HJT Aze pain in the ASS!! please help.

[Imfishy]

I tried and tried and tried and now i'm tired. please help

Logfile of HijackThis v1.99.1
Scan saved at 6:40:51 PM, on 11/30/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Stardock\SDMCP.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\System32\ctfmon.exe
C:\WINDOWS\System32\m?iexec.exe
C:\Program Files\Messenger\msmsgs.exe
c:\progra~1\intern~1\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\macromed\flash\GetFlash.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Max\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.puxqaualblnq.com/U6JEO7OzQ72XQ0tDWjyCpBMyea74btD/JHNJQyy/RIRfxZ/0R/7ha7GPEMZrJnst.asp
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = about:blank
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {206E52E0-D52E-11D4-AD54-0000E86C26F6} - C:\PROGRA~1\FRESHD~1\FRESHD~1\fdcatch.dll (file missing)
O2 - BHO: bho2gr Class - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - C:\Program Files\GetRight\xx2gr.dll
O2 - BHO: ohb Class - {98640C3B-0699-4D51-ADB4-A6FC48ACB966} - C:\WINDOWS\System32\nsvA.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Scriptlet.Tools - {EEBA788A-C268-492A-B7FE-42C2B6C553D4} - C:\DOCUME~1\ALLUSE~1\APPLIC~1\Bin\bin.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [\1.exe] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Tools\1.exe
O4 - HKLM\..\Run: [oozebatvgajunk] C:\Documents and Settings\All Users\Application Data\TitleDefaultOozeBat\THUNKTITLE.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\RunServices: [\1.exe] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Tools\1.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [Stxjagwf] C:\WINDOWS\System32\?ttrib.exe
O4 - HKCU\..\Run: [Noj] C:\WINDOWS\System32\m?iexec.exe
O4 - HKCU\..\Run: [EggsDog] C:\DOCUME~1\Max\APPLIC~1\AXISDU~1\DartDumbFrag.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [\1.exe] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Tools\1.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm
O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: IEToolbarCab - http://www.dailytoolbar.com/DailyToolbarAff.CAB
O16 - DPF: {14A3221B-1678-1982-A355-7263B1281987} - ms-its:mhtml:file://C:\foo.mht!http://195.190.118.140/e9xr2.chm::/file.exe
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yinst20040510.cab
O16 - DPF: {3695B964-7E17-4B45-AF5F-666C3D84CD4D} (Qplay Connection Control) - http://qplay.nx.com/ActiveX/Public/QxConn.cab
O16 - DPF: {48884C41-EFAC-433D-958A-9FADAC41408E} (EGamesPlugin Class) - https://www.e-games.in.th/com/EGamesPlugin.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1125526317718
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005111401/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {CFCB7308-782F-11D4-BE27-000102598CE4} (NPX Control) - http://nprotect1.gravity.co.kr/nprotect/npx.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: MCPClient - C:\Program Files\Common Files\Stardock\mcpstub.dll
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

 

[Buzz1927]

In your topic title, are you referring to raze or axe, it's important to know which.

 

[Imfishy]

It's AzeToolbar sorry for not being specific.

 

[Buzz1927]

Strange, never heard of that, download Ewido, update and run a full scan, remove all it finds, then reboot and post a new Hijackthis log.
http://download.ewido.net/ewido-setup.exe

 

[Imfishy]

---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 8:06:06 PM, 12/1/2005
+ Report-Checksum: 5470A938

+ Scan result:

HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\IEToolbarCab -> Spyware.DailyToolbar : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\IEToolbarCab\Contains -> Spyware.DailyToolbar : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\IEToolbarCab\Contains\Files -> Spyware.DailyToolbar : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\IEToolbarCab\DownloadInformation -> Spyware.DailyToolbar : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\IEToolbarCab\InstalledVersion -> Spyware.DailyToolbar : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{14A3221B-1678-1982-A355-7263B1281987} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\ins -> Spyware.WebRebates : Cleaned with backup
C:\Documents and Settings\All Users\Application Data\Tools\1.exe -> Spyware.MediaBack : Cleaned with backup
:mozilla.10:C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\qa6fnwiq.default\cookies.txt -> Spyware.Cookie.Com : Cleaned with backup
:mozilla.12:C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\qa6fnwiq.default\cookies.txt -> Spyware.Cookie.Com : Cleaned with backup
:mozilla.13:C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\qa6fnwiq.default\cookies.txt -> Spyware.Cookie.Atdmt : Cleaned with backup
:mozilla.21:C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\qa6fnwiq.default\cookies.txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
:mozilla.22:C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\qa6fnwiq.default\cookies.txt -> Spyware.Cookie.Revenue : Cleaned with backup
:mozilla.10:C:\Documents and Settings\Max\Application Data\Mozilla\Firefox\Profiles\9ty0qg90.Max\cookies.txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
:mozilla.16:C:\Documents and Settings\Max\Application Data\Mozilla\Firefox\Profiles\9ty0qg90.Max\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.18:C:\Documents and Settings\Max\Application Data\Mozilla\Firefox\Profiles\9ty0qg90.Max\cookies.txt -> Spyware.Cookie.Mediaplex : Cleaned with backup
:mozilla.19:C:\Documents and Settings\Max\Application Data\Mozilla\Firefox\Profiles\9ty0qg90.Max\cookies.txt -> Spyware.Cookie.Atdmt : Cleaned with backup
:mozilla.53:C:\Documents and Settings\Max\Application Data\Mozilla\Firefox\Profiles\9ty0qg90.Max\cookies.txt -> Spyware.Cookie.Googleadservices : Cleaned with backup
:mozilla.60:C:\Documents and Settings\Max\Application Data\Mozilla\Firefox\Profiles\9ty0qg90.Max\cookies.txt -> Spyware.Cookie.Specificclick : Cleaned with backup
:mozilla.66:C:\Documents and Settings\Max\Application Data\Mozilla\Firefox\Profiles\9ty0qg90.Max\cookies.txt -> Spyware.Cookie.Specificclick : Cleaned with backup
:mozilla.67:C:\Documents and Settings\Max\Application Data\Mozilla\Firefox\Profiles\9ty0qg90.Max\cookies.txt -> Spyware.Cookie.Specificclick : Cleaned with backup
:mozilla.68:C:\Documents and Settings\Max\Application Data\Mozilla\Firefox\Profiles\9ty0qg90.Max\cookies.txt -> Spyware.Cookie.Specificclick : Cleaned with backup
:mozilla.69:C:\Documents and Settings\Max\Application Data\Mozilla\Firefox\Profiles\9ty0qg90.Max\cookies.txt -> Spyware.Cookie.Specificclick : Cleaned with backup
:mozilla.70:C:\Documents and Settings\Max\Application Data\Mozilla\Firefox\Profiles\9ty0qg90.Max\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.71:C:\Documents and Settings\Max\Application Data\Mozilla\Firefox\Profiles\9ty0qg90.Max\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.72:C:\Documents and Settings\Max\Application Data\Mozilla\Firefox\Profiles\9ty0qg90.Max\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.73:C:\Documents and Settings\Max\Application Data\Mozilla\Firefox\Profiles\9ty0qg90.Max\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.74:C:\Documents and Settings\Max\Application Data\Mozilla\Firefox\Profiles\9ty0qg90.Max\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.83:C:\Documents and Settings\Max\Application Data\Mozilla\Firefox\Profiles\9ty0qg90.Max\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.84:C:\Documents and Settings\Max\Application Data\Mozilla\Firefox\Profiles\9ty0qg90.Max\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.85:C:\Documents and Settings\Max\Application Data\Mozilla\Firefox\Profiles\9ty0qg90.Max\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.86:C:\Documents and Settings\Max\Application Data\Mozilla\Firefox\Profiles\9ty0qg90.Max\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.87:C:\Documents and Settings\Max\Application Data\Mozilla\Firefox\Profiles\9ty0qg90.Max\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.88:C:\Documents and Settings\Max\Application Data\Mozilla\Firefox\Profiles\9ty0qg90.Max\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.89:C:\Documents and Settings\Max\Application Data\Mozilla\Firefox\Profiles\9ty0qg90.Max\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.90:C:\Documents and Settings\Max\Application Data\Mozilla\Firefox\Profiles\9ty0qg90.Max\cookies.txt -> Spyware.Cookie.Revenue : Cleaned with backup
:mozilla.95:C:\Documents and Settings\Max\Application Data\Mozilla\Firefox\Profiles\9ty0qg90.Max\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.96:C:\Documents and Settings\Max\Application Data\Mozilla\Firefox\Profiles\9ty0qg90.Max\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.97:C:\Documents and Settings\Max\Application Data\Mozilla\Firefox\Profiles\9ty0qg90.Max\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.98:C:\Documents and Settings\Max\Application Data\Mozilla\Firefox\Profiles\9ty0qg90.Max\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.99:C:\Documents and Settings\Max\Application Data\Mozilla\Firefox\Profiles\9ty0qg90.Max\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.100:C:\Documents and Settings\Max\Application Data\Mozilla\Firefox\Profiles\9ty0qg90.Max\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.101:C:\Documents and Settings\Max\Application Data\Mozilla\Firefox\Profiles\9ty0qg90.Max\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.102:C:\Documents and Settings\Max\Application Data\Mozilla\Firefox\Profiles\9ty0qg90.Max\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.103:C:\Documents and Settings\Max\Application Data\Mozilla\Firefox\Profiles\9ty0qg90.Max\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.104:C:\Documents and Settings\Max\Application Data\Mozilla\Firefox\Profiles\9ty0qg90.Max\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.105:C:\Documents and Settings\Max\Application Data\Mozilla\Firefox\Profiles\9ty0qg90.Max\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.106:C:\Documents and Settings\Max\Application Data\Mozilla\Firefox\Profiles\9ty0qg90.Max\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.110:C:\Documents and Settings\Max\Application Data\Mozilla\Firefox\Profiles\9ty0qg90.Max\cookies.txt -> Spyware.Cookie.****-access : Cleaned with backup
:mozilla.114:C:\Documents and Settings\Max\Application Data\Mozilla\Firefox\Profiles\9ty0qg90.Max\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.118:C:\Documents and Settings\Max\Application Data\Mozilla\Firefox\Profiles\9ty0qg90.Max\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.119:C:\Documents and Settings\Max\Application Data\Mozilla\Firefox\Profiles\9ty0qg90.Max\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.129:C:\Documents and Settings\Max\Application Data\Mozilla\Firefox\Profiles\9ty0qg90.Max\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
:mozilla.130:C:\Documents and Settings\Max\Application Data\Mozilla\Firefox\Profiles\9ty0qg90.Max\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
:mozilla.131:C:\Documents and Settings\Max\Application Data\Mozilla\Firefox\Profiles\9ty0qg90.Max\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
:mozilla.132:C:\Documents and Settings\Max\Application Data\Mozilla\Firefox\Profiles\9ty0qg90.Max\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
:mozilla.133:C:\Documents and Settings\Max\Application Data\Mozilla\Firefox\Profiles\9ty0qg90.Max\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
:mozilla.134:C:\Documents and Settings\Max\Application Data\Mozilla\Firefox\Profiles\9ty0qg90.Max\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
:mozilla.135:C:\Documents and Settings\Max\Application Data\Mozilla\Firefox\Profiles\9ty0qg90.Max\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.136:C:\Documents and Settings\Max\Application Data\Mozilla\Firefox\Profiles\9ty0qg90.Max\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.137:C:\Documents and Settings\Max\Application Data\Mozilla\Firefox\Profiles\9ty0qg90.Max\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.138:C:\Documents and Settings\Max\Application Data\Mozilla\Firefox\Profiles\9ty0qg90.Max\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.140:C:\Documents and Settings\Max\Application Data\Mozilla\Firefox\Profiles\9ty0qg90.Max\cookies.txt -> Spyware.Cookie.Ru4 : Cleaned with backup
:mozilla.141:C:\Documents and Settings\Max\Application Data\Mozilla\Firefox\Profiles\9ty0qg90.Max\cookies.txt -> Spyware.Cookie.Ru4 : Cleaned with backup
:mozilla.142:C:\Documents and Settings\Max\Application Data\Mozilla\Firefox\Profiles\9ty0qg90.Max\cookies.txt -> Spyware.Cookie.247realmedia : Cleaned with backup
:mozilla.160:C:\Documents and Settings\Max\Application Data\Mozilla\Firefox\Profiles\9ty0qg90.Max\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.161:C:\Documents and Settings\Max\Application Data\Mozilla\Firefox\Profiles\9ty0qg90.Max\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.162:C:\Documents and Settings\Max\Application Data\Mozilla\Firefox\Profiles\9ty0qg90.Max\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.163:C:\Documents and Settings\Max\Application Data\Mozilla\Firefox\Profiles\9ty0qg90.Max\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.164:C:\Documents and Settings\Max\Application Data\Mozilla\Firefox\Profiles\9ty0qg90.Max\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.165:C:\Documents and Settings\Max\Application Data\Mozilla\Firefox\Profiles\9ty0qg90.Max\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.166:C:\Documents and Settings\Max\Application Data\Mozilla\Firefox\Profiles\9ty0qg90.Max\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.167:C:\Documents and Settings\Max\Application Data\Mozilla\Firefox\Profiles\9ty0qg90.Max\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.168:C:\Documents and Settings\Max\Application Data\Mozilla\Firefox\Profiles\9ty0qg90.Max\cookies.txt -> Spyware.Cookie.Bluestreak : Cleaned with backup
:mozilla.174:C:\Documents and Settings\Max\Application Data\Mozilla\Firefox\Profiles\9ty0qg90.Max\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.178:C:\Documents and Settings\Max\Application Data\Mozilla\Firefox\Profiles\9ty0qg90.Max\cookies.txt -> Spyware.Cookie.Valueclick : Cleaned with backup
:mozilla.179:C:\Documents and Settings\Max\Application Data\Mozilla\Firefox\Profiles\9ty0qg90.Max\cookies.txt -> Spyware.Cookie.Valueclick : Cleaned with backup
:mozilla.180:C:\Documents and Settings\Max\Application Data\Mozilla\Firefox\Profiles\9ty0qg90.Max\cookies.txt -> Spyware.Cookie.Com : Cleaned with backup
:mozilla.182:C:\Documents and Settings\Max\Application Data\Mozilla\Firefox\Profiles\9ty0qg90.Max\cookies.txt -> Spyware.Cookie.Com : Cleaned with backup
:mozilla.189:C:\Documents and Settings\Max\Application Data\Mozilla\Firefox\Profiles\9ty0qg90.Max\cookies.txt -> Spyware.Cookie.Questionmarket : Cleaned with backup
:mozilla.190:C:\Documents and Settings\Max\Application Data\Mozilla\Firefox\Profiles\9ty0qg90.Max\cookies.txt -> Spyware.Cookie.Bridgetrack : Cleaned with backup
:mozilla.191:C:\Documents and Settings\Max\Application Data\Mozilla\Firefox\Profiles\9ty0qg90.Max\cookies.txt -> Spyware.Cookie.Bridgetrack : Cleaned with backup
:mozilla.192:C:\Documents and Settings\Max\Application Data\Mozilla\Firefox\Profiles\9ty0qg90.Max\cookies.txt -> Spyware.Cookie.Bridgetrack : Cleaned with backup
:mozilla.193:C:\Documents and Settings\Max\Application Data\Mozilla\Firefox\Profiles\9ty0qg90.Max\cookies.txt -> Spyware.Cookie.Bridgetrack : Cleaned with backup
C:\Documents and Settings\Max\Cookies\[email protected][2].txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\Max\Cookies\[email protected][1].txt -> Spyware.Cookie.Lop : Cleaned with backup
C:\Documents and Settings\Max\Cookies\max@statcounter[2].txt -> Spyware.Cookie.Statcounter : Cleaned with backup
C:\Documents and Settings\Max\Cookies\[email protected][1].txt -> Spyware.Cookie.Adserver : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq10B.tmp -> Spyware.Cookie.Findwhat : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq10C.tmp -> Spyware.Cookie.Adserver : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq117.tmp -> Spyware.Cookie.2o7 : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq14B.tmp -> Spyware.Cookie.Lop : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq152.tmp -> Spyware.Cookie.Revenue : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq239.tmp -> Spyware.Cookie.Casalemedia : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq23A.tmp -> Spyware.Cookie.Bridgetrack : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq23B.tmp -> Spyware.Cookie.Fastclick : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq23C.tmp -> Spyware.Cookie.Questionmarket : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq23E.tmp -> Spyware.Cookie.Revenue : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq23F.tmp -> Spyware.Cookie.Trafficmp : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq240.tmp -> Spyware.Cookie.Tribalfusion : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq578.tmp -> Spyware.Cookie.Ru4 : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppqB8.tmp -> Spyware.MediaBack : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppqC4.tmp -> Spyware.Cookie.Casalemedia : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppqC5.tmp -> Spyware.Cookie.Ru4 : Cleaned with backup
C:\WINDOWS\Downloaded Program Files\CONFLICT.1\HDPlugin1019.dll -> Adware.Gator : Cleaned with backup
C:\WINDOWS\system32\mѕiexec.exe -> Spyware.PurityScan : Cleaned with backup
C:\WINDOWS\system32\аttrib.exe -> Spyware.PurityScan : Cleaned with backup


::Report End

 

[Buzz1927]

Reconfigure Windows XP to show hidden files:
Click Start. Open My Computer.
Select the Tools menu and click Folder Options. Select the View Tab.

Under the Hidden files and folders heading select "Show hidden files and folders".
Uncheck the "Hide protected operating system files (recommended)" option.
Uncheck the "Hide file extensions for known file types" option.
Click Yes to confirm. Click OK.

Boot into safemode (tap f8 on startup).

Run Hijackthis and select "Do a system scan only", place a check by the following entries.

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.puxqaualblnq.com/U6JEO7Oz...GPEMZrJnst.asp
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = about:blank
O2 - BHO: ohb Class - {98640C3B-0699-4D51-ADB4-A6FC48ACB966} - C:\WINDOWS\System32\nsvA.dll
O2 - BHO: Scriptlet.Tools - {EEBA788A-C268-492A-B7FE-42C2B6C553D4} - C:\DOCUME~1\ALLUSE~1\APPLIC~1\Bin\bin.dll
O4 - HKLM\..\Run: [\1.exe] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Tools\1.exe
O4 - HKLM\..\Run: [oozebatvgajunk] C:\Documents and Settings\All Users\Application Data\TitleDefaultOozeBat\THUNKTITLE.exe
O4 - HKLM\..\RunServices: [\1.exe] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Tools\1.exe
O4 - HKCU\..\Run: [Stxjagwf] C:\WINDOWS\System32\?ttrib.exe
O4 - HKCU\..\Run: [Noj] C:\WINDOWS\System32\m?iexec.exe
O4 - HKCU\..\Run: [EggsDog] C:\DOCUME~1\Max\APPLIC~1\AXISDU~1\DartDumbFrag.exe
O4 - HKCU\..\Run: [\1.exe] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Tools\1.exe
O16 - DPF: IEToolbarCab - http://www.dailytoolbar.com/DailyToolbarAff.CAB
O16 - DPF: {14A3221B-1678-1982-A355-7263B1281987} - ms-its:mhtml:file://C:\foo.mht!http://195.190.118.140/e9xr2.chm::/file.exe

Close all open windows and browsers, and hit "Fix Checked".

Delete these folders\files.

C:\Documents and Settings\All Users\Application Data\Tools
C:\Documents and Settings\All Users\Application Data\TitleDefaultOozeBat
C:\Documents and Settings\Max\Application Data\AXISDU~1 <- This will be longer than 6 letters, but will start with AXISDU and contain the file DartDumbFrag.exe

Then boot back to normal mode, and post a new Hijackthis log, and say how things are now.

 

[Imfishy]

Logfile of HijackThis v1.99.1
Scan saved at 1:13:54 AM, on 12/4/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Stardock\SDMCP.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Documents and Settings\Max\Desktop\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {206E52E0-D52E-11D4-AD54-0000E86C26F6} - C:\PROGRA~1\FRESHD~1\FRESHD~1\fdcatch.dll (file missing)
O2 - BHO: bho2gr Class - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - C:\Program Files\GetRight\xx2gr.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [ATHC] "C:\Program Files\Warcraft III\ATH UPDATE.exe" --check
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm
O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yinst20040510.cab
O16 - DPF: {3695B964-7E17-4B45-AF5F-666C3D84CD4D} (Qplay Connection Control) - http://qplay.nx.com/ActiveX/Public/QxConn.cab
O16 - DPF: {48884C41-EFAC-433D-958A-9FADAC41408E} (EGamesPlugin Class) - https://www.e-games.in.th/com/EGamesPlugin.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1125526317718
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005111401/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {CFCB7308-782F-11D4-BE27-000102598CE4} (NPX Control) - http://nprotect1.gravity.co.kr/nprotect/npx.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: MCPClient - C:\Program Files\Common Files\Stardock\mcpstub.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

***I ran Yahoo! Anti spyware, it found Azetoolbar but after I deleted them off and rerun it. Didn't find anything.*** so not sure, take a look please.

 

[Buzz1927]

Yeah, looks clean now.

 

[Imfishy]

Man, u r one hella reaper. I'm glad we have a person like you on earth. Thanx a lot.