Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Ie Popups When Running Firefox


  • This topic is locked This topic is locked
17 replies to this topic

#1 WiccanWolf

WiccanWolf

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:07:48 PM

Posted 27 April 2007 - 06:03 PM

I've run spyware doctor and windows defender to try and get rid of this stuff. Windows Defender doesn't find anything and spyware doctor always finds medium and low risks which I always delete. Also, after every reboot symantec antivirus finds "InfoStealer" in my documents/settings/local/temp folder and it's always some random amount of letters with .dll after them. The letters are always different.

HJT log

MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [InfoData] rundll32.exe "C:\WINDOWS\system32\funnjaqc.dll",realset
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-US/a-UNO1/GAME_UNO1.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1172876256748
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = envent.biz
O17 - HKLM\Software\..\Telephony: DomainName = envent.biz
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = envent.biz
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = envent.biz
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe

O4 - HKLM\..\Run: [InfoData] rundll32.exe "C:\WINDOWS\system32\funnjaqc.dll",realset

This looks sucpicious to me and this is the third incarnation of this. I assume hubby "fixed" the first one. When I ran HJT after a reboot this came up again but the stuff after system32\ had different letters before the .dll. I know I deleted it, rebooted and ran it again and it was back with the same letters, I believe. I deleted it again but did not reboot. Now I ran another scan because I didn't keep logfiles of the others and it's back with these letters now.

Anyway, I never use IE if I can help it. Everytime I open a new firefox window I get an IE popup and then after the window has been up for awhile I'll get another one and a little while later another one. I get anything from WinAnitVirus Pro pop-ups and the like to "your chance to win" type pop ups. There is nothing suspicious in my add/remove programs or in my proccesses in the task menu. Hubby thinks the only thing to do is reformat which I don't want to do since I just did that recently with the installation of a bigger hard drive.

^.".^

Human in body. Wolf in spirit.


BC AdBot (Login to Remove)

 


#2 SNOWHITE

SNOWHITE

    missy malware magnet


  • Members
  • 2,676 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Bitola, Macedonia
  • Local time:12:48 AM

Posted 27 April 2007 - 06:27 PM

Hello WiccanWolf and welcome to BC :thumbsup:

My name is SNOWHITE and I will be helping you with your Malware problem.
As I am still in training I will be helping you under supervision of our expert teachers, so there may be a delay between posts. I will be analyzing your log now, and be back with you as soon as possible!

Regards,
SNOWHITE
Posted Image

#3 WiccanWolf

WiccanWolf
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:07:48 PM

Posted 27 April 2007 - 07:42 PM

Thank you. I was reading some of the other posts and decided to run a bitdefender scan as I thought it might help. Looks bad, I hope things can be fixed w/o having to reformat. *sigh*

Here that log:

BitDefender Online Scanner







Scan report generated at: Fri, Apr 27, 2007 - 19:56:34









Scan path: A:\;C:\;D:\;E:\;F:\;















Statistics

Time


00:47:27

Files


293284

Folders


4406

Boot Sectors


2

Archives


1552

Packed Files


16690







Results

Identified Viruses


3

Infected Files


6

Suspect Files


0

Warnings


0

Disinfected


0

Deleted Files


2







Engines Info

Virus Definitions


502198

Engine build


AVCORE v1.0 (build 2397) (i386) (Feb 8 2007 14:24:08)

Scan plugins


14

Archive plugins


38

Unpack plugins


6

E-mail plugins


6

System plugins


1







Scan Settings

First Action


Disinfect

Second Action


Delete

Heuristics


Yes

Enable Warnings


Yes

Scanned Extensions


*;

Exclude Extensions




Scan Emails


Yes

Scan Archives


Yes

Scan Packed


Yes

Scan Files


Yes

Scan Boot


Yes








Scanned File


Status

C:\WINDOWS\system32\dkdkxamb.dll


Infected with: Trojan.BHO.AR

C:\WINDOWS\system32\dkdkxamb.dll


Disinfection failed

C:\WINDOWS\system32\dkdkxamb.dll


Delete failed

C:\WINDOWS\system32\jkkhiii.dll


Infected with: MemScan:Trojan.Vundo.DLO

C:\WINDOWS\system32\jkkhiii.dll


Disinfection failed

C:\WINDOWS\system32\jkkhiii.dll


Delete failed

C:\WINDOWS\system32\mljgh.dll


Infected with: MemScan:Trojan.Vundo.AP

C:\WINDOWS\system32\mljgh.dll


Disinfection failed

C:\WINDOWS\system32\mljgh.dll


Delete failed

C:\WINDOWS\system32\qrrfkwit.dll


Infected with: Trojan.BHO.AR

C:\WINDOWS\system32\qrrfkwit.dll


Disinfection failed

C:\WINDOWS\system32\qrrfkwit.dll


Delete failed

C:\WINDOWS\system32\rcdgholp.dll


Infected with: Trojan.BHO.AR

C:\WINDOWS\system32\rcdgholp.dll


Disinfection failed

C:\WINDOWS\system32\rcdgholp.dll


Deleted

C:\WINDOWS\system32\xenydneg.dll


Infected with: Trojan.BHO.AR

C:\WINDOWS\system32\xenydneg.dll


Disinfection failed

C:\WINDOWS\system32\xenydneg.dll


Deleted

^.".^

Human in body. Wolf in spirit.


#4 SNOWHITE

SNOWHITE

    missy malware magnet


  • Members
  • 2,676 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Bitola, Macedonia
  • Local time:12:48 AM

Posted 28 April 2007 - 11:55 AM

Hello WiccanWolf :thumbsup:

Please read this post completely, it may make it easier for you if you copy and paste this post to a new text document or print it for reference later.

Step 1

Please go to UploadMalware to upload a suspicious file for analysis.
  • Enter your username from this forum
  • Copy and paste the link to this thread
  • Copy and paste this filepath into the Browse box:
    • C:\WINDOWS\system32\funnjaqc.dll
  • In the comments, please mention that I asked you to upload this file
  • Click on Send File
Thank you !

Step 2

Please download VundoFix.exe to your desktop
  • Double-click VundoFix.exe to run it.
  • Click the Scan for Vundo button.
  • Once it's done scanning, click the Remove Vundo button.
  • You will receive a prompt asking if you want to remove the files, click YES
  • Once you click yes, your desktop will go blank as it starts removing Vundo.
  • When completed, it will prompt that it will reboot your computer, click OK.
  • Please post the contents of C:\vundofix.txt and a new HiJackThis log in a reply to this thread.
Note: It is possible that VundoFix encountered a file it could not remove. In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button" when VundoFix appears upon rebooting.

Step 3

Please download Deckard's System Scanner (DSS) and save it to your Desktop.
  • Close all other windows before proceeding.
  • Double-click on dss.exe and follow the prompts.
  • When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.
Please post back with VundoFix report, dss scan reports main.txt and extra.txt :thumbup2

Edited by SNOWHITE, 28 April 2007 - 11:58 AM.

SNOWHITE
Posted Image

#5 WiccanWolf

WiccanWolf
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:07:48 PM

Posted 28 April 2007 - 02:06 PM

The file has been upload. I will get those other two done asap. Hubby wants to have a family day today. lol

^.".^

EDIT:

Deckard's System Scanner v20070426.43
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: AMD Athlon™ 64 Processor 3200+
Percentage of Memory in Use: 41%
Physical Memory (total/avail): 1023.48 MiB / 601.19 MiB
Pagefile Memory (total/avail): 2461.58 MiB / 2162.72 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1974.82 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 232.88 GiB total, 50.31 GiB free.
D: is CDROM (CDFS)
E: is CDROM (UDF)
F: is CDROM (No Media)
S: is Network (NTFS)


-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.

FirstRunDisabled is set.

AV: Symantec AntiVirus Corporate Edition v10.0.2.2000 (Symantec Corporation)


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\jess\Application Data
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=JESS1
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=S:
HOMEPATH=\
HOMESHARE=\\server1\files\jess
LOGONSERVER=\\SERVER1
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 47 Stepping 0, AuthenticAMD
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=2f00
ProgramFiles=C:\Program Files
PROMPT=$P$G
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\jess\LOCALS~1\Temp
TMP=C:\DOCUME~1\jess\LOCALS~1\Temp
USERDNSDOMAIN=ENVENT.BIZ
USERDOMAIN=ENVENT
USERNAME=jess
USERPROFILE=C:\Documents and Settings\jess
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

bleh (new local, admin, profile directory not found)
grant (admin, profile directory not found)
michaela (new local, admin, net ready, profile directory not found)
jess (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> C:\Program Files\Nero\Nero 7\\nero\uninstall\UNNERO.exe /UNINSTALL
--> C:\WINDOWS\UNNeroBackItUp.exe /UNINSTALL
--> C:\WINDOWS\UNNeroMediaHome.exe /UNINSTALL
--> C:\WINDOWS\UNNeroShowTime.exe /UNINSTALL
--> C:\WINDOWS\UNNeroVision.exe /UNINSTALL
--> C:\WINDOWS\UNRecode.exe /UNINSTALL
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
µTorrent --> "C:\Program Files\uTorrent\uninstall.exe"
7 Lands --> "C:\Program Files\7 Lands\ReflexiveArcade\unins000.exe"
A Pirates Legend --> "C:\Program Files\A Pirates Legend\ReflexiveArcade\unins000.exe"
Abra Academy --> "C:\Program Files\Abra Academy\Uninstall\uninstall.exe" "/U:C:\Program Files\Abra Academy\Uninstall\uninstall.xml"
Adobe Flash Player 9 ActiveX --> C:\WINDOWS\system32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete
Adobe Reader 8 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A80000000002}
Adobe Shockwave Player --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
Agatha Christie - Death on the Nile --> "C:\WINDOWS\Agatha Christie - Death on the Nile\uninstall.exe" "/U:C:\Program Files\Agatha Christie - Death on the Nile\Uninstall\uninstall.xml"
Ancient Mosaic --> "C:\Program Files\Ancient Mosaic\ReflexiveArcade\unins000.exe"
Angkor --> "C:\Program Files\Angkor\ReflexiveArcade\unins000.exe"
Big City Adventure - San Francisco --> "C:\WINDOWS\Big City Adventure - San Francisco\uninstall.exe" "/U:C:\Program Files\Big City Adventure - San Francisco\Uninstall\uninstall.xml"
Burger Rush --> "C:\Program Files\Burger Rush\ReflexiveArcade\unins000.exe"
Cash Cow --> "C:\Program Files\Cash Cow\ReflexiveArcade\unins000.exe"
Clayside --> "C:\Program Files\Clayside\ReflexiveArcade\unins000.exe"
Combined Community Codec Pack 2007-02-22 --> "C:\Program Files\Combined Community Codec Pack\unins000.exe"
Cool Edit Pro 2.1 --> C:\Program Files\coolpro2\cep2unin.exe
Cradle Of Rome --> "C:\Program Files\Cradle Of Rome\ReflexiveArcade\unins000.exe"
Crystal Maze --> "C:\Program Files\WildGames\Crystal Maze\Uninstall.exe"
Delicious Deluxe - Winter Edition --> "C:\WINDOWS\Delicious Deluxe - Winter Edition\uninstall.exe" "/U:C:\Program Files\Delicious Deluxe - Winter Edition\Uninstall\uninstall.xml"
Discord Times --> C:\Program Files\Alawar\DiscordTimes\Uninstall.exe
Fairy Godmother Tycoon (remove only) --> C:\Program Files\Fairy Godmother Tycoon\Uninstall.exe
Flower Shop Big City Break --> "C:\Program Files\Flower Shop Big City Break\ReflexiveArcade\unins000.exe"
HijackThis 1.99.1 --> \\Server1\files\grant\My Installs\Applications\Hijack This\HijackThis.exe /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Java™ SE Runtime Environment 6 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160000}
Java™ SE Runtime Environment 6 Update 1 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160010}
Little Shop Of Treasures --> "C:\Program Files\Little Shop Of Treasures\ReflexiveArcade\unins000.exe"
LiveUpdate 2.6 (Symantec Corporation) --> C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE /U
Mad Magic --> "C:\Program Files\Mad Magic\ReflexiveArcade\unins000.exe"
Magic Academy --> "C:\Program Files\Magic Academy\ReflexiveArcade\unins000.exe"
Magic Stones --> "C:\Program Files\Magic Stones\ReflexiveArcade\unins000.exe"
Microsoft Base Smart Card Cryptographic Service Provider Package --> "C:\WINDOWS\$NtUninstallbasecsp$\spuninst\spuninst.exe"
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Office Access MUI (English) 2007 --> MsiExec.exe /X{90120000-0015-0409-0000-0000000FF1CE}
Microsoft Office Access Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0117-0409-0000-0000000FF1CE}
Microsoft Office Excel MUI (English) 2007 --> MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (English) 2007 --> MsiExec.exe /X{90120000-0044-0409-0000-0000000FF1CE}
Microsoft Office Outlook MUI (English) 2007 --> MsiExec.exe /X{90120000-001A-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007 --> MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office Professional Plus 2007 --> "C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall PROPLUS /dll OSETUP.DLL
Microsoft Office Professional Plus 2007 --> MsiExec.exe /X{90120000-0011-0000-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007 --> MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007 --> MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007 --> MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007 --> MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Publisher MUI (English) 2007 --> MsiExec.exe /X{90120000-0019-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007 --> MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Word MUI (English) 2007 --> MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Mozilla Firefox (2.0.0.3) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSXML 6.0 Parser (KB927977) --> MsiExec.exe /I{5A710547-B58E-488B-828D-CA9A25A0533C}
Nero 7 --> MsiExec.exe /I{FC98FBE9-E931-494C-8717-497185371033}
Neverwinter Nights 2 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F20C1251-1D0A-4944-B2AE-678581B33B19}\SETUP.exe" -l0x9 -removeonly
NVIDIA Drivers --> C:\WINDOWS\system32\nvudisp.exe UninstallGUI
NvMixer --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D7A6C517-11F2-419F-B5BB-27772B939698}\Setup.exe" -uninstall
Oblivion --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{35CB6715-41F8-4F99-8881-6FC75BF054B0}\setup.exe" -l0x9 -removeonly
Oblivion - Horse Armor Pack --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3ABEBD00-299D-4DCA-967F-B912163AB5EA}\setup.exe" -l0x9 -removeonly
Oblivion - Knights of the Nine --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{14C87AA7-08E6-419F-A165-998EBE5023D7}\setup.exe" -l0x9 -removeonly
Oblivion - Mehrunes Razor --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EF295F5C-7B57-47AA-8889-6B3E8E214E89}\setup.exe" -l0x9 -removeonly
Oblivion - Orrery --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EC425CFC-EE78-4A91-AA25-3BFA65B75364}\setup.exe" -l0x9 -removeonly
Oblivion - Spell Tomes --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{16D919E6-F019-4E15-BFBE-4A85EF19DA57}\setup.exe" -l0x9 -removeonly
Oblivion - Thieves Den --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FFFFFD17-B460-41EB-93F1-C48ABAD63828}\setup.exe" -l0x9 -removeonly
Oblivion - Vile Lair --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{520F4B09-3A51-47A2-82B0-9FF1DC2D20FA}\setup.exe" -l0x9 -removeonly
Oblivion - Wizard's Tower --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2F2E3D62-8B8C-448F-8900-451325E50948}\setup.exe" -l0x9 -removeonly
Profitville --> "C:\WINDOWS\Profitville\uninstall.exe" "/U:C:\Program Files\Profitville\Uninstall\uninstall.xml"
Robbox --> "C:\Program Files\Robbox\ReflexiveArcade\unins000.exe"
Roboball --> "C:\Program Files\Roboball\ReflexiveArcade\unins000.exe"
Snowy. Fish Frenzy --> C:\Program Files\Alawar\Snowy Fish Frenzy\Uninstall.exe
Solitaire Pop --> "C:\Program Files\Solitaire Pop\ReflexiveArcade\unins000.exe"
Spyware Doctor 3.5 --> "C:\Program Files\Spyware Doctor\unins000.exe"
Symantec AntiVirus --> MsiExec.exe /I{46B63F23-2B4A-4525-A827-688026BE5E40}
Tasty Planet --> "C:\Program Files\Tasty Planet\ReflexiveArcade\unins000.exe"
Titan Quest --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{412B69AF-C352-4F6F-A318-B92B3CB9ACC6}\setup.exe" -l0x9 -removeonly
Titan Quest Immortal Throne --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B5C5C17E-FEF6-4062-8151-A427AE8AF9D7}\setup.exe" -l0x9 -removeonly
Update for Office 2007 (KB932080) --> msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {EDC9CA29-6BC1-471C-828C-7A36109005D7}
Update for Outlook 2007 Junk Email Filter (KB932338) --> msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {E90DA454-DE6C-45FA-A702-47B614A0159F}
Virtools 3D Life Player --> C:\Program Files\Virtools\3D Life Player\WebplayerConfig.exe -u
Winamp (remove only) --> "C:\Program Files\Winamp\UninstWA.exe"
Windows Communication Foundation --> MsiExec.exe /X{491DD792-AD81-429C-9EB4-86DD3D22E333}
Windows Defender --> MsiExec.exe /I{A06275F4-324B-4E85-95E6-87B2CD729401}
Windows Imaging Component --> "C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Live Messenger --> MsiExec.exe /I{571700F0-DB9D-4B3A-B03D-35A14BB5939F}
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Format SDK Hotfix - KB891122 --> "C:\WINDOWS\$NtUninstallKB891122$\spuninst\spuninst.exe"
Windows Presentation Foundation --> MsiExec.exe /X{BAF78226-3200-4DB4-BE33-4D922A799840}
Windows Workflow Foundation --> MsiExec.exe /I{7D1B85BD-AA07-48B8-808D-67A4067FC6BD}
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
XML Paper Specification Shared Components Pack 1.0 -->


-- End of Deckard's System Scanner: finished at 2007-04-28 at 20:00:06 ---------

Deckard's System Scanner v20070426.43
Run by jess on 2007-04-28 at 19:59:03
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

System Restore is disabled; attempting to re-enable...success.


-- Last 1 Restore Point(s) --
1: 2007-04-28 23:59:06 UTC - RP1 - System Checkpoint


Backed up registry hives.

Performed disk cleanup.


-- HijackThis (run as jess.exe) ------------------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 7:59:44 PM, on 4/28/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Documents and Settings\jess\Desktop\dss.exe
C:\PROGRA~1\HIJACK~1\jess.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {0E57EBDD-2BE6-4947-8445-CE5FD62F8067} - C:\WINDOWS\system32\qrrfkwit.dll
O2 - BHO: (no name) - {1F9844C5-0F3F-4CBC-82D7-F10001255F3e} - C:\WINDOWS\system32\qrrfkwit.dll
O2 - BHO: Big Fish Games Toolbar - {4E7BD74F-2B8D-469E-86BD-FD60BB9AAE3A} - C:\PROGRA~1\BFGTOO~1\BFGTOO~1.DLL (file missing)
O2 - BHO: (no name) - {5257B327-7D11-4519-92EF-DC250F10F25B} - C:\WINDOWS\system32\mljgh.dll (file missing)
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {9E93A147-E3F9-47AB-BAF0-915CCAAA7034} - C:\WINDOWS\system32\jkkhiii.dll (file missing)
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O2 - BHO: (no name) - {D651AFF4-9590-424d-BD1E-8E33E090DFB3} - C:\WINDOWS\system32\exvilkyo.dll
O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [InfoData] rundll32.exe "C:\WINDOWS\system32\funnjaqc.dll",realset
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-US/a-UNO1/GAME_UNO1.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1172876256748
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = envent.biz
O17 - HKLM\Software\..\Telephony: DomainName = envent.biz
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = envent.biz
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = envent.biz
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe


-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 ikhlayer (Kernel Anti-Spyware Driver) - c:\windows\system32\drivers\ikhlayer.sys <Not Verified; PCTools Research Pty Ltd.; Spyware Doctor>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R3 NMIndexingService - "c:\program files\common files\ahead\lib\nmindexingservice.exe" <Not Verified; Nero AG; Nero Home>

S3 NBService - c:\program files\nero\nero 7\nero backitup\nbservice.exe


-- Scheduled Tasks -------------------------------------------------------------

2007-04-28 15:14:26 330 --ah----- C:\WINDOWS\Tasks\MP Scheduled Scan.job


-- Files created between 2007-03-28 and 2007-04-28 -----------------------------

2007-04-28 19:58:19 0 d-------- S:\Deckard
2007-04-27 19:07:24 0 d-------- C:\WINDOWS\BDOSCAN8
2007-04-27 18:21:57 132660 --a------ C:\WINDOWS\system32\funnjaqc.dll
2007-04-27 18:12:50 131604 --a------ C:\WINDOWS\system32\dkdkxamb.dll
2007-04-27 17:39:28 131604 --a------ C:\WINDOWS\system32\qrrfkwit.dll
2007-04-27 17:27:15 0 d-------- C:\WINDOWS\pss
2007-04-26 23:06:13 0 d-------- C:\Documents and Settings\jess\Application Data\MusicIP
2007-04-26 14:46:03 0 dr------- C:\Documents and Settings\LocalService\Favorites
2007-04-26 14:30:28 49204 --a------ C:\WINDOWS\system32\exvilkyo.dll
2007-04-24 14:52:00 50048 --a------ C:\WINDOWS\system32\drivers\ikhlayer.sys <Not Verified; PCTools Research Pty Ltd.; Spyware Doctor>
2007-04-24 14:51:51 0 d-------- C:\Program Files\Spyware Doctor
2007-04-24 14:51:51 0 d-------- C:\Documents and Settings\jess\Application Data\PC Tools
2007-04-22 20:56:00 0 d-------- C:\Program Files\Bethesda Softworks
2007-04-21 18:19:14 0 d-------- C:\Program Files\Alawar
2007-04-19 19:53:49 0 d-------- C:\Documents and Settings\jess\Saved Games
2007-04-19 19:53:49 0 d-------- C:\Documents and Settings\jess\Application Data\FloodLightGames
2007-04-19 19:53:49 0 d-------- C:\Documents and Settings\All Users\Application Data\FloodLightGames
2007-04-19 19:53:27 0 d-------- C:\WINDOWS\Agatha Christie - Death on the Nile
2007-04-19 19:53:27 0 d-------- C:\Program Files\Agatha Christie - Death on the Nile
2007-04-19 18:59:23 0 d-------- C:\Program Files\A Pirates Legend
2007-04-17 02:27:52 0 d-------- C:\WINDOWS\Delicious Deluxe - Winter Edition
2007-04-17 02:27:52 0 d-------- C:\Program Files\Delicious Deluxe - Winter Edition
2007-04-17 01:29:54 0 d-------- C:\Program Files\Mad Magic
2007-04-15 22:32:41 0 d-------- C:\Documents and Settings\All Users\Application Data\JollyBear
2007-04-15 22:32:27 0 d-------- C:\WINDOWS\Big City Adventure - San Francisco
2007-04-15 22:32:27 0 d-------- C:\Program Files\Big City Adventure - San Francisco
2007-04-14 20:12:02 0 d-------- C:\Program Files\DAEMON Tools
2007-04-14 20:09:17 682232 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2007-04-13 17:53:01 0 d-------- C:\Program Files\Little Shop Of Treasures
2007-04-10 21:17:20 0 d-------- C:\Documents and Settings\jess\Application Data\Magic Stones
2007-04-10 20:59:21 0 d-------- C:\Program Files\Magic Stones
2007-04-10 20:57:21 0 d-------- C:\Documents and Settings\All Users\Application Data\WildTangent
2007-04-10 20:57:17 0 d-------- C:\Program Files\WildGames
2007-04-10 17:07:18 0 d-------- C:\Program Files\Winamp
2007-04-09 23:29:49 0 d-------- C:\WINDOWS\Profitville
2007-04-09 23:29:49 0 d-------- C:\Program Files\Profitville
2007-04-09 16:07:08 0 d-------- C:\Documents and Settings\jess\Games
2007-04-09 14:56:41 0 d-------- C:\Program Files\7 Lands
2007-04-07 17:33:09 0 d-------- C:\Program Files\The Poppit Show
2007-04-07 02:35:25 0 d-------- C:\Program Files\Cash Cow
2007-04-05 13:59:21 0 d-------- C:\Program Files\Burger Rush
2007-04-04 20:44:12 0 d-------- C:\Documents and Settings\jess\Application Data\Magic Academy
2007-04-04 20:43:27 0 d-------- C:\Program Files\Magic Academy
2007-04-02 19:10:50 0 d-------- C:\Documents and Settings\jess\Application Data\Alawar
2007-04-02 19:09:34 0 d-------- C:\Program Files\Roboball
2007-04-02 18:54:32 0 d-------- C:\Documents and Settings\All Users\Application Data\TERMINAL Studio
2007-04-01 14:09:40 0 dr-h----- C:\Documents and Settings\jess\Application Data\SecuROM
2007-04-01 13:33:39 0 d-------- C:\Program Files\Atari


-- Find3M Report ---------------------------------------------------------------

2007-04-28 15:11:43 0 d-------- C:\Program Files\Symantec AntiVirus
2007-04-28 15:10:16 0 d-------- C:\Documents and Settings\jess\Application Data\uTorrent
2007-04-25 17:31:15 0 d-------- C:\Program Files\THQ
2007-04-25 17:31:12 0 d--h----- C:\Program Files\InstallShield Installation Information
2007-04-25 08:04:36 0 d-------- C:\Program Files\uTorrent
2007-04-20 05:05:12 0 d-------- C:\Program Files\coolpro2
2007-04-18 00:04:48 0 d-------- C:\Program Files\Java
2007-04-09 14:58:25 0 d-------- C:\Documents and Settings\jess\Application Data\PlayFirst
2007-03-27 22:00:16 1125 --a------ C:\WINDOWS\mozver.dat
2007-03-27 22:00:14 0 d-------- C:\Program Files\Virtools
2007-03-27 01:25:07 0 d-------- C:\Program Files\Robbox
2007-03-23 22:03:22 0 d-------- C:\Program Files\Birdies
2007-03-23 16:25:43 0 d-------- C:\Program Files\Clayside
2007-03-22 20:25:02 124928 -----n--- C:\WINDOWS\system32\prntvpt.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-03-19 16:21:36 0 d-------- C:\Program Files\Abra Academy
2007-03-17 19:14:43 0 d-------- C:\Program Files\Tasty Planet
2007-03-16 21:37:41 98304 --a------ C:\WINDOWS\system32\CmdLineExt.dll <Not Verified; Sony DADC Austria AG.; >
2007-03-14 17:07:03 0 d-------- C:\Program Files\Fairy Godmother Tycoon
2007-03-12 04:45:08 0 d-------- C:\Documents and Settings\jess\Application Data\Ahead
2007-03-12 04:41:57 0 d-------- C:\Program Files\Common Files\Ahead
2007-03-12 04:40:17 0 d-------- C:\Program Files\Nero
2007-03-12 04:07:45 0 d-------- C:\Documents and Settings\jess\Application Data\Syntrillium
2007-03-10 15:14:09 0 d-------- C:\Documents and Settings\jess\Application Data\Chicken Chase
2007-03-10 04:10:17 0 d-------- C:\Documents and Settings\jess\Application Data\Angkor
2007-03-10 03:59:45 0 d-------- C:\Program Files\Angkor
2007-03-05 18:49:59 0 d-------- C:\Documents and Settings\jess\Application Data\Sun
2007-03-05 17:21:03 0 d-------- C:\Documents and Settings\jess\Application Data\Macromedia
2007-03-04 23:43:37 0 d-------- C:\Program Files\Combined Community Codec Pack
2007-03-04 17:54:04 0 d-------- C:\Program Files\Cradle Of Rome
2007-03-04 13:53:27 0 d-------- C:\Documents and Settings\jess\Application Data\Adobe
2007-03-04 13:44:39 0 d-------- C:\Program Files\MSN Messenger
2007-03-03 21:21:37 0 d-------- C:\Program Files\Flower Shop Big City Break
2007-03-03 21:21:32 4096 --a------ C:\WINDOWS\d3dx.dat
2007-03-03 21:03:11 0 d-------- C:\Program Files\Solitaire Pop
2007-03-02 23:27:57 0 d-------- C:\Program Files\Ancient Mosaic
2007-03-02 23:23:29 0 d-------- C:\Program Files\ReflexiveArcade
2007-03-02 22:31:23 0 d-------- C:\Documents and Settings\jess\Application Data\Mozilla
2007-03-02 22:28:18 0 d-------- C:\Documents and Settings\jess\Application Data\Identities
2007-03-02 19:57:23 0 d-------- C:\Program Files\Common Files\Java
2007-03-02 19:53:58 0 d-------- C:\Program Files\Common Files\Adobe
2007-03-02 19:48:02 0 --a------ C:\WINDOWS\nsreg.dat
2007-03-02 19:46:02 0 d-------- C:\Program Files\Windows Defender
2007-03-02 19:22:38 0 d-------- C:\Program Files\Windows Media Connect 2
2007-03-02 19:20:17 0 d-------- C:\Program Files\MSBuild
2007-03-02 19:17:47 0 d-------- C:\Program Files\Reference Assemblies
2007-03-02 19:10:21 0 d-------- C:\Program Files\Messenger
2007-03-02 18:55:15 0 d-------- C:\Program Files\Microsoft Works
2007-03-02 18:41:39 0 d-------- C:\Program Files\Common Files\Symantec Shared
2007-03-02 18:40:55 0 d-------- C:\Program Files\Symantec
2007-03-02 18:30:39 0 d-------- C:\Program Files\NVIDIA Corporation
2007-03-02 18:30:39 0 d-------- C:\Program Files\Common Files\NVIDIA Shared
2007-03-02 18:30:38 0 d-------- C:\Program Files\Common Files\InstallShield
2007-03-02 18:22:41 0 d-------- C:\Program Files\microsoft frontpage
2007-03-02 18:21:20 0 d--h----- C:\Program Files\WindowsUpdate
2007-03-02 18:20:39 0 d-------- C:\Program Files\Common Files\MSSoap
2007-03-02 18:20:32 0 d-------- C:\Program Files\Movie Maker
2007-03-02 18:19:52 21640 --a------ C:\WINDOWS\system32\emptyregdb.dat
2007-03-02 18:19:34 0 d-------- C:\Program Files\Online Services
2007-03-02 18:19:27 0 d-------- C:\Program Files\MSN Gaming Zone
2007-03-02 18:19:19 0 d-------- C:\Program Files\Windows NT
2007-03-02 13:12:55 0 d-------- C:\Program Files\Common Files\ODBC
2007-03-02 13:12:52 0 d-------- C:\Program Files\Common Files\SpeechEngines
2007-03-02 13:12:30 62 --ahs---- C:\Documents and Settings\jess\Application Data\desktop.ini


-- Registry Dump ---------------------------------------------------------------

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{0E57EBDD-2BE6-4947-8445-CE5FD62F8067} C:\WINDOWS\system32\qrrfkwit.dll
{1F9844C5-0F3F-4CBC-82D7-F10001255F3e} C:\WINDOWS\system32\qrrfkwit.dll
{4E7BD74F-2B8D-469E-86BD-FD60BB9AAE3A} C:\PROGRA~1\BFGTOO~1\BFGTOO~1.DLL [x]
{5257B327-7D11-4519-92EF-DC250F10F25B} C:\WINDOWS\system32\mljgh.dll [x]
{5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
{9E93A147-E3F9-47AB-BAF0-915CCAAA7034} C:\WINDOWS\system32\jkkhiii.dll [x]
{B56A7D7D-6927-48C8-A975-17DF180C71AC} C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
{D651AFF4-9590-424d-BD1E-8E33E090DFB3} C:\WINDOWS\system32\exvilkyo.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"NVMixerTray"="\"C:\\Program Files\\NVIDIA Corporation\\NvMixer\\NVMixerTray.exe\""
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"nwiz"="nwiz.exe /install"
"NvMediaCenter"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvMcTray.dll,NvTaskbarInit"
"ccApp"="\"C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\""
"vptray"="C:\\PROGRA~1\\SYMANT~1\\VPTray.exe"
"Windows Defender"="\"C:\\Program Files\\Windows Defender\\MSASCui.exe\" -hide"
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.6.0_01\\bin\\jusched.exe\""
"NeroFilterCheck"="C:\\Program Files\\Common Files\\Ahead\\Lib\\NeroCheck.exe"
"InfoData"="rundll32.exe \"C:\\WINDOWS\\system32\\funnjaqc.dll\",realset"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"MsnMsgr"="\"C:\\Program Files\\MSN Messenger\\MsnMsgr.Exe\" /background"
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="\"C:\\Program Files\\Common Files\\Ahead\\Lib\\NMBgMonitor.exe\""

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"Spyware Doctor"="\"C:\\Program Files\\Spyware Doctor\\swdoctor.exe\" /Q"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"disablecad"=dword:00000000
"LogonType"=dword:00000000

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoWelcomeScreen"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{9E93A147-E3F9-47AB-BAF0-915CCAAA7034}"=""

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa
Authentication Packages REG_MULTI_SZ msv1_0\0\0
Security Packages REG_MULTI_SZ kerberos\0msv1_0\0schannel\0wdigest\0\0
Notification Packages REG_MULTI_SZ scecli\0\0


[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
WudfServiceGroup REG_MULTI_SZ WUDFSvc\0\0



-- End of Deckard's System Scanner: finished at 2007-04-28 at 20:00:06 ---------


Sorry for the length. I couldn't figure out where these two reports were being stored or I would have put them in an attachment instead of this.

^.".^

VundoFix V6.3.20

Checking Java version...

Scan started at 3:05:07 PM 4/28/2007

Listing files found while scanning....

C:\WINDOWS\system32\hgjlm.bak1
C:\WINDOWS\system32\hgjlm.bak2
C:\WINDOWS\system32\hgjlm.ini
C:\WINDOWS\system32\hgjlm.ini2
C:\WINDOWS\system32\hgjlm.tmp
C:\WINDOWS\system32\jkkhiii.dll
C:\WINDOWS\system32\mljgh.dll

Beginning removal...

Attempting to delete C:\WINDOWS\system32\hgjlm.bak1
C:\WINDOWS\system32\hgjlm.bak1 Has been deleted!

Attempting to delete C:\WINDOWS\system32\hgjlm.bak2
C:\WINDOWS\system32\hgjlm.bak2 Has been deleted!

Attempting to delete C:\WINDOWS\system32\hgjlm.ini
C:\WINDOWS\system32\hgjlm.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\hgjlm.ini2
C:\WINDOWS\system32\hgjlm.ini2 Has been deleted!

Attempting to delete C:\WINDOWS\system32\hgjlm.tmp
C:\WINDOWS\system32\hgjlm.tmp Has been deleted!

Attempting to delete C:\WINDOWS\system32\jkkhiii.dll
C:\WINDOWS\system32\jkkhiii.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\mljgh.dll
C:\WINDOWS\system32\mljgh.dll Has been deleted!

Performing Repairs to the registry.
Done!

Edited by illukka, 29 April 2007 - 11:30 PM.

Human in body. Wolf in spirit.


#6 SNOWHITE

SNOWHITE

    missy malware magnet


  • Members
  • 2,676 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Bitola, Macedonia
  • Local time:12:48 AM

Posted 30 April 2007 - 05:10 AM

Hello WiccanWolf :thumbsup:

Download this program:

submit files packer

Highlight the files listed below in bold and right-click and selecting copy.

C:\WINDOWS\system32\qrrfkwit.dll
C:\WINDOWS\system32\dkdkxamb.dll
C:\WINDOWS\system32\exvilkyo.dll


Then start the file packer program and right click in the white box and select paste to paste the copied file names in the field.

Then press the Continue button.

It will create an archive with these files and a small log on your Desktop that starts with a name like requested-file[date].cab.

Rename this file to WiccanWolf.cab

Then go to:
UploadMalware
  • Enter your username from this forum
  • Copy and paste the link to this thread
  • Browse for this filename: WiccanWolf.cab
  • In the comments, please mention that I asked you to upload this file
  • Click on Send File
Next,

Please re-open HiJackThis and click on "Do a system scan only". Check the boxes next to all the entries listed below.

O2 - BHO: (no name) - {0E57EBDD-2BE6-4947-8445-CE5FD62F8067} - C:\WINDOWS\system32\qrrfkwit.dll
O2 - BHO: (no name) - {1F9844C5-0F3F-4CBC-82D7-F10001255F3e} - C:\WINDOWS\system32\qrrfkwit.dll
O2 - BHO: Big Fish Games Toolbar - {4E7BD74F-2B8D-469E-86BD-FD60BB9AAE3A} - C:\PROGRA~1\BFGTOO~1\BFGTOO~1.DLL (file missing)
O2 - BHO: (no name) - {5257B327-7D11-4519-92EF-DC250F10F25B} - C:\WINDOWS\system32\mljgh.dll (file missing)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {9E93A147-E3F9-47AB-BAF0-915CCAAA7034} - C:\WINDOWS\system32\jkkhiii.dll (file missing)
O2 - BHO: (no name) - {D651AFF4-9590-424d-BD1E-8E33E090DFB3} - C:\WINDOWS\system32\exvilkyo.dll
O4 - HKLM\..\Run: [InfoData] rundll32.exe "C:\WINDOWS\system32\funnjaqc.dll",realset
Next 4 entries fix them only if you do not recognize the domain as belonging to your ISP or company:
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = envent.biz
O17 - HKLM\Software\..\Telephony: DomainName = envent.biz
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = envent.biz
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = envent.biz


Now close all windows other than HiJackThis, then click Fix Checked. Close HiJackThis.

Please download the OTMoveIt by OldTimer.
  • Save it to your desktop.
  • Please double-click OTMoveIt.exe to run it.
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):

    C:\WINDOWS\system32\qrrfkwit.dll
    C:\WINDOWS\system32\exvilkyo.dll
    C:\WINDOWS\system32\funnjaqc.dll


  • Return to OTMoveIt, right click on the "Paste List of Files/Folders to be moved" window and choose Paste.
  • Click the red Moveit! button.
  • Copy everything on the Results window to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it on your next reply.
  • Close OTMoveIt
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.


Please download ATF Cleaner by Atribune.
This program is for XP and Windows 2000 only

download AVG Anti-Spyware from HERE and save that file to your desktop.
This is a 30 day trial of the program
  • Once you have downloaded AVG Anti-Spyware, locate the icon on the desktop and double-click it to launch the set up program.
  • Once the setup is complete you will need run AVG Anti-Spyware and update the definition files.
  • On the main screen select the icon "Update" then select the "Update now" link.
    • Next select the "Start Update" button, the update will start and a progress bar will show the updates being installed.
  • Once the update has completed select the "Scanner" icon at the top of the screen, then select the "Settings" tab.
  • Once in the Settings screen click on "Recommended actions" and then select "Quarantine".
  • Under "Reports"
    • Select "Automatically generate report after every scan"
    • Un-Select "Only if threats were found"
Close AVG Anti-Spyware, Do Not run a scan just yet, we will shortly.
  • Reboot your computer into SafeMode. You can do this by restarting your computer and continually tapping the F8 key until a menu appears. Use your up arrow key to highlight SafeMode then hit enter.
    • Double-click ATF-Cleaner.exe to run the program.
      Under Main choose: Select All
      Click the Empty Selected button.
    If you use Firefox browserClick Firefox at the top and choose: Select All
    Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click No at the prompt.
    If you use Opera browserClick Opera at the top and choose: Select All
    Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click No at the prompt.
    Click Exit on the Main menu to close the program.
    For Technical Support, double-click the e-mail address located at the bottom of each menu.

    IMPORTANT: Do not open any other windows or programs while AVG Anti-Spyware is scanning, it may interfere with the scanning proccess:
  • Lauch AVG Anti-Spyware by double-clicking the icon on your desktop.
  • Select the "Scanner" icon at the top and then the "Scan" tab then click on "Complete System Scan".
  • AVG Anti-Spyware will now begin the scanning process, be patient this may take a little time.
    Once the scan is complete do the following:
  • If you have any infections you will prompted, then select "Apply all actions"
  • Next select the "Reports" icon at the top.
  • Select the "Save report as" button in the lower left hand of the screen and save it to a text file on your system (make sure to remember where you saved that file, this is important).
  • Close AVG Anti-Spyware and reboot your system back into Normal Mode and post the results of the AVG Anti-Spyware report scan.
Post back with OTMoveIt report, AVG Anti-Spyware report scan, run new scan with dss and post the contents of main.txt.

Sorry for the length. I couldn't figure out where these two reports were being stored or I would have put them in an attachment instead of this.


You can reply in more posts, don't attach the files :flowers:

Regards,
SNOWHITE
Posted Image

#7 WiccanWolf

WiccanWolf
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:07:48 PM

Posted 30 April 2007 - 08:01 AM

Alright. Things have been removed from HJT. envent.biz is our in-house domain so no worries there. Malware thingy is uploaded.

Reportage:

File/Folder C:\WINDOWS\system32\qrrfkwit.dll not found.
File/Folder C:\WINDOWS\system32\exvilkyo.dll not found.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\funnjaqc.dll
C:\WINDOWS\system32\funnjaqc.dll NOT unregistered.
C:\WINDOWS\system32\funnjaqc.dll moved successfully.

Created on 04/30/2007 08:33:40

Note on the not found...Symantec found Trojan.Vundo...last night and removed it so that may be why those files aren't found now.

Will post the others when I get the antivirus program to update...it keeps telling me the server isn't ready to serve and to try again later.

Edit: I continue to try and update AGV and I was going to get some tech support but they won't let me until I buy it. It says in my "info" that I don't get premium updates...perhaps with this newest addition updates are no longer available with the trial versions?

^.".^

Edited by WiccanWolf, 30 April 2007 - 10:58 AM.

Human in body. Wolf in spirit.


#8 SNOWHITE

SNOWHITE

    missy malware magnet


  • Members
  • 2,676 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Bitola, Macedonia
  • Local time:12:48 AM

Posted 30 April 2007 - 01:21 PM

Edit: I continue to try and update AGV and I was going to get some tech support but they won't let me until I buy it. It says in my "info" that I don't get premium updates...perhaps with this newest addition updates are no longer available with the trial versions?

^.".^


There is problem with the server :thumbsup:
Go here http://www.ewido.net/en/download/updates/ scroll down to Full database Click the download button, install the update then follow the steps for running scan in Safe Mode, post the report.
SNOWHITE
Posted Image

#9 WiccanWolf

WiccanWolf
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:07:48 PM

Posted 30 April 2007 - 07:17 PM

There is problem with the server :thumbsup:
Go here http://www.ewido.net/en/download/updates/ scroll down to Full database Click the download button, install the update then follow the steps for running scan in Safe Mode, post the report.


Well, that site is super slow. I've been waiting for about 10 minutes and it's still loading. I got it to actually update earlier today so I think I should be fine. I'll have the reports here shortly.

^.".^

Human in body. Wolf in spirit.


#10 WiccanWolf

WiccanWolf
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:07:48 PM

Posted 30 April 2007 - 08:31 PM

Deckard's System Scanner v20070426.43
Run by jess on 2007-04-30 at 21:26:07
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as jess.exe) ------------------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 9:26:09 PM, on 4/30/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\userinit.exe
C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Documents and Settings\jess\Desktop\dss.exe
C:\PROGRA~1\HIJACK~1\jess.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-US/a-UNO1/GAME_UNO1.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1172876256748
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = envent.biz
O17 - HKLM\Software\..\Telephony: DomainName = envent.biz
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = envent.biz
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = envent.biz
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe


-- Files created between 2007-03-30 and 2007-04-30 -----------------------------

2007-04-30 20:29:25 0 d--h----- C:\Documents and Settings\@dmin\Templates
2007-04-30 20:29:25 0 dr------- C:\Documents and Settings\@dmin\Start Menu
2007-04-30 20:29:25 0 dr-h----- C:\Documents and Settings\@dmin\SendTo
2007-04-30 20:29:25 0 d--h----- C:\Documents and Settings\@dmin\Recent
2007-04-30 20:29:25 0 d--h----- C:\Documents and Settings\@dmin\PrintHood
2007-04-30 20:29:25 524288 --ah----- C:\Documents and Settings\@dmin\NTUSER.DAT
2007-04-30 20:29:25 0 d--h----- C:\Documents and Settings\@dmin\NetHood
2007-04-30 20:29:25 0 d-------- C:\Documents and Settings\@dmin\My Documents
2007-04-30 20:29:25 0 d--h----- C:\Documents and Settings\@dmin\Local Settings
2007-04-30 20:29:25 0 d-------- C:\Documents and Settings\@dmin\Favorites
2007-04-30 20:29:25 0 d-------- C:\Documents and Settings\@dmin\Desktop
2007-04-30 20:29:25 0 d--hs---- C:\Documents and Settings\@dmin\Cookies
2007-04-30 20:29:25 0 dr-h----- C:\Documents and Settings\@dmin\Application Data
2007-04-30 20:29:25 0 d---s---- C:\Documents and Settings\@dmin\Application Data\Microsoft
2007-04-30 00:11:13 0 d-------- C:\Program Files\Koi Solitaire
2007-04-28 19:58:19 0 d-------- S:\Deckard
2007-04-27 19:07:24 0 d-------- C:\WINDOWS\BDOSCAN8
2007-04-27 17:27:15 0 d-------- C:\WINDOWS\pss
2007-04-26 23:06:13 0 d-------- C:\Documents and Settings\jess\Application Data\MusicIP
2007-04-26 14:46:03 0 dr------- C:\Documents and Settings\LocalService\Favorites
2007-04-24 14:52:00 50048 --a------ C:\WINDOWS\system32\drivers\ikhlayer.sys <Not Verified; PCTools Research Pty Ltd.; Spyware Doctor>
2007-04-24 14:51:51 0 d-------- C:\Program Files\Spyware Doctor
2007-04-24 14:51:51 0 d-------- C:\Documents and Settings\jess\Application Data\PC Tools
2007-04-22 20:56:00 0 d-------- C:\Program Files\Bethesda Softworks
2007-04-21 18:19:14 0 d-------- C:\Program Files\Alawar
2007-04-19 19:53:49 0 d-------- C:\Documents and Settings\jess\Saved Games
2007-04-19 19:53:49 0 d-------- C:\Documents and Settings\jess\Application Data\FloodLightGames
2007-04-19 19:53:49 0 d-------- C:\Documents and Settings\All Users\Application Data\FloodLightGames
2007-04-19 19:53:27 0 d-------- C:\WINDOWS\Agatha Christie - Death on the Nile
2007-04-19 19:53:27 0 d-------- C:\Program Files\Agatha Christie - Death on the Nile
2007-04-19 18:59:23 0 d-------- C:\Program Files\A Pirates Legend
2007-04-17 02:27:52 0 d-------- C:\WINDOWS\Delicious Deluxe - Winter Edition
2007-04-17 02:27:52 0 d-------- C:\Program Files\Delicious Deluxe - Winter Edition
2007-04-17 01:29:54 0 d-------- C:\Program Files\Mad Magic
2007-04-15 22:32:41 0 d-------- C:\Documents and Settings\All Users\Application Data\JollyBear
2007-04-15 22:32:27 0 d-------- C:\WINDOWS\Big City Adventure - San Francisco
2007-04-15 22:32:27 0 d-------- C:\Program Files\Big City Adventure - San Francisco
2007-04-14 20:12:02 0 d-------- C:\Program Files\DAEMON Tools
2007-04-14 20:09:17 682232 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2007-04-13 17:53:01 0 d-------- C:\Program Files\Little Shop Of Treasures
2007-04-10 21:17:20 0 d-------- C:\Documents and Settings\jess\Application Data\Magic Stones
2007-04-10 20:59:21 0 d-------- C:\Program Files\Magic Stones
2007-04-10 20:57:21 0 d-------- C:\Documents and Settings\All Users\Application Data\WildTangent
2007-04-10 20:57:17 0 d-------- C:\Program Files\WildGames
2007-04-10 17:07:18 0 d-------- C:\Program Files\Winamp
2007-04-09 23:29:49 0 d-------- C:\WINDOWS\Profitville
2007-04-09 23:29:49 0 d-------- C:\Program Files\Profitville
2007-04-09 16:07:08 0 d-------- C:\Documents and Settings\jess\Games
2007-04-09 14:56:41 0 d-------- C:\Program Files\7 Lands
2007-04-07 17:33:09 0 d-------- C:\Program Files\The Poppit Show
2007-04-07 02:35:25 0 d-------- C:\Program Files\Cash Cow
2007-04-05 13:59:21 0 d-------- C:\Program Files\Burger Rush
2007-04-04 20:44:12 0 d-------- C:\Documents and Settings\jess\Application Data\Magic Academy
2007-04-04 20:43:27 0 d-------- C:\Program Files\Magic Academy
2007-04-02 19:10:50 0 d-------- C:\Documents and Settings\jess\Application Data\Alawar
2007-04-02 19:09:34 0 d-------- C:\Program Files\Roboball
2007-04-02 18:54:32 0 d-------- C:\Documents and Settings\All Users\Application Data\TERMINAL Studio
2007-04-01 14:09:40 0 dr-h----- C:\Documents and Settings\jess\Application Data\SecuROM
2007-04-01 13:33:39 0 d-------- C:\Program Files\Atari


-- Find3M Report ---------------------------------------------------------------

2007-04-30 21:25:16 0 d-------- C:\Program Files\Symantec AntiVirus
2007-04-30 20:21:28 0 d-------- C:\Documents and Settings\jess\Application Data\uTorrent
2007-04-30 08:05:53 0 d-------- C:\Documents and Settings\jess\Application Data\PlayFirst
2007-04-25 17:31:15 0 d-------- C:\Program Files\THQ
2007-04-25 17:31:12 0 d--h----- C:\Program Files\InstallShield Installation Information
2007-04-25 08:04:36 0 d-------- C:\Program Files\uTorrent
2007-04-18 00:04:48 0 d-------- C:\Program Files\Java
2007-03-27 22:00:16 1125 --a------ C:\WINDOWS\mozver.dat
2007-03-27 22:00:14 0 d-------- C:\Program Files\Virtools
2007-03-27 01:25:07 0 d-------- C:\Program Files\Robbox
2007-03-23 22:03:22 0 d-------- C:\Program Files\Birdies
2007-03-23 16:25:43 0 d-------- C:\Program Files\Clayside
2007-03-22 20:25:02 124928 -----n--- C:\WINDOWS\system32\prntvpt.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-03-19 16:21:36 0 d-------- C:\Program Files\Abra Academy
2007-03-17 19:14:43 0 d-------- C:\Program Files\Tasty Planet
2007-03-16 21:37:41 98304 --a------ C:\WINDOWS\system32\CmdLineExt.dll <Not Verified; Sony DADC Austria AG.; >
2007-03-14 17:07:03 0 d-------- C:\Program Files\Fairy Godmother Tycoon
2007-03-12 04:45:08 0 d-------- C:\Documents and Settings\jess\Application Data\Ahead
2007-03-12 04:41:57 0 d-------- C:\Program Files\Common Files\Ahead
2007-03-12 04:40:17 0 d-------- C:\Program Files\Nero
2007-03-12 04:07:45 0 d-------- C:\Documents and Settings\jess\Application Data\Syntrillium
2007-03-10 04:10:17 0 d-------- C:\Documents and Settings\jess\Application Data\Angkor
2007-03-10 03:59:45 0 d-------- C:\Program Files\Angkor
2007-03-05 18:49:59 0 d-------- C:\Documents and Settings\jess\Application Data\Sun
2007-03-05 17:21:03 0 d-------- C:\Documents and Settings\jess\Application Data\Macromedia
2007-03-04 23:43:37 0 d-------- C:\Program Files\Combined Community Codec Pack
2007-03-04 17:54:04 0 d-------- C:\Program Files\Cradle Of Rome
2007-03-04 13:53:27 0 d-------- C:\Documents and Settings\jess\Application Data\Adobe
2007-03-04 13:44:39 0 d-------- C:\Program Files\MSN Messenger
2007-03-03 21:21:37 0 d-------- C:\Program Files\Flower Shop Big City Break
2007-03-03 21:21:32 4096 --a------ C:\WINDOWS\d3dx.dat
2007-03-03 21:03:11 0 d-------- C:\Program Files\Solitaire Pop
2007-03-02 23:27:57 0 d-------- C:\Program Files\Ancient Mosaic
2007-03-02 23:23:29 0 d-------- C:\Program Files\ReflexiveArcade
2007-03-02 22:31:23 0 d-------- C:\Documents and Settings\jess\Application Data\Mozilla
2007-03-02 22:28:18 0 d-------- C:\Documents and Settings\jess\Application Data\Identities
2007-03-02 19:57:23 0 d-------- C:\Program Files\Common Files\Java
2007-03-02 19:53:58 0 d-------- C:\Program Files\Common Files\Adobe
2007-03-02 19:48:02 0 --a------ C:\WINDOWS\nsreg.dat
2007-03-02 19:46:02 0 d-------- C:\Program Files\Windows Defender
2007-03-02 19:22:38 0 d-------- C:\Program Files\Windows Media Connect 2
2007-03-02 19:20:17 0 d-------- C:\Program Files\MSBuild
2007-03-02 19:17:47 0 d-------- C:\Program Files\Reference Assemblies
2007-03-02 19:10:21 0 d-------- C:\Program Files\Messenger
2007-03-02 18:55:15 0 d-------- C:\Program Files\Microsoft Works
2007-03-02 18:41:39 0 d-------- C:\Program Files\Common Files\Symantec Shared
2007-03-02 18:40:55 0 d-------- C:\Program Files\Symantec
2007-03-02 18:30:39 0 d-------- C:\Program Files\NVIDIA Corporation
2007-03-02 18:30:39 0 d-------- C:\Program Files\Common Files\NVIDIA Shared
2007-03-02 18:30:38 0 d-------- C:\Program Files\Common Files\InstallShield
2007-03-02 18:22:41 0 d-------- C:\Program Files\microsoft frontpage
2007-03-02 18:21:20 0 d--h----- C:\Program Files\WindowsUpdate
2007-03-02 18:20:39 0 d-------- C:\Program Files\Common Files\MSSoap
2007-03-02 18:20:32 0 d-------- C:\Program Files\Movie Maker
2007-03-02 18:19:52 21640 --a------ C:\WINDOWS\system32\emptyregdb.dat
2007-03-02 18:19:34 0 d-------- C:\Program Files\Online Services
2007-03-02 18:19:27 0 d-------- C:\Program Files\MSN Gaming Zone
2007-03-02 18:19:19 0 d-------- C:\Program Files\Windows NT
2007-03-02 13:12:55 0 d-------- C:\Program Files\Common Files\ODBC
2007-03-02 13:12:52 0 d-------- C:\Program Files\Common Files\SpeechEngines
2007-03-02 13:12:30 62 --ahs---- C:\Documents and Settings\jess\Application Data\desktop.ini


-- Registry Dump ---------------------------------------------------------------

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
{B56A7D7D-6927-48C8-A975-17DF180C71AC} C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"NVMixerTray"="\"C:\\Program Files\\NVIDIA Corporation\\NvMixer\\NVMixerTray.exe\""
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"nwiz"="nwiz.exe /install"
"NvMediaCenter"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvMcTray.dll,NvTaskbarInit"
"ccApp"="\"C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\""
"vptray"="C:\\PROGRA~1\\SYMANT~1\\VPTray.exe"
"Windows Defender"="\"C:\\Program Files\\Windows Defender\\MSASCui.exe\" -hide"
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.6.0_01\\bin\\jusched.exe\""
"NeroFilterCheck"="C:\\Program Files\\Common Files\\Ahead\\Lib\\NeroCheck.exe"
"!AVG Anti-Spyware"="\"C:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"MsnMsgr"="\"C:\\Program Files\\MSN Messenger\\MsnMsgr.Exe\" /background"
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="\"C:\\Program Files\\Common Files\\Ahead\\Lib\\NMBgMonitor.exe\""

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"Spyware Doctor"="\"C:\\Program Files\\Spyware Doctor\\swdoctor.exe\" /Q"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"disablecad"=dword:00000000
"LogonType"=dword:00000000

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=dword:00000000

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoWelcomeScreen"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{9E93A147-E3F9-47AB-BAF0-915CCAAA7034}"=""
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa
Authentication Packages REG_MULTI_SZ msv1_0\0\0
Security Packages REG_MULTI_SZ kerberos\0msv1_0\0schannel\0wdigest\0\0
Notification Packages REG_MULTI_SZ scecli\0\0


[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
WudfServiceGroup REG_MULTI_SZ WUDFSvc\0\0



-- End of Deckard's System Scanner: finished at 2007-04-30 at 21:26:26 ---------

^.".^

Edited by WiccanWolf, 01 May 2007 - 04:44 PM.

Human in body. Wolf in spirit.


#11 SNOWHITE

SNOWHITE

    missy malware magnet


  • Members
  • 2,676 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Bitola, Macedonia
  • Local time:12:48 AM

Posted 01 May 2007 - 04:29 PM

WiccanWolf,

Could you please post the whole AVG report? Its not the whole, your missing the last part. Post everything until you come to the end of the report.
SNOWHITE
Posted Image

#12 WiccanWolf

WiccanWolf
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:07:48 PM

Posted 01 May 2007 - 04:45 PM

WiccanWolf,

Could you please post the whole AVG report? Its not the whole, your missing the last part. Post everything until you come to the end of the report.


Here you go. Didn't realize it cut off the last couple of words.

Edit: Also should note that I woke up this morning and symantec found another trojan.vundo thing and required a reboot to delete it. I, of course, rebooted. -.-

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 9:22:32 PM 4/30/2007

+ Scan result:



C:\System Volume Information\_restore{B140688D-3413-4E94-BBB7-69D6F6D15EC7}\RP2\A0000078.dll -> Adware.BHO : Cleaned.
C:\System Volume Information\_restore{B140688D-3413-4E94-BBB7-69D6F6D15EC7}\RP2\A0000082.dll -> Adware.BHO : Cleaned.
C:\_OTMoveIt\MovedFiles\WINDOWS\system32\funnjaqc.dll -> Adware.Virtumonde : Cleaned.
:mozilla.45:C:\Documents and Settings\jess\Application Data\Mozilla\Firefox\Profiles\4wcng4qg.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.46:C:\Documents and Settings\jess\Application Data\Mozilla\Firefox\Profiles\4wcng4qg.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.47:C:\Documents and Settings\jess\Application Data\Mozilla\Firefox\Profiles\4wcng4qg.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.48:C:\Documents and Settings\jess\Application Data\Mozilla\Firefox\Profiles\4wcng4qg.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.49:C:\Documents and Settings\jess\Application Data\Mozilla\Firefox\Profiles\4wcng4qg.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.50:C:\Documents and Settings\jess\Application Data\Mozilla\Firefox\Profiles\4wcng4qg.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.51:C:\Documents and Settings\jess\Application Data\Mozilla\Firefox\Profiles\4wcng4qg.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.52:C:\Documents and Settings\jess\Application Data\Mozilla\Firefox\Profiles\4wcng4qg.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.53:C:\Documents and Settings\jess\Application Data\Mozilla\Firefox\Profiles\4wcng4qg.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.54:C:\Documents and Settings\jess\Application Data\Mozilla\Firefox\Profiles\4wcng4qg.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.55:C:\Documents and Settings\jess\Application Data\Mozilla\Firefox\Profiles\4wcng4qg.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.56:C:\Documents and Settings\jess\Application Data\Mozilla\Firefox\Profiles\4wcng4qg.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.57:C:\Documents and Settings\jess\Application Data\Mozilla\Firefox\Profiles\4wcng4qg.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.58:C:\Documents and Settings\jess\Application Data\Mozilla\Firefox\Profiles\4wcng4qg.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.59:C:\Documents and Settings\jess\Application Data\Mozilla\Firefox\Profiles\4wcng4qg.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.60:C:\Documents and Settings\jess\Application Data\Mozilla\Firefox\Profiles\4wcng4qg.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.61:C:\Documents and Settings\jess\Application Data\Mozilla\Firefox\Profiles\4wcng4qg.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.62:C:\Documents and Settings\jess\Application Data\Mozilla\Firefox\Profiles\4wcng4qg.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.63:C:\Documents and Settings\jess\Application Data\Mozilla\Firefox\Profiles\4wcng4qg.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.64:C:\Documents and Settings\jess\Application Data\Mozilla\Firefox\Profiles\4wcng4qg.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.65:C:\Documents and Settings\jess\Application Data\Mozilla\Firefox\Profiles\4wcng4qg.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.66:C:\Documents and Settings\jess\Application Data\Mozilla\Firefox\Profiles\4wcng4qg.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.67:C:\Documents and Settings\jess\Application Data\Mozilla\Firefox\Profiles\4wcng4qg.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.68:C:\Documents and Settings\jess\Application Data\Mozilla\Firefox\Profiles\4wcng4qg.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.69:C:\Documents and Settings\jess\Application Data\Mozilla\Firefox\Profiles\4wcng4qg.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.70:C:\Documents and Settings\jess\Application Data\Mozilla\Firefox\Profiles\4wcng4qg.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.71:C:\Documents and Settings\jess\Application Data\Mozilla\Firefox\Profiles\4wcng4qg.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.72:C:\Documents and Settings\jess\Application Data\Mozilla\Firefox\Profiles\4wcng4qg.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.73:C:\Documents and Settings\jess\Application Data\Mozilla\Firefox\Profiles\4wcng4qg.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.74:C:\Documents and Settings\jess\Application Data\Mozilla\Firefox\Profiles\4wcng4qg.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.75:C:\Documents and Settings\jess\Application Data\Mozilla\Firefox\Profiles\4wcng4qg.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.76:C:\Documents and Settings\jess\Application Data\Mozilla\Firefox\Profiles\4wcng4qg.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.77:C:\Documents and Settings\jess\Application Data\Mozilla\Firefox\Profiles\4wcng4qg.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.78:C:\Documents and Settings\jess\Application Data\Mozilla\Firefox\Profiles\4wcng4qg.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.79:C:\Documents and Settings\jess\Application Data\Mozilla\Firefox\Profiles\4wcng4qg.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.80:C:\Documents and Settings\jess\Application Data\Mozilla\Firefox\Profiles\4wcng4qg.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.812:C:\Documents and Settings\jess\Application Data\Mozilla\Firefox\Profiles\4wcng4qg.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.81:C:\Documents and Settings\jess\Application Data\Mozilla\Firefox\Profiles\4wcng4qg.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.82:C:\Documents and Settings\jess\Application Data\Mozilla\Firefox\Profiles\4wcng4qg.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.83:C:\Documents and Settings\jess\Application Data\Mozilla\Firefox\Profiles\4wcng4qg.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.84:C:\Documents and Settings\jess\Application Data\Mozilla\Firefox\Profiles\4wcng4qg.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.85:C:\Documents and Settings\jess\Application Data\Mozilla\Firefox\Profiles\4wcng4qg.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.86:C:\Documents and Settings\jess\Application Data\Mozilla\Firefox\Profiles\4wcng4qg.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.87:C:\Documents and Settings\jess\Application Data\Mozilla\Firefox\Profiles\4wcng4qg.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.88:C:\Documents and Settings\jess\Application Data\Mozilla\Firefox\Profiles\4wcng4qg.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.893:C:\Documents and Settings\jess\Application Data\Mozilla\Firefox\Profiles\4wcng4qg.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.89:C:\Documents and Settings\jess\Application Data\Mozilla\Firefox\Profiles\4wcng4qg.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.90:C:\Documents and Settings\jess\Application Data\Mozilla\Firefox\Profiles\4wcng4qg.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.91:C:\Documents and Settings\jess\Application Data\Mozilla\Firefox\Profiles\4wcng4qg.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.92:C:\Documents and Settings\jess\Application Data\Mozilla\Firefox\Profiles\4wcng4qg.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.93:C:\Documents and Settings\jess\Application Data\Mozilla\Firefox\Profiles\4wcng4qg.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.949:C:\Documents and Settings\jess\Application Data\Mozilla\Firefox\Profiles\4wcng4qg.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.94:C:\Documents and Settings\jess\Application Data\Mozilla\Firefox\Profiles\4wcng4qg.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.134:C:\Documents and Settings\jess\Application Data\Mozilla\Firefox\Profiles\4wcng4qg.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.135:C:\Documents and Settings\jess\Application Data\Mozilla\Firefox\Profiles\4wcng4qg.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.136:C:\Documents and Settings\jess\Application Data\Mozilla\Firefox\Profiles\4wcng4qg.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.137:C:\Documents and Settings\jess\Application Data\Mozilla\Firefox\Profiles\4wcng4qg.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.200:C:\Documents and Settings\jess\Application Data\Mozilla\Firefox\Profiles\4wcng4qg.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.257:C:\Documents and Settings\jess\Application Data\Mozilla\Firefox\Profiles\4wcng4qg.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.258:C:\Documents and Settings\jess\Application Data\Mozilla\Firefox\Profiles\4wcng4qg.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.849:C:\Documents and Settings\jess\Application Data\Mozilla\Firefox\Profiles\4wcng4qg.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.850:C:\Documents and Settings\jess\Application Data\Mozilla\Firefox\Profiles\4wcng4qg.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.851:C:\Documents and Settings\jess\Application Data\Mozilla\Firefox\Profiles\4wcng4qg.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.852:C:\Documents and Settings\jess\Application Data\Mozilla\Firefox\Profiles\4wcng4qg.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.853:C:\Documents and Settings\jess\Application Data\Mozilla\Firefox\Profiles\4wcng4qg.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.854:C:\Documents and Settings\jess\Application Data\Mozilla\Firefox\Profiles\4wcng4qg.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.855:C:\Documents and Settings\jess\Application Data\Mozilla\Firefox\Profiles\4wcng4qg.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.856:C:\Documents and Settings\jess\Application Data\Mozilla\Firefox\Profiles\4wcng4qg.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.215:C:\Documents and Settings\jess\Application Data\Mozilla\Firefox\Profiles\4wcng4qg.default\cookies.txt -> TrackingCookie.Addynamix : Cleaned.
:mozilla.216:C:\Documents and Settings\jess\Application Data\Mozilla\Firefox\Profiles\4wcng4qg.default\cookies.txt -> TrackingCookie.Addynamix : Cleaned.
:mozilla.182:C:\Documents and Settings\jess\Application Data\Mozilla\Firefox\Profiles\4wcng4qg.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.183:C:\Documents and Settings\jess\Application Data\Mozilla\Firefox\Profiles\4wcng4qg.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.184:C:\Documents and Settings\jess\Application Data\Mozilla\Firefox\Profiles\4wcng4qg.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.185:C:\Documents and Settings\jess\Application Data\Mozilla\Firefox\Profiles\4wcng4qg.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.186:C:\Documents and Settings\jess\Application Data\Mozilla\Firefox\Profiles\4wcng4qg.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.187:C:\Documents and Settings\jess\Application Data\Mozilla\Firefox\Profiles\4wcng4qg.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.188:C:\Documents and Settings\jess\Application Data\Mozilla\Firefox\Profiles\4wcng4qg.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.141:C:\Documents and Settings\jess\Application Data\Mozilla\Firefox\Profiles\4wcng4qg.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.142:C:\Documents and Settings\jess\Application Data\Mozilla\Firefox\Profiles\4wcng4qg.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.143:C:\Documents and Settings\jess\Application Data\Mozilla\Firefox\Profiles\4wcng4qg.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.144:C:\Documents and Settings\jess\Application Data\Mozilla\Firefox\Profiles\4wcng4qg.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.145:C:\Documents and Settings\jess\Application Data\Mozilla\Firefox\Profiles\4wcng4qg.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.146:C:\Documents and Settings\jess\Application Data\Mozilla\Firefox\Profiles\4wcng4qg.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.147:C:\Documents and Settings\jess\Application Data\Mozilla\Firefox\Profiles\4wcng4qg.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.36:C:\Documents and Settings\jess\Application Data\Mozilla\Firefox\Profiles\4wcng4qg.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
:mozilla.466:C:\Documents and Settings\jess\Application Data\Mozilla\Firefox\Profiles\4wcng4qg.default\cookies.txt -> TrackingCookie.Bfast : Cleaned.
:mozilla.189:C:\Documents and Settings\jess\Application Data\Mozilla\Firefox\Profiles\4wcng4qg.default\cookies.txt -> TrackingCookie.Bluestreak : Cleaned.
:mozilla.628:C:\Documents and Settings\jess\Application Data\Mozilla\Firefox\Profiles\4wcng4qg.default\cookies.txt -> TrackingCookie.Bridgetrack : Cleaned.
:mozilla.629:C:\Documents and Settings\jess\Application Data\Mozilla\Firefox\Profiles\4wcng4qg.default\cookies.txt -> TrackingCookie.Bridgetrack : Cleaned.
:mozilla.630:C:\Documents and Settings\jess\Application Data\Mozilla\Firefox\Profiles\4wcng4qg.default\cookies.txt -> TrackingCookie.Bridgetrack : Cleaned.
:mozilla.545:C:\Documents and Settings\jess\Application Data\Mozilla\Firefox\Profiles\4wcng4qg.default\cookies.txt -> TrackingCookie.Burstbeacon : Cleaned.
:mozilla.244:C:\Documents and Settings\jess\Application Data\Mozilla\Firefox\Profiles\4wcng4qg.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.245:C:\Documents and Settings\jess\Application Data\Mozilla\Firefox\Profiles\4wcng4qg.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.246:C:\Documents and Settings\jess\Application Data\Mozilla\Firefox\Profiles\4wcng4qg.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.337:C:\Documents and Settings\jess\Application Data\Mozilla\Firefox\Profiles\4wcng4qg.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.338:C:\Documents and Settings\jess\Application Data\Mozilla\Firefox\Profiles\4wcng4qg.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.339:C:\Documents and Settings\jess\Application Data\Mozilla\Firefox\Profiles\4wcng4qg.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.340:C:\Documents and Settings\jess\Application Data\Mozilla\Firefox\Profiles\4wcng4qg.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.341:C:\Documents and Settings\jess\Application Data\Mozilla\Firefox\Profiles\4wcng4qg.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.342:C:\Documents and Settings\jess\Application Data\Mozilla\Firefox\Profiles\4wcng4qg.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.343:C:\Documents and Settings\jess\Application Data\Mozilla\Firefox\Profiles\4wcng4qg.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.574:C:\Documents and Settings\jess\Application Data\Mozilla\Firefox\Profiles\4wcng4qg.default\cookies.txt -> TrackingCookie.Clickbank : Cleaned.
:mozilla.204:C:\Documents and Settings\jess\Application Data\Mozilla\Firefox\Profiles\4wcng4qg.default\cookies.txt -> TrackingCookie.Clickhype : Cleaned.
:mozilla.205:C:\Documents and Settings\jess\Application Data\Mozilla\Firefox\Profiles\4wcng4qg.default\cookies.txt -> TrackingCookie.Clickhype : Cleaned.
:mozilla.502:C:\Documents and Settings\jess\Application Data\Mozilla\Firefox\Profiles\4wcng4qg.default\cookies.txt -> TrackingCookie.Com : Cleaned.
:mozilla.100:C:\Documents and Settings\jess\Application Data\Mozilla\Firefox\Profiles\4wcng4qg.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.730:C:\Documents and Settings\jess\Application Data\Mozilla\Firefox\Profiles\4wcng4qg.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.798:C:\Documents and Settings\jess\Application Data\Mozilla\Firefox\Profiles\4wcng4qg.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.799:C:\Documents and Settings\jess\Application Data\Mozilla\Firefox\Profiles\4wcng4qg.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.833:C:\Documents and Settings\jess\Application Data\Mozilla\Firefox\Profiles\4wcng4qg.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.834:C:\Documents and Settings\jess\Application Data\Mozilla\Firefox\Profiles\4wcng4qg.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.206:C:\Documents and Settings\jess\Application Data\Mozilla\Firefox\Profiles\4wcng4qg.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.207:C:\Documents and Settings\jess\Application Data\Mozilla\Firefox\Profiles\4wcng4qg.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.208:C:\Documents and Settings\jess\Application Data\Mozilla\Firefox\Profiles\4wcng4qg.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.209:C:\Documents and Settings\jess\Application Data\Mozilla\Firefox\Profiles\4wcng4qg.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.210:C:\Documents and Settings\jess\Application Data\Mozilla\Firefox\Profiles\4wcng4qg.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.733:C:\Documents and Settings\jess\Application Data\Mozilla\Firefox\Profiles\4wcng4qg.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.303:C:\Documents and Settings\jess\Application Data\Mozilla\Firefox\Profiles\4wcng4qg.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.304:C:\Documents and Settings\jess\Application Data\Mozilla\Firefox\Profiles\4wcng4qg.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.305:C:\Documents and Settings\jess\Application Data\Mozilla\Firefox\Profiles\4wcng4qg.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.318:C:\Documents and Settings\jess\Application Data\Mozilla\Firefox\Profiles\4wcng4qg.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.319:C:\Documents and Settings\jess\Application Data\Mozilla\Firefox\Profiles\4wcng4qg.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.320:C:\Documents and Settings\jess\Application Data\Mozilla\Firefox\Profiles\4wcng4qg.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.321:C:\Documents and Settings\jess\Application Data\Mozilla\Firefox\Profiles\4wcng4qg.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.322:C:\Documents and Settings\jess\Application Data\Mozilla\Firefox\Profiles\4wcng4qg.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.543:C:\Documents and Settings\jess\Application Data\Mozilla\Firefox\Profiles\4wcng4qg.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.806:C:\Documents and Settings\jess\Application Data\Mozilla\Firefox\Profiles\4wcng4qg.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.809:C:\Documents and Settings\jess\Application Data\Mozilla\Firefox\Profiles\4wcng4qg.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.927:C:\Documents and Settings\jess\Application Data\Mozilla\Firefox\Profiles\4wcng4qg.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.21:C:\Documents and Settings\jess\Application Data\Mozilla\Firefox\Profiles\4wcng4qg.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.22:C:\Documents and Settings\jess\Application Data\Mozilla\Firefox\Profiles\4wcng4qg.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.23:C:\Documents and Settings\jess\Application Data\Mozilla\Firefox\Profiles\4wcng4qg.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.24:C:\Documents and Settings\jess\Application Data\Mozilla\Firefox\Profiles\4wcng4qg.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.25:C:\Documents and Settings\jess\Application Data\Mozilla\Firefox\Profiles\4wcng4qg.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.26:C:\Documents and Settings\jess\Application Data\Mozilla\Firefox\Profiles\4wcng4qg.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.27:C:\Documents and Settings\jess\Application Data\Mozilla\Firefox\Profiles\4wcng4qg.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.28:C:\Documents and Settings\jess\Application Data\Mozilla\Firefox\Profiles\4wcng4qg.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.29:C:\Documents and Settings\jess\Application Data\Mozilla\Firefox\Profiles\4wcng4qg.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.30:C:\Documents and Settings\jess\Application Data\Mozilla\Firefox\Profiles\4wcng4qg.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.31:C:\Documents and Settings\jess\Application Data\Mozilla\Firefox\Profiles\4wcng4qg.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.32:C:\Documents and Settings\jess\Application Data\Mozilla\Firefox\Profiles\4wcng4qg.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.33:C:\Documents and Settings\jess\Application Data\Mozilla\Firefox\Profiles\4wcng4qg.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.34:C:\Documents and Settings\jess\Application Data\Mozilla\Firefox\Profiles\4wcng4qg.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.35:C:\Documents and Settings\jess\Application Data\Mozilla\Firefox\Profiles\4wcng4qg.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.716:C:\Documents and Settings\jess\Application Data\Mozilla\Firefox\Profiles\4wcng4qg.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.755:C:\Documents and Settings\jess\Application Data\Mozilla\Firefox\Profiles\4wcng4qg.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.756:C:\Documents and Settings\jess\Application Data\Mozilla\Firefox\Profiles\4wcng4qg.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.647:C:\Documents and Settings\jess\Application Data\Mozilla\Firefox\Profiles\4wcng4qg.default\cookies.txt -> TrackingCookie.Hitslink : Cleaned.
:mozilla.908:C:\Documents and Settings\jess\Application Data\Mozilla\Firefox\Profiles\4wcng4qg.default\cookies.txt -> TrackingCookie.Imrworldwide : Cleaned.
:mozilla.909:C:\Documents and Settings\jess\Application Data\Mozilla\Firefox\Profiles\4wcng4qg.default\cookies.txt -> TrackingCookie.Imrworldwide : Cleaned.
:mozilla.777:C:\Documents and Settings\jess\Application Data\Mozilla\Firefox\Profiles\4wcng4qg.default\cookies.txt -> TrackingCookie.Information : Cleaned.
:mozilla.791:C:\Documents and Settings\jess\Application Data\Mozilla\Firefox\Profiles\4wcng4qg.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.792:C:\Documents and Settings\jess\Application Data\Mozilla\Firefox\Profiles\4wcng4qg.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.475:C:\Documents and Settings\jess\Application Data\Mozilla\Firefox\Profiles\4wcng4qg.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.480:C:\Documents and Settings\jess\Application Data\Mozilla\Firefox\Profiles\4wcng4qg.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.139:C:\Documents and Settings\jess\Application Data\Mozilla\Firefox\Profiles\4wcng4qg.default\cookies.txt -> TrackingCookie.Netflame : Cleaned.
:mozilla.140:C:\Documents and Settings\jess\Application Data\Mozilla\Firefox\Profiles\4wcng4qg.default\cookies.txt -> TrackingCookie.Netflame : Cleaned.
:mozilla.894:C:\Documents and Settings\jess\Application Data\Mozilla\Firefox\Profiles\4wcng4qg.default\cookies.txt -> TrackingCookie.Onestat : Cleaned.
:mozilla.895:C:\Documents and Settings\jess\Application Data\Mozilla\Firefox\Profiles\4wcng4qg.default\cookies.txt -> TrackingCookie.Onestat : Cleaned.
:mozilla.793:C:\Documents and Settings\jess\Application Data\Mozilla\Firefox\Profiles\4wcng4qg.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.794:C:\Documents and Settings\jess\Application Data\Mozilla\Firefox\Profiles\4wcng4qg.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.795:C:\Documents and Settings\jess\Application Data\Mozilla\Firefox\Profiles\4wcng4qg.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.796:C:\Documents and Settings\jess\Application Data\Mozilla\Firefox\Profiles\4wcng4qg.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.130:C:\Documents and Settings\jess\Application Data\Mozilla\Firefox\Profiles\4wcng4qg.default\cookies.txt -> TrackingCookie.Paypal : Cleaned.
:mozilla.368:C:\Documents and Settings\jess\Application Data\Mozilla\Firefox\Profiles\4wcng4qg.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.369:C:\Documents and Settings\jess\Application Data\Mozilla\Firefox\Profiles\4wcng4qg.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.370:C:\Documents and Settings\jess\Application Data\Mozilla\Firefox\Profiles\4wcng4qg.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.371:C:\Documents and Settings\jess\Application Data\Mozilla\Firefox\Profiles\4wcng4qg.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.372:C:\Documents and Settings\jess\Application Data\Mozilla\Firefox\Profiles\4wcng4qg.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.373:C:\Documents and Settings\jess\Application Data\Mozilla\Firefox\Profiles\4wcng4qg.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.374:C:\Documents and Settings\jess\Application Data\Mozilla\Firefox\Profiles\4wcng4qg.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.900:C:\Documents and Settings\jess\Application Data\Mozilla\Firefox\Profiles\4wcng4qg.default\cookies.txt -> TrackingCookie.Pro-market : Cleaned.
:mozilla.901:C:\Documents and Settings\jess\Application Data\Mozilla\Firefox\Profiles\4wcng4qg.default\cookies.txt -> TrackingCookie.Pro-market : Cleaned.
:mozilla.902:C:\Documents and Settings\jess\Application Data\Mozilla\Firefox\Profiles\4wcng4qg.default\cookies.txt -> TrackingCookie.Pro-market : Cleaned.
:mozilla.37:C:\Documents and Settings\jess\Application Data\Mozilla\Firefox\Profiles\4wcng4qg.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.38:C:\Documents and Settings\jess\Application Data\Mozilla\Firefox\Profiles\4wcng4qg.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.39:C:\Documents and Settings\jess\Application Data\Mozilla\Firefox\Profiles\4wcng4qg.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.379:C:\Documents and Settings\jess\Application Data\Mozilla\Firefox\Profiles\4wcng4qg.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.380:C:\Documents and Settings\jess\Application Data\Mozilla\Firefox\Profiles\4wcng4qg.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.381:C:\Documents and Settings\jess\Application Data\Mozilla\Firefox\Profiles\4wcng4qg.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.382:C:\Documents and Settings\jess\Application Data\Mozilla\Firefox\Profiles\4wcng4qg.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.383:C:\Documents and Settings\jess\Application Data\Mozilla\Firefox\Profiles\4wcng4qg.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.384:C:\Documents and Settings\jess\Application Data\Mozilla\Firefox\Profiles\4wcng4qg.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.385:C:\Documents and Settings\jess\Application Data\Mozilla\Firefox\Profiles\4wcng4qg.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.386:C:\Documents and Settings\jess\Application Data\Mozilla\Firefox\Profiles\4wcng4qg.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.472:C:\Documents and Settings\jess\Application Data\Mozilla\Firefox\Profiles\4wcng4qg.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.473:C:\Documents and Settings\jess\Application Data\Mozilla\Firefox\Profiles\4wcng4qg.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.474:C:\Documents and Settings\jess\Application Data\Mozilla\Firefox\Profiles\4wcng4qg.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.478:C:\Documents and Settings\jess\Application Data\Mozilla\Firefox\Profiles\4wcng4qg.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.479:C:\Documents and Settings\jess\Application Data\Mozilla\Firefox\Profiles\4wcng4qg.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.211:C:\Documents and Settings\jess\Application Data\Mozilla\Firefox\Profiles\4wcng4qg.default\cookies.txt -> TrackingCookie.Revenue : Cleaned.
:mozilla.406:C:\Documents and Settings\jess\Application Data\Mozilla\Firefox\Profiles\4wcng4qg.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.407:C:\Documents and Settings\jess\Application Data\Mozilla\Firefox\Profiles\4wcng4qg.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.408:C:\Documents and Settings\jess\Application Data\Mozilla\Firefox\Profiles\4wcng4qg.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.409:C:\Documents and Settings\jess\Application Data\Mozilla\Firefox\Profiles\4wcng4qg.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.410:C:\Documents and Settings\jess\Application Data\Mozilla\Firefox\Profiles\4wcng4qg.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.411:C:\Documents and Settings\jess\Application Data\Mozilla\Firefox\Profiles\4wcng4qg.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.412:C:\Documents and Settings\jess\Application Data\Mozilla\Firefox\Profiles\4wcng4qg.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.413:C:\Documents and Settings\jess\Application Data\Mozilla\Firefox\Profiles\4wcng4qg.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.414:C:\Documents and Settings\jess\Application Data\Mozilla\Firefox\Profiles\4wcng4qg.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.415:C:\Documents and Settings\jess\Application Data\Mozilla\Firefox\Profiles\4wcng4qg.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.416:C:\Documents and Settings\jess\Application Data\Mozilla\Firefox\Profiles\4wcng4qg.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.417:C:\Documents and Settings\jess\Application Data\Mozilla\Firefox\Profiles\4wcng4qg.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.418:C:\Documents and Settings\jess\Application Data\Mozilla\Firefox\Profiles\4wcng4qg.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.419:C:\Documents and Settings\jess\Application Data\Mozilla\Firefox\Profiles\4wcng4qg.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.420:C:\Documents and Settings\jess\Application Data\Mozilla\Firefox\Profiles\4wcng4qg.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.421:C:\Documents and Settings\jess\Application Data\Mozilla\Firefox\Profiles\4wcng4qg.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.422:C:\Documents and Settings\jess\Application Data\Mozilla\Firefox\Profiles\4wcng4qg.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.423:C:\Documents and Settings\jess\Application Data\Mozilla\Firefox\Profiles\4wcng4qg.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.605:C:\Documents and Settings\jess\Application Data\Mozilla\Firefox\Profiles\4wcng4qg.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.606:C:\Documents and Settings\jess\Application Data\Mozilla\Firefox\Profiles\4wcng4qg.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.607:C:\Documents and Settings\jess\Application Data\Mozilla\Firefox\Profiles\4wcng4qg.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.608:C:\Documents and Settings\jess\Application Data\Mozilla\Firefox\Profiles\4wcng4qg.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.609:C:\Documents and Settings\jess\Application Data\Mozilla\Firefox\Profiles\4wcng4qg.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.610:C:\Documents and Settings\jess\Application Data\Mozilla\Firefox\Profiles\4wcng4qg.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.611:C:\Documents and Settings\jess\Application Data\Mozilla\Firefox\Profiles\4wcng4qg.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.503:C:\Documents and Settings\jess\Application Data\Mozilla\Firefox\Profiles\4wcng4qg.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.504:C:\Documents and Settings\jess\Application Data\Mozilla\Firefox\Profiles\4wcng4qg.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.505:C:\Documents and Settings\jess\Application Data\Mozilla\Firefox\Profiles\4wcng4qg.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.506:C:\Documents and Settings\jess\Application Data\Mozilla\Firefox\Profiles\4wcng4qg.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.507:C:\Documents and Settings\jess\Application Data\Mozilla\Firefox\Profiles\4wcng4qg.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.508:C:\Documents and Settings\jess\Application Data\Mozilla\Firefox\Profiles\4wcng4qg.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.252:C:\Documents and Settings\jess\Application Data\Mozilla\Firefox\Profiles\4wcng4qg.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.253:C:\Documents and Settings\jess\Application Data\Mozilla\Firefox\Profiles\4wcng4qg.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.254:C:\Documents and Settings\jess\Application Data\Mozilla\Firefox\Profiles\4wcng4qg.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.255:C:\Documents and Settings\jess\Application Data\Mozilla\Firefox\Profiles\4wcng4qg.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.256:C:\Documents and Settings\jess\Application Data\Mozilla\Firefox\Profiles\4wcng4qg.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.903:C:\Documents and Settings\jess\Application Data\Mozilla\Firefox\Profiles\4wcng4qg.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.904:C:\Documents and Settings\jess\Application Data\Mozilla\Firefox\Profiles\4wcng4qg.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.905:C:\Documents and Settings\jess\Application Data\Mozilla\Firefox\Profiles\4wcng4qg.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.626:C:\Documents and Settings\jess\Application Data\Mozilla\Firefox\Profiles\4wcng4qg.default\cookies.txt -> TrackingCookie.Spylog : Cleaned.
:mozilla.108:C:\Documents and Settings\jess\Application Data\Mozilla\Firefox\Profiles\4wcng4qg.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.109:C:\Documents and Settings\jess\Application Data\Mozilla\Firefox\Profiles\4wcng4qg.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.110:C:\Documents and Settings\jess\Application Data\Mozilla\Firefox\Profiles\4wcng4qg.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.111:C:\Documents and Settings\jess\Application Data\Mozilla\Firefox\Profiles\4wcng4qg.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.112:C:\Documents and Settings\jess\Application Data\Mozilla\Firefox\Profiles\4wcng4qg.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.113:C:\Documents and Settings\jess\Application Data\Mozilla\Firefox\Profiles\4wcng4qg.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.114:C:\Documents and Settings\jess\Application Data\Mozilla\Firefox\Profiles\4wcng4qg.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.115:C:\Documents and Settings\jess\Application Data\Mozilla\Firefox\Profiles\4wcng4qg.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.116:C:\Documents and Settings\jess\Application Data\Mozilla\Firefox\Profiles\4wcng4qg.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.117:C:\Documents and Settings\jess\Application Data\Mozilla\Firefox\Profiles\4wcng4qg.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.118:C:\Documents and Settings\jess\Application Data\Mozilla\Firefox\Profiles\4wcng4qg.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.119:C:\Documents and Settings\jess\Application Data\Mozilla\Firefox\Profiles\4wcng4qg.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.120:C:\Documents and Settings\jess\Application Data\Mozilla\Firefox\Profiles\4wcng4qg.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.121:C:\Documents and Settings\jess\Application Data\Mozilla\Firefox\Profiles\4wcng4qg.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.122:C:\Documents and Settings\jess\Application Data\Mozilla\Firefox\Profiles\4wcng4qg.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.123:C:\Documents and Settings\jess\Application Data\Mozilla\Firefox\Profiles\4wcng4qg.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.124:C:\Documents and Settings\jess\Application Data\Mozilla\Firefox\Profiles\4wcng4qg.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.125:C:\Documents and Settings\jess\Application Data\Mozilla\Firefox\Profiles\4wcng4qg.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.126:C:\Documents and Settings\jess\Application Data\Mozilla\Firefox\Profiles\4wcng4qg.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.127:C:\Documents and Settings\jess\Application Data\Mozilla\Firefox\Profiles\4wcng4qg.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.128:C:\Documents and Settings\jess\Application Data\Mozilla\Firefox\Profiles\4wcng4qg.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.259:C:\Documents and Settings\jess\Application Data\Mozilla\Firefox\Profiles\4wcng4qg.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.260:C:\Documents and Settings\jess\Application Data\Mozilla\Firefox\Profiles\4wcng4qg.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.261:C:\Documents and Settings\jess\Application Data\Mozilla\Firefox\Profiles\4wcng4qg.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.262:C:\Documents and Settings\jess\Application Data\Mozilla\Firefox\Profiles\4wcng4qg.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.263:C:\Documents and Settings\jess\Application Data\Mozilla\Firefox\Profiles\4wcng4qg.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.264:C:\Documents and Settings\jess\Application Data\Mozilla\Firefox\Profiles\4wcng4qg.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.375:C:\Documents and Settings\jess\Application Data\Mozilla\Firefox\Profiles\4wcng4qg.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.377:C:\Documents and Settings\jess\Application Data\Mozilla\Firefox\Profiles\4wcng4qg.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.748:C:\Documents and Settings\jess\Application Data\Mozilla\Firefox\Profiles\4wcng4qg.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned.
:mozilla.265:C:\Documents and Settings\jess\Application Data\Mozilla\Firefox\Profiles\4wcng4qg.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.266:C:\Documents and Settings\jess\Application Data\Mozilla\Firefox\Profiles\4wcng4qg.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.267:C:\Documents and Settings\jess\Application Data\Mozilla\Firefox\Profiles\4wcng4qg.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.268:C:\Documents and Settings\jess\Application Data\Mozilla\Firefox\Profiles\4wcng4qg.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.269:C:\Documents and Settings\jess\Application Data\Mozilla\Firefox\Profiles\4wcng4qg.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.270:C:\Documents and Settings\jess\Application Data\Mozilla\Firefox\Profiles\4wcng4qg.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.271:C:\Documents and Settings\jess\Application Data\Mozilla\Firefox\Profiles\4wcng4qg.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.272:C:\Documents and Settings\jess\Application Data\Mozilla\Firefox\Profiles\4wcng4qg.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.273:C:\Documents and Settings\jess\Application Data\Mozilla\Firefox\Profiles\4wcng4qg.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.274:C:\Documents and Settings\jess\Application Data\Mozilla\Firefox\Profiles\4wcng4qg.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.174:C:\Documents and Settings\jess\Application Data\Mozilla\Firefox\Profiles\4wcng4qg.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.738:C:\Documents and Settings\jess\Application Data\Mozilla\Firefox\Profiles\4wcng4qg.default\cookies.txt -> TrackingCookie.Valuead : Cleaned.
:mozilla.739:C:\Documents and Settings\jess\Application Data\Mozilla\Firefox\Profiles\4wcng4qg.default\cookies.txt -> TrackingCookie.Valuead : Cleaned.
:mozilla.740:C:\Documents and Settings\jess\Application Data\Mozilla\Firefox\Profiles\4wcng4qg.default\cookies.txt -> TrackingCookie.Valuead : Cleaned.
:mozilla.741:C:\Documents and Settings\jess\Application Data\Mozilla\Firefox\Profiles\4wcng4qg.default\cookies.txt -> TrackingCookie.Valuead : Cleaned.
:mozilla.742:C:\Documents and Settings\jess\Application Data\Mozilla\Firefox\Profiles\4wcng4qg.default\cookies.txt -> TrackingCookie.Valuead : Cleaned.
:mozilla.743:C:\Documents and Settings\jess\Application Data\Mozilla\Firefox\Profiles\4wcng4qg.default\cookies.txt -> TrackingCookie.Valuead : Cleaned.
:mozilla.481:C:\Documents and Settings\jess\Application Data\Mozilla\Firefox\Profiles\4wcng4qg.default\cookies.txt -> TrackingCookie.Webtrends : Cleaned.
:mozilla.616:C:\Documents and Settings\jess\Application Data\Mozilla\Firefox\Profiles\4wcng4qg.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned.
:mozilla.275:C:\Documents and Settings\jess\Application Data\Mozilla\Firefox\Profiles\4wcng4qg.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.276:C:\Documents and Settings\jess\Application Data\Mozilla\Firefox\Profiles\4wcng4qg.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.277:C:\Documents and Settings\jess\Application Data\Mozilla\Firefox\Profiles\4wcng4qg.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.278:C:\Documents and Settings\jess\Application Data\Mozilla\Firefox\Profiles\4wcng4qg.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.279:C:\Documents and Settings\jess\Application Data\Mozilla\Firefox\Profiles\4wcng4qg.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.285:C:\Documents and Settings\jess\Application Data\Mozilla\Firefox\Profiles\4wcng4qg.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.286:C:\Documents and Settings\jess\Application Data\Mozilla\Firefox\Profiles\4wcng4qg.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.424:C:\Documents and Settings\jess\Application Data\Mozilla\Firefox\Profiles\4wcng4qg.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.425:C:\Documents and Settings\jess\Application Data\Mozilla\Firefox\Profiles\4wcng4qg.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.426:C:\Documents and Settings\jess\Application Data\Mozilla\Firefox\Profiles\4wcng4qg.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.427:C:\Documents and Settings\jess\Application Data\Mozilla\Firefox\Profiles\4wcng4qg.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.


::Report end


^.".^

Edited by WiccanWolf, 01 May 2007 - 04:47 PM.

Human in body. Wolf in spirit.


#13 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:01:48 AM

Posted 04 May 2007 - 12:14 PM

Hello,

Sorry for the delay. Snowhite got sick and that's why I am taking this over.

Do next please...

Open notepad and copy and paste next present in the quotebox below in it:
(don't forget to copy and paste REGEDIT4)

REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{9E93A147-E3F9-47AB-BAF0-915CCAAA7034}"=-

[-HKEY_CLASSES_ROOT\CLSID\{9E93A147-E3F9-47AB-BAF0-915CCAAA7034}]

Save this as fix.reg Choose to save as *all files and place it on your desktop.
It should look like this: Posted Image
Doubleclick on it and when it asks you if you want to merge the contents to the registry, click yes/ok.
(In case you are unsure how to create a reg file, take a look here with screenshots.)

Post a new HijackThislog in your next reply and let me know how things are now.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#14 WiccanWolf

WiccanWolf
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:07:48 PM

Posted 04 May 2007 - 02:30 PM

Logfile of HijackThis v1.99.1
Scan saved at 3:21:32 PM, on 5/4/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Symantec AntiVirus\DoScan.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\HijackThis\HijackThis.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\MSN Messenger\usnsvc.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O2 - BHO: (no name) - {D651AFF4-9590-424d-BD1E-8E33E090DFB3} - C:\WINDOWS\system32\exvilkyo.dll (file missing)
O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-US/a-UNO1/GAME_UNO1.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1172876256748
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = envent.biz
O17 - HKLM\Software\..\Telephony: DomainName = envent.biz
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = envent.biz
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = envent.biz
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe

Reg file merged with no problems. I still have the OTMoveIt folder on my C drive...should I remove this? I haven't had any problems since my last post with my symantec finding a vundo trojan.

^.".^

Human in body. Wolf in spirit.


#15 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:01:48 AM

Posted 04 May 2007 - 02:41 PM

Hello,

Check and fix next leftover in HijackThis:

O2 - BHO: (no name) - {D651AFF4-9590-424d-BD1E-8E33E090DFB3} - C:\WINDOWS\system32\exvilkyo.dll (file missing)

If SpywareDoctor or Windows Defender gives an alert after you fixed that entry in HijackThis, make sure you allow the changes and do not let it block it again, because that's the change you made and they may see it as a HijackThisattempt as well and replace that entry back again.

Yes, remove the OTMoveIT folder, since we don't need what's inside (the bad files).

Good to hear your problems are gone - it's mainly snowhite who solved this for you. :thumbsup:

Please read my Prevention page with lots of info and tips how to prevent this in the future.
And if you want to improve speed/system performance after malware removal, take a look here.

Happy Surfing again!
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users