HJT Aze pain in the ASS!! please help.

Imfishy · 11-30-2005, 11:41 PM

I tried and tried and tried and now i'm tired. please help

Logfile of HijackThis v1.99.1
Scan saved at 6:40:51 PM, on 11/30/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Stardock\SDMCP.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\System32\ctfmon.exe
C:\WINDOWS\System32\m?iexec.exe
C:\Program Files\Messenger\msmsgs.exe
c:\progra~1\intern~1\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\macromed\flash\GetFlash.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Max\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.puxqaualblnq.com/U6JEO7Oz...GPEMZrJnst.asp
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = about:blank
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {206E52E0-D52E-11D4-AD54-0000E86C26F6} - C:\PROGRA~1\FRESHD~1\FRESHD~1\fdcatch.dll (file missing)
O2 - BHO: bho2gr Class - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - C:\Program Files\GetRight\xx2gr.dll
O2 - BHO: ohb Class - {98640C3B-0699-4D51-ADB4-A6FC48ACB966} - C:\WINDOWS\System32\nsvA.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Scriptlet.Tools - {EEBA788A-C268-492A-B7FE-42C2B6C553D4} - C:\DOCUME~1\ALLUSE~1\APPLIC~1\Bin\bin.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [\1.exe] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Tools\1.exe
O4 - HKLM\..\Run: [oozebatvgajunk] C:\Documents and Settings\All Users\Application Data\TitleDefaultOozeBat\THUNKTITLE.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\RunServices: [\1.exe] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Tools\1.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [Stxjagwf] C:\WINDOWS\System32\?ttrib.exe
O4 - HKCU\..\Run: [Noj] C:\WINDOWS\System32\m?iexec.exe
O4 - HKCU\..\Run: [EggsDog] C:\DOCUME~1\Max\APPLIC~1\AXISDU~1\DartDumbFrag.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [\1.exe] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Tools\1.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm
O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: IEToolbarCab - http://www.dailytoolbar.com/DailyToolbarAff.CAB
O16 - DPF: {14A3221B-1678-1982-A355-7263B1281987} - ms-its:mhtml:file://C:\foo.mht!http://195.190.118.140/e9xr2.chm::/file.exe
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yaho...st20040510.cab
O16 - DPF: {3695B964-7E17-4B45-AF5F-666C3D84CD4D} (Qplay Connection Control) - http://qplay.nx.com/ActiveX/Public/QxConn.cab
O16 - DPF: {48884C41-EFAC-433D-958A-9FADAC41408E} (EGamesPlugin Class) - https://www.e-games.in.th/com/EGamesPlugin.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1125526317718
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2...ll/xscan53.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {CFCB7308-782F-11D4-BE27-000102598CE4} (NPX Control) - http://nprotect1.gravity.co.kr/nprotect/npx.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: MCPClient - C:\Program Files\Common Files\Stardock\mcpstub.dll
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

**Buzz1927** · 12-01-2005, 09:14 PM

In your topic title, are you referring to raze or axe, it's important to know which.

Imfishy · 12-01-2005, 10:42 PM

It's AzeToolbar sorry for not being specific.

**Buzz1927** · 12-01-2005, 10:48 PM

Strange, never heard of that, download Ewido, update and run a full scan, remove all it finds, then reboot and post a new Hijackthis log.
http://download.ewido.net/ewido-setup.exe

Imfishy · 12-02-2005, 01:08 AM

---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 8:06:06 PM, 12/1/2005
+ Report-Checksum: 5470A938

+ Scan result:

HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\IEToolbarCab -> Spyware.DailyToolbar : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\IEToolbarCab\Contains -> Spyware.DailyToolbar : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\IEToolbarCab\Contains\Files -> Spyware.DailyToolbar : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\IEToolbarCab\DownloadInformation -> Spyware.DailyToolbar : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\IEToolbarCab\InstalledVersion -> Spyware.DailyToolbar : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{14A3221B-1678-1982-A355-7263B1281987} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\ins -> Spyware.WebRebates : Cleaned with backup
C:\Documents and Settings\All Users\Application Data\Tools\1.exe -> Spyware.MediaBack : Cleaned with backup
:mozilla.10:C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\qa6fnwiq.default\coo kies.txt -> Spyware.Cookie.Com : Cleaned with backup
:mozilla.12:C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\qa6fnwiq.default\coo kies.txt -> Spyware.Cookie.Com : Cleaned with backup
:mozilla.13:C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\qa6fnwiq.default\coo kies.txt -> Spyware.Cookie.Atdmt : Cleaned with backup
:mozilla.21:C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\qa6fnwiq.default\coo kies.txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
:mozilla.22:C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\qa6fnwiq.default\coo kies.txt -> Spyware.Cookie.Revenue : Cleaned with backup
:mozilla.10:C:\Documents and Settings\Max\Application Data\Mozilla\Firefox\Profiles\9ty0qg90.Max\cookies .txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
:mozilla.16:C:\Documents and Settings\Max\Application Data\Mozilla\Firefox\Profiles\9ty0qg90.Max\cookies .txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.18:C:\Documents and Settings\Max\Application Data\Mozilla\Firefox\Profiles\9ty0qg90.Max\cookies .txt -> Spyware.Cookie.Mediaplex : Cleaned with backup
:mozilla.19:C:\Documents and Settings\Max\Application Data\Mozilla\Firefox\Profiles\9ty0qg90.Max\cookies .txt -> Spyware.Cookie.Atdmt : Cleaned with backup
:mozilla.53:C:\Documents and Settings\Max\Application Data\Mozilla\Firefox\Profiles\9ty0qg90.Max\cookies .txt -> Spyware.Cookie.Googleadservices : Cleaned with backup
:mozilla.60:C:\Documents and Settings\Max\Application Data\Mozilla\Firefox\Profiles\9ty0qg90.Max\cookies .txt -> Spyware.Cookie.Specificclick : Cleaned with backup
:mozilla.66:C:\Documents and Settings\Max\Application Data\Mozilla\Firefox\Profiles\9ty0qg90.Max\cookies .txt -> Spyware.Cookie.Specificclick : Cleaned with backup
:mozilla.67:C:\Documents and Settings\Max\Application Data\Mozilla\Firefox\Profiles\9ty0qg90.Max\cookies .txt -> Spyware.Cookie.Specificclick : Cleaned with backup
:mozilla.68:C:\Documents and Settings\Max\Application Data\Mozilla\Firefox\Profiles\9ty0qg90.Max\cookies .txt -> Spyware.Cookie.Specificclick : Cleaned with backup
:mozilla.69:C:\Documents and Settings\Max\Application Data\Mozilla\Firefox\Profiles\9ty0qg90.Max\cookies .txt -> Spyware.Cookie.Specificclick : Cleaned with backup
:mozilla.70:C:\Documents and Settings\Max\Application Data\Mozilla\Firefox\Profiles\9ty0qg90.Max\cookies .txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.71:C:\Documents and Settings\Max\Application Data\Mozilla\Firefox\Profiles\9ty0qg90.Max\cookies .txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.72:C:\Documents and Settings\Max\Application Data\Mozilla\Firefox\Profiles\9ty0qg90.Max\cookies .txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.73:C:\Documents and Settings\Max\Application Data\Mozilla\Firefox\Profiles\9ty0qg90.Max\cookies .txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.74:C:\Documents and Settings\Max\Application Data\Mozilla\Firefox\Profiles\9ty0qg90.Max\cookies .txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.83:C:\Documents and Settings\Max\Application Data\Mozilla\Firefox\Profiles\9ty0qg90.Max\cookies .txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.84:C:\Documents and Settings\Max\Application Data\Mozilla\Firefox\Profiles\9ty0qg90.Max\cookies .txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.85:C:\Documents and Settings\Max\Application Data\Mozilla\Firefox\Profiles\9ty0qg90.Max\cookies .txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.86:C:\Documents and Settings\Max\Application Data\Mozilla\Firefox\Profiles\9ty0qg90.Max\cookies .txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.87:C:\Documents and Settings\Max\Application Data\Mozilla\Firefox\Profiles\9ty0qg90.Max\cookies .txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.88:C:\Documents and Settings\Max\Application Data\Mozilla\Firefox\Profiles\9ty0qg90.Max\cookies .txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.89:C:\Documents and Settings\Max\Application Data\Mozilla\Firefox\Profiles\9ty0qg90.Max\cookies .txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.90:C:\Documents and Settings\Max\Application Data\Mozilla\Firefox\Profiles\9ty0qg90.Max\cookies .txt -> Spyware.Cookie.Revenue : Cleaned with backup
:mozilla.95:C:\Documents and Settings\Max\Application Data\Mozilla\Firefox\Profiles\9ty0qg90.Max\cookies .txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.96:C:\Documents and Settings\Max\Application Data\Mozilla\Firefox\Profiles\9ty0qg90.Max\cookies .txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.97:C:\Documents and Settings\Max\Application Data\Mozilla\Firefox\Profiles\9ty0qg90.Max\cookies .txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.98:C:\Documents and Settings\Max\Application Data\Mozilla\Firefox\Profiles\9ty0qg90.Max\cookies .txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.99:C:\Documents and Settings\Max\Application Data\Mozilla\Firefox\Profiles\9ty0qg90.Max\cookies .txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.100:C:\Documents and Settings\Max\Application Data\Mozilla\Firefox\Profiles\9ty0qg90.Max\cookies .txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.101:C:\Documents and Settings\Max\Application Data\Mozilla\Firefox\Profiles\9ty0qg90.Max\cookies .txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.102:C:\Documents and Settings\Max\Application Data\Mozilla\Firefox\Profiles\9ty0qg90.Max\cookies .txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.103:C:\Documents and Settings\Max\Application Data\Mozilla\Firefox\Profiles\9ty0qg90.Max\cookies .txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.104:C:\Documents and Settings\Max\Application Data\Mozilla\Firefox\Profiles\9ty0qg90.Max\cookies .txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.105:C:\Documents and Settings\Max\Application Data\Mozilla\Firefox\Profiles\9ty0qg90.Max\cookies .txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.106:C:\Documents and Settings\Max\Application Data\Mozilla\Firefox\Profiles\9ty0qg90.Max\cookies .txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.110:C:\Documents and Settings\Max\Application Data\Mozilla\Firefox\Profiles\9ty0qg90.Max\cookies .txt -> Spyware.Cookie.****-access : Cleaned with backup
:mozilla.114:C:\Documents and Settings\Max\Application Data\Mozilla\Firefox\Profiles\9ty0qg90.Max\cookies .txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.118:C:\Documents and Settings\Max\Application Data\Mozilla\Firefox\Profiles\9ty0qg90.Max\cookies .txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.119:C:\Documents and Settings\Max\Application Data\Mozilla\Firefox\Profiles\9ty0qg90.Max\cookies .txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.129:C:\Documents and Settings\Max\Application Data\Mozilla\Firefox\Profiles\9ty0qg90.Max\cookies .txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
:mozilla.130:C:\Documents and Settings\Max\Application Data\Mozilla\Firefox\Profiles\9ty0qg90.Max\cookies .txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
:mozilla.131:C:\Documents and Settings\Max\Application Data\Mozilla\Firefox\Profiles\9ty0qg90.Max\cookies .txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
:mozilla.132:C:\Documents and Settings\Max\Application Data\Mozilla\Firefox\Profiles\9ty0qg90.Max\cookies .txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
:mozilla.133:C:\Documents and Settings\Max\Application Data\Mozilla\Firefox\Profiles\9ty0qg90.Max\cookies .txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
:mozilla.134:C:\Documents and Settings\Max\Application Data\Mozilla\Firefox\Profiles\9ty0qg90.Max\cookies .txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
:mozilla.135:C:\Documents and Settings\Max\Application Data\Mozilla\Firefox\Profiles\9ty0qg90.Max\cookies .txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.136:C:\Documents and Settings\Max\Application Data\Mozilla\Firefox\Profiles\9ty0qg90.Max\cookies .txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.137:C:\Documents and Settings\Max\Application Data\Mozilla\Firefox\Profiles\9ty0qg90.Max\cookies .txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.138:C:\Documents and Settings\Max\Application Data\Mozilla\Firefox\Profiles\9ty0qg90.Max\cookies .txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.140:C:\Documents and Settings\Max\Application Data\Mozilla\Firefox\Profiles\9ty0qg90.Max\cookies .txt -> Spyware.Cookie.Ru4 : Cleaned with backup
:mozilla.141:C:\Documents and Settings\Max\Application Data\Mozilla\Firefox\Profiles\9ty0qg90.Max\cookies .txt -> Spyware.Cookie.Ru4 : Cleaned with backup
:mozilla.142:C:\Documents and Settings\Max\Application Data\Mozilla\Firefox\Profiles\9ty0qg90.Max\cookies .txt -> Spyware.Cookie.247realmedia : Cleaned with backup
:mozilla.160:C:\Documents and Settings\Max\Application Data\Mozilla\Firefox\Profiles\9ty0qg90.Max\cookies .txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.161:C:\Documents and Settings\Max\Application Data\Mozilla\Firefox\Profiles\9ty0qg90.Max\cookies .txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.162:C:\Documents and Settings\Max\Application Data\Mozilla\Firefox\Profiles\9ty0qg90.Max\cookies .txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.163:C:\Documents and Settings\Max\Application Data\Mozilla\Firefox\Profiles\9ty0qg90.Max\cookies .txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.164:C:\Documents and Settings\Max\Application Data\Mozilla\Firefox\Profiles\9ty0qg90.Max\cookies .txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.165:C:\Documents and Settings\Max\Application Data\Mozilla\Firefox\Profiles\9ty0qg90.Max\cookies .txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.166:C:\Documents and Settings\Max\Application Data\Mozilla\Firefox\Profiles\9ty0qg90.Max\cookies .txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.167:C:\Documents and Settings\Max\Application Data\Mozilla\Firefox\Profiles\9ty0qg90.Max\cookies .txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.168:C:\Documents and Settings\Max\Application Data\Mozilla\Firefox\Profiles\9ty0qg90.Max\cookies .txt -> Spyware.Cookie.Bluestreak : Cleaned with backup
:mozilla.174:C:\Documents and Settings\Max\Application Data\Mozilla\Firefox\Profiles\9ty0qg90.Max\cookies .txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.178:C:\Documents and Settings\Max\Application Data\Mozilla\Firefox\Profiles\9ty0qg90.Max\cookies .txt -> Spyware.Cookie.Valueclick : Cleaned with backup
:mozilla.179:C:\Documents and Settings\Max\Application Data\Mozilla\Firefox\Profiles\9ty0qg90.Max\cookies .txt -> Spyware.Cookie.Valueclick : Cleaned with backup
:mozilla.180:C:\Documents and Settings\Max\Application Data\Mozilla\Firefox\Profiles\9ty0qg90.Max\cookies .txt -> Spyware.Cookie.Com : Cleaned with backup
:mozilla.182:C:\Documents and Settings\Max\Application Data\Mozilla\Firefox\Profiles\9ty0qg90.Max\cookies .txt -> Spyware.Cookie.Com : Cleaned with backup
:mozilla.189:C:\Documents and Settings\Max\Application Data\Mozilla\Firefox\Profiles\9ty0qg90.Max\cookies .txt -> Spyware.Cookie.Questionmarket : Cleaned with backup
:mozilla.190:C:\Documents and Settings\Max\Application Data\Mozilla\Firefox\Profiles\9ty0qg90.Max\cookies .txt -> Spyware.Cookie.Bridgetrack : Cleaned with backup
:mozilla.191:C:\Documents and Settings\Max\Application Data\Mozilla\Firefox\Profiles\9ty0qg90.Max\cookies .txt -> Spyware.Cookie.Bridgetrack : Cleaned with backup
:mozilla.192:C:\Documents and Settings\Max\Application Data\Mozilla\Firefox\Profiles\9ty0qg90.Max\cookies .txt -> Spyware.Cookie.Bridgetrack : Cleaned with backup
:mozilla.193:C:\Documents and Settings\Max\Application Data\Mozilla\Firefox\Profiles\9ty0qg90.Max\cookies .txt -> Spyware.Cookie.Bridgetrack : Cleaned with backup
C:\Documents and Settings\Max\Cookies\max@ad.yieldmanager[2].txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\Max\Cookies\max@ayb.lop[1].txt -> Spyware.Cookie.Lop : Cleaned with backup
C:\Documents and Settings\Max\Cookies\max@statcounter[2].txt -> Spyware.Cookie.Statcounter : Cleaned with backup
C:\Documents and Settings\Max\Cookies\max@z1.adserver[1].txt -> Spyware.Cookie.Adserver : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq10B.tmp -> Spyware.Cookie.Findwhat : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq10C.tmp -> Spyware.Cookie.Adserver : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq117.tmp -> Spyware.Cookie.2o7 : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq14B.tmp -> Spyware.Cookie.Lop : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq152.tmp -> Spyware.Cookie.Revenue : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq239.tmp -> Spyware.Cookie.Casalemedia : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq23A.tmp -> Spyware.Cookie.Bridgetrack : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq23B.tmp -> Spyware.Cookie.Fastclick : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq23C.tmp -> Spyware.Cookie.Questionmarket : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq23E.tmp -> Spyware.Cookie.Revenue : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq23F.tmp -> Spyware.Cookie.Trafficmp : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq240.tmp -> Spyware.Cookie.Tribalfusion : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq578.tmp -> Spyware.Cookie.Ru4 : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppqB8.tmp -> Spyware.MediaBack : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppqC4.tmp -> Spyware.Cookie.Casalemedia : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppqC5.tmp -> Spyware.Cookie.Ru4 : Cleaned with backup
C:\WINDOWS\Downloaded Program Files\CONFLICT.1\HDPlugin1019.dll -> Adware.Gator : Cleaned with backup
C:\WINDOWS\system32\mѕiexec.exe -> Spyware.PurityScan : Cleaned with backup
C:\WINDOWS\system32\аttrib.exe -> Spyware.PurityScan : Cleaned with backup

::Report End

**Buzz1927** · 12-02-2005, 09:59 PM

Reconfigure Windows XP to show hidden files:
Click Start. Open My Computer.
Select the Tools menu and click Folder Options. Select the View Tab.

Under the Hidden files and folders heading select "Show hidden files and folders".
Uncheck the "Hide protected operating system files (recommended)" option.
Uncheck the "Hide file extensions for known file types" option.
Click Yes to confirm. Click OK.

Boot into safemode (tap f8 on startup).

Run Hijackthis and select "Do a system scan only", place a check by the following entries.

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.puxqaualblnq.com/U6JEO7Oz...GPEMZrJnst.asp
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = about:blank
O2 - BHO: ohb Class - {98640C3B-0699-4D51-ADB4-A6FC48ACB966} - C:\WINDOWS\System32\nsvA.dll
O2 - BHO: Scriptlet.Tools - {EEBA788A-C268-492A-B7FE-42C2B6C553D4} - C:\DOCUME~1\ALLUSE~1\APPLIC~1\Bin\bin.dll
O4 - HKLM\..\Run: [\1.exe] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Tools\1.exe
O4 - HKLM\..\Run: [oozebatvgajunk] C:\Documents and Settings\All Users\Application Data\TitleDefaultOozeBat\THUNKTITLE.exe
O4 - HKLM\..\RunServices: [\1.exe] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Tools\1.exe
O4 - HKCU\..\Run: [Stxjagwf] C:\WINDOWS\System32\?ttrib.exe
O4 - HKCU\..\Run: [Noj] C:\WINDOWS\System32\m?iexec.exe
O4 - HKCU\..\Run: [EggsDog] C:\DOCUME~1\Max\APPLIC~1\AXISDU~1\DartDumbFrag.exe
O4 - HKCU\..\Run: [\1.exe] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Tools\1.exe
O16 - DPF: IEToolbarCab - http://www.dailytoolbar.com/DailyToolbarAff.CAB
O16 - DPF: {14A3221B-1678-1982-A355-7263B1281987} - ms-its:mhtml:file://C:\foo.mht!http://195.190.118.140/e9xr2.chm::/file.exe

Close all open windows and browsers, and hit "Fix Checked".

Delete these folders\files.

C:\Documents and Settings\All Users\Application Data\Tools
C:\Documents and Settings\All Users\Application Data\TitleDefaultOozeBat
C:\Documents and Settings\Max\Application Data\AXISDU~1 <- This will be longer than 6 letters, but will start with AXISDU and contain the file DartDumbFrag.exe

Then boot back to normal mode, and post a new Hijackthis log, and say how things are now.

Imfishy · 12-04-2005, 06:15 AM

Logfile of HijackThis v1.99.1
Scan saved at 1:13:54 AM, on 12/4/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Stardock\SDMCP.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Documents and Settings\Max\Desktop\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {206E52E0-D52E-11D4-AD54-0000E86C26F6} - C:\PROGRA~1\FRESHD~1\FRESHD~1\fdcatch.dll (file missing)
O2 - BHO: bho2gr Class - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - C:\Program Files\GetRight\xx2gr.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [ATHC] "C:\Program Files\Warcraft III\ATH UPDATE.exe" --check
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm
O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yaho...st20040510.cab
O16 - DPF: {3695B964-7E17-4B45-AF5F-666C3D84CD4D} (Qplay Connection Control) - http://qplay.nx.com/ActiveX/Public/QxConn.cab
O16 - DPF: {48884C41-EFAC-433D-958A-9FADAC41408E} (EGamesPlugin Class) - https://www.e-games.in.th/com/EGamesPlugin.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1125526317718
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2...ll/xscan53.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {CFCB7308-782F-11D4-BE27-000102598CE4} (NPX Control) - http://nprotect1.gravity.co.kr/nprotect/npx.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: MCPClient - C:\Program Files\Common Files\Stardock\mcpstub.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

***I ran Yahoo! Anti spyware, it found Azetoolbar but after I deleted them off and rerun it. Didn't find anything.*** so not sure, take a look please.

**Buzz1927** · 12-04-2005, 06:09 PM

Yeah, looks clean now.

Imfishy · 12-04-2005, 07:46 PM

Man,

u r one hella reaper. I'm glad we have a person like you on earth. Thanx a lot.

11-30-2005, 11:41 PM	#1 (permalink)
Imfishy New Member Join Date: Nov 2005 Posts: 6	HJT Aze pain in the ASS!! please help. I tried and tried and tried and now i'm tired. please help Logfile of HijackThis v1.99.1 Scan saved at 6:40:51 PM, on 11/30/2005 Platform: Windows XP (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 (6.00.2600.0000) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Stardock\SDMCP.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\WINDOWS\System32\ctfmon.exe C:\WINDOWS\System32\m?iexec.exe C:\Program Files\Messenger\msmsgs.exe c:\progra~1\intern~1\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\WINDOWS\System32\nvsvc32.exe C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe C:\WINDOWS\System32\macromed\flash\GetFlash.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Documents and Settings\Max\Desktop\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.puxqaualblnq.com/U6JEO7Oz...GPEMZrJnst.asp R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = about:blank O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {206E52E0-D52E-11D4-AD54-0000E86C26F6} - C:\PROGRA~1\FRESHD~1\FRESHD~1\fdcatch.dll (file missing) O2 - BHO: bho2gr Class - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - C:\Program Files\GetRight\xx2gr.dll O2 - BHO: ohb Class - {98640C3B-0699-4D51-ADB4-A6FC48ACB966} - C:\WINDOWS\System32\nsvA.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O2 - BHO: Scriptlet.Tools - {EEBA788A-C268-492A-B7FE-42C2B6C553D4} - C:\DOCUME~1\ALLUSE~1\APPLIC~1\Bin\bin.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O4 - HKLM\..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [\1.exe] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Tools\1.exe O4 - HKLM\..\Run: [oozebatvgajunk] C:\Documents and Settings\All Users\Application Data\TitleDefaultOozeBat\THUNKTITLE.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\RunServices: [\1.exe] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Tools\1.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe O4 - HKCU\..\Run: [Stxjagwf] C:\WINDOWS\System32\?ttrib.exe O4 - HKCU\..\Run: [Noj] C:\WINDOWS\System32\m?iexec.exe O4 - HKCU\..\Run: [EggsDog] C:\DOCUME~1\Max\APPLIC~1\AXISDU~1\DartDumbFrag.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [\1.exe] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Tools\1.exe O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O16 - DPF: IEToolbarCab - http://www.dailytoolbar.com/DailyToolbarAff.CAB O16 - DPF: {14A3221B-1678-1982-A355-7263B1281987} - ms-its:mhtml:file://C:\foo.mht!http://195.190.118.140/e9xr2.chm::/file.exe O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yaho...st20040510.cab O16 - DPF: {3695B964-7E17-4B45-AF5F-666C3D84CD4D} (Qplay Connection Control) - http://qplay.nx.com/ActiveX/Public/QxConn.cab O16 - DPF: {48884C41-EFAC-433D-958A-9FADAC41408E} (EGamesPlugin Class) - https://www.e-games.in.th/com/EGamesPlugin.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1125526317718 O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2...ll/xscan53.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab O16 - DPF: {CFCB7308-782F-11D4-BE27-000102598CE4} (NPX Control) - http://nprotect1.gravity.co.kr/nprotect/npx.cab O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O20 - Winlogon Notify: MCPClient - C:\Program Files\Common Files\Stardock\mcpstub.dll O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

12-01-2005, 09:14 PM	#2 (permalink)
Buzz1927 Slyware Assassin Join Date: May 2005 Location: Melbourne AU Posts: 5,829	In your topic title, are you referring to raze or axe, it's important to know which. __________________ The Grim Reaper - Son of Glyndwr "To Hell or Connacht" may you burn in Hell tonight!

12-01-2005, 10:48 PM	#4 (permalink)
Buzz1927 Slyware Assassin Join Date: May 2005 Location: Melbourne AU Posts: 5,829	Strange, never heard of that, download Ewido, update and run a full scan, remove all it finds, then reboot and post a new Hijackthis log. http://download.ewido.net/ewido-setup.exe __________________ The Grim Reaper - Son of Glyndwr "To Hell or Connacht" may you burn in Hell tonight!

12-02-2005, 09:59 PM	#6 (permalink)
Buzz1927 Slyware Assassin Join Date: May 2005 Location: Melbourne AU Posts: 5,829	Reconfigure Windows XP to show hidden files: Click Start. Open My Computer. Select the Tools menu and click Folder Options. Select the View Tab. Under the Hidden files and folders heading select "Show hidden files and folders". Uncheck the "Hide protected operating system files (recommended)" option. Uncheck the "Hide file extensions for known file types" option. Click Yes to confirm. Click OK. Boot into safemode (tap f8 on startup). Run Hijackthis and select "Do a system scan only", place a check by the following entries. R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.puxqaualblnq.com/U6JEO7Oz...GPEMZrJnst.asp R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = about:blank O2 - BHO: ohb Class - {98640C3B-0699-4D51-ADB4-A6FC48ACB966} - C:\WINDOWS\System32\nsvA.dll O2 - BHO: Scriptlet.Tools - {EEBA788A-C268-492A-B7FE-42C2B6C553D4} - C:\DOCUME~1\ALLUSE~1\APPLIC~1\Bin\bin.dll O4 - HKLM\..\Run: [\1.exe] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Tools\1.exe O4 - HKLM\..\Run: [oozebatvgajunk] C:\Documents and Settings\All Users\Application Data\TitleDefaultOozeBat\THUNKTITLE.exe O4 - HKLM\..\RunServices: [\1.exe] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Tools\1.exe O4 - HKCU\..\Run: [Stxjagwf] C:\WINDOWS\System32\?ttrib.exe O4 - HKCU\..\Run: [Noj] C:\WINDOWS\System32\m?iexec.exe O4 - HKCU\..\Run: [EggsDog] C:\DOCUME~1\Max\APPLIC~1\AXISDU~1\DartDumbFrag.exe O4 - HKCU\..\Run: [\1.exe] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Tools\1.exe O16 - DPF: IEToolbarCab - http://www.dailytoolbar.com/DailyToolbarAff.CAB O16 - DPF: {14A3221B-1678-1982-A355-7263B1281987} - ms-its:mhtml:file://C:\foo.mht!http://195.190.118.140/e9xr2.chm::/file.exe Close all open windows and browsers, and hit "Fix Checked". Delete these folders\files. C:\Documents and Settings\All Users\Application Data\Tools C:\Documents and Settings\All Users\Application Data\TitleDefaultOozeBat C:\Documents and Settings\Max\Application Data\AXISDU~1 <- This will be longer than 6 letters, but will start with AXISDU and contain the file DartDumbFrag.exe Then boot back to normal mode, and post a new Hijackthis log, and say how things are now. __________________ The Grim Reaper - Son of Glyndwr "To Hell or Connacht" may you burn in Hell tonight!

12-04-2005, 06:09 PM	#8 (permalink)
Buzz1927 Slyware Assassin Join Date: May 2005 Location: Melbourne AU Posts: 5,829	Yeah, looks clean now. __________________ The Grim Reaper - Son of Glyndwr "To Hell or Connacht" may you burn in Hell tonight!

12-01-2005, 10:42 PM	#3 (permalink)
Imfishy New Member Join Date: Nov 2005 Posts: 6	It's AzeToolbar sorry for not being specific.

12-02-2005, 01:08 AM	#5 (permalink)
Imfishy New Member Join Date: Nov 2005 Posts: 6	--------------------------------------------------------- ewido security suite - Scan report --------------------------------------------------------- + Created on: 8:06:06 PM, 12/1/2005 + Report-Checksum: 5470A938 + Scan result: HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\IEToolbarCab -> Spyware.DailyToolbar : Cleaned with backup HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\IEToolbarCab\Contains -> Spyware.DailyToolbar : Cleaned with backup HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\IEToolbarCab\Contains\Files -> Spyware.DailyToolbar : Cleaned with backup HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\IEToolbarCab\DownloadInformation -> Spyware.DailyToolbar : Cleaned with backup HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\IEToolbarCab\InstalledVersion -> Spyware.DailyToolbar : Cleaned with backup HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{14A3221B-1678-1982-A355-7263B1281987} -> Spyware.CoolWebSearch : Cleaned with backup HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\ins -> Spyware.WebRebates : Cleaned with backup C:\Documents and Settings\All Users\Application Data\Tools\1.exe -> Spyware.MediaBack : Cleaned with backup :mozilla.10:C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\qa6fnwiq.default\coo kies.txt -> Spyware.Cookie.Com : Cleaned with backup :mozilla.12:C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\qa6fnwiq.default\coo kies.txt -> Spyware.Cookie.Com : Cleaned with backup :mozilla.13:C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\qa6fnwiq.default\coo kies.txt -> Spyware.Cookie.Atdmt : Cleaned with backup :mozilla.21:C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\qa6fnwiq.default\coo kies.txt -> Spyware.Cookie.Doubleclick : Cleaned with backup :mozilla.22:C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\qa6fnwiq.default\coo kies.txt -> Spyware.Cookie.Revenue : Cleaned with backup :mozilla.10:C:\Documents and Settings\Max\Application Data\Mozilla\Firefox\Profiles\9ty0qg90.Max\cookies .txt -> Spyware.Cookie.Doubleclick : Cleaned with backup :mozilla.16:C:\Documents and Settings\Max\Application Data\Mozilla\Firefox\Profiles\9ty0qg90.Max\cookies .txt -> Spyware.Cookie.Falkag : Cleaned with backup :mozilla.18:C:\Documents and Settings\Max\Application Data\Mozilla\Firefox\Profiles\9ty0qg90.Max\cookies .txt -> Spyware.Cookie.Mediaplex : Cleaned with backup :mozilla.19:C:\Documents and Settings\Max\Application Data\Mozilla\Firefox\Profiles\9ty0qg90.Max\cookies .txt -> Spyware.Cookie.Atdmt : Cleaned with backup :mozilla.53:C:\Documents and Settings\Max\Application Data\Mozilla\Firefox\Profiles\9ty0qg90.Max\cookies .txt -> Spyware.Cookie.Googleadservices : Cleaned with backup :mozilla.60:C:\Documents and Settings\Max\Application Data\Mozilla\Firefox\Profiles\9ty0qg90.Max\cookies .txt -> Spyware.Cookie.Specificclick : Cleaned with backup :mozilla.66:C:\Documents and Settings\Max\Application Data\Mozilla\Firefox\Profiles\9ty0qg90.Max\cookies .txt -> Spyware.Cookie.Specificclick : Cleaned with backup :mozilla.67:C:\Documents and Settings\Max\Application Data\Mozilla\Firefox\Profiles\9ty0qg90.Max\cookies .txt -> Spyware.Cookie.Specificclick : Cleaned with backup :mozilla.68:C:\Documents and Settings\Max\Application Data\Mozilla\Firefox\Profiles\9ty0qg90.Max\cookies .txt -> Spyware.Cookie.Specificclick : Cleaned with backup :mozilla.69:C:\Documents and Settings\Max\Application Data\Mozilla\Firefox\Profiles\9ty0qg90.Max\cookies .txt -> Spyware.Cookie.Specificclick : Cleaned with backup :mozilla.70:C:\Documents and Settings\Max\Application Data\Mozilla\Firefox\Profiles\9ty0qg90.Max\cookies .txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup :mozilla.71:C:\Documents and Settings\Max\Application Data\Mozilla\Firefox\Profiles\9ty0qg90.Max\cookies .txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup :mozilla.72:C:\Documents and Settings\Max\Application Data\Mozilla\Firefox\Profiles\9ty0qg90.Max\cookies .txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup :mozilla.73:C:\Documents and Settings\Max\Application Data\Mozilla\Firefox\Profiles\9ty0qg90.Max\cookies .txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup :mozilla.74:C:\Documents and Settings\Max\Application Data\Mozilla\Firefox\Profiles\9ty0qg90.Max\cookies .txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup :mozilla.83:C:\Documents and Settings\Max\Application Data\Mozilla\Firefox\Profiles\9ty0qg90.Max\cookies .txt -> Spyware.Cookie.Trafficmp : Cleaned with backup :mozilla.84:C:\Documents and Settings\Max\Application Data\Mozilla\Firefox\Profiles\9ty0qg90.Max\cookies .txt -> Spyware.Cookie.Trafficmp : Cleaned with backup :mozilla.85:C:\Documents and Settings\Max\Application Data\Mozilla\Firefox\Profiles\9ty0qg90.Max\cookies .txt -> Spyware.Cookie.Trafficmp : Cleaned with backup :mozilla.86:C:\Documents and Settings\Max\Application Data\Mozilla\Firefox\Profiles\9ty0qg90.Max\cookies .txt -> Spyware.Cookie.Trafficmp : Cleaned with backup :mozilla.87:C:\Documents and Settings\Max\Application Data\Mozilla\Firefox\Profiles\9ty0qg90.Max\cookies .txt -> Spyware.Cookie.Trafficmp : Cleaned with backup :mozilla.88:C:\Documents and Settings\Max\Application Data\Mozilla\Firefox\Profiles\9ty0qg90.Max\cookies .txt -> Spyware.Cookie.Trafficmp : Cleaned with backup :mozilla.89:C:\Documents and Settings\Max\Application Data\Mozilla\Firefox\Profiles\9ty0qg90.Max\cookies .txt -> Spyware.Cookie.Trafficmp : Cleaned with backup :mozilla.90:C:\Documents and Settings\Max\Application Data\Mozilla\Firefox\Profiles\9ty0qg90.Max\cookies .txt -> Spyware.Cookie.Revenue : Cleaned with backup :mozilla.95:C:\Documents and Settings\Max\Application Data\Mozilla\Firefox\Profiles\9ty0qg90.Max\cookies .txt -> Spyware.Cookie.Casalemedia : Cleaned with backup :mozilla.96:C:\Documents and Settings\Max\Application Data\Mozilla\Firefox\Profiles\9ty0qg90.Max\cookies .txt -> Spyware.Cookie.Casalemedia : Cleaned with backup :mozilla.97:C:\Documents and Settings\Max\Application Data\Mozilla\Firefox\Profiles\9ty0qg90.Max\cookies .txt -> Spyware.Cookie.Casalemedia : Cleaned with backup :mozilla.98:C:\Documents and Settings\Max\Application Data\Mozilla\Firefox\Profiles\9ty0qg90.Max\cookies .txt -> Spyware.Cookie.Casalemedia : Cleaned with backup :mozilla.99:C:\Documents and Settings\Max\Application Data\Mozilla\Firefox\Profiles\9ty0qg90.Max\cookies .txt -> Spyware.Cookie.Casalemedia : Cleaned with backup :mozilla.100:C:\Documents and Settings\Max\Application Data\Mozilla\Firefox\Profiles\9ty0qg90.Max\cookies .txt -> Spyware.Cookie.Casalemedia : Cleaned with backup :mozilla.101:C:\Documents and Settings\Max\Application Data\Mozilla\Firefox\Profiles\9ty0qg90.Max\cookies .txt -> Spyware.Cookie.Fastclick : Cleaned with backup :mozilla.102:C:\Documents and Settings\Max\Application Data\Mozilla\Firefox\Profiles\9ty0qg90.Max\cookies .txt -> Spyware.Cookie.Fastclick : Cleaned with backup :mozilla.103:C:\Documents and Settings\Max\Application Data\Mozilla\Firefox\Profiles\9ty0qg90.Max\cookies .txt -> Spyware.Cookie.Fastclick : Cleaned with backup :mozilla.104:C:\Documents and Settings\Max\Application Data\Mozilla\Firefox\Profiles\9ty0qg90.Max\cookies .txt -> Spyware.Cookie.Fastclick : Cleaned with backup :mozilla.105:C:\Documents and Settings\Max\Application Data\Mozilla\Firefox\Profiles\9ty0qg90.Max\cookies .txt -> Spyware.Cookie.Fastclick : Cleaned with backup :mozilla.106:C:\Documents and Settings\Max\Application Data\Mozilla\Firefox\Profiles\9ty0qg90.Max\cookies .txt -> Spyware.Cookie.Fastclick : Cleaned with backup :mozilla.110:C:\Documents and Settings\Max\Application Data\Mozilla\Firefox\Profiles\9ty0qg90.Max\cookies .txt -> Spyware.Cookie.****-access : Cleaned with backup :mozilla.114:C:\Documents and Settings\Max\Application Data\Mozilla\Firefox\Profiles\9ty0qg90.Max\cookies .txt -> Spyware.Cookie.2o7 : Cleaned with backup :mozilla.118:C:\Documents and Settings\Max\Application Data\Mozilla\Firefox\Profiles\9ty0qg90.Max\cookies .txt -> Spyware.Cookie.2o7 : Cleaned with backup :mozilla.119:C:\Documents and Settings\Max\Application Data\Mozilla\Firefox\Profiles\9ty0qg90.Max\cookies .txt -> Spyware.Cookie.2o7 : Cleaned with backup :mozilla.129:C:\Documents and Settings\Max\Application Data\Mozilla\Firefox\Profiles\9ty0qg90.Max\cookies .txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup :mozilla.130:C:\Documents and Settings\Max\Application Data\Mozilla\Firefox\Profiles\9ty0qg90.Max\cookies .txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup :mozilla.131:C:\Documents and Settings\Max\Application Data\Mozilla\Firefox\Profiles\9ty0qg90.Max\cookies .txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup :mozilla.132:C:\Documents and Settings\Max\Application Data\Mozilla\Firefox\Profiles\9ty0qg90.Max\cookies .txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup :mozilla.133:C:\Documents and Settings\Max\Application Data\Mozilla\Firefox\Profiles\9ty0qg90.Max\cookies .txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup :mozilla.134:C:\Documents and Settings\Max\Application Data\Mozilla\Firefox\Profiles\9ty0qg90.Max\cookies .txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup :mozilla.135:C:\Documents and Settings\Max\Application Data\Mozilla\Firefox\Profiles\9ty0qg90.Max\cookies .txt -> Spyware.Cookie.Serving-sys : Cleaned with backup :mozilla.136:C:\Documents and Settings\Max\Application Data\Mozilla\Firefox\Profiles\9ty0qg90.Max\cookies .txt -> Spyware.Cookie.Serving-sys : Cleaned with backup :mozilla.137:C:\Documents and Settings\Max\Application Data\Mozilla\Firefox\Profiles\9ty0qg90.Max\cookies .txt -> Spyware.Cookie.Serving-sys : Cleaned with backup :mozilla.138:C:\Documents and Settings\Max\Application Data\Mozilla\Firefox\Profiles\9ty0qg90.Max\cookies .txt -> Spyware.Cookie.Serving-sys : Cleaned with backup :mozilla.140:C:\Documents and Settings\Max\Application Data\Mozilla\Firefox\Profiles\9ty0qg90.Max\cookies .txt -> Spyware.Cookie.Ru4 : Cleaned with backup :mozilla.141:C:\Documents and Settings\Max\Application Data\Mozilla\Firefox\Profiles\9ty0qg90.Max\cookies .txt -> Spyware.Cookie.Ru4 : Cleaned with backup :mozilla.142:C:\Documents and Settings\Max\Application Data\Mozilla\Firefox\Profiles\9ty0qg90.Max\cookies .txt -> Spyware.Cookie.247realmedia : Cleaned with backup :mozilla.160:C:\Documents and Settings\Max\Application Data\Mozilla\Firefox\Profiles\9ty0qg90.Max\cookies .txt -> Spyware.Cookie.Advertising : Cleaned with backup :mozilla.161:C:\Documents and Settings\Max\Application Data\Mozilla\Firefox\Profiles\9ty0qg90.Max\cookies .txt -> Spyware.Cookie.Advertising : Cleaned with backup :mozilla.162:C:\Documents and Settings\Max\Application Data\Mozilla\Firefox\Profiles\9ty0qg90.Max\cookies .txt -> Spyware.Cookie.Advertising : Cleaned with backup :mozilla.163:C:\Documents and Settings\Max\Application Data\Mozilla\Firefox\Profiles\9ty0qg90.Max\cookies .txt -> Spyware.Cookie.Advertising : Cleaned with backup :mozilla.164:C:\Documents and Settings\Max\Application Data\Mozilla\Firefox\Profiles\9ty0qg90.Max\cookies .txt -> Spyware.Cookie.Pointroll : Cleaned with backup :mozilla.165:C:\Documents and Settings\Max\Application Data\Mozilla\Firefox\Profiles\9ty0qg90.Max\cookies .txt -> Spyware.Cookie.Pointroll : Cleaned with backup :mozilla.166:C:\Documents and Settings\Max\Application Data\Mozilla\Firefox\Profiles\9ty0qg90.Max\cookies .txt -> Spyware.Cookie.Pointroll : Cleaned with backup :mozilla.167:C:\Documents and Settings\Max\Application Data\Mozilla\Firefox\Profiles\9ty0qg90.Max\cookies .txt -> Spyware.Cookie.Pointroll : Cleaned with backup :mozilla.168:C:\Documents and Settings\Max\Application Data\Mozilla\Firefox\Profiles\9ty0qg90.Max\cookies .txt -> Spyware.Cookie.Bluestreak : Cleaned with backup :mozilla.174:C:\Documents and Settings\Max\Application Data\Mozilla\Firefox\Profiles\9ty0qg90.Max\cookies .txt -> Spyware.Cookie.Adserver : Cleaned with backup :mozilla.178:C:\Documents and Settings\Max\Application Data\Mozilla\Firefox\Profiles\9ty0qg90.Max\cookies .txt -> Spyware.Cookie.Valueclick : Cleaned with backup :mozilla.179:C:\Documents and Settings\Max\Application Data\Mozilla\Firefox\Profiles\9ty0qg90.Max\cookies .txt -> Spyware.Cookie.Valueclick : Cleaned with backup :mozilla.180:C:\Documents and Settings\Max\Application Data\Mozilla\Firefox\Profiles\9ty0qg90.Max\cookies .txt -> Spyware.Cookie.Com : Cleaned with backup :mozilla.182:C:\Documents and Settings\Max\Application Data\Mozilla\Firefox\Profiles\9ty0qg90.Max\cookies .txt -> Spyware.Cookie.Com : Cleaned with backup :mozilla.189:C:\Documents and Settings\Max\Application Data\Mozilla\Firefox\Profiles\9ty0qg90.Max\cookies .txt -> Spyware.Cookie.Questionmarket : Cleaned with backup :mozilla.190:C:\Documents and Settings\Max\Application Data\Mozilla\Firefox\Profiles\9ty0qg90.Max\cookies .txt -> Spyware.Cookie.Bridgetrack : Cleaned with backup :mozilla.191:C:\Documents and Settings\Max\Application Data\Mozilla\Firefox\Profiles\9ty0qg90.Max\cookies .txt -> Spyware.Cookie.Bridgetrack : Cleaned with backup :mozilla.192:C:\Documents and Settings\Max\Application Data\Mozilla\Firefox\Profiles\9ty0qg90.Max\cookies .txt -> Spyware.Cookie.Bridgetrack : Cleaned with backup :mozilla.193:C:\Documents and Settings\Max\Application Data\Mozilla\Firefox\Profiles\9ty0qg90.Max\cookies .txt -> Spyware.Cookie.Bridgetrack : Cleaned with backup C:\Documents and Settings\Max\Cookies\max@ad.yieldmanager[2].txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup C:\Documents and Settings\Max\Cookies\max@ayb.lop[1].txt -> Spyware.Cookie.Lop : Cleaned with backup C:\Documents and Settings\Max\Cookies\max@statcounter[2].txt -> Spyware.Cookie.Statcounter : Cleaned with backup C:\Documents and Settings\Max\Cookies\max@z1.adserver[1].txt -> Spyware.Cookie.Adserver : Cleaned with backup C:\Program Files\Yahoo!\YPSR\Quarantine\ppq10B.tmp -> Spyware.Cookie.Findwhat : Cleaned with backup C:\Program Files\Yahoo!\YPSR\Quarantine\ppq10C.tmp -> Spyware.Cookie.Adserver : Cleaned with backup C:\Program Files\Yahoo!\YPSR\Quarantine\ppq117.tmp -> Spyware.Cookie.2o7 : Cleaned with backup C:\Program Files\Yahoo!\YPSR\Quarantine\ppq14B.tmp -> Spyware.Cookie.Lop : Cleaned with backup C:\Program Files\Yahoo!\YPSR\Quarantine\ppq152.tmp -> Spyware.Cookie.Revenue : Cleaned with backup C:\Program Files\Yahoo!\YPSR\Quarantine\ppq239.tmp -> Spyware.Cookie.Casalemedia : Cleaned with backup C:\Program Files\Yahoo!\YPSR\Quarantine\ppq23A.tmp -> Spyware.Cookie.Bridgetrack : Cleaned with backup C:\Program Files\Yahoo!\YPSR\Quarantine\ppq23B.tmp -> Spyware.Cookie.Fastclick : Cleaned with backup C:\Program Files\Yahoo!\YPSR\Quarantine\ppq23C.tmp -> Spyware.Cookie.Questionmarket : Cleaned with backup C:\Program Files\Yahoo!\YPSR\Quarantine\ppq23E.tmp -> Spyware.Cookie.Revenue : Cleaned with backup C:\Program Files\Yahoo!\YPSR\Quarantine\ppq23F.tmp -> Spyware.Cookie.Trafficmp : Cleaned with backup C:\Program Files\Yahoo!\YPSR\Quarantine\ppq240.tmp -> Spyware.Cookie.Tribalfusion : Cleaned with backup C:\Program Files\Yahoo!\YPSR\Quarantine\ppq578.tmp -> Spyware.Cookie.Ru4 : Cleaned with backup C:\Program Files\Yahoo!\YPSR\Quarantine\ppqB8.tmp -> Spyware.MediaBack : Cleaned with backup C:\Program Files\Yahoo!\YPSR\Quarantine\ppqC4.tmp -> Spyware.Cookie.Casalemedia : Cleaned with backup C:\Program Files\Yahoo!\YPSR\Quarantine\ppqC5.tmp -> Spyware.Cookie.Ru4 : Cleaned with backup C:\WINDOWS\Downloaded Program Files\CONFLICT.1\HDPlugin1019.dll -> Adware.Gator : Cleaned with backup C:\WINDOWS\system32\mѕiexec.exe -> Spyware.PurityScan : Cleaned with backup C:\WINDOWS\system32\аttrib.exe -> Spyware.PurityScan : Cleaned with backup ::Report End

12-04-2005, 06:15 AM	#7 (permalink)
Imfishy New Member Join Date: Nov 2005 Posts: 6	Logfile of HijackThis v1.99.1 Scan saved at 1:13:54 AM, on 12/4/2005 Platform: Windows XP (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 (6.00.2600.0000) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Stardock\SDMCP.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\WINDOWS\System32\ctfmon.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\Program Files\ewido\security suite\ewidoctrl.exe C:\Program Files\ewido\security suite\ewidoguard.exe C:\WINDOWS\System32\nvsvc32.exe C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Real\RealPlayer\RealPlay.exe C:\Documents and Settings\Max\Desktop\HijackThis.exe O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {206E52E0-D52E-11D4-AD54-0000E86C26F6} - C:\PROGRA~1\FRESHD~1\FRESHD~1\fdcatch.dll (file missing) O2 - BHO: bho2gr Class - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - C:\Program Files\GetRight\xx2gr.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O4 - HKLM\..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [ATHC] "C:\Program Files\Warcraft III\ATH UPDATE.exe" --check O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yaho...st20040510.cab O16 - DPF: {3695B964-7E17-4B45-AF5F-666C3D84CD4D} (Qplay Connection Control) - http://qplay.nx.com/ActiveX/Public/QxConn.cab O16 - DPF: {48884C41-EFAC-433D-958A-9FADAC41408E} (EGamesPlugin Class) - https://www.e-games.in.th/com/EGamesPlugin.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1125526317718 O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2...ll/xscan53.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab O16 - DPF: {CFCB7308-782F-11D4-BE27-000102598CE4} (NPX Control) - http://nprotect1.gravity.co.kr/nprotect/npx.cab O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O20 - Winlogon Notify: MCPClient - C:\Program Files\Common Files\Stardock\mcpstub.dll O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe *I ran Yahoo! Anti spyware, it found Azetoolbar but after I deleted them off and rerun it. Didn't find anything.* so not sure, take a look please.

12-04-2005, 07:46 PM	#9 (permalink)
Imfishy New Member Join Date: Nov 2005 Posts: 6	Man, u r one hella reaper. I'm glad we have a person like you on earth. Thanx a lot.

Thread Tools
Show Printable Version Email this Page
Display Modes
Linear Mode Switch to Hybrid Mode Switch to Threaded Mode