Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Spyware Pretending To Be Part Windows


  • Please log in to reply
10 replies to this topic

#1 Stotic

Stotic

  • Members
  • 48 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New York
  • Local time:09:34 PM

Posted 13 June 2006 - 08:32 PM

I'm getting various kinds of spyware effects. A yellow exclaimation point pops up in my system tray trying to act as an actual windows alert telling me that I have a worm. When I open IE it automatically sets the homepage to //www.topsecuritysite.net/ and then gives me a popup telling me I have viruses and a fake windows setup pops up telling me to use the "Malicious Software Removal." I'm also getting random popups from time to time.

I followed all of the prereq's required to post a log, so here's my log. Thanks for helping me!

Logfile of HijackThis v1.99.1
Scan saved at 9:21:23 PM, on 6/13/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Common Files\Network Associates\TalkBack\tbmon.exe
C:\WINDOWS\system32\dc5b0447.exe
C:\WINDOWS\system32\5c442488.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\mcshield.exe
C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\pctspk.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\HP\hpcoretech\comp\hptskmgr.exe
C:\Program Files\AIM\aim.exe
C:\Documents and Settings\Administrator\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mail.com/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Nothing - {686a161d-5bd1-4999-8832-6393f41e564c} - C:\WINDOWS\system32\hp100.tmp
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\tbmon.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [dc5b0447.exe] C:\WINDOWS\system32\dc5b0447.exe
O4 - HKLM\..\Run: [5c442488.exe] C:\WINDOWS\system32\5c442488.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [dc5b0447.exe] C:\Documents and Settings\Administrator\Local Settings\Application Data\dc5b0447.exe
O4 - HKCU\..\Run: [5c442488.exe] C:\Documents and Settings\Administrator\Local Settings\Application Data\5c442488.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.1.1.74.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - http://www.bitdefender.com/scan8/oscan8.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: winkzr32 - C:\WINDOWS\SYSTEM32\winkzr32.dll
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Unknown owner - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe" /ServiceStart (file missing)
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe
O23 - Service: Apache Tomcat (Tomcat5) - Unknown owner - C:\Program Files\Apache Software Foundation\Tomcat 5.5\bin\tomcat5.exe" //RS//Tomcat5 (file missing)

Edited by KoanYorel, 14 June 2006 - 03:16 PM.


BC AdBot (Login to Remove)

 


#2 Guest_Cretemonster_*

Guest_Cretemonster_*

  • Guests
  • OFFLINE
  •  

Posted 14 June 2006 - 04:34 PM

Hi Stotic and Welcome to the Bleeping Computer!


Download smitRem.exe ©noahdfear, and save the file to your desktop.
Double click on the file to extract it to it's own folder on the desktop.

Place a shortcut to Panda ActiveScan on your desktop (in Internet Explorer, right click on Panda ActiveScan link select "Copy Shortcut" then right click on your desktop and select "Paste Shortcut" or in FireFox right-click the link and select "Save Link As" and save it to your desktop).

Please download the trial version of ewido anti-malware here:
http://www.ewido.net/en/download/

Please read Ewido Setup Instructions
Install it, and update the definitions to the newest files. Do NOT run a scan yet.

If you have not already installed Ad-Aware SE 1.06, follow these download and setup instructions, otherwise, check for updates:
Ad-Aware SE Setup
Don't run it yet!

Next, please reboot your computer in SafeMode by doing the following:
  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
  • Instead of Windows loading as normal, a menu should appear
  • Select the first option, to run Windows in Safe Mode.
Open the smitRem folder, then double click the RunThis.bat file to start the tool. Follow the prompts on screen.
Wait for the tool to complete and disk cleanup to finish.

The tool will create a log named smitfiles.txt in the root of your drive, eg; Local Disk C: or partition where your operating system is installed. Please post that log along with all others requested in your next reply.


Open Ad-aware and do a full scan. Remove all it finds.


Run Ewido:
  • Click on scanner
  • Click on Complete System Scan and the scan will begin.
  • While the scan is in progress you will be prompted to clean files, click OK
  • When it asks if you want to clean the first file, put a check in the lower left corner of the box that says "Perform action on all infections" then choose clean and click OK.
  • Once the scan has completed, there will be a button located on the bottom of the screen named Save report
  • Click Save report.
  • Save the report .txt file to your desktop.
Close ewido anti-malware.

Next go to Control Panel click Display > Desktop > Customize Desktop > Web > Uncheck "Security Info" if present.

Reboot back into Windows and click the Panda ActiveScan shortcut.
  • Once you are on the Panda site click the Scan your PC button.
  • A new window will open...click the Check Now button.
    • Enter your Country
    • Enter your State/Province
    • Enter your e-mail address and click send
    • Select either Home User or Company
    • Click the big Scan Now button
  • If it wants to install an ActiveX component allow it
  • It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
  • When the download is complete, click on My Computer to start the scan
  • When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location.
Post the contents of the Panda scan report, along with a new HijackThis Log, the contents of smitfiles.txt and the Ewido Log by using Add Reply.
Let us know if any problems persist.

Edited by Cretemonster, 14 June 2006 - 04:35 PM.


#3 Stotic

Stotic
  • Topic Starter

  • Members
  • 48 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New York

Posted 14 June 2006 - 11:37 PM

Panda Activescan

Incident Status Location

Dialer:dialer.avv Not disinfected c:\windows\downloaded program files\gdnUS2338.exe
Adware:Adware/IST.ISTBar Not disinfected C:\Documents and Settings\Administrator\.jpi_cache\jar\1.0\javainstaller.jar-31f04181-44652ebd.zip[javainstaller/InstallerApplet.class]
Adware:Adware/IST.ISTBar Not disinfected C:\Documents and Settings\Administrator\.jpi_cache\jar\1.0\javainstaller.jar-31f06070-264f0188.zip[javainstaller/InstallerApplet.class]
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\2q5r6qqn.default\cookies.txt[.go.com/]
Spyware:Cookie/Maxserving Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\2q5r6qqn.default\cookies.txt[.maxserving.com/]
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\bxk9ef0a.Default User\Cache\3EFBEAA3d01[smitRem/Process.exe]
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\bxk9ef0a.Default User\cookies.txt[.realmedia.com/]
Spyware:Cookie/Apmebf Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\bxk9ef0a.Default User\cookies.txt[.apmebf.com/]
Spyware:Cookie/FortuneCity Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\bxk9ef0a.Default User\cookies.txt[.fortunecity.com/]
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\bxk9ef0a.Default User\cookies.txt[.go.com/]
Spyware:Cookie/888 Not disinfected C:\Documents and Settings\Administrator\Cookies\administrator@888[1].txt
Spyware:Cookie/888 Not disinfected C:\Documents and Settings\Administrator\Cookies\administrator@888[2].txt
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Administrator\Cookies\administrator@atwola[2].txt
Spyware:Cookie/Cassava Not disinfected C:\Documents and Settings\Administrator\Cookies\administrator@cassava[1].txt
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Administrator\Cookies\administrator@go[1].txt
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Administrator\Desktop\smitRem\Process.exe

Smit


smitRem © log file
version 3.0

by noahdfear


Microsoft Windows XP [Version 5.1.2600]
"IE"="6.0000"
The current date is: Wed 06/14/2006
The current time is: 21:33:18.92

Running from
C:\Documents and Settings\Administrator\Desktop\smitRem

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Pre-run SharedTask Export

(GetSTS.exe) SharedTaskScheduler exporter by Lawrence Abrams (Grinler)
Copyright© 2006 BleepingComputer.com

Registry Pseudo-Format Mode (Not a valid reg file):

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"
"{315f73fc-a7b1-49e6-a3c4-cc00cf8a3fdb}"="fossilage"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{438755C2-A8BA-11D1-B96B-00A0C90312E1}\InProcServer32]
@="%SystemRoot%\system32\browseui.dll"


[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8C7461EF-2B13-11d2-BE35-3078302C2030}\InProcServer32]
@="%SystemRoot%\system32\browseui.dll"


[HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{315f73fc-a7b1-49e6-a3c4-cc00cf8a3fdb}\InProcServer32]
@="C:\WINDOWS\system32\erxbx.dll"


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

checking for ShudderLTD key

ShudderLTD key not present!

checking for PSGuard.com key


PSGuard.com key not present!


checking for WinHound.com key


WinHound.com key not present!


checking for drsmartload2 key


drsmartload2 key not present!

spyaxe uninstaller NOT present
Winhound uninstaller NOT present
SpywareStrike uninstaller NOT present
AlfaCleaner uninstaller NOT present
SpyFalcon uninstaller NOT present
SpywareQuake uninstaller NOT present
SpywareSheriff uninstaller NOT present

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Existing Pre-run Files


~~~ Program Files ~~~



~~~ Shortcuts ~~~



~~~ Favorites ~~~

Antivirus Test Online.url


~~~ system32 folder ~~~

regperf.exe
simpole.tlb
stdole3.tlb
atmclk.exe
dcomcfg.exe
amcompat.tlb
nscompat.tlb
1024 dir
ld****.tmp
hp***.tmp


~~~ Icons in System32 ~~~

ot.ico


~~~ Windows directory ~~~



~~~ Drive root ~~~


~~~ Miscellaneous Files/folders ~~~




~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright© 2002-2003 Craig.Peacock@beyondlogic.org
Killing PID 776 'explorer.exe'

Starting registry repairs

Registry repairs complete

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

SharedTask Export after registry fix

(GetSTS.exe) SharedTaskScheduler exporter by Lawrence Abrams (Grinler)
Copyright© 2006 BleepingComputer.com

Registry Pseudo-Format Mode (Not a valid reg file):

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{438755C2-A8BA-11D1-B96B-00A0C90312E1}\InProcServer32]
@="%SystemRoot%\system32\browseui.dll"


[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8C7461EF-2B13-11d2-BE35-3078302C2030}\InProcServer32]
@="%SystemRoot%\system32\browseui.dll"


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Deleting files

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Remaining Post-run Files


~~~ Program Files ~~~



~~~ Shortcuts ~~~



~~~ Favorites ~~~



~~~ system32 folder ~~~



~~~ Icons in System32 ~~~



~~~ Windows directory ~~~



~~~ Drive root ~~~


~~~ Miscellaneous Files/folders ~~~


~~~ Wininet.dll ~~~

CLEAN! :thumbsup:


Ewido

---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------

+ Created on: 11:22:17 PM, 6/14/2006
+ Report-Checksum: 568BE0FD

+ Scan result:

[244] C:\WINDOWS\system32\winkzr32.dll -> Trojan.Agent.vg : Cleaned with backup
:mozilla.6:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\2q5r6qqn.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.7:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\2q5r6qqn.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.10:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\2q5r6qqn.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.11:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\2q5r6qqn.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.12:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\2q5r6qqn.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.13:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\2q5r6qqn.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.14:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\2q5r6qqn.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.15:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\2q5r6qqn.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.16:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\2q5r6qqn.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.17:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\2q5r6qqn.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.18:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\2q5r6qqn.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.19:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\2q5r6qqn.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.20:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\2q5r6qqn.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.21:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\2q5r6qqn.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.22:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\2q5r6qqn.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.23:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\2q5r6qqn.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.24:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\2q5r6qqn.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.25:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\2q5r6qqn.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.26:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\2q5r6qqn.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.27:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\2q5r6qqn.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.28:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\2q5r6qqn.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.29:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\2q5r6qqn.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.30:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\2q5r6qqn.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.31:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\2q5r6qqn.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.32:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\2q5r6qqn.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.33:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\2q5r6qqn.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.34:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\2q5r6qqn.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.35:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\2q5r6qqn.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.36:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\2q5r6qqn.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.37:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\2q5r6qqn.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.38:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\2q5r6qqn.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.39:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\2q5r6qqn.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.40:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\2q5r6qqn.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.41:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\2q5r6qqn.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.42:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\2q5r6qqn.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.43:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\2q5r6qqn.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.44:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\2q5r6qqn.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.45:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\2q5r6qqn.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.46:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\2q5r6qqn.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.47:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\2q5r6qqn.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.48:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\2q5r6qqn.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.49:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\2q5r6qqn.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.50:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\2q5r6qqn.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.51:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\2q5r6qqn.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.52:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\2q5r6qqn.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.53:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\2q5r6qqn.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.54:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\2q5r6qqn.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.55:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\2q5r6qqn.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.56:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\2q5r6qqn.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.57:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\2q5r6qqn.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.58:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\2q5r6qqn.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.59:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\2q5r6qqn.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.83:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\2q5r6qqn.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned with backup
:mozilla.86:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\2q5r6qqn.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned with backup
:mozilla.87:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\2q5r6qqn.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned with backup
:mozilla.88:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\2q5r6qqn.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned with backup
:mozilla.89:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\2q5r6qqn.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned with backup
:mozilla.90:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\2q5r6qqn.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned with backup
:mozilla.91:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\2q5r6qqn.default\cookies.txt -> TrackingCookie.Adorigin : Cleaned with backup
:mozilla.92:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\2q5r6qqn.default\cookies.txt -> TrackingCookie.Adorigin : Cleaned with backup
:mozilla.93:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\2q5r6qqn.default\cookies.txt -> TrackingCookie.Adorigin : Cleaned with backup
:mozilla.94:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\2q5r6qqn.default\cookies.txt -> TrackingCookie.Adorigin : Cleaned with backup
:mozilla.95:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\2q5r6qqn.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
:mozilla.101:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\2q5r6qqn.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.102:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\2q5r6qqn.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.103:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\2q5r6qqn.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.104:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\2q5r6qqn.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.105:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\2q5r6qqn.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.106:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\2q5r6qqn.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.107:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\2q5r6qqn.default\cookies.txt -> TrackingCookie.Adtech : Cleaned with backup
:mozilla.108:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\2q5r6qqn.default\cookies.txt -> TrackingCookie.Adtech : Cleaned with backup
:mozilla.131:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\2q5r6qqn.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.142:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\2q5r6qqn.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.143:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\2q5r6qqn.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.165:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\2q5r6qqn.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned with backup
:mozilla.174:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\2q5r6qqn.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.175:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\2q5r6qqn.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.178:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\2q5r6qqn.default\cookies.txt -> TrackingCookie.Centrport : Cleaned with backup
:mozilla.179:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\2q5r6qqn.default\cookies.txt -> TrackingCookie.Centrport : Cleaned with backup
:mozilla.192:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\2q5r6qqn.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.193:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\2q5r6qqn.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.203:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\2q5r6qqn.default\cookies.txt -> TrackingCookie.Com : Cleaned with backup
:mozilla.204:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\2q5r6qqn.default\cookies.txt -> TrackingCookie.Com : Cleaned with backup
:mozilla.205:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\2q5r6qqn.default\cookies.txt -> TrackingCookie.Com : Cleaned with backup
:mozilla.206:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\2q5r6qqn.default\cookies.txt -> TrackingCookie.Com : Cleaned with backup
:mozilla.220:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\2q5r6qqn.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.221:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\2q5r6qqn.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.222:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\2q5r6qqn.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.223:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\2q5r6qqn.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.224:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\2q5r6qqn.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.225:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\2q5r6qqn.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.226:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\2q5r6qqn.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.227:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\2q5r6qqn.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.228:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\2q5r6qqn.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.229:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\2q5r6qqn.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.230:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\2q5r6qqn.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.231:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\2q5r6qqn.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.232:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\2q5r6qqn.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.233:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\2q5r6qqn.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.234:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\2q5r6qqn.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.235:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\2q5r6qqn.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.236:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\2q5r6qqn.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.237:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\2q5r6qqn.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.238:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\2q5r6qqn.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.239:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\2q5r6qqn.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.240:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\2q5r6qqn.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.241:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\2q5r6qqn.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.242:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\2q5r6qqn.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.243:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\2q5r6qqn.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.244:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\2q5r6qqn.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.245:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\2q5r6qqn.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.246:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\2q5r6qqn.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.247:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\2q5r6qqn.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.248:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\2q5r6qqn.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.249:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\2q5r6qqn.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.250:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\2q5r6qqn.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.251:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\2q5r6qqn.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.252:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\2q5r6qqn.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.253:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\2q5r6qqn.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.254:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\2q5r6qqn.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.255:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\2q5r6qqn.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.256:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\2q5r6qqn.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.257:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\2q5r6qqn.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.258:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\2q5r6qqn.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.259:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\2q5r6qqn.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.260:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\2q5r6qqn.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.261:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\2q5r6qqn.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.262:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\2q5r6qqn.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.263:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\2q5r6qqn.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.264:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\2q5r6qqn.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.265:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\2q5r6qqn.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.266:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\2q5r6qqn.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.267:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\2q5r6qqn.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.268:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\2q5r6qqn.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.269:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\2q5r6qqn.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.271:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\2q5r6qqn.default\cookies.txt -> TrackingCookie.Clickzs : Cleaned with backup
:mozilla.272:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\2q5r6qqn.default\cookies.txt -> TrackingCookie.Clickzs : Cleaned with backup
:mozilla.273:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\2q5r6qqn.default\cookies.txt -> TrackingCookie.Clickzs : Cleaned with backup
:mozilla.274:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\2q5r6qqn.default\cookies.txt -> TrackingCookie.Clickzs : Cleaned with backup
:mozilla.275:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\2q5r6qqn.default\cookies.txt -> TrackingCookie.Clickzs : Cleaned with backup
:mozilla.276:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\2q5r6qqn.default\cookies.txt -> TrackingCookie.Clickzs : Cleaned with backup
:mozilla.277:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\2q5r6qqn.default\cookies.txt -> TrackingCookie.Clickzs : Cleaned with backup
:mozilla.278:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\2q5r6qqn.default\cookies.txt -> TrackingCookie.Clickzs : Cleaned with backup
:mozilla.279:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\2q5r6qqn.default\cookies.txt -> TrackingCookie.Clickzs : Cleaned with backup
:mozilla.280:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\2q5r6qqn.default\cookies.txt -> TrackingCookie.Clickzs : Cleaned with backup
:mozilla.281:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\2q5r6qqn.default\cookies.txt -> TrackingCookie.Clickzs : Cleaned with backup
:mozilla.282:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\2q5r6qqn.default\cookies.txt -> TrackingCookie.Clickzs : Cleaned with backup
:mozilla.283:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\2q5r6qqn.default\cookies.txt -> TrackingCookie.Clickzs : Cleaned with backup
:mozilla.284:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\2q5r6qqn.default\cookies.txt -> TrackingCookie.Clickzs : Cleaned with backup
:mozilla.285:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\2q5r6qqn.default\cookies.txt -> TrackingCookie.Clickzs : Cleaned with backup
:mozilla.286:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\2q5r6qqn.default\cookies.txt -> TrackingCookie.Clickzs : Cleaned with backup
:mozilla.313:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\2q5r6qqn.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup
:mozilla.314:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\2q5r6qqn.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup
:mozilla.315:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\2q5r6qqn.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup
:mozilla.316:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\2q5r6qqn.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup
:mozilla.317:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\2q5r6qqn.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup
:mozilla.318:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\2q5r6qqn.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup
:mozilla.319:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\2q5r6qqn.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup
:mozilla.320:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\2q5r6qqn.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup
:mozilla.321:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\2q5r6qqn.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup
:mozilla.322:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\2q5r6qqn.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup
:mozilla.603:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\2q5r6qqn.default\cookies.txt -> TrackingCookie.Overture : Cleaned with backup
:mozilla.604:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\2q5r6qqn.default\cookies.txt -> TrackingCookie.Overture : Cleaned with backup
:mozilla.606:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\2q5r6qqn.default\cookies.txt -> TrackingCookie.Paycounter : Cleaned with backup
:mozilla.617:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\2q5r6qqn.default\cookies.txt -> TrackingCookie.Overture : Cleaned with backup
:mozilla.630:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\2q5r6qqn.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup
:mozilla.656:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\2q5r6qqn.default\cookies.txt -> TrackingCookie.Revenue : Cleaned with backup
:mozilla.664:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\2q5r6qqn.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.665:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\2q5r6qqn.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.666:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\2q5r6qqn.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.667:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\2q5r6qqn.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.668:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\2q5r6qqn.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.690:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\2q5r6qqn.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.691:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\2q5r6qqn.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.692:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\2q5r6qqn.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.693:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\2q5r6qqn.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.694:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\2q5r6qqn.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.695:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\2q5r6qqn.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.696:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\2q5r6qqn.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.697:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\2q5r6qqn.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.698:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\2q5r6qqn.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.707:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\2q5r6qqn.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned with backup
:mozilla.708:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\2q5r6qqn.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.709:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\2q5r6qqn.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.710:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\2q5r6qqn.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.711:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\2q5r6qqn.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.712:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\2q5r6qqn.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.713:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\2q5r6qqn.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.714:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\2q5r6qqn.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.715:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\2q5r6qqn.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.716:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\2q5r6qqn.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.718:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\2q5r6qqn.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
:mozilla.719:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\2q5r6qqn.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
:mozilla.720:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\2q5r6qqn.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
:mozilla.721:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\2q5r6qqn.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
:mozilla.722:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\2q5r6qqn.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
:mozilla.723:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\2q5r6qqn.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
:mozilla.724:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\2q5r6qqn.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
:mozilla.726:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\2q5r6qqn.default\cookies.txt -> TrackingCookie.Clickzs : Cleaned with backup
:mozilla.727:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\2q5r6qqn.default\cookies.txt -> TrackingCookie.Clickzs : Cleaned with backup
:mozilla.728:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\2q5r6qqn.default\cookies.txt -> TrackingCookie.Clickzs : Cleaned with backup
:mozilla.729:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\2q5r6qqn.default\cookies.txt -> TrackingCookie.Clickzs : Cleaned with backup
:mozilla.738:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\2q5r6qqn.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.741:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\2q5r6qqn.default\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup
:mozilla.742:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\2q5r6qqn.default\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup
:mozilla.743:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\2q5r6qqn.default\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup
:mozilla.744:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\2q5r6qqn.default\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup
:mozilla.745:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\2q5r6qqn.default\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup
:mozilla.746:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\2q5r6qqn.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
:mozilla.747:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\2q5r6qqn.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
:mozilla.748:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\2q5r6qqn.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
:mozilla.751:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\2q5r6qqn.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.752:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\2q5r6qqn.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.753:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\2q5r6qqn.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.754:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\2q5r6qqn.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.755:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\2q5r6qqn.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.756:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\2q5r6qqn.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.769:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\2q5r6qqn.default\cookies.txt -> TrackingCookie.Bridgetrack : Cleaned with backup
:mozilla.770:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\2q5r6qqn.default\cookies.txt -> TrackingCookie.Bridgetrack : Cleaned with backup
:mozilla.789:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\2q5r6qqn.default\cookies.txt -> TrackingCookie.Masterstats : Cleaned with backup
:mozilla.793:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\2q5r6qqn.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
:mozilla.794:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\2q5r6qqn.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
:mozilla.795:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\2q5r6qqn.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
:mozilla.796:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\2q5r6qqn.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
:mozilla.797:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\2q5r6qqn.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
:mozilla.798:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\2q5r6qqn.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
:mozilla.804:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\2q5r6qqn.default\cookies.txt -> TrackingCookie.Adjuggler : Cleaned with backup
:mozilla.805:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\2q5r6qqn.default\cookies.txt -> TrackingCookie.Adjuggler : Cleaned with backup
:mozilla.807:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\2q5r6qqn.default\cookies.txt -> TrackingCookie.Onestat : Cleaned with backup
:mozilla.808:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\2q5r6qqn.default\cookies.txt -> TrackingCookie.Onestat : Cleaned with backup
:mozilla.53:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\bxk9ef0a.Default User\cookies.txt -> TrackingCookie.Doubleclick : Cleaned with backup
:mozilla.57:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\bxk9ef0a.Default User\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup
:mozilla.58:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\bxk9ef0a.Default User\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup
:mozilla.60:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\bxk9ef0a.Default User\cookies.txt -> TrackingCookie.Atdmt : Cleaned with backup
:mozilla.62:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\bxk9ef0a.Default User\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup
:mozilla.63:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\bxk9ef0a.Default User\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup
:mozilla.64:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\bxk9ef0a.Default User\cookies.txt -> TrackingCookie.Overture : Cleaned with backup
:mozilla.65:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\bxk9ef0a.Default User\cookies.txt -> TrackingCookie.Overture : Cleaned with backup
:mozilla.66:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\bxk9ef0a.Default User\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.67:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\bxk9ef0a.Default Us

#4 Stotic

Stotic
  • Topic Starter

  • Members
  • 48 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New York
  • Local time:09:34 PM

Posted 14 June 2006 - 11:38 PM

HJT Log

Logfile of HijackThis v1.99.1
Scan saved at 12:33:08 AM, on 6/15/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Common Files\Network Associates\TalkBack\tbmon.exe
C:\WINDOWS\system32\5c442488.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\mcshield.exe
C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\pctspk.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Administrator\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\tbmon.exe"
O4 - HKLM\..\Run: [HP Software Updat] "C:\Program Files\HP\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [5c442488.exe] C:\WINDOWS\system32\5c442488.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [dc5b0447.exe] C:\Documents and Settings\Administrator\Local Settings\Application Data\dc5b0447.exe
O4 - HKCU\..\Run: [5c442488.exe] C:\Documents and Settings\Administrator\Local Settings\Application Data\5c442488.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.1.1.74.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - http://www.bitdefender.com/scan8/oscan8.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: winkzr32 - winkzr32.dll (file missing)
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Unknown owner - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe" /ServiceStart (file missing)
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe
O23 - Service: Apache Tomcat (Tomcat5) - Unknown owner - C:\Program Files\Apache Software Foundation\Tomcat 5.5\bin\tomcat5.exe" //RS//Tomcat5 (file missing)

#5 Guest_Cretemonster_*

Guest_Cretemonster_*

  • Guests
  • OFFLINE
  •  

Posted 15 June 2006 - 03:47 AM

Download WinPFind to your C Drive.
http://www.bleepingcomputer.com/files/winpfind.php

Right Click the Zip Folder and Select "Extract All"

Don't use it yet


Open HijackThis-> Click "Do a System Scan Only" and put a check by these but DO NOT hit the Fix Checked button yet

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKLM\..\Run: [5c442488.exe] C:\WINDOWS\system32\5c442488.exe

O4 - HKCU\..\Run: [dc5b0447.exe] C:\Documents and Settings\Administrator\Local Settings\Application Data\dc5b0447.exe

O4 - HKCU\..\Run: [5c442488.exe] C:\Documents and Settings\Administrator\Local Settings\Application Data\5c442488.exe

O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.1.1.74.cab

O20 - Winlogon Notify: winkzr32 - winkzr32.dll (file missing)

Now Make sure ALL WINDOWS and BROWSERS are CLOSED and hit the Fix Checked Button


Please download the Killbox by Option^Explicit.

Note: In the event you already have Killbox, this is a new version that I need you to download.
  • Save it to your desktop.
  • Please double-click Killbox.exe to run it.
  • Please copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):

    C:\WINDOWS\system32\5c442488.exe
    C:\WINDOWS\system32\dc5b0447.exe
    :\Documents and Settings\Administrator\Local Settings\Application Data\dc5b0447.exe
    C:\Documents and Settings\Administrator\Local Settings\Application Data\5c442488.exe
    c:\windows\downloaded program files\gdnUS2338.exe
    C:\Documents and Settings\Administrator\.jpi_cache\jar\1.0\javainstaller.jar-31f04181-44652ebd.zip


  • Return to Killbox, go to the File menu, and choose Paste from Clipboard.
  • Select Delete on Reboot
  • then Click on the All Files button.
  • Click the red-and-white Delete File button. Click Yes at the Delete on Reboot prompt. Click OK at any PendingFileRenameOperations prompt (and please let me know if you receive this message!).
If your computer does not restart automatically, please restart it manually.

If you receive a message such as: "Component 'MsComCtl.ocx' or one of its dependencies not correctly registered: a file is missing or invalid." when trying to run Killbox, click here to download and run missingfilesetup.exe. Then try Killbox again.


Reboot into SAFE MODE(Tap F8 when restarting)

Make sure this zip folder was deleted

C:\Documents and Settings\Administrator\.jpi_cache\jar\1.0\javainstaller.jar-31f04181-44652ebd.zip


From the WinPFind folder-> Doubleclick WinPFind.exe and Click "Start Scan"

It will scan the entire System, so please be patient

Once you see "Scan Complete"-> a log (WinPFind.txt) will be automatically generated in the WinPFind folder


Restart Normal and Please run the F-Secure Online Scanner

Note: This Scanner is for Internet Explorer Only!
  • Follow the Instruction on the F-Secure page for proper installation.
  • Accept the License Agreement.
  • Once the ActiveX installs,Click Full System Scan
  • Once the download completes,the scan will begin automatically.
  • The scan will take some time to finish,so please be patient.
  • When the scan completes, click the Automatic cleaning (recommended) button.
  • Click the Show Report button and Copy&Paste the entire report in your next reply.
Post back with a fresh HijackThis log and the reports from WinPFind and F-Secure

#6 Stotic

Stotic
  • Topic Starter

  • Members
  • 48 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New York
  • Local time:09:34 PM

Posted 15 June 2006 - 04:26 PM

F-Secure

Scanning Report
Thursday, June 15, 2006 15:57:35 - 17:08:52
Computer name: MIKE
Scanning type: Scan system for viruses, rootkits, spyware
Target: C:\

Result: 32 malware found
Trojan-Downloader.Win32.Agent.alf (virus)
• C:\WINDOWS\DOWNLOADED PROGRAM FILES\CONFLICT.1\GDNUS2338.EXE (Renamed & Submitted)
Trojan-Downloader.Win32.Obfuscated.a (virus)
• C:\SYSTEM VOLUME INFORMATION\_RESTORE{EEBC7E5B-EBF1-42B4-90F1-64512E0ABADA}\RP447\A0166833.EXE (Renamed)
• C:\SYSTEM VOLUME INFORMATION\_RESTORE{EEBC7E5B-EBF1-42B4-90F1-64512E0ABADA}\RP447\A0166835.EXE (Renamed)
• C:\SYSTEM VOLUME INFORMATION\_RESTORE{EEBC7E5B-EBF1-42B4-90F1-64512E0ABADA}\RP445\A0166702.EXE (Renamed)
• C:\SYSTEM VOLUME INFORMATION\_RESTORE{EEBC7E5B-EBF1-42B4-90F1-64512E0ABADA}\RP445\A0166717.EXE (Renamed)
• C:\SYSTEM VOLUME INFORMATION\_RESTORE{EEBC7E5B-EBF1-42B4-90F1-64512E0ABADA}\RP444\A0166657.EXE (Renamed)
• C:\SYSTEM VOLUME INFORMATION\_RESTORE{EEBC7E5B-EBF1-42B4-90F1-64512E0ABADA}\RP443\A0166573.EXE (Renamed)
• C:\SYSTEM VOLUME INFORMATION\_RESTORE{EEBC7E5B-EBF1-42B4-90F1-64512E0ABADA}\RP443\A0166592.EXE (Renamed)
• C:\SYSTEM VOLUME INFORMATION\_RESTORE{EEBC7E5B-EBF1-42B4-90F1-64512E0ABADA}\RP443\A0166603.EXE (Renamed)
• C:\SYSTEM VOLUME INFORMATION\_RESTORE{EEBC7E5B-EBF1-42B4-90F1-64512E0ABADA}\RP442\A0166542.EXE (Renamed)
Trojan-Downloader.Win32.Small.dag (virus)
• C:\!KILLBOX\GDNUS2338.EXE (Renamed)
Trojan-Downloader.Win32.Zlob.gen (virus)
• C:\SYSTEM VOLUME INFORMATION\_RESTORE{EEBC7E5B-EBF1-42B4-90F1-64512E0ABADA}\RP447\A0166827.EXE (Renamed)
Trojan-Downloader.Win32.Zlob.lc (virus)
• C:\SYSTEM VOLUME INFORMATION\_RESTORE{EEBC7E5B-EBF1-42B4-90F1-64512E0ABADA}\RP443\A0166584.EXE (Renamed)
Trojan-Downloader.Win32.Zlob.si (virus)
• C:\SYSTEM VOLUME INFORMATION\_RESTORE{EEBC7E5B-EBF1-42B4-90F1-64512E0ABADA}\RP447\A0166823.EXE (Renamed & Submitted)
Trojan-Downloader.Win32.Zlob.sp (virus)
• C:\SYSTEM VOLUME INFORMATION\_RESTORE{EEBC7E5B-EBF1-42B4-90F1-64512E0ABADA}\RP447\A0166828.TLB (Renamed)
• C:\SYSTEM VOLUME INFORMATION\_RESTORE{EEBC7E5B-EBF1-42B4-90F1-64512E0ABADA}\RP444\A0166637.TLB (Renamed)
• C:\SYSTEM VOLUME INFORMATION\_RESTORE{EEBC7E5B-EBF1-42B4-90F1-64512E0ABADA}\RP444\A0166661.TLB (Renamed)
• C:\SYSTEM VOLUME INFORMATION\_RESTORE{EEBC7E5B-EBF1-42B4-90F1-64512E0ABADA}\RP443\A0166605.TLB (Renamed)
Trojan.Win32.Agent.qt (virus)
• C:\SYSTEM VOLUME INFORMATION\_RESTORE{EEBC7E5B-EBF1-42B4-90F1-64512E0ABADA}\RP393\A0144657.EXE (Renamed & Submitted)
Trojan.Win32.Agent.vg (virus)
• C:\SYSTEM VOLUME INFORMATION\_RESTORE{EEBC7E5B-EBF1-42B4-90F1-64512E0ABADA}\RP447\A0166837.DLL (Renamed)
• C:\SYSTEM VOLUME INFORMATION\_RESTORE{EEBC7E5B-EBF1-42B4-90F1-64512E0ABADA}\RP439\A0166125.EXE (Renamed & Submitted)
W32/Downloader (virus)
• C:\SYSTEM VOLUME INFORMATION\_RESTORE{EEBC7E5B-EBF1-42B4-90F1-64512E0ABADA}\RP447\A0166842.EXE (Submitted)
• C:\SYSTEM VOLUME INFORMATION\_RESTORE{EEBC7E5B-EBF1-42B4-90F1-64512E0ABADA}\RP447\A0166883.EXE
• C:\SYSTEM VOLUME INFORMATION\_RESTORE{EEBC7E5B-EBF1-42B4-90F1-64512E0ABADA}\RP447\A0166896.EXE
• C:\SYSTEM VOLUME INFORMATION\_RESTORE{EEBC7E5B-EBF1-42B4-90F1-64512E0ABADA}\RP447\A0166897.EXE
• C:\SYSTEM VOLUME INFORMATION\_RESTORE{EEBC7E5B-EBF1-42B4-90F1-64512E0ABADA}\RP446\A0166756.EXE
• C:\SYSTEM VOLUME INFORMATION\_RESTORE{EEBC7E5B-EBF1-42B4-90F1-64512E0ABADA}\RP445\A0166704.EXE
• C:\SYSTEM VOLUME INFORMATION\_RESTORE{EEBC7E5B-EBF1-42B4-90F1-64512E0ABADA}\RP445\A0166718.EXE
• C:\SYSTEM VOLUME INFORMATION\_RESTORE{EEBC7E5B-EBF1-42B4-90F1-64512E0ABADA}\RP444\A0166658.EXE
• C:\SYSTEM VOLUME INFORMATION\_RESTORE{EEBC7E5B-EBF1-42B4-90F1-64512E0ABADA}\RP442\A0166541.EXE
• C:\SYSTEM VOLUME INFORMATION\_RESTORE{EEBC7E5B-EBF1-42B4-90F1-64512E0ABADA}\RP441\A0166489.EXE
• C:\!KILLBOX\5C442488.EXE

Statistics
Scanned:
• Files: 56226
• System: 4236
• Not scanned: 4
Actions:
• Disinfected: 0
• Renamed: 21
• Deleted: 0
• None: 11
• Submitted: 5
Files not scanned:
• C:\HIBERFIL.SYS
• C:\PAGEFILE.SYS
• C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT
• C:\SYSTEM VOLUME INFORMATION\MOUNTPOINTMANAGERREMOTEDATABASE

Options
Scanning engines:
• F-Secure AVP: 6.0.171, 2006-06-15
• F-Secure Libra: 2.4.1, 2006-06-14
• F-Secure Orion: 1.2.37, 2006-06-12
• F-Secure Blacklight: 1.0.31, 0000-00-00
• F-Secure Pegasus: 1.19.0, 2006-05-13
• F-Secure Draco: 1.0.35, 2006-06-08
Scanning options:
• Scan defined files: COM EXE SYS OV? BIN SCR DLL SHS HTM HTML HTT VBS JS INF VXD DO? XL? RTF CPL WIZ HTA PP? PWZ P?T MSO PIF . ACM ASP AX CNV CSC DRV INI MDB MPD MPP MPT OBD OBT OCX PCI TLB TSP WBK WBT WPC WSH VWP WML BOO HLP TD0 TT6 MSG ASD JSE VBE WSC CHM EML PRC SHB LNK WSF {* PDF ZL? XML ZIP XXX
• Use Advanced heuristics

WinPFind

WARNING: not all files found by this scanner are bad. Consult with a knowledgable person before proceeding.

If you see a message in the titlebar saying "Not responding..." you can ignore it. Windows somethimes displays this message due to the high volume of disk I/O. As long as the hard disk light is flashing, the program is still working properly.

»»»»»»»»»»»»»»»»» Windows OS and Versions »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Product Name: Microsoft Windows XP Current Build: Service Pack 2 Current Build Number: 2600
Internet Explorer Version: 6.0.2900.2180

»»»»»»»»»»»»»»»»» Checking Selected Standard Folders »»»»»»»»»»»»»»»»»»»»

Checking %SystemDrive% folder...

Checking %ProgramFilesDir% folder...

Checking %WinDir% folder...
UPX! 8/22/2004 5:04:56 PM 69120 C:\WINDOWS\daemon.dll
UPX! 6/29/2004 10:13:24 PM 126464 C:\WINDOWS\upx.exe

Checking %System% folder...
aspack 3/18/2005 5:19:58 PM 2337488 C:\WINDOWS\SYSTEM32\d3dx9_25.dll
PEC2 12/31/2002 8:00:00 AM 41397 C:\WINDOWS\SYSTEM32\dfrg.msc
PEC2 8/9/2005 6:14:00 PM 692736 C:\WINDOWS\SYSTEM32\DivX.dll
PECompact2 8/9/2005 6:14:00 PM 692736 C:\WINDOWS\SYSTEM32\DivX.dll
PTech 7/12/2005 6:04:22 PM 520456 C:\WINDOWS\SYSTEM32\LegitCheckControl.dll
PECompact2 5/4/2006 12:26:22 AM 5818784 C:\WINDOWS\SYSTEM32\MRT.exe
aspack 5/4/2006 12:26:22 AM 5818784 C:\WINDOWS\SYSTEM32\MRT.exe
aspack 12/31/2002 8:00:00 AM 708096 C:\WINDOWS\SYSTEM32\ntdll.dll
Umonitor 12/31/2002 8:00:00 AM 658432 C:\WINDOWS\SYSTEM32\rasdlg.dll
UPX! 5/10/2005 12:20:08 PM 33792 C:\WINDOWS\SYSTEM32\Unlocker.exe
winsync 12/31/2002 8:00:00 AM 1309184 C:\WINDOWS\SYSTEM32\wbdbase.deu

Checking %System%\Drivers folder and sub-folders...

Items found in C:\WINDOWS\SYSTEM32\drivers\etc\hosts


Checking the Windows folder and sub-folders for system and hidden files within the last 60 days...
6/15/2006 2:03:32 PM S 2048 C:\WINDOWS\bootstat.dat
6/15/2006 2:02:20 PM S 64 C:\WINDOWS\CSC\00000001
6/6/2006 10:25:14 PM S 64 C:\WINDOWS\CSC\00000002
6/6/2006 9:34:32 PM S 64 C:\WINDOWS\CSC\csc1.tmp
6/15/2006 2:03:24 PM H 8192 C:\WINDOWS\system32\config\default.LOG
6/15/2006 2:03:40 PM H 1024 C:\WINDOWS\system32\config\SAM.LOG
6/15/2006 2:03:34 PM H 16384 C:\WINDOWS\system32\config\SECURITY.LOG
6/15/2006 2:04:24 PM H 204800 C:\WINDOWS\system32\config\software.LOG
6/15/2006 2:03:42 PM H 929792 C:\WINDOWS\system32\config\system.LOG
5/9/2006 3:01:06 PM H 1024 C:\WINDOWS\system32\config\systemprofile\ntuser.dat.LOG
6/4/2006 9:29:40 PM HS 388 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\244127b2-fe47-4bfd-b250-e922ba3f1a35
6/4/2006 9:29:40 PM HS 24 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\Preferred
5/17/2006 3:49:48 PM HS 388 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\a2494906-c304-4456-bb45-77ece76744a2
5/17/2006 3:49:48 PM HS 24 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\Preferred
6/15/2006 2:02:22 PM H 6 C:\WINDOWS\Tasks\SA.DAT

Checking for CPL files...
Microsoft Corporation 12/31/2002 8:00:00 AM 68608 C:\WINDOWS\SYSTEM32\access.cpl
Microsoft Corporation 12/31/2002 8:00:00 AM 549888 C:\WINDOWS\SYSTEM32\appwiz.cpl
Microsoft Corporation 12/31/2002 8:00:00 AM 110592 C:\WINDOWS\SYSTEM32\bthprops.cpl
Microsoft Corporation 12/31/2002 8:00:00 AM 135168 C:\WINDOWS\SYSTEM32\desk.cpl
Microsoft Corporation 12/31/2002 8:00:00 AM 80384 C:\WINDOWS\SYSTEM32\firewall.cpl
Microsoft Corporation 12/31/2002 8:00:00 AM 155136 C:\WINDOWS\SYSTEM32\hdwwiz.cpl
Microsoft Corporation 12/31/2002 8:00:00 AM 358400 C:\WINDOWS\SYSTEM32\inetcpl.cpl
Microsoft Corporation 12/31/2002 8:00:00 AM 129536 C:\WINDOWS\SYSTEM32\intl.cpl
Microsoft Corporation 12/31/2002 8:00:00 AM 380416 C:\WINDOWS\SYSTEM32\irprops.cpl
InstallShield Software Corporation6/16/2004 6:03:30 AM 73728 C:\WINDOWS\SYSTEM32\ISUSPM.cpl
Microsoft Corporation 12/31/2002 8:00:00 AM 68608 C:\WINDOWS\SYSTEM32\joy.cpl
Sun Microsystems, Inc. 11/10/2005 2:03:50 PM 49265 C:\WINDOWS\SYSTEM32\jpicpl32.cpl
Microsoft Corporation 12/31/2002 8:00:00 AM 187904 C:\WINDOWS\SYSTEM32\main.cpl
Microsoft Corporation 12/31/2002 8:00:00 AM 618496 C:\WINDOWS\SYSTEM32\mmsys.cpl
Microsoft Corporation 12/31/2002 8:00:00 AM 35840 C:\WINDOWS\SYSTEM32\ncpa.cpl
Microsoft Corporation 12/31/2002 8:00:00 AM 25600 C:\WINDOWS\SYSTEM32\netsetup.cpl
Microsoft Corporation 12/31/2002 8:00:00 AM 257024 C:\WINDOWS\SYSTEM32\nusrmgr.cpl
NVIDIA Corporation 7/20/2005 9:07:00 PM 73728 C:\WINDOWS\SYSTEM32\nvtuicpl.cpl
Microsoft Corporation 12/31/2002 8:00:00 AM 36864 C:\WINDOWS\SYSTEM32\nwc.cpl
Microsoft Corporation 12/31/2002 8:00:00 AM 32768 C:\WINDOWS\SYSTEM32\odbccp32.cpl
Microsoft Corporation 12/31/2002 8:00:00 AM 114688 C:\WINDOWS\SYSTEM32\powercfg.cpl
Microsoft Corporation 12/31/2002 8:00:00 AM 298496 C:\WINDOWS\SYSTEM32\sysdm.cpl
Microsoft Corporation 12/31/2002 8:00:00 AM 28160 C:\WINDOWS\SYSTEM32\telephon.cpl
Microsoft Corporation 12/31/2002 8:00:00 AM 94208 C:\WINDOWS\SYSTEM32\timedate.cpl
Microsoft Corporation 12/31/2002 8:00:00 AM 148480 C:\WINDOWS\SYSTEM32\wscui.cpl
Microsoft Corporation 5/26/2005 4:16:30 AM 174360 C:\WINDOWS\SYSTEM32\wuaucpl.cpl

»»»»»»»»»»»»»»»»» Checking Selected Startup Folders »»»»»»»»»»»»»»»»»»»»»

Checking files in %ALLUSERSPROFILE%\Startup folder...
8/19/2005 9:28:16 AM HS 84 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini

Checking files in %ALLUSERSPROFILE%\Application Data folder...
8/19/2005 3:23:48 AM HS 62 C:\Documents and Settings\All Users\Application Data\desktop.ini
8/22/2005 2:57:44 PM 13662 C:\Documents and Settings\All Users\Application Data\hpzinstall.log
1/8/2006 10:57:08 PM 2525 C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache

Checking files in %USERPROFILE%\Startup folder...
8/19/2005 9:28:16 AM HS 84 C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\desktop.ini

Checking files in %USERPROFILE%\Application Data folder...
8/19/2005 3:23:48 AM HS 62 C:\Documents and Settings\Administrator\Application Data\desktop.ini

»»»»»»»»»»»»»»»»» Checking Selected Registry Keys »»»»»»»»»»»»»»»»»»»»»»»

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
SV1 =

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]

[HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers]
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\CopyMoveTo
{51131DA7-1D24-40e5-AE07-5E3750F5DE3C} = C:\WINDOWS\system32\ContextMenuExt.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\ewido
{57BD36D7-CE32-4600-9B1C-1A0C47EFC02E} = C:\Program Files\ewido anti-malware\context.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Offline Files
{750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With
{09799AFB-AD67-11d1-ABCD-00C04FC30936} = %SystemRoot%\system32\SHELL32.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With EncryptionMenu
{A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\VirusScan
{cda2863e-2497-4c49-9b89-06840e070a87} = C:\Program Files\Network Associates\VirusScan\shext.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\WinZip
{E0D79304-84BE-11CE-9641-444553540000} = C:\Program Files\WINZIP\WZSHLSTB.DLL
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\{a2a9545d-a0c2-42b4-9708-a0b2badd77c8}
Start Menu Pin = %SystemRoot%\system32\SHELL32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\CopyMoveTo
{51131DA7-1D24-40e5-AE07-5E3750F5DE3C} = C:\WINDOWS\system32\ContextMenuExt.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\VirusScan
{cda2863e-2497-4c49-9b89-06840e070a87} = C:\Program Files\Network Associates\VirusScan\shext.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\WinZip
{E0D79304-84BE-11CE-9641-444553540000} = C:\Program Files\WINZIP\WZSHLSTB.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\CopyMoveTo
{51131DA7-1D24-40e5-AE07-5E3750F5DE3C} = C:\WINDOWS\system32\ContextMenuExt.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\EncryptionMenu
{A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\ewido
{57BD36D7-CE32-4600-9B1C-1A0C47EFC02E} = C:\Program Files\ewido anti-malware\context.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Offline Files
{750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Sharing
{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6} = ntshrui.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\VirusScan
{cda2863e-2497-4c49-9b89-06840e070a87} = C:\Program Files\Network Associates\VirusScan\shext.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\WinZip
{E0D79304-84BE-11CE-9641-444553540000} = C:\Program Files\WINZIP\WZSHLSTB.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{0D2E74C4-3C34-11d2-A27E-00C04FC30871}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F01-7B1C-11d1-838f-0000F80461CF}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F02-7B1C-11d1-838f-0000F80461CF}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{66742402-F9B9-11D1-A202-0000F81FEDEE}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{F9DB5320-233E-11D1-9F84-707F02C10627}
= C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll

[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
AcroIEHlprObj Class = C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}
SSVHelper Class = C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{4D5C8C25-D075-11d0-B416-00C04FB90376}
&Tip of the Day = %SystemRoot%\system32\shdocvw.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{C4EE31F3-4768-11D2-BE5C-00A0C9A83DA1}
File Search Explorer Band = %SystemRoot%\system32\SHELL32.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{EFA24E64-B078-11D0-89E4-00C04FC9E26E}
Explorer Band = %SystemRoot%\system32\shdocvw.dll

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser
{01E04581-4EEE-11D0-BFE9-00AA005B4383} = &Address : %SystemRoot%\system32\browseui.dll
{0E5CBF21-D15F-11D0-8301-00AA005B4383} = &Links : %SystemRoot%\system32\SHELL32.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser
{01E04581-4EEE-11D0-BFE9-00AA005B4383} = &Address : %SystemRoot%\system32\browseui.dll
{0E5CBF21-D15F-11D0-8301-00AA005B4383} = &Links : %SystemRoot%\system32\SHELL32.dll
{EF99BD32-C1FB-11D2-892F-0090271D4F88} = &Yahoo! Toolbar :

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
NeroFilterCheck C:\WINDOWS\system32\NeroCheck.exe
NvCplDaemon RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
nwiz nwiz.exe /install
McAfeeUpdaterUI "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
HP Component Manager "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
NvMediaCenter RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
ShStatEXE "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
Network Associates Error Reporting Service "C:\Program Files\Common Files\Network Associates\TalkBack\tbmon.exe"
HP Software Update "C:\Program Files\HP\HP Software Update\HPWuSchd.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]
IMAIL Installed = 1
MAPI Installed = 1
MSFS Installed = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
AIM C:\Program Files\AIM\aim.exe -cnetwait.odl

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\load]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\run]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\services

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk
path C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup
location Common Startup
command C:\PROGRA~1\HP\DIGITA~1\bin\hpqtra08.exe
item HP Digital Imaging Monitor

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\DiskeeperSystray
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item DkIcon
hkey HKLM
command "C:\Program Files\Executive Software\Diskeeper\DkIcon.exe"
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item DkIcon
hkey HKLM
command "C:\Program Files\Executive Software\Diskeeper\DkIcon.exe"
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\DXDllRegExe
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item dxdllreg
hkey HKLM
command dxdllreg.exe
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item dxdllreg
hkey HKLM
command dxdllreg.exe
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\NVMixerTray
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item NVMixerTray
hkey HKLM
command "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item NVMixerTray
hkey HKLM
command "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\QuickTime Task
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item qttask
hkey HKLM
command "C:\Program Files\QuickTime\qttask.exe" -atboottime
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item qttask
hkey HKLM
command "C:\Program Files\QuickTime\qttask.exe" -atboottime
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\state
system.ini 0
win.ini 0
bootini 0
services 0
startup 2


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer
NoActiveDesktopChanges 0


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum
{BDEADF00-C265-11D0-BCED-00A0C90AB50F} = C:\Program Files\Common Files\Microsoft Shared\Web Folders\msonsext.dll
{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} =
{0DF44EAA-FF21-4412-828E-260A8728E7F1} =


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system
dontdisplaylastusername 0
legalnoticecaption
legalnoticetext
shutdownwithoutlogon 1
undockwithoutlogon 1
DisableTaskMgr 0


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop
NoChangingWallPaper 0
NoAddingComponents 0
NoComponents 0
NoDeletingComponents 0
NoEditingComponents 0
NoCloseDragDropBands 0
NoMovingBands 0
NoHTMLWallPaper 0

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
NoDriveTypeAutoRun 145
NoRecentDocsMenu 1
NoActiveDesktop 0
NoSaveSettings 0
ClassicShell 0
NoThemesTab 0
ForceActiveDesktopOn 0

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System
DisableTaskMgr 0
NoDispAppearancePage 0
NoColorChoice 0
NoSizeChoice 0
NoDispBackgroundPage 0
NoDispScrSavPage 0
NoDispCPL 0
NoVisualStyleChoice 0
NoDispSettingsPage 0


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
PostBootReminder {7849596a-48ea-486e-8937-a2a3009f31a9} = %SystemRoot%\system32\SHELL32.dll
CDBurn {fbeb8a05-beee-4442-804e-409d6c4515e9} = %SystemRoot%\system32\SHELL32.dll
WebCheck {E6FB5E20-DE35-11CF-9C87-00AA005127ED} = %SystemRoot%\system32\webcheck.dll
SysTray {35CEC8A3-2BE6-11D2-8773-92E220524153} = C:\WINDOWS\system32\stobject.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\WINDOWS\system32\userinit.exe,
Shell = Explorer.exe
System =

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain
= crypt32.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet
= cryptnet.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll
= cscdll.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp
= wlnotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule
= wlnotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy
= sclgntfy.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn
= WlNotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv
= wlnotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon
= wlnotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WRNotifier
= WRLogonNTF.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Your Image File Name Here without a path
Debugger = ntsd -d

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
AppInit_DLLs


»»»»»»»»»»»»»»»»»»»»»»»» Scan Complete »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
WinPFind v1.4.1 - Log file written to "WinPFind.Txt" in the WinPFind folder.
Scan completed on 6/15/2006 2:14:43 PM

HJT Log

Logfile of HijackThis v1.99.1
Scan saved at 5:10:43 PM, on 6/15/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Common Files\Network Associates\TalkBack\tbmon.exe
C:\Program Files\HP\hpcoretech\comp\hptskmgr.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\mcshield.exe
C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\pctspk.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\OnlineScanner\Anti-Virus\fsgk32.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\OnlineScanner\Anti-Virus\fssm32.exe
C:\Documents and Settings\Administrator\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\tbmon.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd.exe"
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - http://www.bitdefender.com/scan8/oscan8.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {9D190AE6-C81E-4039-8061-978EBAD10073} (F-Secure Online Scanner 3.0) - http://support.f-secure.com/ols3/fscax.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Unknown owner - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe" /ServiceStart (file missing)
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe
O23 - Service: Apache Tomcat (Tomcat5) - Unknown owner - C:\Program Files\Apache Software Foundation\Tomcat 5.5\bin\tomcat5.exe" //RS//Tomcat5 (file missing)

#7 Guest_Cretemonster_*

Guest_Cretemonster_*

  • Guests
  • OFFLINE
  •  

Posted 15 June 2006 - 05:12 PM

One more scan please.

Please do an online scan with Kaspersky WebScanner

Click on Kaspersky Online Scanner

You will be promted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
    Extended (if available otherwise Standard)
    • Scan Options:
    Scan Archives
    Scan Mail Bases
  • Click OK
  • Now under select a target to scan:Select My Computer
  • This will program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Now click on the Save as Text button:
  • Save the file to your desktop.
  • Copy and paste that information in your next post.


#8 Stotic

Stotic
  • Topic Starter

  • Members
  • 48 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New York

Posted 15 June 2006 - 10:22 PM

Kaspersky

-------------------------------------------------------------------------------
KASPERSKY ON-LINE SCANNER REPORT
Thursday, June 15, 2006 11:21:28 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky On-line Scanner version: 5.0.78.0
Kaspersky Anti-Virus database last update: 16/06/2006
Kaspersky Anti-Virus database records: 200818
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\
E:\
F:\

Scan Statistics:
Total number of scanned objects: 99541
Number of viruses found: 5
Number of infected objects: 12
Number of suspicious objects: 0
Duration of the scan process: 02:00:31

Infected Object Name / Virus Name / Last Action
C:\!KillBox\GDNUS2338.0XE Infected: Trojan-Downloader.Win32.Small.dag skipped
C:\!KillBox\javainstaller.jar-31f04181-44652ebd.zip/javainstaller/InstallerApplet.class Infected: Trojan-Downloader.Java.OpenStream.w skipped
C:\!KillBox\javainstaller.jar-31f04181-44652ebd.zip ZIP: infected - 1 skipped
C:\Documents and Settings\Administrator\.jpi_cache\jar\1.0\javainstaller.jar-31f06070-264f0188.zip/javainstaller/InstallerApplet.class Infected: Trojan-Downloader.Java.OpenStream.w skipped
C:\Documents and Settings\Administrator\.jpi_cache\jar\1.0\javainstaller.jar-31f06070-264f0188.zip ZIP: infected - 1 skipped
C:\System Volume Information\_restore{EEBC7E5B-EBF1-42B4-90F1-64512E0ABADA}\RP443\A0166605.0LB Infected: Trojan-Downloader.Win32.Zlob.sp skipped
C:\System Volume Information\_restore{EEBC7E5B-EBF1-42B4-90F1-64512E0ABADA}\RP444\A0166637.0LB Infected: Trojan-Downloader.Win32.Zlob.sp skipped
C:\System Volume Information\_restore{EEBC7E5B-EBF1-42B4-90F1-64512E0ABADA}\RP444\A0166661.0LB Infected: Trojan-Downloader.Win32.Zlob.sp skipped
C:\System Volume Information\_restore{EEBC7E5B-EBF1-42B4-90F1-64512E0ABADA}\RP447\A0166828.0LB Infected: Trojan-Downloader.Win32.Zlob.sp skipped
C:\System Volume Information\_restore{EEBC7E5B-EBF1-42B4-90F1-64512E0ABADA}\RP447\A0166935.exe Infected: Trojan-Downloader.Win32.Small.dag skipped
C:\WINDOWS\Downloaded Program Files\CONFLICT.1\GDNUS2338.0XE Infected: Trojan-Downloader.Win32.Agent.alf skipped
C:\WINDOWS\system32\cmdow.exe Infected: not-a-virus:RiskTool.Win32.HideWindows skipped

Scan process completed.

#9 Guest_Cretemonster_*

Guest_Cretemonster_*

  • Guests
  • OFFLINE
  •  

Posted 16 June 2006 - 03:17 AM

Use Killbox,select Standard file Kill and delete these 2

C:\WINDOWS\system32\cmdow.exe

C:\Documents and Settings\Administrator\.jpi_cache\jar\1.0\javainstaller.jar-31f06070-264f0188.zip



Please Install these 2 to add to the Security of the PC!

SpywareBlaster:
http://www.javacoolsoftware.com/downloads.html
Update Immediatly!

WinHelp2002 Hosts File
http://www.mvps.org/winhelp2002/hosts2.htm

Disable System Restore
http://service1.symantec.com/SUPPORT/tsgen...src=sec_doc_nam

Go ahead and Reconfigure Msconfig the way you like the PC to Startup

Go ahead and remove any of the tools downloaded that are of no use anymore

Post back and let me know how things are?

#10 Stotic

Stotic
  • Topic Starter

  • Members
  • 48 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New York
  • Local time:09:34 PM

Posted 16 June 2006 - 12:42 PM

Thanks a lot! You've been extremely helpful!

#11 Guest_Cretemonster_*

Guest_Cretemonster_*

  • Guests
  • OFFLINE
  •  

Posted 16 June 2006 - 06:59 PM

Go ahead and Renable System Restore and restart the PC,this will clear out all old nasty restore points and create a nice new fresh clean one for you to fall back on should you ever need it.


Updating Java and Clearing Cache
  • Go to Start > Control Panel double-click on the Java Icon (coffee cup) in the Control Panel.
  • It will say "Java Plug-in" under the icon.
    Please find the update button or tab in the Java Control Panel. Update your Java then reboot.
  • If you are unable to update you can manually update by going here:
  • After the reboot, go back into the Control Panel and double-click the Java Icon.
  • Under Temporary Internet Files, click the Delete Files button.
  • There are three options in the window to clear the cache - Leave ALL 3 CheckedDownloaded Applets
    Downloaded Applications
    Other Files
  • Click OK on Delete Temporary Files Window
    Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.
  • Click OK to leave the Java Control Panel.
It is suggested that you go and change all your passwords since some of these may have been compromised during the infection.


Read through those 3 little black links in my signature to get some extra ideas about how to avoid this in the future.


Please remember to check your AntiVirus and any Spyware Apps for updates atleast twice a week


Make sure you keep your Windows Operating System up to date by visiting Windows Updates regularly to download and install any critical updates and service packs.


If you ever need us again,you know how to find us! :thumbsup:




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users