Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Unwanted Popups -cassava Etc


  • This topic is locked This topic is locked
28 replies to this topic

#1 RexBird

RexBird

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:01:29 PM

Posted 04 June 2006 - 05:04 AM

I frequently get pop-ups using IE and Mozilla - these are clearly related to the topics I am looking at. One of the popups indicates Cassava and others sublimemedia. Try as I may I have been unable to get rid of these. Any help would be greatly appreciated.

Logfile of HijackThis v1.99.1
Scan saved at 10:59:42, on 04/06/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\SpywareDetector\SDService.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Elaborate Bytes\DVD Region Killer\RegKillTray.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\PROGRA~1\TEXTBR~1.0\Bin\INSTAN~1.EXE
C:\WINDOWS\system32\GSICON.EXE
C:\WINDOWS\system32\dslagent.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\NETGEAR\Wireless Smart Configuration\Utility\NetgearAG.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAEE.EXE
C:\Program Files\Common Files\Real\Update_OB\RealOneMessageCenter.exe
C:\Program Files\SpywareDetector\SDSystemTray.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Documents and Settings\Rex\Application Data\My-disgo\MyKey disgo.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\Nikon\NkView6\NkvMon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Rex\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.freenetname.co.uk
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=PopupsNuker:8100
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
O2 - BHO: PopThis BHO - {0549E6CB-9985-42F6-8FD6-4EC017E6AAE1} - C:\Program Files\Surfapps.com\PopThis! Free Version\PopThis.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Hitware Popup Killer Lite - {604B283A-4E26-4504-98E7-72859F949547} - C:\PROGRA~1\HITWAR~1\sypcms.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
O4 - HKLM\..\Run: [RegKillTray] "C:\Program Files\Elaborate Bytes\DVD Region Killer\RegKillTray.exe"
O4 - HKLM\..\Run: [RegKillElbyCheck] "C:\Program Files\Elaborate Bytes\DVD Region Killer\ElbyCheck.exe" /L RegKill
O4 - HKLM\..\Run: [RegisterDropHandler] C:\PROGRA~1\TEXTBR~1.0\Bin\REGIST~1.EXE
O4 - HKLM\..\Run: [PCDRealtime] C:\WINDOWS\realtime.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [InstantAccess] C:\PROGRA~1\TEXTBR~1.0\Bin\INSTAN~1.EXE /h
O4 - HKLM\..\Run: [GSICONEXE] GSICON.EXE
O4 - HKLM\..\Run: [DXM6Patch_981116] C:\WINDOWS\p_981116.exe /Q:A
O4 - HKLM\..\Run: [DSLAGENTEXE] dslagent.exe USB
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AS00_Netgear] C:\Program Files\NETGEAR\Wireless Smart Configuration\Utility\NetgearAG.exe -hide
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [EPSON Stylus DX4200 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAEE.EXE /P26 "EPSON Stylus DX4200 Series" /O6 "USB001" /M "Stylus DX4200"
O4 - HKLM\..\Run: [SpyHunter] C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter.exe
O4 - HKLM\..\Run: [MsgCenterExe] "C:\Program Files\Common Files\Real\Update_OB\RealOneMessageCenter.exe" -osboot
O4 - HKLM\..\Run: [SystemTraySD] C:\Program Files\SpywareDetector\SDSystemTray.exe
O4 - HKLM\..\Run: [SDAutoLiveupdate] C:\Program Files\SpywareDetector\LiveUpdateSD.exe -AUTO
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\RunServices: [Microsoft Windows DLL 32-BIT] msncheck32.exe
O4 - HKCU\..\Run: [My-disgo] C:\Documents and Settings\Rex\Application Data\My-disgo\MyKey disgo.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\SYSTEM32\spool\drivers\w32x86\3\E_SRCV02.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O4 - Global Startup: NkvMon.exe.lnk = C:\Program Files\Nikon\NkView6\NkvMon.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O10 - Unknown file in Winsock LSP: c:\program files\trackzapper.com\tz spyware-remover\apptoport.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.freenetname.co.uk
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=48835
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - https://scan.safety.live.com/resource/downl...lscbase3401.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1138837477825
O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Housecall ActiveX 6.5) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://www.shockwave.com/content/luxor/mjolauncher.cab
O16 - DPF: {AEF76437-F960-4EBC-97EA-7BBB4230CF38} (OcarptMain Class) - https://oca.microsoft.com/en/secure/ocarpt.CAB
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.popcap.com/games/popcaploader_v6.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: SDNotify - C:\Program Files\SpywareDetector\SDNotify.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SDService - Max Secure Software - C:\Program Files\SpywareDetector\SDService.exe

Edited by RexBird, 04 June 2006 - 05:06 AM.


BC AdBot (Login to Remove)

 


#2 amateur

amateur

    Malware Fighter


  • Malware Response Team
  • 2,775 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:08:29 AM

Posted 04 June 2006 - 12:32 PM

Hi RexBird, and welcome to BC. :thumbsup:

I hate to be the bearer of bad news, but you have a dangerous trojan in your system evidenced by this line in your HijackThis log: :flowers:

O4 - HKLM\..\RunServices: [Microsoft Windows DLL 32-BIT] msncheck32.exe

This is what it does:

Turns off anti-virus applications
Allows others to access the computer
Deletes files off the computer
Steals information
Downloads code from the internet

Your computer potentially may have been compromised severely. Please disconnect your computer from any network and stay off line until it's reasonably cleaned.

It would be prudent to do the following:

1. Call all of your banks, credit card companies, financial institutions and inform them that you may be a victim of identity theft and to put a watch on your accounts or change all your account numbers.

2. From a clean computer, change *all* your online passwords -- for email, for banks, financial accounts, PayPal, eBay, online companies, any online forums or groups you belong to.

Do NOT change passwords or do any transactions while using the infected computer because the attacker will get the new passords and transaction information.

Here are some informative links to read:

Here are some informative links to help you decide:

What is a backdoor or remote access trojan?

Danger: Remote Access Trojans
http://www.microsoft.com/technet/security/...o/virusrat.mspx

When should I re-format? How should I reinstall?
http://www.dslreports.com/faq/10063

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
http://www.dslreports.com/faq/10451

Rootkits: The Obscure Hacker Attack
http://www.microsoft.com/technet/community...tip/st1005.mspx

Security Management - May 2004
Help: I Got Hacked. Now What Do I Do?
http://www.microsoft.com/technet/community...gmt/sm0504.mspx

Security Management - July 2004
Help: I Got Hacked. Now What Do I Do? Part II
http://www.microsoft.com/technet/community...gmt/sm0704.mspx

http://www.eweek.com/article2/0,1895,1945808,00.asp



Please let me know what you would like to do.

Edited by amateur, 04 June 2006 - 01:03 PM.


#3 RexBird

RexBird
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:01:29 PM

Posted 08 June 2006 - 02:35 PM

Hi

What are my options? I can certainly redo all passwords etc from a clean computer. But then what?

Thanks fopr the help

Rexbird

#4 amateur

amateur

    Malware Fighter


  • Malware Response Team
  • 2,775 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:08:29 AM

Posted 08 June 2006 - 03:52 PM

Hi RexBird,

Sorry if I weren't clear enough. Your options are either to attempt to clean it or to back up all of your data and then reformat and reinstall. The choice is yours and should be made after you've read the information on the links I provided. Although we don't know at this point whether it was done or not, the trojan has/had the ability to delete files off your computer, allow others access the computer, as well as stealing information. While we can attempt to clean what we see in your logs, we can't guarantee that your computer will be completely in the clear since we have no way of knowing what has been done to the computer. I would try my best to clean it if you choose to do so. However, I would recommend that you backup everything anyway, because we don't know what we may encounter in the process. Please read the information in those links and let me know what your decision is.

#5 RexBird

RexBird
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:01:29 PM

Posted 12 June 2006 - 02:46 AM

Thanks Amateur (not quite so amateaur I suspect!)

I will attempt to clean it up I think in the first instance - I have an alternative machine to back up stuff and if necessary will use that ine which is not compromised as far as I can tell. However I am more of an amateur than you so would appreciate any additional guidance on attempting to clean up the machine.

Thanks again

RexBird

#6 amateur

amateur

    Malware Fighter


  • Malware Response Team
  • 2,775 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:08:29 AM

Posted 12 June 2006 - 06:26 AM

Hi RexBird,

Please print these instructions so that you'll have access to them while in Safe Mode later.

First, you'll need to place HijackThis in a folder of its own for it to function properly. Right click on an empty area on your desktop. Go to New>Folder to create a new folder. Name the folder HijackThis. Drag and drop HijackThis.exe into this new folder.

Spyware Detector is no longer in the Rogue programs list, but there are better alternatives. Please read this: http://www.spywarewarrior.com/rogue_anti-s...m#swdetect_note

You can remove it from the Add/Remove Programs in Control Panel.

============================================

Make sure that you can see hidden files
" Click Start
" Open My Computer
" Select the Tools menu and click Folder Options
" Select the View Tab
" Under the Hidden files and folders heading select Show hidden files and folders
" Uncheck the Hide protected operating system files (recommended) option
" Click Yes to confirm
" Click OK
** These files are hidden to stop you accidentally removing something important.
It is advisable to hide them again after fixing your computer. **

============================================

Scan with HijackThis and put a checkmark agains the following entries:

O4 - HKLM\..\RunServices: [Microsoft Windows DLL 32-BIT] msncheck32.exe


Make sure that you close all windows/browsers/applications, except HijackThis and click on fix checked.

Are you using a proxy server? If not, fix this entry too:

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=PopupsNuker:8100

============================================

Boot into Safe Mode

============================================

Using Windows Search Function find and delete the following file:

msncheck32.exe

============================================

Still in Safe Mode, run Ccleaner

============================================

Restart in Normal Mode

============================================

Download, update, configure and run these two programs: http://tomcoyote.org/aawsb.php
The newest version of Ad-aware SE is 1.06 and Spybot 1.4. Even if you have these programs, use the link to get the newest version, update and configure them as in the link. Run Spybot first, reboot then run Ad-aware. Both programs back up what they remove so delete anything the programs say should be removed.

===========================================

Please do an online scan with Kaspersky Online Scanner

Click on Kaspersky Online Scanner

You will be promted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then start to download the latest definition files.
  • Once the scanner is installed and the definitions downloaded, click Next.
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
      • Extended (If available otherwise Standard)
    • Scan Options:
      • Scan Archives
      • Scan Mail Bases
  • Click OK
  • Now under select a target to scan select My Computer
  • The scan will take a while so be patient and let it run. Once the scan is complete it will display if your system has been infected.
  • Now click on the Save as Text button:
  • Save the file to your desktop.
  • Copy and paste that information in your next post please and also let me know how the computer is running now.


#7 amateur

amateur

    Malware Fighter


  • Malware Response Team
  • 2,775 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:08:29 AM

Posted 16 June 2006 - 06:36 AM

Reopened as per pm pasted below:

I seem to have been logged out of this - I have been away and am not tol familar with the etiquette.

I hav e tried what you suggested but on going into safe Mode and searchin for msncheck32.exe folder I get no result. Also I don't seem to be able to activate Kaspersky Online Scanner.

And the pop-ups still keep coming! Any further advice?


Edited by amateur, 16 June 2006 - 08:16 AM.


#8 amateur

amateur

    Malware Fighter


  • Malware Response Team
  • 2,775 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:08:29 AM

Posted 16 June 2006 - 08:22 AM

Please post a fresh HijackThis log.

#9 RexBird

RexBird
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:01:29 PM

Posted 16 June 2006 - 10:21 AM

Hi Amateur

Thanks for help - here is HJT scan

Logfile of HijackThis v1.99.1
Scan saved at 16:17:22, on 16/06/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Elaborate Bytes\DVD Region Killer\RegKillTray.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\PROGRA~1\TEXTBR~1.0\Bin\INSTAN~1.EXE
C:\WINDOWS\system32\GSICON.EXE
C:\WINDOWS\system32\dslagent.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\NETGEAR\Wireless Smart Configuration\Utility\NetgearAG.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAEE.EXE
C:\Program Files\Common Files\Real\Update_OB\RealOneMessageCenter.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Documents and Settings\Rex\Application Data\My-disgo\MyKey disgo.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\Nikon\NkView6\NkvMon.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Rex\Desktop\Hijack this\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.freenetname.co.uk
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
O2 - BHO: PopThis BHO - {0549E6CB-9985-42F6-8FD6-4EC017E6AAE1} - C:\Program Files\Surfapps.com\PopThis! Free Version\PopThis.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Hitware Popup Killer Lite - {604B283A-4E26-4504-98E7-72859F949547} - C:\PROGRA~1\HITWAR~1\sypcms.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
O4 - HKLM\..\Run: [RegKillTray] "C:\Program Files\Elaborate Bytes\DVD Region Killer\RegKillTray.exe"
O4 - HKLM\..\Run: [RegKillElbyCheck] "C:\Program Files\Elaborate Bytes\DVD Region Killer\ElbyCheck.exe" /L RegKill
O4 - HKLM\..\Run: [RegisterDropHandler] C:\PROGRA~1\TEXTBR~1.0\Bin\REGIST~1.EXE
O4 - HKLM\..\Run: [PCDRealtime] C:\WINDOWS\realtime.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [InstantAccess] C:\PROGRA~1\TEXTBR~1.0\Bin\INSTAN~1.EXE /h
O4 - HKLM\..\Run: [GSICONEXE] GSICON.EXE
O4 - HKLM\..\Run: [DXM6Patch_981116] C:\WINDOWS\p_981116.exe /Q:A
O4 - HKLM\..\Run: [DSLAGENTEXE] dslagent.exe USB
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AS00_Netgear] C:\Program Files\NETGEAR\Wireless Smart Configuration\Utility\NetgearAG.exe -hide
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [EPSON Stylus DX4200 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAEE.EXE /P26 "EPSON Stylus DX4200 Series" /O6 "USB001" /M "Stylus DX4200"
O4 - HKLM\..\Run: [SpyHunter] C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter.exe
O4 - HKLM\..\Run: [MsgCenterExe] "C:\Program Files\Common Files\Real\Update_OB\RealOneMessageCenter.exe" -osboot
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKCU\..\Run: [My-disgo] C:\Documents and Settings\Rex\Application Data\My-disgo\MyKey disgo.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\SYSTEM32\spool\drivers\w32x86\3\E_SRCV02.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O4 - Global Startup: NkvMon.exe.lnk = C:\Program Files\Nikon\NkView6\NkvMon.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O10 - Unknown file in Winsock LSP: c:\program files\trackzapper.com\tz spyware-remover\apptoport.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.freenetname.co.uk
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=48835
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - https://scan.safety.live.com/resource/downl...lscbase3401.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1138837477825
O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Housecall ActiveX 6.5) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://www.shockwave.com/content/luxor/mjolauncher.cab
O16 - DPF: {AEF76437-F960-4EBC-97EA-7BBB4230CF38} (OcarptMain Class) - https://oca.microsoft.com/en/secure/ocarpt.CAB
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.popcap.com/games/popcaploader_v6.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

#10 amateur

amateur

    Malware Fighter


  • Malware Response Team
  • 2,775 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:08:29 AM

Posted 16 June 2006 - 10:32 AM

Plesase rightclick on HijackThis.exe file and rename it as HijackThisNew.exe. Then scan with it again and post the log please.

#11 RexBird

RexBird
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:01:29 PM

Posted 16 June 2006 - 11:29 AM

Here it is.

Logfile of HijackThis v1.99.1
Scan saved at 17:27:53, on 16/06/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Elaborate Bytes\DVD Region Killer\RegKillTray.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\PROGRA~1\TEXTBR~1.0\Bin\INSTAN~1.EXE
C:\WINDOWS\system32\GSICON.EXE
C:\WINDOWS\system32\dslagent.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\NETGEAR\Wireless Smart Configuration\Utility\NetgearAG.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAEE.EXE
C:\Program Files\Common Files\Real\Update_OB\RealOneMessageCenter.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Documents and Settings\Rex\Application Data\My-disgo\MyKey disgo.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\Nikon\NkView6\NkvMon.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Rex\Desktop\Hijack this\hijackthis\Hijackthis new.exe.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.freenetname.co.uk
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
O2 - BHO: PopThis BHO - {0549E6CB-9985-42F6-8FD6-4EC017E6AAE1} - C:\Program Files\Surfapps.com\PopThis! Free Version\PopThis.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Hitware Popup Killer Lite - {604B283A-4E26-4504-98E7-72859F949547} - C:\PROGRA~1\HITWAR~1\sypcms.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
O4 - HKLM\..\Run: [RegKillTray] "C:\Program Files\Elaborate Bytes\DVD Region Killer\RegKillTray.exe"
O4 - HKLM\..\Run: [RegKillElbyCheck] "C:\Program Files\Elaborate Bytes\DVD Region Killer\ElbyCheck.exe" /L RegKill
O4 - HKLM\..\Run: [RegisterDropHandler] C:\PROGRA~1\TEXTBR~1.0\Bin\REGIST~1.EXE
O4 - HKLM\..\Run: [PCDRealtime] C:\WINDOWS\realtime.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [InstantAccess] C:\PROGRA~1\TEXTBR~1.0\Bin\INSTAN~1.EXE /h
O4 - HKLM\..\Run: [GSICONEXE] GSICON.EXE
O4 - HKLM\..\Run: [DXM6Patch_981116] C:\WINDOWS\p_981116.exe /Q:A
O4 - HKLM\..\Run: [DSLAGENTEXE] dslagent.exe USB
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AS00_Netgear] C:\Program Files\NETGEAR\Wireless Smart Configuration\Utility\NetgearAG.exe -hide
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [EPSON Stylus DX4200 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAEE.EXE /P26 "EPSON Stylus DX4200 Series" /O6 "USB001" /M "Stylus DX4200"
O4 - HKLM\..\Run: [SpyHunter] C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter.exe
O4 - HKLM\..\Run: [MsgCenterExe] "C:\Program Files\Common Files\Real\Update_OB\RealOneMessageCenter.exe" -osboot
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKCU\..\Run: [My-disgo] C:\Documents and Settings\Rex\Application Data\My-disgo\MyKey disgo.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\SYSTEM32\spool\drivers\w32x86\3\E_SRCV02.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O4 - Global Startup: NkvMon.exe.lnk = C:\Program Files\Nikon\NkView6\NkvMon.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O10 - Unknown file in Winsock LSP: c:\program files\trackzapper.com\tz spyware-remover\apptoport.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.freenetname.co.uk
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=48835
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - https://scan.safety.live.com/resource/downl...lscbase3401.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1138837477825
O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Housecall ActiveX 6.5) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://www.shockwave.com/content/luxor/mjolauncher.cab
O16 - DPF: {AEF76437-F960-4EBC-97EA-7BBB4230CF38} (OcarptMain Class) - https://oca.microsoft.com/en/secure/ocarpt.CAB
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.popcap.com/games/popcaploader_v6.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

#12 amateur

amateur

    Malware Fighter


  • Malware Response Team
  • 2,775 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:08:29 AM

Posted 16 June 2006 - 01:32 PM

Hello rexBird,

You'll have to keep in mind that this trojan may have altered things in this computer. Are you the only user? Let's try and see if you can use other scanners.

First, search for the file, msncheck32.exe in Normal Mode. If you find it, please delete it. If not, proceed with the following:

Download Registry Search by Bobbi Flekman here. If your antivirus inteferes, please allow it.

Create a folder named C:\Reg for it and unzip it into that folder.

======================================

Download and install Ewido Anti-Malware

During the installation, uncheck the following under Additional Options:
Install background guard
Install scan via context menu


Check for updates but do not run it yet.

Note: If you have problems with the updater, you can manually update Ewido.
Download ewido-signatures-full-current.exe from here and save to your Desktop.
All you need to do then is to double-click it, click Install and then when it has finished, Close.

=====================================

Please download Dr.Web CureIt to the desktop.

=====================================
Reboot your computer in Safe Mode.
" If the computer is running, shut down Windows, and then turn off the power.
" Wait 30 seconds, and then turn the computer on.
" Start tapping the F8 key. The Windows Advanced Options Menu appears. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, restart the computer and try again.
" Ensure that the Safe Mode option is selected.
" Press Enter. The computer then begins to start in Safe mode.
______________________________

Double-click the icon for RegSearch.exe in the C:\reg folder to launch the program. (You can use Windows Explorer to get there by right clicking on Start and then clicking on Explore)
Put the following in the search box and click "OK":

msncheck32.exe

After completion Notepad will be opened with all the found instances of the file.
The resulting file is saved in the same folder, location as RegSearch.exe, which is C:\Reg. I will need that file later on.

=====================================

From Safe Mode run Ewido
  • Close ALL open Windows / Programs / Folders. Please start Ewido, and run a full scan.
  • Click on Scanner
  • Click on Settings
  • Under How to scan check all boxes
  • Under Unwanted Software check all boxes
  • Under What to scan select Scan every file
  • Click on Ok
  • Click on Complete System Scan to start the scan process.
  • Let the program scan the machine.
If Ewido finds anything, it will pop up a notification. When it asks if you want to clean the first file, put a checkmark in the lower left corner of the box that says Perform action on all infections and put a checkmark in the box next to Create encrypted backup, then choose clean and click OK.

Once the scan has completed, there will be a button located on the bottom of the screen named Save Report.

Click Save Report button and save it to your desktop for easy access.

Now close Ewido-Anti-Malware.

Warning: While the scan is in progress, DO NOT open any folders or the Windows Control Panel !!

=====================================
  • Doubleclick the drweb-cureit.exe file and Allow to run the express scan
  • This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it. This is only a short scan.
  • Once the short scan has finished, you should now mark the drives that you want to scan.
  • Select all drives. A red dot shows which drives have been chosen.
  • Click the green arrow at the right, and the scan will start.
  • Click 'Yes to all' if it asks if you want to cure/move the file.
  • After the scan, in the menu, click file and choose save report list
  • Save the report to your desktop. The report will be called DrWeb.csv
  • Close Dr.Web Cureit.
  • Reboot your computer!! Because it could be possible that files in use will be moved/deleted during reboot.
=====================================

To use RootKit Revealer please make sure you are logged in as an Administrator to the computer.
  • Please download and unzip RootKitRevealer to your desktop.
  • Please leave the defaults set as they are to:
    • Hide NTFS Metadata Files: this option is on by default
    • Scan Registry: this option is on by default.
  • Launch rootkit revealer on the system and press the Scan button.
  • RootkitRevealer scans the system reporting its actions in a status area at the bottom of its window and noting discrepancies in the output list. It may take a long time. So, please disconnect from the internet and leave the PC to be scanned alone until it is finished.
  • The log can be very large please edit out the items in the following folders in the log : C:\RECYCLER\NPROTECT and C:\System Volume Information, if in the log, before posting it.
  • Please post the balance of the log here in this thread using Add Reply (please double check that it has all been posted as it may be too long for one post)
======================================

Then Download and Save BlackLite to your desktop.
F-Secure Blacklight: http://www.f-secure.com/blacklight/try.shtml
Double-click blbeta.exe then accept the agreement.
leave [X]scan through windows explorer checked,
click > scan then > next,
You'll see a list of all items found.
Don't choose for rename yet! I want to see the log first, because legit items can also be present there... like "wbemtest.exe"
There must be also a log on your desktop with the name fsbl.xxxxxxx.log (the xxxxxxx stand for numbers).

======================================

So I'll be waiting for:

1. Registry search results
2. Ewido log
3. Dr. Web.csv
4. RootkitRevealer log
5. BlackLight log
6. A fresh HijackThis log

You may have to post them separately.

#13 RexBird

RexBird
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:01:29 PM

Posted 17 June 2006 - 02:16 PM

Hi Amateur

Here we go:

backlight First
06/17/06 19:52:25 [Info]: BlackLight Engine 1.0.37 initialized
06/17/06 19:52:25 [Info]: OS: 5.1 build 2600 (Service Pack 2)
06/17/06 19:52:26 [Note]: 7019 4
06/17/06 19:52:26 [Note]: 7005 0
06/17/06 19:52:39 [Note]: 7006 0
06/17/06 19:52:39 [Note]: 7011 204
06/17/06 19:52:40 [Note]: 7026 0
06/17/06 19:52:40 [Note]: 7026 0
06/17/06 19:52:58 [Note]: FSRAW library version 1.7.1015
06/17/06 19:56:26 [Note]: 2000 1006
06/17/06 20:05:26 [Note]: 7007 0

It said no problems.

Here is rootkit

from Windows API.
C:\Program Files\Enidivx\Cache\00006784_448c220b_000e171e 11/06/2006 15:00 3.45 KB Hidden from Windows API.
C:\Program Files\Enidivx\Cache\00006784_448d443c_0008a43c 12/06/2006 11:38 40.06 KB Hidden from Windows API.
C:\Program Files\Enidivx\Cache\00006784_448ed545_000ac813 13/06/2006 16:09 4.00 KB Hidden from Windows API.
C:\Program Files\Enidivx\Cache\00006784_448fc042_000d2223 14/06/2006 08:52 240 bytes Hidden from Windows API.
C:\Program Files\Enidivx\Cache\00006784_448ffaef_0001fa8c 14/06/2006 13:02 2.90 KB Hidden from Windows API.
C:\Program Files\Enidivx\Cache\00006784_44912186_0004ce19 15/06/2006 09:59 11.13 KB Hidden from Windows API.
C:\Program Files\Enidivx\Cache\00006784_449275d7_00069bb1 16/06/2006 10:11 63.65 KB Hidden from Windows API.
C:\Program Files\Enidivx\Cache\00006784_4493d3af_0009ea7b 17/06/2006 11:04 8.39 KB Hidden from Windows API.
C:\Program Files\Enidivx\Cache\00006899_441be922_00023c61 18/03/2006 12:04 58.01 KB Hidden from Windows API.
C:\Program Files\Enidivx\Cache\00006899_44747860_0003c1e3 24/05/2006 16:14 67.85 KB Hidden from Windows API.
C:\Program Files\Enidivx\Cache\00006899_44772220_000ee041 26/05/2006 16:43 26.84 KB Hidden from Windows API.
C:\Program Files\Enidivx\Cache\00006899_44843c7a_00005bbb 05/06/2006 15:15 3.70 KB Hidden from Windows API.
C:\Program Files\Enidivx\Cache\000068f5_448441bb_0005765b 05/06/2006 15:37 2.03 KB Hidden from Windows API.
C:\Program Files\Enidivx\Cache\0000692c_441be8bf_000bac88 18/03/2006 12:02 3.79 KB Hidden from Windows API.
C:\Program Files\Enidivx\Cache\0000692c_44747725_0009fa39 24/05/2006 16:09 68.96 KB Hidden from Windows API.
C:\Program Files\Enidivx\Cache\0000692c_447721ee_0008bc16 26/05/2006 16:42 164.60 KB Hidden from Windows API.
C:\Program Files\Enidivx\Cache\0000692c_44843c4a_000bfc96 05/06/2006 15:14 3.68 KB Hidden from Windows API.
C:\Program Files\Enidivx\Cache\00006952_43a1c0ad_0002d9f9 15/12/2005 20:14 480 bytes Hidden from Windows API.
C:\Program Files\Enidivx\Cache\00006952_441a6faa_000cdca8 17/03/2006 09:13 53.80 KB Hidden from Windows API.
C:\Program Files\Enidivx\Cache\00006952_441be1fc_0008f016 18/03/2006 11:33 1.11 KB Hidden from Windows API.
C:\Program Files\Enidivx\Cache\00006952_441f1aae_000bfe34 20/03/2006 22:12 4.83 KB Hidden from Windows API.
C:\Program Files\Enidivx\Cache\00006952_441fa98c_000a4423 21/03/2006 08:21 4.89 KB Hidden from Windows API.
C:\Program Files\Enidivx\Cache\00006952_4420f7cb_0002bc79 22/03/2006 08:07 63.75 KB Hidden from Windows API.
C:\Program Files\Enidivx\Cache\00006952_4433fde9_000535ce 03/06/2006 20:05 17.76 KB Hidden from Windows API.
C:\Program Files\Enidivx\Cache\00006952_443e827a_00057759 13/04/2006 17:55 29.79 KB Hidden from Windows API.
C:\Program Files\Enidivx\Cache\00006952_4446ae48_0009f834 19/04/2006 22:40 3.81 KB Hidden from Windows API.
C:\Program Files\Enidivx\Cache\00006952_446d7b7b_000d3d36 19/05/2006 09:02 390 bytes Hidden from Windows API.
C:\Program Files\Enidivx\Cache\00006952_447088f5_000d3ed1 21/05/2006 16:36 17.29 KB Hidden from Windows API.
C:\Program Files\Enidivx\Cache\00006952_44717a48_0007621c 22/05/2006 09:46 29.51 KB Hidden from Windows API.
C:\Program Files\Enidivx\Cache\00006952_44718134_000d6169 22/05/2006 10:15 10.29 KB Hidden from Windows API.
C:\Program Files\Enidivx\Cache\00006952_4472ad8a_000d4740 23/05/2006 07:36 33.43 KB Hidden from Windows API.
C:\Program Files\Enidivx\Cache\00006952_44743445_000c9e14 24/05/2006 11:24 61.89 KB Hidden from Windows API.
C:\Program Files\Enidivx\Cache\00006952_4475ba2f_00036144 15/06/2006 10:30 1.38 KB Hidden from Windows API.
C:\Program Files\Enidivx\Cache\00006952_4476d118_0002d9fb 26/05/2006 10:57 32.09 KB Hidden from Windows API.
C:\Program Files\Enidivx\Cache\00006952_44770ddd_00063033 26/05/2006 15:17 19.83 KB Hidden from Windows API.
C:\Program Files\Enidivx\Cache\00006952_4479e53d_000071cc 28/05/2006 19:00 3.71 KB Hidden from Windows API.
C:\Program Files\Enidivx\Cache\00006952_447c7dad_00029c09 30/05/2006 18:15 64.55 KB Hidden from Windows API.
C:\Program Files\Enidivx\Cache\00006952_447ea324_000482a9 01/06/2006 09:19 51.02 KB Hidden from Windows API.
C:\Program Files\Enidivx\Cache\00006952_4480282a_00053991 14/06/2006 13:05 250 bytes Hidden from Windows API.
C:\Program Files\Enidivx\Cache\00006952_4481a77c_000c6af8 03/06/2006 16:15 4.42 KB Hidden from Windows API.
C:\Program Files\Enidivx\Cache\00006952_4482b046_0003caf3 04/06/2006 11:04 27.57 KB Hidden from Windows API.
C:\Program Files\Enidivx\Cache\00006952_448436af_000add58 05/06/2006 14:50 65.69 KB Hidden from Windows API.
C:\Program Files\Enidivx\Cache\00006952_4486997e_00010f34 07/06/2006 10:16 201.46 KB Hidden from Windows API.
C:\Program Files\Enidivx\Cache\00006952_44880323_0004ef56 08/06/2006 11:59 10.43 KB Hidden from Windows API.
C:\Program Files\Enidivx\Cache\00006952_448a8433_000db2b6 10/06/2006 09:35 5.40 KB Hidden from Windows API.
C:\Program Files\Enidivx\Cache\00006952_448a8949_00024c1e 10/06/2006 09:56 6.43 KB Hidden from Windows API.
C:\Program Files\Enidivx\Cache\00006952_448c23c4_000af1c4 11/06/2006 15:08 141.25 KB Hidden from Windows API.
C:\Program Files\Enidivx\Cache\00006952_448d4477_0001fdf0 12/06/2006 11:39 43.86 KB Hidden from Windows API.
C:\Program Files\Enidivx\Cache\00006952_448fc078_00009133 14/06/2006 08:53 993 bytes Hidden from Windows API.
C:\Program Files\Enidivx\Cache\00006952_448fe9e1_000d664b 14/06/2006 11:50 78.44 KB Hidden from Windows API.
C:\Program Files\Enidivx\Cache\00006952_448ffb0b_00041f3c 14/06/2006 13:03 1.07 KB Hidden from Windows API.
C:\Program Files\Enidivx\Cache\00006952_44901aa7_00095abb 14/06/2006 15:18 4.64 KB Hidden from Windows API.
C:\Program Files\Enidivx\Cache\00006952_44912815_0006db66 15/06/2006 10:27 54.00 KB Hidden from Windows API.
C:\Program Files\Enidivx\Cache\00006952_44927673_00052564 16/06/2006 10:14 68.00 KB Hidden from Windows API.


And there's more

C:\Program Files\Enidivx\Cache\000069d0_448441f7_000d59f6 05/06/2006 15:38 5.46 KB Hidden from Windows API.
C:\Program Files\Enidivx\Cache\00006a15_44843fbc_00000a7e 05/06/2006 15:29 243.91 KB Hidden from Windows API.
C:\Program Files\Enidivx\Cache\00006ad4_44843da0_0008318c 05/06/2006 15:20 4.67 KB Hidden from Windows API.
C:\Program Files\Enidivx\Cache\00006ad6_441beae0_0008100b 18/03/2006 12:11 44 bytes Hidden from Windows API.
C:\Program Files\Enidivx\Cache\00006ad6_44747e1a_00047dac 24/05/2006 16:39 125.94 KB Hidden from Windows API.
C:\Program Files\Enidivx\Cache\00006ad6_44843ce6_0002bb3b 05/06/2006 15:17 107.65 KB Hidden from Windows API.
C:\Program Files\Enidivx\Cache\00006b36_438a2dbd_00072831 03/06/2006 20:04 9.13 KB Hidden from Windows API.
C:\Program Files\Enidivx\Cache\00006b36_441be598_0001e354 18/03/2006 11:48 55.75 KB Hidden from Windows API.
C:\Program Files\Enidivx\Cache\00006b36_44738d8d_0007a384 23/05/2006 23:32 3.45 KB Hidden from Windows API.
C:\Program Files\Enidivx\Cache\00006b36_4474752f_0003af28 24/05/2006 16:01 630 bytes Hidden from Windows API.
C:\Program Files\Enidivx\Cache\00006b36_447d9723_0002089b 31/05/2006 14:16 91.31 KB Hidden from Windows API.
C:\Program Files\Enidivx\Cache\00006b36_44843af2_0006df7c 05/06/2006 15:08 3.77 KB Hidden from Windows API.
C:\Program Files\Enidivx\Cache\00006b36_44887a32_00013761 08/06/2006 20:27 7.32 KB Hidden from Windows API.
C:\Program Files\Enidivx\Cache\00006b36_448e0ebd_0008dafb 13/06/2006 02:02 4.24 KB Hidden from Windows API.
C:\Program Files\Enidivx\Cache\00006b36_448fc367_000350e3 14/06/2006 09:05 13.40 KB Hidden from Windows API.
C:\Program Files\Enidivx\Cache\00006b36_448ffd52_0006d8c6 14/06/2006 13:13 71.92 KB Hidden from Windows API.
C:\Program Files\Enidivx\Cache\00006b72_441bef11_0004e5e3 18/03/2006 12:29 45.44 KB Hidden from Windows API.
C:\Program Files\Enidivx\Cache\00006b72_4474dd00_00036c36 24/05/2006 23:24 20.27 KB Hidden from Windows API.
C:\Program Files\Enidivx\Cache\00006b72_44843d43_00098309 05/06/2006 15:18 3.88 KB Hidden from Windows API.
C:\Program Files\Enidivx\Cache\00006b89_441a721e_000852e8 17/03/2006 09:36 54.71 KB Hidden from Windows API.
C:\Program Files\Enidivx\Cache\00006b89_441be521_000030ab 18/03/2006 11:46 52.76 KB Hidden from Windows API.
C:\Program Files\Enidivx\Cache\00006b89_443d0a2d_0004e9a4 13/06/2006 01:56 1.93 KB Hidden from Windows API.
C:\Program Files\Enidivx\Cache\00006b89_4472f9a2_000b26f8 23/05/2006 13:01 121.03 KB Hidden from Windows API.
C:\Program Files\Enidivx\Cache\00006b89_447474e0_00032bbb 24/05/2006 16:00 546 bytes Hidden from Windows API.
C:\Program Files\Enidivx\Cache\00006b89_44771ed6_000dcb8b 04/06/2006 10:57 0 bytes Hidden from Windows API.
C:\Program Files\Enidivx\Cache\00006b89_447d969d_0001fe1c 31/05/2006 14:14 295 bytes Hidden from Windows API.
C:\Program Files\Enidivx\Cache\00006b89_44843a9d_000ca54c 05/06/2006 15:07 2.47 KB Hidden from Windows API.
C:\Program Files\Enidivx\Cache\00006b89_4486112d_0005c8a4 07/06/2006 00:35 3.73 KB Hidden from Windows API.
C:\Program Files\Enidivx\Cache\00006b89_4488792e_00040f88 08/06/2006 20:23 191.79 KB Hidden from Windows API.
C:\Program Files\Enidivx\Cache\00006b89_448a8d82_000592d4 10/06/2006 10:14 4.84 KB Hidden from Windows API.
C:\Program Files\Enidivx\Cache\00006b89_448e0c51_0004185e 13/06/2006 01:52 8.14 KB Hidden from Windows API.
C:\Program Files\Enidivx\Cache\00006b89_448ffc96_000c30a3 14/06/2006 13:09 444 bytes Hidden from Windows API.
C:\Program Files\Enidivx\Cache\00006bcb_441bf04a_00016270 18/03/2006 12:34 10.16 KB Hidden from Windows API.
C:\Program Files\Enidivx\Cache\00006bcb_44843d87_000a8c2e 05/06/2006 15:19 109.39 KB Hidden from Windows API.
C:\Program Files\Enidivx\Cache\00006be8_441befda_00069060 18/03/2006 12:32 9.67 KB Hidden from Windows API.
C:\Program Files\Enidivx\Cache\00006be8_44843d7a_00069834 05/06/2006 15:19 2.29 KB Hidden from Windows API.
C:\Program Files\Enidivx\Cache\00006bfc_441a717a_0008b17e 17/03/2006 09:21 488 bytes Hidden from Windows API.
C:\Program Files\Enidivx\Cache\00006bfc_441be484_0008a8ce 18/03/2006 11:44 4.87 KB Hidden from Windows API.
C:\Program Files\Enidivx\Cache\00006bfc_4472f99b_0002e64c 23/05/2006 13:01 58.83 KB Hidden from Windows API.
C:\Program Files\Enidivx\Cache\00006bfc_447474a9_0004dd9c 24/05/2006 15:58 588 bytes Hidden from Windows API.
C:\Program Files\Enidivx\Cache\00006bfc_44771ec9_000cbed3 26/05/2006 16:29 227.94 KB Hidden from Windows API.
C:\Program Files\Enidivx\Cache\00006bfc_447d964d_0009b579 31/05/2006 14:14 4.93 KB Hidden from Windows API.
C:\Program Files\Enidivx\Cache\00006bfc_44843a7d_00095848 05/06/2006 15:06 16.88 KB Hidden from Windows API.
C:\Program Files\Enidivx\Cache\00006bfc_44861028_000b0d11 07/06/2006 00:30 42.07 KB Hidden from Windows API.
C:\Program Files\Enidivx\Cache\00006bfc_448878ac_0006b48e 08/06/2006 20:21 210.47 KB Hidden from Windows API.
C:\Program Files\Enidivx\Cache\00006bfc_448a8c92_000cd491 10/06/2006 10:10 4.83 KB Hidden from Windows API.
C:\Program Files\Enidivx\Cache\00006bfc_448e0bb8_00052a30 13/06/2006 01:50 13.72 KB Hidden from Windows API.
C:\Program Files\Enidivx\Cache\00006bfc_448ffc8f_000bbb06 14/06/2006 13:09 229 bytes Hidden from Windows API.
C:\Program Files\Enidivx\Cache\00006bfc_44929260_00080bb3 16/06/2006 12:13 13.91 KB Hidden from Windows API.
C:\Program Files\Enidivx\Cache\00006c69_441bee62_00021f58 18/03/2006 12:26 240 bytes Hidden from Windows API.
C:\Program Files\Enidivx\Cache\00006c69_447481fc_000b8268 24/05/2006 16:55 374 bytes Hidden from Windows API.
C:\Program Files\Enidivx\Cache\00006c69_44843d16_000b460c 05/06/2006 15:17 108.03 KB Hidden from Windows API.
C:\Program Files\Enidivx\Cache\00006c6c_448444d5_0004b979 05/06/2006 15:51 76.27 KB Hidden from Windows API.
C:\Program Files\Enidivx\Cache\00006cf4_4484413d_0002d8b9 05/06/2006 15:35 245.13 KB Hidden from Windows API.
C:\Program Files\Enidivx\Cache\00006d22_44843dc7_0002a1f0 05/06/2006 15:20 10.34 KB Hidden from Windows API.
C:\Program Files\Enidivx\Cache\00006d4e_448444ec_000141c3 05/06/2006 15:51 1.97 KB Hidden from Windows API.
C:\Program Files\Enidivx\Cache\00006d69_44843fb4_00070c13 05/06/2006 15:29 4.07 KB Hidden from Windows API.
C:\Program Files\Enidivx\Cache\00006df1_43a1c0b4_000eec9c 15/12/2005 20:15 78.77 KB Hidden from Windows API.
C:\Program Files\Enidivx\Cache\00006df1_43afc68b_000b0209 31/05/2006 14:16 39.01 KB Hidden from Windows API.
C:\Program Files\Enidivx\Cache\00006df1_43b55ddf_00011394 03/06/2006 20:05 932 bytes Hidden from Windows API.
C:\Program Files\Enidivx\Cache\00006df1_441a6fb3_0006a44b 17/03/2006 09:13 4.93 KB Hidden from Windows API.
C:\Program Files\Enidivx\Cache\00006df1_441be203_000965b3 18/03/2006 11:33 267 bytes Hidden from Windows API.
C:\Program Files\Enidivx\Cache\00006df1_441f1bf1_000cfa54 20/03/2006 22:17 3.76 KB Hidden from Windows API.
C:\Program Files\Enidivx\Cache\00006df1_441faa0b_000458be 21/03/2006 08:23 53.79 KB Hidden from Windows API.
C:\Program Files\Enidivx\Cache\00006df1_4420f807_000658c1 22/03/2006 08:08 63.60 KB Hidden from Windows API.
C:\Program Files\Enidivx\Cache\00006df1_443e828b_00022c20 13/04/2006 17:55 227.34 KB Hidden from Windows API.
C:\Program Files\Enidivx\Cache\00006df1_4446ae54_000b4d89 19/04/2006 22:40 4.92 KB Hidden from Windows API.
C:\Program Files\Enidivx\Cache\00006df1_4448f060_0008cad0 02/06/2006 13:03 20.90 KB Hidden from Windows API.
C:\Program Files\Enidivx\Cache\00006df1_446da1fe_00047f18 25/05/2006 15:31 344 bytes Hidden from Windows API.
C:\Program Files\Enidivx\Cache\00006df1_4470893c_0003f4c3 21/05/2006 16:37 77.32 KB Hidden from Windows API.
C:\Program Files\Enidivx\Cache\00006df1_44717a56_0006c626 22/05/2006 09:46 6.53 KB Hidden from Windows API.
C:\Program Files\Enidivx\Cache\00006df1_4471ebdf_00042d03 22/05/2006 17:50 5.74 KB Hidden from Windows API.
C:\Program Files\Enidivx\Cache\00006df1_4472adc4_000f29f9 23/05/2006 07:37 496 bytes Hidden from Windows API.
C:\Program Files\Enidivx\Cache\00006df1_4474356e_000515c8 24/05/2006 11:29 550 bytes Hidden from Windows API.
C:\Program Files\Enidivx\Cache\00006df1_4475b551_00005031 15/06/2006 10:30 1.37 KB Hidden from Windows API.
C:\Program Files\Enidivx\Cache\00006df1_4475ba37_000d2ec0 25/05/2006 15:07 48.50 KB Hidden from Windows API.
C:\Program Files\Enidivx\Cache\00006df1_4476de30_0006d2d4 14/06/2006 09:13 442 bytes Hidden from Windows API.
C:\Program Files\Enidivx\Cache\00006df1_44770de5_000a2f2b 26/05/2006 15:17 4 bytes Hidden from Windows API.
C:\Program Files\Enidivx\Cache\00006df1_4479e545_0007cd61 28/05/2006 19:00 906 bytes Hidden from Windows API.
C:\Program Files\Enidivx\Cache\00006df1_447c7dae_0002efe6 30/05/2006 18:15 438 bytes Hidden from Windows API.
C:\Program Files\Enidivx\Cache\00006df1_447d6ade_000ec6e6 31/05/2006 11:07 3.75 KB Hidden from Windows API.
C:\Program Files\Enidivx\Cache\00006df1_447ea35b_000d34db 01/06/2006 09:20 53.49 KB Hidden from Windows API.
C:\Program Files\Enidivx\Cache\00006df1_4480289a_000936c1 02/06/2006 13:01 11.26 KB Hidden from Windows API.
C:\Program Files\Enidivx\Cache\00006df1_4481a927_000ec561 03/06/2006 16:22 23.72 KB Hidden from Windows API.
C:\Program Files\Enidivx\Cache\00006df1_448436df_0008679c 05/06/2006 14:51 110.78 KB Hidden from Windows API.
C:\Program Files\Enidivx\Cache\00006df1_4485944d_000d001e 06/06/2006 15:42 821 bytes Hidden from Windows API.
C:\Program Files\Enidivx\Cache\00006df1_44869996_00089dab 07/06/2006 10:17 202.28 KB Hidden from Windows API.
C:\Program Files\Enidivx\Cache\00006df1_4488032f_000187fc 08/06/2006 11:59 1.26 KB Hidden from Windows API.
C:\Program Files\Enidivx\Cache\00006df1_448a8437_000bccab 10/06/2006 09:35 8.88 KB Hidden from Windows API.
C:\Program Files\Enidivx\Cache\00006df1_448a89b0_000c81ab 10/06/2006 09:58 4.92 KB Hidden from Windows API.
C:\Program Files\Enidivx\Cache\00006df1_448c240a_000b90ce 11/06/2006 15:09 13.83 KB Hidden from Windows API.
C:\Program Files\Enidivx\Cache\00006df1_448ffb17_00041480 14/06/2006 13:03 821 bytes Hidden from Windows API.
C:\Program Files\Enidivx\Cache\00006df1_44912818_000e41f9 15/06/2006 10:27 1.34 KB Hidden from Windows API.
C:\Program Files\Enidivx\Cache\00006df1_449276b1_00060cc9 16/06/2006 10:15 47.09 KB Hidden from Windows API.
C:\Program Files\Enidivx\Cache\00006e5d_441a7169_000431a9 17/03/2006 09:20 7.99 KB Hidden from Windows API.
C:\Program Files\Enidivx\Cache\00006e5d_441be447_000e0ae8 18/03/2006 11:43 3.34 KB Hidden from Windows API.
C:\Program Files\Enidivx\Cache\00006e5d_4472f67e_00014786 23/05/2006 12:48 82.37 KB Hidden from Windows API.
C:\Program Files\Enidivx\Cache\00006e5d_447474a8_000c7bec 24/05/2006 15:58 553 bytes Hidden from Windows API.
C:\Program Files\Enidivx\Cache\00006e5d_44771e8a_00036a46 26/05/2006 16:28 904 bytes Hidden from Windows API.
C:\Program Files\Enidivx\Cache\00006e5d_447d964b_0005ff60 31/05/2006 14:12 637 bytes Hidden from Windows API.
C:\Program Files\Enidivx\Cache\00006e5d_44843a57_00048971 05/06/2006 15:06 1.97 KB Hidden from Windows API.
C:\Program Files\Enidivx\Cache\00006e5d_44860fb0_0003d481 07/06/2006 00:28 14.43 KB Hidden from Windows API.
C:\Program Files\Enidivx\Cache\00006e5d_44887875_000669e4 08/06/2006 20:20 160.39 KB Hidden from Windows API.
C:\Program Files\Enidivx\Cache\00006e5d_448a8c87_00084f5e 10/06/2006 10:10 4.59 KB Hidden from Windows API.
C:\Program Files\Enidivx\Cache\00006e5d_448e0b70_000a002c 13/06/2006 01:48 41.07 KB Hidden from Windows API.
C:\Program Files\Enidivx\Cache\00006e5d_448fc2aa_000434ae 14/06/2006 09:02 968 bytes Hidden from Windows API.
C:\Program Files\Enidivx\Cache\00006e5d_448ffc8f_000241a9 14/06/2006 13:09 173 bytes Hidden from Windows API.
C:\Program Files\Enidivx\Cache\00006e5d_44912cea_000f3deb 15/06/2006 10:48 2.52 KB Hidden from Windows API.
C:\Program Files\Enidivx\Cache\00006e5d_44929207_000ef3f6 16/06/2006 12:12 22.28 KB Hidden from Windows API.
C:\Program Files\Enidivx\Cache\00006e7e_4484446c_000b6edb 05/06/2006 15:49 2.03 KB Hidden from Windows API.
C:\Program Files\Enidivx\Cache\00006ea1_448444d5_000de499 05/06/2006 15:51 1.97 KB Hidden from Windows API.
C:\Program Files\Enidivx\Cache\00006f11_448440b3_00006cf3 05/06/2006 15:33 4.07 KB Hidden from Windows API.
C:\Program Files\Enidivx\Cache\00006f3c_4484412e_0002ab78 05/06/2006 15:35 10.52 KB Hidden from Windows API.
C:\Program Files\Enidivx\Cache\00006fc9_44844202_000d70b8 05/06/2006 15:38 8.88 KB Hidden from Windows API.
C:\Program Files\Enidivx\Cache\00007014_448442ea_00069e74 05/06/2006 15:42 3.97 KB Hidden from Windows API.
C:\Program Files\Enidivx\Cache\0000701f_441a710c_00077fb1 17/03/2006 09:19 56.30 KB Hidden from Windows API.
C:\Program Files\Enidivx\Cache\0000701f_441be361_00021cd0 18/03/2006 11:39 4.88 KB Hidden from Windows API.
C:\Program Files\Enidivx\Cache\0000701f_441f22b9_000ec111 20/03/2006 22:46 82.82 KB Hidden from Windows API.
C:\Program Files\Enidivx\Cache\0000701f_4421100f_0001bdb9 22/03/2006 09:51 41.25 KB Hidden from Windows API.
C:\Program Files\Enidivx\Cache\0000701f_4446b088_000050de 19/04/2006 22:50 2.03 KB Hidden from Windows API.
C:\Program Files\Enidivx\Cache\0000701f_44708af0_00091ad1 21/05/2006 16:44 298 bytes Hidden from Windows API.
C:\Program Files\Enidivx\Cache\0000701f_44720516_0002f003 22/05/2006 19:38 2.72 KB Hidden from Windows API.
C:\Program Files\Enidivx\Cache\0000701f_4472f63d_00033683 23/05/2006 12:47 5.02 KB Hidden from Windows API.
C:\Program Files\Enidivx\Cache\0000701f_447474a0_0000b1e6 24/05/2006 15:58 4.20 KB Hidden from Windows API.
C:\Program Files\Enidivx\Cache\0000701f_44771e07_0000d7a3 26/05/2006 16:25 4.06 KB Hidden from Windows API.
C:\Program Files\Enidivx\Cache\0000701f_447f4479_0009b813 02/06/2006 12:59 48.53 KB Hidden from Windows API.
C:\Program Files\Enidivx\Cache\0000701f_4481dde5_0006bf58 03/06/2006 20:07 42.43 KB Hidden from Windows API.
C:\Program Files\Enidivx\Cache\0000701f_44843996_00068fb0 05/06/2006 15:03 54.02 KB Hidden from Windows API.
C:\Program Files\Enidivx\Cache\0000701f_44860ee2_0002f89b 07/06/2006 00:25 6.73 KB Hidden from Windows API.
C:\Program Files\Enidivx\Cache\0000701f_44887807_000c8dcb 08/06/2006 20:18 19.76 KB Hidden from Windows API.
C:\Program Files\Enidivx\Cache\0000701f_448a8bc7_00004566 10/06/2006 10:07 3.56 KB Hidden from Windows API.
C:\Program Files\Enidivx\Cache\0000701f_448e0a20_00067024 13/06/2006 01:43 13.48 KB Hidden from Windows API.
C:\Program Files\Enidivx\Cache\0000701f_44912a93_000c0343 15/06/2006 10:38 72.13 KB Hidden from Windows API.
C:\Program Files\Enidivx\Cache\0000701f_4492911e_0008eaa0 16/06/2006 12:08 64.30 KB Hidden from Windows API.
C:\Program Files\Enidivx\Cache\00007049_441be8be_000cb8bc 18/03/2006 12:02 58.27 KB Hidden from Windows API.
C:\Program Files\Enidivx\Cache\00007049_447476e2_000944f1 24/05/2006 16:18 653 bytes Hidden from Windows API.
C:\Program Files\Enidivx\Cache\00007049_447721df_000ad99c 26/05/2006 16:42 679 bytes Hidden from Windows API.
C:\Program Files\Enidivx\Cache\00007049_44843c4a_00025c1b 05/06/2006 15:14 5.26 KB Hidden from Windows API.
C:\Program Files\Enidivx\Cache\000071f0_441bef4a_000b0a50 18/03/2006 12:30 8.53 KB Hidden from Windows API.
C:\Program Files\Enidivx\Cache\000071f0_44843d65_00029e59 05/06/2006 15:19 2.29 KB Hidden from Windows API.
C:\Program Files\Enidivx\Cache\00007282_44843f7e_00047c41 05/06/2006 15:28 243.47 KB Hidden from Windows API.
C:\Program Files\Enidivx\Cache\000072ae_43a1c0ad_0001a106 15/12/2005 20:14 473 bytes Hidden from Windows API.
C:\Program Files\Enidivx\Cache\000072ae_4414668f_000e15dc 02/06/2006 13:02 5.47 KB Hidden from Windows API.
C:\Program Files\Enidivx\Cache\000072ae_441a6f97_0003bc03 17/03/2006 09:13 2.43 KB Hidden from Windows API.
C:\Program Files\Enidivx\Cache\000072ae_441be1fc_000768e6 18/03/2006 11:33 479 bytes Hidden from Windows API.
C:\Program Files\Enidivx\Cache\000072ae_441f1aa8_000e7579 20/03/2006 22:12 3.58 KB Hidden from Windows API.
C:\Program Files\Enidivx\Cache\000072ae_441fa98a_000ea754 21/03/2006 08:21 69.46 KB Hidden from Windows API.
C:\Program Files\Enidivx\Cache\000072ae_4420f7bd_00026db9 22/03/2006 08:07 63.64 KB Hidden from Windows API.
C:\Program Files\Enidivx\Cache\000072ae_442b90b4_000ec916 14/06/2006 13:07 24.37 KB Hidden from Windows API.
C:\Program Files\Enidivx\Cache\000072ae_443e8279_00088019 13/04/2006 17:55 3.18 KB Hidden from Windows API.
C:\Program Files\Enidivx\Cache\000072ae_4446ae47_00029ce1 19/04/2006 22:40 71.87 KB Hidden from Windows API.
C:\Program Files\Enidivx\Cache\000072ae_446d7b7b_000b40ab 19/05/2006 09:02 742 bytes Hidden from Windows API.
C:\Program Files\Enidivx\Cache\000072ae_447088c7_000d7504 21/05/2006 16:35 6.69 KB Hidden from Windows API.
C:\Program Files\Enidivx\Cache\000072ae_4471812b_000abce3 22/05/2006 10:15 10.01 KB Hidden from Windows API.
C:\Program Files\Enidivx\Cache\000072ae_4475ba2e_000ed18c 15/06/2006 10:30 1.39 KB Hidden from Windows API.
C:\Program Files\Enidivx\Cache\000072ae_4476d114_00066e54 26/05/2006 10:57 26.39 KB Hidden from Windows API.
C:\Program Files\Enidivx\Cache\000072ae_44770dc7_0003428c 26/05/2006 15:16 19.73 KB Hidden from Windows API.
C:\Program Files\Enidivx\Cache\000072ae_4479e53c_000528db 28/05/2006 19:00 8.29 KB Hidden from Windows API.
C:\Program Files\Enidivx\Cache\000072ae_447c7d92_0009f656 30/05/2006 18:14 8.35 KB Hidden from Windows API.
C:\Program Files\Enidivx\Cache\000072ae_447d6ad5_000ac24e 31/05/2006 11:07 85.21 KB Hidden from Windows API.
C:\Program Files\Enidivx\Cache\000072ae_447ea2e1_00088a10 01/06/2006 09:31 89.35 KB Hidden from Windows API.
C:\Program Files\Enidivx\Cache\000072ae_44802829_000de9b6 02/06/2006 12:59 62.40 KB Hidden from Windows API.
C:\Program Files\Enidivx\Cache\000072ae_4481a779_000e2f84 03/06/2006 16:15 192.40 KB Hidden from Windows API.
C:\Program Files\Enidivx\Cache\000072ae_448436ad_0003a383 05/06/2006 15:03 1.11 KB Hidden from Windows API.
C:\Program Files\Enidivx\Cache\000072ae_4485944c_00010f3b 06/06/2006 15:42 35.61 KB Hidden from Windows API.
C:\Program Files\Enidivx\Cache\000072ae_44869968_00057741 07/06/2006 10:16 202.36 KB Hidden from Windows API.
C:\Program Files\Enidivx\Cache\000072ae_4488031f_0001f194 08/06/2006 11:59 25.90 KB Hidden from Windows API.
C:\Program Files\Enidivx\Cache\000072ae_448a8433_000b67ee 10/06/2006 10:01 1.60 KB Hidden from Windows API.
C:\Program Files\Enidivx\Cache\000072ae_448a8947_000b44e0 10/06/2006 10:01 1.54 KB Hidden from Windows API.
C:\Program Files\Enidivx\Cache\000072ae_448c23c0_000161e8 11/06/2006 15:08 3.59 KB Hidden from Windows API.
C:\Program Files\Enidivx\Cache\000072ae_448d4459_00026704 12/06/2006 11:39 5.76 KB Hidden from Windows API.
C:\Program Files\Enidivx\Cache\000072ae_448ed55f_000984e6 13/06/2006 16:10 24.04 KB Hidden from Windows API.
C:\Program Files\Enidivx\Cache\000072ae_448fc077_000399f3 14/06/2006 08:53 14.43 KB Hidden from Windows API.
C:\Program Files\Enidivx\Cache\000072ae_448fe9dd_000d9e08 14/06/2006 11:50 2.01 KB Hidden from Windows API.
C:\Program Files\Enidivx\Cache\000072ae_448ffb0b_0002bf2b 14/06/2006 13:03 1.07 KB Hidden from Windows API.
C:\Program Files\Enidivx\Cache\000072ae_449127fe_0004365c 15/06/2006 10:27 1.41 KB Hidden from Windows API.
C:\Program Files\Enidivx\Cache\000072ae_4492763b_000598b3 16/06/2006 10:13 48.97 KB Hidden from Windows API.
C:\Program Files\Enidivx\Cache\000073d9_44843fe4_000d9a59 05/06/2006 15:29 5.04 KB Hidden from Windows API.
C:\Program Files\Enidivx\Cache\000073da_441be82b_000a1a56 18/03/2006 11:59 56.14 KB Hidden from Windows API.
C:\Program Files\Enidivx\Cache\000073da_444cfac3_0006eec3 12/06/2006 12:50 2.47 KB Hidden from Windows API.
C:\Program Files\Enidivx\Cache\000073da_447476e1_0001e99e 24/05/2006 16:08 64.73 KB Hidden from Windows API.
C:\Program Files\Enidivx\Cache\000073da_4477217a_00098c33 26/05/2006 16:40 60.54 KB Hidden from Windows API.
C:\Program Files\Enidivx\Cache\000073da_44843c40_00009cab 05/06/2006 15:14 1.97 KB Hidden from Windows API.
C:\Program Files\Enidivx\Cache\000074ad_448440d5_000a3034 05/06/2006 15:33 239.83 KB Hidden from Windows API.
C:\Program Files\Enidivx\Cache\0000759a_441a729b_000851e4 17/03/2006 09:26 280 bytes Hidden from Windows API.
C:\Program Files\Enidivx\Cache\0000759a_441be54b_000eb67c 18/03/2006 11:47 4.95 KB Hidden from Windows API.
C:\Program Files\Enidivx\Cache\0000759a_4472f9d1_0001f263 23/05/2006 13:02 908 bytes Hidden from Windows API.
C:\Program Files\Enidivx\Cache\0000759a_4474752e_0000e964 24/05/2006 16:01 32.97 KB Hidden from Windows API.
C:\Program Files\Enidivx\Cache\0000759a_44771f94_000f3828 26/05/2006 16:32 8.78 KB Hidden from Windows API.
C:\Program Files\Enidivx\Cache\0000759a_44843ae4_00075454 05/06/2006 15:08 64 bytes Hidden from Windows API.
C:\Program Files\Enidivx\Cache\0000759a_44861221_0004e146 07/06/2006 00:39 6.08 KB Hidden from Windows API.
C:\Program Files\Enidivx\Cache\0000759a_44887996_000f0e4c 17/06/2006 10:53 446.70 KB Hidden from Windows API.
C:\Program Files\Enidivx\Cache\0000759a_448e0dcd_000a2716 13/06/2006 01:58 7.48 KB Hidden from Windows API.
C:\Program Files\Enidivx\Cache\0000759a_448fc323_000a39eb 14/06/2006 09:04 785 bytes Hidden from Windows API.
C:\Program Files\Enidivx\Cache\0000759a_448ffcef_00079328 14/06/2006 13:11 173 bytes Hidden from Windows API.
C:\Program Files\Enidivx\Cache\0000759a_4492d0e8_00014930 16/06/2006 16:40 10.29 KB Hidden from Windows API.
C:\Program Files\Enidivx\Cache\000075c1_4484434c_00019720 05/06/2006 15:44 3.97 KB Hidden from Windows API.
C:\Program Files\Enidivx\Cache\000075ef_441beb48_00039fd1 18/03/2006 12:13 298 bytes Hidden from Windows API.
C:\Program Files\Enidivx\Cache\000075ef_44843cf4_00086323 05/06/2006 15:17 10.43 KB Hidden from Windows API.
C:\Program Files\Enidivx\Cache\0000765f_44843f4c_0002c688 05/06/2006 15:27 1.97 KB Hidden from Windows API.
C:\Program Files\Enidivx\Cache\0000767d_441a711a_000deb31 17/03/2006 09:26 22.23 KB Hidden from Windows API.
C:\Program Files\Enidivx\Cache\0000767d_441be3d2_0003d4d8 18/03/2006 11:41 7.98 KB Hidden from Windows API.
C:\Program Files\Enidivx\Cache\0000767d_441f2397_0001c0ec 20/03/2006 22:50 1.92 KB Hidden from Windows API.
C:\Program Files\Enidivx\Cache\0000767d_447474a7_000dd65e 24/05/2006 15:58 520 bytes Hidden from Windows API.
C:\Program Files\Enidivx\Cache\0000767d_44771e1d_000328d0 26/05/2006 16:26 8.36 KB Hidden from Windows API.
C:\Program Files\Enidivx\Cache\0000767d_44843a44_00050948 05/06/2006 15:05 224 bytes Hidden from Windows API.
C:\Program Files\Enidivx\Cache\0000767d_44860f1d_000c5dc6 07/06/2006 00:26 5.53 KB Hidden from Windows API.
C:\Program Files\Enidivx\Cache\0000767d_4488781b_0008de16 08/06/2006 20:18 4.01 KB Hidden from Windows API.
C:\Program Files\Enidivx\Cache\0000767d_448a8bce_0008fb6c 10/06/2006 10:07 3.61 KB Hidden from Windows API.
C:\Program Files\Enidivx\Cache\0000767d_448e0ab1_0007a339 13/06/2006 01:45 7.48 KB Hidden from Windows API.
C:\Program Files\Enidivx\Cache\0000767d_448fc248_0002d106 14/06/2006 09:01 240 bytes Hidden from Windows API.
C:\Program Files\Enidivx\Cache\0000767d_448ffc3a_000a0404 14/06/2006 13:08 7.50 KB Hidden from Windows API.
C:\Program Files\Enidivx\Cache\0000767d_44912bc3_000e910e 15/06/2006 10:43 27.57 KB Hidden from Windows API.
C:\Program Files\Enidivx\Cache\0000767d_4492914c_0001379b 16/06/2006 12:10 19.21 KB Hidden from Windows API.
C:\Program Files\Enidivx\Cache\0000773b_44843f78_00079000 05/06/2006 15:28 5.62 KB Hidden from Windows API.
C:\Program Files\Enidivx\Cache\00007874_44843d95_000581c6 05/06/2006 15:20 2.29 KB Hidden from Windows API.
C:\Program Files\Enidivx\Cache\000078d4_44844289_000083be 05/06/2006 15:41 3.78 KB Hidden from Windows API.
C:\Program Files\Enidivx\Cache\0000797d_441be61d_000172d8 18/03/2006 11:51 56.81 KB Hidden from Windows API.
C:\Program Files\Enidivx\Cache\0000797d_4474757e_00091661 24/05/2006 16:02 622 bytes Hidden from Windows API.
C:\Program Files\Enidivx\Cache\0000797d_4477201f_0001ec53 26/05/2006 16:34 7.55 KB Hidden from Windows API.
C:\Program Files\Enidivx\Cache\0000797d_447d973e_0005fd18 31/05/2006 14:16 113.44 KB Hidden from Windows API.
C:\Program Files\Enidivx\Cache\0000797d_44843b1b_00081459 05/06/2006 15:09 2.29 KB Hidden from Windows API.
C:\Program Files\Enidivx\Cache\0000797d_44887aa5_0003be41 08/06/2006 20:29 4.77 KB Hidden from Windows API.
C:\Program Files\Enidivx\Cache\0000797d_448fc519_00092f49 14/06/2006 09:13 14.62 KB Hidden from Windows API.
C:\Program Files\Enidivx\Cache\0000797d_448fff7e_0009be08 14/06/2006 13:22 6.25 KB Hidden from Windows API.
C:\Program Files\Enidivx\Cache\00007983_441beb47_0009b6f1 18/03/2006 12:13 240 bytes Hidden from Windows API.
C:\Program Files\Enidivx\Cache\00007983_44843cf4_0002e2dc 05/06/2006 15:17 3.75 KB Hidden from Windows API.
C:\Program Files\Enidivx\Cache\0000798b_441be806_0003f10e 18/03/2006 11:59 22.21 KB Hidden from Windows API.
C:\Program Files\Enidivx\Cache\0000798b_44747676_000d506e 24/05/2006 16:06 652 bytes Hidden from Windows API.
C:\Program Files\Enidivx\Cache\0000798b_4477214c_000ea633 26/05/2006 16:39 17.28 KB Hidden from Windows API.
C:\Program Files\Enidivx\Cache\0000798b_44843c33_000a6961 05/06/2006 15:14 1.97 KB Hidden from Windows API.
C:\Program Files\Enidivx\Cache\000079d1_448444bd_000c72e3 05/06/2006 15:50 1.97 KB Hidden from Windows API.
C:\Program Files\Enidivx\Cache\00007a54_4484449a_00062dbc 05/06/2006 15:50 10.23 KB Hidden from Windows API.
C:\Program Files\Enidivx\Cache\00007a5a_441a7112_00064160 17/03/2006 09:19 4.85 KB Hidden from Windows API.
C:\Program Files\Enidivx\Cache\00007a5a_441be3cd_0008000b 18/03/2006 11:41 7.98 KB Hidden from Windows API.
C:\Program Files\Enidivx\Cache\00007a5a_441f237f_000eac60 20/03/2006 22:49 63.62 KB Hidden from Windows API.
C:\Program Files\Enidivx\Cache\00007a5a_4446b08f_000694fe 19/04/2006 22:50 67.07 KB Hidden from Windows API.
C:\Program Files\Enidivx\Cache\00007a5a_447474a7_000547b8 24/05/2006 15:58 568 bytes Hidden from Windows API.
C:\Program Files\Enidivx\Cache\00007a5a_44771e1b_000c96ec 26/05/2006 16:26 45.37 KB Hidden from Windows API.
C:\Program Files\Enidivx\Cache\00007a5a_44843a42_0004fe08 05/06/2006 15:05 110.37 KB Hidden from Windows API.
C:\Program Files\Enidivx\Cache\00007a5a_44860f10_00029b49 07/06/2006 00:26 7.09 KB Hidden from Windows API.
C:\Program Files\Enidivx\Cache\00007a5a_4488781b_00035dd0 08/06/2006 20:18 8.16 KB Hidden from Windows API.
C:\Program Files\Enidivx\Cache\00007a5a_448a8bcd_000e9d31 10/06/2006 10:07 19.98 KB Hidden from Windows API.
C:\Program Files\Enidivx\Cache\00007a5a_448e0aa1_00085b0e 13/06/2006 01:45 4.42 KB Hidden from Windows API.
C:\Program Files\Enidivx\Cache\00007a5a_448fc243_0009e37b 14/06/2006 09:01 20.09 KB Hidden from Windows API.
C:\Program Files\Enidivx\Cache\00007a5a_448ffc39_000961eb 14/06/2006 13:08 6.49 KB Hidden from Windows API.
C:\Program Files\Enidivx\Cache\00007a5a_44912ab6_0004fd14 15/06/2006 10:39 3.11 KB Hidden from Windows API.
C:\Program Files\Enidivx\Cache\00007a5a_44929146_00002b24 16/06/2006 12:08 16.98 KB Hidden from Windows API.
C:\Program Files\Enidivx\Cache\00007a61_448442e9_0001dc26 05/06/2006 15:42 70.07 KB Hidden from Windows API.
C:\Program Files\Enidivx\Cache\00007ac2_448441f9_0000681e 05/06/2006 15:38 3.78 KB Hidden from Windows API.
C:\Program Files\Enidivx\Cache\00007b44_44843f2a_00025584 05/06/2006 15:26 10.94 KB Hidden from Windows API.
C:\Program Files\Enidivx\Cache\00007bb9_441be889_000683b1 18/03/2006 12:01 7.69 KB Hidden from Windows API.
C:\Program Files\Enidivx\Cache\00007bb9_444cfae8_000cc9ce 31/05/2006 14:09 15.86 KB Hidden from Windows API.
C:\Program Files\Enidivx\Cache\00007bb9_447476e2_000152c4 24/05/2006 16:18 546 bytes Hidden from Windows API.
C:\Program Files\Enidivx\Cache\00007bb9_44843c43_00056a39 05/06/2006 15:14 5.05 KB Hidden from Windows API.
C:\Program Files\Enidivx\Cache\00007cfe_4484411c_000de33e 05/06/2006 15:35 4.90 KB Hidden from Windows API.
C:\Program Files\Enidivx\Cache\00007dd1_441bee8f_0008c3dc 18/03/2006 12:27 43.83 KB Hidden from Windows API.
C:\Program Files\Enidivx\Cache\00007dd1_44843d2d_0006e3a0 05/06/2006 15:18 108.36 KB Hidden from Windows API.
C:\Program Files\Enidivx\Cache\00007e87_441a7001_00077054 17/03/2006 09:14 3.94 KB Hidden from Windows API.
C:\Program Files\Enidivx\Cache\00007e87_441be241_0008508c 18/03/2006 11:41 137.76 KB Hidden from Windows API.
C:\Program Files\Enidivx\Cache\00007e87_441f1e4c_000f39a8 20/03/2006 22:27 122.72 KB Hidden from Windows API.
C:\Program Files\Enidivx\Cache\00007e87_441faaed_000ed044 21/03/2006 08:27 127.96 KB Hidden from Windows API.
C:\Program Files\Enidivx\Cache\00007e87_4420fa78_0008503c 22/03/2006 08:19 74.35 KB Hidden from Windows API.
C:\Program Files\Enidivx\Cache\00007e87_443e8307_0008423c 13/04/2006 17:57 73.71 KB Hidden from Windows API.
C:\Program Files\Enidivx\Cache\00007e87_4446af40_0002953b 19/04/2006 22:44 70.52 KB Hidden from Windows API.
C:\Program Files\Enidivx\Cache\00007e87_44708a56_000b5ff6 21/05/2006 16:42 3.72 KB Hidden from Windows API.
C:\Program Files\Enidivx\Cache\00007e87_44720263_00013396 15/06/2006 10:44 231 bytes Hidden from Windows API.
C:\Program Files\Enidivx\Cache\00007e87_447470d5_0004929e 24/05/2006 15:42 0 bytes Hidden from Windows API.
C:\Program Files\Enidivx\Cache\00007e87_4475b5b1_00079e3b 25/05/2006 14:48 48.45 KB Hidden from Windows API.
C:\Program Files\Enidivx\Cache\00007e87_4475bdfc_00055a50 25/05/2006 15:23 3.02 KB Hidden from Windows API.
C:\Program Files\Enidivx\Cache\00007e87_4476df3d_000a22f0 26/05/2006 11:58 3.45 KB Hidden from Windows API.
C:\Program Files\Enidivx\Cache\00007e87_44771d11_00027759 26/05/2006 16:21 4.53 KB Hidden from Windows API.
C:\Program Files\Enidivx\Cache\00007e87_4479e5c0_000724a4 28/05/2006 19:02 0 bytes Hidden from Windows API.
C:\Program Files\Enidivx\Cache\00007e87_447d6ae9_000c92e0 31/05/2006 11:07 0 bytes Hidden from Windows API.
C:\Program Files\Enidivx\Cache\00007e87_447f41bd_000e3403 01/06/2006 20:36 3.90 KB Hidden from Windows API.
C:\Program Files\Enidivx\Cache\00007e87_448028c9_000b50f6 02/06/2006 13:02 764 bytes Hidden from Windows API.
C:\Program Files\Enidivx\Cache\00007e87_4481a974_000bb9d3 03/06/2006 16:23 3.74 KB Hidden from Windows API.
C:\Program Files\Enidivx\Cache\00007e87_44843713_0001e82c 05/06/2006 14:52 6.54 KB Hidden from Windows API.
C:\Program Files\Enidivx\Cache\00007e87_4485a275_0002ee69 06/06/2006 16:42 136 bytes Hidden from Windows API.
C:\Program Files\Enidivx\Cache\00007e87_4488048b_000d9bee 08/06/2006 12:05 5.66 KB Hidden from Windows API.
C:\Program Files\Enidivx\Cache\00007e87_448a8487_00030379 10/06/2006 09:36 1.98 KB Hidden from Windows API.
C:\Program Files\Enidivx\Cache\00007e87_448a8a7c_00018e2c 10/06/2006 10:01 1.70 KB Hidden from Windows API.
C:\Program Files\Enidivx\Cache\00007e87_448c2481_00079c13 11/06/2006 15:11 14.42 KB Hidden from Windows API.
C:\Program Files\Enidivx\Cache\00007e87_448fc0d3_000b1fb9 14/06/2006 08:54 17.07 KB Hidden from Windows API.
C:\Program Files\Enidivx\Cache\00007e87_449128df_000b2488 15/06/2006 10:31 64.04 KB Hidden from Windows API.
C:\Program Files\Enidivx\Cache\00007e87_44928635_00028ec0 16/06/2006 11:21 843 bytes Hidden from Windows API.
C:\Program Files\Enidivx\Cache\00007eb7_441be73f_000b55d3 18/03/2006 11:55 38.10 KB Hidden from Windows API.
C:\Program Files\Enidivx\Cache\00007eb7_44739099_000537d1 23/05/2006 23:45 7.29 KB Hidden from Windows API.
C:\Program Files\Enidivx\Cache\00007eb7_447475fb_000f0b00 24/05/2006 16:04 12.36 KB Hidden from Windows API.
C:\Program Files\Enidivx\Cache\00007eb7_4477206e_00046c4b 26/05/2006 16:36 1.02 KB Hidden from Windows API.
C:\Program Files\Enidivx\Cache\00007eb7_447d9797_000cae66 31/05/2006 14:18 2.63 KB Hidden from Windows API.
C:\Program Files\Enidivx\Cache\00007eb7_44843b7e_000339c3 05/06/2006 15:11 3.79 KB Hidden from Windows API.
C:\Program Files\Enidivx\Cache\00007eb7_449011c4_0006c99b 14/06/2006 14:40 82.04 KB Hidden from Windows API.
C:\Program Files\Enidivx\Cache\00007f4f_441bef61_000940e8 18/03/2006 12:30 8.44 KB Hidden from Windows API.
C:\Program Files\Enidivx\Cache\00007f4f_44843d66_00060096 05/06/2006 15:19 3.79 KB Hidden from Windows API.
C:\Program Files\Enidivx\Cache\00007f61_44843f56_000c02c9 05/06/2006 15:27 5.61 KB Hidden from Windows API.
C:\Program Files\Enidivx\Cache\00007f96_4387bb81_00071fd9 14/06/2006 08:58 525 bytes Hidden from Windows API.
C:\Program Files\Enidivx\Cache\00007f96_441a717a_000a1190 17/03/2006 09:21 476 bytes Hidden from Windows API.
C:\Program Files\Enidivx\Cache\00007f96_441be4af_00021ddc 18/03/2006 11:45 22.31 KB Hidden from Windows API.
C:\Program Files\Enidivx\Cache\00007f96_44367654_0006e924 03/06/2006 20:05 21.10 KB Hidden from Windows API.
C:\Program Files\Enidivx\Cache\00007f96_447474a9_0006b309 24/05/2006 15:58 507 bytes Hidden from Windows API.
C:\Program Files\Enidivx\Cache\00007f96_44771eca_0002fcd9 26/05/2006 16:29 1.58 KB Hidden from Windows API.
C:\Program Files\Enidivx\Cache\00007f96_44843a7e_00073a3e 05/06/2006 15:06 64 bytes Hidden from Windows API.
C:\Program Files\Enidivx\Cache\00007f96_44861090_000403d3 07/06/2006 00:32 4.26 KB Hidden from Windows API.
C:\Program Files\Enidivx\Cache\00007f96_448878c3_00089600 08/06/2006 20:21 206.31 KB Hidden from Windows API.
C:\Program Files\Enidivx\Cache\00007f96_448a8c93_0002c45b 10/06/2006 10:10 5.39 KB Hidden from Windows API.
C:\Program Files\Enidivx\Cache\00007f96_448e0bd8_000e93f4 13/06/2006 01:50 11.73 KB Hidden from Windows API.
C:\Program Files\Enidivx\Cache\00007f96_448fc2c7_000d1838 14/06/2006 09:03 48.48 KB Hidden from Windows API.
C:\Program Files\Enidivx\Cache\00007f96_448ffc8f_000f17a3 14/06/2006 13:09 3.74 KB Hidden from Windows API.
C:\Program Files\Enidivx\Cache\00007f96_4491358a_0002f0a8 15/06/2006 11:25 62.50 KB Hidden from Windows API.
C:\Program Files\Enidivx\Cache\00007f96_4492a6ba_00077588 16/06/2006 13:40 7.50 KB Hidden from Windows API.
C:\Program Files\Enidivx\Cache\00007fbe_44843f5f_000afc76 05/06/2006 15:27 78.83 KB Hidden from Windows API.
C:\Program Files\Enidivx\Cache\00007ff5_441a717a_000bbfde 17/03/2006 09:21 466 bytes Hidden from Windows API.
C:\Program Files\Enidivx\Cache\00007ff5_441be4b3_00060654 18/03/2006 11:45 4.88 KB Hidden from Windows API.
C:\Program Files\Enidivx\Cache\00007ff5_446a2ba2_00029844 23/05/2006 07:38 5.09 KB Hidden from Windows API.
C:\Program Files\Enidivx\Cache\00007ff5_447474a9_0009732c 24/05/2006 15:58 576 bytes Hidden from Windows API.
C:\Program Files\Enidivx\Cache\00007ff5_44771eca_000e4ba3 26/05/2006 16:29 1.57 KB Hidden from Windows API.
C:\Program Files\Enidivx\Cache\00007ff5_447d9688_00009d46 31/05/2006 14:13 637 bytes Hidden from Windows API.
C:\Program Files\Enidivx\Cache\00007ff5_44843a92_00013fc1 05/06/2006 15:07 5.33 KB Hidden from Windows API.
C:\Program Files\Enidivx\Cache\00007ff5_448610a5_00069d9c 07/06/2006 00:32 4.88 KB Hidden from Windows API.
C:\Program Files\Enidivx\Cache\00007ff5_448878eb_000d48f8 08/06/2006 20:22 91.70 KB Hidden from Windows API.
C:\Program Files\Enidivx\Cache\00007ff5_448a8c93_000b04c4 10/06/2006 10:10 174.79 KB Hidden from Windows API.
C:\Program Files\Enidivx\Cache\00007ff5_448e0bec_000cb9ac 13/06/2006 01:50 11.34 KB Hidden from Windows API.
C:\Program Files\Enidivx\Cache\00007ff5_448fc2c8_0004dd6e 14/06/2006 09:03 968 bytes Hidden from Windows API.
C:\Program Files\Enidivx\Cache\00007ff5_4491358b_00005d43 15/06/2006 11:25 20.92 KB Hidden from Windows API.
C:\Program Files\Enidivx\Cache\00007ff5_4492a6ba_000c5954 16/06/2006 13:40 6.55 KB Hidden from Windows API.
C:\Program Files\Enidivx\Cache\dns 17/06/2006 11:16 66.78 KB Hidden from Windows API.
C:\Program Files\Enidivx\Cache\index 17/06/2006 11:06 216.62 KB Hidden from Windows API.
C:\Program Files\Enidivx\Cache\index:SummaryInformation 17/06/2006 11:06 88 bytes Hidden from Windows API.
C:\Program Files\Enidivx\Cache\index:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} 17/06/2006 11:06 0 bytes Hidden from Windows API.
C:\Program Files\Enidivx\data.bin 26/11/2005 00:17 114.94 KB Hidden from Windows API.
C:\WINDOWS\SYSTEM32\drivers\amdmilib.sys 26/11/2005 00:17 12.00 KB Hidden from Windows API.

#14 RexBird

RexBird
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:01:29 PM

Posted 17 June 2006 - 02:19 PM

Dr Web is as follows

ETRemover_v123.exe;C:\Documents and Settings\Rex\Desktop\Anti Virus Stuff\etremoverv123;Probably BACKDOOR.Trojan;;
pdre4.exe;C:\Program Files\blinkx\Pdre;Probably DLOADER.Trojan;;
ace.dll;C:\Program Files\Enidivx;Adware.Apropos;;
iersbe.exe;C:\Program Files\Enidivx;Adware.Apropos;;
rdsogoff.exe;C:\Program Files\Enidivx;Adware.Apropos;;
WinGenerics.dll;C:\Program Files\Enidivx;Adware.Apropos;;
00006784_441f1a58_000dec6c\JavaScript.0;C:\Program Files\Enidivx\Cache\00006784_441f1a58_000dec6c;Exploit.IFrame;;
00006784_441f1a58_000dec6c;C:\Program Files\Enidivx\Cache;Archive contains infected objects;Moved.;


and ewido

ewido anti-malware - Scan report
---------------------------------------------------------

+ Created on: 12:53:19, 17/06/2006
+ Report-Checksum: D39222F0

+ Scan result:

HKU\S-1-5-21-773119264-2346120412-2752240318-1006\Software\comsoft -> Dialer.Generic : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\administrator@msnservices.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.10:C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\9hllsa67.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned with backup
:mozilla.11:C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\9hllsa67.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned with backup
:mozilla.28:C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\9hllsa67.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.29:C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\9hllsa67.default\cookies.txt -> TrackingCookie.Com : Cleaned with backup
:mozilla.31:C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\9hllsa67.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.38:C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\9hllsa67.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.39:C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\9hllsa67.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.41:C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\9hllsa67.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.42:C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\9hllsa67.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.43:C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\9hllsa67.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.44:C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\9hllsa67.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.45:C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\9hllsa67.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned with backup
:mozilla.46:C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\9hllsa67.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned with backup
:mozilla.57:C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\9hllsa67.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.58:C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\9hllsa67.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.59:C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\9hllsa67.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.60:C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\9hllsa67.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned with backup
:mozilla.61:C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\9hllsa67.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup
:mozilla.62:C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\9hllsa67.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
:mozilla.65:C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\9hllsa67.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned with backup
:mozilla.66:C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\9hllsa67.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned with backup
:mozilla.73:C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\9hllsa67.default\cookies.txt -> TrackingCookie.Qksrv : Cleaned with backup
:mozilla.75:C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\9hllsa67.default\cookies.txt -> TrackingCookie.Qksrv : Cleaned with backup
:mozilla.79:C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\9hllsa67.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.80:C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\9hllsa67.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.81:C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\9hllsa67.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.82:C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\9hllsa67.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.83:C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\9hllsa67.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.84:C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\9hllsa67.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.85:C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\9hllsa67.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.86:C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\9hllsa67.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.87:C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\9hllsa67.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.88:C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\9hllsa67.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.89:C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\9hllsa67.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.90:C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\9hllsa67.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.91:C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\9hllsa67.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.92:C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\9hllsa67.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.95:C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\9hllsa67.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.96:C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\9hllsa67.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.105:C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\9hllsa67.default\cookies.txt -> TrackingCookie.Web-stat : Cleaned with backup
:mozilla.106:C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\9hllsa67.default\cookies.txt -> TrackingCookie.Web-stat : Cleaned with backup
:mozilla.107:C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\9hllsa67.default\cookies.txt -> TrackingCookie.Web-stat : Cleaned with backup
:mozilla.109:C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\9hllsa67.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.110:C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\9hllsa67.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.112:C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\9hllsa67.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.116:C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\9hllsa67.default\cookies.txt -> TrackingCookie.Paycounter : Cleaned with backup
:mozilla.119:C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\9hllsa67.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.120:C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\9hllsa67.default\cookies.txt -> TrackingCookie.Adtech : Cleaned with backup
:mozilla.121:C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\9hllsa67.default\cookies.txt -> TrackingCookie.Adtech : Cleaned with backup
:mozilla.122:C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\9hllsa67.default\cookies.txt -> TrackingCookie.Bfast : Cleaned with backup
:mozilla.125:C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\9hllsa67.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.131:C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\9hllsa67.default\cookies.txt -> TrackingCookie.Bluestreak : Cleaned with backup
:mozilla.134:C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\9hllsa67.default\cookies.txt -> TrackingCookie.Valueclick : Cleaned with backup
:mozilla.135:C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\9hllsa67.default\cookies.txt -> TrackingCookie.Adviva : Cleaned with backup
:mozilla.136:C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\9hllsa67.default\cookies.txt -> TrackingCookie.Adviva : Cleaned with backup
:mozilla.137:C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\9hllsa67.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.139:C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\9hllsa67.default\cookies.txt -> TrackingCookie.Adviva : Cleaned with backup
C:\Documents and Settings\Alex\Cookies\alex@adopt.euroclick[2].txt -> TrackingCookie.Euroclick : Cleaned with backup
C:\Documents and Settings\Alex\Cookies\alex@stats1.reliablestats[1].txt -> TrackingCookie.Reliablestats : Cleaned with backup
:mozilla.12:C:\Documents and Settings\Erik\Application Data\Mozilla\Firefox\Profiles\3aqnc622.default\cookies.txt -> TrackingCookie.Bluestreak : Cleaned with backup
:mozilla.13:C:\Documents and Settings\Erik\Application Data\Mozilla\Firefox\Profiles\3aqnc622.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned with backup
C:\Documents and Settings\Erik\Local Settings\Temp\dia3.exe -> Heuristic.Win32.Dialer : Cleaned with backup
:mozilla.10:C:\Documents and Settings\Inger\Application Data\Mozilla\Firefox\Profiles\95vbr8x3.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned with backup
:mozilla.17:C:\Documents and Settings\Inger\Application Data\Mozilla\Firefox\Profiles\95vbr8x3.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned with backup
:mozilla.23:C:\Documents and Settings\Inger\Application Data\Mozilla\Firefox\Profiles\95vbr8x3.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned with backup
:mozilla.32:C:\Documents and Settings\Inger\Application Data\Mozilla\Firefox\Profiles\95vbr8x3.default\cookies.txt -> TrackingCookie.Adviva : Cleaned with backup
:mozilla.33:C:\Documents and Settings\Inger\Application Data\Mozilla\Firefox\Profiles\95vbr8x3.default\cookies.txt -> TrackingCookie.Adviva : Cleaned with backup
:mozilla.44:C:\Documents and Settings\Inger\Application Data\Mozilla\Firefox\Profiles\95vbr8x3.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.45:C:\Documents and Settings\Inger\Application Data\Mozilla\Firefox\Profiles\95vbr8x3.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.46:C:\Documents and Settings\Inger\Application Data\Mozilla\Firefox\Profiles\95vbr8x3.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.47:C:\Documents and Settings\Inger\Application Data\Mozilla\Firefox\Profiles\95vbr8x3.default\cookies.txt -> TrackingCookie.Valueclick : Cleaned with backup
:mozilla.54:C:\Documents and Settings\Inger\Application Data\Mozilla\Firefox\Profiles\95vbr8x3.default\cookies.txt -> TrackingCookie.Qksrv : Cleaned with backup
:mozilla.55:C:\Documents and Settings\Inger\Application Data\Mozilla\Firefox\Profiles\95vbr8x3.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.58:C:\Documents and Settings\Inger\Application Data\Mozilla\Firefox\Profiles\95vbr8x3.default\cookies.txt -> TrackingCookie.Revenue : Cleaned with backup
:mozilla.59:C:\Documents and Settings\Inger\Application Data\Mozilla\Firefox\Profiles\95vbr8x3.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup
:mozilla.6:C:\Documents and Settings\Karl\Application Data\Mozilla\Firefox\Profiles\bhvqfr3z.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup
:mozilla.18:C:\Documents and Settings\Karl\Application Data\Mozilla\Firefox\Profiles\bhvqfr3z.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup
:mozilla.19:C:\Documents and Settings\Karl\Application Data\Mozilla\Firefox\Profiles\bhvqfr3z.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup
:mozilla.20:C:\Documents and Settings\Karl\Application Data\Mozilla\Firefox\Profiles\bhvqfr3z.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup
:mozilla.22:C:\Documents and Settings\Karl\Application Data\Mozilla\Firefox\Profiles\bhvqfr3z.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup
:mozilla.23:C:\Documents and Settings\Karl\Application Data\Mozilla\Firefox\Profiles\bhvqfr3z.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.24:C:\Documents and Settings\Karl\Application Data\Mozilla\Firefox\Profiles\bhvqfr3z.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned with backup
:mozilla.25:C:\Documents and Settings\Karl\Application Data\Mozilla\Firefox\Profiles\bhvqfr3z.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.26:C:\Documents and Settings\Karl\Application Data\Mozilla\Firefox\Profiles\bhvqfr3z.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.27:C:\Documents and Settings\Karl\Application Data\Mozilla\Firefox\Profiles\bhvqfr3z.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.28:C:\Documents and Settings\Karl\Application Data\Mozilla\Firefox\Profiles\bhvqfr3z.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.29:C:\Documents and Settings\Karl\Application Data\Mozilla\Firefox\Profiles\bhvqfr3z.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.30:C:\Documents and Settings\Karl\Application Data\Mozilla\Firefox\Profiles\bhvqfr3z.default\cookies.txt -> TrackingCookie.Overture : Cleaned with backup
:mozilla.31:C:\Documents and Settings\Karl\Application Data\Mozilla\Firefox\Profiles\bhvqfr3z.default\cookies.txt -> TrackingCookie.Adtech : Cleaned with backup
:mozilla.32:C:\Documents and Settings\Karl\Application Data\Mozilla\Firefox\Profiles\bhvqfr3z.default\cookies.txt -> TrackingCookie.Adtech : Cleaned with backup
:mozilla.38:C:\Documents and Settings\Karl\Application Data\Mozilla\Firefox\Profiles\bhvqfr3z.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned with backup
:mozilla.56:C:\Documents and Settings\Karl\Application Data\Mozilla\Firefox\Profiles\bhvqfr3z.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
:mozilla.57:C:\Documents and Settings\Karl\Application Data\Mozilla\Firefox\Profiles\bhvqfr3z.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.58:C:\Documents and Settings\Karl\Application Data\Mozilla\Firefox\Profiles\bhvqfr3z.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.59:C:\Documents and Settings\Karl\Application Data\Mozilla\Firefox\Profiles\bhvqfr3z.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.63:C:\Documents and Settings\Karl\Application Data\Mozilla\Firefox\Profiles\bhvqfr3z.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.64:C:\Documents and Settings\Karl\Application Data\Mozilla\Firefox\Profiles\bhvqfr3z.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.73:C:\Documents and Settings\Karl\Application Data\Mozilla\Firefox\Profiles\bhvqfr3z.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned with backup
:mozilla.75:C:\Documents and Settings\Karl\Application Data\Mozilla\Firefox\Profiles\bhvqfr3z.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.76:C:\Documents and Settings\Karl\Application Data\Mozilla\Firefox\Profiles\bhvqfr3z.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.77:C:\Documents and Settings\Karl\Application Data\Mozilla\Firefox\Profiles\bhvqfr3z.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.78:C:\Documents and Settings\Karl\Application Data\Mozilla\Firefox\Profiles\bhvqfr3z.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.85:C:\Documents and Settings\Karl\Application Data\Mozilla\Firefox\Profiles\bhvqfr3z.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned with backup
:mozilla.87:C:\Documents and Settings\Karl\Application Data\Mozilla\Firefox\Profiles\bhvqfr3z.default\cookies.txt -> TrackingCookie.247realmedia : Cleaned with backup
:mozilla.98:C:\Documents and Settings\Karl\Application Data\Mozilla\Firefox\Profiles\bhvqfr3z.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup
:mozilla.99:C:\Documents and Settings\Karl\Application Data\Mozilla\Firefox\Profiles\bhvqfr3z.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.100:C:\Documents and Settings\Karl\Application Data\Mozilla\Firefox\Profiles\bhvqfr3z.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup
:mozilla.108:C:\Documents and Settings\Karl\Application Data\Mozilla\Firefox\Profiles\bhvqfr3z.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.109:C:\Documents and Settings\Karl\Application Data\Mozilla\Firefox\Profiles\bhvqfr3z.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.110:C:\Documents and Settings\Karl\Application Data\Mozilla\Firefox\Profiles\bhvqfr3z.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.111:C:\Documents and Settings\Karl\Application Data\Mozilla\Firefox\Profiles\bhvqfr3z.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.112:C:\Documents and Settings\Karl\Application Data\Mozilla\Firefox\Profiles\bhvqfr3z.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
:mozilla.113:C:\Documents and Settings\Karl\Application Data\Mozilla\Firefox\Profiles\bhvqfr3z.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
:mozilla.115:C:\Documents and Settings\Karl\Application Data\Mozilla\Firefox\Profiles\bhvqfr3z.default\cookies.txt -> TrackingCookie.Valueclick : Cleaned with backup
:mozilla.117:C:\Documents and Settings\Karl\Application Data\Mozilla\Firefox\Profiles\bhvqfr3z.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup
:mozilla.131:C:\Documents and Settings\Karl\Application Data\Mozilla\Firefox\Profiles\bhvqfr3z.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned with backup
:mozilla.148:C:\Documents and Settings\Karl\Application Data\Mozilla\Firefox\Profiles\bhvqfr3z.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.149:C:\Documents and Settings\Karl\Application Data\Mozilla\Firefox\Profiles\bhvqfr3z.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.150:C:\Documents and Settings\Karl\Application Data\Mozilla\Firefox\Profiles\bhvqfr3z.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.151:C:\Documents and Settings\Karl\Application Data\Mozilla\Firefox\Profiles\bhvqfr3z.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.152:C:\Documents and Settings\Karl\Application Data\Mozilla\Firefox\Profiles\bhvqfr3z.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.153:C:\Documents and Settings\Karl\Application Data\Mozilla\Firefox\Profiles\bhvqfr3z.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.154:C:\Documents and Settings\Karl\Application Data\Mozilla\Firefox\Profiles\bhvqfr3z.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.155:C:\Documents and Settings\Karl\Application Data\Mozilla\Firefox\Profiles\bhvqfr3z.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.156:C:\Documents and Settings\Karl\Application Data\Mozilla\Firefox\Profiles\bhvqfr3z.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.157:C:\Documents and Settings\Karl\Application Data\Mozilla\Firefox\Profiles\bhvqfr3z.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.11:C:\Documents and Settings\Rex\Application Data\Mozilla\Firefox\Profiles\f6a18vjs.Default User\cookies.txt -> TrackingCookie.Adtech : Cleaned with backup
:mozilla.12:C:\Documents and Settings\Rex\Application Data\Mozilla\Firefox\Profiles\f6a18vjs.Default User\cookies.txt -> TrackingCookie.Adtech : Cleaned with backup
:mozilla.15:C:\Documents and Settings\Rex\Application Data\Mozilla\Firefox\Profiles\f6a18vjs.Default User\cookies.txt -> TrackingCookie.Doubleclick : Cleaned with backup
:mozilla.16:C:\Documents and Settings\Rex\Application Data\Mozilla\Firefox\Profiles\f6a18vjs.Default User\cookies.txt -> TrackingCookie.Atdmt : Cleaned with backup
:mozilla.23:C:\Documents and Settings\Rex\Application Data\Mozilla\Firefox\Profiles\f6a18vjs.Default User\cookies.txt -> TrackingCookie.Mediaplex : Cleaned with backup
:mozilla.24:C:\Documents and Settings\Rex\Application Data\Mozilla\Firefox\Profiles\f6a18vjs.Default User\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.25:C:\Documents and Settings\Rex\Application Data\Mozilla\Firefox\Profiles\f6a18vjs.Default User\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.26:C:\Documents and Settings\Rex\Application Data\Mozilla\Firefox\Profiles\f6a18vjs.Default User\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.27:C:\Documents and Settings\Rex\Application Data\Mozilla\Firefox\Profiles\f6a18vjs.Default User\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.28:C:\Documents and Settings\Rex\Application Data\Mozilla\Firefox\Profiles\f6a18vjs.Default User\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.29:C:\Documents and Settings\Rex\Application Data\Mozilla\Firefox\Profiles\f6a18vjs.Default User\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.30:C:\Documents and Settings\Rex\Application Data\Mozilla\Firefox\Profiles\f6a18vjs.Default User\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.31:C:\Documents and Settings\Rex\Application Data\Mozilla\Firefox\Profiles\f6a18vjs.Default User\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.32:C:\Documents and Settings\Rex\Application Data\Mozilla\Firefox\Profiles\f6a18vjs.Default User\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.33:C:\Documents and Settings\Rex\Application Data\Mozilla\Firefox\Profiles\f6a18vjs.Default User\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.34:C:\Documents and Settings\Rex\Application Data\Mozilla\Firefox\Profiles\f6a18vjs.Default User\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned with backup
C:\Documents and Settings\Rex\Cookies\rex@advertising[2].txt -> TrackingCookie.Advertising : Cleaned with backup
C:\Documents and Settings\Rex\Cookies\rex@as-eu.falkag[1].txt -> TrackingCookie.Falkag : Cleaned with backup
C:\Documents and Settings\Rex\Cookies\rex@clickbank[2].txt -> TrackingCookie.Clickbank : Cleaned with backup
C:\Documents and Settings\Rex\Cookies\rex@com[1].txt -> TrackingCookie.Com : Cleaned with backup
C:\Documents and Settings\Rex\Cookies\rex@serving-sys[2].txt -> TrackingCookie.Serving-sys : Cleaned with backup
C:\Documents and Settings\Rex\Cookies\rex@tradedoubler[2].txt -> TrackingCookie.Tradedoubler : Cleaned with backup
C:\Downloads\JewelQuestSetup-dm[1].exe -> Adware.Trymedia : Cleaned with backup

#15 RexBird

RexBird
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:01:29 PM

Posted 17 June 2006 - 02:22 PM

And Finally the registry search results.

REGEDIT4

; Registry Search 2.0 by Bobbi Flekman 2005
; Version: 2.0.1.0

; Results at 17/06/2006 11:24:10 for strings:
; 'msncheck32.exe'
; Strings excluded from search:
; (None)
; Search in:
; Registry Keys Registry Values Registry Data
; HKEY_LOCAL_MACHINE HKEY_USERS


[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\\WINDOWS\\SYSTEM32\\msncheck32.exe"="C:\\WINDOWS\\SYSTEM32\\msncheck32.exe:*:Enabled:msncheck32"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\\WINDOWS\\SYSTEM32\\msncheck32.exe"="C:\\WINDOWS\\SYSTEM32\\msncheck32.exe:*:Enabled:msncheck32"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\\WINDOWS\\SYSTEM32\\msncheck32.exe"="C:\\WINDOWS\\SYSTEM32\\msncheck32.exe:*:Enabled:msncheck32"

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\ShellNoRoam\MUICache]
"C:\\WINDOWS\\SYSTEM32\\msncheck32.exe"="msncheck32"

[HKEY_USERS\S-1-5-21-773119264-2346120412-2752240318-1006\Software\Microsoft\Search Assistant\ACMru\5603]
"000"="msncheck32.exe"

[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\ShellNoRoam\MUICache]
"C:\\WINDOWS\\SYSTEM32\\msncheck32.exe"="msncheck32"

; End Of The Log...


And that's it.

Thanks once again for all your efforts

RexBird




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users