    :mozilla.403:C:\Documents and Settings\Natalie\Application Data\Mozilla\Firefox\Profiles\hyezarrr.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
    :mozilla.411:C:\Documents and Settings\Natalie\Application Data\Mozilla\Firefox\Profiles\hyezarrr.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
    :mozilla.351:C:\Documents and Settings\Natalie\Application Data\Mozilla\Firefox\Profiles\hyezarrr.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
    :mozilla.8:C:\Documents and Settings\Natalie\Application Data\Mozilla\Firefox\Profiles\hyezarrr.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
    :mozilla.9:C:\Documents and Settings\Natalie\Application Data\Mozilla\Firefox\Profiles\hyezarrr.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
    :mozilla.307:C:\Documents and Settings\Natalie\Application Data\Mozilla\Firefox\Profiles\hyezarrr.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
    :mozilla.375:C:\Documents and Settings\Natalie\Application Data\Mozilla\Firefox\Profiles\hyezarrr.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
    :mozilla.376:C:\Documents and Settings\Natalie\Application Data\Mozilla\Firefox\Profiles\hyezarrr.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
    :mozilla.377:C:\Documents and Settings\Natalie\Application Data\Mozilla\Firefox\Profiles\hyezarrr.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
    :mozilla.354:C:\Documents and Settings\Natalie\Application Data\Mozilla\Firefox\Profiles\hyezarrr.default\cookies.txt -> TrackingCookie.Imrworldwide : Cleaned.
    :mozilla.355:C:\Documents and Settings\Natalie\Application Data\Mozilla\Firefox\Profiles\hyezarrr.default\cookies.txt -> TrackingCookie.Imrworldwide : Cleaned.
    :mozilla.298:C:\Documents and Settings\Natalie\Application Data\Mozilla\Firefox\Profiles\hyezarrr.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
    :mozilla.166:C:\Documents and Settings\Natalie\Application Data\Mozilla\Firefox\Profiles\hyezarrr.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned.
    :mozilla.116:C:\Documents and Settings\Natalie\Application Data\Mozilla\Firefox\Profiles\hyezarrr.default\cookies.txt -> TrackingCookie.Myaffiliateprogram : Cleaned.
    :mozilla.84:C:\Documents and Settings\Natalie\Application Data\Mozilla\Firefox\Profiles\hyezarrr.default\cookies.txt -> TrackingCookie.Myaffiliateprogram : Cleaned.
    :mozilla.145:C:\Documents and Settings\Natalie\Application Data\Mozilla\Firefox\Profiles\hyezarrr.default\cookies.txt -> TrackingCookie.Netflame : Cleaned.
    :mozilla.260:C:\Documents and Settings\Natalie\Application Data\Mozilla\Firefox\Profiles\hyezarrr.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
    :mozilla.101:C:\Documents and Settings\Natalie\Application Data\Mozilla\Firefox\Profiles\hyezarrr.default\cookies.txt -> TrackingCookie.Paypal : Cleaned.
    :mozilla.316:C:\Documents and Settings\Natalie\Application Data\Mozilla\Firefox\Profiles\hyezarrr.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
    :mozilla.317:C:\Documents and Settings\Natalie\Application Data\Mozilla\Firefox\Profiles\hyezarrr.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
    :mozilla.318:C:\Documents and Settings\Natalie\Application Data\Mozilla\Firefox\Profiles\hyezarrr.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
    :mozilla.319:C:\Documents and Settings\Natalie\Application Data\Mozilla\Firefox\Profiles\hyezarrr.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
    :mozilla.138:C:\Documents and Settings\Natalie\Application Data\Mozilla\Firefox\Profiles\hyezarrr.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
    :mozilla.139:C:\Documents and Settings\Natalie\Application Data\Mozilla\Firefox\Profiles\hyezarrr.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
    :mozilla.153:C:\Documents and Settings\Natalie\Application Data\Mozilla\Firefox\Profiles\hyezarrr.default\cookies.txt -> TrackingCookie.Real : Cleaned.
    :mozilla.193:C:\Documents and Settings\Natalie\Application Data\Mozilla\Firefox\Profiles\hyezarrr.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
    :mozilla.194:C:\Documents and Settings\Natalie\Application Data\Mozilla\Firefox\Profiles\hyezarrr.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
    :mozilla.253:C:\Documents and Settings\Natalie\Application Data\Mozilla\Firefox\Profiles\hyezarrr.default\cookies.txt -> TrackingCookie.Revenue : Cleaned.
    :mozilla.254:C:\Documents and Settings\Natalie\Application Data\Mozilla\Firefox\Profiles\hyezarrr.default\cookies.txt -> TrackingCookie.Revenue : Cleaned.
    :mozilla.255:C:\Documents and Settings\Natalie\Application Data\Mozilla\Firefox\Profiles\hyezarrr.default\cookies.txt -> TrackingCookie.Revenue : Cleaned.
    :mozilla.256:C:\Documents and Settings\Natalie\Application Data\Mozilla\Firefox\Profiles\hyezarrr.default\cookies.txt -> TrackingCookie.Revenue : Cleaned.
    :mozilla.257:C:\Documents and Settings\Natalie\Application Data\Mozilla\Firefox\Profiles\hyezarrr.default\cookies.txt -> TrackingCookie.Revenue : Cleaned.
    :mozilla.258:C:\Documents and Settings\Natalie\Application Data\Mozilla\Firefox\Profiles\hyezarrr.default\cookies.txt -> TrackingCookie.Revenue : Cleaned.
    :mozilla.147:C:\Documents and Settings\Natalie\Application Data\Mozilla\Firefox\Profiles\hyezarrr.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
    :mozilla.148:C:\Documents and Settings\Natalie\Application Data\Mozilla\Firefox\Profiles\hyezarrr.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
    :mozilla.149:C:\Documents and Settings\Natalie\Application Data\Mozilla\Firefox\Profiles\hyezarrr.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
    :mozilla.150:C:\Documents and Settings\Natalie\Application Data\Mozilla\Firefox\Profiles\hyezarrr.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
    :mozilla.73:C:\Documents and Settings\Natalie\Application Data\Mozilla\Firefox\Profiles\hyezarrr.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
    :mozilla.74:C:\Documents and Settings\Natalie\Application Data\Mozilla\Firefox\Profiles\hyezarrr.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
    :mozilla.75:C:\Documents and Settings\Natalie\Application Data\Mozilla\Firefox\Profiles\hyezarrr.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
    :mozilla.76:C:\Documents and Settings\Natalie\Application Data\Mozilla\Firefox\Profiles\hyezarrr.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
    :mozilla.80:C:\Documents and Settings\Natalie\Application Data\Mozilla\Firefox\Profiles\hyezarrr.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
    :mozilla.185:C:\Documents and Settings\Natalie\Application Data\Mozilla\Firefox\Profiles\hyezarrr.default\cookies.txt -> TrackingCookie.Sitestat : Cleaned.
    :mozilla.270:C:\Documents and Settings\Natalie\Application Data\Mozilla\Firefox\Profiles\hyezarrr.default\cookies.txt -> TrackingCookie.Sitestat : Cleaned.
    :mozilla.271:C:\Documents and Settings\Natalie\Application Data\Mozilla\Firefox\Profiles\hyezarrr.default\cookies.txt -> TrackingCookie.Sitestat : Cleaned.
    :mozilla.276:C:\Documents and Settings\Natalie\Application Data\Mozilla\Firefox\Profiles\hyezarrr.default\cookies.txt -> TrackingCookie.Sitestat : Cleaned.
    :mozilla.158:C:\Documents and Settings\Natalie\Application Data\Mozilla\Firefox\Profiles\hyezarrr.default\cookies.txt -> TrackingCookie.Starware : Cleaned.
    :mozilla.349:C:\Documents and Settings\Natalie\Application Data\Mozilla\Firefox\Profiles\hyezarrr.default\cookies.txt -> TrackingCookie.Starware : Cleaned.
    :mozilla.350:C:\Documents and Settings\Natalie\Application Data\Mozilla\Firefox\Profiles\hyezarrr.default\cookies.txt -> TrackingCookie.Starware : Cleaned.
    :mozilla.129:C:\Documents and Settings\Natalie\Application Data\Mozilla\Firefox\Profiles\hyezarrr.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
    :mozilla.64:C:\Documents and Settings\Natalie\Application Data\Mozilla\Firefox\Profiles\hyezarrr.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
    :mozilla.65:C:\Documents and Settings\Natalie\Application Data\Mozilla\Firefox\Profiles\hyezarrr.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
    :mozilla.230:C:\Documents and Settings\Natalie\Application Data\Mozilla\Firefox\Profiles\hyezarrr.default\cookies.txt -> TrackingCookie.Toplist : Cleaned.
    :mozilla.244:C:\Documents and Settings\Natalie\Application Data\Mozilla\Firefox\Profiles\hyezarrr.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned.
    :mozilla.198:C:\Documents and Settings\Natalie\Application Data\Mozilla\Firefox\Profiles\hyezarrr.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
    :mozilla.118:C:\Documents and Settings\Natalie\Application Data\Mozilla\Firefox\Profiles\hyezarrr.default\cookies.txt -> TrackingCookie.Valueclick : Cleaned.
    :mozilla.126:C:\Documents and Settings\Natalie\Application Data\Mozilla\Firefox\Profiles\hyezarrr.default\cookies.txt -> TrackingCookie.Webtrends : Cleaned.
    :mozilla.58:C:\Documents and Settings\Natalie\Application Data\Mozilla\Firefox\Profiles\hyezarrr.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
    :mozilla.59:C:\Documents and Settings\Natalie\Application Data\Mozilla\Firefox\Profiles\hyezarrr.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
    :mozilla.60:C:\Documents and Settings\Natalie\Application Data\Mozilla\Firefox\Profiles\hyezarrr.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
    :mozilla.61:C:\Documents and Settings\Natalie\Application Data\Mozilla\Firefox\Profiles\hyezarrr.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
    :mozilla.62:C:\Documents and Settings\Natalie\Application Data\Mozilla\Firefox\Profiles\hyezarrr.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
    :mozilla.63:C:\Documents and Settings\Natalie\Application Data\Mozilla\Firefox\Profiles\hyezarrr.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
    C:\Documents and Settings\Sebastian\Local Settings\Temp\Cookies\sebastian@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Cleaned.
    C:\Documents and Settings\Sebastian\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\Dummy.class-4253870d-127d2e5b.class -> Trojan.ClassLoader.Dummy.d : Cleaned with backup (quarantined).
    C:\WINDOWS\system32\drivers\etc\hosts -> Trojan.Qhosts : Cleaned with backup (quarantined).
    C:\WINDOWS\system32\drivers\etc\hosts.msn -> Trojan.Qhosts : Cleaned with backup (quarantined).


    ::Report end


    Here's the Kaspersky online results:

    -------------------------------------------------------------------------------
    KASPERSKY ONLINE SCANNER REPORT
    Wednesday, April 11, 2007 2:05:01 PM
    Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
    Kaspersky Online Scanner version: 5.0.83.0
    Kaspersky Anti-Virus database last update: 11/04/2007
    Kaspersky Anti-Virus database records: 295460
    -------------------------------------------------------------------------------

    Scan Settings:
    Scan using the following antivirus database: extended
    Scan Archives: true
    Scan Mail Bases: true

    Scan Target - My Computer:
    A:\
    C:\
    D:\
    E:\
    F:\
    G:\
    H:\
    I:\
    J:\
    K:\

    Scan Statistics:
    Total number of scanned objects: 111653
    Number of viruses found: 6
    Number of infected objects: 14 / 0
    Number of suspicious objects: 0
    Duration of the scan process: 01:35:12

    Infected Object Name / Virus Name / Last Action
    C:\44aa202ea34f1d39c93683118d\msxml4-KB927978-enu.log Object is locked skipped
    C:\8354787cb763758d235eb2d1\update\update.exe Object is locked skipped
    C:\8354787cb763758d235eb2d1\update\wpdinstallutil.dll Object is locked skipped
    C:\904aa128def7548845\msxml6-KB927977-enu-x86.log Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\avg7\Log\emc.log Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log.lck Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\aa7aa13a3aefa360da138b71676f224e_2c2dd6fb-3b56-4a85-920e-dcae7d8c47a9 Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Microsoft\Dr Watson\user.dmp Object is locked skipped
    C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
    C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
    C:\Documents and Settings\LocalService\Local Settings\Temp\Cookies\index.dat Object is locked skipped
    C:\Documents and Settings\LocalService\Local Settings\Temp\History\History.IE5\index.dat Object is locked skipped
    C:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
    C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
    C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
    C:\Documents and Settings\Natalie\Local Settings\Temp\tinst26.exe Infected: not-a-virus:FraudTool.Win32.SecurityCenter.a skipped
    C:\Documents and Settings\NetworkService\Cookies\index.dat Object is locked skipped
    C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
    C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
    C:\Documents and Settings\NetworkService\Local Settings\History\History.IE5\index.dat Object is locked skipped
    C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
    C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
    C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
    C:\Documents and Settings\Robert\Cookies\index.dat Object is locked skipped
    C:\Documents and Settings\Robert\Local Settings\Application Data\ApplicationHistory\cli.exe.c88dbd71.ini.inuse Object is locked skipped
    C:\Documents and Settings\Robert\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
    C:\Documents and Settings\Robert\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
    C:\Documents and Settings\Robert\Local Settings\History\History.IE5\index.dat Object is locked skipped
    C:\Documents and Settings\Robert\Local Settings\Temp\Perflib_Perfdata_19c.dat Object is locked skipped
    C:\Documents and Settings\Robert\Local Settings\Temp\Perflib_Perfdata_fa8.dat Object is locked skipped
    C:\Documents and Settings\Robert\Local Settings\Temp\Perflib_Perfdata_fb4.dat Object is locked skipped
    C:\Documents and Settings\Robert\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
    C:\Documents and Settings\Robert\NTUSER.DAT Object is locked skipped
    C:\Documents and Settings\Robert\ntuser.dat.LOG Object is locked skipped
    C:\Documents and Settings\Sebastian\Local Settings\Temp\tinst3.exe Infected: not-a-virus:FraudTool.Win32.SecurityCenter.a skipped
    C:\e41540989b594e03d1b45c6f62\update\update.exe Object is locked skipped
    C:\e41540989b594e03d1b45c6f62\update\updspapi.dll Object is locked skipped
    C:\Program Files\Hijackthis\backups\backup-20070411-100459-174.dll Infected: Trojan.Win32.Obfuscated.ev skipped
    C:\Program Files\Hijackthis\backups\backup-20070411-100459-977.dll Infected: Trojan.Win32.Obfuscated.ev skipped
    C:\Program Files\TightVNC\VNCHooks.dll Infected: not-a-virus:RemoteAdmin.Win32.WinVNC-based.b skipped
    C:\Program Files\TightVNC\WinVNC.exe Infected: not-a-virus:RemoteAdmin.Win32.WinVNC-based.h skipped
    C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
    C:\System Volume Information\_restore{1ECDAF7B-E276-4258-8067-2BBA1926186B}\RP374\A0085055.dll Infected: Trojan.Win32.Obfuscated.ev skipped
    C:\System Volume Information\_restore{1ECDAF7B-E276-4258-8067-2BBA1926186B}\RP374\A0085057.dll Infected: Trojan.Win32.Obfuscated.ev skipped
    C:\System Volume Information\_restore{1ECDAF7B-E276-4258-8067-2BBA1926186B}\RP375\A0085116.dll Infected: Trojan.Win32.Obfuscated.ev skipped
    C:\System Volume Information\_restore{1ECDAF7B-E276-4258-8067-2BBA1926186B}\RP376\A0085126.exe Infected: not-a-virus:AdTool.Win32.WhenU.a skipped
    C:\System Volume Information\_restore{1ECDAF7B-E276-4258-8067-2BBA1926186B}\RP376\A0085127.exe Infected: not-a-virus:AdWare.Win32.Searchcolor.a skipped
    C:\System Volume Information\_restore{1ECDAF7B-E276-4258-8067-2BBA1926186B}\RP376\A0085130.dll Infected: Trojan.Win32.Obfuscated.ev skipped
    C:\System Volume Information\_restore{1ECDAF7B-E276-4258-8067-2BBA1926186B}\RP376\change.log Object is locked skipped
    C:\VundoFix Backups\huhylpf.dll.bad Infected: Trojan.Win32.Obfuscated.ev skipped
    C:\VundoFix Backups\tiydwic.dll.bad Infected: Trojan.Win32.Obfuscated.ev skipped
    C:\WINDOWS\$NtUninstallKB835732$\callcont.dll Object is locked skipped
    C:\WINDOWS\$NtUninstallKB835732$\h323.tsp Object is locked skipped
    C:\WINDOWS\$NtUninstallKB835732$\h323msp.dll Object is locked skipped
    C:\WINDOWS\$NtUninstallKB835732$\helpctr.exe Object is locked skipped
    C:\WINDOWS\$NtUninstallKB835732$\ipnathlp.dll Object is locked skipped
    C:\WINDOWS\$NtUninstallKB835732$\lsasrv.dll Object is locked skipped
    C:\WINDOWS\$NtUninstallKB835732$\mf3216.dll Object is locked skipped
    C:\WINDOWS\$NtUninstallKB835732$\msasn1.dll Object is locked skipped
    C:\WINDOWS\$NtUninstallKB835732$\msgina.dll Object is locked skipped
    C:\WINDOWS\$NtUninstallKB835732$\mst120.dll Object is locked skipped
    C:\WINDOWS\$NtUninstallKB835732$\netapi32.dll Object is locked skipped
    C:\WINDOWS\$NtUninstallKB835732$\nmcom.dll Object is locked skipped
    C:\WINDOWS\$NtUninstallKB835732$\rtcdll.dll Object is locked skipped
    C:\WINDOWS\$NtUninstallKB835732$\schannel.dll Object is locked skipped
    C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
    C:\WINDOWS\SchedLgU.Txt Object is locked skipped
    C:\WINDOWS\SoftwareDistribution\EventCache\{ACEADBB2-BDFE-49EF-B90B-67224D4B6847}.bin Object is locked skipped
    C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
    C:\WINDOWS\Sti_Trace.log Object is locked skipped
    C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
    C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
    C:\WINDOWS\system32\config\ACEEvent.evt Object is locked skipped
    C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
    C:\WINDOWS\system32\config\default Object is locked skipped
    C:\WINDOWS\system32\config\default.LOG Object is locked skipped
    C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
    C:\WINDOWS\system32\config\SAM Object is locked skipped
    C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
    C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
    C:\WINDOWS\system32\config\SECURITY Object is locked skipped
    C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
    C:\WINDOWS\system32\config\software Object is locked skipped
    C:\WINDOWS\system32\config\software.LOG Object is locked skipped
    C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
    C:\WINDOWS\system32\config\system Object is locked skipped
    C:\WINDOWS\system32\config\system.LOG Object is locked skipped
    C:\WINDOWS\system32\drivers\sptd.sys Object is locked skipped
    C:\WINDOWS\system32\h323log.txt Object is locked skipped
    C:\WINDOWS\system32\LogFiles\WUDF\WUDFTrace.etl Object is locked skipped
    C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
    C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
    C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
    C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
    C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
    C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
    C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
    C:\WINDOWS\wiadebug.log Object is locked skipped
    C:\WINDOWS\wiaservc.log Object is locked skipped
    C:\WINDOWS\WindowsUpdate.log Object is locked skipped

    Scan process completed.

    And here is a New Hijackthis logfile:

    Logfile of HijackThis v1.99.1
    Scan saved at 14:13:44, on 11/04/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    C:\WINDOWS\System32\NILaunch.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
    C:\WINDOWS\system32\ezSP_Px.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\Program Files\MessengerPlus! 3\MsgPlus.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    C:\Program Files\Microsoft IntelliType Pro\type32.exe
    C:\Program Files\Microsoft IntelliPoint\point32.exe
    C:\WINDOWS\system32\bgsvcgen.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
    C:\WINDOWS\system32\libusbd-nt.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Hijackthis\HijackThis_v1.99.1.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {6C698B34-C906-6797-3663-014FC41172E2} - C:\WINDOWS\system32\huhylpf.dll (file missing)
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: (no name) - {9AC5A846-1ECC-480A-8868-039A1C98CE20} - C:\WINDOWS\system32\jkhhh.dll (file missing)
    O4 - HKLM\..\Run: [Net-It Launcher] C:\WINDOWS\System32\NILaunch.exe
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\system32\ezSP_Px.exe
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
    O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
    O4 - HKLM\..\Run: [ctfmon] C:\WINDOWS\system32\dlg\ctfmon.exe
    O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
    O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime Alternative\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
    O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
    O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204
    O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by126fd.bay126.hotmail.msn.com/resources/MsnPUpld.cab
    O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v4.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1161120896609
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
    O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab
    O16 - DPF: {BE833F39-1E0C-468C-BA70-25AAEE55775E} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab.cab
    O16 - DPF: {C02226EB-A5D7-4B1F-BD7E-635E46C2288D} (Toontown Installer ActiveX Control) - https://ukplay.toontown.com/download/sv1.0.24.18/ttinst.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{7E1C9723-BDF6-4AD8-A923-BFE2317A4E6E}: NameServer = 194.168.4.100,194.168.8.100
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O20 - AppInit_DLLs: MsgPlusLoader.dll
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\WINDOWS\system32\bgsvcgen.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
    O23 - Service: LibUsb-Win32 - Daemon, Version 0.1.10.1 (libusbd) - http://libusb-win32.sourceforge.net - C:\WINDOWS\system32\libusbd-nt.exe
    O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
    O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
    O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe
    O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
    O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe

    Thanks for all the help.

    P.S. In the AVG Anti-Spyware scan it showed that my pc is infected with two high risk trojans:

    -Trojan.ClassLoader.Dummy.D
    -Trojan.Qhosts

    What effects do they have?
     
  10. KotaGuy

    KotaGuy Regular member

    Joined:
    Feb 14, 2007
    Messages:
    485
    Likes Received:
    0
    Trophy Points:
    26
    Run and scan with HijackThis and place checks besdie the following:

    O2 - BHO: (no name) - {6C698B34-C906-6797-3663-014FC41172E2} - C:\WINDOWS\system32\huhylpf.dll (file missing)
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: (no name) - {9AC5A846-1ECC-480A-8868-039A1C98CE20} - C:\WINDOWS\system32\jkhhh.dll (file missing)


    Close all open browsers/windows and click the Fix button.

    Search for and delete these Files:

    C:\Documents and Settings\Natalie\Local Settings\Temp\tinst26.exe
    C:\Documents and Settings\Sebastian\Local Settings\Temp\tinst3.exe

    Reboot and post a new HijackThis log.

    None as it is... AVG cleaned them.
     
  11. roblatacz

    roblatacz Regular member

    Joined:
    Sep 6, 2006
    Messages:
    174
    Likes Received:
    0
    Trophy Points:
    26
    OK, all done, here's the new Hijackthis logfile:

    Logfile of HijackThis v1.99.1
    Scan saved at 16:29:24, on 11/04/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    C:\WINDOWS\system32\bgsvcgen.exe
    C:\WINDOWS\system32\libusbd-nt.exe
    C:\WINDOWS\System32\NILaunch.exe
    C:\WINDOWS\System32\svchost.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
    C:\WINDOWS\system32\ezSP_Px.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\Program Files\MessengerPlus! 3\MsgPlus.exe
    C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
    C:\Program Files\Microsoft IntelliType Pro\type32.exe
    C:\Program Files\Microsoft IntelliPoint\point32.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
    C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Hijackthis\HijackThis_v1.99.1.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O4 - HKLM\..\Run: [Net-It Launcher] C:\WINDOWS\System32\NILaunch.exe
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\system32\ezSP_Px.exe
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
    O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
    O4 - HKLM\..\Run: [ctfmon] C:\WINDOWS\system32\dlg\ctfmon.exe
    O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
    O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime Alternative\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
    O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
    O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204
    O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by126fd.bay126.hotmail.msn.com/resources/MsnPUpld.cab
    O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v4.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1161120896609
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
    O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab
    O16 - DPF: {BE833F39-1E0C-468C-BA70-25AAEE55775E} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab.cab
    O16 - DPF: {C02226EB-A5D7-4B1F-BD7E-635E46C2288D} (Toontown Installer ActiveX Control) - https://ukplay.toontown.com/download/sv1.0.24.18/ttinst.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{7E1C9723-BDF6-4AD8-A923-BFE2317A4E6E}: NameServer = 194.168.4.100,194.168.8.100
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O20 - AppInit_DLLs: MsgPlusLoader.dll
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\WINDOWS\system32\bgsvcgen.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
    O23 - Service: LibUsb-Win32 - Daemon, Version 0.1.10.1 (libusbd) - http://libusb-win32.sourceforge.net - C:\WINDOWS\system32\libusbd-nt.exe
    O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
    O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
    O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe
    O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
    O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe

     
  12. KotaGuy

    KotaGuy Regular member

    Joined:
    Feb 14, 2007
    Messages:
    485
    Likes Received:
    0
    Trophy Points:
    26
    Looks good... though there is one entry I need to know about...

    O4 - HKLM\..\Run: [ctfmon] C:\WINDOWS\system32\dlg\ctfmon.exe

    Do you have eMule installed?
     
  13. roblatacz

    roblatacz Regular member

    Joined:
    Sep 6, 2006
    Messages:
    174
    Likes Received:
    0
    Trophy Points:
    26
    No, i dont have emule installed, I don't even know what it is.

    Do I have to delete that file?
     
    Last edited: Apr 12, 2007
  14. roblatacz

    roblatacz Regular member

    Joined:
    Sep 6, 2006
    Messages:
    174
    Likes Received:
    0
    Trophy Points:
    26
    I have looked under task manager and under the 'processes' tab and ctfmon.exe is running. Should i delete this or do I need it?
     
  15. KotaGuy

    KotaGuy Regular member

    Joined:
    Feb 14, 2007
    Messages:
    485
    Likes Received:
    0
    Trophy Points:
    26
    No... you have two of those files running... one is installed with Ofiice. The other, the one I asked about, is typically installed with eMule.

    Do you have any other Peer2Peer programs installed?

    If not... can I get you to go here and upload the file.

    Please post back what the results of the scan is.
     
    Last edited: Apr 12, 2007
  16. roblatacz

    roblatacz Regular member

    Joined:
    Sep 6, 2006
    Messages:
    174
    Likes Received:
    0
    Trophy Points:
    26
    I have utorrent installed which is a peer2peer filesharing application
     
    Last edited: Apr 12, 2007
  17. KotaGuy

    KotaGuy Regular member

    Joined:
    Feb 14, 2007
    Messages:
    485
    Likes Received:
    0
    Trophy Points:
    26
    OK... can I get you to upload the file to the link I supplied previously and report back the results of the scan please.
     
  18. roblatacz

    roblatacz Regular member

    Joined:
    Sep 6, 2006
    Messages:
    174
    Likes Received:
    0
    Trophy Points:
    26
    I searched for the file using the windows xp search function and it found two 'ctfmon.exe' files. One is in Windows/system32 and the other in windows/servicepackfiles/i386. They are both 15kb in size.

    I've sent both the files to virustotal by email and will post the results when they come.
     
  19. roblatacz

    roblatacz Regular member

    Joined:
    Sep 6, 2006
    Messages:
    174
    Likes Received:
    0
    Trophy Points:
    26
    Here are the results:

    Windows/system32/ctfmon.exe

    Complete scanning result of "ctfmon.exe", processed in VirusTotal at 04/12/2007
    16:53:50 (CET).

    [ file data ]
    * name: ctfmon.exe
    * size: 15360
    * md5.: 24232996a38c0b0cf151c2140ae29fc8
    * sha1: b36d03b56a30187ffc6257459d632a4faac48af2

    [ scan result ]
    AhnLab-V3 2007.4.12.0/20070412 found nothing
    AntiVir 7.3.1.50/20070412 found nothing
    Authentium 4.93.8/20070412 found nothing
    Avast 4.7.936.0/20070411 found nothing
    AVG 7.5.0.447/20070412 found nothing
    BitDefender 7.2/20070412 found nothing
    CAT-QuickHeal 9.00/20070411 found nothing
    ClamAV devel-20070312/20070412 found nothing
    DrWeb 4.33/20070412 found nothing
    eSafe 7.0.15.0/20070412 found nothing
    eTrust-Vet 30.7.3562/20070412 found nothing
    Ewido 4.0/20070412 found nothing
    F-Prot 4.3.1.45/20070412 found nothing
    F-Secure 6.70.13030.0/20070412 found nothing
    FileAdvisor 1/20070412 found [No threat detected]
    Fortinet 2.85.0.0/20070412 found nothing
    Ikarus T3.1.1.5/20070412 found nothing
    Kaspersky 4.0.2.24/20070412 found nothing
    McAfee 5006/20070411 found nothing
    Microsoft 1.2405/20070411 found nothing
    NOD32v2 2184/20070412 found nothing
    Norman 5.80.02/20070412 found nothing
    Panda 9.0.0.4/20070412 found nothing
    Prevx1 V2/20070412 found nothing
    Sophos 4.16.0/20070412 found nothing
    Sunbelt 2.2.907.0/20070407 found nothing
    Symantec 10/20070412 found nothing
    TheHacker 6.1.6.088/20070409 found nothing
    VBA32 3.11.3/20070412 found nothing
    VirusBuster 4.3.7:9/20070412 found nothing
    Webwasher-Gateway 6.0.1/20070412 found nothing

    [ notes ]
    Bit9 info:
    http://fileadvisor.bit9.com/services/extinfo.aspx?md5=24232996a38c0b0cf151c2140ae29fc8

    Here's the second one located at windows/servicepackfiles/i386

    Complete scanning result of "ctfmon.exe", processed in VirusTotal at 04/12/2007
    16:53:50 (CET).

    [ file data ]
    * name: ctfmon.exe
    * size: 15360
    * md5.: 24232996a38c0b0cf151c2140ae29fc8
    * sha1: b36d03b56a30187ffc6257459d632a4faac48af2

    [ scan result ]
    AhnLab-V3 2007.4.12.0/20070412 found nothing
    AntiVir 7.3.1.50/20070412 found nothing
    Authentium 4.93.8/20070412 found nothing
    Avast 4.7.936.0/20070411 found nothing
    AVG 7.5.0.447/20070412 found nothing
    BitDefender 7.2/20070412 found nothing
    CAT-QuickHeal 9.00/20070411 found nothing
    ClamAV devel-20070312/20070412 found nothing
    DrWeb 4.33/20070412 found nothing
    eSafe 7.0.15.0/20070412 found nothing
    eTrust-Vet 30.7.3562/20070412 found nothing
    Ewido 4.0/20070412 found nothing
    F-Prot 4.3.1.45/20070412 found nothing
    F-Secure 6.70.13030.0/20070412 found nothing
    FileAdvisor 1/20070412 found [No threat detected]
    Fortinet 2.85.0.0/20070412 found nothing
    Ikarus T3.1.1.5/20070412 found nothing
    Kaspersky 4.0.2.24/20070412 found nothing
    McAfee 5006/20070411 found nothing
    Microsoft 1.2405/20070411 found nothing
    NOD32v2 2184/20070412 found nothing
    Norman 5.80.02/20070412 found nothing
    Panda 9.0.0.4/20070412 found nothing
    Prevx1 V2/20070412 found nothing
    Sophos 4.16.0/20070412 found nothing
    Sunbelt 2.2.907.0/20070407 found nothing
    Symantec 10/20070412 found nothing
    TheHacker 6.1.6.088/20070409 found nothing
    VBA32 3.11.3/20070412 found nothing
    VirusBuster 4.3.7:9/20070412 found nothing
    Webwasher-Gateway 6.0.1/20070412 found nothing

    [ notes ]
    Bit9 info:
    http://fileadvisor.bit9.com/services/extinfo.aspx?md5=24232996a38c0b0cf151c2140ae29fc8

     
  20. KotaGuy

    KotaGuy Regular member

    Joined:
    Feb 14, 2007
    Messages:
    485
    Likes Received:
    0
    Trophy Points:
    26
    Ok... rund and scan with HijackThis and place a check beside the following:

    O4 - HKLM\..\Run: [ctfmon] C:\WINDOWS\system32\dlg\ctfmon.exe

    Close all open browsers/windows and click the Fix button.

    Reboot and post a new HijackThis log please.
     

Share This Page