Jump to content


Hijack This log

Started by Jouzou, Dec 28 2006 10:49 PM

  • You cannot reply to this topic
12 replies to this topic

#1 OFFLINE   Jouzou

    Newbie

  • Members
  • Pip
  • 7 posts

Posted 28 December 2006 - 10:49 PM

My system keeps telling me it's infected with spyware. I've run Spybot S&D and Avast! antivirus but they were unable to solve the problem. Here's my Hijackthis log:

Logfile of HijackThis v1.99.1
Scan saved at 02:19:48, on 28.12.2006
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\Ati2evxx.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\ZoneLabs\vsmon.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\mspmspsv.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\Ati2evxx.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Video ActiveX Object\isamonitor.exe
C:\Program Files\Video ActiveX Object\pmsngr.exe
C:\WINNT\SOUNDMAN.EXE
C:\Program Files\Creative\Mouse Optical\mouse_2k.exe
C:\Program Files\Video ActiveX Object\isamini.exe
C:\Program Files\Video ActiveX Object\pmmon.exe
C:\WINNT\system32\GSICON.EXE
C:\WINNT\system32\dslagent.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\OpenOffice.org 2.1\program\soffice.exe
C:\Program Files\OpenOffice.org 2.1\program\soffice.BIN
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Omistaja\Desktop\HijackThis.exe
C:\Program Files\Winamp\winamp.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.valkeakos...i/portal/suomi/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.dial.inet.fi:800
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1a1ddc19-5893-43ab-a73f-f41a0f34d115} - C:\Program Files\Video ActiveX Object\isaddon.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [CreativeMouse ] C:\Program Files\Creative\Mouse Optical\mouse_2k.exe
O4 - HKLM\..\Run: [GSICONEXE] GSICON.EXE
O4 - HKLM\..\Run: [DSLAGENTEXE] dslagent.exe USB
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - Startup: OpenOffice.org 2.0.lnk = C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe
O4 - Startup: OpenOffice.org 2.1.lnk = C:\Program Files\OpenOffice.org 2.1\program\quickstart.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab31267.cab
O16 - DPF: {58172624-85DD-4482-9E64-02ADCA637E96} (shizmoo Class) - http://www.kungfuche...ivex/web665.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1159610709218
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zon...ro.cab47946.cab
O21 - SSODL: buprestidae - {b59f3ba4-98da-4b5f-8a2d-7b56fb11140b} - C:\WINNT\system32\cthkpcv.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINNT\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINNT\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LSA Shel (Export Version) - Unknown owner - C:\WINNT\lsass.exe (file missing)
O23 - Service: PSEXESVC - Sysinternals - C:\WINNT\System32\PSEXESVC.EXE
O23 - Service: Services an controller settings - Unknown owner - C:\WINNT\services.exe (file missing)
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINNT\system32\ZoneLabs\vsmon.exe
O23 - Service: Windows Internet Service - Unknown owner - C:\WINNT\iexplore.exe (file missing)
O23 - Service: Windows NT - Unknown owner - C:\WINNT\winlogon.exe (file missing)

#2 OFFLINE   rridgely

    I hate computers

  • Moderators
  • 8,858 posts
  • Gender:Male

Posted 29 December 2006 - 04:50 AM

Welcome to the forum. :)

Please download SmitfraudFix (by S!Ri)
Extract the content (a folder named SmitfraudFix) to your Desktop.

Open the SmitfraudFix folder and double-click smitfraudfix.cmd
Select option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).
Please copy/paste the content of that report into your next reply.

#3 OFFLINE   Jouzou

    Newbie

  • Members
  • Pip
  • 7 posts

Posted 29 December 2006 - 02:00 PM

View Postrridgely, on Dec 29 2006, 06:50 AM, said:

Welcome to the forum. :)


Thank you. Ok, here's the log:

SmitFraudFix v2.131

Scan done at 15:58:59,70, pe 29.12.2006
Run from C:\unzipped\SmitfraudFix\SmitfraudFix
OS: Microsoft Windows 2000 [Version 5.00.2195] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINNT


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINNT\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINNT\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINNT\system32


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Omistaja


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Omistaja\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Start Menu


»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\Omistaja\FAVORI~1


»»»»»»»»»»»»»»»»»»»»»»»» Desktop


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files

C:\Program Files\AntiVermins\ FOUND !
C:\Program Files\Video ActiveX Object\ FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys


»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"


»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{b59f3ba4-98da-4b5f-8a2d-7b56fb11140b}"="buprestidae"

[HKEY_CLASSES_ROOT\CLSID\{b59f3ba4-98da-4b5f-8a2d-7b56fb11140b}\InProcServer32]
@="C:\WINNT\system32\cthkpcv.dll"

[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{b59f3ba4-98da-4b5f-8a2d-7b56fb11140b}\InProcServer32]
@="C:\WINNT\system32\cthkpcv.dll"



»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» pe386-msguard-lzx32


»»»»»»»»»»»»»»»»»»»»»»»» Scanning wininet.dll infection


»»»»»»»»»»»»»»»»»»»»»»»» End

#4 OFFLINE   rridgely

    I hate computers

  • Moderators
  • 8,858 posts
  • Gender:Male

Posted 29 December 2006 - 11:40 PM

You should print out these instructions, or copy them to a Notepad file for reading while in Safe Mode, because you will not be able to connect to the Internet to read from this site.

Please reboot your computer in Safe Mode by doing the following :
  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
  • Instead of Windows loading as normal, a menu with options should appear;
  • Select the first option, to run Windows in Safe Mode, then press "Enter".
  • Choose your usual account.
Once in Safe Mode, open the SmitfraudFix folder again and double-click smitfraudfix.cmd
Select option #2 - Clean by typing 2 and press "Enter" to delete infected files.

You will be prompted : "Registry cleaning - Do you want to clean the registry ?"; answer "Yes" by typing Y and press "Enter" in order to remove the Desktop background and clean registry keys associated with the infection.

The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found); answer "Yes" by typing Y and press "Enter".

The tool may need to restart your computer to finish the cleaning process; if it doesn't, please restart anyway into normal Windows. A text file will appear onscreen, with results from the cleaning process; please copy/paste the content of that report into your next reply along with a new HijackThis log.

#5 OFFLINE   Jouzou

    Newbie

  • Members
  • Pip
  • 7 posts

Posted 30 December 2006 - 02:17 PM

Here is the Smitfraudfix log:

Quote

SmitFraudFix v2.131

Scan done at 15:53:18,51, la 30.12.2006
Run from C:\unzipped\SmitfraudFix\SmitfraudFix
OS: Microsoft Windows 2000 [Version 5.00.2195] - Windows_NT
The filesystem type is NTFS
Fix run in safe mode

»»»»»»»»»»»»»»»»»»»»»»»» Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{b59f3ba4-98da-4b5f-8a2d-7b56fb11140b}"="buprestidae"

[HKEY_CLASSES_ROOT\CLSID\{b59f3ba4-98da-4b5f-8a2d-7b56fb11140b}\InProcServer32]
@="C:\WINNT\system32\cthkpcv.dll"

[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{b59f3ba4-98da-4b5f-8a2d-7b56fb11140b}\InProcServer32]
@="C:\WINNT\system32\cthkpcv.dll"


»»»»»»»»»»»»»»»»»»»»»»»» Killing process


»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri

C:\WINNT\system32\cthkpcv.dll -> Hoax.Win32.Renos.gen.i
C:\WINNT\system32\cthkpcv.dll -> Deleted


»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files

C:\Program Files\AntiVermins\ Deleted
C:\Program Files\Video ActiveX Object\ Deleted

»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

Registry Cleaning done.

»»»»»»»»»»»»»»»»»»»»»»»» After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» End


And here is the new HijackThis log:

Quote

Logfile of HijackThis v1.99.1
Scan saved at 16:12:15, on 30.12.2006
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\Ati2evxx.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\ZoneLabs\vsmon.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\mspmspsv.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\Ati2evxx.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINNT\SOUNDMAN.EXE
C:\Program Files\Creative\Mouse Optical\mouse_2k.exe
C:\WINNT\system32\GSICON.EXE
C:\WINNT\system32\dslagent.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\OpenOffice.org 2.1\program\soffice.exe
C:\Program Files\OpenOffice.org 2.1\program\soffice.BIN
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Omistaja\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.dial.inet.fi:800
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [CreativeMouse ] C:\Program Files\Creative\Mouse Optical\mouse_2k.exe
O4 - HKLM\..\Run: [GSICONEXE] GSICON.EXE
O4 - HKLM\..\Run: [DSLAGENTEXE] dslagent.exe USB
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - Startup: OpenOffice.org 2.0.lnk = C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe
O4 - Startup: OpenOffice.org 2.1.lnk = C:\Program Files\OpenOffice.org 2.1\program\quickstart.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab31267.cab
O16 - DPF: {58172624-85DD-4482-9E64-02ADCA637E96} (shizmoo Class) - http://www.kungfuche...ivex/web665.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1159610709218
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zon...ro.cab47946.cab
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINNT\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINNT\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LSA Shel (Export Version) - Unknown owner - C:\WINNT\lsass.exe (file missing)
O23 - Service: PSEXESVC - Sysinternals - C:\WINNT\System32\PSEXESVC.EXE
O23 - Service: Services an controller settings - Unknown owner - C:\WINNT\services.exe (file missing)
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINNT\system32\ZoneLabs\vsmon.exe
O23 - Service: Windows Internet Service - Unknown owner - C:\WINNT\iexplore.exe (file missing)
O23 - Service: Windows NT - Unknown owner - C:\WINNT\winlogon.exe (file missing)


I also got an error message after answering "Yes" to the first question:
"Cannot import cleanup.reg:Error accessing the registery"
Is this bad?

#6 OFFLINE   rridgely

    I hate computers

  • Moderators
  • 8,858 posts
  • Gender:Male

Posted 30 December 2006 - 10:34 PM

Now run the scans that are in my guide here:
http://forum.ccleane...?showtopic=6329

Follow the directions closely and post the logs it tells you too. Its important you do everything in order as well.

#7 OFFLINE   Jouzou

    Newbie

  • Members
  • Pip
  • 7 posts

Posted 31 December 2006 - 03:17 PM

I seem to be unable to complete step 3, part D. After I have finished the scan, there is a button that says "apply all actions" but I'm not able to press it. It has been disabled.

#8 OFFLINE   rridgely

    I hate computers

  • Moderators
  • 8,858 posts
  • Gender:Male

Posted 01 January 2007 - 06:56 AM

Try changing all of the actions to delete and see if it will allow you to press apply. If you cant get it to work then you may skip it and move on. :D
(just post the other asked for logs)

#9 OFFLINE   Jouzou

    Newbie

  • Members
  • Pip
  • 7 posts

Posted 02 January 2007 - 05:23 PM

I got it to work, thanks. Here's the bitdefender log:

Quote

BitDefender Online Scanner - Real Time Virus Report







Generated at: Sun, Dec 31, 2006 - 15:50:16









Scan Info







Scanned Files


30317

Infected Files


0















Virus Detected







No virus found.

























This summary of the scan process will be used by the BitDefender Antivirus Lab to create agregate statistics about virus activity around the world.

Superantispyware log:

Quote

SUPERAntiSpyware Scan Log
Generated 12/31/2006 at 04:26 PM

Application Version : 3.4.1000

Core Rules Database Version : 3156
Trace Rules Database Version: 1171

Scan type : Complete Scan
Total Scan Time : 00:19:47

Memory items scanned : 438
Memory threats detected : 0
Registry items scanned : 3719
Registry threats detected : 5
File items scanned : 19392
File threats detected : 8

Adware.Tracking Cookie
C:\Documents and Settings\Omistaja\Cookies\omistaja@www.drivecleaner[2].txt
C:\Documents and Settings\Omistaja\Cookies\omistaja@c1[2].txt
C:\Documents and Settings\Omistaja\Cookies\omistaja@msnportal.112.2o7[1].txt
C:\Documents and Settings\Omistaja\Cookies\omistaja@track.adform[2].txt
C:\Documents and Settings\Omistaja\Cookies\omistaja@drivecleaner[1].txt
C:\Documents and Settings\Omistaja\Cookies\omistaja@go.drivecleaner[2].txt
C:\Documents and Settings\Omistaja\Cookies\omistaja@www.pestcapture[1].txt

Trojan.Media-Codec
HKCR\VideoAXObject.Chl
HKCR\VideoAXObject.Chl\CLSID
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\System Alert Popup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\System Alert Popup#DisplayName
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\System Alert Popup#UninstallString

Malware.SpywareHeal
C:\RECYCLER\S-1-5-21-507921405-1935655697-839522115-1000\DC43.EXE

AVG Anti-Spyware log:

Quote

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 19:05:29 2.1.2007

+ Scan result:



HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157a} -> Adware.Generic : Cleaned.
C:\Program Files\SpywareHeal -> Adware.SpywareHeal : Cleaned.
C:\Program Files\SpywareHeal\SpywareHeal.exe -> Adware.SpywareHeal : Cleaned.
:mozilla.154:C:\Documents and Settings\Omistaja\Application Data\Mozilla\Firefox\Profiles\tu2key2i.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.155:C:\Documents and Settings\Omistaja\Application Data\Mozilla\Firefox\Profiles\tu2key2i.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.156:C:\Documents and Settings\Omistaja\Application Data\Mozilla\Firefox\Profiles\tu2key2i.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.157:C:\Documents and Settings\Omistaja\Application Data\Mozilla\Firefox\Profiles\tu2key2i.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.158:C:\Documents and Settings\Omistaja\Application Data\Mozilla\Firefox\Profiles\tu2key2i.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.159:C:\Documents and Settings\Omistaja\Application Data\Mozilla\Firefox\Profiles\tu2key2i.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.160:C:\Documents and Settings\Omistaja\Application Data\Mozilla\Firefox\Profiles\tu2key2i.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.161:C:\Documents and Settings\Omistaja\Application Data\Mozilla\Firefox\Profiles\tu2key2i.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.162:C:\Documents and Settings\Omistaja\Application Data\Mozilla\Firefox\Profiles\tu2key2i.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.163:C:\Documents and Settings\Omistaja\Application Data\Mozilla\Firefox\Profiles\tu2key2i.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.164:C:\Documents and Settings\Omistaja\Application Data\Mozilla\Firefox\Profiles\tu2key2i.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.165:C:\Documents and Settings\Omistaja\Application Data\Mozilla\Firefox\Profiles\tu2key2i.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.166:C:\Documents and Settings\Omistaja\Application Data\Mozilla\Firefox\Profiles\tu2key2i.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.167:C:\Documents and Settings\Omistaja\Application Data\Mozilla\Firefox\Profiles\tu2key2i.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.168:C:\Documents and Settings\Omistaja\Application Data\Mozilla\Firefox\Profiles\tu2key2i.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.169:C:\Documents and Settings\Omistaja\Application Data\Mozilla\Firefox\Profiles\tu2key2i.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.170:C:\Documents and Settings\Omistaja\Application Data\Mozilla\Firefox\Profiles\tu2key2i.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.171:C:\Documents and Settings\Omistaja\Application Data\Mozilla\Firefox\Profiles\tu2key2i.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.172:C:\Documents and Settings\Omistaja\Application Data\Mozilla\Firefox\Profiles\tu2key2i.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.173:C:\Documents and Settings\Omistaja\Application Data\Mozilla\Firefox\Profiles\tu2key2i.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.174:C:\Documents and Settings\Omistaja\Application Data\Mozilla\Firefox\Profiles\tu2key2i.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.175:C:\Documents and Settings\Omistaja\Application Data\Mozilla\Firefox\Profiles\tu2key2i.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.176:C:\Documents and Settings\Omistaja\Application Data\Mozilla\Firefox\Profiles\tu2key2i.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.177:C:\Documents and Settings\Omistaja\Application Data\Mozilla\Firefox\Profiles\tu2key2i.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.902:C:\Documents and Settings\Omistaja\Application Data\Mozilla\Firefox\Profiles\tu2key2i.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.279:C:\Documents and Settings\Omistaja\Application Data\Mozilla\Firefox\Profiles\tu2key2i.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.280:C:\Documents and Settings\Omistaja\Application Data\Mozilla\Firefox\Profiles\tu2key2i.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.281:C:\Documents and Settings\Omistaja\Application Data\Mozilla\Firefox\Profiles\tu2key2i.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.470:C:\Documents and Settings\Omistaja\Application Data\Mozilla\Firefox\Profiles\tu2key2i.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.824:C:\Documents and Settings\Omistaja\Application Data\Mozilla\Firefox\Profiles\tu2key2i.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.719:C:\Documents and Settings\Omistaja\Application Data\Mozilla\Firefox\Profiles\tu2key2i.default\cookies.txt -> TrackingCookie.Addcontrol : Cleaned.
:mozilla.720:C:\Documents and Settings\Omistaja\Application Data\Mozilla\Firefox\Profiles\tu2key2i.default\cookies.txt -> TrackingCookie.Addcontrol : Cleaned.
:mozilla.562:C:\Documents and Settings\Omistaja\Application Data\Mozilla\Firefox\Profiles\tu2key2i.default\cookies.txt -> TrackingCookie.Adengage : Cleaned.
:mozilla.563:C:\Documents and Settings\Omistaja\Application Data\Mozilla\Firefox\Profiles\tu2key2i.default\cookies.txt -> TrackingCookie.Adengage : Cleaned.
:mozilla.564:C:\Documents and Settings\Omistaja\Application Data\Mozilla\Firefox\Profiles\tu2key2i.default\cookies.txt -> TrackingCookie.Adengage : Cleaned.
:mozilla.875:C:\Documents and Settings\Omistaja\Application Data\Mozilla\Firefox\Profiles\tu2key2i.default\cookies.txt -> TrackingCookie.Adjuggler : Cleaned.
:mozilla.876:C:\Documents and Settings\Omistaja\Application Data\Mozilla\Firefox\Profiles\tu2key2i.default\cookies.txt -> TrackingCookie.Adjuggler : Cleaned.
:mozilla.877:C:\Documents and Settings\Omistaja\Application Data\Mozilla\Firefox\Profiles\tu2key2i.default\cookies.txt -> TrackingCookie.Adjuggler : Cleaned.
:mozilla.878:C:\Documents and Settings\Omistaja\Application Data\Mozilla\Firefox\Profiles\tu2key2i.default\cookies.txt -> TrackingCookie.Adjuggler : Cleaned.
:mozilla.302:C:\Documents and Settings\Omistaja\Application Data\Mozilla\Firefox\Profiles\tu2key2i.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.303:C:\Documents and Settings\Omistaja\Application Data\Mozilla\Firefox\Profiles\tu2key2i.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.304:C:\Documents and Settings\Omistaja\Application Data\Mozilla\Firefox\Profiles\tu2key2i.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.305:C:\Documents and Settings\Omistaja\Application Data\Mozilla\Firefox\Profiles\tu2key2i.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.306:C:\Documents and Settings\Omistaja\Application Data\Mozilla\Firefox\Profiles\tu2key2i.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.307:C:\Documents and Settings\Omistaja\Application Data\Mozilla\Firefox\Profiles\tu2key2i.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.308:C:\Documents and Settings\Omistaja\Application Data\Mozilla\Firefox\Profiles\tu2key2i.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.145:C:\Documents and Settings\Omistaja\Application Data\Mozilla\Firefox\Profiles\tu2key2i.default\cookies.txt -> TrackingCookie.Adtech : Cleaned.
:mozilla.146:C:\Documents and Settings\Omistaja\Application Data\Mozilla\Firefox\Profiles\tu2key2i.default\cookies.txt -> TrackingCookie.Adtech : Cleaned.
:mozilla.196:C:\Documents and Settings\Omistaja\Application Data\Mozilla\Firefox\Profiles\tu2key2i.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.197:C:\Documents and Settings\Omistaja\Application Data\Mozilla\Firefox\Profiles\tu2key2i.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.198:C:\Documents and Settings\Omistaja\Application Data\Mozilla\Firefox\Profiles\tu2key2i.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.199:C:\Documents and Settings\Omistaja\Application Data\Mozilla\Firefox\Profiles\tu2key2i.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.200:C:\Documents and Settings\Omistaja\Application Data\Mozilla\Firefox\Profiles\tu2key2i.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.28:C:\Documents and Settings\Omistaja\Application Data\Mozilla\Firefox\Profiles\tu2key2i.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
:mozilla.624:C:\Documents and Settings\Omistaja\Application Data\Mozilla\Firefox\Profiles\tu2key2i.default\cookies.txt -> TrackingCookie.Bluestreak : Cleaned.
:mozilla.78:C:\Documents and Settings\Omistaja\Application Data\Mozilla\Firefox\Profiles\tu2key2i.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.81:C:\Documents and Settings\Omistaja\Application Data\Mozilla\Firefox\Profiles\tu2key2i.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.82:C:\Documents and Settings\Omistaja\Application Data\Mozilla\Firefox\Profiles\tu2key2i.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.126:C:\Documents and Settings\Omistaja\Application Data\Mozilla\Firefox\Profiles\tu2key2i.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.127:C:\Documents and Settings\Omistaja\Application Data\Mozilla\Firefox\Profiles\tu2key2i.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.130:C:\Documents and Settings\Omistaja\Application Data\Mozilla\Firefox\Profiles\tu2key2i.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.131:C:\Documents and Settings\Omistaja\Application Data\Mozilla\Firefox\Profiles\tu2key2i.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.132:C:\Documents and Settings\Omistaja\Application Data\Mozilla\Firefox\Profiles\tu2key2i.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.133:C:\Documents and Settings\Omistaja\Application Data\Mozilla\Firefox\Profiles\tu2key2i.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.134:C:\Documents and Settings\Omistaja\Application Data\Mozilla\Firefox\Profiles\tu2key2i.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.398:C:\Documents and Settings\Omistaja\Application Data\Mozilla\Firefox\Profiles\tu2key2i.default\cookies.txt -> TrackingCookie.Com : Cleaned.
:mozilla.64:C:\Documents and Settings\Omistaja\Application Data\Mozilla\Firefox\Profiles\tu2key2i.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.772:C:\Documents and Settings\Omistaja\Application Data\Mozilla\Firefox\Profiles\tu2key2i.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.752:C:\Documents and Settings\Omistaja\Application Data\Mozilla\Firefox\Profiles\tu2key2i.default\cookies.txt -> TrackingCookie.Estat : Cleaned.
:mozilla.275:C:\Documents and Settings\Omistaja\Application Data\Mozilla\Firefox\Profiles\tu2key2i.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.276:C:\Documents and Settings\Omistaja\Application Data\Mozilla\Firefox\Profiles\tu2key2i.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.277:C:\Documents and Settings\Omistaja\Application Data\Mozilla\Firefox\Profiles\tu2key2i.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.278:C:\Documents and Settings\Omistaja\Application Data\Mozilla\Firefox\Profiles\tu2key2i.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.353:C:\Documents and Settings\Omistaja\Application Data\Mozilla\Firefox\Profiles\tu2key2i.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.354:C:\Documents and Settings\Omistaja\Application Data\Mozilla\Firefox\Profiles\tu2key2i.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.355:C:\Documents and Settings\Omistaja\Application Data\Mozilla\Firefox\Profiles\tu2key2i.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.361:C:\Documents and Settings\Omistaja\Application Data\Mozilla\Firefox\Profiles\tu2key2i.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.638:C:\Documents and Settings\Omistaja\Application Data\Mozilla\Firefox\Profiles\tu2key2i.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.639:C:\Documents and Settings\Omistaja\Application Data\Mozilla\Firefox\Profiles\tu2key2i.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.640:C:\Documents and Settings\Omistaja\Application Data\Mozilla\Firefox\Profiles\tu2key2i.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.641:C:\Documents and Settings\Omistaja\Application Data\Mozilla\Firefox\Profiles\tu2key2i.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.712:C:\Documents and Settings\Omistaja\Application Data\Mozilla\Firefox\Profiles\tu2key2i.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.713:C:\Documents and Settings\Omistaja\Application Data\Mozilla\Firefox\Profiles\tu2key2i.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.714:C:\Documents and Settings\Omistaja\Application Data\Mozilla\Firefox\Profiles\tu2key2i.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.715:C:\Documents and Settings\Omistaja\Application Data\Mozilla\Firefox\Profiles\tu2key2i.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.716:C:\Documents and Settings\Omistaja\Application Data\Mozilla\Firefox\Profiles\tu2key2i.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.135:C:\Documents and Settings\Omistaja\Application Data\Mozilla\Firefox\Profiles\tu2key2i.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.136:C:\Documents and Settings\Omistaja\Application Data\Mozilla\Firefox\Profiles\tu2key2i.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.137:C:\Documents and Settings\Omistaja\Application Data\Mozilla\Firefox\Profiles\tu2key2i.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.138:C:\Documents and Settings\Omistaja\Application Data\Mozilla\Firefox\Profiles\tu2key2i.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.139:C:\Documents and Settings\Omistaja\Application Data\Mozilla\Firefox\Profiles\tu2key2i.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.140:C:\Documents and Settings\Omistaja\Application Data\Mozilla\Firefox\Profiles\tu2key2i.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.141:C:\Documents and Settings\Omistaja\Application Data\Mozilla\Firefox\Profiles\tu2key2i.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.290:C:\Documents and Settings\Omistaja\Application Data\Mozilla\Firefox\Profiles\tu2key2i.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.291:C:\Documents and Settings\Omistaja\Application Data\Mozilla\Firefox\Profiles\tu2key2i.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.334:C:\Documents and Settings\Omistaja\Application Data\Mozilla\Firefox\Profiles\tu2key2i.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.797:C:\Documents and Settings\Omistaja\Application Data\Mozilla\Firefox\Profiles\tu2key2i.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.854:C:\Documents and Settings\Omistaja\Application Data\Mozilla\Firefox\Profiles\tu2key2i.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.855:C:\Documents and Settings\Omistaja\Application Data\Mozilla\Firefox\Profiles\tu2key2i.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.860:C:\Documents and Settings\Omistaja\Application Data\Mozilla\Firefox\Profiles\tu2key2i.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.861:C:\Documents and Settings\Omistaja\Application Data\Mozilla\Firefox\Profiles\tu2key2i.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.575:C:\Documents and Settings\Omistaja\Application Data\Mozilla\Firefox\Profiles\tu2key2i.default\cookies.txt -> TrackingCookie.Masterstats : Cleaned.
:mozilla.403:C:\Documents and Settings\Omistaja\Application Data\Mozilla\Firefox\Profiles\tu2key2i.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.572:C:\Documents and Settings\Omistaja\Application Data\Mozilla\Firefox\Profiles\tu2key2i.default\cookies.txt -> TrackingCookie.Onestat : Cleaned.
:mozilla.574:C:\Documents and Settings\Omistaja\Application Data\Mozilla\Firefox\Profiles\tu2key2i.default\cookies.txt -> TrackingCookie.Onestat : Cleaned.
:mozilla.301:C:\Documents and Settings\Omistaja\Application Data\Mozilla\Firefox\Profiles\tu2key2i.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.461:C:\Documents and Settings\Omistaja\Application Data\Mozilla\Firefox\Profiles\tu2key2i.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.462:C:\Documents and Settings\Omistaja\Application Data\Mozilla\Firefox\Profiles\tu2key2i.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.463:C:\Documents and Settings\Omistaja\Application Data\Mozilla\Firefox\Profiles\tu2key2i.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.464:C:\Documents and Settings\Omistaja\Application Data\Mozilla\Firefox\Profiles\tu2key2i.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.393:C:\Documents and Settings\Omistaja\Application Data\Mozilla\Firefox\Profiles\tu2key2i.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.394:C:\Documents and Settings\Omistaja\Application Data\Mozilla\Firefox\Profiles\tu2key2i.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.395:C:\Documents and Settings\Omistaja\Application Data\Mozilla\Firefox\Profiles\tu2key2i.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.616:C:\Documents and Settings\Omistaja\Application Data\Mozilla\Firefox\Profiles\tu2key2i.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.617:C:\Documents and Settings\Omistaja\Application Data\Mozilla\Firefox\Profiles\tu2key2i.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.618:C:\Documents and Settings\Omistaja\Application Data\Mozilla\Firefox\Profiles\tu2key2i.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.619:C:\Documents and Settings\Omistaja\Application Data\Mozilla\Firefox\Profiles\tu2key2i.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.620:C:\Documents and Settings\Omistaja\Application Data\Mozilla\Firefox\Profiles\tu2key2i.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.621:C:\Documents and Settings\Omistaja\Application Data\Mozilla\Firefox\Profiles\tu2key2i.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.622:C:\Documents and Settings\Omistaja\Application Data\Mozilla\Firefox\Profiles\tu2key2i.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.623:C:\Documents and Settings\Omistaja\Application Data\Mozilla\Firefox\Profiles\tu2key2i.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.382:C:\Documents and Settings\Omistaja\Application Data\Mozilla\Firefox\Profiles\tu2key2i.default\cookies.txt -> TrackingCookie.Revenue : Cleaned.
:mozilla.383:C:\Documents and Settings\Omistaja\Application Data\Mozilla\Firefox\Profiles\tu2key2i.default\cookies.txt -> TrackingCookie.Revenue : Cleaned.
:mozilla.384:C:\Documents and Settings\Omistaja\Application Data\Mozilla\Firefox\Profiles\tu2key2i.default\cookies.txt -> TrackingCookie.Revenue : Cleaned.
:mozilla.283:C:\Documents and Settings\Omistaja\Application Data\Mozilla\Firefox\Profiles\tu2key2i.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.284:C:\Documents and Settings\Omistaja\Application Data\Mozilla\Firefox\Profiles\tu2key2i.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.285:C:\Documents and Settings\Omistaja\Application Data\Mozilla\Firefox\Profiles\tu2key2i.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.286:C:\Documents and Settings\Omistaja\Application Data\Mozilla\Firefox\Profiles\tu2key2i.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.409:C:\Documents and Settings\Omistaja\Application Data\Mozilla\Firefox\Profiles\tu2key2i.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.410:C:\Documents and Settings\Omistaja\Application Data\Mozilla\Firefox\Profiles\tu2key2i.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.411:C:\Documents and Settings\Omistaja\Application Data\Mozilla\Firefox\Profiles\tu2key2i.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.412:C:\Documents and Settings\Omistaja\Application Data\Mozilla\Firefox\Profiles\tu2key2i.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.413:C:\Documents and Settings\Omistaja\Application Data\Mozilla\Firefox\Profiles\tu2key2i.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.754:C:\Documents and Settings\Omistaja\Application Data\Mozilla\Firefox\Profiles\tu2key2i.default\cookies.txt -> TrackingCookie.Smartadserver : Cleaned.
:mozilla.755:C:\Documents and Settings\Omistaja\Application Data\Mozilla\Firefox\Profiles\tu2key2i.default\cookies.txt -> TrackingCookie.Smartadserver : Cleaned.
:mozilla.756:C:\Documents and Settings\Omistaja\Application Data\Mozilla\Firefox\Profiles\tu2key2i.default\cookies.txt -> TrackingCookie.Smartadserver : Cleaned.
:mozilla.534:C:\Documents and Settings\Omistaja\Application Data\Mozilla\Firefox\Profiles\tu2key2i.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.535:C:\Documents and Settings\Omistaja\Application Data\Mozilla\Firefox\Profiles\tu2key2i.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.536:C:\Documents and Settings\Omistaja\Application Data\Mozilla\Firefox\Profiles\tu2key2i.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.537:C:\Documents and Settings\Omistaja\Application Data\Mozilla\Firefox\Profiles\tu2key2i.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.538:C:\Documents and Settings\Omistaja\Application Data\Mozilla\Firefox\Profiles\tu2key2i.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.102:C:\Documents and Settings\Omistaja\Application Data\Mozilla\Firefox\Profiles\tu2key2i.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.103:C:\Documents and Settings\Omistaja\Application Data\Mozilla\Firefox\Profiles\tu2key2i.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.104:C:\Documents and Settings\Omistaja\Application Data\Mozilla\Firefox\Profiles\tu2key2i.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.105:C:\Documents and Settings\Omistaja\Application Data\Mozilla\Firefox\Profiles\tu2key2i.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.106:C:\Documents and Settings\Omistaja\Application Data\Mozilla\Firefox\Profiles\tu2key2i.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.107:C:\Documents and Settings\Omistaja\Application Data\Mozilla\Firefox\Profiles\tu2key2i.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.108:C:\Documents and Settings\Omistaja\Application Data\Mozilla\Firefox\Profiles\tu2key2i.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.109:C:\Documents and Settings\Omistaja\Application Data\Mozilla\Firefox\Profiles\tu2key2i.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.110:C:\Documents and Settings\Omistaja\Application Data\Mozilla\Firefox\Profiles\tu2key2i.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.111:C:\Documents and Settings\Omistaja\Application Data\Mozilla\Firefox\Profiles\tu2key2i.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.112:C:\Documents and Settings\Omistaja\Application Data\Mozilla\Firefox\Profiles\tu2key2i.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.113:C:\Documents and Settings\Omistaja\Application Data\Mozilla\Firefox\Profiles\tu2key2i.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.114:C:\Documents and Settings\Omistaja\Application Data\Mozilla\Firefox\Profiles\tu2key2i.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.115:C:\Documents and Settings\Omistaja\Application Data\Mozilla\Firefox\Profiles\tu2key2i.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.116:C:\Documents and Settings\Omistaja\Application Data\Mozilla\Firefox\Profiles\tu2key2i.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.117:C:\Documents and Settings\Omistaja\Application Data\Mozilla\Firefox\Profiles\tu2key2i.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.118:C:\Documents and Settings\Omistaja\Application Data\Mozilla\Firefox\Profiles\tu2key2i.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.119:C:\Documents and Settings\Omistaja\Application Data\Mozilla\Firefox\Profiles\tu2key2i.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.120:C:\Documents and Settings\Omistaja\Application Data\Mozilla\Firefox\Profiles\tu2key2i.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.121:C:\Documents and Settings\Omistaja\Application Data\Mozilla\Firefox\Profiles\tu2key2i.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.122:C:\Documents and Settings\Omistaja\Application Data\Mozilla\Firefox\Profiles\tu2key2i.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.79:C:\Documents and Settings\Omistaja\Application Data\Mozilla\Firefox\Profiles\tu2key2i.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.80:C:\Documents and Settings\Omistaja\Application Data\Mozilla\Firefox\Profiles\tu2key2i.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.83:C:\Documents and Settings\Omistaja\Application Data\Mozilla\Firefox\Profiles\tu2key2i.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.149:C:\Documents and Settings\Omistaja\Application Data\Mozilla\Firefox\Profiles\tu2key2i.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned.
:mozilla.150:C:\Documents and Settings\Omistaja\Application Data\Mozilla\Firefox\Profiles\tu2key2i.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned.
:mozilla.151:C:\Documents and Settings\Omistaja\Application Data\Mozilla\Firefox\Profiles\tu2key2i.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned.
:mozilla.152:C:\Documents and Settings\Omistaja\Application Data\Mozilla\Firefox\Profiles\tu2key2i.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned.
:mozilla.153:C:\Documents and Settings\Omistaja\Application Data\Mozilla\Firefox\Profiles\tu2key2i.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned.
:mozilla.335:C:\Documents and Settings\Omistaja\Application Data\Mozilla\Firefox\Profiles\tu2key2i.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.336:C:\Documents and Settings\Omistaja\Application Data\Mozilla\Firefox\Profiles\tu2key2i.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.337:C:\Documents and Settings\Omistaja\Application Data\Mozilla\Firefox\Profiles\tu2key2i.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.338:C:\Documents and Settings\Omistaja\Application Data\Mozilla\Firefox\Profiles\tu2key2i.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.339:C:\Documents and Settings\Omistaja\Application Data\Mozilla\Firefox\Profiles\tu2key2i.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.340:C:\Documents and Settings\Omistaja\Application Data\Mozilla\Firefox\Profiles\tu2key2i.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.341:C:\Documents and Settings\Omistaja\Application Data\Mozilla\Firefox\Profiles\tu2key2i.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.348:C:\Documents and Settings\Omistaja\Application Data\Mozilla\Firefox\Profiles\tu2key2i.default\cookies.txt -> TrackingCookie.Trafic : Cleaned.
:mozilla.84:C:\Documents and Settings\Omistaja\Application Data\Mozilla\Firefox\Profiles\tu2key2i.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.750:C:\Documents and Settings\Omistaja\Application Data\Mozilla\Firefox\Profiles\tu2key2i.default\cookies.txt -> TrackingCookie.Weborama : Cleaned.
:mozilla.751:C:\Documents and Settings\Omistaja\Application Data\Mozilla\Firefox\Profiles\tu2key2i.default\cookies.txt -> TrackingCookie.Weborama : Cleaned.
:mozilla.826:C:\Documents and Settings\Omistaja\Application Data\Mozilla\Firefox\Profiles\tu2key2i.default\cookies.txt -> TrackingCookie.Yadro : Cleaned.
:mozilla.294:C:\Documents and Settings\Omistaja\Application Data\Mozilla\Firefox\Profiles\tu2key2i.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.295:C:\Documents and Settings\Omistaja\Application Data\Mozilla\Firefox\Profiles\tu2key2i.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.296:C:\Documents and Settings\Omistaja\Application Data\Mozilla\Firefox\Profiles\tu2key2i.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.297:C:\Documents and Settings\Omistaja\Application Data\Mozilla\Firefox\Profiles\tu2key2i.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.298:C:\Documents and Settings\Omistaja\Application Data\Mozilla\Firefox\Profiles\tu2key2i.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.299:C:\Documents and Settings\Omistaja\Application Data\Mozilla\Firefox\Profiles\tu2key2i.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.635:C:\Documents and Settings\Omistaja\Application Data\Mozilla\Firefox\Profiles\tu2key2i.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.636:C:\Documents and Settings\Omistaja\Application Data\Mozilla\Firefox\Profiles\tu2key2i.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.637:C:\Documents and Settings\Omistaja\Application Data\Mozilla\Firefox\Profiles\tu2key2i.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.


::Report end


And finally HijackThis log:

Quote

Logfile of HijackThis v1.99.1
Scan saved at 19:17:07, on 2.1.2007
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\Ati2evxx.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\ZoneLabs\vsmon.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\mspmspsv.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINNT\system32\Ati2evxx.exe
C:\WINNT\Explorer.EXE
C:\WINNT\SOUNDMAN.EXE
C:\Program Files\Creative\Mouse Optical\mouse_2k.exe
C:\WINNT\system32\GSICON.EXE
C:\WINNT\system32\dslagent.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\OpenOffice.org 2.1\program\soffice.exe
C:\Program Files\OpenOffice.org 2.1\program\soffice.BIN
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Omistaja\Desktop\hijackthis\HijackThis(2).exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.valkeakoski.fi
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.dial.inet.fi:800
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [CreativeMouse ] C:\Program Files\Creative\Mouse Optical\mouse_2k.exe
O4 - HKLM\..\Run: [GSICONEXE] GSICON.EXE
O4 - HKLM\..\Run: [DSLAGENTEXE] dslagent.exe USB
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Startup: OpenOffice.org 2.0.lnk = C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe
O4 - Startup: OpenOffice.org 2.1.lnk = C:\Program Files\OpenOffice.org 2.1\program\quickstart.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab31267.cab
O16 - DPF: {58172624-85DD-4482-9E64-02ADCA637E96} (shizmoo Class) - http://www.kungfuche...ivex/web665.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitd...can8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1159610709218
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zon...ro.cab47946.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINNT\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINNT\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LSA Shel (Export Version) - Unknown owner - C:\WINNT\lsass.exe (file missing)
O23 - Service: PSEXESVC - Sysinternals - C:\WINNT\System32\PSEXESVC.EXE
O23 - Service: Services an controller settings - Unknown owner - C:\WINNT\services.exe (file missing)
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINNT\system32\ZoneLabs\vsmon.exe
O23 - Service: Windows Internet Service - Unknown owner - C:\WINNT\iexplore.exe (file missing)
O23 - Service: Windows NT - Unknown owner - C:\WINNT\winlogon.exe (file missing)


#10 OFFLINE   rridgely

    I hate computers

  • Moderators
  • 8,858 posts
  • Gender:Male

Posted 02 January 2007 - 08:49 PM

Please download SmitfraudFix (by S!Ri)
Extract the content (a folder named SmitfraudFix) to your Desktop.

Open the SmitfraudFix folder and double-click smitfraudfix.cmd
Select option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).
Please copy/paste the content of that report into your next reply.

---------
Download this file - combofix.exe and save it to your desktop.
Double click combofix.exe & follow the prompts.
When it's finished, it will produce a log of what it found. Please post the contents of that log in your next reply

Note:
Do not mouseclick combofix's window whilst it's running as it may cause it to stall

Post both logs in your next reply.

#11 OFFLINE   Jouzou

    Newbie

  • Members
  • Pip
  • 7 posts

Posted 04 January 2007 - 09:36 PM

Smitfraudfix:

Quote

SmitFraudFix v2.132

Scan done at 23:28:35,79, to 04.01.2007
Run from C:\Documents and Settings\Omistaja\Desktop\Smitfraudfix\SmitfraudFix
OS: Microsoft Windows 2000 [Version 5.00.2195] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINNT


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINNT\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINNT\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINNT\system32


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Omistaja


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Omistaja\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Start Menu


»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\Omistaja\FAVORI~1


»»»»»»»»»»»»»»»»»»»»»»»» Desktop


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files


»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys


»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components



»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» pe386-msguard-lzx32


»»»»»»»»»»»»»»»»»»»»»»»» Scanning wininet.dll infection


»»»»»»»»»»»»»»»»»»»»»»»» End


Combofix:

Quote

Omistaja - to 04.01.2007 23:31:49,43 Service Pack 4
ComboFix 06.11.27 - Running from: "C:\Documents and Settings\Omistaja\Desktop"

((((((((((((((((((((((((((((((( Files Created from 2006-12-04 to 2007-01-04 ))))))))))))))))))))))))))))))))))


2006-12-31 16:42 3,968 --a------ C:\WINNT\system32\drivers\AvgAsCln.sys
2006-12-31 16:02 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2006-12-31 16:02 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2006-12-31 16:02 <DIR> d-------- C:\Documents and Settings\Omistaja\Application Data\SUPERAntiSpyware.com
2006-12-31 15:35 <DIR> d-------- C:\WINNT\BDOSCAN8
2006-12-29 15:59 1,734 --a------ C:\WINNT\system32\tmp.reg
2006-12-29 15:58 79,360 --a------ C:\WINNT\system32\swxcacls.exe
2006-12-29 15:58 53,248 --a------ C:\WINNT\system32\Process.exe
2006-12-29 15:58 51,200 --a------ C:\WINNT\system32\dumphive.exe
2006-12-29 15:58 40,960 --a------ C:\WINNT\system32\swsc.exe
2006-12-29 15:58 288,417 --a------ C:\WINNT\system32\SrchSTS.exe
2006-12-29 15:58 135,168 --a------ C:\WINNT\system32\swreg.exe
2006-12-23 00:18 <DIR> d-------- C:\My Music
2006-12-23 00:17 <DIR> d-------- C:\Program Files\Common Files\xing shared
2006-12-23 00:16 <DIR> d-------- C:\Program Files\Real
2006-12-23 00:16 <DIR> d-------- C:\Program Files\Common Files\Real
2006-12-23 00:16 <DIR> d-------- C:\Documents and Settings\Omistaja\Application Data\Real
2006-12-19 00:32 <DIR> d-------- C:\Program Files\Defcon
2006-12-15 23:26 2,071,368 --a------ C:\WINNT\system32\wmvcore.dll
2006-12-15 21:19 <DIR> d-------- C:\Program Files\EA GAMES
2006-12-15 17:49 <DIR> d-------- C:\Program Files\EA SPORTS
2006-12-15 17:48 <DIR> d-------- C:\NHL06
2006-12-15 16:09 <DIR> d-------- C:\Program Files\OpenOffice.org 2.1
2006-12-15 16:08 <DIR> d-------- C:\Open Office installation files
2006-12-13 20:06 <DIR> d-------- C:\Program Files\Eidos
2006-12-10 14:47 <DIR> d-------- C:\Program Files\Call of Duty Dawnville Demo
2006-12-08 19:20 <DIR> d-------- C:\Program Files\Google
2006-12-08 19:20 <DIR> d-------- C:\Documents and Settings\Omistaja\Application Data\Google
2006-12-08 02:31 297,472 --a------ C:\WINNT\uninst.exe
2006-12-08 02:31 <DIR> d-------- C:\Program Files\J„m„t
2006-12-06 20:51 57,344 --a------ C:\WINNT\uneng.exe
2006-12-06 20:51 49,152 --a------ C:\WINNT\system32\cdrtc.dll
2006-12-06 20:51 45,056 --a------ C:\WINNT\system32\cdral.dll
2006-12-06 20:51 <DIR> d-------- C:\Program Files\Common Files\Adaptec Shared
2006-12-06 20:50 98,304 --a------ C:\WINNT\system32\wmpshell.dll
2006-12-06 20:50 52,224 --a------ C:\WINNT\system32\mspmsnsv.dll
2006-12-06 20:50 225,280 --a------ C:\WINNT\system32\wmpdxm.dll
2006-12-06 20:50 208,896 --a------ C:\WINNT\system32\wmpns.dll
2006-12-06 20:50 171,008 --a------ C:\WINNT\system32\wmerror.dll
2006-12-06 20:50 106,496 --a------ C:\WINNT\system32\wmpasf.dll


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2007-01-04 23:22 -------- d-------- C:\Program Files\Mozilla Firefox
2007-01-04 23:21 -------- d-------- C:\Documents and Settings\Omistaja\Application Data\OpenOffice.org2
2006-12-31 21:32 -------- d-------- C:\Documents and Settings\Omistaja\Application Data\Adobe
2006-12-31 16:42 -------- d-------- C:\Program Files\Grisoft
2006-12-31 16:02 -------- d-a------ C:\Program Files\Common Files
2006-12-23 19:33 -------- d-------- C:\Program Files\Wolfenstein - Enemy Territory
2006-12-23 01:38 -------- d-------- C:\Program Files\mIRC
2006-12-19 16:53 -------- d-------- C:\Program Files\Opera
2006-12-18 13:53 -------- d-------- C:\Documents and Settings\Omistaja\Application Data\Skype
2006-12-16 04:19 -------- d-------- C:\Program Files\Common Files\System
2006-12-16 04:02 -------- d-------- C:\Documents and Settings\Omistaja\Application Data\BitTorrent
2006-12-15 21:45 -------- d--h----- C:\Program Files\InstallShield Installation Information
2006-12-15 15:55 -------- d-------- C:\Program Files\OpenOffice.org 2.0
2006-12-08 03:49 -------- d-------- C:\Documents and Settings\Omistaja\Application Data\Apple Computer
2006-12-06 20:51 -------- d-------- C:\Program Files\Windows Media Player
2006-12-03 23:38 -------- d-------- C:\Program Files\Alwil Software
2006-12-03 23:33 -------- d---s---- C:\Documents and Settings\Omistaja\Application Data\Microsoft
2006-12-01 19:25 -------- d-------- C:\Program Files\F-Secure
2006-12-01 19:21 -------- d-------- C:\Program Files\Zone Labs
2006-11-28 00:42 -------- d-------- C:\Documents and Settings\Omistaja\Application Data\X-Chat 2
2006-11-27 22:24 61440 --a------ C:\WINNT\system32\PSEXESVC.EXE
2006-11-25 17:29 -------- d-------- C:\Program Files\iTunes
2006-11-25 17:28 -------- d-------- C:\Program Files\iPod
2006-11-25 17:27 -------- d-------- C:\Program Files\QuickTime
2006-11-24 00:52 -------- d-------- C:\Program Files\X-Chat 2
2006-11-24 00:04 -------- d-------- C:\Program Files\Gaim
2006-11-24 00:03 -------- d-------- C:\Documents and Settings\Omistaja\Application Data\.gaim
2006-11-19 00:22 -------- d-------- C:\Program Files\Yahoo!
2006-11-19 00:22 -------- d-------- C:\Program Files\CCleaner
2006-11-19 00:12 95024 --a------ C:\WINNT\system32\sfc.dll
2006-11-17 15:05 -------- d-------- C:\Program Files\Rival Chess
2006-11-15 14:19 -------- d-------- C:\Program Files\BitTorrent
2006-11-12 21:57 -------- d-------- C:\Program Files\shizmoo
2006-11-11 18:54 39696 --a------ C:\WINNT\system32\ftp.exe
2006-11-11 18:54 17680 --a------ C:\WINNT\system32\tftp.exe
2006-11-07 18:48 150704 --a------ C:\WINNT\system32\highst.exe
2006-11-06 18:15 -------- d-------- C:\Documents and Settings\Omistaja\Application Data\Help
2006-11-06 18:07 -------- d-------- C:\Program Files\Nu-Ware
2006-11-06 12:47 596480 --a------ C:\WINNT\system32\INETCOMM.DLL
2006-11-06 01:30 -------- d-------- C:\Program Files\MRX Software
2006-11-01 13:01 401462 --a------ C:\WINNT\system32\msvcp60.dll
2006-10-30 19:27 73216 --a------ C:\WINNT\ST6UNST.EXE
2006-10-30 19:27 249856 --------- C:\WINNT\Setup1.exe
2006-10-26 16:10 150718 --a------ C:\WINNT\system32\bactroban.exe
2006-10-24 18:29 131072 --a------ C:\WINNT\system32\SpoonUninstall.exe
2006-10-03 21:52 865 --a------ C:\Documents and Settings\Omistaja\Application Data\AdobeDLM.log
2006-10-03 21:52 0 --a------ C:\Documents and Settings\Omistaja\Application Data\dm.ini


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"MsnMsgr"="\"C:\\Program Files\\MSN Messenger\\MsnMsgr.Exe\" /background"
"Skype"="\"C:\\Program Files\\Skype\\Phone\\Skype.exe\" /nosplash /minimized"
"BitTorrent"="\"C:\\Program Files\\BitTorrent\\bittorrent.exe\" --force_start_minimized"
"SUPERAntiSpyware"="C:\\Program Files\\SUPERAntiSpyware\\SUPERAntiSpyware.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"Synchronization Manager"="mobsync.exe /logon"
"SoundMan"="SOUNDMAN.EXE"
"CreativeMouse "="C:\\Program Files\\Creative\\Mouse Optical\\mouse_2k.exe"
"GSICONEXE"="GSICON.EXE"
"DSLAGENTEXE"="dslagent.exe USB"
"SunJavaUpdateSched"="C:\\Program Files\\Java\\jre1.5.0_06\\bin\\jusched.exe"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"Zone Labs Client"="\"C:\\Program Files\\Zone Labs\\ZoneAlarm\\zlclient.exe\""
"avast!"="C:\\PROGRA~1\\ALWILS~1\\Avast4\\ashDisp.exe"
"TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"!AVG Anti-Spyware"="\"C:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized"

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000003
"Settings"=dword:00000001
"GeneralFlags"=dword:00000000

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"internat.exe"="internat.exe"

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"^SetupICWDesktop"="C:\\Program Files\\Internet Explorer\\Connection Wizard\\icwconn1.exe /desktop"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=""
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000095

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]
"none"="C:\\Program Files\\Video ActiveX Object\\pmsngr.exe"

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000095

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"Network.ConnectionTray"="{7007ACCF-3202-11D1-AAD2-00805FC1270E}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"


Contents of the 'Scheduled Tasks' folder
C:\WINNT\tasks\AppleSoftwareUpdate.job

Completion time: Thu 2007-01-04 23:32:47.98
C:\ComboFix.txt ... 07-01-04 23:32

#12 OFFLINE   rridgely

    I hate computers

  • Moderators
  • 8,858 posts
  • Gender:Male

Posted 05 January 2007 - 04:08 PM

Run Kaspersky WebScanner
  • Please go HERE and click Kaspersky Online Scanner
  • Read and Accept the Agreement
  • You will be promted to install an ActiveX component from Kaspersky, Click Yes.
  • If you see a Windows dialog asking if you want to install this software, click the Install button.
  • The program will launch and then begin downloading the latest definition files,
  • When the "Update progress" line changes to "Ready" and the "NEXT ->" button becomes available, please click on it.
  • Click on the Scan Settings button, and in the next window select the Extended database, and click Ok.
  • Under "Please select a target to scan:", click My Computer to start the scan.
  • When the scan is finished, click the "Save as Text" button, and save the file as kavscan.txt to your Desktop, close the Kaspersky On-line Scanner window.
  • Paste kaspersky log onto forum.
Post that log in your next reply with a new hijackthis log.

#13 OFFLINE   Jouzou

    Newbie

  • Members
  • Pip
  • 7 posts

Posted 07 January 2007 - 03:22 AM

Kaspersky:

Quote

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Saturday, January 06, 2007 5:30:17 PM
Operating System: Microsoft Windows 2000 Professional, Service Pack 4 (Build 2195)
Kaspersky Online Scanner version: 5.0.83.0
Kaspersky Anti-Virus database last update: 6/01/2007
Kaspersky Anti-Virus database records: 256406
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\

Scan Statistics:
Total number of scanned objects: 31213
Number of viruses found: 9
Number of infected objects: 15 / 0
Number of suspicious objects: 0
Duration of the scan process: 01:03:26

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\Default User\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Default User\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Omistaja\Application Data\Mozilla\Firefox\Profiles\tu2key2i.default\cert8.db Object is locked skipped
C:\Documents and Settings\Omistaja\Application Data\Mozilla\Firefox\Profiles\tu2key2i.default\formhistory.dat Object is locked skipped
C:\Documents and Settings\Omistaja\Application Data\Mozilla\Firefox\Profiles\tu2key2i.default\history.dat Object is locked skipped
C:\Documents and Settings\Omistaja\Application Data\Mozilla\Firefox\Profiles\tu2key2i.default\key3.db Object is locked skipped
C:\Documents and Settings\Omistaja\Application Data\Mozilla\Firefox\Profiles\tu2key2i.default\parent.lock Object is locked skipped
C:\Documents and Settings\Omistaja\Application Data\Mozilla\Firefox\Profiles\tu2key2i.default\search.sqlite Object is locked skipped
C:\Documents and Settings\Omistaja\Application Data\Mozilla\Firefox\Profiles\tu2key2i.default\urlclassifier2.sqlite Object is locked skipped
C:\Documents and Settings\Omistaja\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\java.jar-568da6be-6e84ac46.zip/GetAccess.class Infected: Trojan-Downloader.Java.OpenConnection.aj skipped
C:\Documents and Settings\Omistaja\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\java.jar-568da6be-6e84ac46.zip/Installer.class Infected: Trojan-Downloader.Java.OpenConnection.aj skipped
C:\Documents and Settings\Omistaja\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\java.jar-568da6be-6e84ac46.zip ZIP: infected - 2 skipped
C:\Documents and Settings\Omistaja\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loaderadv605.jar-49729d17-2daed68e.zip/Matrix.class Infected: Trojan-Downloader.Java.OpenStream.c skipped
C:\Documents and Settings\Omistaja\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loaderadv605.jar-49729d17-2daed68e.zip/Counter.class Infected: Trojan.Java.ClassLoader.h skipped
C:\Documents and Settings\Omistaja\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loaderadv605.jar-49729d17-2daed68e.zip/Parser.class Infected: Trojan.Java.ClassLoader.d skipped
C:\Documents and Settings\Omistaja\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loaderadv605.jar-49729d17-2daed68e.zip ZIP: infected - 3 skipped
C:\Documents and Settings\Omistaja\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Omistaja\Desktop\Smitfraudfix\SmitfraudFix\Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\Documents and Settings\Omistaja\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Omistaja\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Omistaja\Local Settings\Application Data\Mozilla\Firefox\Profiles\tu2key2i.default\Cache\9FE8075Dd01 Object is locked skipped
C:\Documents and Settings\Omistaja\Local Settings\Application Data\Mozilla\Firefox\Profiles\tu2key2i.default\Cache\_CACHE_001_ Object is locked skipped
C:\Documents and Settings\Omistaja\Local Settings\Application Data\Mozilla\Firefox\Profiles\tu2key2i.default\Cache\_CACHE_002_ Object is locked skipped
C:\Documents and Settings\Omistaja\Local Settings\Application Data\Mozilla\Firefox\Profiles\tu2key2i.default\Cache\_CACHE_003_ Object is locked skipped
C:\Documents and Settings\Omistaja\Local Settings\Application Data\Mozilla\Firefox\Profiles\tu2key2i.default\Cache\_CACHE_MAP_ Object is locked skipped
C:\Documents and Settings\Omistaja\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Omistaja\Local Settings\Temp\fla1B6.tmp Object is locked skipped
C:\Documents and Settings\Omistaja\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Omistaja\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Omistaja\ntuser.dat.LOG Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\aswResp.dat Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\Avast4.db Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\log\AshWebSv.ws Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\log\aswMaiSv.log Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\log\nshield.log Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\report\Resident protection.txt Object is locked skipped
C:\Program Files\mIRC\mirc.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.62 skipped
C:\unzipped\SmitfraudFix\SmitfraudFix\Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\WINNT\CSC000001 Object is locked skipped
C:\WINNT\Debug\ipsecpa.log Object is locked skipped
C:\WINNT\Debug\oakley.log Object is locked skipped
C:\WINNT\Debug\PASSWD.LOG Object is locked skipped
C:\WINNT\Internet Logs\fwdbglog.txt Object is locked skipped
C:\WINNT\Internet Logs\fwpktlog.txt Object is locked skipped
C:\WINNT\Internet Logs\IAMDB.RDB Object is locked skipped
C:\WINNT\Internet Logs\OMISTAJA-77FFF0.ldb Object is locked skipped
C:\WINNT\Internet Logs\tvDebug.log Object is locked skipped
C:\WINNT\SchedLgU.Txt Object is locked skipped
C:\WINNT\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINNT\system32\bactroban.exe/data.rar/nosedz.exe Infected: Backdoor.Win32.SdBot.gen skipped
C:\WINNT\system32\bactroban.exe/data.rar/bactro.exe Infected: Trojan-Proxy.Win32.Ranky.fx skipped
C:\WINNT\system32\bactroban.exe/data.rar Infected: Trojan-Proxy.Win32.Ranky.fx skipped
C:\WINNT\system32\bactroban.exe RarSFX: infected - 3 skipped
C:\WINNT\system32\config\Antivirus.Evt Object is locked skipped
C:\WINNT\system32\config\AppEvent.Evt Object is locked skipped
C:\WINNT\system32\config\default Object is locked skipped
C:\WINNT\system32\config\default.LOG Object is locked skipped
C:\WINNT\system32\config\SAM Object is locked skipped
C:\WINNT\system32\config\SAM.LOG Object is locked skipped
C:\WINNT\system32\config\SecEvent.Evt Object is locked skipped
C:\WINNT\system32\config\SECURITY Object is locked skipped
C:\WINNT\system32\config\SECURITY.LOG Object is locked skipped
C:\WINNT\system32\config\software Object is locked skipped
C:\WINNT\system32\config\software.LOG Object is locked skipped
C:\WINNT\system32\config\SysEvent.Evt Object is locked skipped
C:\WINNT\system32\config\system Object is locked skipped
C:\WINNT\system32\config\SYSTEM.ALT Object is locked skipped
C:\WINNT\system32\Perflib_Perfdata_27c.dat Object is locked skipped
C:\WINNT\system32\Perflib_Perfdata_39c.dat Object is locked skipped
C:\WINNT\system32\PSEXESVC.EXE Infected: not-a-virus:RiskTool.Win32.PsExec.123 skipped
C:\WINNT\Temp\ZLT00f4e.TMP Object is locked skipped
C:\WINNT\Temp\ZLT00f54.TMP Object is locked skipped
C:\WINNT\Temp\_avast4_\Webshlock.txt Object is locked skipped
C:\WINNT\WindowsUpdate.log Object is locked skipped

Scan process completed.
Hijack This:

Quote

Logfile of HijackThis v1.99.1
Scan saved at 18:00:25, on 6.1.2007
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\Ati2evxx.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\ZoneLabs\vsmon.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\mspmspsv.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\Ati2evxx.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINNT\SOUNDMAN.EXE
C:\Program Files\Creative\Mouse Optical\mouse_2k.exe
C:\WINNT\system32\GSICON.EXE
C:\WINNT\system32\dslagent.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\OpenOffice.org 2.1\program\soffice.exe
C:\Program Files\OpenOffice.org 2.1\program\soffice.BIN
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Java\jre1.5.0_06\bin\jucheck.exe
C:\Documents and Settings\Omistaja\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.valkeakoski.fi
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.dial.inet.fi:800
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [CreativeMouse ] C:\Program Files\Creative\Mouse Optical\mouse_2k.exe
O4 - HKLM\..\Run: [GSICONEXE] GSICON.EXE
O4 - HKLM\..\Run: [DSLAGENTEXE] dslagent.exe USB
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Startup: OpenOffice.org 2.0.lnk = C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe
O4 - Startup: OpenOffice.org 2.1.lnk = C:\Program Files\OpenOffice.org 2.1\program\quickstart.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab31267.cab
O16 - DPF: {58172624-85DD-4482-9E64-02ADCA637E96} (shizmoo Class) - http://www.kungfuche...ivex/web665.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitd...can8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1159610709218
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zon...ro.cab47946.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINNT\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINNT\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LSA Shel (Export Version) - Unknown owner - C:\WINNT\lsass.exe (file missing)
O23 - Service: PSEXESVC - Sysinternals - C:\WINNT\System32\PSEXESVC.EXE
O23 - Service: Services an controller settings - Unknown owner - C:\WINNT\services.exe (file missing)
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINNT\system32\ZoneLabs\vsmon.exe
O23 - Service: Windows Internet Service - Unknown owner - C:\WINNT\iexplore.exe (file missing)
O23 - Service: Windows NT - Unknown owner - C:\WINNT\winlogon.exe (file missing)

Back to Spyware Hell


  1. Piriform Community Forums
  2. Computer Help and Discussion
  3. Spyware Hell