Once it's done scanning, click the Remove Vundo button.
You will receive a prompt asking if you want to remove the files, click YES
Once you click yes, your desktop will go blank as it starts removing Vundo.
When completed, it will prompt that it will reboot your computer, click OK.
Please post the contents of C:\vundofix.txt and a new HiJackThis log.
Note: It is possible that VundoFix encountered a file it could not remove.
In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the
Scan for Vundo button." when VundoFix appears at reboot.
You may want to print out these instructions for reference
First Copy and paste the following into NotePad (Not Wordpad)
sc stop UFDSVC sc delete UFDSVC
Click
File ->>
Save as ->>type in
cmd.bat
Under "Save as type" Select " all files" ->>Save it to your Desktop Close Notepad The cmd.bat file should now appear on your Desktop Double Click that file (It will appear that nothing has happened, but that's o.k.)
1. Go
here and Download
AVG Anti-Spyware (
30 day free trial version) Save it to Your Desktop
Double Click
AVG Anti-Spyware-setup (It will create its own folder)
Once the program starts You will be at the
Status menu
Under "Your computers Security" Click change status on Resident shield to inactive Click Update now (next to last update) After the update loads Under Automatic updates Uncheck download and install updates automatically(recommended) (you can always select maual updates the next day)
At the top toolbar Click
Scanner Then the
settings tab
Under How to act? Set default action for detected malwareTo Quarantine Under how to scan All boxes should be checked Under Possibly unwanted software All boxes should be checked Under reports Select Automatically generate report after every scan Uncheck Only if threats were found Under what to scan Scan every file should be highlited
Right click the BFU folder on your desktop, and choose Extract All
Click "Next"
In the box to choose where to extract the files to,
Click "Browse"
Click on the + sign next to "My Computer"
Click on "Local Disk (C: ) or whatever your primary drive is
Click "Make New Folder"
Type in BFU
Click "Next", and Uncheck the "Show Extracted Files" box and then click "Finish".
3.RIGHT-CLICK HERE and choose "Save As" (in IE it's "Save Target As" ) in order to download Alcra
PLUS Remover.
Save it in the same folder you made earlier (c:\BFU).
Reboot into
Safe Mode This can be done by
Restart your PC, and after it starts, but before you see the Windows Splash screen Begin tapping the F8 key twice a second untill you reach another menu screen (black background with white menu choices) Use your arrow keys and select Safe Mode and then Enter
4. Run AVG Anti-Spyware
Click scanner Select Complete system scan
Once the scan finishes
Select Apply all actions (The items found will be quarantined) Click save report as (Another window will open) Save it to your desktop (By default It will be saved in the AVG folder as) C:\Program Files\Grisoft\AVG anti-spyware 7.5\Reports
Exit AVG
5. Then, please go to Start > My Computer and navigate to the C:\BFU folder.
Start the Brute Force Uninstaller by doubleclicking BFU.exe
Behind the scriptline to execute field click the folder icon and select alcanshorty.bfu
Press Execute and let the program do it’s job. (You ought to see a progress bar if you did this correctly.)
Wait for the complete script execution box to pop up and press OK.
Press exit to terminate the BFU program.
Reboot your PC in
Normal Mode->>Re run Hijackthis and post a fresh Hijackthis log.
Double click the report-scan txt. you saved to your desktop It will open in Notepad Copy and paste that report as a reply to this thread
Your reply should include
a fresh hijackthis log your report_scan.txt from AVG
Hi I've finally gotten the courage to complete the task!
here is the avg scan:
---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------
I do have a problem at the end of this though...I use a router at home and the internet stopped working after I've completed everything I wonder if it has any connections?
:mozilla.464:C:\Documents and Settings\1\Application Data\Mozilla\Firefox\Profiles\qtialn32.default\cookies.txt -> TrackingCookie.Web-stat : Cleaned.
C:\Documents and Settings\1\Cookies\1@webstat[1].txt -> TrackingCookie.Web-stat : Cleaned.
:mozilla.49:C:\Documents and Settings\1\Application Data\Mozilla\Firefox\Profiles\qtialn32.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned.
:mozilla.50:C:\Documents and Settings\1\Application Data\Mozilla\Firefox\Profiles\qtialn32.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned.
C:\Documents and Settings\1\Cookies\1@statse.webtrendslive[2].txt -> TrackingCookie.Webtrendslive : Cleaned.
:mozilla.12:C:\Documents and Settings\1\Application Data\Mozilla\Firefox\Profiles\qtialn32.default\cookies.txt -> TrackingCookie.Yadro : Cleaned.
:mozilla.13:C:\Documents and Settings\1\Application Data\Mozilla\Firefox\Profiles\qtialn32.default\cookies.txt -> TrackingCookie.Yadro : Cleaned.
:mozilla.329:C:\Documents and Settings\1\Application Data\Mozilla\Firefox\Profiles\qtialn32.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.332:C:\Documents and Settings\1\Application Data\Mozilla\Firefox\Profiles\qtialn32.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
C:\Documents and Settings\1\Cookies\1@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Cleaned.
C:\Documents and Settings\1\Cookies\1@zedo[1].txt -> TrackingCookie.Zedo : Cleaned.
C:\System Volume Information\_restore{543848E5-A971-4387-BA47-9852573A650F}\RP1002\A0066093.dll -> Trojan.BHO.g : Cleaned.
C:\System Volume Information\_restore{543848E5-A971-4387-BA47-9852573A650F}\RP1010\A0066269.dll -> Trojan.BHO.g : Cleaned.
C:\System Volume Information\_restore{543848E5-A971-4387-BA47-9852573A650F}\RP1002\A0066102.exe -> Trojan.Small.ju : Cleaned.
::Report end
Logfile of HijackThis v1.99.1
Scan saved at 12:23:24 AM, on 12/24/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
bamajim
10.4K Posts
0
October 31st, 2006 01:00
Welcome to DCF :smileyhappy:
That's quite a collection of malware you have there. It will take a few runs at this to completely remove the infection, so please be patient.
Please download VundoFix.exe to your desktop.
- Double-click VundoFix.exe to run it.
- Click the Scan for Vundo button.
- Once it's done scanning, click the Remove Vundo button.
- You will receive a prompt asking if you want to remove the files, click YES
- Once you click yes, your desktop will go blank as it starts removing Vundo.
- When completed, it will prompt that it will reboot your computer, click OK.
- Please post the contents of C:\vundofix.txt and a new HiJackThis log.
Note: It is possible that VundoFix encountered a file it could not remove.In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button." when VundoFix appears at reboot.
Your reply should include
a fresh Hijackthis log
angelbunny
8 Posts
0
November 4th, 2006 20:00
Logfile of HijackThis v1.99.1
Scan saved at 10:48:26 AM, on 11/4/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\System32\ezSP_Px.exe
C:\program files\support.com\client\bin\tgcmd.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fpdisp5a.exe
C:\Program Files\Winamp\winampa.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ufdsvc.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINPENJR\Win32\pphidpad.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\WINDOWS\system32\QTRAYIME.EXE
C:\Program Files\Canon\\CALMAIN.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Hijackthis\HijackThis.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
O2 - BHO: (no name) - {46A4E9D9-B30E-452A-8157-DBBEC8573B03} - C:\Program Files\VSAdd-in\VSAdd-in.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: InfoDocReader Object - {A5B00A5B-073E-4246-AFF0-CCAE0D5BF6D1} - C:\WINDOWS\System32\sstqr.dll (file missing)
O2 - BHO: (no name) - {F18F04B0-9CF1-4b93-B004-77A288BEE28B} - C:\WINDOWS\system32\leuaqkii.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &VSAdd-in - {74DD705D-6834-439C-A735-A6DBE2677452} - C:\Program Files\VSAdd-in\VSAdd-in.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
O4 - HKLM\..\Run: [ZTgServerSwitch] c:\program files\support.com\client\bin\tgcmd.exe /server
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [winupdt] RUNDLL32.EXE c:\windows\siprof32.dll,_mainRD
O4 - HKLM\..\Run: [FinePrint Dispatcher v5] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fpdisp5a.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [win32] winhost.exe
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [PPHIDPAD] C:\WINPENJR\Win32\pphidpad.exe
O4 - HKLM\..\Run: [BossIdea] C:\WINDOWS\java\winlogin.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\RunServices: [win32] winhost.exe
O4 - HKLM\..\RunServices: [CPQHotKeys] hotkeysvc.exe
O4 - HKCU\..\Run: [msvcp70] C:\WINDOWS\System32\msvcp70.exe
O4 - HKCU\..\Run: [mswstr10] C:\WINDOWS\System32\mswstr10.exe
O4 - HKCU\..\Run: [CPQHotKeys] hotkeysvc.exe
O4 - HKCU\..\RunServices: [CPQHotKeys] hotkeysvc.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: 九方快速啟動.lnk = C:\WINDOWS\system32\QTRAYIME.EXE
O4 - Global Startup: hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: Download using FlashGet - C:\PROGRA~1\FlashGet\jc_link.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Microsoft AntiSpyware helper - {A7BE18DF-72BD-4E1E-B270-17822D41F60E} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {A7BE18DF-72BD-4E1E-B270-17822D41F60E} - (no file) (HKCU)
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
O15 - Trusted Zone: http://free.aol.com
O16 - DPF: ppctlcab - http://ppupdates.ca.com/downloads/scanner/ppctlcab.cab
O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/c381/chat.cab
O16 - DPF: Yahoo! Graffiti - http://download.games.yahoo.com/games/clients/y/grt5_x.cab
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {072039AB-2117-4ED5-A85F-9B9EB903E021} (NowStarter Control) - http://www.clubbox.co.kr/neo.fld/NowStarter.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/v45/yacscom.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://marissasloveandhate.spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {556DDE35-E955-11D0-A707-000000521957} - http://www.xblock.com/download/xclean_micro.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1110272199703
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1146703997437
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://cdn.messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IMDownloader Class) - http://www2.incredimail.com/contents/setup/downloader/imloader.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{7EF08800-CDD9-4050-8787-18DE2005E07E}: NameServer = 64.59.144.90,64.59.144.91
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\\CALMAIN.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Sptisrv.exe
O23 - Service: UFD Command Service (UFDSVC) - Generic - C:\WINDOWS\system32\ufdsvc.exe
angelbunny
8 Posts
0
November 4th, 2006 20:00
Vundo log:
VundoFix V6.2.6
Checking Java version...
Java version is 1.5.0.4
Java version is 1.5.0.6
Scan started at 10:39:28 AM 11/4/2006
Listing files found while scanning....
C:\WINDOWS\system32\acweiepy.dll
C:\WINDOWS\system32\arebafjq.dll
C:\WINDOWS\system32\axifonjv.dll
C:\WINDOWS\system32\ewoamqpu.dll
C:\WINDOWS\system32\fqyudfls.dll
C:\WINDOWS\system32\ghksqwqe.dll
C:\WINDOWS\system32\leseisnw.dll
C:\WINDOWS\system32\wqsnwcfs.dll
C:\WINDOWS\system32\guxifvte.exe
C:\WINDOWS\system32\nvvnhkku.exe
C:\WINDOWS\system32\pmtaxuiu.exe
C:\WINDOWS\system32\rdngcvli.exe
C:\WINDOWS\System32\sstqr.dll
C:\WINDOWS\System32\rqtss.ini
C:\WINDOWS\System32\rqtss.bak1
C:\WINDOWS\System32\rqtss.bak2
C:\WINDOWS\System32\rqtss.ini2
C:\WINDOWS\System32\rqtss.tmp
Beginning removal...
Attempting to delete C:\WINDOWS\system32\acweiepy.dll
C:\WINDOWS\system32\acweiepy.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\arebafjq.dll
C:\WINDOWS\system32\arebafjq.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\axifonjv.dll
C:\WINDOWS\system32\axifonjv.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\ewoamqpu.dll
C:\WINDOWS\system32\ewoamqpu.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\fqyudfls.dll
C:\WINDOWS\system32\fqyudfls.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\ghksqwqe.dll
C:\WINDOWS\system32\ghksqwqe.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\leseisnw.dll
C:\WINDOWS\system32\leseisnw.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\wqsnwcfs.dll
C:\WINDOWS\system32\wqsnwcfs.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\guxifvte.exe
C:\WINDOWS\system32\guxifvte.exe Has been deleted!
Attempting to delete C:\WINDOWS\system32\nvvnhkku.exe
C:\WINDOWS\system32\nvvnhkku.exe Has been deleted!
Attempting to delete C:\WINDOWS\system32\pmtaxuiu.exe
C:\WINDOWS\system32\pmtaxuiu.exe Has been deleted!
Attempting to delete C:\WINDOWS\system32\rdngcvli.exe
C:\WINDOWS\system32\rdngcvli.exe Has been deleted!
Attempting to delete C:\WINDOWS\System32\sstqr.dll
C:\WINDOWS\System32\sstqr.dll Has been deleted!
Attempting to delete C:\WINDOWS\System32\rqtss.ini
C:\WINDOWS\System32\rqtss.ini Has been deleted!
Attempting to delete C:\WINDOWS\System32\rqtss.bak1
C:\WINDOWS\System32\rqtss.bak1 Has been deleted!
Attempting to delete C:\WINDOWS\System32\rqtss.bak2
C:\WINDOWS\System32\rqtss.bak2 Has been deleted!
Attempting to delete C:\WINDOWS\System32\rqtss.ini2
C:\WINDOWS\System32\rqtss.ini2 Has been deleted!
Attempting to delete C:\WINDOWS\System32\rqtss.tmp
C:\WINDOWS\System32\rqtss.tmp Has been deleted!
Performing Repairs to the registry.
Done!
As you have mentioned, it may take serveral trials to completely clean all malwares, please advise me what are the next steps. A sincere thanks again!
bamajim
10.4K Posts
0
November 5th, 2006 22:00
Good Job
You may want to print out these instructions for reference
First Copy and paste the following into NotePad (Not Wordpad)
sc delete UFDSVC
Click File ->> Save as ->>type in cmd.bat
Close Notepad
The cmd.bat file should now appear on your Desktop
Double Click that file (It will appear that nothing has happened, but that's o.k.)
1. Go here and Download AVG Anti-Spyware
( 30 day free trial version) Save it to Your Desktop
Double Click AVG Anti-Spyware-setup
(It will create its own folder)
Once the program starts You will be at the Status menu
- Under "Your computers Security"
At the top toolbar Click Scanner Then the settings tabClick change status on Resident shield to inactive
Click Update now (next to last update)
After the update loads
Under Automatic updates Uncheck download and install updates automatically(recommended)
(you can always select maual updates the next day)
- Under How to act? Set default action for detected malwareTo Quarantine
Exit AVG(But do not run it yet)Under how to scan All boxes should be checked
Under Possibly unwanted software All boxes should be checked
Under reports Select Automatically generate report after every scan
Uncheck Only if threats were found
Under what to scan Scan every file should be highlited
2. Please download Brute Force Uninstaller to your desktop.
- Right click the BFU folder on your desktop, and choose Extract All
- Click "Next"
- In the box to choose where to extract the files to,
- Click "Browse"
- Click on the + sign next to "My Computer"
- Click on "Local Disk (C: ) or whatever your primary drive is
- Click "Make New Folder"
- Type in BFU
- Click "Next", and Uncheck the "Show Extracted Files" box and then click "Finish".
3. RIGHT-CLICK HERE and choose "Save As" (in IE it's "Save Target As" ) in order to download Alcra PLUS Remover.Save it in the same folder you made earlier (c:\BFU).
Reboot into Safe Mode
This can be done by
- Restart your PC, and after it starts, but before you see the Windows Splash screen
4. Run AVG Anti-SpywareBegin tapping the F8 key twice a second untill you reach another menu screen (black background with white menu choices)
Use your arrow keys and select Safe Mode and then Enter
Select Complete system scan
Once the scan finishes
- Select Apply all actions (The items found will be quarantined)
Exit AVGClick save report as (Another window will open)
Save it to your desktop
(By default It will be saved in the AVG folder as)
C:\Program Files\Grisoft\AVG anti-spyware 7.5\Reports
5. Then, please go to Start > My Computer and navigate to the C:\BFU folder.
- Start the Brute Force Uninstaller by doubleclicking BFU.exe
- Behind the scriptline to execute field click the folder icon
and select alcanshorty.bfu
- Press Execute and let the program do it’s job. (You ought to see a progress bar if you did this correctly.)
- Wait for the complete script execution box to pop up and press OK.
- Press exit to terminate the BFU program.
Reboot your PC in Normal Mode->>Re run Hijackthis and post a fresh Hijackthis log.- Double click the report-scan txt. you saved to your desktop
Your reply should includeIt will open in Notepad
Copy and paste that report as a reply to this thread
your report_scan.txt from AVG
angelbunny
8 Posts
0
November 24th, 2006 06:00
here is the avg scan:
---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------
+ Created at: 11:53:36 PM 12/23/2006
+ Scan result:
C:\Program Files\VSAdd-in\VSAdd-in.dll -> Adware.Agent : Cleaned.
C:\WINDOWS\system32\70tovmto.ini -> Adware.Sahat : Cleaned.
C:\Program Files\VSToolbar\VSToolBar.dll -> Adware.Searchcolor : Cleaned.
C:\System Volume Information\_restore{543848E5-A971-4387-BA47-9852573A650F}\RP1002\A0066101.exe -> Adware.Searchcolor : Cleaned.
C:\WINDOWS\system32\rrvgervl.exe -> Adware.Searchcolor : Cleaned.
C:\System Volume Information\_restore{543848E5-A971-4387-BA47-9852573A650F}\RP995\A0064729.dll -> Adware.Searchcolours : Cleaned.
C:\System Volume Information\_restore{543848E5-A971-4387-BA47-9852573A650F}\RP1002\A0066091.dll -> Logger.VBStat.e : Cleaned.
C:\System Volume Information\_restore{543848E5-A971-4387-BA47-9852573A650F}\RP1002\A0066094.dll -> Logger.VBStat.e : Cleaned.
C:\System Volume Information\_restore{543848E5-A971-4387-BA47-9852573A650F}\RP1002\A0066095.dll -> Logger.VBStat.e : Cleaned.
C:\System Volume Information\_restore{543848E5-A971-4387-BA47-9852573A650F}\RP1002\A0066096.dll -> Logger.VBStat.e : Cleaned.
C:\System Volume Information\_restore{543848E5-A971-4387-BA47-9852573A650F}\RP1002\A0066098.dll -> Logger.VBStat.e : Cleaned.
C:\System Volume Information\_restore{543848E5-A971-4387-BA47-9852573A650F}\RP1002\A0066099.exe -> Not-A-Virus.Downloader.Win32.WinFixer.r : Cleaned.
C:\System Volume Information\_restore{543848E5-A971-4387-BA47-9852573A650F}\RP1002\A0066100.exe -> Not-A-Virus.Downloader.Win32.WinFixer.r : Cleaned.
C:\Documents and Settings\1\Cookies\1@247realmedia[2].txt -> TrackingCookie.247realmedia : Cleaned.
:mozilla.201:C:\Documents and Settings\1\Application Data\Mozilla\Firefox\Profiles\qtialn32.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.205:C:\Documents and Settings\1\Application Data\Mozilla\Firefox\Profiles\qtialn32.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.253:C:\Documents and Settings\1\Application Data\Mozilla\Firefox\Profiles\qtialn32.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.304:C:\Documents and Settings\1\Application Data\Mozilla\Firefox\Profiles\qtialn32.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.79:C:\Documents and Settings\1\Application Data\Mozilla\Firefox\Profiles\qtialn32.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.80:C:\Documents and Settings\1\Application Data\Mozilla\Firefox\Profiles\qtialn32.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.81:C:\Documents and Settings\1\Application Data\Mozilla\Firefox\Profiles\qtialn32.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.83:C:\Documents and Settings\1\Application Data\Mozilla\Firefox\Profiles\qtialn32.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.84:C:\Documents and Settings\1\Application Data\Mozilla\Firefox\Profiles\qtialn32.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.85:C:\Documents and Settings\1\Application Data\Mozilla\Firefox\Profiles\qtialn32.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\1\Cookies\1@2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\1\Cookies\1@mathworks.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\1\Cookies\1@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\1\Cookies\1@partygaming.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\1\Cookies\1@skyauction.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\2\Cookies\2@2o7[2].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\1\Cookies\1@ads.addynamix[2].txt -> TrackingCookie.Addynamix : Cleaned.
C:\Documents and Settings\1\Cookies\1@rotator.adjuggler[2].txt -> TrackingCookie.Adjuggler : Cleaned.
C:\Documents and Settings\1\Cookies\1@admarketplace[2].txt -> TrackingCookie.Admarketplace : Cleaned.
C:\Documents and Settings\1\Cookies\1@z1.adserver[1].txt -> TrackingCookie.Adserver : Cleaned.
:mozilla.197:C:\Documents and Settings\1\Application Data\Mozilla\Firefox\Profiles\qtialn32.default\cookies.txt -> TrackingCookie.Adtech : Cleaned.
:mozilla.198:C:\Documents and Settings\1\Application Data\Mozilla\Firefox\Profiles\qtialn32.default\cookies.txt -> TrackingCookie.Adtech : Cleaned.
angelbunny
8 Posts
0
November 24th, 2006 06:00
Thank you so much!
angelbunny
8 Posts
0
November 24th, 2006 06:00
C:\Documents and Settings\1\Cookies\1@hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\1\Cookies\1@phg.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.397:C:\Documents and Settings\1\Application Data\Mozilla\Firefox\Profiles\qtialn32.default\cookies.txt -> TrackingCookie.Hotlog : Cleaned.
C:\Documents and Settings\1\Cookies\1@hypertracker[1].txt -> TrackingCookie.Hypertracker : Cleaned.
C:\Documents and Settings\1\Cookies\1@kmpads[1].txt -> TrackingCookie.Kmpads : Cleaned.
C:\Documents and Settings\1\Cookies\1@linksynergy[1].txt -> TrackingCookie.Linksynergy : Cleaned.
:mozilla.445:C:\Documents and Settings\1\Application Data\Mozilla\Firefox\Profiles\qtialn32.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.447:C:\Documents and Settings\1\Application Data\Mozilla\Firefox\Profiles\qtialn32.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.448:C:\Documents and Settings\1\Application Data\Mozilla\Firefox\Profiles\qtialn32.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
C:\Documents and Settings\1\Cookies\1@server.iad.liveperson[2].txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.425:C:\Documents and Settings\1\Application Data\Mozilla\Firefox\Profiles\qtialn32.default\cookies.txt -> TrackingCookie.Masterstats : Cleaned.
:mozilla.101:C:\Documents and Settings\1\Application Data\Mozilla\Firefox\Profiles\qtialn32.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned.
C:\Documents and Settings\1\Cookies\1@mediaplex[1].txt -> TrackingCookie.Mediaplex : Cleaned.
C:\Documents and Settings\1\Cookies\1@www.myaffiliateprogram[2].txt -> TrackingCookie.Myaffiliateprogram : Cleaned.
C:\Documents and Settings\1\Cookies\1@stat.onestat[1].txt -> TrackingCookie.Onestat : Cleaned.
:mozilla.177:C:\Documents and Settings\1\Application Data\Mozilla\Firefox\Profiles\qtialn32.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.289:C:\Documents and Settings\1\Application Data\Mozilla\Firefox\Profiles\qtialn32.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
C:\Documents and Settings\1\Cookies\1@data1.perf.overture[1].txt -> TrackingCookie.Overture : Cleaned.
C:\Documents and Settings\1\Cookies\1@overture[2].txt -> TrackingCookie.Overture : Cleaned.
C:\Documents and Settings\1\Cookies\1@perf.overture[1].txt -> TrackingCookie.Overture : Cleaned.
:mozilla.68:C:\Documents and Settings\1\Application Data\Mozilla\Firefox\Profiles\qtialn32.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.73:C:\Documents and Settings\1\Application Data\Mozilla\Firefox\Profiles\qtialn32.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.77:C:\Documents and Settings\1\Application Data\Mozilla\Firefox\Profiles\qtialn32.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.82:C:\Documents and Settings\1\Application Data\Mozilla\Firefox\Profiles\qtialn32.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
C:\Documents and Settings\1\Cookies\1@ads.pointroll[2].txt -> TrackingCookie.Pointroll : Cleaned.
C:\Documents and Settings\1\Cookies\1@qksrv[1].txt -> TrackingCookie.Qksrv : Cleaned.
:mozilla.87:C:\Documents and Settings\1\Application Data\Mozilla\Firefox\Profiles\qtialn32.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.88:C:\Documents and Settings\1\Application Data\Mozilla\Firefox\Profiles\qtialn32.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.89:C:\Documents and Settings\1\Application Data\Mozilla\Firefox\Profiles\qtialn32.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
C:\Documents and Settings\1\Cookies\1@questionmarket[2].txt -> TrackingCookie.Questionmarket : Cleaned.
C:\Documents and Settings\1\Cookies\1@web4.realtracker[1].txt -> TrackingCookie.Realtracker : Cleaned.
:mozilla.299:C:\Documents and Settings\1\Application Data\Mozilla\Firefox\Profiles\qtialn32.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.300:C:\Documents and Settings\1\Application Data\Mozilla\Firefox\Profiles\qtialn32.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.301:C:\Documents and Settings\1\Application Data\Mozilla\Firefox\Profiles\qtialn32.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.302:C:\Documents and Settings\1\Application Data\Mozilla\Firefox\Profiles\qtialn32.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
C:\Documents and Settings\1\Cookies\1@stats1.reliablestats[1].txt -> TrackingCookie.Reliablestats : Cleaned.
C:\Documents and Settings\1\Cookies\1@ads1.revenue[1].txt -> TrackingCookie.Revenue : Cleaned.
C:\Documents and Settings\1\Cookies\1@revenue[2].txt -> TrackingCookie.Revenue : Cleaned.
:mozilla.107:C:\Documents and Settings\1\Application Data\Mozilla\Firefox\Profiles\qtialn32.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.108:C:\Documents and Settings\1\Application Data\Mozilla\Firefox\Profiles\qtialn32.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.109:C:\Documents and Settings\1\Application Data\Mozilla\Firefox\Profiles\qtialn32.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.110:C:\Documents and Settings\1\Application Data\Mozilla\Firefox\Profiles\qtialn32.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.111:C:\Documents and Settings\1\Application Data\Mozilla\Firefox\Profiles\qtialn32.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.112:C:\Documents and Settings\1\Application Data\Mozilla\Firefox\Profiles\qtialn32.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
C:\Documents and Settings\1\Cookies\1@.serving-sys[1].txt -> TrackingCookie.Serving-sys : Cleaned.
C:\Documents and Settings\1\Cookies\1@serving-sys[2].txt -> TrackingCookie.Serving-sys : Cleaned.
C:\Documents and Settings\1\Cookies\1@adopt.specificclick[2].txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.426:C:\Documents and Settings\1\Application Data\Mozilla\Firefox\Profiles\qtialn32.default\cookies.txt -> TrackingCookie.Spylog : Cleaned.
:mozilla.119:C:\Documents and Settings\1\Application Data\Mozilla\Firefox\Profiles\qtialn32.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.120:C:\Documents and Settings\1\Application Data\Mozilla\Firefox\Profiles\qtialn32.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.121:C:\Documents and Settings\1\Application Data\Mozilla\Firefox\Profiles\qtialn32.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.122:C:\Documents and Settings\1\Application Data\Mozilla\Firefox\Profiles\qtialn32.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.123:C:\Documents and Settings\1\Application Data\Mozilla\Firefox\Profiles\qtialn32.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
C:\Documents and Settings\1\Cookies\1@statcounter[1].txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.51:C:\Documents and Settings\1\Application Data\Mozilla\Firefox\Profiles\qtialn32.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.57:C:\Documents and Settings\1\Application Data\Mozilla\Firefox\Profiles\qtialn32.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.58:C:\Documents and Settings\1\Application Data\Mozilla\Firefox\Profiles\qtialn32.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.59:C:\Documents and Settings\1\Application Data\Mozilla\Firefox\Profiles\qtialn32.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.62:C:\Documents and Settings\1\Application Data\Mozilla\Firefox\Profiles\qtialn32.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
C:\Documents and Settings\1\Cookies\1@tacoda[1].txt -> TrackingCookie.Tacoda : Cleaned.
C:\Documents and Settings\1\Cookies\1@targetnet[1].txt -> TrackingCookie.Targetnet : Cleaned.
C:\Documents and Settings\1\Cookies\1@tradedoubler[2].txt -> TrackingCookie.Tradedoubler : Cleaned.
C:\Documents and Settings\1\Cookies\1@trafficmp[1].txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.235:C:\Documents and Settings\1\Application Data\Mozilla\Firefox\Profiles\qtialn32.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
C:\Documents and Settings\1\Cookies\1@tribalfusion[2].txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.282:C:\Documents and Settings\1\Application Data\Mozilla\Firefox\Profiles\qtialn32.default\cookies.txt -> TrackingCookie.Valueclick : Cleaned.
:mozilla.283:C:\Documents and Settings\1\Application Data\Mozilla\Firefox\Profiles\qtialn32.default\cookies.txt -> TrackingCookie.Valueclick : Cleaned.
C:\Documents and Settings\1\Cookies\1@valueclick[2].txt -> TrackingCookie.Valueclick : Cleaned.
:mozilla.463:C:\Documents and Settings\1\Application Data\Mozilla\Firefox\Profiles\qtialn32.default\cookies.txt -> TrackingCookie.Web-stat : Cleaned.
angelbunny
8 Posts
0
November 24th, 2006 06:00
C:\Documents and Settings\1\Cookies\1@webstat[1].txt -> TrackingCookie.Web-stat : Cleaned.
:mozilla.49:C:\Documents and Settings\1\Application Data\Mozilla\Firefox\Profiles\qtialn32.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned.
:mozilla.50:C:\Documents and Settings\1\Application Data\Mozilla\Firefox\Profiles\qtialn32.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned.
C:\Documents and Settings\1\Cookies\1@statse.webtrendslive[2].txt -> TrackingCookie.Webtrendslive : Cleaned.
:mozilla.12:C:\Documents and Settings\1\Application Data\Mozilla\Firefox\Profiles\qtialn32.default\cookies.txt -> TrackingCookie.Yadro : Cleaned.
:mozilla.13:C:\Documents and Settings\1\Application Data\Mozilla\Firefox\Profiles\qtialn32.default\cookies.txt -> TrackingCookie.Yadro : Cleaned.
:mozilla.329:C:\Documents and Settings\1\Application Data\Mozilla\Firefox\Profiles\qtialn32.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.332:C:\Documents and Settings\1\Application Data\Mozilla\Firefox\Profiles\qtialn32.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
C:\Documents and Settings\1\Cookies\1@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Cleaned.
C:\Documents and Settings\1\Cookies\1@zedo[1].txt -> TrackingCookie.Zedo : Cleaned.
C:\System Volume Information\_restore{543848E5-A971-4387-BA47-9852573A650F}\RP1002\A0066093.dll -> Trojan.BHO.g : Cleaned.
C:\System Volume Information\_restore{543848E5-A971-4387-BA47-9852573A650F}\RP1010\A0066269.dll -> Trojan.BHO.g : Cleaned.
C:\System Volume Information\_restore{543848E5-A971-4387-BA47-9852573A650F}\RP1002\A0066102.exe -> Trojan.Small.ju : Cleaned.
::Report end
Logfile of HijackThis v1.99.1
Scan saved at 12:23:24 AM, on 12/24/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\System32\ezSP_Px.exe
C:\program files\support.com\client\bin\tgcmd.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fpdisp5a.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINPENJR\Win32\pphidpad.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\WINDOWS\system32\QTRAYIME.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Canon\\CALMAIN.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Microsoft Office\Office\WINWORD.EXE
C:\Program Files\Symantec\LiveUpdate\AUpdate.exe
C:\Program Files\Hijackthis\HijackThis.exe
C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O2 - BHO: (no name) - {46A4E9D9-B30E-452A-8157-DBBEC8573B03} - C:\Program Files\VSAdd-in\VSAdd-in.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: InfoDocReader Object - {A5B00A5B-073E-4246-AFF0-CCAE0D5BF6D1} - C:\WINDOWS\System32\sstqr.dll (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &VSAdd-in - {74DD705D-6834-439C-A735-A6DBE2677452} - C:\Program Files\VSAdd-in\VSAdd-in.dll (file missing)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
O4 - HKLM\..\Run: [ZTgServerSwitch] c:\program files\support.com\client\bin\tgcmd.exe /server
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [winupdt] RUNDLL32.EXE c:\windows\siprof32.dll,_mainRD
O4 - HKLM\..\Run: [FinePrint Dispatcher v5] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fpdisp5a.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [win32] winhost.exe
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [PPHIDPAD] C:\WINPENJR\Win32\pphidpad.exe
O4 - HKLM\..\Run: [BossIdea] C:\WINDOWS\java\winlogin.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\RunServices: [win32] winhost.exe
O4 - HKLM\..\RunServices: [CPQHotKeys] hotkeysvc.exe
O4 - HKCU\..\Run: [msvcp70] C:\WINDOWS\System32\msvcp70.exe
O4 - HKCU\..\Run: [mswstr10] C:\WINDOWS\System32\mswstr10.exe
O4 - HKCU\..\Run: [CPQHotKeys] hotkeysvc.exe
O4 - HKCU\..\RunServices: [CPQHotKeys] hotkeysvc.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: 九方快速啟動.lnk = C:\WINDOWS\system32\QTRAYIME.EXE
O4 - Global Startup: hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: Download using FlashGet - C:\PROGRA~1\FlashGet\jc_link.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Microsoft AntiSpyware helper - {A7BE18DF-72BD-4E1E-B270-17822D41F60E} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {A7BE18DF-72BD-4E1E-B270-17822D41F60E} - (no file) (HKCU)
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
O15 - Trusted Zone: http://free.aol.com
O16 - DPF: ppctlcab - http://ppupdates.ca.com/downloads/scanner/ppctlcab.cab
O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/c381/chat.cab
O16 - DPF: Yahoo! Graffiti - http://download.games.yahoo.com/games/clients/y/grt5_x.cab
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {072039AB-2117-4ED5-A85F-9B9EB903E021} (NowStarter Control) - http://www.clubbox.co.kr/neo.fld/NowStarter.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/v45/yacscom.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://marissasloveandhate.spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {556DDE35-E955-11D0-A707-000000521957} - http://www.xblock.com/download/xclean_micro.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1110272199703
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1146703997437
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://cdn.messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IMDownloader Class) - http://www2.incredimail.com/contents/setup/downloader/imloader.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\\CALMAIN.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Sptisrv.exe
angelbunny
8 Posts
0
November 24th, 2006 06:00
:mozilla.103:C:\Documents and Settings\1\Application Data\Mozilla\Firefox\Profiles\qtialn32.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.104:C:\Documents and Settings\1\Application Data\Mozilla\Firefox\Profiles\qtialn32.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.105:C:\Documents and Settings\1\Application Data\Mozilla\Firefox\Profiles\qtialn32.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.106:C:\Documents and Settings\1\Application Data\Mozilla\Firefox\Profiles\qtialn32.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
C:\Documents and Settings\1\Cookies\1@advertising[1].txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.47:C:\Documents and Settings\1\Application Data\Mozilla\Firefox\Profiles\qtialn32.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
C:\Documents and Settings\1\Cookies\1@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned.
C:\Documents and Settings\2\Cookies\2@atdmt[1].txt -> TrackingCookie.Atdmt : Cleaned.
:mozilla.423:C:\Documents and Settings\1\Application Data\Mozilla\Firefox\Profiles\qtialn32.default\cookies.txt -> TrackingCookie.Bfast : Cleaned.
C:\Documents and Settings\1\Cookies\1@bfast[2].txt -> TrackingCookie.Bfast : Cleaned.
:mozilla.196:C:\Documents and Settings\1\Application Data\Mozilla\Firefox\Profiles\qtialn32.default\cookies.txt -> TrackingCookie.Bluestreak : Cleaned.
C:\Documents and Settings\1\Cookies\1@bluestreak[1].txt -> TrackingCookie.Bluestreak : Cleaned.
:mozilla.438:C:\Documents and Settings\1\Application Data\Mozilla\Firefox\Profiles\qtialn32.default\cookies.txt -> TrackingCookie.Bridgetrack : Cleaned.
:mozilla.439:C:\Documents and Settings\1\Application Data\Mozilla\Firefox\Profiles\qtialn32.default\cookies.txt -> TrackingCookie.Bridgetrack : Cleaned.
C:\Documents and Settings\1\Cookies\1@citi.bridgetrack[1].txt -> TrackingCookie.Bridgetrack : Cleaned.
:mozilla.326:C:\Documents and Settings\1\Application Data\Mozilla\Firefox\Profiles\qtialn32.default\cookies.txt -> TrackingCookie.Burstbeacon : Cleaned.
C:\Documents and Settings\1\Cookies\1@www.burstbeacon[1].txt -> TrackingCookie.Burstbeacon : Cleaned.
:mozilla.236:C:\Documents and Settings\1\Application Data\Mozilla\Firefox\Profiles\qtialn32.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.237:C:\Documents and Settings\1\Application Data\Mozilla\Firefox\Profiles\qtialn32.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
C:\Documents and Settings\1\Cookies\1@burstnet[1].txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.234:C:\Documents and Settings\1\Application Data\Mozilla\Firefox\Profiles\qtialn32.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
C:\Documents and Settings\1\Cookies\1@casalemedia[1].txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.13:C:\Documents and Settings\1\Application Data\Mozilla\Profiles\Default User\gsgy2y9e.slt\cookies.txt -> TrackingCookie.Com : Cleaned.
:mozilla.14:C:\Documents and Settings\1\Application Data\Mozilla\Profiles\Default User\gsgy2y9e.slt\cookies.txt -> TrackingCookie.Com : Cleaned.
C:\Documents and Settings\1\Cookies\1@com[1].txt -> TrackingCookie.Com : Cleaned.
C:\Documents and Settings\1\Cookies\1@commission-junction[1].txt -> TrackingCookie.Commission-junction : Cleaned.
C:\Documents and Settings\1\Cookies\1@cpvfeed[1].txt -> TrackingCookie.Cpvfeed : Cleaned.
C:\Documents and Settings\1\Cookies\1@cpvfeed[3].txt -> TrackingCookie.Cpvfeed : Cleaned.
C:\Documents and Settings\1\Cookies\1@cpvfeed[4].txt -> TrackingCookie.Cpvfeed : Cleaned.
C:\Documents and Settings\1\Cookies\1@cpvfeed[5].txt -> TrackingCookie.Cpvfeed : Cleaned.
C:\Documents and Settings\1\Cookies\1@cpvfeed:emotion-14:.txt -> TrackingCookie.Cpvfeed : Cleaned.
:mozilla.29:C:\Documents and Settings\1\Application Data\Mozilla\Firefox\Profiles\qtialn32.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.
C:\Documents and Settings\1\Cookies\1@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned.
C:\Documents and Settings\1\Cookies\1@c.enhance[2].txt -> TrackingCookie.Enhance : Cleaned.
C:\Documents and Settings\1\Cookies\1@enhance[2].txt -> TrackingCookie.Enhance : Cleaned.
C:\Documents and Settings\1\Cookies\1@e-2dj6wjliemc5odo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\1\Cookies\1@adopt.euroclick[2].txt -> TrackingCookie.Euroclick : Cleaned.
C:\Documents and Settings\1\Cookies\1@as-us.falkag[2].txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.243:C:\Documents and Settings\1\Application Data\Mozilla\Firefox\Profiles\qtialn32.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
C:\Documents and Settings\1\Cookies\1@fastclick[1].txt -> TrackingCookie.Fastclick : Cleaned.
C:\Documents and Settings\1\Cookies\1@findwhat[1].txt -> TrackingCookie.Findwhat : Cleaned.
C:\Documents and Settings\1\Cookies\1@c.goclick[2].txt -> TrackingCookie.Goclick : Cleaned.
:mozilla.10:C:\Documents and Settings\1\Application Data\Mozilla\Profiles\Default User\gsgy2y9e.slt\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.11:C:\Documents and Settings\1\Application Data\Mozilla\Profiles\Default User\gsgy2y9e.slt\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.322:C:\Documents and Settings\1\Application Data\Mozilla\Firefox\Profiles\qtialn32.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.323:C:\Documents and Settings\1\Application Data\Mozilla\Firefox\Profiles\qtialn32.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.380:C:\Documents and Settings\1\Application Data\Mozilla\Firefox\Profiles\qtialn32.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.465:C:\Documents and Settings\1\Application Data\Mozilla\Firefox\Profiles\qtialn32.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.467:C:\Documents and Settings\1\Application Data\Mozilla\Firefox\Profiles\qtialn32.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.468:C:\Documents and Settings\1\Application Data\Mozilla\Firefox\Profiles\qtialn32.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.470:C:\Documents and Settings\1\Application Data\Mozilla\Firefox\Profiles\qtialn32.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.471:C:\Documents and Settings\1\Application Data\Mozilla\Firefox\Profiles\qtialn32.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.9:C:\Documents and Settings\1\Application Data\Mozilla\Profiles\Default User\gsgy2y9e.slt\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\1\Cookies\1@ehg-bestbuy.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\1\Cookies\1@ehg-warnerbrothers.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\1\Cookies\1@ehg-westwoodcollege.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned.