Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected With Winfixer


  • Please log in to reply
15 replies to this topic

#1 raykoko

raykoko

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:04:07 PM

Posted 22 March 2006 - 09:06 AM

I've followed the suggested process and below is the log i finished with.
What should i do next? :thumbsup:

Logfile of HijackThis v1.99.1
Scan saved at 13:56:33, on 22/03/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\MMDiag.exe
C:\Program Files\Softwin\BitDefender9\bdoesrv.exe
C:\PROGRA~1\softwin\BITDEF~1\bdnagent.exe
C:\PROGRA~1\softwin\BITDEF~1\bdswitch.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\HighCriteria\TotalRecorder\TotRecSched.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mim.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\devldr32.exe
C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Raxco\PerfectDisk\PDSched.exe
C:\WINDOWS\System32\alg.exe
C:\PROGRA~1\COMMON~1\PHILIP~1\USBCON~1.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe
C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
C:\Program Files\Softwin\BitDefender9\vsserv.exe
c:\progra~1\softwin\bitdef~1\bdmcon.exe
C:\TOOLKIT\Anti-Spyware\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R3 - URLSearchHook: _URLHandler - {7D5363BA-EA6A-4A20-8AAB-DA7A702F0159} - C:\PROGRA~1\NOVA-E~1\PCMOBI~1\MOBILE~1.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: CVirtualDNSObj Object - {86C510E9-97EF-4749-914F-0280247BE3A6} - C:\WINDOWS\VirtualDNS.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [MimBoot] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mimboot.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [BDMCon] c:\PROGRA~1\softwin\BITDEF~1\bdmcon.exe
O4 - HKLM\..\Run: [BDOESRV] "C:\Program Files\Softwin\BitDefender9\bdoesrv.exe"
O4 - HKLM\..\Run: [BDNewsAgent] "c:\progra~1\softwin\bitdef~1\bdnagent.exe"
O4 - HKLM\..\Run: [BDSwitchAgent] "c:\progra~1\softwin\bitdef~1\bdswitch.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [TotalRecorderScheduler] "C:\Program Files\HighCriteria\TotalRecorder\TotRecSched.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\eeyore\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.musicmatch.com
O15 - Trusted Zone: *.musicmatch.com (HKLM)
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_1_0_0_44.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1141842434674
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1141842423284
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697514} (NsvPlayX Control) - http://www.nullsoft.com/nsv/embed/nsvplayx_vp3_mp3.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: Adobe Active File Monitor V4 (AdobeActiveFileMonitor4.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe" /service (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
O23 - Service: PDScheduler (PDSched) - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDSched.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - C:\Program Files\Softwin\BitDefender9\vsserv.exe" /service (file missing)
O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)

BC AdBot (Login to Remove)

 


m

#2 rstones12

rstones12

    Malware Expert


  • Members
  • 227 posts
  • OFFLINE
  •  
  • Location:Tempe, Arizona
  • Local time:09:07 AM

Posted 25 March 2006 - 12:09 AM

raykoko,

Welcome to the Bleeping Computer Forums, I will be reviewing your HJT log.
Please read "ALL" of the instructions before proceeding:

You will need to print out these instructions for a reference or you can
save them by copying and pasting them into notepad and saving the text file to the desktop.

This process will take a few steps, please take your time and follow the directions in the order posted.

Please do not try to fix anything on your own, it will only make it harder to get you a resolution.
If you don't understand something, please ask before performing any task..

===

Before we get started, if you would please submit this file before we proceed.

C:\WINDOWS\VirtualDNS.dll

Submit it this link:
This is because we want to analyse this file. It is certainly bad and needs to go, but we need that file first.

http://www.atribune.org/submit-malware.php


Now please do the following:

Please download ATF Cleaner by Atribune.
This program is for XP and Windows 2000 only

Do Not run it just yet, we will shortly.

Please download ewido anti-malware it is a free version of the program.
  • Install ewido anti-malware
  • When installing, under "Additional Options" uncheck..
    • Install background guard
    • Install scan via context menu
  • Launch ewido, there should be an icon on your desktop, double-click it.
  • The program will now open to the main screen.
  • When you run ewido for the first time, you may get a warning "Database could not be found!". Click OK. We will fix this in a moment.
  • You will need to update ewido to the latest definition files.
    • On the left hand side of the main screen click update.
    • Then click on Start Update.
  • The update will start and a progress bar will show the updates being installed.
    (the status bar at the bottom will display ("Update successful")
If you are having problems with the updater, you can use this link to manually update ewido.
ewido manual updates

Close ewido anti-malware, we will run that soon.

Next launch ATF CleanerDouble-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.

Please reboot your computer into SafeMode. You can do this by restarting your computer and continually tapping the F8 key until a menu appears. Use your up arrow key to highlight Safe Mode then hit enter.

Once in SafeMode launch ewido anti-malware:
IMPORTANT: Do Not open any other programs or windows while ewido is running, it will interfere with the scanning process:
  • Click on scanner
  • Click on Complete System Scan and the scan will begin.
  • You will be prompted to clean the first infection.
  • Select "Perform action on all infections", then proceed.
  • Once the scan has completed, there will be a button located on the bottom of the screen named Save report
  • Click Save report.
  • Save the report .txt file to your desktop or a location where you can find it easily.
Close ewido anti-malware.

Reboot your system back into Normal Mode and post the results from the ewido scan and a new HijackThis log by using Add Reply.

Thanks,
rstones12
"Security is a Process not a Product"

Posted Image Version 3.6
Help here is always free, but if you want to donate to help me continue my fight against malware -- Click Here

#3 raykoko

raykoko
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:04:07 PM

Posted 25 March 2006 - 09:11 AM

rstones12

have uploaded: C:\WINDOWS\VirtualDNS.dll

here are the 2 requested log file, thanks for your help


---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------

+ Created on: 13:49:32, 25/03/2006
+ Report-Checksum: 896AEFD

+ Scan result:

:mozilla.7:C:\Documents and Settings\eeyore\Application Data\Mozilla\Firefox\Profiles\tnyhnfw9.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned with backup
:mozilla.8:C:\Documents and Settings\eeyore\Application Data\Mozilla\Firefox\Profiles\tnyhnfw9.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned with backup
:mozilla.27:C:\Documents and Settings\eeyore\Application Data\Mozilla\Firefox\Profiles\tnyhnfw9.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.28:C:\Documents and Settings\eeyore\Application Data\Mozilla\Firefox\Profiles\tnyhnfw9.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.29:C:\Documents and Settings\eeyore\Application Data\Mozilla\Firefox\Profiles\tnyhnfw9.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.30:C:\Documents and Settings\eeyore\Application Data\Mozilla\Firefox\Profiles\tnyhnfw9.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.32:C:\Documents and Settings\eeyore\Application Data\Mozilla\Firefox\Profiles\tnyhnfw9.default\cookies.txt -> TrackingCookie.Clickhype : Cleaned with backup
:mozilla.33:C:\Documents and Settings\eeyore\Application Data\Mozilla\Firefox\Profiles\tnyhnfw9.default\cookies.txt -> TrackingCookie.Realcastmedia : Cleaned with backup
:mozilla.34:C:\Documents and Settings\eeyore\Application Data\Mozilla\Firefox\Profiles\tnyhnfw9.default\cookies.txt -> TrackingCookie.Realcastmedia : Cleaned with backup
:mozilla.78:C:\Documents and Settings\eeyore\Application Data\Mozilla\Firefox\Profiles\tnyhnfw9.default\cookies.txt -> TrackingCookie.Clickbank : Cleaned with backup
:mozilla.96:C:\Documents and Settings\eeyore\Application Data\Mozilla\Firefox\Profiles\tnyhnfw9.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.97:C:\Documents and Settings\eeyore\Application Data\Mozilla\Firefox\Profiles\tnyhnfw9.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.98:C:\Documents and Settings\eeyore\Application Data\Mozilla\Firefox\Profiles\tnyhnfw9.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.99:C:\Documents and Settings\eeyore\Application Data\Mozilla\Firefox\Profiles\tnyhnfw9.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.100:C:\Documents and Settings\eeyore\Application Data\Mozilla\Firefox\Profiles\tnyhnfw9.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.101:C:\Documents and Settings\eeyore\Application Data\Mozilla\Firefox\Profiles\tnyhnfw9.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.102:C:\Documents and Settings\eeyore\Application Data\Mozilla\Firefox\Profiles\tnyhnfw9.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.103:C:\Documents and Settings\eeyore\Application Data\Mozilla\Firefox\Profiles\tnyhnfw9.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.104:C:\Documents and Settings\eeyore\Application Data\Mozilla\Firefox\Profiles\tnyhnfw9.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.105:C:\Documents and Settings\eeyore\Application Data\Mozilla\Firefox\Profiles\tnyhnfw9.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.106:C:\Documents and Settings\eeyore\Application Data\Mozilla\Firefox\Profiles\tnyhnfw9.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.107:C:\Documents and Settings\eeyore\Application Data\Mozilla\Firefox\Profiles\tnyhnfw9.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.108:C:\Documents and Settings\eeyore\Application Data\Mozilla\Firefox\Profiles\tnyhnfw9.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.109:C:\Documents and Settings\eeyore\Application Data\Mozilla\Firefox\Profiles\tnyhnfw9.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.110:C:\Documents and Settings\eeyore\Application Data\Mozilla\Firefox\Profiles\tnyhnfw9.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.111:C:\Documents and Settings\eeyore\Application Data\Mozilla\Firefox\Profiles\tnyhnfw9.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.112:C:\Documents and Settings\eeyore\Application Data\Mozilla\Firefox\Profiles\tnyhnfw9.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.113:C:\Documents and Settings\eeyore\Application Data\Mozilla\Firefox\Profiles\tnyhnfw9.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.114:C:\Documents and Settings\eeyore\Application Data\Mozilla\Firefox\Profiles\tnyhnfw9.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.115:C:\Documents and Settings\eeyore\Application Data\Mozilla\Firefox\Profiles\tnyhnfw9.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.116:C:\Documents and Settings\eeyore\Application Data\Mozilla\Firefox\Profiles\tnyhnfw9.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.117:C:\Documents and Settings\eeyore\Application Data\Mozilla\Firefox\Profiles\tnyhnfw9.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.118:C:\Documents and Settings\eeyore\Application Data\Mozilla\Firefox\Profiles\tnyhnfw9.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.119:C:\Documents and Settings\eeyore\Application Data\Mozilla\Firefox\Profiles\tnyhnfw9.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.120:C:\Documents and Settings\eeyore\Application Data\Mozilla\Firefox\Profiles\tnyhnfw9.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.121:C:\Documents and Settings\eeyore\Application Data\Mozilla\Firefox\Profiles\tnyhnfw9.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.122:C:\Documents and Settings\eeyore\Application Data\Mozilla\Firefox\Profiles\tnyhnfw9.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.123:C:\Documents and Settings\eeyore\Application Data\Mozilla\Firefox\Profiles\tnyhnfw9.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.124:C:\Documents and Settings\eeyore\Application Data\Mozilla\Firefox\Profiles\tnyhnfw9.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.125:C:\Documents and Settings\eeyore\Application Data\Mozilla\Firefox\Profiles\tnyhnfw9.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.126:C:\Documents and Settings\eeyore\Application Data\Mozilla\Firefox\Profiles\tnyhnfw9.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.127:C:\Documents and Settings\eeyore\Application Data\Mozilla\Firefox\Profiles\tnyhnfw9.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.128:C:\Documents and Settings\eeyore\Application Data\Mozilla\Firefox\Profiles\tnyhnfw9.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.129:C:\Documents and Settings\eeyore\Application Data\Mozilla\Firefox\Profiles\tnyhnfw9.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.130:C:\Documents and Settings\eeyore\Application Data\Mozilla\Firefox\Profiles\tnyhnfw9.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.131:C:\Documents and Settings\eeyore\Application Data\Mozilla\Firefox\Profiles\tnyhnfw9.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.132:C:\Documents and Settings\eeyore\Application Data\Mozilla\Firefox\Profiles\tnyhnfw9.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.133:C:\Documents and Settings\eeyore\Application Data\Mozilla\Firefox\Profiles\tnyhnfw9.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.134:C:\Documents and Settings\eeyore\Application Data\Mozilla\Firefox\Profiles\tnyhnfw9.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.135:C:\Documents and Settings\eeyore\Application Data\Mozilla\Firefox\Profiles\tnyhnfw9.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.136:C:\Documents and Settings\eeyore\Application Data\Mozilla\Firefox\Profiles\tnyhnfw9.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.137:C:\Documents and Settings\eeyore\Application Data\Mozilla\Firefox\Profiles\tnyhnfw9.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.138:C:\Documents and Settings\eeyore\Application Data\Mozilla\Firefox\Profiles\tnyhnfw9.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.139:C:\Documents and Settings\eeyore\Application Data\Mozilla\Firefox\Profiles\tnyhnfw9.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.140:C:\Documents and Settings\eeyore\Application Data\Mozilla\Firefox\Profiles\tnyhnfw9.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.141:C:\Documents and Settings\eeyore\Application Data\Mozilla\Firefox\Profiles\tnyhnfw9.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.142:C:\Documents and Settings\eeyore\Application Data\Mozilla\Firefox\Profiles\tnyhnfw9.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.143:C:\Documents and Settings\eeyore\Application Data\Mozilla\Firefox\Profiles\tnyhnfw9.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.144:C:\Documents and Settings\eeyore\Application Data\Mozilla\Firefox\Profiles\tnyhnfw9.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.145:C:\Documents and Settings\eeyore\Application Data\Mozilla\Firefox\Profiles\tnyhnfw9.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.146:C:\Documents and Settings\eeyore\Application Data\Mozilla\Firefox\Profiles\tnyhnfw9.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.147:C:\Documents and Settings\eeyore\Application Data\Mozilla\Firefox\Profiles\tnyhnfw9.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.148:C:\Documents and Settings\eeyore\Application Data\Mozilla\Firefox\Profiles\tnyhnfw9.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.149:C:\Documents and Settings\eeyore\Application Data\Mozilla\Firefox\Profiles\tnyhnfw9.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.150:C:\Documents and Settings\eeyore\Application Data\Mozilla\Firefox\Profiles\tnyhnfw9.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.151:C:\Documents and Settings\eeyore\Application Data\Mozilla\Firefox\Profiles\tnyhnfw9.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.152:C:\Documents and Settings\eeyore\Application Data\Mozilla\Firefox\Profiles\tnyhnfw9.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.153:C:\Documents and Settings\eeyore\Application Data\Mozilla\Firefox\Profiles\tnyhnfw9.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.154:C:\Documents and Settings\eeyore\Application Data\Mozilla\Firefox\Profiles\tnyhnfw9.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.155:C:\Documents and Settings\eeyore\Application Data\Mozilla\Firefox\Profiles\tnyhnfw9.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.156:C:\Documents and Settings\eeyore\Application Data\Mozilla\Firefox\Profiles\tnyhnfw9.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.157:C:\Documents and Settings\eeyore\Application Data\Mozilla\Firefox\Profiles\tnyhnfw9.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.158:C:\Documents and Settings\eeyore\Application Data\Mozilla\Firefox\Profiles\tnyhnfw9.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.159:C:\Documents and Settings\eeyore\Application Data\Mozilla\Firefox\Profiles\tnyhnfw9.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.160:C:\Documents and Settings\eeyore\Application Data\Mozilla\Firefox\Profiles\tnyhnfw9.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.161:C:\Documents and Settings\eeyore\Application Data\Mozilla\Firefox\Profiles\tnyhnfw9.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.162:C:\Documents and Settings\eeyore\Application Data\Mozilla\Firefox\Profiles\tnyhnfw9.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.163:C:\Documents and Settings\eeyore\Application Data\Mozilla\Firefox\Profiles\tnyhnfw9.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.164:C:\Documents and Settings\eeyore\Application Data\Mozilla\Firefox\Profiles\tnyhnfw9.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.165:C:\Documents and Settings\eeyore\Application Data\Mozilla\Firefox\Profiles\tnyhnfw9.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.166:C:\Documents and Settings\eeyore\Application Data\Mozilla\Firefox\Profiles\tnyhnfw9.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.167:C:\Documents and Settings\eeyore\Application Data\Mozilla\Firefox\Profiles\tnyhnfw9.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.168:C:\Documents and Settings\eeyore\Application Data\Mozilla\Firefox\Profiles\tnyhnfw9.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.169:C:\Documents and Settings\eeyore\Application Data\Mozilla\Firefox\Profiles\tnyhnfw9.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.170:C:\Documents and Settings\eeyore\Application Data\Mozilla\Firefox\Profiles\tnyhnfw9.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.171:C:\Documents and Settings\eeyore\Application Data\Mozilla\Firefox\Profiles\tnyhnfw9.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.172:C:\Documents and Settings\eeyore\Application Data\Mozilla\Firefox\Profiles\tnyhnfw9.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.173:C:\Documents and Settings\eeyore\Application Data\Mozilla\Firefox\Profiles\tnyhnfw9.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.174:C:\Documents and Settings\eeyore\Application Data\Mozilla\Firefox\Profiles\tnyhnfw9.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.175:C:\Documents and Settings\eeyore\Application Data\Mozilla\Firefox\Profiles\tnyhnfw9.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.176:C:\Documents and Settings\eeyore\Application Data\Mozilla\Firefox\Profiles\tnyhnfw9.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.177:C:\Documents and Settings\eeyore\Application Data\Mozilla\Firefox\Profiles\tnyhnfw9.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.178:C:\Documents and Settings\eeyore\Application Data\Mozilla\Firefox\Profiles\tnyhnfw9.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.179:C:\Documents and Settings\eeyore\Application Data\Mozilla\Firefox\Profiles\tnyhnfw9.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.180:C:\Documents and Settings\eeyore\Application Data\Mozilla\Firefox\Profiles\tnyhnfw9.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.181:C:\Documents and Settings\eeyore\Application Data\Mozilla\Firefox\Profiles\tnyhnfw9.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.182:C:\Documents and Settings\eeyore\Application Data\Mozilla\Firefox\Profiles\tnyhnfw9.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.183:C:\Documents and Settings\eeyore\Application Data\Mozilla\Firefox\Profiles\tnyhnfw9.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.184:C:\Documents and Settings\eeyore\Application Data\Mozilla\Firefox\Profiles\tnyhnfw9.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.185:C:\Documents and Settings\eeyore\Application Data\Mozilla\Firefox\Profiles\tnyhnfw9.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.186:C:\Documents and Settings\eeyore\Application Data\Mozilla\Firefox\Profiles\tnyhnfw9.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.187:C:\Documents and Settings\eeyore\Application Data\Mozilla\Firefox\Profiles\tnyhnfw9.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.188:C:\Documents and Settings\eeyore\Application Data\Mozilla\Firefox\Profiles\tnyhnfw9.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.189:C:\Documents and Settings\eeyore\Application Data\Mozilla\Firefox\Profiles\tnyhnfw9.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.190:C:\Documents and Settings\eeyore\Application Data\Mozilla\Firefox\Profiles\tnyhnfw9.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.191:C:\Documents and Settings\eeyore\Application Data\Mozilla\Firefox\Profiles\tnyhnfw9.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.192:C:\Documents and Settings\eeyore\Application Data\Mozilla\Firefox\Profiles\tnyhnfw9.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.193:C:\Documents and Settings\eeyore\Application Data\Mozilla\Firefox\Profiles\tnyhnfw9.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.194:C:\Documents and Settings\eeyore\Application Data\Mozilla\Firefox\Profiles\tnyhnfw9.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.195:C:\Documents and Settings\eeyore\Application Data\Mozilla\Firefox\Profiles\tnyhnfw9.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.196:C:\Documents and Settings\eeyore\Application Data\Mozilla\Firefox\Profiles\tnyhnfw9.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.197:C:\Documents and Settings\eeyore\Application Data\Mozilla\Firefox\Profiles\tnyhnfw9.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.198:C:\Documents and Settings\eeyore\Application Data\Mozilla\Firefox\Profiles\tnyhnfw9.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.199:C:\Documents and Settings\eeyore\Application Data\Mozilla\Firefox\Profiles\tnyhnfw9.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.200:C:\Documents and Settings\eeyore\Application Data\Mozilla\Firefox\Profiles\tnyhnfw9.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.201:C:\Documents and Settings\eeyore\Application Data\Mozilla\Firefox\Profiles\tnyhnfw9.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.202:C:\Documents and Settings\eeyore\Application Data\Mozilla\Firefox\Profiles\tnyhnfw9.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.203:C:\Documents and Settings\eeyore\Application Data\Mozilla\Firefox\Profiles\tnyhnfw9.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.204:C:\Documents and Settings\eeyore\Application Data\Mozilla\Firefox\Profiles\tnyhnfw9.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.205:C:\Documents and Settings\eeyore\Application Data\Mozilla\Firefox\Profiles\tnyhnfw9.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.206:C:\Documents and Settings\eeyore\Application Data\Mozilla\Firefox\Profiles\tnyhnfw9.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.207:C:\Documents and Settings\eeyore\Application Data\Mozilla\Firefox\Profiles\tnyhnfw9.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.208:C:\Documents and Settings\eeyore\Application Data\Mozilla\Firefox\Profiles\tnyhnfw9.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.209:C:\Documents and Settings\eeyore\Application Data\Mozilla\Firefox\Profiles\tnyhnfw9.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.210:C:\Documents and Settings\eeyore\Application Data\Mozilla\Firefox\Profiles\tnyhnfw9.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.211:C:\Documents and Settings\eeyore\Application Data\Mozilla\Firefox\Profiles\tnyhnfw9.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.212:C:\Documents and Settings\eeyore\Application Data\Mozilla\Firefox\Profiles\tnyhnfw9.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.213:C:\Documents and Settings\eeyore\Application Data\Mozilla\Firefox\Profiles\tnyhnfw9.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.214:C:\Documents and Settings\eeyore\Application Data\Mozilla\Firefox\Profiles\tnyhnfw9.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.215:C:\Documents and Settings\eeyore\Application Data\Mozilla\Firefox\Profiles\tnyhnfw9.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.216:C:\Documents and Settings\eeyore\Application Data\Mozilla\Firefox\Profiles\tnyhnfw9.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.217:C:\Documents and Settings\eeyore\Application Data\Mozilla\Firefox\Profiles\tnyhnfw9.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.218:C:\Documents and Settings\eeyore\Application Data\Mozilla\Firefox\Profiles\tnyhnfw9.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.219:C:\Documents and Settings\eeyore\Application Data\Mozilla\Firefox\Profiles\tnyhnfw9.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.220:C:\Documents and Settings\eeyore\Application Data\Mozilla\Firefox\Profiles\tnyhnfw9.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.221:C:\Documents and Settings\eeyore\Application Data\Mozilla\Firefox\Profiles\tnyhnfw9.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.222:C:\Documents and Settings\eeyore\Application Data\Mozilla\Firefox\Profiles\tnyhnfw9.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.223:C:\Documents and Settings\eeyore\Application Data\Mozilla\Firefox\Profiles\tnyhnfw9.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.224:C:\Documents and Settings\eeyore\Application Data\Mozilla\Firefox\Profiles\tnyhnfw9.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.225:C:\Documents and Settings\eeyore\Application Data\Mozilla\Firefox\Profiles\tnyhnfw9.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.226:C:\Documents and Settings\eeyore\Application Data\Mozilla\Firefox\Profiles\tnyhnfw9.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.227:C:\Documents and Settings\eeyore\Application Data\Mozilla\Firefox\Profiles\tnyhnfw9.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.228:C:\Documents and Settings\eeyore\Application Data\Mozilla\Firefox\Profiles\tnyhnfw9.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.229:C:\Documents and Settings\eeyore\Application Data\Mozilla\Firefox\Profiles\tnyhnfw9.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.230:C:\Documents and Settings\eeyore\Application Data\Mozilla\Firefox\Profiles\tnyhnfw9.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.231:C:\Documents and Settings\eeyore\Application Data\Mozilla\Firefox\Profiles\tnyhnfw9.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.232:C:\Documents and Settings\eeyore\Application Data\Mozilla\Firefox\Profiles\tnyhnfw9.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.233:C:\Documents and Settings\eeyore\Application Data\Mozilla\Firefox\Profiles\tnyhnfw9.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.234:C:\Documents and Settings\eeyore\Application Data\Mozilla\Firefox\Profiles\tnyhnfw9.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.235:C:\Documents and Settings\eeyore\Application Data\Mozilla\Firefox\Profiles\tnyhnfw9.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.236:C:\Documents and Settings\eeyore\Application Data\Mozilla\Firefox\Profiles\tnyhnfw9.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.237:C:\Documents and Settings\eeyore\Application Data\Mozilla\Firefox\Profiles\tnyhnfw9.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.238:C:\Documents and Settings\eeyore\Application Data\Mozilla\Firefox\Profiles\tnyhnfw9.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.239:C:\Documents and Settings\eeyore\Application Data\Mozilla\Firefox\Profiles\tnyhnfw9.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.240:C:\Documents and Settings\eeyore\Application Data\Mozilla\Firefox\Profiles\tnyhnfw9.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.241:C:\Documents and Settings\eeyore\Application Data\Mozilla\Firefox\Profiles\tnyhnfw9.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.242:C:\Documents and Settings\eeyore\Application Data\Mozilla\Firefox\Profiles\tnyhnfw9.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.243:C:\Documents and Settings\eeyore\Application Data\Mozilla\Firefox\Profiles\tnyhnfw9.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.244:C:\Documents and Settings\eeyore\Application Data\Mozilla\Firefox\Profiles\tnyhnfw9.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.245:C:\Documents and Settings\eeyore\Application Data\Mozilla\Firefox\Profiles\tnyhnfw9.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.246:C:\Documents and Settings\eeyore\Application Data\Mozilla\Firefox\Profiles\tnyhnfw9.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.247:C:\Documents and Settings\eeyore\Application Data\Mozilla\Firefox\Profiles\tnyhnfw9.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.248:C:\Documents and Settings\eeyore\Application Data\Mozilla\Firefox\Profiles\tnyhnfw9.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.249:C:\Documents and Settings\eeyore\Application Data\Mozilla\Firefox\Profiles\tnyhnfw9.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.250:C:\Documents and Settings\eeyore\Application Data\Mozilla\Firefox\Profiles\tnyhnfw9.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.251:C:\Documents and Settings\eeyore\Application Data\Mozilla\Firefox\Profiles\tnyhnfw9.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.252:C:\Documents and Settings\eeyore\Application Data\Mozilla\Firefox\Profiles\tnyhnfw9.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.253:C:\Documents and Settings\eeyore\Application Data\Mozilla\Firefox\Profiles\tnyhnfw9.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.254:C:\Documents and Settings\eeyore\Application Data\Mozilla\Firefox\Profiles\tnyhnfw9.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.255:C:\Documents and Settings\eeyore\Application Data\Mozilla\Firefox\Profiles\tnyhnfw9.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.256:C:\Documents and Settings\eeyore\Application Data\Mozilla\Firefox\Profiles\tnyhnfw9.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.257:C:\Documents and Settings\eeyore\Application Data\Mozilla\Firefox\Profiles\tnyhnfw9.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.258:C:\Documents and Settings\eeyore\Application Data\Mozilla\Firefox\Profiles\tnyhnfw9.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.259:C:\Documents and Settings\eeyore\Application Data\Mozilla\Firefox\Profiles\tnyhnfw9.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.260:C:\Documents and Settings\eeyore\Application Data\Mozilla\Firefox\Profiles\tnyhnfw9.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.261:C:\Documents and Settings\eeyore\Application Data\Mozilla\Firefox\Profiles\tnyhnfw9.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.262:C:\Documents and Settings\eeyore\Application Data\Mozilla\Firefox\Profiles\tnyhnfw9.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.263:C:\Documents and Settings\eeyore\Application Data\Mozilla\Firefox\Profiles\tnyhnfw9.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.264:C:\Documents and Settings\eeyore\Application Data\Mozilla\Firefox\Profiles\tnyhnfw9.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.265:C:\Documents and Settings\eeyore\Application Data\Mozilla\Firefox\Profiles\tnyhnfw9.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.266:C:\Documents and Settings\eeyore\Application Data\Mozilla\Firefox\Profiles\tnyhnfw9.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.267:C:\Documents and Settings\eeyore\Application Data\Mozilla\Firefox\Profiles\tnyhnfw9.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.268:C:\Documents and Settings\eeyore\Application Data\Mozilla\Firefox\Profiles\tnyhnfw9.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.269:C:\Documents and Settings\eeyore\Application Data\Mozilla\Firefox\Profiles\tnyhnfw9.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.297:C:\Documents and Settings\eeyore\Application Data\Mozilla\Firefox\Profiles\tnyhnfw9.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup
:mozilla.298:C:\Documents and Settings\eeyore\Application Data\Mozilla\Firefox\Profiles\tnyhnfw9.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup
:mozilla.381:C:\Documents and Settings\eeyore\Application Data\Mozilla\Firefox\Profiles\tnyhnfw9.default\cookies.txt -> TrackingCookie.Hotlog : Cleaned with backup
:mozilla.403:C:\Documents and Settings\eeyore\Application Data\Mozilla\Firefox\Profiles\tnyhnfw9.default\cookies.txt -> TrackingCookie.Masterstats : Cleaned with backup
:mozilla.411:C:\Documents and Settings\eeyore\Application Data\Mozilla\Firefox\Profiles\tnyhnfw9.default\cookies.txt -> TrackingCookie.Sitestat : Cleaned with backup
:mozilla.412:C:\Documents and Settings\eeyore\Application Data\Mozilla\Firefox\Profiles\tnyhnfw9.default\cookies.txt -> TrackingCookie.Sitestat : Cleaned with backup
:mozilla.531:C:\Documents and Settings\eeyore\Application Data\Mozilla\Firefox\Profiles\tnyhnfw9.default\cookies.txt -> TrackingCookie.Paypopup : Cleaned with backup
:mozilla.532:C:\Documents and Settings\eeyore\Application Data\Mozilla\Firefox\Profiles\tnyhnfw9.default\cookies.txt -> TrackingCookie.Paypopup : Cleaned with backup
:mozilla.533:C:\Documents and Settings\eeyore\Application Data\Mozilla\Firefox\Profiles\tnyhnfw9.default\cookies.txt -> TrackingCookie.Paypopup : Cleaned with backup
:mozilla.534:C:\Documents and Settings\eeyore\Application Data\Mozilla\Firefox\Profiles\tnyhnfw9.default\cookies.txt -> TrackingCookie.Paypopup : Cleaned with backup
:mozilla.535:C:\Documents and Settings\eeyore\Application Data\Mozilla\Firefox\Profiles\tnyhnfw9.default\cookies.txt -> TrackingCookie.Paypopup : Cleaned with backup
:mozilla.536:C:\Documents and Settings\eeyore\Application Data\Mozilla\Firefox\Profiles\tnyhnfw9.default\cookies.txt -> TrackingCookie.Paypopup : Cleaned with backup
:mozilla.537:C:\Documents and Settings\eeyore\Application Data\Mozilla\Firefox\Profiles\tnyhnfw9.default\cookies.txt -> TrackingCookie.Paypopup : Cleaned with backup
:mozilla.538:C:\Documents and Settings\eeyore\Application Data\Mozilla\Firefox\Profiles\tnyhnfw9.default\cookies.txt -> TrackingCookie.Paypopup : Cleaned with backup
:mozilla.539:C:\Documents and Settings\eeyore\Application Data\Mozilla\Firefox\Profiles\tnyhnfw9.default\cookies.txt -> TrackingCookie.Paypopup : Cleaned with backup
:mozilla.540:C:\Documents and Settings\eeyore\Application Data\Mozilla\Firefox\Profiles\tnyhnfw9.default\cookies.txt -> TrackingCookie.Paypopup : Cleaned with backup
:mozilla.541:C:\Documents and Settings\eeyore\Application Data\Mozilla\Firefox\Profiles\tnyhnfw9.default\cookies.txt -> TrackingCookie.Paypopup : Cleaned with backup
:mozilla.542:C:\Documents and Settings\eeyore\Application Data\Mozilla\Firefox\Profiles\tnyhnfw9.default\cookies.txt -> TrackingCookie.Paypopup : Cleaned with backup
:mozilla.543:C:\Documents and Settings\eeyore\Application Data\Mozilla\Firefox\Profiles\tnyhnfw9.default\cookies.txt -> TrackingCookie.Paypopup : Cleaned with backup
:mozilla.544:C:\Documents and Settings\eeyore\Application Data\Mozilla\Firefox\Profiles\tnyhnfw9.default\cookies.txt -> TrackingCookie.Paypopup : Cleaned with backup
:mozilla.545:C:\Documents and Settings\eeyore\Application Data\Mozilla\Firefox\Profiles\tnyhnfw9.default\cookies.txt -> TrackingCookie.Paypopup : Cleaned with backup
:mozilla.546:C:\Documents and Settings\eeyore\Application Data\Mozilla\Firefox\Profiles\tnyhnfw9.default\cookies.txt -> TrackingCookie.Paypopup : Cleaned with backup
:mozilla.547:C:\Documents and Settings\eeyore\Application Data\Mozilla\Firefox\Profiles\tnyhnfw9.default\cookies.txt -> TrackingCookie.Paypopup : Cleaned with backup
:mozilla.548:C:\Documents and Settings\eeyore\Application Data\Mozilla\Firefox\Profiles\tnyhnfw9.default\cookies.txt -> TrackingCookie.Paypopup : Cleaned with backup
:mozilla.549:C:\Documents and Settings\eeyore\Application Data\Mozilla\Firefox\Profiles\tnyhnfw9.default\cookies.txt -> TrackingCookie.Paypopup : Cleaned with backup
:mozilla.550:C:\Documents and Settings\eeyore\Application Data\Mozilla\Firefox\Profiles\tnyhnfw9.default\cookies.txt -> TrackingCookie.Paypopup : Cleaned with backup
:mozilla.635:C:\Documents and Settings\eeyore\Application Data\Mozilla\Firefox\Profiles\tnyhnfw9.default\cookies.txt -> TrackingCookie.Spylog : Cleaned with backup
:mozilla.640:C:\Documents and Settings\eeyore\Application Data\Mozilla\Firefox\Profiles\tnyhnfw9.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.641:C:\Documents and Settings\eeyore\Application Data\Mozilla\Firefox\Profiles\tnyhnfw9.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.642:C:\Documents and Settings\eeyore\Application Data\Mozilla\Firefox\Profiles\tnyhnfw9.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.643:C:\Documents and Settings\eeyore\Application Data\Mozilla\Firefox\Profiles\tnyhnfw9.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup
:mozilla.644:C:\Documents and Settings\eeyore\Application Data\Mozilla\Firefox\Profiles\tnyhnfw9.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup
:mozilla.645:C:\Documents and Settings\eeyore\Application Data\Mozilla\Firefox\Profiles\tnyhnfw9.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup
:mozilla.646:C:\Documents and Settings\eeyore\Application Data\Mozilla\Firefox\Profiles\tnyhnfw9.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup
:mozilla.647:C:\Documents and Settings\eeyore\Application Data\Mozilla\Firefox\Profiles\tnyhnfw9.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup
:mozilla.651:C:\Documents and Settings\eeyore\Application Data\Mozilla\Firefox\Profiles\tnyhnfw9.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup
:mozilla.652:C:\Documents and Settings\eeyore\Application Data\Mozilla\Firefox\Profiles\tnyhnfw9.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup
:mozilla.653:C:\Documents and Settings\eeyore\Application Data\Mozilla\Firefox\Profiles\tnyhnfw9.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup
:mozilla.692:C:\Documents and Settings\eeyore\Application Data\Mozilla\Firefox\Profiles\tnyhnfw9.default\cookies.txt -> TrackingCookie.Sitestat : Cleaned with backup
:mozilla.693:C:\Documents and Settings\eeyore\Application Data\Mozilla\Firefox\Profiles\tnyhnfw9.default\cookies.txt -> TrackingCookie.Sitestat : Cleaned with backup
:mozilla.694:C:\Documents and Settings\eeyore\Application Data\Mozilla\Firefox\Profiles\tnyhnfw9.default\cookies.txt -> TrackingCookie.Sitestat : Cleaned with backup
:mozilla.708:C:\Documents and Settings\eeyore\Application Data\Mozilla\Firefox\Profiles\tnyhnfw9.default\cookies.txt -> TrackingCookie.Weborama : Cleaned with backup
:mozilla.709:C:\Documents and Settings\eeyore\Application Data\Mozilla\Firefox\Profiles\tnyhnfw9.default\cookies.txt -> TrackingCookie.Weborama : Cleaned with backup
:mozilla.986:C:\Documents and Settings\eeyore\Application Data\Mozilla\Firefox\Profiles\tnyhnfw9.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
:mozilla.987:C:\Documents and Settings\eeyore\Application Data\Mozilla\Firefox\Profiles\tnyhnfw9.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
:mozilla.988:C:\Documents and Settings\eeyore\Application Data\Mozilla\Firefox\Profiles\tnyhnfw9.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
C:\Documents and Settings\eeyore\My Documents\My Received Files\my pic 2.exe/hauntpc.exe -> Not-A-Virus.BadJoke.Win32.Hauntpc : Cleaned with backup
C:\TOOLKIT\Internet Tools\Outlooker\Outlooker.exe -> Not-A-Virus.PSWTool.Win32.Outlooker : Cleaned with backup
C:\WINDOWS\VirtualDNS.dll -> Adware.Webdir : Cleaned with backup
D:\## mirc downloads\165 Standalone Programs for Windows XP\~\PROGRAMS\Internet Tools\Outlooker\Outlooker.exe -> Not-A-Virus.PSWTool.Win32.Outlooker : Cleaned with backup
L:\P900\pc corupt\pc\crack.exe -> Downloader.Small.ic : Cleaned with backup
L:\Temp\zangoinstaller.exe/clientax.dll -> Adware.180Solutions : Cleaned with backup
L:\Temp\zangoinstaller.exe/clientax.dll -> Adware.180Solutions : Cleaned with backup


::Report End



Logfile of HijackThis v1.99.1
Scan saved at 14:05:02, on 25/03/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\PROGRA~1\softwin\BITDEF~1\bdmcon.exe
C:\WINDOWS\system32\devldr32.exe
C:\Program Files\Softwin\BitDefender9\bdoesrv.exe
C:\progra~1\softwin\bitdef~1\bdnagent.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\MMDiag.exe
C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
C:\progra~1\softwin\bitdef~1\bdswitch.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mim.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Raxco\PerfectDisk\PDSched.exe
C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe
C:\Program Files\Softwin\BitDefender9\vsserv.exe
C:\WINDOWS\System32\alg.exe
C:\PROGRA~1\COMMON~1\PHILIP~1\USBCON~1.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
c:\PROGRA~1\INTUWA~1\Shared\MROUTE~1\MROUTE~2.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\eeyore\Desktop\Spy Checkers\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R3 - URLSearchHook: _URLHandler - {7D5363BA-EA6A-4A20-8AAB-DA7A702F0159} - C:\PROGRA~1\NOVA-E~1\PCMOBI~1\MOBILE~1.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: CVirtualDNSObj Object - {86C510E9-97EF-4749-914F-0280247BE3A6} - C:\WINDOWS\VirtualDNS.dll (file missing)
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [MimBoot] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mimboot.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [BDMCon] c:\PROGRA~1\softwin\BITDEF~1\bdmcon.exe
O4 - HKLM\..\Run: [BDOESRV] "C:\Program Files\Softwin\BitDefender9\bdoesrv.exe"
O4 - HKLM\..\Run: [BDNewsAgent] "C:\PROGRA~1\softwin\BITDEF~1\bdnagent.exe"
O4 - HKLM\..\Run: [BDSwitchAgent] "C:\PROGRA~1\softwin\BITDEF~1\bdswitch.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\eeyore\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.musicmatch.com
O15 - Trusted Zone: *.musicmatch.com (HKLM)
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_1_0_0_44.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1141842434674
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1141842423284
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697514} (NsvPlayX Control) - http://www.nullsoft.com/nsv/embed/nsvplayx_vp3_mp3.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: Adobe Active File Monitor V4 (AdobeActiveFileMonitor4.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe" /service (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
O23 - Service: PDScheduler (PDSched) - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDSched.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - C:\Program Files\Softwin\BitDefender9\vsserv.exe" /service (file missing)
O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)

#4 rstones12

rstones12

    Malware Expert


  • Members
  • 227 posts
  • OFFLINE
  •  
  • Location:Tempe, Arizona
  • Local time:09:07 AM

Posted 25 March 2006 - 06:36 PM

raykoko,

Thanks for the file submission... :thumbsup:

Now lets move on.

Please read "ALL" of the instructions before proceeding:

You will need to print out these instructions for a reference or you can
save them by copying and pasting them into notepad and saving the text file to the desktop.

This process will take a few steps, please take your time and follow the directions in the order posted.

==

Please submit the following file to this online Virus Scanner, I don't recognize the file. Are you currently using an Erickson phone with the cradle?
The file will be located in this directroy C:\ProgramFiles\

C:\PROGRA~1\NOVA-E~1\PCMOBI~1\MOBILE~1.DLL

http://www.virustotal.com

It will create a report once the scan is finished, please post those results here in your next post.

Now open HijackThis and perform a scan only, then place a checkmark next to each of the following items:

O2 - BHO: CVirtualDNSObj Object - {86C510E9-97EF-4749-914F-0280247BE3A6} - C:\WINDOWS\VirtualDNS.dll (file missing)

O15 - Trusted Zone: *.musicmatch.com
O15 - Trusted Zone: *.musicmatch.com (HKLM)

Now close all browsers and open windows except for HijackThis, then click the Fix Checked button. Once that completes close HijackThis.

Now using MyComputer find and remove the following folders if present:

C:\TOOLKIT\Internet Tools\Outlooker\ <-- Folder
D:\## mirc downloads\165 Standalone Programs for Windows XP\~\PROGRAMS\Internet Tools\Outlooker\ <-- Folder

Now run the ATF Cleaner with the directions provided above.

Once that is complete please do the following:

Please do an online scan with Kaspersky WebScanner

Click on Kaspersky Online Scanner

You will be promted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
    Extended (if available otherwise Standard)
    • Scan Options:
    Scan Archives
    Scan Mail Bases
  • Click OK
  • Now under select a target to scan:Select My Computer
  • This will program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Now click on the Save as Text button:
  • Save the file to your desktop.
  • Copy and paste that information in your next post.
Please post the results from the VirusTotal scan the Kaspersky Online Scanner and a new HijackThis log by using Add Reply.

Thanks,
rstones12
"Security is a Process not a Product"

Posted Image Version 3.6
Help here is always free, but if you want to donate to help me continue my fight against malware -- Click Here

#5 raykoko

raykoko
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:04:07 PM

Posted 26 March 2006 - 07:15 AM

having problems.
yes i am using sony ericsson mobile phone cradle, here's the log
This is a report processed by VirusTotal on 03/26/2006 at 13:13:03 (CET) after scanning the file "MobileDrive.dll" file.
Antivirus Version Update Result
AntiVir 6.34.0.14 03.25.2006 no virus found
Avast 4.6.695.0 03.25.2006 no virus found
AVG 386 03.24.2006 no virus found
Avira 6.34.0.54 03.25.2006 no virus found
BitDefender 7.2 03.26.2006 no virus found
CAT-QuickHeal 8.00 03.25.2006 no virus found
ClamAV devel-20060202 03.25.2006 no virus found
DrWeb 4.33 03.26.2006 no virus found
eTrust-InoculateIT 23.71.111 03.25.2006 no virus found
eTrust-Vet 12.4.2133 03.24.2006 no virus found
Ewido 3.5 03.25.2006 no virus found
Fortinet 2.71.0.0 03.26.2006 no virus found
F-Prot 3.16c 03.23.2006 no virus found
Ikarus 0.2.59.0 03.24.2006 no virus found
Kaspersky 4.0.2.24 03.26.2006 no virus found
McAfee 4726 03.24.2006 no virus found
NOD32v2 1.1458 03.24.2006 no virus found
Norman 5.70.10 03.26.2006 no virus found
Panda 9.0.0.4 03.25.2006 no virus found
Sophos 4.04.0 03.25.2006 no virus found
Symantec 8.0 03.26.2006 no virus found
TheHacker 5.9.7.120 03.26.2006 no virus found
UNA 1.83 03.23.2006 no virus found
VBA32 3.10.5 03.26.2006 no virus found

ran atf cleaner again but cannot get Kapersky Online Scanner past trying to load the ActiveX component.
security levels set at medium or less except for restricted sites which is set to high and stays at high whatever i try to do

now working, is it ok to leave setting for automatic activex installs as enabled?

Edited by raykoko, 26 March 2006 - 09:47 AM.


#6 raykoko

raykoko
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:04:07 PM

Posted 26 March 2006 - 12:09 PM

here are the kapersky and new hijackthis logs

-------------------------------------------------------------------------------
KASPERSKY ON-LINE SCANNER REPORT
Sunday, March 26, 2006 6:05:10 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky On-line Scanner version: 5.0.78.0
Kaspersky Anti-Virus database last update: 26/03/2006
Kaspersky Anti-Virus database records: 184055
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\
E:\
F:\
J:\
K:\
L:\
W:\

Scan Statistics:
Total number of scanned objects: 186217
Number of viruses found: 18
Number of infected objects: 57
Number of suspicious objects: 0
Duration of the scan process: 02:18:03

Infected Object Name / Virus Name / Last Action
C:\Program Files\mIRC\mirc.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.616 skipped
C:\System Volume Information\_restore{5A997F2F-8F0B-4667-B544-47033F4353CD}\RP311\A0060733.exe Infected: not-a-virus:PSWTool.Win32.Outlooker skipped
C:\System Volume Information\_restore{5A997F2F-8F0B-4667-B544-47033F4353CD}\RP311\A0060734.dll Infected: not-a-virus:AdWare.Win32.Webdir.b skipped
C:\TOOLKIT\SystemTools\chngky\kv.exe/data.rar/xpkey.exe Infected: not-a-virus:PSWTool.Win32.RAS.a skipped
C:\TOOLKIT\SystemTools\chngky\kv.exe/data.rar/officekey.exe Infected: not-a-virus:PSWTool.Win32.RAS.a skipped
C:\TOOLKIT\SystemTools\chngky\kv.exe/data.rar Infected: not-a-virus:PSWTool.Win32.RAS.a skipped
C:\TOOLKIT\SystemTools\chngky\kv.exe RarSFX: infected - 3 skipped
C:\TOOLKIT\SystemTools\KeyViewer\KeyViewer.exe/data.rar/xpkey.exe Infected: not-a-virus:PSWTool.Win32.RAS.a skipped
C:\TOOLKIT\SystemTools\KeyViewer\KeyViewer.exe/data.rar/officekey.exe Infected: not-a-virus:PSWTool.Win32.RAS.a skipped
C:\TOOLKIT\SystemTools\KeyViewer\KeyViewer.exe/data.rar Infected: not-a-virus:PSWTool.Win32.RAS.a skipped
C:\TOOLKIT\SystemTools\KeyViewer\KeyViewer.exe RarSFX: infected - 3 skipped
D:\System Volume Information\_restore{5A997F2F-8F0B-4667-B544-47033F4353CD}\RP311\A0060735.exe Infected: not-a-virus:PSWTool.Win32.Outlooker skipped
D:\System Volume Information\_restore{5A997F2F-8F0B-4667-B544-47033F4353CD}\RP312\A0061257.exe/data.rar/xpkey.exe Infected: not-a-virus:PSWTool.Win32.RAS.a skipped
D:\System Volume Information\_restore{5A997F2F-8F0B-4667-B544-47033F4353CD}\RP312\A0061257.exe/data.rar/officekey.exe Infected: not-a-virus:PSWTool.Win32.RAS.a skipped
D:\System Volume Information\_restore{5A997F2F-8F0B-4667-B544-47033F4353CD}\RP312\A0061257.exe/data.rar Infected: not-a-virus:PSWTool.Win32.RAS.a skipped
D:\System Volume Information\_restore{5A997F2F-8F0B-4667-B544-47033F4353CD}\RP312\A0061257.exe RarSFX: infected - 3 skipped
D:\System Volume Information\_restore{5A997F2F-8F0B-4667-B544-47033F4353CD}\RP312\A0061638.exe/data.rar/xpkey.exe Infected: not-a-virus:PSWTool.Win32.RAS.a skipped
D:\System Volume Information\_restore{5A997F2F-8F0B-4667-B544-47033F4353CD}\RP312\A0061638.exe/data.rar/officekey.exe Infected: not-a-virus:PSWTool.Win32.RAS.a skipped
D:\System Volume Information\_restore{5A997F2F-8F0B-4667-B544-47033F4353CD}\RP312\A0061638.exe/data.rar Infected: not-a-virus:PSWTool.Win32.RAS.a skipped
D:\System Volume Information\_restore{5A997F2F-8F0B-4667-B544-47033F4353CD}\RP312\A0061638.exe RarSFX: infected - 3 skipped
L:\# MUSIC\My Shared Folder\kmd151_en.exe/data0003/cd_clint.dll Infected: not-a-virus:AdWare.Win32.Cydoor skipped
L:\# MUSIC\My Shared Folder\kmd151_en.exe/data0003/cd_htm.dll Infected: not-a-virus:AdWare.Win32.Cydoor skipped
L:\# MUSIC\My Shared Folder\kmd151_en.exe/data0003 Infected: not-a-virus:AdWare.Win32.Cydoor skipped
L:\# MUSIC\My Shared Folder\kmd151_en.exe/data0007 Infected: not-a-virus:AdWare.Win32.NewDotNet skipped
L:\# MUSIC\My Shared Folder\kmd151_en.exe/data0008/SaveNow.exe Infected: not-a-virus:AdWare.Win32.SaveNow.av skipped
L:\# MUSIC\My Shared Folder\kmd151_en.exe/data0008/Uninst.exe Infected: not-a-virus:AdWare.Win32.SaveNow.au skipped
L:\# MUSIC\My Shared Folder\kmd151_en.exe/data0008 Infected: not-a-virus:AdWare.Win32.SaveNow.au skipped
L:\# MUSIC\My Shared Folder\kmd151_en.exe/data0011/bdedetect1.dll Infected: not-a-virus:AdWare.Win32.BrilliantDigital.1007 skipped
L:\# MUSIC\My Shared Folder\kmd151_en.exe/data0011 Infected: not-a-virus:AdWare.Win32.BrilliantDigital.1007 skipped
L:\# MUSIC\My Shared Folder\kmd151_en.exe/data0014 Infected: not-a-virus:AdWare.Win32.BrilliantDigital.1007 skipped
L:\# MUSIC\My Shared Folder\kmd151_en.exe/data0015 Infected: not-a-virus:AdWare.Win32.Altnet.a skipped
L:\# MUSIC\My Shared Folder\kmd151_en.exe/data0021/bdeinstall.exe Infected: not-a-virus:AdWare.Win32.BrilliantDigital.1044 skipped
L:\# MUSIC\My Shared Folder\kmd151_en.exe/data0021 Infected: not-a-virus:AdWare.Win32.BrilliantDigital.1044 skipped
L:\# MUSIC\My Shared Folder\kmd151_en.exe/data0022/bde3d_ref2.dll Infected: not-a-virus:AdWare.Win32.BrilliantDigital.d skipped
L:\# MUSIC\My Shared Folder\kmd151_en.exe/data0022 Infected: not-a-virus:AdWare.Win32.BrilliantDigital.d skipped
L:\# MUSIC\My Shared Folder\kmd151_en.exe/data0025/bdeload.dll Infected: not-a-virus:AdWare.Win32.BrilliantDigital.e skipped
L:\# MUSIC\My Shared Folder\kmd151_en.exe/data0025 Infected: not-a-virus:AdWare.Win32.BrilliantDigital.e skipped
L:\# MUSIC\My Shared Folder\kmd151_en.exe/data0026/bdeplayer2.dll Infected: not-a-virus:AdWare.Win32.BrilliantDigital.f skipped
L:\# MUSIC\My Shared Folder\kmd151_en.exe/data0026 Infected: not-a-virus:AdWare.Win32.BrilliantDigital.f skipped
L:\# MUSIC\My Shared Folder\kmd151_en.exe/data0029/BDESac10.dll Infected: not-a-virus:AdWare.Win32.BrilliantDigital.3120 skipped
L:\# MUSIC\My Shared Folder\kmd151_en.exe/data0029 Infected: not-a-virus:AdWare.Win32.BrilliantDigital.3120 skipped
L:\# MUSIC\My Shared Folder\kmd151_en.exe/data0030/bdeviewer.exe Infected: Trojan.Win32.Krepper.y skipped
L:\# MUSIC\My Shared Folder\kmd151_en.exe/data0030 Infected: Trojan.Win32.Krepper.y skipped
L:\# MUSIC\My Shared Folder\kmd151_en.exe/data0032/BDEVerify.exe Infected: not-a-virus:AdWare.Win32.BrilliantDigital.a skipped
L:\# MUSIC\My Shared Folder\kmd151_en.exe/data0032/BDEVerify.dll Infected: not-a-virus:AdWare.Win32.BrilliantDigital.b skipped
L:\# MUSIC\My Shared Folder\kmd151_en.exe/data0032 Infected: not-a-virus:AdWare.Win32.BrilliantDigital.b skipped
L:\# MUSIC\My Shared Folder\kmd151_en.exe Inno: infected - 26 skipped
L:\# MUSIC\My Shared Folder\kmd171gu_en.exe/data0004/cd_clint.dll Infected: not-a-virus:AdWare.Win32.Cydoor skipped
L:\# MUSIC\My Shared Folder\kmd171gu_en.exe/data0004/cd_htm.dll Infected: not-a-virus:AdWare.Win32.Cydoor skipped
L:\# MUSIC\My Shared Folder\kmd171gu_en.exe/data0004 Infected: not-a-virus:AdWare.Win32.Cydoor skipped
L:\# MUSIC\My Shared Folder\kmd171gu_en.exe Inno: infected - 3 skipped
L:\## Still to be copied ##\xp serial finder kf141\keyfinder.exe/data.rar/xpkey.exe Infected: not-a-virus:PSWTool.Win32.RAS.a skipped
L:\## Still to be copied ##\xp serial finder kf141\keyfinder.exe/data.rar/officekey.exe Infected: not-a-virus:PSWTool.Win32.RAS.a skipped
L:\## Still to be copied ##\xp serial finder kf141\keyfinder.exe/data.rar Infected: not-a-virus:PSWTool.Win32.RAS.a skipped
L:\## Still to be copied ##\xp serial finder kf141\keyfinder.exe RarSFX: infected - 3 skipped
L:\System Volume Information\_restore{7610C4B3-11ED-4A9C-A8B1-1DF619EBD931}\RP514\A0082046.exe/data0001.bin Infected: not-a-virus:Client-IRC.Win32.mIRC.616 skipped
L:\System Volume Information\_restore{7610C4B3-11ED-4A9C-A8B1-1DF619EBD931}\RP514\A0082046.exe mIRC: infected - 1 skipped

Scan process completed.

===============================================================

Logfile of HijackThis v1.99.1
Scan saved at 18:06:00, on 26/03/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Softwin\BitDefender9\bdoesrv.exe
C:\progra~1\softwin\bitdef~1\bdnagent.exe
C:\progra~1\softwin\bitdef~1\bdswitch.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\MMDiag.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mim.exe
C:\WINDOWS\system32\devldr32.exe
C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Raxco\PerfectDisk\PDSched.exe
C:\WINDOWS\System32\alg.exe
C:\PROGRA~1\COMMON~1\PHILIP~1\USBCON~1.EXE
c:\PROGRA~1\INTUWA~1\Shared\MROUTE~1\MROUTE~2.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe
C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
c:\program files\softwin\bitdefender9\bdmcon.exe
C:\Program Files\Softwin\BitDefender9\vsserv.exe
C:\Documents and Settings\eeyore\Desktop\Spy Checkers\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R3 - URLSearchHook: _URLHandler - {7D5363BA-EA6A-4A20-8AAB-DA7A702F0159} - C:\PROGRA~1\NOVA-E~1\PCMOBI~1\MOBILE~1.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [MimBoot] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mimboot.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [BDMCon] c:\PROGRA~1\softwin\BITDEF~1\bdmcon.exe
O4 - HKLM\..\Run: [BDOESRV] "C:\Program Files\Softwin\BitDefender9\bdoesrv.exe"
O4 - HKLM\..\Run: [BDNewsAgent] "c:\program files\softwin\bitdefender9\bdnagent.exe"
O4 - HKLM\..\Run: [BDSwitchAgent] "c:\program files\softwin\bitdefender9\bdswitch.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\eeyore\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_1_0_0_44.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1141842434674
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1141842423284
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697514} (NsvPlayX Control) - http://www.nullsoft.com/nsv/embed/nsvplayx_vp3_mp3.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: Adobe Active File Monitor V4 (AdobeActiveFileMonitor4.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe" /service (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
O23 - Service: PDScheduler (PDSched) - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDSched.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - C:\Program Files\Softwin\BitDefender9\vsserv.exe" /service (file missing)
O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)

#7 rstones12

rstones12

    Malware Expert


  • Members
  • 227 posts
  • OFFLINE
  •  
  • Location:Tempe, Arizona
  • Local time:09:07 AM

Posted 26 March 2006 - 12:42 PM

raykoko,

How many users do you have on this system.

Do you have a network drive or an external hard drive with this?

Do you have a CD inserted at the moment?

Scan Target - My Computer:
A:\
C:\
D:\
E:\
F:\
J:\
K:\
L:\
W:\

Thanks,
rstones12
"Security is a Process not a Product"

Posted Image Version 3.6
Help here is always free, but if you want to donate to help me continue my fight against malware -- Click Here

#8 raykoko

raykoko
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:04:07 PM

Posted 26 March 2006 - 01:37 PM

everyone uses the one account

there are 2 harddrives attached, split into 5 partitions c d j k l

e f are mounted cd's using daemon tools

w is the dvd rom

there are no physical cd's in the system at the moment

i do use an external drive but that has not been connected for a while

#9 rstones12

rstones12

    Malware Expert


  • Members
  • 227 posts
  • OFFLINE
  •  
  • Location:Tempe, Arizona
  • Local time:09:07 AM

Posted 26 March 2006 - 10:58 PM

raykoko,

Please read "ALL" of the instructions before proceeding:

You will need to print out these instructions for a reference or you can
save them by copying and pasting them into notepad and saving the text file to the desktop.

This process will take a few steps, please take your time and follow the directions in the order posted.

==

OK, I dont like the looks of these two files, do you know what they are or did you install them??

C:\TOOLKIT\SystemTools\KeyViewer\KeyViewer.exe
C:\TOOLKIT\SystemTools\chngky\kv.exe


Please submit the to http://www.virustotal.com/

Submit both of the reports it generates:

Do you know what this program is used for??

L:\## Still to be copied ##\xp serial finder kf141\keyfinder.exe

rstones12
"Security is a Process not a Product"

Posted Image Version 3.6
Help here is always free, but if you want to donate to help me continue my fight against malware -- Click Here

#10 raykoko

raykoko
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:04:07 PM

Posted 27 March 2006 - 03:00 PM

rstones12
the files in folder TOOLKIT are part of a cd containing 165 applications
i am quite happy to delete the whole folder

the xp keyfinder is a program to find the key you input when setting up windows xp
again i am quite happy to delete if you feel it may be unsafe

here are the 2 logs you requested

This is a report processed by VirusTotal on 03/27/2006 at 21:49:55 (CET) after scanning the file "kv.exe" file.
Antivirus Version Update Result
AntiVir 6.34.0.14 03.27.2006 no virus found
Avast 4.6.695.0 03.25.2006 no virus found
AVG 386 03.27.2006 no virus found
Avira 6.34.0.54 03.27.2006 SPR/RAS.A
BitDefender 7.2 03.27.2006 no virus found
CAT-QuickHeal 8.00 03.27.2006 PSWTool.RAS.a (Not a Virus)
ClamAV devel-20060202 03.27.2006 no virus found
DrWeb 4.33 03.27.2006 no virus found
eTrust-InoculateIT 23.71.112 03.26.2006 no virus found
eTrust-Vet 12.4.2136 03.27.2006 no virus found
Ewido 3.5 03.27.2006 no virus found
Fortinet 2.71.0.0 03.27.2006 HackerTool/Keyfinder
F-Prot 3.16c 03.27.2006 no virus found
Ikarus 0.2.59.0 03.27.2006 no virus found
Kaspersky 4.0.2.24 03.27.2006 not-a-virus:PSWTool.Win32.RAS.a
McAfee 4727 03.27.2006 potentially unwanted program Generic PUP
NOD32v2 1.1458 03.24.2006 Win32/PSWTool.RAS.A
Norman 5.70.10 03.27.2006 no virus found
Panda 9.0.0.4 03.27.2006 no virus found
Sophos 4.04.0 03.27.2006 no virus found
Symantec 8.0 03.27.2006 no virus found
TheHacker 5.9.7.120 03.26.2006 no virus found
UNA 1.83 03.23.2006 no virus found
VBA32 3.10.5 03.27.2006 no virus found


This is a report processed by VirusTotal on 03/27/2006 at 21:52:48 (CET) after scanning the file "KeyViewer.exe" file.
Antivirus Version Update Result
AntiVir 6.34.0.14 03.27.2006 no virus found
Avast 4.6.695.0 03.25.2006 no virus found
AVG 386 03.27.2006 no virus found
Avira 6.34.0.54 03.27.2006 SPR/RAS.A
BitDefender 7.2 03.27.2006 no virus found
CAT-QuickHeal 8.00 03.27.2006 PSWTool.RAS.a (Not a Virus)
ClamAV devel-20060202 03.27.2006 no virus found
DrWeb 4.33 03.27.2006 no virus found
eTrust-InoculateIT 23.71.112 03.26.2006 no virus found
eTrust-Vet 12.4.2136 03.27.2006 no virus found
Ewido 3.5 03.27.2006 no virus found
Fortinet 2.71.0.0 03.27.2006 HackerTool/Keyfinder
F-Prot 3.16c 03.27.2006 no virus found
Ikarus 0.2.59.0 03.27.2006 no virus found
Kaspersky 4.0.2.24 03.27.2006 not-a-virus:PSWTool.Win32.RAS.a
McAfee 4727 03.27.2006 potentially unwanted program Generic PUP
NOD32v2 1.1458 03.24.2006 Win32/PSWTool.RAS.A
Norman 5.70.10 03.27.2006 no virus found
Panda 9.0.0.4 03.27.2006 no virus found
Sophos 4.04.0 03.27.2006 no virus found
Symantec 8.0 03.27.2006 no virus found
TheHacker 5.9.7.120 03.26.2006 no virus found
UNA 1.83 03.23.2006 no virus found
VBA32 3.10.5 03.27.2006 no virus found

raykoko

#11 rstones12

rstones12

    Malware Expert


  • Members
  • 227 posts
  • OFFLINE
  •  
  • Location:Tempe, Arizona
  • Local time:09:07 AM

Posted 28 March 2006 - 11:04 PM

raykoko,

Please read "ALL" of the instructions before proceeding:

You will need to print out these instructions for a reference or you can
save them by copying and pasting them into notepad and saving the text file to the desktop.

This process will take a few steps, please take your time and follow the directions in the order posted.

==

Do you use the mIRC program?

Please reboot your computer into SafeMode. You can do this by restarting your computer and continually tapping the F8 key until a menu appears. Use your up arrow key to highlight Safe Mode then hit enter.

Once in SafeMode go to MyComputer and remove the following:

These are potentially dangerous programs and should be removed.

C:\TOOLKIT\SystemTools\chngky\ <-- Folder
C:\TOOLKIT\SystemTools\KeyViewer\ <-- Folder
L:\# MUSIC\My Shared Folder\kmd151_en.exe <-- File
L:\## Still to be copied ##\xp serial finder kf141\ <-- Folder

Now run the ATF Cleaner.

Reboot your system back into Normal Mode and re-run the Kaspersky Online Scan.

Post those results along with a new HijackThis log by using Add Reply.

Is your BitDefender program up to date, you may want to re-install this program as well.

Thanks,
rstones12
"Security is a Process not a Product"

Posted Image Version 3.6
Help here is always free, but if you want to donate to help me continue my fight against malware -- Click Here

#12 raykoko

raykoko
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:04:07 PM

Posted 29 March 2006 - 10:14 AM

rstones12

yes i do use mirc

bitdefender9 is fully up to date

here is the kaspersky report

-------------------------------------------------------------------------------
KASPERSKY ON-LINE SCANNER REPORT
Wednesday, March 29, 2006 4:00:20 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky On-line Scanner version: 5.0.78.0
Kaspersky Anti-Virus database last update: 29/03/2006
Kaspersky Anti-Virus database records: 184769
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\
E:\
F:\
J:\
K:\
L:\
W:\

Scan Statistics:
Total number of scanned objects: 185554
Number of viruses found: 21
Number of infected objects: 60
Number of suspicious objects: 0
Duration of the scan process: 01:48:07

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\eeyore\Local Settings\Temporary Internet Files\Content.IE5\LCKJL5W9\s[1].htm Infected: Exploit.Win32.MS05-013.gen skipped
C:\Program Files\mIRC\mirc.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.616 skipped
C:\System Volume Information\_restore{5A997F2F-8F0B-4667-B544-47033F4353CD}\RP311\A0060733.exe Infected: not-a-virus:PSWTool.Win32.Outlooker skipped
C:\System Volume Information\_restore{5A997F2F-8F0B-4667-B544-47033F4353CD}\RP311\A0060734.dll Infected: not-a-virus:AdWare.Win32.Webdir.b skipped
C:\System Volume Information\_restore{5A997F2F-8F0B-4667-B544-47033F4353CD}\RP314\A0062080.exe/data.rar/xpkey.exe Infected: not-a-virus:PSWTool.Win32.RAS.a skipped
C:\System Volume Information\_restore{5A997F2F-8F0B-4667-B544-47033F4353CD}\RP314\A0062080.exe/data.rar/officekey.exe Infected: not-a-virus:PSWTool.Win32.RAS.a skipped
C:\System Volume Information\_restore{5A997F2F-8F0B-4667-B544-47033F4353CD}\RP314\A0062080.exe/data.rar Infected: not-a-virus:PSWTool.Win32.RAS.a skipped
C:\System Volume Information\_restore{5A997F2F-8F0B-4667-B544-47033F4353CD}\RP314\A0062080.exe RarSFX: infected - 3 skipped
C:\System Volume Information\_restore{5A997F2F-8F0B-4667-B544-47033F4353CD}\RP314\A0062461.exe/data.rar/xpkey.exe Infected: not-a-virus:PSWTool.Win32.RAS.a skipped
C:\System Volume Information\_restore{5A997F2F-8F0B-4667-B544-47033F4353CD}\RP314\A0062461.exe/data.rar/officekey.exe Infected: not-a-virus:PSWTool.Win32.RAS.a skipped
C:\System Volume Information\_restore{5A997F2F-8F0B-4667-B544-47033F4353CD}\RP314\A0062461.exe/data.rar Infected: not-a-virus:PSWTool.Win32.RAS.a skipped
C:\System Volume Information\_restore{5A997F2F-8F0B-4667-B544-47033F4353CD}\RP314\A0062461.exe RarSFX: infected - 3 skipped
D:\System Volume Information\_restore{5A997F2F-8F0B-4667-B544-47033F4353CD}\RP286\A0051984.exe Infected: Trojan-Downloader.Win32.IstBar.gen skipped
D:\System Volume Information\_restore{5A997F2F-8F0B-4667-B544-47033F4353CD}\RP311\A0060735.exe Infected: not-a-virus:PSWTool.Win32.Outlooker skipped
D:\System Volume Information\_restore{5A997F2F-8F0B-4667-B544-47033F4353CD}\RP312\A0061257.exe/data.rar/xpkey.exe Infected: not-a-virus:PSWTool.Win32.RAS.a skipped
D:\System Volume Information\_restore{5A997F2F-8F0B-4667-B544-47033F4353CD}\RP312\A0061257.exe/data.rar/officekey.exe Infected: not-a-virus:PSWTool.Win32.RAS.a skipped
D:\System Volume Information\_restore{5A997F2F-8F0B-4667-B544-47033F4353CD}\RP312\A0061257.exe/data.rar Infected: not-a-virus:PSWTool.Win32.RAS.a skipped
D:\System Volume Information\_restore{5A997F2F-8F0B-4667-B544-47033F4353CD}\RP312\A0061257.exe RarSFX: infected - 3 skipped
D:\System Volume Information\_restore{5A997F2F-8F0B-4667-B544-47033F4353CD}\RP312\A0061638.exe/data.rar/xpkey.exe Infected: not-a-virus:PSWTool.Win32.RAS.a skipped
D:\System Volume Information\_restore{5A997F2F-8F0B-4667-B544-47033F4353CD}\RP312\A0061638.exe/data.rar/officekey.exe Infected: not-a-virus:PSWTool.Win32.RAS.a skipped
D:\System Volume Information\_restore{5A997F2F-8F0B-4667-B544-47033F4353CD}\RP312\A0061638.exe/data.rar Infected: not-a-virus:PSWTool.Win32.RAS.a skipped
D:\System Volume Information\_restore{5A997F2F-8F0B-4667-B544-47033F4353CD}\RP312\A0061638.exe RarSFX: infected - 3 skipped
L:\# MUSIC\My Shared Folder\kmd151_en.exe/data0003/cd_clint.dll Infected: not-a-virus:AdWare.Win32.Cydoor skipped
L:\# MUSIC\My Shared Folder\kmd151_en.exe/data0003/cd_htm.dll Infected: not-a-virus:AdWare.Win32.Cydoor skipped
L:\# MUSIC\My Shared Folder\kmd151_en.exe/data0003 Infected: not-a-virus:AdWare.Win32.Cydoor skipped
L:\# MUSIC\My Shared Folder\kmd151_en.exe/data0007 Infected: not-a-virus:AdWare.Win32.NewDotNet skipped
L:\# MUSIC\My Shared Folder\kmd151_en.exe/data0008/SaveNow.exe Infected: not-a-virus:AdWare.Win32.SaveNow.av skipped
L:\# MUSIC\My Shared Folder\kmd151_en.exe/data0008/Uninst.exe Infected: not-a-virus:AdWare.Win32.SaveNow.au skipped
L:\# MUSIC\My Shared Folder\kmd151_en.exe/data0008 Infected: not-a-virus:AdWare.Win32.SaveNow.au skipped
L:\# MUSIC\My Shared Folder\kmd151_en.exe/data0011/bdedetect1.dll Infected: not-a-virus:AdWare.Win32.BrilliantDigital.1007 skipped
L:\# MUSIC\My Shared Folder\kmd151_en.exe/data0011 Infected: not-a-virus:AdWare.Win32.BrilliantDigital.1007 skipped
L:\# MUSIC\My Shared Folder\kmd151_en.exe/data0014 Infected: not-a-virus:AdWare.Win32.BrilliantDigital.1007 skipped
L:\# MUSIC\My Shared Folder\kmd151_en.exe/data0015 Infected: not-a-virus:AdWare.Win32.Altnet.a skipped
L:\# MUSIC\My Shared Folder\kmd151_en.exe/data0021/bdeinstall.exe Infected: not-a-virus:AdWare.Win32.BrilliantDigital.1044 skipped
L:\# MUSIC\My Shared Folder\kmd151_en.exe/data0021 Infected: not-a-virus:AdWare.Win32.BrilliantDigital.1044 skipped
L:\# MUSIC\My Shared Folder\kmd151_en.exe/data0022/bde3d_ref2.dll Infected: not-a-virus:AdWare.Win32.BrilliantDigital.d skipped
L:\# MUSIC\My Shared Folder\kmd151_en.exe/data0022 Infected: not-a-virus:AdWare.Win32.BrilliantDigital.d skipped
L:\# MUSIC\My Shared Folder\kmd151_en.exe/data0025/bdeload.dll Infected: not-a-virus:AdWare.Win32.BrilliantDigital.e skipped
L:\# MUSIC\My Shared Folder\kmd151_en.exe/data0025 Infected: not-a-virus:AdWare.Win32.BrilliantDigital.e skipped
L:\# MUSIC\My Shared Folder\kmd151_en.exe/data0026/bdeplayer2.dll Infected: not-a-virus:AdWare.Win32.BrilliantDigital.f skipped
L:\# MUSIC\My Shared Folder\kmd151_en.exe/data0026 Infected: not-a-virus:AdWare.Win32.BrilliantDigital.f skipped
L:\# MUSIC\My Shared Folder\kmd151_en.exe/data0029/BDESac10.dll Infected: not-a-virus:AdWare.Win32.BrilliantDigital.3120 skipped
L:\# MUSIC\My Shared Folder\kmd151_en.exe/data0029 Infected: not-a-virus:AdWare.Win32.BrilliantDigital.3120 skipped
L:\# MUSIC\My Shared Folder\kmd151_en.exe/data0030/bdeviewer.exe Infected: Trojan.Win32.Krepper.y skipped
L:\# MUSIC\My Shared Folder\kmd151_en.exe/data0030 Infected: Trojan.Win32.Krepper.y skipped
L:\# MUSIC\My Shared Folder\kmd151_en.exe/data0032/BDEVerify.exe Infected: not-a-virus:AdWare.Win32.BrilliantDigital.a skipped
L:\# MUSIC\My Shared Folder\kmd151_en.exe/data0032/BDEVerify.dll Infected: not-a-virus:AdWare.Win32.BrilliantDigital.b skipped
L:\# MUSIC\My Shared Folder\kmd151_en.exe/data0032 Infected: not-a-virus:AdWare.Win32.BrilliantDigital.b skipped
L:\# MUSIC\My Shared Folder\kmd151_en.exe Inno: infected - 26 skipped
L:\# MUSIC\My Shared Folder\kmd171gu_en.exe/data0004/cd_clint.dll Infected: not-a-virus:AdWare.Win32.Cydoor skipped
L:\# MUSIC\My Shared Folder\kmd171gu_en.exe/data0004/cd_htm.dll Infected: not-a-virus:AdWare.Win32.Cydoor skipped
L:\# MUSIC\My Shared Folder\kmd171gu_en.exe/data0004 Infected: not-a-virus:AdWare.Win32.Cydoor skipped
L:\# MUSIC\My Shared Folder\kmd171gu_en.exe Inno: infected - 3 skipped
L:\System Volume Information\_restore{5A997F2F-8F0B-4667-B544-47033F4353CD}\RP311\A0060736.exe Infected: Trojan-Downloader.Win32.Small.ic skipped
L:\System Volume Information\_restore{5A997F2F-8F0B-4667-B544-47033F4353CD}\RP314\A0062483.exe/data.rar/xpkey.exe Infected: not-a-virus:PSWTool.Win32.RAS.a skipped
L:\System Volume Information\_restore{5A997F2F-8F0B-4667-B544-47033F4353CD}\RP314\A0062483.exe/data.rar/officekey.exe Infected: not-a-virus:PSWTool.Win32.RAS.a skipped
L:\System Volume Information\_restore{5A997F2F-8F0B-4667-B544-47033F4353CD}\RP314\A0062483.exe/data.rar Infected: not-a-virus:PSWTool.Win32.RAS.a skipped
L:\System Volume Information\_restore{5A997F2F-8F0B-4667-B544-47033F4353CD}\RP314\A0062483.exe RarSFX: infected - 3 skipped
L:\System Volume Information\_restore{7610C4B3-11ED-4A9C-A8B1-1DF619EBD931}\RP514\A0082046.exe/data0001.bin Infected: not-a-virus:Client-IRC.Win32.mIRC.616 skipped
L:\System Volume Information\_restore{7610C4B3-11ED-4A9C-A8B1-1DF619EBD931}\RP514\A0082046.exe mIRC: infected - 1 skipped

Scan process completed.

All kmd files now removed from l:\# music\my shared folder

cheers
ray

#13 rstones12

rstones12

    Malware Expert


  • Members
  • 227 posts
  • OFFLINE
  •  
  • Location:Tempe, Arizona
  • Local time:09:07 AM

Posted 29 March 2006 - 09:13 PM

raykoko,
  • Close all instances of Outlook Express and Internet Explorer
  • Go to Control Panel > Internet Options > General tab
  • Click the "Delete Cookies" button
  • Next to it, Click the "Delete Files" button
  • When prompted, place a check in: "Delete all offline content", click OK
  • Go to start > run and type: cleanmgr and click ok.
  • Let it scan your system for files to remove.
  • Make sure Temporary Files, Temporary Internet Files, and Recycle Bin are the only things checked.
  • Press OK to remove them.
Now do the following:

To get an Uninstall List from HijackThis:
  • Open HijackThis, click Config, click Misc Tools
  • Click "Open Uninstall Manager"
  • Click "Save List" (generates uninstall_list.txt)
  • Click Save, copy and paste the results in your next post.
Please post a new HJT log and the uninstall list by using Add Reply.

Did you remove:

All kmd files now removed from l:\# music\my shared folder

After the scan?


Thanks,
rstones12

Edited by rstones12, 29 March 2006 - 09:41 PM.

"Security is a Process not a Product"

Posted Image Version 3.6
Help here is always free, but if you want to donate to help me continue my fight against malware -- Click Here

#14 raykoko

raykoko
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:04:07 PM

Posted 30 March 2006 - 05:57 AM

rstones12

should have mentioned that the KMD files were removed after the scan

here are the 2 logs

Logfile of HijackThis v1.99.1
Scan saved at 11:50:47, on 30/03/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Softwin\BitDefender9\bdoesrv.exe
C:\progra~1\softwin\bitdef~1\bdnagent.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\MMDiag.exe
C:\progra~1\softwin\bitdef~1\bdswitch.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mim.exe
C:\WINDOWS\system32\devldr32.exe
C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Raxco\PerfectDisk\PDSched.exe
C:\WINDOWS\System32\alg.exe
C:\PROGRA~1\COMMON~1\PHILIP~1\USBCON~1.EXE
C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe
C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
C:\Program Files\Softwin\BitDefender9\vsserv.exe
c:\progra~1\softwin\bitdef~1\bdmcon.exe
C:\Program Files\BitComet\BitComet.exe
C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
C:\Documents and Settings\eeyore\Desktop\Spy Checkers\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R3 - URLSearchHook: _URLHandler - {7D5363BA-EA6A-4A20-8AAB-DA7A702F0159} - C:\PROGRA~1\NOVA-E~1\PCMOBI~1\MOBILE~1.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [MimBoot] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mimboot.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [BDMCon] c:\PROGRA~1\softwin\BITDEF~1\bdmcon.exe
O4 - HKLM\..\Run: [BDOESRV] "C:\Program Files\Softwin\BitDefender9\bdoesrv.exe"
O4 - HKLM\..\Run: [BDNewsAgent] "c:\progra~1\softwin\bitdef~1\bdnagent.exe"
O4 - HKLM\..\Run: [BDSwitchAgent] "c:\progra~1\softwin\bitdef~1\bdswitch.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\eeyore\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_1_0_0_44.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1141842434674
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1141842423284
O16 - DPF: {84818113-96C5-11D2-BE39-006008BF4DD5} (ViewDirector Object) - http://www.scotlandspeople.gov.uk/Viewers/...ol/viewdw32.ocx
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697514} (NsvPlayX Control) - http://www.nullsoft.com/nsv/embed/nsvplayx_vp3_mp3.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: Adobe Active File Monitor V4 (AdobeActiveFileMonitor4.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe" /service (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
O23 - Service: PDScheduler (PDSched) - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDSched.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - C:\Program Files\Softwin\BitDefender9\vsserv.exe" /service (file missing)
O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)






ABBYY FineReader 5.0 Pro
AC3Filter (remove only)
Ad-Aware SE Personal
Adobe Photoshop Elements 4.0
Adobe Reader 7.0.5
Adobe Reader Chinese Traditional Fonts
Advanced TAR Repair v1.1
Atlantis version 1.4
AVI Codec Pack
Battlefield 2™
BitComet 0.59
BitDefender 9 Internet Security
Black & White® 2
BlindWrite 5.2.16
BPS Spyware-Adware Remover 8.2.0.10
Civilization III
C-Media WDM Audio Driver
Craxtion4
Creative DVD Audio Plugin for Audigy Series
DivX
DivX Player
DVD to Mobile (Sony Ericsson Edition) 1.1.1
eMusic - 50 Free MP3 offer
ewido anti-malware
Family Tree Maker 2005
FEAR
Football Manager 2006
FunProm v2.50
GrabIt 1.5.3 Beta (build 909)
HijackThis 1.99.1
Indeo® XP Software
Infinity USB 1.48
InterVideo WinDVD 7
irGet File Sharing for mIRC
IsoBuster 1.6
J2SE Runtime Environment 5.0 Update 4
J2SE Runtime Environment 5.0 Update 6
Java 2 Runtime Environment, SE v1.4.2_01
Jewel Quest Deluxe
Kaspersky On-line Scanner
LimeWire PRO 4.10.0
LiveUpdate BVRP Software
Luxor
Macromedia Flash Player 8
Mah Jong Quest (remove only)
Microsoft Office Professional Edition 2003
mIRC
mobile PhoneTools
Motorola Handset USB Driver
Mozilla Firefox (1.0.4)
Mpeg Layer3 Codec FHG-Radium v1.263
MSN Messenger 7.5
MSXML 4.0 SP2 Parser and SDK
Musicmatch® Jukebox
MyMahj v3.3b
Nero 7 Ultra Edition
NVIDIA Drivers
PC Mobile Drive
PerfectDisk
Philips GoGear HDD Device Manager
QuickPar 0.9
QuickTime
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows XP (KB883939)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899589)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901190)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB903235)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB905915)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
SEMC DSS SyncStation Driver
Sentinel System Driver
SmartFTP Client
Sony Ericsson PC Suite 3.1.1
Spelling Dictionaries For Adobe Reader Package
Spyware Doctor 3.5
Steam
Stomp RecordNow MAX
Su.Doku.Quest.v1.0-ArCADE
Tar98
The Movies™
Tiger Woods PGA TOUR 2005
TrojanHunter 4.2
Update for Windows XP (KB894391)
Update for Windows XP (KB898461)
Update for Windows XP (KB910437)
USB Dual-mode Camera v200 Installation Files
Winamp (remove only)
Windows Defender Signatures
Windows Installer 3.1 (KB893803)
Windows Installer 3.1 (KB893803)
Windows Media Format Runtime
Windows Media Player 10
Windows Media Player 9 Hotfix [See KB885492 for more information]
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890047
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB890923
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB893066
Windows XP Hotfix - KB893086
Windows XP Service Pack 2
WinRAR archiver
Winternals Administrator's Pak
WinZip
Xircom Rex 6000 Drivers and Online Documents
Xircom Rex 6000 Tools
Xircom Rex 6000, Intellisync for Rex
Xircom Rex 6000, PIM for Rex
XoftSpy
XviD MPEG-4 Video Codec
ZTreeWin (remove only)

raykoko

#15 rstones12

rstones12

    Malware Expert


  • Members
  • 227 posts
  • OFFLINE
  •  
  • Location:Tempe, Arizona
  • Local time:09:07 AM

Posted 31 March 2006 - 07:10 PM

raykoko,

A couple of things:

Please read "ALL" of the instructions before proceeding:

Go to Start > Control Panel > Add Remove Programs and remove the following:

J2SE Runtime Environment 5.0 Update 4
Java 2 Runtime Environment, SE v1.4.2_01


A few other items:

I would suggest that you update your current version of Firefox, you are currently running:

Mozilla Firefox (1.0.4) the latest version is 1.5.

How is everything else running?

Thanks,
rstones12
"Security is a Process not a Product"

Posted Image Version 3.6
Help here is always free, but if you want to donate to help me continue my fight against malware -- Click Here




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users