1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Blackworm/WinAntiVirusPro/SysProtect

Discussion in 'Windows - Virus and spyware problems' started by dissent23, Apr 5, 2006.

Page 4 of 7
  1. debleaux

    debleaux Member

    Joined:
    Jul 6, 2006
    Messages:
    15
    Likes Received:
    0
    Trophy Points:
    11
    ok, i have followed all of the directions. most went well, some did not. i am unable to access my Add/Remove Programs. when i double click it in the control panel i receive a notice that reads

    An exception occured while trying to run "C:\WINDOWS\system32\shell32.dll, Control_RunDLL "C:\WINDOWS system32\appwiz.cpl", Add or Remove Programs

    also, when i go through hijackthis and try to fix O20 - Winlogon Notify: cbxxx.... i am contiuously unsuccessful. I fix it and it is still present each time I rerun hijckthis again

    in any case. you were a HUGE help (apparently i had a trojan also!) thank you so much. here are my logs. extremely lengthy (sorry!?) let me know if there is more i can/should do

    Logfile of HijackThis v1.99.1
    Scan saved at 3:41:56 AM, on 7/8/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\Program Files\ewido anti-spyware 4.0\guard.exe
    C:\WINDOWS\System32\HPConfig.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\wanmpsvc.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\WINDOWS\system32\carpserv.exe
    C:\WINDOWS\system32\S3tray2.exe
    C:\Program Files\Hewlett-Packard\HP Display Settings\hpdisply.exe
    C:\PROGRA~1\HPONE-~1\OneTouch.EXE
    C:\windows\system\hpsysdrv.exe
    C:\WINDOWS\system32\dla\tfswctrl.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\program files\microangelo\muamgr.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
    C:\WINDOWS\system32\ntvdm.exe
    C:\Program Files\Belkin\Bluetooth Software\BTStackServer.exe
    C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    C:\HJT\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us4nb.hpwis.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.hp.com/info/e-center-p
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = sas.se1.attbb.net:8000
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O2 - BHO: MSEvents Object - {827DC836-DD9F-4A68-A602-5812EB50A834} - C:\WINDOWS\system32\cbxxx.dll
    O4 - HKLM\..\Run: [CARPService] carpserv.exe
    O4 - HKLM\..\Run: [S3TRAY2] S3tray2.exe
    O4 - HKLM\..\Run: [HP Display Settings] C:\Program Files\Hewlett-Packard\HP Display Settings\hpdisply.exe /s
    O4 - HKLM\..\Run: [QT4HPOT] C:\PROGRA~1\HPONE-~1\OneTouch.EXE
    O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
    O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
    O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
    O4 - HKLM\..\Run: [MOD] c:\program files\microangelo\muamgr.exe
    O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
    O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_5 -reboot 1
    O4 - Startup: Event Reminder.lnk = C:\pmw\PMREMIND.EXE
    O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: America Online 7.0 Tray Icon.lnk = C:\Program Files\America Online 7.0\aoltray.exe
    O4 - Global Startup: BTTray.lnk = ?
    O4 - Global Startup: hp psc 1000 series.lnk = ?
    O4 - Global Startup: hpoddt01.exe.lnk = ?
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
    O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O12 - Plugin for .ipp: C:\Program Files\Internet Explorer\Plugins\npimth32.dll
    O12 - Plugin for .ipt: C:\Program Files\Internet Explorer\Plugins\npimth32.dll
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O14 - IERESET.INF: START_PAGE_URL=http://www.hp.com/info/e-center-p
    O20 - Winlogon Notify: cbxxx - C:\WINDOWS\system32\cbxxx.dll
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
    O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
    O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
    O23 - Service: HP Configuration Service (HPConfig) - Hewlett-Packard - C:\WINDOWS\System32\HPConfig.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

    ---------------------------------------------------------
    ewido anti-spyware - Scan Report
    ---------------------------------------------------------

    + Created at: 3:16:33 AM 7/8/2006

    + Scan result:



    C:\Program Files\AWS\WeatherBug\MiniBugTransporter.dll -> Adware.Aws : Cleaned with backup (quarantined).
    C:\HJT\backups\backup-20060707-002531-324.dll -> Adware.BHO : Cleaned with backup (quarantined).
    C:\HJT\backups\backup-20060707-002837-131.dll -> Adware.BHO : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{0E4BB6DE-EB56-4CFF-8ACD-23F3666BAD33}\RP811\A0205058.dll -> Adware.BHO : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{0E4BB6DE-EB56-4CFF-8ACD-23F3666BAD33}\RP810\A0204966.dll -> Adware.Ezula : Cleaned with backup (quarantined).
    C:\WINDOWS\system32\msvc.exe -> Adware.SaveNow : Cleaned with backup (quarantined).
    C:\HJT\backups\backup-20060707-002540-102.dll -> Adware.Trafgen : Cleaned with backup (quarantined).
    C:\HJT\backups\backup-20060707-002839-891.dll -> Adware.Trafgen : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{0E4BB6DE-EB56-4CFF-8ACD-23F3666BAD33}\RP811\A0205059.dll -> Adware.Trafgen : Cleaned with backup (quarantined).
    HKLM\SOFTWARE\Classes\CLSID\{827DC836-DD9F-4A68-A602-5812EB50A834} -> Adware.Virtumonde : Cleaned with backup (quarantined).
    HKLM\SOFTWARE\Classes\MSEvents.MSEvents -> Adware.VirtuMonde : Cleaned with backup (quarantined).
    HKLM\SOFTWARE\Classes\MSEvents.MSEvents.1 -> Adware.VirtuMonde : Cleaned with backup (quarantined).
    HKLM\SOFTWARE\Classes\MSEvents.MSEvents\CLSID -> Adware.VirtuMonde : Cleaned with backup (quarantined).
    HKLM\SOFTWARE\Classes\MSEvents.MSEvents\CurVer -> Adware.VirtuMonde : Cleaned with backup (quarantined).
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{827DC836-DD9F-4A68-A602-5812EB50A834} -> Adware.Virtumonde : Cleaned with backup (quarantined).
    HKU\S-1-5-21-3042452539-3179742922-2167395947-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{827DC836-DD9F-4A68-A602-5812EB50A834} -> Adware.Virtumonde : Cleaned with backup (quarantined).
    C:\WINDOWS\system32\efecc.dll -> Downloader.ConHook.i : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{0E4BB6DE-EB56-4CFF-8ACD-23F3666BAD33}\RP811\A0206046.exe -> Downloader.Small.bhf : Cleaned with backup (quarantined).
    C:\HJT\backups\backup-20060707-002747-522.dll -> Not-A-Virus.Downloader.Win32.PopCap.b : Cleaned with backup (quarantined).
    C:\HJT\backups\backup-20060707-002905-199.dll -> Not-A-Virus.Downloader.Win32.PopCap.b : Cleaned with backup (quarantined).
    :mozilla.495:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\8q8gsb4f.default\cookies.txt -> TrackingCookie.247realmedia : Cleaned with backup (quarantined).
    :mozilla.218:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\8q8gsb4f.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
    :mozilla.219:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\8q8gsb4f.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
    :mozilla.220:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\8q8gsb4f.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
    :mozilla.221:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\8q8gsb4f.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
    :mozilla.222:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\8q8gsb4f.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
    :mozilla.223:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\8q8gsb4f.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
    :mozilla.224:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\8q8gsb4f.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
    :mozilla.225:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\8q8gsb4f.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
    :mozilla.226:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\8q8gsb4f.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
    :mozilla.227:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\8q8gsb4f.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
    :mozilla.228:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\8q8gsb4f.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
    :mozilla.229:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\8q8gsb4f.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
    :mozilla.230:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\8q8gsb4f.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
    :mozilla.231:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\8q8gsb4f.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
    :mozilla.232:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\8q8gsb4f.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
    :mozilla.233:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\8q8gsb4f.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
    :mozilla.234:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\8q8gsb4f.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
    :mozilla.235:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\8q8gsb4f.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
    :mozilla.236:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\8q8gsb4f.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
    :mozilla.237:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\8q8gsb4f.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
    :mozilla.238:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\8q8gsb4f.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
    :mozilla.239:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\8q8gsb4f.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
    :mozilla.240:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\8q8gsb4f.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
    :mozilla.241:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\8q8gsb4f.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
    :mozilla.242:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\8q8gsb4f.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
    :mozilla.243:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\8q8gsb4f.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
    :mozilla.244:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\8q8gsb4f.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
    :mozilla.245:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\8q8gsb4f.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
    :mozilla.246:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\8q8gsb4f.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
    :mozilla.247:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\8q8gsb4f.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
    :mozilla.248:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\8q8gsb4f.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
    :mozilla.249:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\8q8gsb4f.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
    :mozilla.250:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\8q8gsb4f.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
    :mozilla.251:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\8q8gsb4f.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
    :mozilla.252:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\8q8gsb4f.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
    :mozilla.253:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\8q8gsb4f.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
    :mozilla.254:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\8q8gsb4f.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
    :mozilla.255:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\8q8gsb4f.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
    :mozilla.257:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\8q8gsb4f.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
    :mozilla.258:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\8q8gsb4f.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
    :mozilla.259:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\8q8gsb4f.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
    :mozilla.263:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\8q8gsb4f.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
    :mozilla.264:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\8q8gsb4f.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
    :mozilla.265:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\8q8gsb4f.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
    :mozilla.266:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\8q8gsb4f.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
    :mozilla.267:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\8q8gsb4f.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
    :mozilla.268:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\8q8gsb4f.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
    :mozilla.269:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\8q8gsb4f.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
    :mozilla.270:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\8q8gsb4f.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
    :mozilla.494:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\8q8gsb4f.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
    :mozilla.633:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\8q8gsb4f.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
    :mozilla.830:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\8q8gsb4f.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
    :mozilla.695:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\8q8gsb4f.default\cookies.txt -> TrackingCookie.Aavalue : Cleaned with backup (quarantined).
    :mozilla.696:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\8q8gsb4f.default\cookies.txt -> TrackingCookie.Aavalue : Cleaned with backup (quarantined).
    :mozilla.697:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\8q8gsb4f.default\cookies.txt -> TrackingCookie.Aavalue : Cleaned with backup (quarantined).
    :mozilla.496:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\8q8gsb4f.default\cookies.txt -> TrackingCookie.Addynamix : Cleaned with backup (quarantined).
    :mozilla.648:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\8q8gsb4f.default\cookies.txt -> TrackingCookie.Adjuggler : Cleaned with backup (quarantined).
    :mozilla.649:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\8q8gsb4f.default\cookies.txt -> TrackingCookie.Adjuggler : Cleaned with backup (quarantined).
    :mozilla.526:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\8q8gsb4f.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup (quarantined).
    :mozilla.527:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\8q8gsb4f.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup (quarantined).
    :mozilla.528:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\8q8gsb4f.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup (quarantined).
    :mozilla.529:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\8q8gsb4f.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup (quarantined).
    :mozilla.530:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\8q8gsb4f.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup (quarantined).
    :mozilla.531:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\8q8gsb4f.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup (quarantined).
    :mozilla.532:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\8q8gsb4f.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup (quarantined).
    :mozilla.533:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\8q8gsb4f.default\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup (quarantined).
    :mozilla.534:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\8q8gsb4f.default\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup (quarantined).
    :mozilla.535:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\8q8gsb4f.default\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup (quarantined).
    :mozilla.536:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\8q8gsb4f.default\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup (quarantined).
    :mozilla.537:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\8q8gsb4f.default\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup (quarantined).
    :mozilla.538:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\8q8gsb4f.default\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup (quarantined).
    :mozilla.539:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\8q8gsb4f.default\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup (quarantined).
    :mozilla.10:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\8q8gsb4f.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
    :mozilla.11:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\8q8gsb4f.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
    :mozilla.12:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\8q8gsb4f.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
    :mozilla.6:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\8q8gsb4f.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
    :mozilla.7:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\8q8gsb4f.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
    :mozilla.8:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\8q8gsb4f.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
    :mozilla.9:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\8q8gsb4f.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
    :mozilla.632:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\8q8gsb4f.default\cookies.txt -> TrackingCookie.Adviva : Cleaned with backup (quarantined).
    :mozilla.155:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\8q8gsb4f.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned with backup (quarantined).
    :mozilla.156:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\8q8gsb4f.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned with backup (quarantined).
    :mozilla.157:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\8q8gsb4f.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned with backup (quarantined).
    :mozilla.158:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\8q8gsb4f.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned with backup (quarantined).
    :mozilla.159:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\8q8gsb4f.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned with backup (quarantined).
    :mozilla.160:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\8q8gsb4f.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned with backup (quarantined).
    :mozilla.161:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\8q8gsb4f.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned with backup (quarantined).
    :mozilla.162:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\8q8gsb4f.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned with backup (quarantined).
    :mozilla.163:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\8q8gsb4f.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned with backup (quarantined).
    :mozilla.164:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\8q8gsb4f.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned with backup (quarantined).
    :mozilla.165:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\8q8gsb4f.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned with backup (quarantined).
    :mozilla.166:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\8q8gsb4f.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned with backup (quarantined).
    :mozilla.167:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\8q8gsb4f.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned with backup (quarantined).
    :mozilla.168:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\8q8gsb4f.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned with backup (quarantined).
    :mozilla.169:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\8q8gsb4f.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned with backup (quarantined).
    :mozilla.170:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\8q8gsb4f.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned with backup (quarantined).
    :mozilla.171:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\8q8gsb4f.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned with backup (quarantined).
    :mozilla.364:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\8q8gsb4f.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned with backup (quarantined).
    :mozilla.370:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\8q8gsb4f.default\cookies.txt -> TrackingCookie.Bluestreak : Cleaned with backup (quarantined).
    :mozilla.188:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\8q8gsb4f.default\cookies.txt -> TrackingCookie.Bridgetrack : Cleaned with backup (quarantined).
    :mozilla.189:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\8q8gsb4f.default\cookies.txt -> TrackingCookie.Bridgetrack : Cleaned with backup (quarantined).
    :mozilla.190:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\8q8gsb4f.default\cookies.txt -> TrackingCookie.Bridgetrack : Cleaned with backup (quarantined).
    :mozilla.191:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\8q8gsb4f.default\cookies.txt -> TrackingCookie.Bridgetrack : Cleaned with backup (quarantined).
    :mozilla.569:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\8q8gsb4f.default\cookies.txt -> TrackingCookie.Burstbeacon : Cleaned with backup (quarantined).
    :mozilla.596:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\8q8gsb4f.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned with backup (quarantined).
    :mozilla.598:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\8q8gsb4f.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned with backup (quarantined).
    :mozilla.138:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\8q8gsb4f.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup (quarantined).
    :mozilla.139:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\8q8gsb4f.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup (quarantined).
    :mozilla.140:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\8q8gsb4f.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup (quarantined).
    :mozilla.141:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\8q8gsb4f.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup (quarantined).
    :mozilla.142:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\8q8gsb4f.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup (quarantined).
    :mozilla.143:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\8q8gsb4f.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup (quarantined).
    :mozilla.144:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\8q8gsb4f.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup (quarantined).
    :mozilla.146:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\8q8gsb4f.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup (quarantined).
    :mozilla.152:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\8q8gsb4f.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup (quarantined).
    :mozilla.608:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\8q8gsb4f.default\cookies.txt -> TrackingCookie.Com : Cleaned with backup (quarantined).
    :mozilla.609:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\8q8gsb4f.default\cookies.txt -> TrackingCookie.Com : Cleaned with backup (quarantined).
    :mozilla.610:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\8q8gsb4f.default\cookies.txt -> TrackingCookie.Com : Cleaned with backup (quarantined).
    :mozilla.489:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\8q8gsb4f.default\cookies.txt -> TrackingCookie.Coremetrics : Cleaned with backup (quarantined).
    :mozilla.425:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\8q8gsb4f.default\cookies.txt -> TrackingCookie.Cqcounter : Cleaned with backup (quarantined).
    :mozilla.127:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\8q8gsb4f.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned with backup (quarantined).
    :mozilla.128:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\8q8gsb4f.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned with backup (quarantined).
    :mozilla.413:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\8q8gsb4f.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
    :mozilla.625:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\8q8gsb4f.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
    :mozilla.626:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\8q8gsb4f.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
    :mozilla.627:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\8q8gsb4f.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
    :mozilla.628:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\8q8gsb4f.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
    :mozilla.630:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\8q8gsb4f.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
    :mozilla.358:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\8q8gsb4f.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup (quarantined).
    :mozilla.593:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\8q8gsb4f.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup (quarantined).
    :mozilla.594:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\8q8gsb4f.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup (quarantined).
    :mozilla.595:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\8q8gsb4f.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup (quarantined).
    :mozilla.714:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\8q8gsb4f.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup (quarantined).
    :mozilla.715:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\8q8gsb4f.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup (quarantined).
    :mozilla.716:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\8q8gsb4f.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup (quarantined).
    :mozilla.717:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\8q8gsb4f.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup (quarantined).
    :mozilla.718:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\8q8gsb4f.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup (quarantined).
    :mozilla.145:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\8q8gsb4f.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup (quarantined).
    :mozilla.147:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\8q8gsb4f.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup (quarantined).
    :mozilla.148:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\8q8gsb4f.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup (quarantined).
    :mozilla.149:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\8q8gsb4f.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup (quarantined).
    :mozilla.150:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\8q8gsb4f.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup (quarantined).
    :mozilla.907:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\8q8gsb4f.default\cookies.txt -> TrackingCookie.Goldenpalace : Cleaned with backup (quarantined).
    :mozilla.641:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\8q8gsb4f.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
    :mozilla.642:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\8q8gsb4f.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
    :mozilla.666:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\8q8gsb4f.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
    :mozilla.667:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\8q8gsb4f.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
    :mozilla.668:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\8q8gsb4f.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
    :mozilla.867:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\8q8gsb4f.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
    :mozilla.868:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\8q8gsb4f.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
    :mozilla.805:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\8q8gsb4f.default\cookies.txt -> TrackingCookie.Hitslink : Cleaned with backup (quarantined).
    :mozilla.806:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\8q8gsb4f.default\cookies.txt -> TrackingCookie.Hitslink : Cleaned with backup (quarantined).
    :mozilla.807:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\8q8gsb4f.default\cookies.txt -> TrackingCookie.Hitslink : Cleaned with backup (quarantined).
    :mozilla.808:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\8q8gsb4f.default\cookies.txt -> TrackingCookie.Hitslink : Cleaned with backup (quarantined).
    :mozilla.854:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\8q8gsb4f.default\cookies.txt -> TrackingCookie.Hitslink : Cleaned with backup (quarantined).
    :mozilla.855:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\8q8gsb4f.default\cookies.txt -> TrackingCookie.Hitslink : Cleaned with backup (quarantined).
    :mozilla.856:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\8q8gsb4f.default\cookies.txt -> TrackingCookie.Hitslink : Cleaned with backup (quarantined).
    :mozilla.857:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\8q8gsb4f.default\cookies.txt -> TrackingCookie.Hitslink : Cleaned with backup (quarantined).
    :mozilla.513:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\8q8gsb4f.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup (quarantined).
    :mozilla.514:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\8q8gsb4f.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup (quarantined).
    :mozilla.515:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\8q8gsb4f.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup (quarantined).
    :mozilla.177:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\8q8gsb4f.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned with backup (quarantined).
    :mozilla.178:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\8q8gsb4f.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned with backup (quarantined).
    :mozilla.193:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\8q8gsb4f.default\cookies.txt -> TrackingCookie.Overture : Cleaned with backup (quarantined).
    :mozilla.194:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\8q8gsb4f.default\cookies.txt -> TrackingCookie.Overture : Cleaned with backup (quarantined).
    :mozilla.195:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\8q8gsb4f.default\cookies.txt -> TrackingCookie.Overture : Cleaned with backup (quarantined).
    :mozilla.196:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\8q8gsb4f.default\cookies.txt -> TrackingCookie.Overture : Cleaned with backup (quarantined).
    :mozilla.371:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\8q8gsb4f.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup (quarantined).
    :mozilla.372:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\8q8gsb4f.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup (quarantined).
    :mozilla.373:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\8q8gsb4f.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup (quarantined).
    :mozilla.374:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\8q8gsb4f.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup (quarantined).
    :mozilla.375:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\8q8gsb4f.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup (quarantined).
    :mozilla.600:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\8q8gsb4f.default\cookies.txt -> TrackingCookie.Qksrv : Cleaned with backup (quarantined).
    :mozilla.604:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\8q8gsb4f.default\cookies.txt -> TrackingCookie.Qksrv : Cleaned with backup (quarantined).
    :mozilla.394:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\8q8gsb4f.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup (quarantined).
    :mozilla.395:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\8q8gsb4f.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup (quarantined).
    :mozilla.396:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\8q8gsb4f.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup (quarantined).
    :mozilla.397:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\8q8gsb4f.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup (quarantined).
    :mozilla.336:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\8q8gsb4f.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup (quarantined).
    :mozilla.337:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\8q8gsb4f.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup (quarantined).
    :mozilla.338:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\8q8gsb4f.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup (quarantined).
    :mozilla.339:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\8q8gsb4f.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup (quarantined).
    :mozilla.340:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\8q8gsb4f.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup (quarantined).
    :mozilla.341:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\8q8gsb4f.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup (quarantined).
    :mozilla.342:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\8q8gsb4f.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup (quarantined).
    :mozilla.343:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\8q8gsb4f.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup (quarantined).
    :mozilla.378:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\8q8gsb4f.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup (quarantined).
    :mozilla.379:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\8q8gsb4f.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup (quarantined).
    :mozilla.380:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\8q8gsb4f.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup (quarantined).
    :mozilla.381:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\8q8gsb4f.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup (quarantined).
    :mozilla.386:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\8q8gsb4f.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup (quarantined).
    :mozilla.387:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\8q8gsb4f.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup (quarantined).
    :mozilla.388:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\8q8gsb4f.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup (quarantined).
    :mozilla.506:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\8q8gsb4f.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup (quarantined).
    :mozilla.507:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\8q8gsb4f.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup (quarantined).
    :mozilla.508:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\8q8gsb4f.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup (quarantined).
    :mozilla.509:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\8q8gsb4f.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup (quarantined).
    :mozilla.510:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\8q8gsb4f.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup (quarantined).
    :mozilla.511:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\8q8gsb4f.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup (quarantined).
    :mozilla.512:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\8q8gsb4f.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup (quarantined).
    :mozilla.571:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\8q8gsb4f.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned with backup (quarantined).
    :mozilla.545:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\8q8gsb4f.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
    :mozilla.546:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\8q8gsb4f.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
    :mozilla.547:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\8q8gsb4f.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
    :mozilla.548:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\8q8gsb4f.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
    :mozilla.549:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\8q8gsb4f.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
    :mozilla.550:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\8q8gsb4f.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
    :mozilla.551:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\8q8gsb4f.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
    :mozilla.552:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\8q8gsb4f.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
    :mozilla.553:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\8q8gsb4f.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
    :mozilla.554:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\8q8gsb4f.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
    :mozilla.555:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\8q8gsb4f.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
    :mozilla.556:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\8q8gsb4f.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
    :mozilla.557:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\8q8gsb4f.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
    :mozilla.558:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\8q8gsb4f.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
    :mozilla.432:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\8q8gsb4f.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup (quarantined).
    :mozilla.433:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\8q8gsb4f.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup (quarantined).
    :mozilla.434:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\8q8gsb4f.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup (quarantined).
    :mozilla.597:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\8q8gsb4f.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup (quarantined).
    :mozilla.570:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\8q8gsb4f.default\cookies.txt -> TrackingCookie.Targetnet : Cleaned with backup (quarantined).
    :mozilla.212:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\8q8gsb4f.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned with backup (quarantined).
    :mozilla.117:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\8q8gsb4f.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup (quarantined).
    :mozilla.118:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\8q8gsb4f.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup (quarantined).
    :mozilla.119:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\8q8gsb4f.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup (quarantined).
    :mozilla.120:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\8q8gsb4f.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup (quarantined).
    :mozilla.121:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\8q8gsb4f.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup (quarantined).
    :mozilla.122:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\8q8gsb4f.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup (quarantined).
    :mozilla.123:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\8q8gsb4f.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup (quarantined).
    :mozilla.124:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\8q8gsb4f.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup (quarantined).
    :mozilla.125:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\8q8gsb4f.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup (quarantined).
    :mozilla.179:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\8q8gsb4f.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup (quarantined).
    :mozilla.180:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\8q8gsb4f.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup (quarantined).
    :mozilla.181:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\8q8gsb4f.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup (quarantined).
    :mozilla.182:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\8q8gsb4f.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup (quarantined).
    :mozilla.183:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\8q8gsb4f.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup (quarantined).
    :mozilla.186:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\8q8gsb4f.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup (quarantined).
    :mozilla.561:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\8q8gsb4f.default\cookies.txt -> TrackingCookie.Valuead : Cleaned with backup (quarantined).
    :mozilla.562:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\8q8gsb4f.default\cookies.txt -> TrackingCookie.Valuead : Cleaned with backup (quarantined).
    :mozilla.563:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\8q8gsb4f.default\cookies.txt -> TrackingCookie.Valuead : Cleaned with backup (quarantined).
    :mozilla.564:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\8q8gsb4f.default\cookies.txt -> TrackingCookie.Valuead : Cleaned with backup (quarantined).
    :mozilla.565:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\8q8gsb4f.default\cookies.txt -> TrackingCookie.Valuead : Cleaned with backup (quarantined).
    :mozilla.566:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\8q8gsb4f.default\cookies.txt -> TrackingCookie.Valuead : Cleaned with backup (quarantined).
    :mozilla.712:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\8q8gsb4f.default\cookies.txt -> TrackingCookie.Valueclick : Cleaned with backup (quarantined).
    :mozilla.713:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\8q8gsb4f.default\cookies.txt -> TrackingCookie.Valueclick : Cleaned with backup (quarantined).
    :mozilla.467:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\8q8gsb4f.default\cookies.txt -> TrackingCookie.Web-stat : Cleaned with backup (quarantined).
    :mozilla.468:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\8q8gsb4f.default\cookies.txt -> TrackingCookie.Web-stat : Cleaned with backup (quarantined).
    :mozilla.469:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\8q8gsb4f.default\cookies.txt -> TrackingCookie.Web-stat : Cleaned with backup (quarantined).
    :mozilla.470:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\8q8gsb4f.default\cookies.txt -> TrackingCookie.Web-stat : Cleaned with backup (quarantined).
    :mozilla.831:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\8q8gsb4f.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned with backup (quarantined).
    :mozilla.197:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\8q8gsb4f.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
    :mozilla.198:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\8q8gsb4f.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
    :mozilla.199:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\8q8gsb4f.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
    :mozilla.200:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\8q8gsb4f.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
    :mozilla.201:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\8q8gsb4f.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
    :mozilla.202:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\8q8gsb4f.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
    :mozilla.203:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\8q8gsb4f.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
    :mozilla.204:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\8q8gsb4f.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
    :mozilla.205:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\8q8gsb4f.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
    :mozilla.206:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\8q8gsb4f.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
    :mozilla.348:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\8q8gsb4f.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup (quarantined).
    :mozilla.349:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\8q8gsb4f.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup (quarantined).
    :mozilla.350:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\8q8gsb4f.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup (quarantined).
    HKU\S-1-5-21-3042452539-3179742922-2167395947-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8E13DDE1-E013-47EC-9C4C-27C2F78BDD26} -> Trojan.Conhook.c : Cleaned with backup (quarantined).
    C:\WINDOWS\system32\cbxxx.dll -> Trojan.Crypt.o : Cleaned with backup (quarantined).


    ::Report end

    VundoFix V5.0.0

    Running as SYSTEM
    from c:\windows\system32\VundoFix.exe

    Checking Java version...

    Java version is 1.5.0.4

    Java version is 1.5.0.6

    Scan started at 12:27:06 AM 7/8/2006

    Listing files found while scanning....

    No infected files were found.

     
    debleaux, Jul 7, 2006
    #61
  2. JaPK

    JaPK Regular member

    Joined:
    Feb 23, 2006
    Messages:
    1,269
    Likes Received:
    0
    Trophy Points:
    46
    Ok looks quite good...

    There is a new version of VundoFix available, please remove the old version from your computer.

    Then use the new version...

    Download VundoFix.exe to your desktop -> http://www.atribune.org/ccount/click.php?id=4

    * Double-click VundoFix.exe to run it.
    * Put a check next to Run VundoFix as a task.
    * You will receive a message saying vundofix will close and re-open in a minute or less. Click OK
    * When VundoFix re-opens, click the Scan for Vundo button.
    * Once it's done scanning, click the Remove Vundo button.
    * You will receive a prompt asking if you want to remove the files, click YES
    * Once you click yes, your desktop will go blank as it starts removing Vundo.
    * When completed, it will prompt that it will shutdown your computer, click OK.
    * Turn your computer back on

    Post a new HijackThis log and the contents of C:\vundofix.txt
     
    JaPK, Jul 8, 2006
    #62
  3. debleaux

    debleaux Member

    Joined:
    Jul 6, 2006
    Messages:
    15
    Likes Received:
    0
    Trophy Points:
    11
    the link to the updated vundofix brings me to a page where it asks me to save the .exe to my computer. it is the same one i installed the first time. i'm not sure if the link is old, but i am unable to find the updated version. i ran it again anyway and this is the log

    VundoFix V5.0.0

    Running as SYSTEM
    from c:\windows\system32\VundoFix.exe

    Checking Java version...

    Java version is 1.5.0.4

    Java version is 1.5.0.6

    Scan started at 12:35:09 PM 7/8/2006

    Listing files found while scanning....

    No infected files were found.





    also, do you know if there is a fix for my add/remove programs problem?
     
    debleaux, Jul 8, 2006
    #63
  4. JaPK

    JaPK Regular member

    Joined:
    Feb 23, 2006
    Messages:
    1,269
    Likes Received:
    0
    Trophy Points:
    46
    Ok, I think we can do something to your Control Panel...

    Please post a fresh HijackTHis log to here and we'll continue.
     
    JaPK, Jul 8, 2006
    #64
  5. debleaux

    debleaux Member

    Joined:
    Jul 6, 2006
    Messages:
    15
    Likes Received:
    0
    Trophy Points:
    11
    Logfile of HijackThis v1.99.1
    Scan saved at 2:22:21 PM, on 7/9/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\Program Files\ewido anti-spyware 4.0\guard.exe
    C:\WINDOWS\System32\HPConfig.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\wanmpsvc.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\WINDOWS\system32\carpserv.exe
    C:\WINDOWS\system32\S3tray2.exe
    C:\Program Files\Hewlett-Packard\HP Display Settings\hpdisply.exe
    C:\PROGRA~1\HPONE-~1\OneTouch.EXE
    C:\windows\system\hpsysdrv.exe
    C:\WINDOWS\system32\dla\tfswctrl.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\program files\microangelo\muamgr.exe
    C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
    C:\WINDOWS\system32\ntvdm.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\HJT\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us4nb.hpwis.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.hp.com/info/e-center-p
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = sas.se1.attbb.net:8000
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O2 - BHO: MSEvents Object - {827DC836-DD9F-4A68-A602-5812EB50A834} - C:\WINDOWS\system32\cbxxx.dll
    O4 - HKLM\..\Run: [CARPService] carpserv.exe
    O4 - HKLM\..\Run: [S3TRAY2] S3tray2.exe
    O4 - HKLM\..\Run: [HP Display Settings] C:\Program Files\Hewlett-Packard\HP Display Settings\hpdisply.exe /s
    O4 - HKLM\..\Run: [QT4HPOT] C:\PROGRA~1\HPONE-~1\OneTouch.EXE
    O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
    O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
    O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
    O4 - HKLM\..\Run: [MOD] c:\program files\microangelo\muamgr.exe
    O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
    O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_5 -reboot 1
    O4 - Startup: Event Reminder.lnk = C:\pmw\PMREMIND.EXE
    O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: America Online 7.0 Tray Icon.lnk = C:\Program Files\America Online 7.0\aoltray.exe
    O4 - Global Startup: BTTray.lnk = ?
    O4 - Global Startup: hp psc 1000 series.lnk = ?
    O4 - Global Startup: hpoddt01.exe.lnk = ?
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
    O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O12 - Plugin for .ipp: C:\Program Files\Internet Explorer\Plugins\npimth32.dll
    O12 - Plugin for .ipt: C:\Program Files\Internet Explorer\Plugins\npimth32.dll
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O14 - IERESET.INF: START_PAGE_URL=http://www.hp.com/info/e-center-p
    O20 - Winlogon Notify: cbxxx - C:\WINDOWS\system32\cbxxx.dll
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
    O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
    O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
    O23 - Service: HP Configuration Service (HPConfig) - Hewlett-Packard - C:\WINDOWS\System32\HPConfig.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

     
    debleaux, Jul 9, 2006
    #65
  6. JaPK

    JaPK Regular member

    Joined:
    Feb 23, 2006
    Messages:
    1,269
    Likes Received:
    0
    Trophy Points:
    46
    ###Mistakenly edited my own post when I was about to quote it :)###
     
    Last edited: Jul 12, 2006
    JaPK, Jul 9, 2006
    #66
  7. debleaux

    debleaux Member

    Joined:
    Jul 6, 2006
    Messages:
    15
    Likes Received:
    0
    Trophy Points:
    11
    Logfile of HijackThis v1.99.1
    Scan saved at 11:08:23 PM, on 7/9/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\Program Files\ewido anti-spyware 4.0\guard.exe
    C:\WINDOWS\System32\HPConfig.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\wanmpsvc.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\carpserv.exe
    C:\WINDOWS\system32\S3tray2.exe
    C:\Program Files\Hewlett-Packard\HP Display Settings\hpdisply.exe
    C:\PROGRA~1\HPONE-~1\OneTouch.EXE
    C:\windows\system\hpsysdrv.exe
    C:\WINDOWS\system32\dla\tfswctrl.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\program files\microangelo\muamgr.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    C:\Program Files\Belkin\Bluetooth Software\BTTray.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
    C:\WINDOWS\system32\ntvdm.exe
    C:\PROGRA~1\Webshots\webshots.scr
    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
    C:\HJT\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us4nb.hpwis.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.hp.com/info/e-center-p
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = sas.se1.attbb.net:8000
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O2 - BHO: MSEvents Object - {827DC836-DD9F-4A68-A602-5812EB50A834} - C:\WINDOWS\system32\cbxxx.dll
    O4 - HKLM\..\Run: [CARPService] carpserv.exe
    O4 - HKLM\..\Run: [S3TRAY2] S3tray2.exe
    O4 - HKLM\..\Run: [HP Display Settings] C:\Program Files\Hewlett-Packard\HP Display Settings\hpdisply.exe /s
    O4 - HKLM\..\Run: [QT4HPOT] C:\PROGRA~1\HPONE-~1\OneTouch.EXE
    O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
    O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
    O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
    O4 - HKLM\..\Run: [MOD] c:\program files\microangelo\muamgr.exe
    O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
    O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_5 -reboot 1
    O4 - Startup: Event Reminder.lnk = C:\pmw\PMREMIND.EXE
    O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: America Online 7.0 Tray Icon.lnk = C:\Program Files\America Online 7.0\aoltray.exe
    O4 - Global Startup: BTTray.lnk = ?
    O4 - Global Startup: hp psc 1000 series.lnk = ?
    O4 - Global Startup: hpoddt01.exe.lnk = ?
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
    O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O12 - Plugin for .ipp: C:\Program Files\Internet Explorer\Plugins\npimth32.dll
    O12 - Plugin for .ipt: C:\Program Files\Internet Explorer\Plugins\npimth32.dll
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O14 - IERESET.INF: START_PAGE_URL=http://www.hp.com/info/e-center-p
    O20 - Winlogon Notify: cbxxx - C:\WINDOWS\system32\cbxxx.dll
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
    O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
    O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
    O23 - Service: HP Configuration Service (HPConfig) - Hewlett-Packard - C:\WINDOWS\System32\HPConfig.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe



    Logfile of The Avenger version 1, by Swandog46
    Running from registry key:
    \Registry\Machine\System\CurrentControlSet\Services\^tluvjvt

    *******************

    Script file located at: \??\C:\jbejlwow.txt
    Script file opened successfully.

    Script file read successfully

    Backups directory opened successfully at C:\Avenger

    *******************

    Beginning to process script file:



    File cbxxx.dll.tmp not found!
    Deletion of file cbxxx.dll.tmp failed!

    Could not process line:
    cbxxx.dll.tmp
    Status: 0xc0000034



    File cbxxx.dll.tmp1 not found!
    Deletion of file cbxxx.dll.tmp1 failed!

    Could not process line:
    cbxxx.dll.tmp1
    Status: 0xc0000034



    File cbxxx.dll.tmp2 not found!
    Deletion of file cbxxx.dll.tmp2 failed!

    Could not process line:
    cbxxx.dll.tmp2
    Status: 0xc0000034



    File cbxxx.dll.bak not found!
    Deletion of file cbxxx.dll.bak failed!

    Could not process line:
    cbxxx.dll.bak
    Status: 0xc0000034



    File cbxxx.dll.bak1 not found!
    Deletion of file cbxxx.dll.bak1 failed!

    Could not process line:
    cbxxx.dll.bak1
    Status: 0xc0000034



    File cbxxx.dll.bak2 not found!
    Deletion of file cbxxx.dll.bak2 failed!

    Could not process line:
    cbxxx.dll.bak2
    Status: 0xc0000034



    File cbxxx.dll.ini not found!
    Deletion of file cbxxx.dll.ini failed!

    Could not process line:
    cbxxx.dll.ini
    Status: 0xc0000034



    File cbxxx.dll.ini2 not found!
    Deletion of file cbxxx.dll.ini2 failed!

    Could not process line:
    cbxxx.dll.ini2
    Status: 0xc0000034



    File xxxbc.dll not found!
    Deletion of file xxxbc.dll failed!

    Could not process line:
    xxxbc.dll
    Status: 0xc0000034



    File xxxbc.bak not found!
    Deletion of file xxxbc.bak failed!

    Could not process line:
    xxxbc.bak
    Status: 0xc0000034



    File xxxbc.ini not found!
    Deletion of file xxxbc.ini failed!

    Could not process line:
    xxxbc.ini
    Status: 0xc0000034


    Completed script processing.

    *******************

    Finished! Terminate.


    for a bit i thought i had erradicated this trojan. afterall, my computer went back to running normal, but since i downloaded the avenger, avast notified me i had a trojan. i'm not sure where things are going wrong. i'm following all of the directions. please let me know hwow to get this off and keep it off!!
     
    debleaux, Jul 9, 2006
    #67
  8. JaPK

    JaPK Regular member

    Joined:
    Feb 23, 2006
    Messages:
    1,269
    Likes Received:
    0
    Trophy Points:
    46
    Ok, lets do this before we continue...

    Download F-Secure Blacklight and save it to your desktop -> http://www.f-secure.com/blacklight/try.shtml

    Doubleclick blbeta.exe, accept the agreement, click Scan, then click Next

    You'll see a list what have been found. A log will appear to your desktop, it is named fsbl.xxxxxxx.log (xxxxxxx will be random numbers).

    DON'T choose Rename if something was found!

    Post the contents of fsbl.xxxx.log to here (blacklight log from your desktop)
     
    JaPK, Jul 9, 2006
    #68
  9. debleaux

    debleaux Member

    Joined:
    Jul 6, 2006
    Messages:
    15
    Likes Received:
    0
    Trophy Points:
    11
    07/10/06 01:35:00 [Info]: BlackLight Engine 1.0.42 initialized
    07/10/06 01:35:00 [Info]: OS: 5.1 build 2600 (Service Pack 2)
    07/10/06 01:35:23 [Note]: 7019 4
    07/10/06 01:35:23 [Note]: 7005 0
    07/10/06 01:38:35 [Note]: 7006 0
    07/10/06 01:38:42 [Note]: 7011 2812
    07/10/06 01:38:48 [Note]: 7026 0
    07/10/06 01:38:48 [Note]: 7026 0
    07/10/06 01:45:12 [Note]: FSRAW library version 1.7.1019
    07/10/06 08:22:45 [Note]: 7007 0
     
    debleaux, Jul 10, 2006
    #69
  10. JaPK

    JaPK Regular member

    Joined:
    Feb 23, 2006
    Messages:
    1,269
    Likes Received:
    0
    Trophy Points:
    46
    Ok, so we continue...

    Restart your computer to the Safe Mode.

    Fix these entries with HijackThis:

    O2 - BHO: MSEvents Object - {827DC836-DD9F-4A68-A602-5812EB50A834} - C:\WINDOWS\system32\cbxxx.dll
    O20 - Winlogon Notify: cbxxx - C:\WINDOWS\system32\cbxxx.dll

    Restart your computer to the normal mode.

    Scan again with HijackThis and post a fresh log to here.
     
    JaPK, Jul 10, 2006
    #70
  11. debleaux

    debleaux Member

    Joined:
    Jul 6, 2006
    Messages:
    15
    Likes Received:
    0
    Trophy Points:
    11
    Logfile of HijackThis v1.99.1
    Scan saved at 5:20:01 PM, on 7/11/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\Program Files\ewido anti-spyware 4.0\guard.exe
    C:\WINDOWS\System32\HPConfig.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\wanmpsvc.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\WINDOWS\system32\carpserv.exe
    C:\WINDOWS\system32\S3tray2.exe
    C:\Program Files\Hewlett-Packard\HP Display Settings\hpdisply.exe
    C:\PROGRA~1\HPONE-~1\OneTouch.EXE
    C:\windows\system\hpsysdrv.exe
    C:\WINDOWS\system32\dla\tfswctrl.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\program files\microangelo\muamgr.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    C:\HJT\HijackThis.exe
    C:\Program Files\Belkin\Bluetooth Software\BTTray.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
    C:\WINDOWS\system32\ntvdm.exe
    C:\PROGRA~1\Webshots\webshots.scr
    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us4nb.hpwis.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.hp.com/info/e-center-p
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = sas.se1.attbb.net:8000
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O2 - BHO: MSEvents Object - {827DC836-DD9F-4A68-A602-5812EB50A834} - C:\WINDOWS\system32\cbxxx.dll
    O3 - Toolbar: &VSToolBar - {821F87FF-8245-4972-9E28-732E92EC2F51} - C:\Program Files\VSToolbar\VSToolBar.dll
    O4 - HKLM\..\Run: [CARPService] carpserv.exe
    O4 - HKLM\..\Run: [S3TRAY2] S3tray2.exe
    O4 - HKLM\..\Run: [HP Display Settings] C:\Program Files\Hewlett-Packard\HP Display Settings\hpdisply.exe /s
    O4 - HKLM\..\Run: [QT4HPOT] C:\PROGRA~1\HPONE-~1\OneTouch.EXE
    O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
    O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
    O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
    O4 - HKLM\..\Run: [MOD] c:\program files\microangelo\muamgr.exe
    O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
    O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_5 -reboot 1
    O4 - Startup: Event Reminder.lnk = C:\pmw\PMREMIND.EXE
    O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: America Online 7.0 Tray Icon.lnk = C:\Program Files\America Online 7.0\aoltray.exe
    O4 - Global Startup: BTTray.lnk = ?
    O4 - Global Startup: hp psc 1000 series.lnk = ?
    O4 - Global Startup: hpoddt01.exe.lnk = ?
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
    O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O12 - Plugin for .ipp: C:\Program Files\Internet Explorer\Plugins\npimth32.dll
    O12 - Plugin for .ipt: C:\Program Files\Internet Explorer\Plugins\npimth32.dll
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O14 - IERESET.INF: START_PAGE_URL=http://www.hp.com/info/e-center-p
    O20 - Winlogon Notify: cbxxx - C:\WINDOWS\system32\cbxxx.dll
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
    O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
    O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
    O23 - Service: HP Configuration Service (HPConfig) - Hewlett-Packard - C:\WINDOWS\System32\HPConfig.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

    i have continuously tried fixing O2 and O20 through hijackthis and have been unsuccessful. i fix them, it asks if i am sure i am ready to fix/delete files, i click yes the hijackthis window clears. when i click scan again, they are still there
     
    debleaux, Jul 11, 2006
    #71
  12. fyhao

    fyhao Guest

    Hi expects. I got sysprotect and that winantivirus2006 one week ago. Don't know how to solve it, I don't expect in this things. Please help me, below is my log file.

    Logfile of HijackThis v1.99.1
    Scan saved at 5:29:25 PM, on 7/12/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\MSN Messenger\MsnMsgr.Exe
    C:\Program Files\Apache Group\Apache2\bin\Apache.exe
    C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    C:\Program Files\Apache Group\Apache2\bin\Apache.exe
    C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Norton Internet Security\ISSVC.exe
    C:\mysql\bin\mysqld-nt.exe
    C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\Program Files\Chinese Star XP\CStar.exe
    C:\Program Files\Chinese Star XP\ImfServer.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\HJT\hijackthis_self\HijackThis.exe

    O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
    O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
    O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
    O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\\NeroCheck.exe
    O4 - HKLM\..\Run: [IMSCMIG40W] C:\PROGRA~1\COMMON~1\MICROS~1\IME\IMSC40W\IMSCMIG.EXE /SetPreload /Log
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\RunServices: [Windows Recylinder Check] znipjfvrav.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Startup: WinMySQLadmin.lnk = C:\mysql\bin\winmysqladmin.exe
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O4 - Global Startup: Monitor Apache Servers.lnk = C:\Program Files\Apache Group\Apache2\bin\ApacheMonitor.exe
    O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet V1.81\jc_all.htm
    O8 - Extra context menu item: Download Using &BitSpirit - C:\Program Files\BitSpirit\bsurl.htm
    O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet V1.81\jc_link.htm
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {2E28242B-A689-11D4-80F2-0040266CBB8D} (KX-HCM10 Control) - http://cam169367.miemasu.net/kxhcm10.ocx
    O16 - DPF: {39D420B3-E0EB-424C-89AA-C24F8DE7EF79} (KooPlayer Control) - http://www.tvkoo.com/update/KooPlayer.ocx
    O16 - DPF: {48884C41-EFAC-433D-958A-9FADAC41408E} (EGamesPlugin Class) - https://www.e-games.com.my/com/EGamesPlugin.cab
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com/PhotoUpload/MsnPUpld.cab?10,0,910,0
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1130248139926
    O16 - DPF: {8FCDF9D9-A28B-480F-8C3D-581F119A8AB8} - http://static.zangocash.com/cab/Zango/ie/bridge-c18.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{ECB5EB9A-B9D7-4B1A-A59F-C76059108DEF}: NameServer = 202.188.0.133 202.188.1.5
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Apache2 - Unknown owner - C:\Program Files\Apache Group\Apache2\bin\Apache.exe" -k runservice (file missing)
    O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
    O23 - Service: MySql - Unknown owner - C:/mysql/bin/mysqld-nt.exe
    O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
    O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

    ----
    Please help me, thanks
     
    fyhao, Jul 12, 2006
    #72
  13. JaPK

    JaPK Regular member

    Joined:
    Feb 23, 2006
    Messages:
    1,269
    Likes Received:
    0
    Trophy Points:
    46
    @debleaux

    2. Copy all text in quote box below to Notepad (starting from
    Files to delete:)

    Notice: This script is for this user. If you aren't that user, DON'T follow these instructions, because they might harm your system

    3. Now, open The Avenger
    ->"Below Script file to execute" select "Input Script Manually".
    ->Now click magnifying glass which opens a new window "View/edit script".
    -> Paste the text you earlier copied to Notepad here
    -> Click Done.
    -> Now click green light in order to start script.
    -> Click "Yes" .

    4.Avenger will do the following
    -> Reboot your computer.
    -> While booting, it will open a dos prompt, it's normal
    -> After reboot it will create a logfile which should open . This log is in C:\avenger.txt
    -> Avenger has created a backup here -> C:\avenger\backup.zip.

    5. Fix the following entires with HijackThis:

    O2 - BHO: MSEvents Object - {827DC836-DD9F-4A68-A602-5812EB50A834} - C:\WINDOWS\system32\cbxxx.dll
    O20 - Winlogon Notify: cbxxx - C:\WINDOWS\system32\cbxxx.dll

    6. Reboot and Copy/paste contents of avenger.txt along with a fresh HjT-log.
     
    Last edited: Jul 13, 2006
    JaPK, Jul 12, 2006
    #73
  14. debleaux

    debleaux Member

    Joined:
    Jul 6, 2006
    Messages:
    15
    Likes Received:
    0
    Trophy Points:
    11
    Logfile of HijackThis v1.99.1
    Scan saved at 3:41:52 PM, on 7/12/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\Program Files\ewido anti-spyware 4.0\guard.exe
    C:\WINDOWS\System32\HPConfig.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\wanmpsvc.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\carpserv.exe
    C:\WINDOWS\system32\S3tray2.exe
    C:\Program Files\Hewlett-Packard\HP Display Settings\hpdisply.exe
    C:\PROGRA~1\HPONE-~1\OneTouch.EXE
    C:\windows\system\hpsysdrv.exe
    C:\WINDOWS\system32\dla\tfswctrl.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\program files\microangelo\muamgr.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Belkin\Bluetooth Software\BTTray.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
    C:\WINDOWS\system32\ntvdm.exe
    C:\PROGRA~1\Webshots\webshots.scr
    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
    C:\HJT\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us4nb.hpwis.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.hp.com/info/e-center-p
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = sas.se1.attbb.net:8000
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O2 - BHO: MSEvents Object - {827DC836-DD9F-4A68-A602-5812EB50A834} - C:\WINDOWS\system32\cbxxx.dll
    O3 - Toolbar: &VSToolBar - {821F87FF-8245-4972-9E28-732E92EC2F51} - C:\Program Files\VSToolbar\VSToolBar.dll
    O4 - HKLM\..\Run: [CARPService] carpserv.exe
    O4 - HKLM\..\Run: [S3TRAY2] S3tray2.exe
    O4 - HKLM\..\Run: [HP Display Settings] C:\Program Files\Hewlett-Packard\HP Display Settings\hpdisply.exe /s
    O4 - HKLM\..\Run: [QT4HPOT] C:\PROGRA~1\HPONE-~1\OneTouch.EXE
    O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
    O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
    O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
    O4 - HKLM\..\Run: [MOD] c:\program files\microangelo\muamgr.exe
    O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
    O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_5 -reboot 1
    O4 - Startup: Event Reminder.lnk = C:\pmw\PMREMIND.EXE
    O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: America Online 7.0 Tray Icon.lnk = C:\Program Files\America Online 7.0\aoltray.exe
    O4 - Global Startup: BTTray.lnk = ?
    O4 - Global Startup: hp psc 1000 series.lnk = ?
    O4 - Global Startup: hpoddt01.exe.lnk = ?
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
    O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O12 - Plugin for .ipp: C:\Program Files\Internet Explorer\Plugins\npimth32.dll
    O12 - Plugin for .ipt: C:\Program Files\Internet Explorer\Plugins\npimth32.dll
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O14 - IERESET.INF: START_PAGE_URL=http://www.hp.com/info/e-center-p
    O20 - Winlogon Notify: cbxxx - C:\WINDOWS\system32\cbxxx.dll
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
    O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
    O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
    O23 - Service: HP Configuration Service (HPConfig) - Hewlett-Packard - C:\WINDOWS\System32\HPConfig.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe



    Logfile of The Avenger version 1, by Swandog46
    Running from registry key:
    \Registry\Machine\System\CurrentControlSet\Services\jokbfvvn

    *******************

    Script file located at: \??\C:\Program Files\ngjnicvl.txt
    Script file opened successfully.

    Script file read successfully

    Backups directory opened successfully at C:\Avenger

    *******************

    Beginning to process script file:



    File C:\WINDOWS\system32\cbxxx.dll.tmp not found!
    Deletion of file C:\WINDOWS\system32\cbxxx.dll.tmp failed!

    Could not process line:
    C:\WINDOWS\system32\cbxxx.dll.tmp
    Status: 0xc0000034



    File C:\WINDOWS\system32\cbxxx.dll.tmp1 not found!
    Deletion of file C:\WINDOWS\system32\cbxxx.dll.tmp1 failed!

    Could not process line:
    C:\WINDOWS\system32\cbxxx.dll.tmp1
    Status: 0xc0000034



    File C:\WINDOWS\system32\cbxxx.dll.tmp2 not found!
    Deletion of file C:\WINDOWS\system32\cbxxx.dll.tmp2 failed!

    Could not process line:
    C:\WINDOWS\system32\cbxxx.dll.tmp2
    Status: 0xc0000034



    File C:\WINDOWS\system32\cbxxx.dll.bak not found!
    Deletion of file C:\WINDOWS\system32\cbxxx.dll.bak failed!

    Could not process line:
    C:\WINDOWS\system32\cbxxx.dll.bak
    Status: 0xc0000034



    File C:\WINDOWS\system32\cbxxx.dll.bak1 not found!
    Deletion of file C:\WINDOWS\system32\cbxxx.dll.bak1 failed!

    Could not process line:
    C:\WINDOWS\system32\cbxxx.dll.bak1
    Status: 0xc0000034



    File C:\WINDOWS\system32\cbxxx.dll.bak2 not found!
    Deletion of file C:\WINDOWS\system32\cbxxx.dll.bak2 failed!

    Could not process line:
    C:\WINDOWS\system32\cbxxx.dll.bak2
    Status: 0xc0000034



    File C:\WINDOWS\system32\cbxxx.dll.ini not found!
    Deletion of file C:\WINDOWS\system32\cbxxx.dll.ini failed!

    Could not process line:
    C:\WINDOWS\system32\cbxxx.dll.ini
    Status: 0xc0000034



    File C:\WINDOWS\system32\cbxxx.dll.ini2 not found!
    Deletion of file C:\WINDOWS\system32\cbxxx.dll.ini2 failed!

    Could not process line:
    C:\WINDOWS\system32\cbxxx.dll.ini2
    Status: 0xc0000034



    File C:\WINDOWS\system32\xxxbc.dll not found!
    Deletion of file C:\WINDOWS\system32\xxxbc.dll failed!

    Could not process line:
    C:\WINDOWS\system32\xxxbc.dll
    Status: 0xc0000034



    File C:\WINDOWS\system32\xxxbc.bak not found!
    Deletion of file C:\WINDOWS\system32\xxxbc.bak failed!

    Could not process line:
    C:\WINDOWS\system32\xxxbc.bak
    Status: 0xc0000034

    File C:\WINDOWS\system32\xxxbc.ini deleted successfully.

    Completed script processing.

    *******************

    Finished! Terminate.


    again unsuccessful at fixing O2 and O20
     
    debleaux, Jul 12, 2006
    #74
  15. fyhao

    fyhao Guest

    Logfile of HijackThis v1.99.1
    Scan saved at 6:37:56 PM, on 7/13/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Apache Group\Apache2\bin\Apache.exe
    C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
    C:\Program Files\Apache Group\Apache2\bin\Apache.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Norton Internet Security\ISSVC.exe
    C:\mysql\bin\mysqld-nt.exe
    C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\MSN Messenger\MsnMsgr.Exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Chinese Star XP\CStar.exe
    C:\Program Files\Chinese Star XP\ImfServer.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\HJT\hijackthis_self\Scanner.exe

    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
    O2 - BHO: (no name) - {A5366673-E8CA-11D3-9CD9-0090271D075B} - (no file)
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
    O2 - BHO: (no name) - {D44A9554-8BC4-47E6-88B3-AE5A6CD54F17} - C:\WINDOWS\system32\tuvvt.dll
    O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
    O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
    O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
    O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\\NeroCheck.exe
    O4 - HKLM\..\Run: [IMSCMIG40W] C:\PROGRA~1\COMMON~1\MICROS~1\IME\IMSC40W\IMSCMIG.EXE /SetPreload /Log
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\RunServices: [Windows Recylinder Check] znipjfvrav.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Startup: WinMySQLadmin.lnk = C:\mysql\bin\winmysqladmin.exe
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O4 - Global Startup: Monitor Apache Servers.lnk = C:\Program Files\Apache Group\Apache2\bin\ApacheMonitor.exe
    O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet V1.81\jc_all.htm
    O8 - Extra context menu item: Download Using &BitSpirit - C:\Program Files\BitSpirit\bsurl.htm
    O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet V1.81\jc_link.htm
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {2E28242B-A689-11D4-80F2-0040266CBB8D} (KX-HCM10 Control) - http://cam169367.miemasu.net/kxhcm10.ocx
    O16 - DPF: {39D420B3-E0EB-424C-89AA-C24F8DE7EF79} (KooPlayer Control) - http://www.tvkoo.com/update/KooPlayer.ocx
    O16 - DPF: {48884C41-EFAC-433D-958A-9FADAC41408E} (EGamesPlugin Class) - https://www.e-games.com.my/com/EGamesPlugin.cab
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com/PhotoUpload/MsnPUpld.cab?10,0,910,0
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1130248139926
    O16 - DPF: {8FCDF9D9-A28B-480F-8C3D-581F119A8AB8} - http://static.zangocash.com/cab/Zango/ie/bridge-c18.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{ECB5EB9A-B9D7-4B1A-A59F-C76059108DEF}: NameServer = 202.188.0.133 202.188.1.5
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
    O20 - Winlogon Notify: tuvvt - C:\WINDOWS\system32\tuvvt.dll
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Apache2 - Unknown owner - C:\Program Files\Apache Group\Apache2\bin\Apache.exe" -k runservice (file missing)
    O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
    O23 - Service: MySql - Unknown owner - C:/mysql/bin/mysqld-nt.exe
    O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
    O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

     
    fyhao, Jul 13, 2006
    #75
  16. JaPK

    JaPK Regular member

    Joined:
    Feb 23, 2006
    Messages:
    1,269
    Likes Received:
    0
    Trophy Points:
    46
    @debleaux

    Ok, now we'll getting some progress :D

    1.One more time:

    2. Copy all text in quote box below to Notepad (starting from
    Files to delete:)

    Notice: This script is for this user. If you aren't that user, DON'T follow these instructions, because they might harm your system

    3. Now, open The Avenger
    ->"Below Script file to execute" select "Input Script Manually".
    ->Now click magnifying glass which opens a new window "View/edit script".
    -> Paste the text you earlier copied to Notepad here
    -> Click Done.
    -> Now click green light in order to start script.
    -> Click "Yes" .

    4.Avenger will do the following
    -> Reboot your computer.
    -> While booting, it will open a dos prompt, it's normal
    -> After reboot it will create a logfile which should open . This log is in C:\avenger.txt
    -> Avenger has created a backup here -> C:\avenger\backup.zip.

    5. Fix the following entires with HijackThis:

    O2 - BHO: MSEvents Object - {827DC836-DD9F-4A68-A602-5812EB50A834} - C:\WINDOWS\system32\cbxxx.dll
    O20 - Winlogon Notify: cbxxx - C:\WINDOWS\system32\cbxxx.dll

    6. Reboot and Copy/paste contents of avenger.txt along with a fresh HjT-log.


    -------------------------------------------

    @fyhao

    Download VundoFix.exe to your desktop -> http://www.atribune.org/ccount/click.php?id=4

    * Double-click VundoFix.exe to run it.
    * Put a check next to Run VundoFix as a task.
    * You will receive a message saying vundofix will close and re-open in a minute or less. Click OK
    * When VundoFix re-opens, click the Scan for Vundo button.
    * Once it's done scanning, click the Remove Vundo button.
    * You will receive a prompt asking if you want to remove the files, click YES
    * Once you click yes, your desktop will go blank as it starts removing Vundo.
    * When completed, it will prompt that it will shutdown your computer, click OK.
    * Turn your computer back on

    Post a new HijackThis log and the contents of C:\vundofix.txt
     
    JaPK, Jul 13, 2006
    #76
  17. debleaux

    debleaux Member

    Joined:
    Jul 6, 2006
    Messages:
    15
    Likes Received:
    0
    Trophy Points:
    11
    i followed those exact orders the last time and i posted the results in my last post. it seems avenger is unable to find most of those items and i am unsuccessful at fixing O2 and O20. is there something else i can do?
     
    debleaux, Jul 13, 2006
    #77
  18. JaPK

    JaPK Regular member

    Joined:
    Feb 23, 2006
    Messages:
    1,269
    Likes Received:
    0
    Trophy Points:
    46
    JaPK, Jul 13, 2006
    #78
  19. fyhao

    fyhao Guest

    Here is the Hijakthis
    ----

    Logfile of HijackThis v1.99.1
    Scan saved at 4:44:00 PM, on 7/14/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\MSN Messenger\MsnMsgr.Exe
    C:\Program Files\Apache Group\Apache2\bin\Apache.exe
    C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    C:\Program Files\Apache Group\Apache2\bin\Apache.exe
    C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Norton Internet Security\ISSVC.exe
    C:\mysql\bin\mysqld-nt.exe
    C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\system32\NOTEPAD.EXE
    C:\WINDOWS\system32\wuauclt.exe
    C:\HJT\hijackthis_self\Scanner.exe

    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
    O2 - BHO: (no name) - {A5366673-E8CA-11D3-9CD9-0090271D075B} - (no file)
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
    O2 - BHO: (no name) - {D5E11AAC-63F7-464B-B52E-3B6802A0230E} - C:\WINDOWS\system32\tuvvt.dll (file missing)
    O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
    O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
    O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
    O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\\NeroCheck.exe
    O4 - HKLM\..\Run: [IMSCMIG40W] C:\PROGRA~1\COMMON~1\MICROS~1\IME\IMSC40W\IMSCMIG.EXE /SetPreload /Log
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\RunServices: [Windows Recylinder Check] znipjfvrav.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Startup: WinMySQLadmin.lnk = C:\mysql\bin\winmysqladmin.exe
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O4 - Global Startup: Monitor Apache Servers.lnk = C:\Program Files\Apache Group\Apache2\bin\ApacheMonitor.exe
    O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet V1.81\jc_all.htm
    O8 - Extra context menu item: Download Using &BitSpirit - C:\Program Files\BitSpirit\bsurl.htm
    O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet V1.81\jc_link.htm
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {2E28242B-A689-11D4-80F2-0040266CBB8D} (KX-HCM10 Control) - http://cam169367.miemasu.net/kxhcm10.ocx
    O16 - DPF: {39D420B3-E0EB-424C-89AA-C24F8DE7EF79} (KooPlayer Control) - http://www.tvkoo.com/update/KooPlayer.ocx
    O16 - DPF: {48884C41-EFAC-433D-958A-9FADAC41408E} (EGamesPlugin Class) - https://www.e-games.com.my/com/EGamesPlugin.cab
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com/PhotoUpload/MsnPUpld.cab?10,0,910,0
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1130248139926
    O16 - DPF: {8FCDF9D9-A28B-480F-8C3D-581F119A8AB8} - http://static.zangocash.com/cab/Zango/ie/bridge-c18.cab
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Apache2 - Unknown owner - C:\Program Files\Apache Group\Apache2\bin\Apache.exe" -k runservice (file missing)
    O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
    O23 - Service: MySql - Unknown owner - C:/mysql/bin/mysqld-nt.exe
    O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
    O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

    -----

    Here is VundoFix

    -----


    VundoFix V5.1.3

    Checking Java version...

    Java version is 1.5.0.6

    Scan started at 4:25:47 PM 7/14/2006

    Listing files found while scanning....

    C:\windows\system32\tuvvt.dll
    C:\windows\system32\tvvut.ini
    C:\windows\system32\tvvut.bak2
    C:\windows\system32\tvvut.ini2
    C:\windows\system32\tvvut.tmp

    VundoFix V5.1.3

    Checking Java version...

    Java version is 1.5.0.6

    Scan started at 4:33:35 PM 7/14/2006

    Listing files found while scanning....

    C:\windows\system32\tuvvt.dll
    C:\windows\system32\tvvut.ini
    C:\windows\system32\tvvut.bak2
    C:\windows\system32\tvvut.ini2
    C:\windows\system32\tvvut.tmp

    Beginning removal...

    The process smss.exe was successfully stopped

    The process winlogon.exe was successfully stopped

    The process explorer.exe was successfully stopped

    The process iexplore.exe was successfully stopped

    The process rundll32.exe was successfully stopped

    Attempting to delete C:\windows\system32\tuvvt.dll
    C:\windows\system32\tuvvt.dll Has been deleted!

    Attempting to delete C:\windows\system32\tvvut.ini
    C:\windows\system32\tvvut.ini Has been deleted!

    Attempting to delete C:\windows\system32\tvvut.bak2
    C:\windows\system32\tvvut.bak2 Has been deleted!

    Attempting to delete C:\windows\system32\tvvut.ini2
    C:\windows\system32\tvvut.ini2 Has been deleted!

    Attempting to delete C:\windows\system32\tvvut.tmp
    C:\windows\system32\tvvut.tmp Has been deleted!

    Performing Repairs to the registry.
    Done!

    -----
     
    fyhao, Jul 14, 2006
    #79
  20. JaPK

    JaPK Regular member

    Joined:
    Feb 23, 2006
    Messages:
    1,269
    Likes Received:
    0
    Trophy Points:
    46
    @fyhao

    OK good, now we'll continue.

    Cleaning instructions:

    Download and install Ewido Anti-Spyware 4.0 -> http://www.ewido.net/en/download/

    -> Open Ewido Anti-Spyware
    -> Click the Update icon at the top of the window
    -> Click the Start update button
    -> Wait for the update to download and install
    -> Quit the program, we'll use this later.

    Download ATF Cleaner by Atribune to your desktop -> http://www.atribune.org/ccount/click.php?id=1
    Do NOT run yet.

    Download BFU.zip -> http://www.merijn.org/files/bfu.zip
    Unzip it to folder C:\BFU

    Download this removal script -> http://metallica.geekstogo.com/MediaGateway.BFU
    And save it to the same folder than where BFU was installed earlier (c:\BFU).

    Do NOT use this yet!

    Run HijackThis. Press Do a system scan only, then close all other windows, checkmark the following entries and press Fix checked

    O2 - BHO: (no name) - {A5366673-E8CA-11D3-9CD9-0090271D075B} - (no file)
    O2 - BHO: (no name) - {D5E11AAC-63F7-464B-B52E-3B6802A0230E} - C:\WINDOWS\system32\tuvvt.dll (file missing)
    O16 - DPF: {8FCDF9D9-A28B-480F-8C3D-581F119A8AB8} - http://static.zangocash.com/cab/Zango/ie/bridge-c18.cab

    Restart your computer to the safemode -> http://www.pchell.com/support/safemode.shtml

    Press Start -> My Computer -> Go to folder C:\BFU

    -> Run BFU by doubleclicking BFU.exe
    -> Type or copy/paste this to the "Scriptline to execute" -field: C:\BFU\MediaGateway.BFU
    -> Click Execute and let it do its work (You should see a progressbar if you did this right)
    -> Wait for the "Complete script execution" box and click OK.
    -> Click Exit in order to quit BFU.

    Run ATF Cleaner -> Check select all -> Press Empty selected

    -> Open Ewido Anti-Spyware
    -> Click the Scanner icon at the top of the window
    -> Click the Settings tab then select Recommended Options and choose Quarantine
    -> Click the Scan tab
    -> Select Complete System Scan. The scanning begins.

    -> When the scan has completed:
    -> If infections were found you'll be prompted about what to do.
    -> Please make sure that the Set all elements to is set to Quarantine (in downleft corner of the window)
    -> Then press Apply all actions and answer yes to all if it asks about something
    -> Click on the Save Scan Report button and save the scan to your Desktop.
    -> Copy and paste the scan results into your next post

    Restart your computer normally.

    Post the following logs to here:
    -> a fresh HijackThis log
    -> Ewido's log
     
    JaPK, Jul 14, 2006
    #80
Page 4 of 7

Share This Page