Thread: Help! Stubborn Antispyware Soldier Infection
View Single Post
Old 10-03-2006, 10:13 PM   #5 (permalink)
sakurasan
Registered User
 
sakurasan's Avatar
 
Join Date: Oct 2006
Posts: 12
OS: winxp


here are the items you asked for
Took all steps - here are the requested reports - thanks again! Oh PS, when I asked for updates on AVG (did it several times over a number of hours) it says they are not available.

SmitFraudFix v2.104

Scan done at 21:38:44.12, Tue 10/03/2006
Run from C:\Documents and Settings\Owner\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
Fix run in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS

C:\WINDOWS\alexaie.dll FOUND !
C:\WINDOWS\alxie328.dll FOUND !
C:\WINDOWS\alxtb1.dll FOUND !
C:\WINDOWS\BTGrab.dll FOUND !
C:\WINDOWS\dlmax.dll FOUND !
C:\WINDOWS\Pynix.dll FOUND !
C:\WINDOWS\susp.exe FOUND !
C:\WINDOWS\System32fab.exe FOUND !
C:\WINDOWS\yod.htm FOUND !
C:\WINDOWS\ZServ.dll FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32

C:\WINDOWS\system32\a.exe FOUND !
C:\WINDOWS\system32\alxres.dll FOUND !
C:\WINDOWS\system32\bridge.dll FOUND !
C:\WINDOWS\system32\dailytoolbar.dll FOUND !
C:\WINDOWS\system32\jao.dll FOUND !
C:\WINDOWS\system32\lfd.dat FOUND !
C:\WINDOWS\system32\oiso.bin FOUND !
C:\WINDOWS\system32\questmod.dll FOUND !
C:\WINDOWS\system32\runsrv32.dll FOUND !
C:\WINDOWS\system32\runsrv32.exe FOUND !
C:\WINDOWS\system32\smaexp32.dll FOUND !
C:\WINDOWS\system32\sumsw32.exe FOUND !
C:\WINDOWS\system32\taskdir~.exe FOUND !
C:\WINDOWS\system32\tcpservice2.exe FOUND !
C:\WINDOWS\system32\txfdb32.dll FOUND !
C:\WINDOWS\system32\udpmod.dll FOUND !
C:\WINDOWS\system32\wstart.dll FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Owner


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Owner\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Start Menu


»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\Owner\FAVORI~1


»»»»»»»»»»»»»»»»»»»»»»»» Desktop


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files


»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys


»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"


»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""


»»»»»»»»»»»»»»»»»»»»»»»» pe386-msguard-lzx32


»»»»»»»»»»»»»»»»»»»»»»»» Scanning wininet.dll infection


»»»»»»»»»»»»»»»»»»»»»»»» End


---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 10:08:53 PM 10/3/2006

+ Scan result:



HKLM\SOFTWARE\Alexa Internet -> Adware.Alexa : Ignored.
HKLM\SOFTWARE\Classes\AlxTB.BHO -> Adware.Alexa : Ignored.
HKLM\SOFTWARE\Classes\PopMenu.Menu -> Adware.Alexa : Ignored.
HKLM\SOFTWARE\Classes\Popup.PopupKiller -> Adware.Alexa : Ignored.
HKLM\SOFTWARE\Classes\jao.jao -> Adware.BlazeFind : Ignored.
HKLM\SOFTWARE\Classes\AppID\DailyToolbar.DLL -> Adware.DailyToolbar : Ignored.
HKLM\SOFTWARE\Classes\DailyToolbar.IEBand -> Adware.DailyToolbar : Ignored.
HKLM\SOFTWARE\Classes\DailyToolbar.SysMgr -> Adware.DailyToolbar : Ignored.
HKLM\SOFTWARE\Classes\IEToolbar.AffiliateCtl -> Adware.DailyToolbar : Ignored.
HKLM\SOFTWARE\DailyToolbar -> Adware.DailyToolbar : Ignored.
HKLM\SOFTWARE\NIX Solutions -> Adware.DailyToolbar : Ignored.
HKLM\SOFTWARE\NIX Solutions\DailyToolbar -> Adware.DailyToolbar : Ignored.
HKLM\SOFTWARE\Classes\CLSID\{F1FABE79-25FC-46de-8C5A-2C6DB9D64333} -> Adware.Generic : Ignored.
HKLM\SOFTWARE\Classes\Interface\{900FBC20-6AEE-4E05-ABA9-AC46E309C029} -> Adware.Generic : Ignored.
HKLM\SOFTWARE\Classes\TypeLib\{8B076501-1D1B-4B26-9492-FDB8EEE00D7F} -> Adware.Generic : Ignored.
HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{Y479C6D0-OTRW-U5GH-S1EE-E0AC10B4E666} -> Adware.Generic : Ignored.
HKU\S-1-5-21-223492011-3476413771-3814268486-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B53455DB-5527-4041-AC41-F86E6947AA47} -> Adware.Generic : Ignored.
HKU\S-1-5-21-223492011-3476413771-3814268486-1003\Software\bmeb -> Adware.Ilookup : Ignored.
HKU\S-1-5-21-223492011-3476413771-3814268486-1003\Software\bmeb\assoc2 -> Adware.Ilookup : Ignored.
HKU\S-1-5-21-223492011-3476413771-3814268486-1003\Software\bmeb\kws -> Adware.Ilookup : Ignored.
HKU\S-1-5-21-223492011-3476413771-3814268486-1003\Software\bmeb\sit -> Adware.Ilookup : Ignored.
HKU\S-1-5-21-223492011-3476413771-3814268486-1003\Software\bmeb\size -> Adware.Ilookup : Ignored.
HKLM\SOFTWARE\RespondMiter -> Adware.VX2 : Ignored.
C:\WINDOWS\Temp\ASHeuristic\hotfix_exe.vir -> Adware.WebSearch : Ignored.
HKLM\SOFTWARE\Classes\PROTOCOLS\Name-Space Handler\res -> Adware.WebSearch : Ignored.
HKLM\SOFTWARE\Pinfo -> Dialer.Generic : Ignored.
HKLM\SOFTWARE\Pinfo\Dialers -> Dialer.Generic : Ignored.
HKU\S-1-5-21-223492011-3476413771-3814268486-1003\Software\Pinfo -> Dialer.Generic : Ignored.
HKU\S-1-5-21-223492011-3476413771-3814268486-1003\Software\Pinfo\Dialers -> Dialer.Generic : Ignored.
HKU\S-1-5-21-223492011-3476413771-3814268486-1003\Software\Pinfo\Dialers\Lisa -> Dialer.Generic : Ignored.
C:\WINDOWS\system32\rlnberfu.exe -> Downloader.Small.dkt : Ignored.
C:\WINDOWS\system32\urrqhpbk.exe -> Downloader.VB.aeq : Ignored.
C:\WINDOWS\system32\ohylguic.exe -> Downloader.VB.anw : Ignored.
HKLM\SOFTWARE\Classes\CLSID\{E52DEDBB-D168-4BDB-B229-C48160800E81} -> Hijacker.Generic : Ignored.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{e52dedbb-d168-4bdb-b229-c48160800e81} -> Hijacker.Generic : Ignored.
HKU\S-1-5-21-223492011-3476413771-3814268486-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E52DEDBB-D168-4BDB-B229-C48160800E81} -> Hijacker.Generic : Ignored.
C:\WINDOWS\system32\wgcnjvea.tjo -> Hijacker.Small.js : Ignored.
:mozilla.255:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\212rgtns.default\cookies.txt -> TrackingCookie.247realmedia : Ignored.
:mozilla.256:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\212rgtns.default\cookies.txt -> TrackingCookie.247realmedia : Ignored.
:mozilla.106:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\212rgtns.default\cookies.txt -> TrackingCookie.2o7 : Ignored.
:mozilla.107:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\212rgtns.default\cookies.txt -> TrackingCookie.2o7 : Ignored.
:mozilla.109:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\212rgtns.default\cookies.txt -> TrackingCookie.2o7 : Ignored.
:mozilla.110:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\212rgtns.default\cookies.txt -> TrackingCookie.2o7 : Ignored.
:mozilla.111:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\212rgtns.default\cookies.txt -> TrackingCookie.2o7 : Ignored.
:mozilla.112:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\212rgtns.default\cookies.txt -> TrackingCookie.2o7 : Ignored.
:mozilla.113:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\212rgtns.default\cookies.txt -> TrackingCookie.2o7 : Ignored.
:mozilla.114:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\212rgtns.default\cookies.txt -> TrackingCookie.2o7 : Ignored.
:mozilla.224:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\212rgtns.default\cookies.txt -> TrackingCookie.2o7 : Ignored.
:mozilla.415:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\212rgtns.default\cookies.txt -> TrackingCookie.2o7 : Ignored.
:mozilla.427:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\212rgtns.default\cookies.txt -> TrackingCookie.2o7 : Ignored.
:mozilla.476:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\212rgtns.default\cookies.txt -> TrackingCookie.2o7 : Ignored.
C:\Documents and Settings\Owner\Cookies\owner@broadspancommerce.122.2o7[1].txt -> TrackingCookie.2o7 : Ignored.
C:\Documents and Settings\Owner\Cookies\owner@buycom.122.2o7[1].txt -> TrackingCookie.2o7 : Ignored.
C:\Documents and Settings\Owner\Cookies\owner@folica.122.2o7[1].txt -> TrackingCookie.2o7 : Ignored.
C:\Documents and Settings\Owner\Cookies\owner@gmditech.112.2o7[1].txt -> TrackingCookie.2o7 : Ignored.
C:\Documents and Settings\Owner\Cookies\owner@highbeam.122.2o7[1].txt -> TrackingCookie.2o7 : Ignored.
C:\Documents and Settings\Owner\Cookies\owner@indigio.122.2o7[1].txt -> TrackingCookie.2o7 : Ignored.
C:\Documents and Settings\Owner\Cookies\owner@microsoftwlmessengermkt.112.2o7[1].txt -> TrackingCookie.2o7 : Ignored.
C:\Documents and Settings\Owner\Cookies\owner@msnportal.112.2o7[2].txt -> TrackingCookie.2o7 : Ignored.
C:\Documents and Settings\Owner\Cookies\owner@sento.122.2o7[1].txt -> TrackingCookie.2o7 : Ignored.
C:\Documents and Settings\Owner\Cookies\owner@tgn.122.2o7[1].txt -> TrackingCookie.2o7 : Ignored.
C:\Documents and Settings\Owner\Cookies\owner@thomasvillefurniture.122.2o7[1].txt -> TrackingCookie.2o7 : Ignored.
C:\WINDOWS\Temp\Cookies\owner@112.2o7[2].txt -> TrackingCookie.2o7 : Ignored.
:mozilla.141:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\212rgtns.default\cookies.txt -> TrackingCookie.Adbrite : Ignored.
:mozilla.142:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\212rgtns.default\cookies.txt -> TrackingCookie.Adbrite : Ignored.
:mozilla.583:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\212rgtns.default\cookies.txt -> TrackingCookie.Adjuggler : Ignored.
:mozilla.584:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\212rgtns.default\cookies.txt -> TrackingCookie.Adjuggler : Ignored.
C:\Documents and Settings\Owner\Cookies\owner@admarketplace[1].txt -> TrackingCookie.Admarketplace : Ignored.
:mozilla.42:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\212rgtns.default\cookies.txt -> TrackingCookie.Adrevolver : Ignored.
:mozilla.43:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\212rgtns.default\cookies.txt -> TrackingCookie.Adrevolver : Ignored.
C:\Documents and Settings\Owner\Cookies\owner@media.adrevolver[1].txt -> TrackingCookie.Adrevolver : Ignored.
:mozilla.271:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\212rgtns.default\cookies.txt -> TrackingCookie.Adtech : Ignored.
:mozilla.272:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\212rgtns.default\cookies.txt -> TrackingCookie.Adtech : Ignored.
C:\Documents and Settings\Owner\Cookies\owner@www.adtrak[1].txt -> TrackingCookie.Adtrak : Ignored.
:mozilla.47:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\212rgtns.default\cookies.txt -> TrackingCookie.Advertising : Ignored.
:mozilla.48:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\212rgtns.default\cookies.txt -> TrackingCookie.Advertising : Ignored.
:mozilla.50:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\212rgtns.default\cookies.txt -> TrackingCookie.Advertising : Ignored.
:mozilla.52:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\212rgtns.default\cookies.txt -> TrackingCookie.Advertising : Ignored.
:mozilla.55:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\212rgtns.default\cookies.txt -> TrackingCookie.Advertising : Ignored.
:mozilla.30:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\212rgtns.default\cookies.txt -> TrackingCookie.Atdmt : Ignored.
:mozilla.561:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\212rgtns.default\cookies.txt -> TrackingCookie.Bridgetrack : Ignored.
:mozilla.562:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\212rgtns.default\cookies.txt -> TrackingCookie.Bridgetrack : Ignored.
:mozilla.563:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\212rgtns.default\cookies.txt -> TrackingCookie.Bridgetrack : Ignored.
:mozilla.564:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\212rgtns.default\cookies.txt -> TrackingCookie.Bridgetrack : Ignored.
:mozilla.565:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\212rgtns.default\cookies.txt -> TrackingCookie.Bridgetrack : Ignored.
:mozilla.566:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\212rgtns.default\cookies.txt -> TrackingCookie.Bridgetrack : Ignored.
:mozilla.567:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\212rgtns.default\cookies.txt -> TrackingCookie.Bridgetrack : Ignored.
:mozilla.299:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\212rgtns.default\cookies.txt -> TrackingCookie.Burstnet : Ignored.
:mozilla.612:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\212rgtns.default\cookies.txt -> TrackingCookie.Burstnet : Ignored.
C:\Documents and Settings\Owner\Cookies\owner@burstnet[1].txt -> TrackingCookie.Burstnet : Ignored.
C:\Documents and Settings\Owner\Cookies\owner@www.burstnet[1].txt -> TrackingCookie.Burstnet : Ignored.
:mozilla.46:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\212rgtns.default\cookies.txt -> TrackingCookie.Casalemedia : Ignored.
:mozilla.51:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\212rgtns.default\cookies.txt -> TrackingCookie.Casalemedia : Ignored.
:mozilla.53:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\212rgtns.default\cookies.txt -> TrackingCookie.Casalemedia : Ignored.
:mozilla.54:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\212rgtns.default\cookies.txt -> TrackingCookie.Casalemedia : Ignored.
:mozilla.152:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\212rgtns.default\cookies.txt -> TrackingCookie.Clickbank : Ignored.
:mozilla.83:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\212rgtns.default\cookies.txt -> TrackingCookie.Com : Ignored.
:mozilla.31:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\212rgtns.default\cookies.txt -> TrackingCookie.Doubleclick : Ignored.
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wfliald5obo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Ignored.
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wgl4ahdpmkp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Ignored.
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wjkycnc5ecp.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Ignored.
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wjnygmd5skq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Ignored.
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wjnyskcpkhp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Ignored.
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wjnysoazsgq.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Ignored.
C:\Documents and Settings\Owner\Cookies\owner@adopt.euroclick[1].txt -> TrackingCookie.Euroclick : Ignored.
:mozilla.280:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\212rgtns.default\cookies.txt -> TrackingCookie.Falkag : Ignored.
:mozilla.281:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\212rgtns.default\cookies.txt -> TrackingCookie.Falkag : Ignored.
:mozilla.282:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\212rgtns.default\cookies.txt -> TrackingCookie.Falkag : Ignored.
:mozilla.283:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\212rgtns.default\cookies.txt -> TrackingCookie.Falkag : Ignored.
:mozilla.235:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\212rgtns.default\cookies.txt -> TrackingCookie.Fastclick : Ignored.
:mozilla.236:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\212rgtns.default\cookies.txt -> TrackingCookie.Fastclick : Ignored.
:mozilla.555:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\212rgtns.default\cookies.txt -> TrackingCookie.Goclick : Ignored.
:mozilla.556:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\212rgtns.default\cookies.txt -> TrackingCookie.Goclick : Ignored.
C:\Documents and Settings\Owner\Cookies\owner@c.goclick[2].txt -> TrackingCookie.Goclick : Ignored.
:mozilla.153:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\212rgtns.default\cookies.txt -> TrackingCookie.Googleadservices : Ignored.
:mozilla.639:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\212rgtns.default\cookies.txt -> TrackingCookie.Googleadservices : Ignored.
:mozilla.225:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\212rgtns.default\cookies.txt -> TrackingCookie.Hitbox : Ignored.
:mozilla.226:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\212rgtns.default\cookies.txt -> TrackingCookie.Hitbox : Ignored.
:mozilla.227:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\212rgtns.default\cookies.txt -> TrackingCookie.Hitbox : Ignored.
:mozilla.588:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\212rgtns.default\cookies.txt -> TrackingCookie.Liveperson : Ignored.
:mozilla.589:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\212rgtns.default\cookies.txt -> TrackingCookie.Liveperson : Ignored.
:mozilla.590:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\212rgtns.default\cookies.txt -> TrackingCookie.Liveperson : Ignored.
C:\Documents and Settings\Owner\Cookies\owner@sales.liveperson[1].txt -> TrackingCookie.Liveperson : Ignored.
C:\Documents and Settings\Owner\Cookies\owner@image.masterstats[1].txt -> TrackingCookie.Masterstats : Ignored.
:mozilla.115:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\212rgtns.default\cookies.txt -> TrackingCookie.Mediaplex : Ignored.
:mozilla.221:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\212rgtns.default\cookies.txt -> TrackingCookie.Overture : Ignored.
:mozilla.222:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\212rgtns.default\cookies.txt -> TrackingCookie.Overture : Ignored.
:mozilla.223:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\212rgtns.default\cookies.txt -> TrackingCookie.Overture : Ignored.
C:\Documents and Settings\Owner\Cookies\owner@data2.perf.overture[1].txt -> TrackingCookie.Overture : Ignored.
C:\Documents and Settings\Owner\Cookies\owner@data4.perf.overture[2].txt -> TrackingCookie.Overture : Ignored.
:mozilla.267:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\212rgtns.default\cookies.txt -> TrackingCookie.Pointroll : Ignored.
:mozilla.268:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\212rgtns.default\cookies.txt -> TrackingCookie.Pointroll : Ignored.
:mozilla.269:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\212rgtns.default\cookies.txt -> TrackingCookie.Pointroll : Ignored.
:mozilla.270:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\212rgtns.default\cookies.txt -> TrackingCookie.Pointroll : Ignored.
C:\Documents and Settings\Owner\Cookies\owner@ads.pointroll[2].txt -> TrackingCookie.Pointroll : Ignored.
:mozilla.92:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\212rgtns.default\cookies.txt -> TrackingCookie.Qksrv : Ignored.
:mozilla.93:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\212rgtns.default\cookies.txt -> TrackingCookie.Qksrv : Ignored.
:mozilla.79:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\212rgtns.default\cookies.txt -> TrackingCookie.Questionmarket : Ignored.
:mozilla.80:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\212rgtns.default\cookies.txt -> TrackingCookie.Questionmarket : Ignored.
:mozilla.81:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\212rgtns.default\cookies.txt -> TrackingCookie.Questionmarket : Ignored.
:mozilla.41:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\212rgtns.default\cookies.txt -> TrackingCookie.Ru4 : Ignored.
:mozilla.44:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\212rgtns.default\cookies.txt -> TrackingCookie.Ru4 : Ignored.
:mozilla.45:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\212rgtns.default\cookies.txt -> TrackingCookie.Ru4 : Ignored.
:mozilla.477:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\212rgtns.default\cookies.txt -> TrackingCookie.Serving-sys : Ignored.
:mozilla.478:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\212rgtns.default\cookies.txt -> TrackingCookie.Serving-sys : Ignored.
:mozilla.479:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\212rgtns.default\cookies.txt -> TrackingCookie.Serving-sys : Ignored.
:mozilla.480:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\212rgtns.default\cookies.txt -> TrackingCookie.Serving-sys : Ignored.
:mozilla.481:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\212rgtns.default\cookies.txt -> TrackingCookie.Serving-sys : Ignored.
:mozilla.320:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\212rgtns.default\cookies.txt -> TrackingCookie.Sexcounter : Ignored.
:mozilla.321:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\212rgtns.default\cookies.txt -> TrackingCookie.Sexcounter : Ignored.
:mozilla.322:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\212rgtns.default\cookies.txt -> TrackingCookie.Sexcounter : Ignored.
:mozilla.323:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\212rgtns.default\cookies.txt -> TrackingCookie.Sexcounter : Ignored.
:mozilla.265:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\212rgtns.default\cookies.txt -> TrackingCookie.Specificclick : Ignored.
:mozilla.266:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\212rgtns.default\cookies.txt -> TrackingCookie.Specificclick : Ignored.
:mozilla.199:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\212rgtns.default\cookies.txt -> TrackingCookie.Statcounter : Ignored.
:mozilla.200:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\212rgtns.default\cookies.txt -> TrackingCookie.Statcounter : Ignored.
:mozilla.201:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\212rgtns.default\cookies.txt -> TrackingCookie.Statcounter : Ignored.
:mozilla.202:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\212rgtns.default\cookies.txt -> TrackingCookie.Statcounter : Ignored.
:mozilla.203:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\212rgtns.default\cookies.txt -> TrackingCookie.Statcounter : Ignored.
:mozilla.72:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\212rgtns.default\cookies.txt -> TrackingCookie.Tacoda : Ignored.
:mozilla.73:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\212rgtns.default\cookies.txt -> TrackingCookie.Tacoda : Ignored.
:mozilla.74:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\212rgtns.default\cookies.txt -> TrackingCookie.Tacoda : Ignored.
C:\Documents and Settings\Owner\Cookies\owner@tacoda[2].txt -> TrackingCookie.Tacoda : Ignored.
C:\Documents and Settings\Owner\Cookies\owner@login.tracking101[2].txt -> TrackingCookie.Tracking101 : Ignored.
:mozilla.49:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\212rgtns.default\cookies.txt -> TrackingCookie.Trafficmp : Ignored.
:mozilla.497:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\212rgtns.default\cookies.txt -> TrackingCookie.Tribalfusion : Ignored.
:mozilla.238:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\212rgtns.default\cookies.txt -> TrackingCookie.Valueclick : Ignored.
:mozilla.512:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\212rgtns.default\cookies.txt -> TrackingCookie.Web-stat : Ignored.
:mozilla.513:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\212rgtns.default\cookies.txt -> TrackingCookie.Web-stat : Ignored.
:mozilla.514:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\212rgtns.default\cookies.txt -> TrackingCookie.Web-stat : Ignored.
C:\Documents and Settings\Owner\Cookies\owner@web-stat[2].txt -> TrackingCookie.Web-stat : Ignored.
:mozilla.540:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\212rgtns.default\cookies.txt -> TrackingCookie.Yieldmanager : Ignored.
:mozilla.541:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\212rgtns.default\cookies.txt -> TrackingCookie.Yieldmanager : Ignored.
:mozilla.542:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\212rgtns.default\cookies.txt -> TrackingCookie.Yieldmanager : Ignored.
C:\Documents and Settings\Owner\Cookies\owner@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Ignored.
:mozilla.535:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\212rgtns.default\cookies.txt -> TrackingCookie.Zedo : Ignored.
:mozilla.536:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\212rgtns.default\cookies.txt -> TrackingCookie.Zedo : Ignored.
:mozilla.537:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\212rgtns.default\cookies.txt -> TrackingCookie.Zedo : Ignored.


::Report end




Panda Scan:

Incident Status Location

Adware:Adware/AntispywareSoldier Not disinfected C:\WINDOWS\system32\sumsw32.exe
Adware:adware/superspider Not disinfected c:\windows\system32\a.exe
Adware:adware/alexa-toolbar Not disinfected c:\windows\system32\alxres.dll
Spyware:spyware/bridge Not disinfected c:\windows\system32\bridge.dll
Adware:adware/dailytoolbar Not disinfected c:\windows\system32\dailytoolbar.dll
Adware:adware/antivirus-gold Not disinfected c:\windows\system32\runsrv32.exe
Adware:adware/admess Not disinfected c:\windows\system32\tcpservice2.exe
Adware:adware/topspyware Not disinfected c:\windows\system32\txfdb32.dll
Adware:adware/btgrab Not disinfected c:\windows\BTGrab.dll
Adware:adware/transponder Not disinfected c:\windows\dlmax.dll
Adware:adware/gator Not disinfected c:\windows\GatorFDDLI.log
Spyware:spyware/betterinet Not disinfected c:\windows\susp.exe
Adware:adware/thespyguard Not disinfected c:\windows\yod.htm
Adware:adware/wintools Not disinfected Windows Registry
Adware:adware/ilookup Not disinfected Windows Registry
Spyware:spyware/dluca Not disinfected Windows Registry
Adware:adware/wupd Not disinfected Windows Registry
Dialer:dialer.du Not disinfected HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7B55BB05-0B4D-44FD-81A6-B136188F5DEB}
Adware:adware/savenow Not disinfected Windows Registry
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\212rgtns.default\cookies.txt[.atdmt.com/]
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\212rgtns.default\cookies.txt[.doubleclick.net/]
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\212rgtns.default\cookies.txt[.adrevolver.com/]
Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\212rgtns.default\cookies.txt[.casalemedia.com/]
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\212rgtns.default\cookies.txt[.advertising.com/]
Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\212rgtns.default\cookies.txt[.trafficmp.com/]
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\212rgtns.default\cookies.txt[.advertising.com/]
Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\212rgtns.default\cookies.txt[.casalemedia.com/]
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\212rgtns.default\cookies.txt[.advertising.com/]
Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\212rgtns.default\cookies.txt[.casalemedia.com/]
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\212rgtns.default\cookies.txt[.advertising.com/]
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\212rgtns.default\cookies.txt[.questionmarket.com/]
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\212rgtns.default\cookies.txt[.com.com/]
Spyware:Cookie/QkSrv Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\212rgtns.default\cookies.txt[.qksrv.net/]
Spyware:Cookie/Apmebf Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\212rgtns.default\cookies.txt[.apmebf.com/]
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\212rgtns.default\cookies.txt[.2o7.net/]
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\212rgtns.default\cookies.txt[.mediaplex.com/]
Spyware:Cookie/Clickbank Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\212rgtns.default\cookies.txt[.clickbank.net/]
Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\212rgtns.default\cookies.txt[.statcounter.com/]
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\212rgtns.default\cookies.txt[.realmedia.com/]
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\212rgtns.default\cookies.txt[.perf.overture.com/]
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\212rgtns.default\cookies.txt[.overture.com/]
Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\212rgtns.default\cookies.txt[.hitbox.com/]
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\212rgtns.default\cookies.txt[.fastclick.net/]
Spyware:Cookie/Valueclick Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\212rgtns.default\cookies.txt[.valueclick.com/]
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\212rgtns.default\cookies.txt[.247realmedia.com/]
Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\212rgtns.default\cookies.txt[.ads.pointroll.com/]
Spyware:Cookie/Adtech Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\212rgtns.default\cookies.txt[.adtech.de/]
Spyware:Cookie/adultfriendfinder Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\212rgtns.default\cookies.txt[.adultfriendfinder.com/]
Spyware:Cookie/Falkag Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\212rgtns.default\cookies.txt[.as-eu.falkag.net/]
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\212rgtns.default\cookies.txt[.atwola.com/]
Spyware:Cookie/BurstNet Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\212rgtns.default\cookies.txt[.burstnet.com/]
Spyware:Cookie/cs.sexcounter Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\212rgtns.default\cookies.txt[.cs.sexcounter.com/]
Spyware:Cookie/MediaTickets Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\212rgtns.default\cookies.txt[.kinghost.com/]
Spyware:Cookie/Maxserving Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\212rgtns.default\cookies.txt[.maxserving.com/]
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\212rgtns.default\cookies.txt[.serving-sys.com/]
Spyware:Cookie/Tickle Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\212rgtns.default\cookies.txt[.tickle.com/]
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\212rgtns.default\cookies.txt[.tribalfusion.com/]
Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\212rgtns.default\cookies.txt[.xiti.com/]
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\212rgtns.default\cookies.txt[.zedo.com/]
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\212rgtns.default\cookies.txt[ad.yieldmanager.com/]
Spyware:Cookie/GoClick Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\212rgtns.default\cookies.txt[c.goclick.com/]
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\212rgtns.default\cookies.txt[server.iad.liveperson.net/]
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\212rgtns.default\cookies.txt[server.iad.liveperson.net/hc/76103330]
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Owner\Cookies\owner@ad.yieldmanager[2].txt
Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\Owner\Cookies\owner@ads.pointroll[2].txt
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Owner\Cookies\owner@atwola[2].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Owner\Cookies\owner@belnk[1].txt
Spyware:Cookie/BurstNet Not disinfected C:\Documents and Settings\Owner\Cookies\owner@burstnet[1].txt
Spyware:Cookie/GoClick Not disinfected C:\Documents and Settings\Owner\Cookies\owner@c.goclick[2].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Owner\Cookies\owner@dist.belnk[2].txt
Spyware:Cookie/MediaTickets Not disinfected C:\Documents and Settings\Owner\Cookies\owner@kinghost[1].txt
Spyware:Cookie/SpywareStormer Not disinfected C:\Documents and Settings\Owner\Cookies\owner@spywarestormer[2].txt
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Owner\Desktop\SmitfraudFix.zip[SmitfraudFix/Process.exe]
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\212rgtns.default\Cache\633285D9d01[SmitfraudFix/Process.exe]
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@ad.yieldmanager[2].txt
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@atwola[1].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@belnk[1].txt
Spyware:Cookie/BurstNet Not disinfected C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@burstnet[2].txt
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@com[2].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@dist.belnk[2].txt
Spyware:Cookie/BurstBeacon Not disinfected C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@www.burstbeacon[2].txt
Possible Virus. Not disinfected C:\Documents and Settings\Owner\Local Settings\Temp\hotfix.exe
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Owner\Local Settings\Temp\SmitfraudFix.zip[SmitfraudFix/Process.exe]
Adware:Adware/Trymedia Not disinfected C:\Downloads\Sudoku_ML_Setup-dm[1].exe
Potentially unwanted tool:Application/HideWindow.A Not disinfected C:\hp\bin\FondleWindow.exe
Potentially unwanted tool:Application/KillApp.B Not disinfected C:\hp\bin\KillIt.exe
Virus:Trj/Gagar.K Disinfected C:\WINDOWS\system32\hjoixavs.exe
Virus:Trj/Gagar.AG Disinfected C:\WINDOWS\system32\igdhpvdz.exe
Virus:Trj/Gagar.Y Disinfected C:\WINDOWS\system32\nvayszkr.exe
Adware:Adware/AntispywareSoldier Not disinfected C:\WINDOWS\system32\ohylguic.exe
Virus:Trj/Gagar.K Disinfected C:\WINDOWS\system32\ruzqyjbf.exe
Adware:Adware/TitanShield Not disinfected C:\WINDOWS\system32\urrqhpbk.exe
Virus:Trj/Gagar.P Disinfected C:\WINDOWS\system32\uyemogzx.exe
Spyware:Cookie/2o7 Not disinfected C:\WINDOWS\Temp\Cookies\owner@112.2o7[2].txt



Logfile of HijackThis v1.99.1
Scan saved at 10:05:44 PM, on 10/3/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Softex\OmniPass\Omniserv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Softex\OmniPass\OPXPApp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\sumsw32.exe
C:\windows\system\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
C:\WINDOWS\System32\hphmon05.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Multimedia Card Reader\shwicon2k.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\MI948F~1\GAMECO~1\Common\SWTrayV4.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\eFax Messenger 4.2\J2GDllCmd.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Microsoft Money\System\mnyexpr.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\eFax Messenger 4.2\J2GTray.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Webshots\webshots.scr
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Download\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://us9.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us9.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://us9.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us9.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {00000000-59D4-4008-9058-080011001200} - (no file)
O2 - BHO: (no name) - {00000000-C1EC-0345-6EC2-4D0300000000} - (no file)
O2 - BHO: (no name) - {00000000-F09C-02B4-6EC2-AD0300000000} - (no file)
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\WINDOWS\Downloaded Program Files\ycomp5_3_11_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll
O2 - BHO: (no name) - {3ceff6cd-6f08-4e4d-bccd-ff7415288c3b} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: (no name) - {7b55bb05-0b4d-44fd-81a6-b136188f5deb} - (no file)
O2 - BHO: (no name) - {8333c319-0669-4893-a418-f56d9249fca6} - (no file)
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: (no name) - {9c691a33-7dda-4c2f-be4c-c176083f35cf} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O2 - BHO: (no name) - {e52dedbb-d168-4bdb-b229-c48160800e81} - (no file)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O2 - BHO: (no name) - {ffd2825e-0785-40c5-9a41-518f53a8261f} - (no file)
O3 - Toolbar: HP View - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpdtlk02.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\WINDOWS\Downloaded Program Files\ycomp5_3_11_0.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\Hewlett-Packard\Digital Imaging\\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [AutoTKit] C:\hp\bin\AUTOTKIT.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [Sunkist2k] C:\Program Files\Multimedia Card Reader\shwicon2k.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [QuickFinder Scheduler] "c:\Program Files\WordPerfect Office 11\Programs\QFSCHD110.EXE"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_01\bin\jusched.exe
O4 - HKLM\..\Run: [XHGWFKUF] c:\windows\system32\xhgwfkuf.exe /install
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [SideWinderTrayV4] C:\PROGRA~1\MI948F~1\GAMECO~1\Common\SWTrayV4.exe
O4 - HKLM\..\Run: [/AutoLaunch] C:\Program Files\PHILIPS\PSADMM\DMM\bin\AutoLaunch.exe
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\McAgent.exe
O4 - HKLM\..\Run: [eFax 4.2] "C:\Program Files\eFax Messenger 4.2\J2GDllCmd.exe" /R
O4 - HKLM\..\Run: [SpyHunter] C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [Transponder] C:\WINDOWS\system32\susp.exe
O4 - HKLM\..\Run: [Adware.Srv32] C:\WINDOWS\system32\runsrv32.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [BackupNotify] c:\Program Files\Hewlett-Packard\Digital Imaging\bin\backupnotify.exe
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [RealPlayer] "C:\Program Files\Real\RealOne Player\realplay.exe" /RunUPGToolCommandReBoot
O4 - Startup: spamsubtract.lnk = C:\Program Files\interMute\SpamSubtract\SpamSubtract.exe
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe
O4 - Global Startup: eFax 4.2.lnk = C:\Program Files\eFax Messenger 4.2\J2GTray.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0411.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0411.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4989312D-58CF-11D5-A7D7-00E02911103E} (Interealty MultiSelect) - http://las.mlxchange.com/Control/Mul...ctComboBox.cab
O16 - DPF: {5EB6A98B-F75B-4AC7-821D-BAD2C29D18C2} (CVALAXObj Class) - https://www.crystalvoicelive.com/download/CVALAX.CAB
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.co...?1100385933556
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1143384714807
O16 - DPF: {6FD482A3-7B57-438B-B040-52CAA30147EE} (MLXchange Client Utils) - http://las.mlxchange.com/Control/MLXClientUtils.cab
O16 - DPF: {83AB6E4D-CDD7-11D3-B5E7-00104B9AFF6E} (GeacRevw Control) - http://las.mlxchange.com/Control/IRCSharc.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} (Yahoo! Companion) - http://us.dl1.yimg.com/download.comp...io5_3_11_0.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: OPXPGina - C:\Program Files\Softex\OmniPass\opxpgina.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Softex OmniPass Service (omniserv) - Unknown owner - C:\Program Files\Softex\OmniPass\Omniserv.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: WMI Performance Adapter (WmiApSrv) - Unknown owner - C:\WINDOWS\System32\wbem\wmiapsrv.exe (file missing)
sakurasan is offline