Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Virus Recived Over Messenger Live


  • Please log in to reply
11 replies to this topic

#1 OtakuBlackWolf

OtakuBlackWolf

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:05:52 AM

Posted 21 September 2006 - 08:43 AM

Logfile of HijackThis v1.99.1
Scan saved at 11:30:39 PM, on 21/09/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\Windows\System32\smss.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\Windows\System32\svchost.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\spoolsv.exe
C:\Windows\SOUNDMAN.EXE
C:\Windows\system32\RUNDLL32.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\CA\eTrust Vet Antivirus\CAVTray.exe
C:\Program Files\CA\eTrust Vet Antivirus\CAVRID.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe
C:\Windows\system32\ctfmon.exe
C:\Program Files\CA\eTrust Vet Antivirus\ISafe.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Windows\system32\nvsvc32.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\Windows\system32\svchost.exe
C:\Program Files\VIA\RAID\raid_tool.exe
C:\Program Files\CA\eTrust Vet Antivirus\VetMsg.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\MSN Messenger\msgs.exe
C:\Documents and Settings\XPPro\Xinstall.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Windows\system32\svchost.exe
c:\Program Files\PestPatrol\ppmemcheck.exe
c:\Program Files\PestPatrol\cookiepatrol.exe
c:\Program Files\PestPatrol\ppcontrol.exe
c:\Program Files\PestPatrol\pestpatrol.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
C:\Program Files\HijackThis\HijackThis.exe
C:\Windows\system32\Xinstall.exe
C:\Program Files\Common Files\{B4FB85D9-0BC7-3081-0826-05011806003d}\Update.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O2 - BHO: ToolBar888 - {CBCC61FA-0221-4ccc-B409-CEE865CACA3A} - C:\Program Files\ToolBar888\MyToolBar.dll
O3 - Toolbar: ToolBar888 - {CBCC61FA-0221-4ccc-B409-CEE865CACA3A} - C:\Program Files\ToolBar888\MyToolBar.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [CaAvTray] "C:\Program Files\CA\eTrust Vet Antivirus\CAVTray.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\eTrust Vet Antivirus\CAVRID.exe"
O4 - HKLM\..\Run: [PestPatrol Control Center] c:\PROGRA~1\PESTPA~1\PPControl.exe
O4 - HKLM\..\Run: [PPMemCheck] c:\PROGRA~1\PESTPA~1\PPMemCheck.exe
O4 - HKLM\..\Run: [CookiePatrol] c:\PROGRA~1\PESTPA~1\CookiePatrol.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [explorer] C:\Documents and Settings\XPPro\Xinstall.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\Windows\system32\ctfmon.exe
O4 - HKCU\..\Run: [7522d396.exe] C:\Documents and Settings\XPPro\Local Settings\Application Data\7522d396.exe
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\Xfire.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: VIA RAID TOOL.lnk = C:\Program Files\VIA\RAID\raid_tool.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {200B3EE9-7242-4EFD-B1E4-D97EE825BA53} (VerifyGMN Class) - http://h20270.www2.hp.com/ediags/gmn/insta...staller_gmn.cab
O16 - DPF: {42F2C9BA-614F-47C0-B3E3-ECFD34EED658} - http://promo.dollarrevenue.com/activex/pro...133352D2D2D.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://hino-mushi.spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1123927098912
O16 - DPF: {E055C02E-6258-40FF-80A7-3BDA52FACAD7} (Installer Class) - http://activex.matcash.com/speedtest2.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: igfxcui - C:\Windows\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: WgaLogon - C:\Windows\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: winhqd32 - winhqd32.dll (file missing)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Vet Antivirus\ISafe.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\Windows\system32\nvsvc32.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\Cyberlink\Shared files\RichVideo.exe (file missing)
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Vet Antivirus\VetMsg.exe

BC AdBot (Login to Remove)

 


#2 OtakuBlackWolf

OtakuBlackWolf
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:05:52 AM

Posted 21 September 2006 - 10:54 AM

i thought it would help i f i added alittle more detail about the problem
you recive a message from a contact, telling tyou to check out this pic photo 942.PIF

this will send you a web pagewhere it will download a file under the name photo942.PIF
upon down load every contact in your msn list will be contacted with the exact same message
i have pestpatrol on my system and i belive fake warnings from this appear, also (again belived fake) ones from windows defender telling me that Toolbar888 has infected my computer/memory at this point the plug for my computer was ripped from the wall. this virus is running in the same way as the quake virus that promoted quake antivirus but before going thru all the process of deleating it
(or trying) decide to send the report in

i belive this is very new (or new version of an old one) because i have seen absolutly no warnigns from microsoft or vet etc...

i also cannot run disk cleanup (due to it misteriously closing) so there fore cannot clean out temp files

#3 -David-

-David-

  • Members
  • 10,603 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London
  • Local time:08:52 PM

Posted 21 September 2006 - 12:38 PM

Hello there and welcome to Bleeping Computer's security forum.
My name is David, I will be helping you with your log today.

It is a good idea to print off these instructions:
This will be useful as there is a possibility some of the instructions will need to be carried out where internet access is not available.
You may also like to save these instructions in word/notepad to the desktop where they can be easily found for the same reasons as above.
A print out of the instructions would be a good reference to make sure you don't yet lost.
Also, it is important that you complete the instructions in the right order, and also that you don't miss any steps out!
If you have any queries about the process or just general questions, just ask.

Click on start, then control panel, and then double-click on add/remove programs. From within add/remove program uninstall the following if they exist by double-clicking on the following entries:

Toolbar888

You are missing one important program on that computer - an antivirus!
This is somewhat suicidal in today's digital world.
You need to install an antivirus program as soon as you can and run a complete scan of the computer.
AVG and Avast are excellent, free antivirus programs..
Never install more than one antivirus on your system - several together can cause problems and decrease performance.

Please download Ewido Anti-Spyware and save the file to your desktop.
This is a free 30 day trial version of the program.
  • Locate the icon on your desktop and double click it to open the set-up program.
  • Follow the instructions on screen to install Ewido.
  • Run the program and you will meet the main screen.
  • Select the icon "Update" then select the "Update now" link
  • Next click the "Start Update" button; a progress bar will show the updates being installed.
  • Now select the "Scanner" icon at the top of the screen, then select the "Settings" tab.
  • Click on "Recommended actions" and then select "Quarantine".
  • Close the program now, we will be running a scan a bit later.
Start HijackThis, close all open windows leaving only HijackThis running. Place a check against each of the following if still present:

O2 - BHO: ToolBar888 - {CBCC61FA-0221-4ccc-B409-CEE865CACA3A} - C:\Program Files\ToolBar888\MyToolBar.dll
O3 - Toolbar: ToolBar888 - {CBCC61FA-0221-4ccc-B409-CEE865CACA3A} - C:\Program Files\ToolBar888\MyToolBar.dll
O4 - HKCU\..\Run: [7522d396.exe] C:\Documents and Settings\XPPro\Local Settings\Application Data\7522d396.exe
O16 - DPF: {42F2C9BA-614F-47C0-B3E3-ECFD34EED658} - http://promo.dollarrevenue.com/activex/pro...133352D2D2D.exe
O16 - DPF: {E055C02E-6258-40FF-80A7-3BDA52FACAD7} (Installer Class) - http://activex.matcash.com/speedtest2.dll
O20 - Winlogon Notify: winhqd32 - winhqd32.dll (file missing)


Click on Fix Checked when finished and exit HijackThis.
Make sure your Internet Explorer is closed when you click Fix Checked!

Now reboot into Safe Mode.
This can be done tapping the F8 key as soon as you start your computer
You will be brought to a menu where you can choose to boot into safe mode.
Make sure you choose the option without networking support.

Using Windows Explorer, please locate the following files/folders, and delete them if still present:

C:\Program Files\ToolBar888
C:\Documents and Settings\XPPro\Local Settings\Application Data\7522d396.exe

Launch Ewido by double clicking on the icon on your desktop.
  • Select the "Scanner" icon at the top and then the "Scan" tab.
  • Then click on the "Complete System Scan" button.
  • If you have any infections you will be asked for an action - select "apply all actions".
  • Now select the "Reports" icon at the top.
  • Click "Save Report As" and save the text file to your desktop.
  • Close Ewido and reboot back into normal mode.
Please post the results of the Ewido scan in this thread.

Run HijackThis.
On the first menu, click Open the Misc Tools Section
Click Open Uninstall Manager
Click Save List - Save it anywhere.
A notepad will pop-up after it's saved, please copy everything in that Notepad and paste it here.

So post back with the ewido log, a new Hijackthis log and the uninstall list.
David

#4 OtakuBlackWolf

OtakuBlackWolf
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:05:52 AM

Posted 24 September 2006 - 07:50 AM

there is no program in Add/Remove lists called toolbar888

#5 OtakuBlackWolf

OtakuBlackWolf
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:05:52 AM

Posted 24 September 2006 - 07:58 AM

i run Etrust Vet anti virus, Pest patrol and win defender... i have anti virus...


here is Vets log
2006/09/24 22:49:19.211 File infection: C:\Documents and Settings\XPPro\Local Settings\Temporary Internet Files\Content.IE5\G1EBW52N\MTE3NDI6ODoxNg[1].exe is Win32/SillyDl.YQ trojan. Deleted
2006/09/24 22:49:19.472 File infection: C:\MTE3NDI6ODoxNgnew.exe is Win32/SillyDl.YQ trojan. Deleted
2006/09/24 22:49:19.562 File infection: C:\MTE3NDI6ODoxNgnew.exe is Win32/SillyDl.YQ trojan.
2006/09/24 22:49:19.622 File infection: C:\MTE3NDI6ODoxNgnew.exe is Win32/SillyDl.YQ trojan.
2006/09/24 22:49:23.958 File infection: C:\Documents and Settings\XPPro\Local Settings\Temporary Internet Files\Content.IE5\G1EBW52N\MTE3NDI6ODoxNg[1].exe is Win32/SillyDl.YQ trojan. Deleted
2006/09/24 22:49:24.038 File infection: C:\MTE3NDI6ODoxNgnew.exe is Win32/SillyDl.YQ trojan. Deleted
2006/09/24 22:49:24.058 File infection: C:\MTE3NDI6ODoxNgnew.exe is Win32/SillyDl.YQ trojan.
2006/09/24 22:49:24.068 File infection: C:\MTE3NDI6ODoxNgnew.exe is Win32/SillyDl.YQ trojan.
2006/09/24 22:49:26.061 File infection: C:\Documents and Settings\XPPro\Local Settings\Temporary Internet Files\Content.IE5\YBUB6D67\ac3_0010[1].exe is Win32/SillyDl.ATQ trojan. Deleted
2006/09/24 22:49:26.081 File infection: C:\Documents and Settings\XPPro\Local Settings\Temporary Internet Files\Content.IE5\YBUB6D67\ac3_0010[1].exe is Win32/SillyDl.ATQ trojan.
2006/09/24 22:49:27.603 File infection: C:\Documents and Settings\XPPro\Local Settings\Temporary Internet Files\Content.IE5\09KXI7S9\ac3_0010[1].exe is Win32/SillyDl.ATQ trojan. Deleted
2006/09/24 22:49:27.623 File infection: C:\Documents and Settings\XPPro\Local Settings\Temporary Internet Files\Content.IE5\09KXI7S9\ac3_0010[1].exe is Win32/SillyDl.ATQ trojan.
2006/09/24 22:49:35.004 File infection: C:\Documents and Settings\XPPro\Local Settings\Temporary Internet Files\Content.IE5\G1EBW52N\Installer[1].exe is Win32/Canbede.M trojan. Deleted
2006/09/24 22:49:35.084 File infection: C:\warebundlenewer.exe is Win32/Canbede.M trojan. Deleted
2006/09/24 22:49:35.124 File infection: C:\warebundlenewer.exe is Win32/Canbede.M trojan.
2006/09/24 22:49:35.144 File infection: C:\warebundlenewer.exe is Win32/Canbede.M trojan.
2006/09/24 22:49:36.386 File infection: C:\Documents and Settings\XPPro\Local Settings\Temporary Internet Files\Content.IE5\CHMNGHYR\MTE3NDI6ODoxNg[1].exe is Win32/SillyDl.YQ trojan. Deleted
2006/09/24 22:49:36.466 File infection: C:\MTE3NDI6ODoxNgnew.exe is Win32/SillyDl.YQ trojan. Deleted
2006/09/24 22:49:36.486 File infection: C:\MTE3NDI6ODoxNgnew.exe is Win32/SillyDl.YQ trojan.
2006/09/24 22:49:36.486 File infection: C:\MTE3NDI6ODoxNgnew.exe is Win32/SillyDl.YQ trojan.
2006/09/24 22:49:38.088 File infection: C:\Documents and Settings\XPPro\Local Settings\Temporary Internet Files\Content.IE5\YBUB6D67\ac3_0010[1].exe is Win32/SillyDl.ATQ trojan. Deleted
2006/09/24 22:49:38.118 File infection: C:\Documents and Settings\XPPro\Local Settings\Temporary Internet Files\Content.IE5\YBUB6D67\ac3_0010[1].exe is Win32/SillyDl.ATQ trojan.
2006/09/24 22:49:54.322 File infection: C:\Documents and Settings\XPPro\Local Settings\Temporary Internet Files\Content.IE5\09KXI7S9\MTE3NDI6ODoxNg[1].exe is Win32/SillyDl.YQ trojan. Deleted
2006/09/24 22:49:54.462 File infection: C:\MTE3NDI6ODoxNg.exe is Win32/SillyDl.YQ trojan. Deleted
2006/09/24 22:49:54.502 File infection: C:\MTE3NDI6ODoxNg.exe is Win32/SillyDl.YQ trojan.
2006/09/24 22:49:54.592 File infection: C:\MTE3NDI6ODoxNg.exe is Win32/SillyDl.YQ trojan.
2006/09/24 22:50:00.200 File infection: C:\Documents and Settings\XPPro\Local Settings\Temporary Internet Files\Content.IE5\09KXI7S9\Installer[1].exe is Win32/Canbede.M trojan. Deleted
2006/09/24 22:50:00.280 File infection: C:\warebundlenewer.exe is Win32/Canbede.M trojan. Deleted
2006/09/24 22:50:00.350 File infection: C:\warebundlenewer.exe is Win32/Canbede.M trojan.
2006/09/24 22:50:00.370 File infection: C:\warebundlenewer.exe is Win32/Canbede.M trojan.
2006/09/24 22:50:06.229 File infection: C:\Documents and Settings\XPPro\Local Settings\Temporary Internet Files\Content.IE5\YBUB6D67\ac3_0010[1].exe is Win32/SillyDl.ATQ trojan. Deleted
2006/09/24 22:50:06.319 File infection: C:\Documents and Settings\XPPro\Local Settings\Temporary Internet Files\Content.IE5\YBUB6D67\ac3_0010[1].exe is Win32/SillyDl.ATQ trojan.
2006/09/24 22:50:07.401 File infection: C:\Documents and Settings\XPPro\Local Settings\Temporary Internet Files\Content.IE5\CHMNGHYR\MTE3NDI6ODoxNg[1].exe is Win32/SillyDl.YQ trojan. Deleted
2006/09/24 22:50:07.661 File infection: C:\MTE3NDI6ODoxNg.exe is Win32/SillyDl.YQ trojan. Deleted
2006/09/24 22:50:07.711 File infection: C:\MTE3NDI6ODoxNg.exe is Win32/SillyDl.YQ trojan.
2006/09/24 22:50:07.741 File infection: C:\MTE3NDI6ODoxNg.exe is Win32/SillyDl.YQ trojan.
2006/09/24 22:50:18.757 File infection: C:\Documents and Settings\XPPro\Local Settings\Temporary Internet Files\Content.IE5\YBUB6D67\MTE3NDI6ODoxNg[1].exe is Win32/SillyDl.YQ trojan. Deleted
2006/09/24 22:50:19.248 File infection: C:\MTE3NDI6ODoxNg.exe is Win32/SillyDl.YQ trojan. Deleted
2006/09/24 22:50:19.318 File infection: C:\MTE3NDI6ODoxNg.exe is Win32/SillyDl.YQ trojan.
2006/09/24 22:50:19.348 File infection: C:\MTE3NDI6ODoxNg.exe is Win32/SillyDl.YQ trojan.
2006/09/24 22:50:38.585 File infection: C:\Documents and Settings\XPPro\Local Settings\Temporary Internet Files\Content.IE5\YBUB6D67\Installer[1].exe is Win32/Canbede.M trojan. Deleted
2006/09/24 22:50:38.846 File infection: C:\Installer4.exe is Win32/Canbede.M trojan. Deleted
2006/09/24 22:50:38.906 File infection: C:\Installer4.exe is Win32/Canbede.M trojan.
2006/09/24 22:50:38.946 File infection: C:\Installer4.exe is Win32/Canbede.M trojan.
2006/09/24 22:50:41.229 File infection: C:\Documents and Settings\XPPro\Local Settings\Temporary Internet Files\Content.IE5\CHMNGHYR\MTE3NDI6ODoxNg[1].exe is Win32/SillyDl.YQ trojan. Deleted
2006/09/24 22:50:41.299 File infection: C:\MTE3NDI6ODoxNg.exe is Win32/SillyDl.YQ trojan. Deleted
2006/09/24 22:50:41.319 File infection: C:\MTE3NDI6ODoxNg.exe is Win32/SillyDl.YQ trojan.
2006/09/24 22:50:41.329 File infection: C:\MTE3NDI6ODoxNg.exe is Win32/SillyDl.YQ trojan.
2006/09/24 22:50:45.896 File infection: C:\Documents and Settings\XPPro\Local Settings\Temporary Internet Files\Content.IE5\G1EBW52N\MTE3NDI6ODoxNg[1].exe is Win32/SillyDl.YQ trojan. Deleted
2006/09/24 22:50:45.956 File infection: C:\MTE3NDI6ODoxNg.exe is Win32/SillyDl.YQ trojan. Deleted
2006/09/24 22:50:45.976 File infection: C:\MTE3NDI6ODoxNg.exe is Win32/SillyDl.YQ trojan.
2006/09/24 22:50:45.996 File infection: C:\MTE3NDI6ODoxNg.exe is Win32/SillyDl.YQ trojan.
2006/09/24 22:50:58.234 File infection: C:\Documents and Settings\XPPro\Local Settings\Temporary Internet Files\Content.IE5\G1EBW52N\Installer[1].exe is Win32/Canbede.M trojan. Deleted
2006/09/24 22:50:58.314 File infection: C:\Installer4.exe is Win32/Canbede.M trojan. Deleted
2006/09/24 22:50:58.334 File infection: C:\Installer4.exe is Win32/Canbede.M trojan.
2006/09/24 22:50:58.344 File infection: C:\Installer4.exe is Win32/Canbede.M trojan.

#6 -David-

-David-

  • Members
  • 10,603 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London
  • Local time:08:52 PM

Posted 24 September 2006 - 02:06 PM

It is OK that there is no add/remove entry for Toolbar888.
Please continue with the instructions and post the logs.

#7 OtakuBlackWolf

OtakuBlackWolf
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:05:52 AM

Posted 25 September 2006 - 12:07 PM

okay first log...

uninstall list
Ad-Aware SE Personal
Adobe Reader 7.0.8
Aliens vs. Predator 2
Call of Duty Game of the Year Edition
Cataclysm
Conquest: Frontier Wars
Diablo II
DirectVobSub (remove only)
DivX
DivX Converter
DivX Player
DivX Web Player
Earth 2150
eTrust Vet Antivirus
ewido anti-spyware 4.0
Freelancer
Game Service 4
Guild Wars
HighMAT Extension to Microsoft Windows XP CD Writing Wizard
HijackThis 1.99.1
Homeworld2
Hotfix for Windows XP (KB896344)
Intel® Graphics Media Accelerator Driver
J2SE Runtime Environment 5.0 Update 6
J2SE Runtime Environment 5.0 Update 8
Macromedia Extension Manager
Macromedia Flash 8
Macromedia Flash 8 Video Encoder
Macromedia Flash Player 8
Macromedia Flash Player 8
Macromedia Flash Player 8 Plugin
Marvell Miniport Driver
Microsoft Office Professional Edition 2003
Microsoft User-Mode Driver Framework Feature Pack 1.0.0 (Pre-Release 5348)
Microsoft Windows Journal Viewer
Mozilla Firefox (1.5.0.7)
Nero 6 Ultra Edition
NVIDIA Drivers
PowerDVD
Quake III Arena
RealPlayer
Realtek AC'97 Audio
Search Bar
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899588)
Security Update for Windows XP (KB899589)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB911280)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912812)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913433)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB916281)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
TeamSpeak 2 RC2
Total Annihilation
Update for Windows XP (KB894391)
Update for Windows XP (KB896727)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB900930)
Update for Windows XP (KB908531)
Update for Windows XP (KB910437)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
VIA Platform Device Manager
Winamp (remove only)
Windows Defender
Windows Defender Signatures
Windows Genuine Advantage v1.3.0254.0
Windows Installer 3.1 (KB893803)
Windows Installer 3.1 (KB893803)
Windows Live Messenger
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows XP Hotfix - KB834707
Windows XP Hotfix - KB867282
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB885884
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB887797
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890047
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB890923
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB893066
Windows XP Hotfix - KB893086
WinRAR archiver
WinZip
XviD MPEG-4 Video Codec
Zoom Player (remove only)





Hijack this log 2

Logfile of HijackThis v1.99.1
Scan saved at 3:03:08 AM, on 26/09/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\Windows\System32\smss.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\Windows\System32\svchost.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\spoolsv.exe
C:\Windows\SOUNDMAN.EXE
C:\Windows\system32\RUNDLL32.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\CA\eTrust Vet Antivirus\CAVTray.exe
C:\Program Files\CA\eTrust Vet Antivirus\CAVRID.exe
C:\PROGRA~1\PESTPA~1\PPControl.exe
C:\PROGRA~1\PESTPA~1\PPMemCheck.exe
C:\PROGRA~1\PESTPA~1\CookiePatrol.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe
C:\nwnmff_e14.exe
C:\Program Files\CA\eTrust Vet Antivirus\ISafe.exe
C:\dfndrff_e14.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Windows\system32\nvsvc32.exe
C:\kybrdff_e14.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\Windows\system32\svchost.exe
C:\PROGRA~1\PRINTV~1\pvmodule.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\Windows\system32\ctfmon.exe
C:\Program Files\VIA\RAID\raid_tool.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Windows\system32\wuauclt.exe
C:\Program Files\CA\eTrust Vet Antivirus\VetMsg.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.findthewebsiteyouneed.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=566...ER}&ar=home
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchbar.findthewebsiteyouneed.com
R3 - URLSearchHook: DeskbarBHO - {A8B28872-3324-4CD2-8AA3-7D555C872D96} - C:\Program Files\Deskbar\deskbar.dll (file missing)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O2 - BHO: DeskbarBHO - {A8B28872-3324-4CD2-8AA3-7D555C872D96} - C:\Program Files\Deskbar\deskbar.dll (file missing)
O2 - BHO: PrintViewBHO Class - {D4E0C464-30CE-4075-9A10-71FD106C2847} - C:\PROGRA~1\PRINTV~1\PRINTH~1.DLL
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [CaAvTray] "C:\Program Files\CA\eTrust Vet Antivirus\CAVTray.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\eTrust Vet Antivirus\CAVRID.exe"
O4 - HKLM\..\Run: [PestPatrol Control Center] c:\PROGRA~1\PESTPA~1\PPControl.exe
O4 - HKLM\..\Run: [PPMemCheck] c:\PROGRA~1\PESTPA~1\PPMemCheck.exe
O4 - HKLM\..\Run: [CookiePatrol] c:\PROGRA~1\PESTPA~1\CookiePatrol.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [newname] C:\\nwnmff_e14.exe
O4 - HKLM\..\Run: [defender] C:\\dfndrff_e14.exe
O4 - HKLM\..\Run: [keyboard] C:\\kybrdff_e14.exe
O4 - HKLM\..\Run: [PVModule] C:\PROGRA~1\PRINTV~1\pvmodule.exe
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\Windows\system32\ctfmon.exe
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\Xfire.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: VIA RAID TOOL.lnk = C:\Program Files\VIA\RAID\raid_tool.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {200B3EE9-7242-4EFD-B1E4-D97EE825BA53} (VerifyGMN Class) - http://h20270.www2.hp.com/ediags/gmn/insta...staller_gmn.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://hino-mushi.spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1123927098912
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/virusinfo/webscan.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: igfxcui - C:\Windows\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: WgaLogon - C:\Windows\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Vet Antivirus\ISafe.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\Windows\system32\nvsvc32.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\Cyberlink\Shared files\RichVideo.exe (file missing)
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Vet Antivirus\VetMsg.exe


---------------------------------------------------------
ewido anti-spyware - Scan Report
---------------------------------------------------------

+ Created at: 2:55:15 AM 26/09/2006

+ Scan result:



HKU\S-1-5-21-1570476128-916404389-1670438778-1009\Software\Internet Security -> Adware.IntCodec : Cleaned with backup (quarantined).
C:\Documents and Settings\XPPro\Local Settings\Temp\nsw14.tmp\remover.dll -> Adware.PurityScan : Cleaned with backup (quarantined).
C:\Program Files\PestPatrol\Quarantine\20060921235358.zip/Documents and Settings/XPPro/mt-uninstaller.exe -> Adware.PurityScan : Error during cleaning.
C:\Program Files\PestPatrol\Quarantine\20060921214937.zip/Program Files/toolbar888/MyToolBar.dll -> Adware.Softomate : Error during cleaning.
C:\Program Files\PestPatrol\Quarantine\20060921235358.zip/Program Files/toolbar888/MyToolBar.dll -> Adware.Softomate : Error during cleaning.
C:\Documents and Settings\XPPro\Local Settings\Temporary Internet Files\Content.IE5\G1EBW52N\ucmoreiex[1].exe/IUCMORE.DLL -> Adware.Ucmore : Error during cleaning.
C:\Documents and Settings\XPPro\Local Settings\Temporary Internet Files\Content.IE5\G1EBW52N\ucmoreiex[1].exe/UCMTSAIE.DLL -> Adware.Ucmore : Error during cleaning.
C:\Documents and Settings\XPPro\Local Settings\Temporary Internet Files\Content.IE5\G1EBW52N\ucmoreiex[1].exe/empty_00000001 -> Adware.Ucmore : Error during cleaning.
C:\RECYCLER\S-1-5-21-1570476128-916404389-1670438778-1009\Dc1.exe/IUCMORE.DLL -> Adware.Ucmore : Error during cleaning.
C:\RECYCLER\S-1-5-21-1570476128-916404389-1670438778-1009\Dc1.exe/UCMTSAIE.DLL -> Adware.Ucmore : Error during cleaning.
C:\RECYCLER\S-1-5-21-1570476128-916404389-1670438778-1009\Dc1.exe/empty_00000001 -> Adware.Ucmore : Error during cleaning.
C:\Documents and Settings\XPPro\Local Settings\Temporary Internet Files\Content.IE5\09KXI7S9\313133352D2D2D[1].exe -> Downloader.Adload.aj : Cleaned with backup (quarantined).
C:\Documents and Settings\XPPro\Local Settings\Temporary Internet Files\Content.IE5\CHMNGHYR\313133352D2D2D[1].exe -> Downloader.Adload.aj : Cleaned with backup (quarantined).
C:\Documents and Settings\XPPro\Local Settings\Temporary Internet Files\Content.IE5\09KXI7S9\drsmartload45a[1].exe -> Downloader.Adload.fq : Cleaned with backup (quarantined).
C:\Documents and Settings\XPPro\Local Settings\Temporary Internet Files\Content.IE5\G1EBW52N\drsmartload1135a[1].exe -> Downloader.Adload.fq : Cleaned with backup (quarantined).
C:\drsmartload45a45a45g.exe -> Downloader.Adload.fq : Cleaned with backup (quarantined).
C:\Documents and Settings\XPPro\Local Settings\Temporary Internet Files\Content.IE5\09KXI7S9\drsmartload_js[1].htm -> Downloader.IstBar.j : Cleaned with backup (quarantined).
C:\Documents and Settings\XPPro\Local Settings\Temporary Internet Files\Content.IE5\CHMNGHYR\drsmartload_js[1].htm -> Downloader.IstBar.j : Cleaned with backup (quarantined).
C:\Documents and Settings\XPPro\Local Settings\Temp\installer.exe -> Dropper.PurityScan.q : Cleaned with backup (quarantined).
C:\Documents and Settings\XPPro\Local Settings\Temporary Internet Files\Content.IE5\09KXI7S9\speedtest2[1].dll -> Not-A-Virus.Downloader.Win32.InsTool.a : Cleaned with backup (quarantined).
C:\Documents and Settings\XPPro\Local Settings\Temporary Internet Files\Content.IE5\CHMNGHYR\speedtest2[1].dll -> Not-A-Virus.Downloader.Win32.InsTool.a : Cleaned with backup (quarantined).
C:\Program Files\HijackThis\backups\backup-20060926-001734-196.dll -> Not-A-Virus.Downloader.Win32.InsTool.a : Cleaned with backup (quarantined).
:mozilla.326:C:\Documents and Settings\XPPro\Application Data\Mozilla\Firefox\Profiles\68iu69sp.default\cookies.txt -> TrackingCookie.247realmedia : Cleaned with backup (quarantined).
:mozilla.156:C:\Documents and Settings\XPPro\Application Data\Mozilla\Firefox\Profiles\68iu69sp.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.277:C:\Documents and Settings\XPPro\Application Data\Mozilla\Firefox\Profiles\68iu69sp.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.35:C:\Documents and Settings\XPPro\Application Data\Mozilla\Firefox\Profiles\68iu69sp.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.36:C:\Documents and Settings\XPPro\Application Data\Mozilla\Firefox\Profiles\68iu69sp.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.39:C:\Documents and Settings\XPPro\Application Data\Mozilla\Firefox\Profiles\68iu69sp.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.40:C:\Documents and Settings\XPPro\Application Data\Mozilla\Firefox\Profiles\68iu69sp.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.41:C:\Documents and Settings\XPPro\Application Data\Mozilla\Firefox\Profiles\68iu69sp.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.549:C:\Documents and Settings\XPPro\Application Data\Mozilla\Firefox\Profiles\68iu69sp.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.625:C:\Documents and Settings\XPPro\Application Data\Mozilla\Firefox\Profiles\68iu69sp.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
C:\Documents and Settings\XPPro\Cookies\xppro@112.2o7[2].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
C:\Documents and Settings\XPPro\Cookies\xppro@microsofteup.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
C:\Documents and Settings\XPPro\Cookies\xppro@microsoftwlmessengermkt.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
C:\Documents and Settings\XPPro\Cookies\xppro@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
C:\Documents and Settings\XPPro\Cookies\xppro@partygaming.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.93:C:\Documents and Settings\XPPro\Application Data\Mozilla\Firefox\Profiles\68iu69sp.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned with backup (quarantined).
:mozilla.94:C:\Documents and Settings\XPPro\Application Data\Mozilla\Firefox\Profiles\68iu69sp.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned with backup (quarantined).
:mozilla.95:C:\Documents and Settings\XPPro\Application Data\Mozilla\Firefox\Profiles\68iu69sp.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned with backup (quarantined).
:mozilla.70:C:\Documents and Settings\XPPro\Application Data\Mozilla\Firefox\Profiles\68iu69sp.default\cookies.txt -> TrackingCookie.Adtech : Cleaned with backup (quarantined).
:mozilla.71:C:\Documents and Settings\XPPro\Application Data\Mozilla\Firefox\Profiles\68iu69sp.default\cookies.txt -> TrackingCookie.Adtech : Cleaned with backup (quarantined).
:mozilla.64:C:\Documents and Settings\XPPro\Application Data\Mozilla\Firefox\Profiles\68iu69sp.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.65:C:\Documents and Settings\XPPro\Application Data\Mozilla\Firefox\Profiles\68iu69sp.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.66:C:\Documents and Settings\XPPro\Application Data\Mozilla\Firefox\Profiles\68iu69sp.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.67:C:\Documents and Settings\XPPro\Application Data\Mozilla\Firefox\Profiles\68iu69sp.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.68:C:\Documents and Settings\XPPro\Application Data\Mozilla\Firefox\Profiles\68iu69sp.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.58:C:\Documents and Settings\XPPro\Application Data\Mozilla\Firefox\Profiles\68iu69sp.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned with backup (quarantined).
:mozilla.154:C:\Documents and Settings\XPPro\Application Data\Mozilla\Firefox\Profiles\68iu69sp.default\cookies.txt -> TrackingCookie.Bluestreak : Cleaned with backup (quarantined).
:mozilla.371:C:\Documents and Settings\XPPro\Application Data\Mozilla\Firefox\Profiles\68iu69sp.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned with backup (quarantined).
:mozilla.372:C:\Documents and Settings\XPPro\Application Data\Mozilla\Firefox\Profiles\68iu69sp.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned with backup (quarantined).
:mozilla.293:C:\Documents and Settings\XPPro\Application Data\Mozilla\Firefox\Profiles\68iu69sp.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup (quarantined).
:mozilla.296:C:\Documents and Settings\XPPro\Application Data\Mozilla\Firefox\Profiles\68iu69sp.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup (quarantined).
:mozilla.297:C:\Documents and Settings\XPPro\Application Data\Mozilla\Firefox\Profiles\68iu69sp.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup (quarantined).
:mozilla.299:C:\Documents and Settings\XPPro\Application Data\Mozilla\Firefox\Profiles\68iu69sp.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup (quarantined).
:mozilla.313:C:\Documents and Settings\XPPro\Application Data\Mozilla\Firefox\Profiles\68iu69sp.default\cookies.txt -> TrackingCookie.Clickhype : Cleaned with backup (quarantined).
:mozilla.467:C:\Documents and Settings\XPPro\Application Data\Mozilla\Firefox\Profiles\68iu69sp.default\cookies.txt -> TrackingCookie.Clickzs : Cleaned with backup (quarantined).
:mozilla.468:C:\Documents and Settings\XPPro\Application Data\Mozilla\Firefox\Profiles\68iu69sp.default\cookies.txt -> TrackingCookie.Clickzs : Cleaned with backup (quarantined).
:mozilla.508:C:\Documents and Settings\XPPro\Application Data\Mozilla\Firefox\Profiles\68iu69sp.default\cookies.txt -> TrackingCookie.Clickzs : Cleaned with backup (quarantined).
:mozilla.509:C:\Documents and Settings\XPPro\Application Data\Mozilla\Firefox\Profiles\68iu69sp.default\cookies.txt -> TrackingCookie.Clickzs : Cleaned with backup (quarantined).
:mozilla.538:C:\Documents and Settings\XPPro\Application Data\Mozilla\Firefox\Profiles\68iu69sp.default\cookies.txt -> TrackingCookie.Com : Cleaned with backup (quarantined).
:mozilla.49:C:\Documents and Settings\XPPro\Application Data\Mozilla\Firefox\Profiles\68iu69sp.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned with backup (quarantined).
:mozilla.457:C:\Documents and Settings\XPPro\Application Data\Mozilla\Firefox\Profiles\68iu69sp.default\cookies.txt -> TrackingCookie.Estat : Cleaned with backup (quarantined).
:mozilla.694:C:\Documents and Settings\XPPro\Application Data\Mozilla\Firefox\Profiles\68iu69sp.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned with backup (quarantined).
C:\Documents and Settings\XPPro\Cookies\xppro@adopt.euroclick[1].txt -> TrackingCookie.Euroclick : Cleaned with backup (quarantined).
:mozilla.274:C:\Documents and Settings\XPPro\Application Data\Mozilla\Firefox\Profiles\68iu69sp.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup (quarantined).
:mozilla.275:C:\Documents and Settings\XPPro\Application Data\Mozilla\Firefox\Profiles\68iu69sp.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup (quarantined).
:mozilla.276:C:\Documents and Settings\XPPro\Application Data\Mozilla\Firefox\Profiles\68iu69sp.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup (quarantined).
:mozilla.316:C:\Documents and Settings\XPPro\Application Data\Mozilla\Firefox\Profiles\68iu69sp.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup (quarantined).
:mozilla.317:C:\Documents and Settings\XPPro\Application Data\Mozilla\Firefox\Profiles\68iu69sp.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup (quarantined).
:mozilla.318:C:\Documents and Settings\XPPro\Application Data\Mozilla\Firefox\Profiles\68iu69sp.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup (quarantined).
:mozilla.319:C:\Documents and Settings\XPPro\Application Data\Mozilla\Firefox\Profiles\68iu69sp.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup (quarantined).
:mozilla.320:C:\Documents and Settings\XPPro\Application Data\Mozilla\Firefox\Profiles\68iu69sp.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup (quarantined).
:mozilla.194:C:\Documents and Settings\XPPro\Application Data\Mozilla\Firefox\Profiles\68iu69sp.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup (quarantined).
:mozilla.195:C:\Documents and Settings\XPPro\Application Data\Mozilla\Firefox\Profiles\68iu69sp.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup (quarantined).
C:\Documents and Settings\XPPro\Cookies\xppro@media.fastclick[2].txt -> TrackingCookie.Fastclick : Cleaned with backup (quarantined).
:mozilla.261:C:\Documents and Settings\XPPro\Application Data\Mozilla\Firefox\Profiles\68iu69sp.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned with backup (quarantined).
:mozilla.268:C:\Documents and Settings\XPPro\Application Data\Mozilla\Firefox\Profiles\68iu69sp.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned with backup (quarantined).
:mozilla.456:C:\Documents and Settings\XPPro\Application Data\Mozilla\Firefox\Profiles\68iu69sp.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
:mozilla.602:C:\Documents and Settings\XPPro\Application Data\Mozilla\Firefox\Profiles\68iu69sp.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
:mozilla.604:C:\Documents and Settings\XPPro\Application Data\Mozilla\Firefox\Profiles\68iu69sp.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
:mozilla.668:C:\Documents and Settings\XPPro\Application Data\Mozilla\Firefox\Profiles\68iu69sp.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
C:\Documents and Settings\XPPro\Cookies\xppro@ehg-411web.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
C:\Documents and Settings\XPPro\Cookies\xppro@ehg-groupernetworks.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
:mozilla.279:C:\Documents and Settings\XPPro\Application Data\Mozilla\Firefox\Profiles\68iu69sp.default\cookies.txt -> TrackingCookie.Hitslink : Cleaned with backup (quarantined).
:mozilla.280:C:\Documents and Settings\XPPro\Application Data\Mozilla\Firefox\Profiles\68iu69sp.default\cookies.txt -> TrackingCookie.Hitslink : Cleaned with backup (quarantined).
:mozilla.281:C:\Documents and Settings\XPPro\Application Data\Mozilla\Firefox\Profiles\68iu69sp.default\cookies.txt -> TrackingCookie.Hitslink : Cleaned with backup (quarantined).
:mozilla.282:C:\Documents and Settings\XPPro\Application Data\Mozilla\Firefox\Profiles\68iu69sp.default\cookies.txt -> TrackingCookie.Hitslink : Cleaned with backup (quarantined).
:mozilla.506:C:\Documents and Settings\XPPro\Application Data\Mozilla\Firefox\Profiles\68iu69sp.default\cookies.txt -> TrackingCookie.Hotlog : Cleaned with backup (quarantined).
:mozilla.563:C:\Documents and Settings\XPPro\Application Data\Mozilla\Firefox\Profiles\68iu69sp.default\cookies.txt -> TrackingCookie.Ivwbox : Cleaned with backup (quarantined).
:mozilla.525:C:\Documents and Settings\XPPro\Application Data\Mozilla\Firefox\Profiles\68iu69sp.default\cookies.txt -> TrackingCookie.Kmpads : Cleaned with backup (quarantined).
:mozilla.526:C:\Documents and Settings\XPPro\Application Data\Mozilla\Firefox\Profiles\68iu69sp.default\cookies.txt -> TrackingCookie.Kmpads : Cleaned with backup (quarantined).
:mozilla.169:C:\Documents and Settings\XPPro\Application Data\Mozilla\Firefox\Profiles\68iu69sp.default\cookies.txt -> TrackingCookie.Masterstats : Cleaned with backup (quarantined).
:mozilla.175:C:\Documents and Settings\XPPro\Application Data\Mozilla\Firefox\Profiles\68iu69sp.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned with backup (quarantined).
:mozilla.264:C:\Documents and Settings\XPPro\Application Data\Mozilla\Firefox\Profiles\68iu69sp.default\cookies.txt -> TrackingCookie.Overture : Cleaned with backup (quarantined).
:mozilla.265:C:\Documents and Settings\XPPro\Application Data\Mozilla\Firefox\Profiles\68iu69sp.default\cookies.txt -> TrackingCookie.Overture : Cleaned with backup (quarantined).
:mozilla.266:C:\Documents and Settings\XPPro\Application Data\Mozilla\Firefox\Profiles\68iu69sp.default\cookies.txt -> TrackingCookie.Overture : Cleaned with backup (quarantined).
C:\Documents and Settings\XPPro\Cookies\xppro@overture[2].txt -> TrackingCookie.Overture : Cleaned with backup (quarantined).
:mozilla.452:C:\Documents and Settings\XPPro\Application Data\Mozilla\Firefox\Profiles\68iu69sp.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup (quarantined).
:mozilla.453:C:\Documents and Settings\XPPro\Application Data\Mozilla\Firefox\Profiles\68iu69sp.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup (quarantined).
:mozilla.454:C:\Documents and Settings\XPPro\Application Data\Mozilla\Firefox\Profiles\68iu69sp.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup (quarantined).
:mozilla.455:C:\Documents and Settings\XPPro\Application Data\Mozilla\Firefox\Profiles\68iu69sp.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup (quarantined).
:mozilla.114:C:\Documents and Settings\XPPro\Application Data\Mozilla\Firefox\Profiles\68iu69sp.default\cookies.txt -> TrackingCookie.Qksrv : Cleaned with backup (quarantined).
:mozilla.115:C:\Documents and Settings\XPPro\Application Data\Mozilla\Firefox\Profiles\68iu69sp.default\cookies.txt -> TrackingCookie.Qksrv : Cleaned with backup (quarantined).
:mozilla.157:C:\Documents and Settings\XPPro\Application Data\Mozilla\Firefox\Profiles\68iu69sp.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup (quarantined).
:mozilla.158:C:\Documents and Settings\XPPro\Application Data\Mozilla\Firefox\Profiles\68iu69sp.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup (quarantined).
:mozilla.646:C:\Documents and Settings\XPPro\Application Data\Mozilla\Firefox\Profiles\68iu69sp.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup (quarantined).
:mozilla.647:C:\Documents and Settings\XPPro\Application Data\Mozilla\Firefox\Profiles\68iu69sp.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup (quarantined).
:mozilla.648:C:\Documents and Settings\XPPro\Application Data\Mozilla\Firefox\Profiles\68iu69sp.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup (quarantined).
:mozilla.649:C:\Documents and Settings\XPPro\Application Data\Mozilla\Firefox\Profiles\68iu69sp.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup (quarantined).
:mozilla.650:C:\Documents and Settings\XPPro\Application Data\Mozilla\Firefox\Profiles\68iu69sp.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup (quarantined).
:mozilla.651:C:\Documents and Settings\XPPro\Application Data\Mozilla\Firefox\Profiles\68iu69sp.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup (quarantined).
:mozilla.652:C:\Documents and Settings\XPPro\Application Data\Mozilla\Firefox\Profiles\68iu69sp.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup (quarantined).
C:\Documents and Settings\XPPro\Cookies\xppro@stats1.reliablestats[1].txt -> TrackingCookie.Reliablestats : Cleaned with backup (quarantined).
:mozilla.338:C:\Documents and Settings\XPPro\Application Data\Mozilla\Firefox\Profiles\68iu69sp.default\cookies.txt -> TrackingCookie.Revenue : Cleaned with backup (quarantined).
:mozilla.339:C:\Documents and Settings\XPPro\Application Data\Mozilla\Firefox\Profiles\68iu69sp.default\cookies.txt -> TrackingCookie.Revenue : Cleaned with backup (quarantined).
:mozilla.423:C:\Documents and Settings\XPPro\Application Data\Mozilla\Firefox\Profiles\68iu69sp.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup (quarantined).
:mozilla.424:C:\Documents and Settings\XPPro\Application Data\Mozilla\Firefox\Profiles\68iu69sp.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup (quarantined).
:mozilla.425:C:\Documents and Settings\XPPro\Application Data\Mozilla\Firefox\Profiles\68iu69sp.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup (quarantined).
:mozilla.426:C:\Documents and Settings\XPPro\Application Data\Mozilla\Firefox\Profiles\68iu69sp.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup (quarantined).
:mozilla.582:C:\Documents and Settings\XPPro\Application Data\Mozilla\Firefox\Profiles\68iu69sp.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup (quarantined).
:mozilla.583:C:\Documents and Settings\XPPro\Application Data\Mozilla\Firefox\Profiles\68iu69sp.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup (quarantined).
:mozilla.584:C:\Documents and Settings\XPPro\Application Data\Mozilla\Firefox\Profiles\68iu69sp.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup (quarantined).
:mozilla.585:C:\Documents and Settings\XPPro\Application Data\Mozilla\Firefox\Profiles\68iu69sp.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup (quarantined).
C:\Documents and Settings\XPPro\Cookies\xppro@cs.sexcounter[2].txt -> TrackingCookie.Sexcounter : Cleaned with backup (quarantined).
:mozilla.465:C:\Documents and Settings\XPPro\Application Data\Mozilla\Firefox\Profiles\68iu69sp.default\cookies.txt -> TrackingCookie.Sexlist : Cleaned with backup (quarantined).
:mozilla.466:C:\Documents and Settings\XPPro\Application Data\Mozilla\Firefox\Profiles\68iu69sp.default\cookies.txt -> TrackingCookie.Sexlist : Cleaned with backup (quarantined).
:mozilla.507:C:\Documents and Settings\XPPro\Application Data\Mozilla\Firefox\Profiles\68iu69sp.default\cookies.txt -> TrackingCookie.Spylog : Cleaned with backup (quarantined).
:mozilla.241:C:\Documents and Settings\XPPro\Application Data\Mozilla\Firefox\Profiles\68iu69sp.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
:mozilla.243:C:\Documents and Settings\XPPro\Application Data\Mozilla\Firefox\Profiles\68iu69sp.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
:mozilla.244:C:\Documents and Settings\XPPro\Application Data\Mozilla\Firefox\Profiles\68iu69sp.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
:mozilla.245:C:\Documents and Settings\XPPro\Application Data\Mozilla\Firefox\Profiles\68iu69sp.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
:mozilla.246:C:\Documents and Settings\XPPro\Application Data\Mozilla\Firefox\Profiles\68iu69sp.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
:mozilla.247:C:\Documents and Settings\XPPro\Application Data\Mozilla\Firefox\Profiles\68iu69sp.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
:mozilla.248:C:\Documents and Settings\XPPro\Application Data\Mozilla\Firefox\Profiles\68iu69sp.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
:mozilla.249:C:\Documents and Settings\XPPro\Application Data\Mozilla\Firefox\Profiles\68iu69sp.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
:mozilla.250:C:\Documents and Settings\XPPro\Application Data\Mozilla\Firefox\Profiles\68iu69sp.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
:mozilla.347:C:\Documents and Settings\XPPro\Application Data\Mozilla\Firefox\Profiles\68iu69sp.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup (quarantined).
:mozilla.348:C:\Documents and Settings\XPPro\Application Data\Mozilla\Firefox\Profiles\68iu69sp.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup (quarantined).
C:\Documents and Settings\XPPro\Cookies\xppro@anad.tacoda[1].txt -> TrackingCookie.Tacoda : Cleaned with backup (quarantined).
:mozilla.184:C:\Documents and Settings\XPPro\Application Data\Mozilla\Firefox\Profiles\68iu69sp.default\cookies.txt -> TrackingCookie.Targetnet : Cleaned with backup (quarantined).
:mozilla.620:C:\Documents and Settings\XPPro\Application Data\Mozilla\Firefox\Profiles\68iu69sp.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned with backup (quarantined).
:mozilla.321:C:\Documents and Settings\XPPro\Application Data\Mozilla\Firefox\Profiles\68iu69sp.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup (quarantined).
:mozilla.188:C:\Documents and Settings\XPPro\Application Data\Mozilla\Firefox\Profiles\68iu69sp.default\cookies.txt -> TrackingCookie.Valuead : Cleaned with backup (quarantined).
:mozilla.189:C:\Documents and Settings\XPPro\Application Data\Mozilla\Firefox\Profiles\68iu69sp.default\cookies.txt -> TrackingCookie.Valuead : Cleaned with backup (quarantined).
:mozilla.190:C:\Documents and Settings\XPPro\Application Data\Mozilla\Firefox\Profiles\68iu69sp.default\cookies.txt -> TrackingCookie.Valuead : Cleaned with backup (quarantined).
:mozilla.191:C:\Documents and Settings\XPPro\Application Data\Mozilla\Firefox\Profiles\68iu69sp.default\cookies.txt -> TrackingCookie.Valuead : Cleaned with backup (quarantined).
:mozilla.192:C:\Documents and Settings\XPPro\Application Data\Mozilla\Firefox\Profiles\68iu69sp.default\cookies.txt -> TrackingCookie.Valuead : Cleaned with backup (quarantined).
:mozilla.193:C:\Documents and Settings\XPPro\Application Data\Mozilla\Firefox\Profiles\68iu69sp.default\cookies.txt -> TrackingCookie.Valuead : Cleaned with backup (quarantined).
:mozilla.33:C:\Documents and Settings\XPPro\Application Data\Mozilla\Firefox\Profiles\68iu69sp.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned with backup (quarantined).
:mozilla.527:C:\Documents and Settings\XPPro\Application Data\Mozilla\Firefox\Profiles\68iu69sp.default\cookies.txt -> TrackingCookie.Yadro : Cleaned with backup (quarantined).
C:\Documents and Settings\XPPro\Cookies\xppro@yadro[2].txt -> TrackingCookie.Yadro : Cleaned with backup (quarantined).
:mozilla.150:C:\Documents and Settings\XPPro\Application Data\Mozilla\Firefox\Profiles\68iu69sp.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
:mozilla.151:C:\Documents and Settings\XPPro\Application Data\Mozilla\Firefox\Profiles\68iu69sp.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
:mozilla.185:C:\Documents and Settings\XPPro\Application Data\Mozilla\Firefox\Profiles\68iu69sp.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup (quarantined).
:mozilla.186:C:\Documents and Settings\XPPro\Application Data\Mozilla\Firefox\Profiles\68iu69sp.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup (quarantined).
:mozilla.187:C:\Documents and Settings\XPPro\Application Data\Mozilla\Firefox\Profiles\68iu69sp.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup (quarantined).
C:\Documents and Settings\XPPro\Local Settings\Temporary Internet Files\Content.IE5\G1EBW52N\sprT[1].exe -> Worm.Licat.c : Cleaned with backup (quarantined).
C:\Documents and Settings\XPPro\sprT.exe -> Worm.Licat.c : Cleaned with backup (quarantined).
C:\Program Files\MSN Messenger\msnmsgr.exe -> Worm.Licat.c : Cleaned with backup (quarantined).
C:\WINDOWS\system32\sprT.exe -> Worm.Licat.c : Cleaned with backup (quarantined).


::Report end

#8 -David-

-David-

  • Members
  • 10,603 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London
  • Local time:08:52 PM

Posted 25 September 2006 - 01:22 PM

Hey there,

It is a good idea to print off these instructions:
This will be useful as there is a possibility some of the instructions will need to be carried out where internet access is not available.
You may also like to save these instructions in word/notepad to the desktop where they can be easily found for the same reasons as above.
A print out of the instructions would be a good reference to make sure you don't yet lost.
Also, it is important that you complete the instructions in the right order, and also that you don't miss any steps out!
If you have any queries about the process or just general questions, just ask.

Click on start, then control panel, and then double-click on add/remove programs. From within add/remove program uninstall the following if they exist by double-clicking on the following entries:

Search Bar

Start HijackThis, close all open windows leaving only HijackThis running. Place a check against each of the following if still present:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.findthewebsiteyouneed.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchbar.findthewebsiteyouneed.com
R3 - URLSearchHook: DeskbarBHO - {A8B28872-3324-4CD2-8AA3-7D555C872D96} - C:\Program Files\Deskbar\deskbar.dll (file missing)
O4 - HKLM\..\Run: [newname] C:\\nwnmff_e14.exe
O4 - HKLM\..\Run: [defender] C:\\dfndrff_e14.exe
O4 - HKLM\..\Run: [keyboard] C:\\kybrdff_e14.exe
O4 - HKLM\..\Run: [PVModule] C:\PROGRA~1\PRINTV~1\pvmodule.exe


Click on Fix Checked when finished and exit HijackThis.
Make sure your Internet Explorer is closed when you click Fix Checked!

Download Brute Force Uninstaller.
Unzip it to a folder of itís own (c:\BFU).
Read here how to unzip/extract properly:
http://metallica.geekstogo.com/xpcompressedexplanation.html
Start the Brute Force Uninstaller by doubleclicking BFU.exe

Next to the 'scriptfile to execute'-window you'll see a little icon as shown in next picture: Posted Image
When you click that icon, a little window will open that says: 'Please enter the full URL to the sript you want to execute'
In the field, copy and paste next URL:

http://metallica.geekstogo.com/alcanshorty.bfu

Click Ok.
Then click execute in Brute Force Uninstaller.

Extra note:
If nothing happens after pressing the Execute button, this means that the script didn't download. In that case, download the script ( alcanshorty.bfu ) manually from above url ( rightclick on it and choose 'save as' and save it in your BFU-folder). Then start BFU.exe again and click the browse button next to the 'scriptfile to execute'-window
Browse to the script you downloaded and Click Ok and Execute in Brute Force Uninstaller.


Wait for the complete script execution box to popup and press OK.
Press exit to terminate the BFU program.

Please delete this folder now:
C:\Program Files\PrintView

Please reboot now.

Please download Combofix to your desktop.
Doubleclick combo.exe to launch the application.
Follow the prompts that will be displayed on the screen.
Don't click on the window while the fix is running, because that will cause your system to hang.
When finished, it should produce a log, combofix.txt.
Post this log in your next reply together with a new hijackthislog.

David

#9 OtakuBlackWolf

OtakuBlackWolf
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:05:52 AM

Posted 25 September 2006 - 08:25 PM

XPPro - 06-09-26 11:20:44.36 Service Pack 2
ComboFix 06.09.25 - Running from: "C:\Program Files\Mozilla Firefox"

(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\Windows\teller2.chk
C:\Program Files\Deskbar
C:\Program Files\Common Files\{B4FB85D9-0BC6-3081-0826-05011806003d}
C:\Program Files\Common Files\{B4FB85D9-0BC7-3081-0826-05011806003d}


((((((((((((((((((((((((((((((( Files Created from 2006-08-26 to 2006-09-26 ))))))))))))))))))))))))))))))))))


2006-09-25 23:48 20,480 --a------ C:\WINDOWS\system32\sprJ.exe
2006-09-24 22:49 20,480 --a------ C:\WINDOWS\system32\sprC.exe
2006-09-21 21:55 138,862 --a------ C:\WINDOWS\system32\alfa.exe
2006-08-31 13:45 53,760 --a------ C:\WINDOWS\system32\vfwwdm32.dll


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2006-09-26 11:21 -------- d-------- C:\Program Files\Common Files
2006-09-26 11:20 -------- d-------- C:\Program Files\Mozilla Firefox
2006-09-26 11:18 -------- d-------- C:\Program Files\PestPatrol
2006-09-26 11:08 -------- d-------- C:\Program Files\HijackThis
2006-09-26 09:56 -------- d-------- C:\Program Files\ewido anti-spyware 4.0
2006-09-21 22:48 -------- d-------- C:\Program Files\Roguescanfix
2006-09-21 21:44 -------- d-------- C:\Program Files\MSN Messenger
2006-09-21 01:12 -------- d-------- C:\Program Files\strCodec
2006-09-19 01:23 -------- d-------- C:\Program Files\Warcraft 3
2006-08-21 22:21 16896 --a------ C:\WINDOWS\system32\fltlib.dll
2006-08-21 19:14 23040 --a------ C:\WINDOWS\system32\fltmc.exe
2006-08-21 19:14 128896 --a------ C:\WINDOWS\system32\drivers\fltmgr.sys
2006-08-21 01:11 -------- d-------- C:\Program Files\Java
2006-08-19 20:51 -------- d-------- C:\Program Files\Quake III Arena
2006-08-16 22:57 -------- d-------- C:\Program Files\TopWare
2006-08-10 00:29 -------- d--h----- C:\Program Files\InstallShield Installation Information
2006-08-09 21:17 -------- d-------- C:\Program Files\Internet Explorer
2006-08-08 01:22 -------- d-------- C:\Program Files\Cyberlink
2006-08-02 23:55 -------- d-------- C:\Program Files\Guild Wars
2006-08-01 04:41 26787 --a------ C:\WINDOWS\system32\drivers\vetmonnt.sys
2006-07-29 19:32 48936 --a------ C:\WINDOWS\system32\sirenacm.dll
2006-07-27 23:24 679424 --a------ C:\WINDOWS\system32\inetcomm.dll
2006-07-27 14:25 21840 --a----t- C:\WINDOWS\system32\SIntfNT.dll
2006-07-27 14:25 17212 --a----t- C:\WINDOWS\system32\SIntf32.dll
2006-07-27 14:25 12067 --a----t- C:\WINDOWS\system32\SIntf16.dll
2006-07-21 18:24 72704 --a------ C:\WINDOWS\system32\hlink.dll


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\\Windows\\system32\\ctfmon.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"IgfxTray"="C:\\WINDOWS\\system32\\igfxtray.exe"
"HotKeysCmds"="C:\\WINDOWS\\system32\\hkcmd.exe"
"Persistence"="C:\\WINDOWS\\system32\\igfxpers.exe"
"SoundMan"="SOUNDMAN.EXE"
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"nwiz"="nwiz.exe /install"
"NvMediaCenter"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvMcTray.dll,NvTaskbarInit"
"Windows Defender"="\"C:\\Program Files\\Windows Defender\\MSASCui.exe\" -hide"
"CaAvTray"="\"C:\\Program Files\\CA\\eTrust Vet Antivirus\\CAVTray.exe\""
"CAVRID"="\"C:\\Program Files\\CA\\eTrust Vet Antivirus\\CAVRID.exe\""
"PestPatrol Control Center"="c:\\PROGRA~1\\PESTPA~1\\PPControl.exe"
"PPMemCheck"="c:\\PROGRA~1\\PESTPA~1\\PPMemCheck.exe"
"CookiePatrol"="c:\\PROGRA~1\\PESTPA~1\\CookiePatrol.exe"
"WinampAgent"="C:\\Program Files\\Winamp\\winampa.exe"
"TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.5.0_08\\bin\\jusched.exe\""
"KernelFaultCheck"=hex(2):25,73,79,73,74,65,6d,72,6f,6f,74,25,5c,73,79,73,74,\
65,6d,33,32,5c,64,75,6d,70,72,65,70,20,30,20,2d,6b,00
"!ewido"="\"C:\\Program Files\\ewido anti-spyware 4.0\\ewido.exe\" /minimized"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000001

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,00,03,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\
ff,ff,04,00,00,00
"RestoredStateInfo"=hex:18,00,00,00,6a,02,00,00,23,00,00,00,a4,00,00,00,9a,00,\
00,00,01,00,00,00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}"="Microsoft AntiMalware ShellExecuteHook"
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="ewido anti-spyware 4.0"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001
"DisableTaskMgr"=dword:00000000

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoActiveDesktopChanges"=dword:00000000

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run]

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"
"WPDShServiceObj"="{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"


HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders
securityproviders REG_SZ msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll


Contents of the 'Scheduled Tasks' folder
C:\Windows\tasks\MP Scheduled Scan.job

Completion time: Tue 26/09/2006 11:21:39.89
ComboFix.txt

-----------------------------------------------------------------------------------------------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 11:22:43 AM, on 26/09/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\Windows\System32\smss.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\Windows\System32\svchost.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\spoolsv.exe
C:\Windows\SOUNDMAN.EXE
C:\Windows\system32\RUNDLL32.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\CA\eTrust Vet Antivirus\CAVTray.exe
C:\Program Files\CA\eTrust Vet Antivirus\CAVRID.exe
C:\PROGRA~1\PESTPA~1\PPControl.exe
C:\PROGRA~1\PESTPA~1\PPMemCheck.exe
C:\PROGRA~1\PESTPA~1\CookiePatrol.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\Windows\system32\ctfmon.exe
C:\Program Files\CA\eTrust Vet Antivirus\ISafe.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Windows\system32\nvsvc32.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\VIA\RAID\raid_tool.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\CA\eTrust Vet Antivirus\VetMsg.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=566...ER}&ar=home
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O2 - BHO: PrintViewBHO Class - {D4E0C464-30CE-4075-9A10-71FD106C2847} - C:\PROGRA~1\PRINTV~1\PRINTH~1.DLL (file missing)
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [CaAvTray] "C:\Program Files\CA\eTrust Vet Antivirus\CAVTray.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\eTrust Vet Antivirus\CAVRID.exe"
O4 - HKLM\..\Run: [PestPatrol Control Center] c:\PROGRA~1\PESTPA~1\PPControl.exe
O4 - HKLM\..\Run: [PPMemCheck] c:\PROGRA~1\PESTPA~1\PPMemCheck.exe
O4 - HKLM\..\Run: [CookiePatrol] c:\PROGRA~1\PESTPA~1\CookiePatrol.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\Windows\system32\ctfmon.exe
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\Xfire.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: VIA RAID TOOL.lnk = C:\Program Files\VIA\RAID\raid_tool.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {200B3EE9-7242-4EFD-B1E4-D97EE825BA53} (VerifyGMN Class) - http://h20270.www2.hp.com/ediags/gmn/insta...staller_gmn.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://hino-mushi.spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1123927098912
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/virusinfo/webscan.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: igfxcui - C:\Windows\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: WgaLogon - C:\Windows\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Vet Antivirus\ISafe.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\Windows\system32\nvsvc32.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\Cyberlink\Shared files\RichVideo.exe (file missing)
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Vet Antivirus\VetMsg.exe

#10 -David-

-David-

  • Members
  • 10,603 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London
  • Local time:08:52 PM

Posted 26 September 2006 - 10:57 AM

Looking much better...

Start HijackThis, close all open windows leaving only HijackThis running. Place a check against each of the following if still present:

O2 - BHO: PrintViewBHO Class - {D4E0C464-30CE-4075-9A10-71FD106C2847} - C:\PROGRA~1\PRINTV~1\PRINTH~1.DLL (file missing)

Click on Fix Checked when finished and exit HijackThis.
Make sure your Internet Explorer is closed when you click Fix Checked!

Malware like this normally never comes alone and there are probably infected files left on your computer.
Please visit Panda Online to carry out a virus scan.
Once you are on the Panda site click the Scan your PC button.
A new window will open...click the Check Now button.
Enter your personal details.
Click the big Scan Now button.
It will ask to install various content - please allow this.
It will start downloading the files it requires for the scan, which may take a while.
When download is complete, click on Local Disks to start the scan.
When the scan completes, click the See Report button.
Click Save Report and save the file to your desktop.
Post the contents of the report in your next reply, along with a new Hijackthis log.

David

#11 OtakuBlackWolf

OtakuBlackWolf
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:05:52 AM

Posted 13 October 2006 - 08:51 AM

sorry but i have moved houses and dont have the internet, but i will do that last step for now
thanks for all the help so far

#12 -David-

-David-

  • Members
  • 10,603 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London
  • Local time:08:52 PM

Posted 13 October 2006 - 11:10 AM

You're welcome, I will check for a reply later.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users