Thread: Dropper.agent.dgo - startup errors (registry) + Vundo
View Single Post
Old 01-18-2008, 07:08 PM   #1 (permalink)
icekryl
Registered User
 
Join Date: Jan 2008
Posts: 8
OS: XP Pro Service pack 2


Dropper.agent.dgo - startup errors (registry) + Vundo
I did not listen to AVG AV, since it has recently been coming up with many false positives. I must remember to double check these files online first before clicking on them!

I had pop-ups consistent with Vundo and ran Vundofix. I think that I am clear of it now. I have also gone through the 5 steps and am including the Panda log also.

AVG AS came up with Dropper.agent.ago at the same time of the Vundo infection. I believe it has caused explorer randomly shut down or restart, random programs not to launch giving "file not found" instead and these two messages on startup:

C:\WINDOWS\system32\yabxw.exe
Windows cannot access the specified device, path, or file. You may not have the appropriate permissions to access the file.

Desktop
Could not load or run 'C:\WINDOWS\system32\yabxw.exe' specified in the registry. Make sure the file exists on your computer or remove the reference to it in the registry.


Thank you.



Deckard main.txt

Deckard's System Scanner v20071014.68
Run by Karlie on 2008-01-19 01:46:40
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
51: 2008-01-19 01:46:48 UTC - RP181 - Deckard's System Scanner Restore Point
50: 2008-01-18 12:34:54 UTC - RP180 - System Checkpoint
49: 2008-01-16 21:15:55 UTC - RP179 - Last known good configuration
48: 2008-01-16 21:15:34 UTC - RP178 - System Checkpoint
47: 2008-01-16 21:15:34 UTC - RP177 - System Checkpoint


-- First Restore Point --
1: 2008-01-16 21:14:54 UTC - RP131 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as Karlie.exe) ----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 01:52:33, on 19/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
G:\WINDOWS\System32\smss.exe
G:\WINDOWS\system32\winlogon.exe
G:\WINDOWS\system32\services.exe
G:\WINDOWS\system32\lsass.exe
G:\WINDOWS\system32\Ati2evxx.exe
G:\WINDOWS\system32\svchost.exe
G:\WINDOWS\System32\svchost.exe
G:\WINDOWS\system32\S24EvMon.exe
G:\WINDOWS\system32\ZCfgSvc.exe
G:\WINDOWS\system32\WgaTray.exe
G:\WINDOWS\Explorer.EXE
G:\WINDOWS\system32\spoolsv.exe
G:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
G:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
G:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
G:\PROGRA~1\Grisoft\AVG7\avgemc.exe
G:\WINDOWS\system32\RegSrvc.exe
G:\Program Files\CyberLink\Shared files\RichVideo.exe
G:\WINDOWS\system32\svchost.exe
G:\Program Files\Viewpoint\Common\ViewpointService.exe
G:\WINDOWS\system32\1XConfig.exe
G:\WINDOWS\system32\rundll32.exe
G:\Documents and Settings\Karlie\Desktop\dss.exe
G:\PROGRA~1\TRENDM~1\HIJACK~1\Karlie.exe

F3 - REG:win.ini: load=G:\WINDOWS\system32\yabxw.exe
O2 - BHO: GetRight IE Download Helper - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - G:\Program Files\GetRight\xx2gr.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - G:\Program Files\BitComet\tools\BitCometBHO_1.1.6.14.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - G:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {91262C60-DD10-46FA-A09B-AE14902ECA11} - G:\WINDOWS\system32\vtuvvtr.dll
O2 - BHO: (no name) - {A0F0D7E5-683B-475C-A2C4-9AF9E0C2FB0E} - G:\WINDOWS\system32\qopqo.dll
O2 - BHO: (no name) - {D6CE2A89-D72A-4048-A48A-07869B9EC596} - G:\WINDOWS\system32\yabxw.dll (file missing)
O4 - HKLM\..\Run: [AVG7_CC] G:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [Skype] "G:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [MSMSGS] "G:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] G:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] G:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] G:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] G:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] G:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &D&ownload &with BitComet - res://G:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://G:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://G:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Download with GetRight - G:\Program Files\GetRight\GRdownload.htm
O8 - Extra context menu item: Open with GetRight Browser - G:\Program Files\GetRight\GRbrowse.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - G:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - G:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - G:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - G:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - G:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - G:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - G:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {21BB8360-F943-447E-98F3-3C22345375A7} (CPlayFirstChocolatierControl Object) - http://download.playfirst.com/play/g...b.1.0.0.13.cab
O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} (PhotoPickConvert Class) - http://appdirectory.messenger.msn.co...p/PhtPkMSN.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {A1F2F2CE-06AF-483C-9F12-D3BAA72477D6} (BatchDownloader Class) - http://appdirectory.messenger.msn.co...p/DigWXMSN.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{35C9F2A3-0542-4902-951D-F3314FFEFBEF}: NameServer = 62.30.112.39,194.117.134.19
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - G:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Ati HotKey Poller - Unknown owner - G:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - G:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - G:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - G:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - G:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: NBService - Nero AG - G:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - G:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: RegSrvc - Intel Corporation - G:\WINDOWS\system32\RegSrvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - G:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - G:\WINDOWS\system32\S24EvMon.exe
O23 - Service: ServiceLayer - Nokia. - G:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - G:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 6340 bytes

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 SCDEmu - g:\windows\system32\drivers\scdemu.sys <Not Verified; PowerISO Computing, Inc.; scdemu>
R2 MDC8021X (AEGIS Protocol (IEEE 802.1x) v2.2.1.0) - g:\windows\system32\drivers\mdc8021x.sys <Not Verified; Meetinghouse Data Communications; AEGIS Client 2.2>
R2 s24trans (WLAN Transport) - g:\windows\system32\drivers\s24trans.sys <Not Verified; Intel Corporation; Intel Wireless LAN Packet Driver>

S3 SDTHOOK - g:\windows\system32\drivers\sdthook.sys <Not Verified; Panda Software; Panda® Antivirus>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 RegSrvc - g:\windows\system32\regsrvc.exe <Not Verified; Intel Corporation; RegSrvc Module>
R2 RichVideo (Cyberlink RichVideo Service(CRVS)) - "g:\program files\cyberlink\shared files\richvideo.exe" <Not Verified; ; RichVideo Module>
R2 Viewpoint Manager Service - "g:\program files\viewpoint\common\viewpointservice.exe" <Not Verified; Viewpoint Corporation; Viewpoint Manager>

S3 NBService - g:\program files\nero\nero 7\nero backitup\nbservice.exe
S3 NMIndexingService - "g:\program files\common files\ahead\lib\nmindexingservice.exe" <Not Verified; Nero AG; Nero Home>
S3 ServiceLayer - "g:\program files\pc connectivity solution\servicelayer.exe" <Not Verified; Nokia.; PC Connectivity Solution>


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Files created between 2007-12-19 and 2008-01-19 -----------------------------

2008-01-19 01:51:34 0 d-------- G:\Program Files\Trend Micro
2008-01-19 01:42:00 0 d-------- G:\ie-spyad_zo
2008-01-19 01:39:10 0 d-------- G:\Program Files\SpywareBlaster
2008-01-19 01:35:56 9612 --ahs---- G:\WINDOWS\system32\oqpoq.ini2
2008-01-19 01:35:51 332288 --a------ G:\WINDOWS\system32\qopqo.dll
2008-01-19 01:28:54 24576 --a------ G:\WINDOWS\system32\VundoFixSVC.exe <Not Verified; Atribune.org; Vundofix Service>
2008-01-19 01:00:41 0 d-------- G:\VundoFix Backups
2008-01-18 23:58:05 44928 --a------ G:\WINDOWS\system32\drivers\SDTHOOK.SYS <Not Verified; Panda Software; Panda® Antivirus>
2008-01-18 23:57:26 8576 --a------ G:\WINDOWS\system32\drivers\wupokpsvhyta.sys <Not Verified; Panda Software International; RKPavProc Driver>
2008-01-18 23:44:28 0 d-------- G:\WINDOWS\system32\ActiveScan
2008-01-18 23:35:39 3584 --a------ G:\WINDOWS\system32\yabxw.exe
2008-01-18 23:30:08 0 d-------- G:\Casino
2008-01-17 13:38:25 41024 --a------ G:\WINDOWS\system32\yufqeloe.dll
2008-01-16 21:09:24 37888 -----n--- G:\WINDOWS\system32\vtuvvtr.dll
2008-01-13 20:53:36 0 d-------- G:\Program Files\Google


-- Find3M Report ---------------------------------------------------------------

2008-01-19 00:40:19 0 d-------- G:\Program Files\MSN Messenger
2008-01-19 00:40:05 0 d-------- G:\Program Files\Mozilla Thunderbird
2008-01-19 00:38:23 0 d-------- G:\Program Files\Messenger
2008-01-19 00:37:33 0 d-------- G:\Program Files\GetRight
2008-01-19 00:37:13 0 d-------- G:\Program Files\Evolution Tools
2008-01-19 00:37:06 0 d-------- G:\Program Files\DVD Region+CSS Free
2008-01-18 01:49:26 0 d-------- G:\Documents and Settings\Karlie\Application Data\Skype
2008-01-18 01:20:33 190976 --a------ G:\Program Files\Photoshop.CS2.KeyGen.exe
2008-01-18 01:13:19 22 --a------ G:\Program Files\keygen.zip
2008-01-18 00:22:06 0 d-------- G:\Documents and Settings\Karlie\Application Data\OpenOffice.org2
2008-01-16 22:11:30 0 d-------- G:\Program Files\QuickTime
2008-01-16 21:10:11 0 d-------- G:\Documents and Settings\Karlie\Application Data\AVG7
2007-12-06 17:34:52 0 d-------- G:\Program Files\OpenOffice.org 2.3
2007-12-06 17:33:39 0 d-------- G:\Program Files\OpenOffice.org 2.1
2007-11-29 22:11:05 0 d-------- G:\Program Files\Bonusprint Pix
2007-11-29 22:11:01 0 d-------- G:\Documents and Settings\Karlie\Application Data\FotoWire
2007-11-29 22:10:59 0 d-------- G:\Program Files\Common Files
2007-11-29 22:10:59 0 d-------- G:\Program Files\Common Files\FotoWire
2007-11-29 22:04:43 9347 --a------ G:\Documents and Settings\Karlie\Application Data\mdb.bin
2007-11-25 21:28:27 0 d-------- G:\Program Files\EphPod
2007-11-25 20:39:22 0 d-------- G:\Program Files\Joost
2007-11-22 23:36:10 0 d-------- G:\Program Files\Ordabok
2007-11-19 13:22:10 0 d--h----- G:\Program Files\InstallShield Installation Information
2007-11-19 13:21:56 0 d-------- G:\Program Files\Canon


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{91262C60-DD10-46FA-A09B-AE14902ECA11}]
16/01/2008 21:09 37888 --------- G:\WINDOWS\system32\vtuvvtr.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A0F0D7E5-683B-475C-A2C4-9AF9E0C2FB0E}]
19/01/2008 01:35 332288 --a------ G:\WINDOWS\system32\qopqo.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D6CE2A89-D72A-4048-A48A-07869B9EC596}]
G:\WINDOWS\system32\yabxw.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG7_CC"="G:\PROGRA~1\Grisoft\AVG7\avgcc.exe" []

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="G:\Program Files\Skype\Phone\Skype.exe" []
"MSMSGS"="G:\Program Files\Messenger\msmsgs.exe" [18/01/2008 23:35]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"Nokia.PCSync"=G:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{93994DE8-8239-4655-B1D1-5F4E91300429}"= G:\PROGRA~1\DVDREG~1\DVDShell.dll [09/10/2004 14:18 49152]
"{91262C60-DD10-46FA-A09B-AE14902ECA11}"= G:\WINDOWS\system32\vtuvvtr.dll [16/01/2008 21:09 37888]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"System"="kdttk.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Sebring]
G:\WINDOWS\system32\LgNotify.dll 03/03/2004 16:48 110592 G:\WINDOWS\system32\LgNotify.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 G:\WINDOWS\system32\qopqo.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\G:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
path=G:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
backup=G:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGRSMMSG]
AGRSMMSG.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
G:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
"G:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BluetoothAuthenticationAgent]
rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
G:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMEKRMIG6.1]
G:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]
"G:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LtMoh]
G:\Program Files\ltmoh\Ltmoh.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mschkdsk.exe]
G:\WINDOWS\system32\mschkdsk.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"G:\Program Files\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSPY2002]
G:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
G:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication]
G:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A]
G:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync]
G:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PRONoMgr.exe]
G:\Program Files\Intel\PROSetWireless\NCS\PROSet\PRONoMgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"G:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
SOUNDMAN.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"G:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
G:\Program Files\Synaptics\SynTP\SynTPEnh.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPLpr]
G:\Program Files\Synaptics\SynTP\SynTPLpr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UnlockerAssistant]
"G:\Program Files\Unlocker\UnlockerAssistant.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs BthServ




-- End of Deckard's System Scanner: finished at 2008-01-19 01:53:28 ------------



Panda log


Incident Status Location

Spyware:Cookie/Atlas DMT Not disinfected G:\Documents and Settings\Karlie\Application Data\Mozilla\Firefox\Profiles\qhsgdn5f.default\cookies.txt[.atdmt.com/]
Spyware:Cookie/Tribalfusion Not disinfected G:\Documents and Settings\Karlie\Application Data\Mozilla\Firefox\Profiles\qhsgdn5f.default\cookies.txt[.tribalfusion.com/]
Spyware:Cookie/Mediaplex Not disinfected G:\Documents and Settings\Karlie\Application Data\Mozilla\Firefox\Profiles\qhsgdn5f.default\cookies.txt[.mediaplex.com/]
Spyware:Cookie/YieldManager Not disinfected G:\Documents and Settings\Karlie\Application Data\Mozilla\Firefox\Profiles\qhsgdn5f.default\cookies.txt[ad.yieldmanager.com/]
Spyware:Cookie/Doubleclick Not disinfected G:\Documents and Settings\Karlie\Application Data\Mozilla\Firefox\Profiles\qhsgdn5f.default\cookies.txt[.doubleclick.net/]
Spyware:Cookie/YieldManager Not disinfected G:\Documents and Settings\Karlie\Application Data\Mozilla\Firefox\Profiles\qhsgdn5f.default\cookies.txt[ad.yieldmanager.com/]
Spyware:Cookie/Zedo Not disinfected G:\Documents and Settings\Karlie\Application Data\Mozilla\Firefox\Profiles\qhsgdn5f.default\cookies.txt[.zedo.com/]
Spyware:Cookie/Overture Not disinfected G:\Documents and Settings\Karlie\Application Data\Mozilla\Firefox\Profiles\qhsgdn5f.default\cookies.txt[.overture.com/]
Spyware:Cookie/Adviva Not disinfected G:\Documents and Settings\Karlie\Application Data\Mozilla\Firefox\Profiles\qhsgdn5f.default\cookies.txt[.adviva.net/]
Spyware:Cookie/Adrevolver Not disinfected G:\Documents and Settings\Karlie\Application Data\Mozilla\Firefox\Profiles\qhsgdn5f.default\cookies.txt[.adrevolver.com/]
Spyware:Cookie/Adtech Not disinfected G:\Documents and Settings\Karlie\Application Data\Mozilla\Firefox\Profiles\qhsgdn5f.default\cookies.txt[.adtech.de/]
Spyware:Cookie/Advertising Not disinfected G:\Documents and Settings\Karlie\Application Data\Mozilla\Firefox\Profiles\qhsgdn5f.default\cookies.txt[.advertising.com/]
Spyware:Cookie/Serving-sys Not disinfected G:\Documents and Settings\Karlie\Application Data\Mozilla\Firefox\Profiles\qhsgdn5f.default\cookies.txt[.serving-sys.com/]
Spyware:Cookie/Serving-sys Not disinfected G:\Documents and Settings\Karlie\Application Data\Mozilla\Firefox\Profiles\qhsgdn5f.default\cookies.txt[.bs.serving-sys.com/]
Spyware:Cookie/Serving-sys Not disinfected G:\Documents and Settings\Karlie\Application Data\Mozilla\Firefox\Profiles\qhsgdn5f.default\cookies.txt[.serving-sys.com/]
Spyware:Cookie/Atwola Not disinfected G:\Documents and Settings\Karlie\Application Data\Mozilla\Firefox\Profiles\qhsgdn5f.default\cookies.txt[.atwola.com/]
Spyware:Cookie/PointRoll Not disinfected G:\Documents and Settings\Karlie\Application Data\Mozilla\Firefox\Profiles\qhsgdn5f.default\cookies.txt[.ads.pointroll.com/]
Spyware:Cookie/FastClick Not disinfected G:\Documents and Settings\Karlie\Application Data\Mozilla\Firefox\Profiles\qhsgdn5f.default\cookies.txt[.fastclick.net/]
Spyware:Cookie/Apmebf Not disinfected G:\Documents and Settings\Karlie\Application Data\Mozilla\Firefox\Profiles\qhsgdn5f.default\cookies.txt[.apmebf.com/]
Spyware:Cookie/FastClick Not disinfected G:\Documents and Settings\Karlie\Application Data\Mozilla\Firefox\Profiles\qhsgdn5f.default\cookies.txt[.fastclick.net/]
Spyware:Cookie/Hitbox Not disinfected G:\Documents and Settings\Karlie\Application Data\Mozilla\Firefox\Profiles\qhsgdn5f.default\cookies.txt[.ehg-dig.hitbox.com/]
Spyware:Cookie/Go Not disinfected G:\Documents and Settings\Karlie\Application Data\Mozilla\Firefox\Profiles\qhsgdn5f.default\cookies.txt[.go.com/]
Spyware:Cookie/Bluestreak Not disinfected G:\Documents and Settings\Karlie\Application Data\Mozilla\Firefox\Profiles\qhsgdn5f.default\cookies.txt[.bluestreak.com/]
Spyware:Cookie/BurstNet Not disinfected G:\Documents and Settings\Karlie\Application Data\Mozilla\Firefox\Profiles\qhsgdn5f.default\cookies.txt[.burstnet.com/]
Spyware:Cookie/RealMedia Not disinfected G:\Documents and Settings\Karlie\Application Data\Mozilla\Firefox\Profiles\qhsgdn5f.default\cookies.txt[.realmedia.com/]
Spyware:Cookie/BurstNet Not disinfected G:\Documents and Settings\Karlie\Application Data\Mozilla\Firefox\Profiles\qhsgdn5f.default\cookies.txt[.burstnet.com/]
Spyware:Cookie/myaffiliateprogram Not disinfected G:\Documents and Settings\Karlie\Application Data\Mozilla\Firefox\Profiles\qhsgdn5f.default\cookies.txt[www.myaffiliateprogram.com/]
Spyware:Cookie/WebtrendsLive Not disinfected G:\Documents and Settings\Karlie\Application Data\Mozilla\Firefox\Profiles\qhsgdn5f.default\cookies.txt[statse.webtrendslive.com/]
Spyware:Cookie/Tradedoubler Not disinfected G:\Documents and Settings\Karlie\Application Data\Mozilla\Firefox\Profiles\qhsgdn5f.default\cookies.txt[.tradedoubler.com/]
Spyware:Cookie/Statcounter Not disinfected G:\Documents and Settings\Karlie\Application Data\Mozilla\Firefox\Profiles\qhsgdn5f.default\cookies.txt[.statcounter.com/]
Spyware:Cookie/Casalemedia Not disinfected G:\Documents and Settings\Karlie\Application Data\Mozilla\Firefox\Profiles\qhsgdn5f.default\cookies.txt[.casalemedia.com/]
Spyware:Cookie/Com.com Not disinfected G:\Documents and Settings\Karlie\Application Data\Mozilla\Firefox\Profiles\qhsgdn5f.default\cookies.txt[.com.com/]
Spyware:Cookie/Yadro Not disinfected G:\Documents and Settings\Karlie\Application Data\Mozilla\Firefox\Profiles\qhsgdn5f.default\cookies.txt[.yadro.ru/]
Spyware:Cookie/WUpd Not disinfected G:\Documents and Settings\Karlie\Application Data\Mozilla\Firefox\Profiles\qhsgdn5f.default\cookies.txt[.revenue.net/]
Spyware:Cookie/QuestionMarket Not disinfected G:\Documents and Settings\Karlie\Application Data\Mozilla\Firefox\Profiles\qhsgdn5f.default\cookies.txt[.questionmarket.com/]
Spyware:Cookie/RealMedia Not disinfected G:\Documents and Settings\Karlie\Application Data\Mozilla\Firefox\Profiles\qhsgdn5f.default\cookies.txt[.247realmedia.com/]
Spyware:Cookie/Server.iad.Liveperson Not disinfected G:\Documents and Settings\Karlie\Application Data\Mozilla\Firefox\Profiles\qhsgdn5f.default\cookies.txt[server.iad.liveperson.net/hc/44079235]
Spyware:Cookie/Server.iad.Liveperson Not disinfected G:\Documents and Settings\Karlie\Application Data\Mozilla\Firefox\Profiles\qhsgdn5f.default\cookies.txt[server.iad.liveperson.net/]
Spyware:Cookie/bravenetA Not disinfected G:\Documents and Settings\Karlie\Application Data\Mozilla\Firefox\Profiles\qhsgdn5f.default\cookies.txt[.bravenet.com/]
Spyware:Cookie/Adrevolver Not disinfected G:\Documents and Settings\Karlie\Cookies\karlie@adrevolver[1].txt
Spyware:Cookie/Atlas DMT Not disinfected G:\Documents and Settings\Karlie\Cookies\karlie@atdmt[2].txt
Spyware:Cookie/Atwola Not disinfected G:\Documents and Settings\Karlie\Cookies\karlie@atwola[1].txt
Spyware:Cookie/Com.com Not disinfected G:\Documents and Settings\Karlie\Cookies\karlie@com[1].txt
Spyware:Cookie/Doubleclick Not disinfected G:\Documents and Settings\Karlie\Cookies\karlie@doubleclick[1].txt
Spyware:Cookie/Tradedoubler Not disinfected G:\Documents and Settings\Karlie\Cookies\karlie@tradedoubler[1].txt
Spyware:Cookie/Tribalfusion Not disinfected G:\Documents and Settings\Karlie\Cookies\karlie@tribalfusion[2].txt
Spyware:Cookie/Adrevolver Not disinfected G:\Documents and Settings\Karlie\Local Settings\Temp\Cookies\karlie@adrevolver[1].txt



Vundofix


VundoFix V6.7.7

Checking Java version...

Java version is 1.5.0.11

Scan started at 01:00:41 19/01/2008

Listing files found while scanning....

G:\WINDOWS\system32\vtuvvtr.dll
G:\WINDOWS\system32\wxbay.ini
G:\WINDOWS\system32\wxbay.ini2
G:\WINDOWS\system32\yabxw.dll

Beginning removal...

Attempting to delete G:\WINDOWS\system32\vtuvvtr.dll
G:\WINDOWS\system32\vtuvvtr.dll Could not be deleted.

Attempting to delete G:\WINDOWS\system32\wxbay.ini
G:\WINDOWS\system32\wxbay.ini Has been deleted!

Attempting to delete G:\WINDOWS\system32\wxbay.ini2
G:\WINDOWS\system32\wxbay.ini2 Has been deleted!

Attempting to delete G:\WINDOWS\system32\yabxw.dll
G:\WINDOWS\system32\yabxw.dll Has been deleted!

Performing Repairs to the registry.
Done!

Beginning removal...

Attempting to delete G:\WINDOWS\system32\vtuvvtr.dll
G:\WINDOWS\system32\vtuvvtr.dll Could not be deleted.

Performing Repairs to the registry.
Done!

Beginning removal...
Attached Files
File Type: txt extra.txt (15.4 KB, 1 views)
icekryl is offline  
Important Information
Join the #1 Tech Support Forum Today - It's Totally Free!

TechSupportForum.com is a leading support website for your computer needs. We offer free, friendly and personalized computer support. Why pay to have your computer fixed when you can do it for free.

Join TechSupportforum.com Today - Click Here