Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Awtuvts.dll And Vundo, Need Help To Remove.


  • Please log in to reply
6 replies to this topic

#1 arius

arius

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:02:17 AM

Posted 25 April 2007 - 03:24 PM

Starting a week ago my system was infected with the Vundo virus which I cleaned with VundoFix. I thought it was cleaned out but the system keeps getting re-infected.

There is one file, C:\WINDOWS\SYSTEM32\AWTUVTS.DLL, (doesn't show up in listing below), that was created at the same time as the Vundo infected files removed by VundoFix. I cannot delete or rename this file as it seems to be open by Winlogon.exe and Explorer.exe (according to MS Process Explorer). I found three references for it in the registry; one entry is for Winlogon logon and logoff notify.

I have re-run VundoFix but the infection will return and I suspect AWTUVTS.DLL but I could be wrong.

Expert advice on getting the infection cleared out will be very much appreciated. New tabs will periodically open on IE and Firefox.

Logfile of HijackThis v1.99.1
Scan saved at 1:10:16 PM, on 4/25/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Promise Technology, Inc\Promise Array Management\Msgagt.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\devldr32.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\System32\ups.exe
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\CLOCK.EXE
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\Microtek\ScanWizard 5\ScannerFinder.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\WINDOWS\system32\ntvdm.exe
C:\Program Files\X1\X1Systray.exe
C:\Program Files\X1\X1.exe
c:\program files\x1\textExtractor.exe
C:\DOCUME~1\FK\LOCALS~1\Temp\RoboForm\RoboTaskBarIcon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\HiJackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [PtiuPbmd] Rundll32.exe ptipbm.dll,SetWriteBack
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [InfoData] rundll32.exe "C:\WINDOWS\system32\xnacbrsw.dll",realset
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - Startup: 0 MS Process Explorer.exe.lnk = C:\Program Files\Microsoft Process Explorer\procexp.exe
O4 - Startup: Bginfo.exe.lnk = C:\Program Files\BGInfo\Bginfo.exe
O4 - Startup: Random House Webster's College Dictionary WordGenius Activate.LNK = C:\Program Files\WordGenius\WGRC.exe
O4 - Startup: X1 System Tray.lnk = C:\Program Files\X1\X1Systray.exe
O4 - Startup: X1.lnk = C:\Program Files\X1\X1.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: CLOCK.EXE
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Microtek Scanner Finder.lnk = C:\Program Files\Microtek\ScanWizard 5\ScannerFinder.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O15 - Trusted Zone: http://*.windowsupdate.com
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1099122025796
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secur...loadManager.ocx
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Promise Array Message Agent (RAIDmAgt) - Unknown owner - C:\Program Files\Promise Technology, Inc.\Promise Array Management\Msgagt.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

BC AdBot (Login to Remove)

 


#2 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:10:17 AM

Posted 25 April 2007 - 03:36 PM

Welcome to the BleepingComputer HijackThis Logs and Analysis forum arius :thumbsup:

Please download Combofix and save to the desktop:
http://download.bleepingcomputer.com/sUBs/Beta/ComboFix.exe
Note:
It is important that it is saved directly to your desktop

Close any open browsers.
Double click on combofix.exe and follow the prompts.
When it's finished it will produce a log.
Post the C:\ComboFix.txt into your next reply.
Note:
Do not mouseclick combofix's window whilst it's running.
That may cause the program to freeze/hang.


*******************************

Please go to:
C:\Program Files\HijackThis\HijackThis.exe
Right click on Hijackthis.exe and select 'Rename', rename it to abc.bat
Double click on abc.bat(which is still Hijackthis.exe),post that log into your next reply please.
Also post the C:\ComboFix.txt

Posted Image
Posted Image

#3 arius

arius
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:02:17 AM

Posted 25 April 2007 - 04:11 PM

Here's the ComboFix and HiJackThis logs:

"FK" - 07-04-25 13:44:08 Service Pack 2
ComboFix 07-04-25.4V - Running from: "C:\Documents and Settings\FK\Desktop\"


(((((((((((((((((((((((((((((((((((((((((((((((((( V Log )))))))))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\system32\ZZZ-jkhhe.dll
C:\WINDOWS\system32\ututv.ini
C:\WINDOWS\system32\vtutu.dll
C:\WINDOWS\system32\awtuvts.dll


* * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *



(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ Purity ~ ~ ~ ~ ~ ~ ~ ~~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~
Folders Quarantined:
C:\qoobox\purity\C\WINDOWS\system32\SCURIT~1
C:\qoobox\purity\C\WINDOWS\system32\SCURIT~1\s?curity
C:\qoobox\purity\C\WINDOWS\system32\SCURIT~1\ZZZ javaw.exe


((((((((((((((((((((((((((((((( Files Created from 2007-03-25 to 2007-04-25 ))))))))))))))))))))))))))))))))))


2007-04-25 13:32 <DIR> d-------- C:\WIND0WS_$NtUninstall
2007-04-25 12:46 132,660 --a------ C:\WINDOWS\system32\ZZZxnacbrsw.dll
2007-04-25 12:45 1,401,901 --ahs---- C:\WINDOWS\system32\ZZZututv.bak2
2007-04-25 10:25 132,660 --a------ C:\WINDOWS\system32\ZZZwcfeepfs.dll
2007-04-25 10:25 1,398,211 --ahs---- C:\WINDOWS\system32\ZZZututv.bak1
2007-04-24 21:13 60,928 --a------ C:\WINDOWS\system32\ZZZcfe.dll
2007-04-22 23:04 <DIR> d-------- C:\Program Files\Microsoft Process Explorer
2007-04-22 21:25 <DIR> d-------- C:\VundoFix Backups
2007-04-21 19:28 524,288 --ah----- C:\DOCUME~1\ADMINI~1.MAN\NTUSER.DAT
2007-04-19 16:15 <DIR> d-------- C:\Program Files\Lavasoft
2007-04-19 16:15 <DIR> d-------- C:\DOCUME~1\FK\APPLIC~1\Lavasoft
2007-04-19 16:14 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-04-18 20:56 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\ErrorProtector Free
2007-03-28 18:41 517,848 --a------ C:\WINDOWS\system32\SymNeti.dll
2007-03-28 18:41 47,192 --a------ C:\WINDOWS\system32\drivers\symndis.sys
2007-03-28 18:41 37,016 --a------ C:\WINDOWS\system32\drivers\symids.sys
2007-03-28 18:41 266,552 --a------ C:\WINDOWS\system32\drivers\symtdi.sys
2007-03-28 18:41 18,904 --a------ C:\WINDOWS\system32\drivers\symredrv.sys
2007-03-28 18:41 171,928 --a------ C:\WINDOWS\system32\drivers\symfw.sys
2007-03-28 18:41 132,824 --a------ C:\WINDOWS\system32\SymRedir.dll
2007-03-28 18:41 11,480 --a------ C:\WINDOWS\system32\drivers\symdns.sys


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2007-04-25 13:46 -------- d-------- C:\DOCUME~1\FK\APPLIC~1\skype
2007-04-24 19:37 2256 --a------ C:\WINDOWS\current_settings.bin
2007-04-23 19:42 -------- d-------- C:\Program Files\norton antivirus
2007-04-18 21:14 -------- d-------- C:\Program Files\symantec
2007-03-17 06:43 292864 --a------ C:\WINDOWS\system32\winsrv.dll
2007-03-15 12:23 497496 --a------ C:\WINDOWS\system32\xceedzip.dll
2007-03-15 12:19 526184 --a------ C:\WINDOWS\system32\xceedcry.dll
2007-03-08 08:36 577536 --a------ C:\WINDOWS\system32\user32.dll
2007-03-08 08:36 40960 --a------ C:\WINDOWS\system32\mf3216.dll
2007-03-08 08:36 281600 --a------ C:\WINDOWS\system32\gdi32.dll
2007-03-08 06:47 1843584 --a------ C:\WINDOWS\system32\win32k.sys
2007-02-05 13:17 185344 --a------ C:\WINDOWS\system32\upnphost.dll


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{BDF3E430-B101-42AD-A544-FADC6B084872} C:\Program Files\Norton AntiVirus\NavShExt.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"nwiz"="nwiz.exe /install"
"NvMediaCenter"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvMcTray.dll,NvTaskbarInit"
"PtiuPbmd"="Rundll32.exe ptipbm.dll,SetWriteBack"
"RemoteControl"="\"C:\\Program Files\\CyberLink\\PowerDVD\\PDVDServ.exe\""
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"ccApp"="\"C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\""
"Symantec NetDriver Monitor"="C:\\PROGRA~1\\SYMNET~1\\SNDMon.exe /Consumer"
"Windows Defender"="\"C:\\Program Files\\Windows Defender\\MSASCui.exe\" -hide"
"InfoData"="rundll32.exe \"C:\\WINDOWS\\system32\\xnacbrsw.dll\",realset"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"Skype"="\"C:\\Program Files\\Skype\\Phone\\Skype.exe\" /nosplash /minimized"
"updateMgr"="\"C:\\Program Files\\Adobe\\Acrobat 7.0\\Reader\\AdobeUpdateManager.exe\" AcRdB7_0_9 -reboot 1"

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"ALUAlert"="C:\\Program Files\\Symantec\\LiveUpdate\\ALUNotify.exe"

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa
Authentication Packages REG_MULTI_SZ msv1_0\0\0
Security Packages REG_MULTI_SZ kerberos\0msv1_0\0schannel\0wdigest\0\0
Notification Packages REG_MULTI_SZ scecli\0\0


[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
WudfServiceGroup REG_MULTI_SZ WUDFSvc\0\0


[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9a5e0cfd-0770-11da-a66d-00e081287257}]
Shell\AutoRun\command E:\PortableRoboForm.exe
Shell\Pass2Go\command E:\PortableRoboForm.exe

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{efc2406a-be08-11db-a90b-00e081287257}]
Shell\AutoRun\command K:\PortableRoboForm.exe
Shell\RoboForm2Go\command K:\PortableRoboForm.exe

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f0ab6db2-ecfc-11da-a887-00e081287257}]
Shell\AutoRun\command G:\AutoRun.exe


Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\MP Scheduled Scan.job
C:\WINDOWS\tasks\Norton AntiVirus - Scan my computer - FK.job
C:\WINDOWS\tasks\Symantec NetDetect.job

********************************************************************

catchme 0.3.660 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-04-25 13:53:01
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


********************************************************************

Completion time: 07-04-25 13:53:40 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 07-04-25 13:53



Logfile of HijackThis v1.99.1
Scan saved at 1:57:12 PM, on 4/25/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Promise Technology, Inc\Promise Array Management\Msgagt.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\devldr32.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\CLOCK.EXE
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\Microtek\ScanWizard 5\ScannerFinder.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Microsoft Process Explorer\procexp.exe
C:\WINDOWS\system32\ntvdm.exe
C:\Program Files\X1\X1Systray.exe
C:\Program Files\X1\X1.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\HiJackThis\abc.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: (no name) - {1557B435-8242-4686-9AA3-9265BF7525A4} - (no file)
O2 - BHO: (no name) - {1793A033-6789-4B50-F04B-67E339E4F99C} - (no file)
O2 - BHO: (no name) - {587CA23F-45CF-4835-9630-32EB362A8D30} - (no file)
O2 - BHO: (no name) - {83442C8F-CD36-4B77-99B6-2BE381B130D2} - (no file)
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [PtiuPbmd] Rundll32.exe ptipbm.dll,SetWriteBack
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [InfoData] rundll32.exe "C:\WINDOWS\system32\xnacbrsw.dll",realset
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - Startup: 0 MS Process Explorer.exe.lnk = C:\Program Files\Microsoft Process Explorer\procexp.exe
O4 - Startup: Bginfo.exe.lnk = C:\Program Files\BGInfo\Bginfo.exe
O4 - Startup: Random House Webster's College Dictionary WordGenius Activate.LNK = C:\Program Files\WordGenius\WGRC.exe
O4 - Startup: X1 System Tray.lnk = C:\Program Files\X1\X1Systray.exe
O4 - Startup: X1.lnk = C:\Program Files\X1\X1.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: CLOCK.EXE
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Microtek Scanner Finder.lnk = C:\Program Files\Microtek\ScanWizard 5\ScannerFinder.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O15 - Trusted Zone: http://*.windowsupdate.com
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1099122025796
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secur...loadManager.ocx
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Promise Array Message Agent (RAIDmAgt) - Unknown owner - C:\Program Files\Promise Technology, Inc.\Promise Array Management\Msgagt.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

#4 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:10:17 AM

Posted 25 April 2007 - 04:35 PM

Download Killbox by Option^Explicit:
http://download.bleepingcomputer.com/spyware/KillBox.zip
Save it to your desktop.
Please double-click Killbox.exe to run it.
Select: 'Delete on Reboot'.
Then Click on the 'All Files' button.
Please copy ALL the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):

C:\WINDOWS\system32\ZZZxnacbrsw.dll
C:\WINDOWS\system32\ZZZututv.bak2
C:\WINDOWS\system32\ZZZwcfeepfs.dll
C:\WINDOWS\system32\ZZZututv.bak1
C:\WINDOWS\system32\ZZZcfe.dll
C:\WINDOWS\system32\xnacbrsw.dll


Return to Killbox,go to the File menu,and choose 'Paste from Clipboard'.
Click the red-and-white Delete File button.
Click 'Yes' at the 'Delete on Reboot' prompt.
Click OK at any 'PendingFileRenameOperations' prompt.
If your computer does not restart automatically,please restart it manually.


After rebooting, open up Killbox again.
Click 'File'>'Logs'>'Actions History Log'.
Post this log in your next reply.

*********************************

Download/install AVG Anti-Spyware 7.5.

Please follow these instructions very carefully.

Launch/start up AVG Anti-Spyware.
On the main page click the 'Update' tab,and then 'Start Update'.
Note:
If you have any problems running the update process prior to running the scan,download/install the 'Full Database' from here:
http://download.ewido.net/avgas-signatures-full-current.exe

Once the updates have been installed,do the following:
Select the 'Scanner' icon at the top of the screen, then select the 'Settings' tab.
Once in the 'Settings' screen,under 'How to act?',then under 'Set default action for detected malware to:', click on 'Recommended actions',then click on 'Quarantine'.
Under 'Reports' select 'Automatically generate report after every scan' and unselect 'Only if threats were found'.
Exit AVG Anti-Spyware,don't run the scan just yet.

You might want to print/copy the following as you need to be in Safe Mode from here on.

Reboot your computer into SAFE MODE using the F8 method.
To do this,restart your computer and after hearing your computer beep once during startup (but before the Windows icon appears) press the F8 key repeatedly.
A menu will appear with several options.
Use the arrow keys on your keyboard to navigate and select the option to run Windows in "Safe Mode".

Have Hijack This fix the following [If still present], by placing a check in the appropriate boxes and selecting 'Fix checked'.
Make sure all browser and all Windows Explorer windows are closed before fixing:

O2 - BHO: (no name) - {1557B435-8242-4686-9AA3-9265BF7525A4} - (no file)
O2 - BHO: (no name) - {1793A033-6789-4B50-F04B-67E339E4F99C} - (no file)
O2 - BHO: (no name) - {587CA23F-45CF-4835-9630-32EB362A8D30} - (no file)
O2 - BHO: (no name) - {83442C8F-CD36-4B77-99B6-2BE381B130D2} - (no file)
O4 - HKLM\..\Run: [InfoData] rundll32.exe "C:\WINDOWS\system32\xnacbrsw.dll",realset


Still in Safe Mode launch AVG Anti-Spyware.
Click the 'Scanner' icon at the top.
To start the scan click on 'Complete System Scan'.
Please be patient,it takes a while for the scan to finish.

Once the scan is complete,do the following.
If AVG Anti-Spyware detected any infected objects:,click on 'Apply All Actions'.

Next click on 'Save Report'.
Copy and paste that report into your next reply.
The report can be found under the 'Reports' tab at the top.
Close AVG Anti-Spyware when you've done.
Reboot normally.

Post the Actions History Log from Killbox,the AVG Anti Spyware report and a new Hijackthis log into your next reply.
Let me know how your pc is running now please.
Posted Image
Posted Image

#5 arius

arius
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:02:17 AM

Posted 25 April 2007 - 07:02 PM

All done exactly as instructed.

Any issue with this in HiJackThis report?: O11 - Options group: [INTERNATIONAL] International*

So far so good. Many thanks for the expert advice!

Here are the log files:


Pocket Killbox version 2.0.0.648
Running on Windows XP as FK(Administrator)
was started @ Wednesday, April 25, 2007, 2:37 PM

# 1 [Delete on Reboot]
Path = C:\WINDOWS\system32\ZZZxnacbrsw.dll


# 2 [Delete on Reboot]
Path = C:\WINDOWS\system32\ZZZututv.bak2


# 3 [Delete on Reboot]
Path = C:\WINDOWS\system32\ZZZwcfeepfs.dll


# 4 [Delete on Reboot]
Path = C:\WINDOWS\system32\ZZZututv.bak1


# 5 [Delete on Reboot]
Path = C:\WINDOWS\system32\ZZZcfe.dll


I Rebooted @ 2:40:10 PM
Killbox Closed(Exit) @ 2:40:24 PM
__________________________________________________

Pocket Killbox version 2.0.0.648
Running on Windows XP as FK(Administrator)
was started @ Wednesday, April 25, 2007, 2:45 PM

Killbox Closed(Exit) @ 3:00:05 PM
__________________________________________________



---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 4:21:03 PM 4/25/2007

+ Scan result:

C:\Program Files\Common Files\Real\WeatherBug\MiniBugTransporter.dll -> Adware.Minibug : Cleaned with backup (quarantined).
C:\!KillBox\ZZZcfe.dll -> Adware.PurityScan : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6725C438-3F29-490E-9CE6-49AE458543D1}\RP6\A0006379.exe -> Adware.PurityScan : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6725C438-3F29-490E-9CE6-49AE458543D1}\RP6\A0006389.dll -> Adware.PurityScan : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6725C438-3F29-490E-9CE6-49AE458543D1}\RP6\A0008469.dll -> Adware.PurityScan : Cleaned with backup (quarantined).
C:\Documents and Settings\FK\Desktop\backups\backup-20070425-110804-540.dll -> Adware.Virtumonde : Cleaned with backup (quarantined).
C:\Documents and Settings\FK\Desktop\backups\backup-20070425-125109-704.dll -> Adware.Virtumonde : Cleaned with backup (quarantined).
C:\Documents and Settings\FK\Desktop\backups\backup-20070425-125403-585.dll -> Adware.Virtumonde : Cleaned with backup (quarantined).
C:\QooBox\Quarantine\C\WINDOWS\system32\awtuvts.dll.vir -> Adware.Virtumonde : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6725C438-3F29-490E-9CE6-49AE458543D1}\RP2\A0001170.dll -> Adware.Virtumonde : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6725C438-3F29-490E-9CE6-49AE458543D1}\RP2\A0001171.dll -> Adware.Virtumonde : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6725C438-3F29-490E-9CE6-49AE458543D1}\RP5\A0006332.dll -> Adware.Virtumonde : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6725C438-3F29-490E-9CE6-49AE458543D1}\RP6\A0008404.dll -> Adware.Virtumonde : Cleaned with backup (quarantined).
C:\VundoFix Backups\ZZZ hgghgff.dll.bad -> Adware.Virtumonde : Cleaned with backup (quarantined).
C:\VundoFix Backups\ZZZ opnkkkj.dll.bad -> Adware.Virtumonde : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6725C438-3F29-490E-9CE6-49AE458543D1}\RP1\A0001048.exe -> Downloader.Agent.bls : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6725C438-3F29-490E-9CE6-49AE458543D1}\RP5\A0002304.exe -> Downloader.Agent.bls : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6725C438-3F29-490E-9CE6-49AE458543D1}\RP5\A0004317.exe -> Downloader.Agent.bls : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6725C438-3F29-490E-9CE6-49AE458543D1}\RP5\A0006330.exe -> Downloader.Agent.bls : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6725C438-3F29-490E-9CE6-49AE458543D1}\RP6\A0006375.exe -> Downloader.PurityScan.ee : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6725C438-3F29-490E-9CE6-49AE458543D1}\RP2\A0001196.exe -> Downloader.VB.wz : Cleaned with backup (quarantined).
:mozilla.164:C:\Documents and Settings\FK\Application Data\Mozilla\Firefox\Profiles\esksnh7x.default\cookies.txt -> TrackingCookie.247realmedia : Cleaned.
:mozilla.100:C:\Documents and Settings\FK\Application Data\Mozilla\Firefox\Profiles\esksnh7x.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.101:C:\Documents and Settings\FK\Application Data\Mozilla\Firefox\Profiles\esksnh7x.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.102:C:\Documents and Settings\FK\Application Data\Mozilla\Firefox\Profiles\esksnh7x.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.103:C:\Documents and Settings\FK\Application Data\Mozilla\Firefox\Profiles\esksnh7x.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.104:C:\Documents and Settings\FK\Application Data\Mozilla\Firefox\Profiles\esksnh7x.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.105:C:\Documents and Settings\FK\Application Data\Mozilla\Firefox\Profiles\esksnh7x.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.106:C:\Documents and Settings\FK\Application Data\Mozilla\Firefox\Profiles\esksnh7x.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.107:C:\Documents and Settings\FK\Application Data\Mozilla\Firefox\Profiles\esksnh7x.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.108:C:\Documents and Settings\FK\Application Data\Mozilla\Firefox\Profiles\esksnh7x.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.109:C:\Documents and Settings\FK\Application Data\Mozilla\Firefox\Profiles\esksnh7x.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.114:C:\Documents and Settings\FK\Application Data\Mozilla\Firefox\Profiles\esksnh7x.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.115:C:\Documents and Settings\FK\Application Data\Mozilla\Firefox\Profiles\esksnh7x.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.116:C:\Documents and Settings\FK\Application Data\Mozilla\Firefox\Profiles\esksnh7x.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.117:C:\Documents and Settings\FK\Application Data\Mozilla\Firefox\Profiles\esksnh7x.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.118:C:\Documents and Settings\FK\Application Data\Mozilla\Firefox\Profiles\esksnh7x.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.119:C:\Documents and Settings\FK\Application Data\Mozilla\Firefox\Profiles\esksnh7x.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.120:C:\Documents and Settings\FK\Application Data\Mozilla\Firefox\Profiles\esksnh7x.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.121:C:\Documents and Settings\FK\Application Data\Mozilla\Firefox\Profiles\esksnh7x.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.122:C:\Documents and Settings\FK\Application Data\Mozilla\Firefox\Profiles\esksnh7x.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.123:C:\Documents and Settings\FK\Application Data\Mozilla\Firefox\Profiles\esksnh7x.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.124:C:\Documents and Settings\FK\Application Data\Mozilla\Firefox\Profiles\esksnh7x.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.125:C:\Documents and Settings\FK\Application Data\Mozilla\Firefox\Profiles\esksnh7x.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.126:C:\Documents and Settings\FK\Application Data\Mozilla\Firefox\Profiles\esksnh7x.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.127:C:\Documents and Settings\FK\Application Data\Mozilla\Firefox\Profiles\esksnh7x.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.128:C:\Documents and Settings\FK\Application Data\Mozilla\Firefox\Profiles\esksnh7x.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.129:C:\Documents and Settings\FK\Application Data\Mozilla\Firefox\Profiles\esksnh7x.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.130:C:\Documents and Settings\FK\Application Data\Mozilla\Firefox\Profiles\esksnh7x.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.131:C:\Documents and Settings\FK\Application Data\Mozilla\Firefox\Profiles\esksnh7x.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.132:C:\Documents and Settings\FK\Application Data\Mozilla\Firefox\Profiles\esksnh7x.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.133:C:\Documents and Settings\FK\Application Data\Mozilla\Firefox\Profiles\esksnh7x.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.134:C:\Documents and Settings\FK\Application Data\Mozilla\Firefox\Profiles\esksnh7x.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.135:C:\Documents and Settings\FK\Application Data\Mozilla\Firefox\Profiles\esksnh7x.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.136:C:\Documents and Settings\FK\Application Data\Mozilla\Firefox\Profiles\esksnh7x.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.137:C:\Documents and Settings\FK\Application Data\Mozilla\Firefox\Profiles\esksnh7x.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.138:C:\Documents and Settings\FK\Application Data\Mozilla\Firefox\Profiles\esksnh7x.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.139:C:\Documents and Settings\FK\Application Data\Mozilla\Firefox\Profiles\esksnh7x.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.140:C:\Documents and Settings\FK\Application Data\Mozilla\Firefox\Profiles\esksnh7x.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.141:C:\Documents and Settings\FK\Application Data\Mozilla\Firefox\Profiles\esksnh7x.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.142:C:\Documents and Settings\FK\Application Data\Mozilla\Firefox\Profiles\esksnh7x.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.143:C:\Documents and Settings\FK\Application Data\Mozilla\Firefox\Profiles\esksnh7x.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.144:C:\Documents and Settings\FK\Application Data\Mozilla\Firefox\Profiles\esksnh7x.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.145:C:\Documents and Settings\FK\Application Data\Mozilla\Firefox\Profiles\esksnh7x.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.146:C:\Documents and Settings\FK\Application Data\Mozilla\Firefox\Profiles\esksnh7x.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.147:C:\Documents and Settings\FK\Application Data\Mozilla\Firefox\Profiles\esksnh7x.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.544:C:\Documents and Settings\FK\Application Data\Mozilla\Firefox\Profiles\esksnh7x.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.93:C:\Documents and Settings\FK\Application Data\Mozilla\Firefox\Profiles\esksnh7x.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.94:C:\Documents and Settings\FK\Application Data\Mozilla\Firefox\Profiles\esksnh7x.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.95:C:\Documents and Settings\FK\Application Data\Mozilla\Firefox\Profiles\esksnh7x.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.96:C:\Documents and Settings\FK\Application Data\Mozilla\Firefox\Profiles\esksnh7x.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.97:C:\Documents and Settings\FK\Application Data\Mozilla\Firefox\Profiles\esksnh7x.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.98:C:\Documents and Settings\FK\Application Data\Mozilla\Firefox\Profiles\esksnh7x.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.99:C:\Documents and Settings\FK\Application Data\Mozilla\Firefox\Profiles\esksnh7x.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.349:C:\Documents and Settings\FK\Application Data\Mozilla\Firefox\Profiles\esksnh7x.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.350:C:\Documents and Settings\FK\Application Data\Mozilla\Firefox\Profiles\esksnh7x.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.177:C:\Documents and Settings\FK\Application Data\Mozilla\Firefox\Profiles\esksnh7x.default\cookies.txt -> TrackingCookie.Adjuggler : Cleaned.
:mozilla.178:C:\Documents and Settings\FK\Application Data\Mozilla\Firefox\Profiles\esksnh7x.default\cookies.txt -> TrackingCookie.Adjuggler : Cleaned.
:mozilla.167:C:\Documents and Settings\FK\Application Data\Mozilla\Firefox\Profiles\esksnh7x.default\cookies.txt -> TrackingCookie.Adtech : Cleaned.
:mozilla.169:C:\Documents and Settings\FK\Application Data\Mozilla\Firefox\Profiles\esksnh7x.default\cookies.txt -> TrackingCookie.Adtech : Cleaned.
:mozilla.267:C:\Documents and Settings\FK\Application Data\Mozilla\Firefox\Profiles\esksnh7x.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.268:C:\Documents and Settings\FK\Application Data\Mozilla\Firefox\Profiles\esksnh7x.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.269:C:\Documents and Settings\FK\Application Data\Mozilla\Firefox\Profiles\esksnh7x.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.270:C:\Documents and Settings\FK\Application Data\Mozilla\Firefox\Profiles\esksnh7x.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.271:C:\Documents and Settings\FK\Application Data\Mozilla\Firefox\Profiles\esksnh7x.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.272:C:\Documents and Settings\FK\Application Data\Mozilla\Firefox\Profiles\esksnh7x.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.61:C:\Documents and Settings\FK\Application Data\Mozilla\Firefox\Profiles\esksnh7x.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
:mozilla.62:C:\Documents and Settings\FK\Application Data\Mozilla\Firefox\Profiles\esksnh7x.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
:mozilla.168:C:\Documents and Settings\FK\Application Data\Mozilla\Firefox\Profiles\esksnh7x.default\cookies.txt -> TrackingCookie.Bluestreak : Cleaned.
:mozilla.337:C:\Documents and Settings\FK\Application Data\Mozilla\Firefox\Profiles\esksnh7x.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.608:C:\Documents and Settings\FK\Application Data\Mozilla\Firefox\Profiles\esksnh7x.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.609:C:\Documents and Settings\FK\Application Data\Mozilla\Firefox\Profiles\esksnh7x.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.610:C:\Documents and Settings\FK\Application Data\Mozilla\Firefox\Profiles\esksnh7x.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.611:C:\Documents and Settings\FK\Application Data\Mozilla\Firefox\Profiles\esksnh7x.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.612:C:\Documents and Settings\FK\Application Data\Mozilla\Firefox\Profiles\esksnh7x.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.530:C:\Documents and Settings\FK\Application Data\Mozilla\Firefox\Profiles\esksnh7x.default\cookies.txt -> TrackingCookie.Com : Cleaned.
:mozilla.531:C:\Documents and Settings\FK\Application Data\Mozilla\Firefox\Profiles\esksnh7x.default\cookies.txt -> TrackingCookie.Com : Cleaned.
:mozilla.532:C:\Documents and Settings\FK\Application Data\Mozilla\Firefox\Profiles\esksnh7x.default\cookies.txt -> TrackingCookie.Com : Cleaned.
:mozilla.533:C:\Documents and Settings\FK\Application Data\Mozilla\Firefox\Profiles\esksnh7x.default\cookies.txt -> TrackingCookie.Com : Cleaned.
:mozilla.534:C:\Documents and Settings\FK\Application Data\Mozilla\Firefox\Profiles\esksnh7x.default\cookies.txt -> TrackingCookie.Com : Cleaned.
:mozilla.535:C:\Documents and Settings\FK\Application Data\Mozilla\Firefox\Profiles\esksnh7x.default\cookies.txt -> TrackingCookie.Com : Cleaned.
:mozilla.536:C:\Documents and Settings\FK\Application Data\Mozilla\Firefox\Profiles\esksnh7x.default\cookies.txt -> TrackingCookie.Com : Cleaned.
:mozilla.618:C:\Documents and Settings\FK\Application Data\Mozilla\Firefox\Profiles\esksnh7x.default\cookies.txt -> TrackingCookie.Com : Cleaned.
:mozilla.619:C:\Documents and Settings\FK\Application Data\Mozilla\Firefox\Profiles\esksnh7x.default\cookies.txt -> TrackingCookie.Com : Cleaned.
:mozilla.379:C:\Documents and Settings\FK\Application Data\Mozilla\Firefox\Profiles\esksnh7x.default\cookies.txt -> TrackingCookie.Coremetrics : Cleaned.
:mozilla.314:C:\Documents and Settings\FK\Application Data\Mozilla\Firefox\Profiles\esksnh7x.default\cookies.txt -> TrackingCookie.Counted : Cleaned.
:mozilla.315:C:\Documents and Settings\FK\Application Data\Mozilla\Firefox\Profiles\esksnh7x.default\cookies.txt -> TrackingCookie.Counted : Cleaned.
C:\Documents and Settings\FK\Cookies\FK@cpvfeed[2].txt -> TrackingCookie.Cpvfeed : Cleaned.
:mozilla.148:C:\Documents and Settings\FK\Application Data\Mozilla\Firefox\Profiles\esksnh7x.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.149:C:\Documents and Settings\FK\Application Data\Mozilla\Firefox\Profiles\esksnh7x.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.443:C:\Documents and Settings\FK\Application Data\Mozilla\Firefox\Profiles\esksnh7x.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.444:C:\Documents and Settings\FK\Application Data\Mozilla\Firefox\Profiles\esksnh7x.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.445:C:\Documents and Settings\FK\Application Data\Mozilla\Firefox\Profiles\esksnh7x.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.155:C:\Documents and Settings\FK\Application Data\Mozilla\Firefox\Profiles\esksnh7x.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.156:C:\Documents and Settings\FK\Application Data\Mozilla\Firefox\Profiles\esksnh7x.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.157:C:\Documents and Settings\FK\Application Data\Mozilla\Firefox\Profiles\esksnh7x.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.158:C:\Documents and Settings\FK\Application Data\Mozilla\Firefox\Profiles\esksnh7x.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.159:C:\Documents and Settings\FK\Application Data\Mozilla\Firefox\Profiles\esksnh7x.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.91:C:\Documents and Settings\FK\Application Data\Mozilla\Firefox\Profiles\esksnh7x.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.428:C:\Documents and Settings\FK\Application Data\Mozilla\Firefox\Profiles\esksnh7x.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.429:C:\Documents and Settings\FK\Application Data\Mozilla\Firefox\Profiles\esksnh7x.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.430:C:\Documents and Settings\FK\Application Data\Mozilla\Firefox\Profiles\esksnh7x.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.616:C:\Documents and Settings\FK\Application Data\Mozilla\Firefox\Profiles\esksnh7x.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.617:C:\Documents and Settings\FK\Application Data\Mozilla\Firefox\Profiles\esksnh7x.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.215:C:\Documents and Settings\FK\Application Data\Mozilla\Firefox\Profiles\esksnh7x.default\cookies.txt -> TrackingCookie.Imrworldwide : Cleaned.
:mozilla.216:C:\Documents and Settings\FK\Application Data\Mozilla\Firefox\Profiles\esksnh7x.default\cookies.txt -> TrackingCookie.Imrworldwide : Cleaned.
:mozilla.265:C:\Documents and Settings\FK\Application Data\Mozilla\Firefox\Profiles\esksnh7x.default\cookies.txt -> TrackingCookie.Intelli-direct : Cleaned.
:mozilla.324:C:\Documents and Settings\FK\Application Data\Mozilla\Firefox\Profiles\esksnh7x.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.325:C:\Documents and Settings\FK\Application Data\Mozilla\Firefox\Profiles\esksnh7x.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.326:C:\Documents and Settings\FK\Application Data\Mozilla\Firefox\Profiles\esksnh7x.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.26:C:\Documents and Settings\FK\Application Data\Mozilla\Firefox\Profiles\esksnh7x.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.28:C:\Documents and Settings\FK\Application Data\Mozilla\Firefox\Profiles\esksnh7x.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.411:C:\Documents and Settings\FK\Application Data\Mozilla\Firefox\Profiles\esksnh7x.default\cookies.txt -> TrackingCookie.Netflame : Cleaned.
:mozilla.412:C:\Documents and Settings\FK\Application Data\Mozilla\Firefox\Profiles\esksnh7x.default\cookies.txt -> TrackingCookie.Netflame : Cleaned.
:mozilla.24:C:\Documents and Settings\FK\Application Data\Mozilla\Firefox\Profiles\esksnh7x.default\cookies.txt -> TrackingCookie.Paypal : Cleaned.
:mozilla.583:C:\Documents and Settings\FK\Application Data\Mozilla\Firefox\Profiles\esksnh7x.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.584:C:\Documents and Settings\FK\Application Data\Mozilla\Firefox\Profiles\esksnh7x.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.585:C:\Documents and Settings\FK\Application Data\Mozilla\Firefox\Profiles\esksnh7x.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.586:C:\Documents and Settings\FK\Application Data\Mozilla\Firefox\Profiles\esksnh7x.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.85:C:\Documents and Settings\FK\Application Data\Mozilla\Firefox\Profiles\esksnh7x.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.86:C:\Documents and Settings\FK\Application Data\Mozilla\Firefox\Profiles\esksnh7x.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.87:C:\Documents and Settings\FK\Application Data\Mozilla\Firefox\Profiles\esksnh7x.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.88:C:\Documents and Settings\FK\Application Data\Mozilla\Firefox\Profiles\esksnh7x.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.195:C:\Documents and Settings\FK\Application Data\Mozilla\Firefox\Profiles\esksnh7x.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.196:C:\Documents and Settings\FK\Application Data\Mozilla\Firefox\Profiles\esksnh7x.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.197:C:\Documents and Settings\FK\Application Data\Mozilla\Firefox\Profiles\esksnh7x.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.198:C:\Documents and Settings\FK\Application Data\Mozilla\Firefox\Profiles\esksnh7x.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.74:C:\Documents and Settings\FK\Application Data\Mozilla\Firefox\Profiles\esksnh7x.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.75:C:\Documents and Settings\FK\Application Data\Mozilla\Firefox\Profiles\esksnh7x.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.76:C:\Documents and Settings\FK\Application Data\Mozilla\Firefox\Profiles\esksnh7x.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.77:C:\Documents and Settings\FK\Application Data\Mozilla\Firefox\Profiles\esksnh7x.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.78:C:\Documents and Settings\FK\Application Data\Mozilla\Firefox\Profiles\esksnh7x.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.79:C:\Documents and Settings\FK\Application Data\Mozilla\Firefox\Profiles\esksnh7x.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.80:C:\Documents and Settings\FK\Application Data\Mozilla\Firefox\Profiles\esksnh7x.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.81:C:\Documents and Settings\FK\Application Data\Mozilla\Firefox\Profiles\esksnh7x.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.243:C:\Documents and Settings\FK\Application Data\Mozilla\Firefox\Profiles\esksnh7x.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.244:C:\Documents and Settings\FK\Application Data\Mozilla\Firefox\Profiles\esksnh7x.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.245:C:\Documents and Settings\FK\Application Data\Mozilla\Firefox\Profiles\esksnh7x.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.246:C:\Documents and Settings\FK\Application Data\Mozilla\Firefox\Profiles\esksnh7x.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.247:C:\Documents and Settings\FK\Application Data\Mozilla\Firefox\Profiles\esksnh7x.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.248:C:\Documents and Settings\FK\Application Data\Mozilla\Firefox\Profiles\esksnh7x.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.249:C:\Documents and Settings\FK\Application Data\Mozilla\Firefox\Profiles\esksnh7x.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.250:C:\Documents and Settings\FK\Application Data\Mozilla\Firefox\Profiles\esksnh7x.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.251:C:\Documents and Settings\FK\Application Data\Mozilla\Firefox\Profiles\esksnh7x.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.252:C:\Documents and Settings\FK\Application Data\Mozilla\Firefox\Profiles\esksnh7x.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.253:C:\Documents and Settings\FK\Application Data\Mozilla\Firefox\Profiles\esksnh7x.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.254:C:\Documents and Settings\FK\Application Data\Mozilla\Firefox\Profiles\esksnh7x.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.255:C:\Documents and Settings\FK\Application Data\Mozilla\Firefox\Profiles\esksnh7x.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.256:C:\Documents and Settings\FK\Application Data\Mozilla\Firefox\Profiles\esksnh7x.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.257:C:\Documents and Settings\FK\Application Data\Mozilla\Firefox\Profiles\esksnh7x.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.258:C:\Documents and Settings\FK\Application Data\Mozilla\Firefox\Profiles\esksnh7x.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.259:C:\Documents and Settings\FK\Application Data\Mozilla\Firefox\Profiles\esksnh7x.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.260:C:\Documents and Settings\FK\Application Data\Mozilla\Firefox\Profiles\esksnh7x.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.261:C:\Documents and Settings\FK\Application Data\Mozilla\Firefox\Profiles\esksnh7x.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.262:C:\Documents and Settings\FK\Application Data\Mozilla\Firefox\Profiles\esksnh7x.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.263:C:\Documents and Settings\FK\Application Data\Mozilla\Firefox\Profiles\esksnh7x.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.264:C:\Documents and Settings\FK\Application Data\Mozilla\Firefox\Profiles\esksnh7x.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.266:C:\Documents and Settings\FK\Application Data\Mozilla\Firefox\Profiles\esksnh7x.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.422:C:\Documents and Settings\FK\Application Data\Mozilla\Firefox\Profiles\esksnh7x.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.423:C:\Documents and Settings\FK\Application Data\Mozilla\Firefox\Profiles\esksnh7x.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.424:C:\Documents and Settings\FK\Application Data\Mozilla\Firefox\Profiles\esksnh7x.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.426:C:\Documents and Settings\FK\Application Data\Mozilla\Firefox\Profiles\esksnh7x.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.427:C:\Documents and Settings\FK\Application Data\Mozilla\Firefox\Profiles\esksnh7x.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.431:C:\Documents and Settings\FK\Application Data\Mozilla\Firefox\Profiles\esksnh7x.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.203:C:\Documents and Settings\FK\Application Data\Mozilla\Firefox\Profiles\esksnh7x.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.204:C:\Documents and Settings\FK\Application Data\Mozilla\Firefox\Profiles\esksnh7x.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.205:C:\Documents and Settings\FK\Application Data\Mozilla\Firefox\Profiles\esksnh7x.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.206:C:\Documents and Settings\FK\Application Data\Mozilla\Firefox\Profiles\esksnh7x.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.207:C:\Documents and Settings\FK\Application Data\Mozilla\Firefox\Profiles\esksnh7x.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.230:C:\Documents and Settings\FK\Application Data\Mozilla\Firefox\Profiles\esksnh7x.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.231:C:\Documents and Settings\FK\Application Data\Mozilla\Firefox\Profiles\esksnh7x.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.232:C:\Documents and Settings\FK\Application Data\Mozilla\Firefox\Profiles\esksnh7x.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.235:C:\Documents and Settings\FK\Application Data\Mozilla\Firefox\Profiles\esksnh7x.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.236:C:\Documents and Settings\FK\Application Data\Mozilla\Firefox\Profiles\esksnh7x.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.237:C:\Documents and Settings\FK\Application Data\Mozilla\Firefox\Profiles\esksnh7x.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.388:C:\Documents and Settings\FK\Application Data\Mozilla\Firefox\Profiles\esksnh7x.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.389:C:\Documents and Settings\FK\Application Data\Mozilla\Firefox\Profiles\esksnh7x.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.390:C:\Documents and Settings\FK\Application Data\Mozilla\Firefox\Profiles\esksnh7x.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.391:C:\Documents and Settings\FK\Application Data\Mozilla\Firefox\Profiles\esksnh7x.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.392:C:\Documents and Settings\FK\Application Data\Mozilla\Firefox\Profiles\esksnh7x.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.393:C:\Documents and Settings\FK\Application Data\Mozilla\Firefox\Profiles\esksnh7x.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.394:C:\Documents and Settings\FK\Application Data\Mozilla\Firefox\Profiles\esksnh7x.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.395:C:\Documents and Settings\FK\Application Data\Mozilla\Firefox\Profiles\esksnh7x.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.160:C:\Documents and Settings\FK\Application Data\Mozilla\Firefox\Profiles\esksnh7x.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.442:C:\Documents and Settings\FK\Application Data\Mozilla\Firefox\Profiles\esksnh7x.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.319:C:\Documents and Settings\FK\Application Data\Mozilla\Firefox\Profiles\esksnh7x.default\cookies.txt -> TrackingCookie.Web-stat : Cleaned.
:mozilla.320:C:\Documents and Settings\FK\Application Data\Mozilla\Firefox\Profiles\esksnh7x.default\cookies.txt -> TrackingCookie.Web-stat : Cleaned.
:mozilla.321:C:\Documents and Settings\FK\Application Data\Mozilla\Firefox\Profiles\esksnh7x.default\cookies.txt -> TrackingCookie.Web-stat : Cleaned.
:mozilla.60:C:\Documents and Settings\FK\Application Data\Mozilla\Firefox\Profiles\esksnh7x.default\cookies.txt -> TrackingCookie.Webtrends : Cleaned.
:mozilla.34:C:\Documents and Settings\FK\Application Data\Mozilla\Firefox\Profiles\esksnh7x.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned.
:mozilla.359:C:\Documents and Settings\FK\Application Data\Mozilla\Firefox\Profiles\esksnh7x.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.360:C:\Documents and Settings\FK\Application Data\Mozilla\Firefox\Profiles\esksnh7x.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.362:C:\Documents and Settings\FK\Application Data\Mozilla\Firefox\Profiles\esksnh7x.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.363:C:\Documents and Settings\FK\Application Data\Mozilla\Firefox\Profiles\esksnh7x.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
C:\System Volume Information\_restore{6725C438-3F29-490E-9CE6-49AE458543D1}\RP2\A0001187.exe -> Trojan.Small : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6725C438-3F29-490E-9CE6-49AE458543D1}\RP5\A0006331.exe -> Trojan.Small : Cleaned with backup (quarantined).

::Report end


Logfile of HijackThis v1.99.1
Scan saved at 4:54:05 PM, on 4/25/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\CLOCK.EXE
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\Microtek\ScanWizard 5\ScannerFinder.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Microsoft Process Explorer\procexp.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\system32\devldr32.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Promise Technology, Inc\Promise Array Management\Msgagt.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\ntvdm.exe
C:\Program Files\X1\X1Systray.exe
C:\Program Files\X1\X1.exe
C:\Program Files\MetaTrader 4\terminal.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\HiJackThis\abc.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [PtiuPbmd] Rundll32.exe ptipbm.dll,SetWriteBack
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - Startup: 0 MS Process Explorer.exe.lnk = C:\Program Files\Microsoft Process Explorer\procexp.exe
O4 - Startup: Bginfo.exe.lnk = C:\Program Files\BGInfo\Bginfo.exe
O4 - Startup: Random House Webster's College Dictionary WordGenius Activate.LNK = C:\Program Files\WordGenius\WGRC.exe
O4 - Startup: X1 System Tray.lnk = C:\Program Files\X1\X1Systray.exe
O4 - Startup: X1.lnk = C:\Program Files\X1\X1.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: CLOCK.EXE
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Microtek Scanner Finder.lnk = C:\Program Files\Microtek\ScanWizard 5\ScannerFinder.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O15 - Trusted Zone: http://*.windowsupdate.com
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1099122025796
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secur...loadManager.ocx
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Promise Array Message Agent (RAIDmAgt) - Unknown owner - C:\Program Files\Promise Technology, Inc.\Promise Array Management\Msgagt.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

#6 arius

arius
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:02:17 AM

Posted 25 April 2007 - 07:07 PM

PS,

As you can see I am currently running Norton AV, MS Windows Defender, and the MS Firewall in XP. The PC is on a NAT behind a WAN router. Can you suggest how I might supplement this protection, or refer to other documents in the forum?

Again, many thanks.

#7 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:10:17 AM

Posted 25 April 2007 - 07:30 PM

Your log is clean :thumbsup:
If all's ok,please do the following:

Find and delete:
C:\VundoFix Backups
C:\QooBox

Click on Start/All Programs/Accessories/System Tools/System Restore.
In the 'System Restore' window,click on the 'Create a Restore Point' button,then click 'Next'.
In the window that appears,enter a description\name for the Restore Point,then click on 'Create',wait,then click 'Close'.
The date and time will be created automatically.

Next click on Start/All Programs/Accessories/System Tools/Disk Cleanup.
The 'Select Drive' box will appear,click on Ok.
The 'Disk Cleanup for [C:]' box will appear,click on the 'More Options' tab.
At the bottom in the 'System Restore' window,click on the 'Clean up...' button.
A box will pop up 'Are you sure you want to delete all but the most recent restore point?',click on 'Yes'.
Click on 'Yes' at 'Are you sure you want to perform these actions?'.
Now wait until 'Disk Cleanup' finishes and the box disappears.

Read through the information found here,to help you prevent any possible future infections.
'How to prevent Malware' by miekiemoes:
http://users.telenet.be/bluepatchy/miekiem...prevention.html

As you can see I am currently running Norton AV, MS Windows Defender, and the MS Firewall in XP.
The PC is on a NAT behind a WAN router.
Can you suggest how I might supplement this protection, or refer to other documents in the forum?

You should be fine as you are,just make sure you read and follow all the info in the link above.
Posted Image
Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users