Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Help! It's Infected (i Think)


  • This topic is locked This topic is locked
9 replies to this topic

#1 jojoseph

jojoseph

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:03:49 AM

Posted 26 May 2007 - 05:43 PM

Hi, this is my first time posting, and I'm having a hard time finishing the post because of all of the popups!! Please help!

Logfile of HijackThis v1.99.1
Scan saved at 5:39:09 PM, on 5/26/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16441)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe
C:\WINDOWS\system32\Rundll32.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\DOCUME~1\JOSHJO~1\LOCALS~1\Temp\clclean.0001
C:\Program Files\Logitech\Video\LogiTray.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\Ativa\USB AWGUA54\Wireless Utility\Ativawcui.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\MOZILL~2\THUNDE~1.EXE
C:\PROGRA~1\Mozilla Firefox\firefox.exe
C:\Documents and Settings\USER\Desktop\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O1 - Hosts: 127.255.255.255 serial.alcohol-soft.com
O1 - Hosts: 127.255.255.255 www.alcohol-soft.com
O1 - Hosts: 127.255.255.255 images.alcohol-soft.com
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [MBMon] Rundll32 CTMBHA.DLL,MBMon
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [ISUSPM Startup] "c:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [{4C1EEAEC-0AEC-1033-1028-050914050001}] "C:\Program Files\Common Files\{4C1EEAEC-0AEC-1033-1028-050914050001}\Update.exe" mc-110-12-0001291
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [setup] rundll32.exe "C:\WINDOWS\system32\mldadpor.dll",realset
O4 - HKCU\..\Run: [SetDefaultMIDI] MIDIDef.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_7 -reboot 1
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Ativa Wireless USB Utility.lnk = C:\Program Files\Ativa\USB AWGUA54\Wireless Utility\Ativawcui.exe
O4 - Global Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Client IP-IPX - Unknown owner - ".exe (file missing)
O23 - Service: Creative Labs Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

BC AdBot (Login to Remove)

 


#2 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:09:49 AM

Posted 27 May 2007 - 02:32 AM

Welcome to the BleepingComputer HijackThis Logs and Analysis forum jojoseph :thumbsup:

Download HostsXpert 3.8:
http://www.funkytoad.com/download/HostsXpert.zip
1. Extract the zip file to your desktop or a permanent folder on your hard drive.
2. Open the folder and double-click on the Hoster.exe
3. Press "Restore Microsofts Original Hosts File"
4. Press "OK" and exit the program.

Go to:
C:\WINDOWS\System32\drivers\etc\HOSTS.
1) Right-click on the HOSTS file
2) Click Properties
3) You will see a window open,at the bottom of the window to the right of Attributes,check the box that says 'Read-only'.
4) Click Apply/OK.

*******************

Download SDFix.exe and save it to your desktop:
http://downloads.andymanchesta.com/RemovalTools/SDFix.exe

* Double click on SDFix on your desktop,and install the fix to C:\

Please then reboot your computer into Safe Mode by doing the following:

* Restart your computer
* After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
* Instead of Windows loading as normal, a menu with options should appear;
* Select the first option, to run Windows in Safe Mode, then press "Enter".
* Choose your usual account.

* In Safe Mode,go to and open the C:\SDFix folder,then double click on RunThis.bat to start the script.
* Type Y to begin the script.
* It will remove the Trojan Services then make some repairs to the registry and prompt you to press any key to Reboot.
* Press any Key and it will restart the PC.
* Your system will take longer that normal to restart as the fixtool will be running and removing files.
* When the desktop loads the Fixtool will complete the removal and display Finished, then press any key to end the script and load your desktop icons.
* Finally open the SDFix folder on your desktop and copy and paste the contents of the results file Report.txt into your next reply.

********************

Please download VundoFix.exe to your desktop.
Double-click VundoFix.exe to run it.
When VundoFix re-opens,click the "Scan for Vundo" button.
Once it's done scanning,click the "Remove Vundo" button.
You will receive a prompt asking if you want to remove the files, click "YES".
Once you click yes, your desktop will go blank as it starts removing Vundo.
When completed,it will prompt that it will reboot your computer,click "OK".
Please post the contents of C:\vundofix.txt into your next reply.

Note:
It is possible that VundoFix encountered a file it could not remove.
In this case,VundoFix will run on reboot,simply follow the above instructions starting from "Click the Scan for Vundo button." when VundoFix appears at reboot.

********************

Please download Combofix and save to your desktop:
http://download.bleepingcomputer.com/sUBs/Beta/ComboFix.exe
Note:
It is important that it is saved directly to your desktop

Close any open browsers.
Double click on combofix.exe and follow the prompts.
When it's finished it will produce a log.
Post the C:\ComboFix.txt into your next reply.
Note:
Do not mouseclick combofix's window whilst it's running.
That may cause the program to freeze/hang.


Also post a new Hijackthis log please.
Posted Image
Posted Image

#3 jojoseph

jojoseph
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:03:49 AM

Posted 28 May 2007 - 03:55 PM

Okay, here goes (and given the number of pop-ups, it took a while!)

Here are the respective logfiles:

HijackThis!

Logfile of HijackThis v1.99.1
Scan saved at 3:48:10 PM, on 5/28/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16441)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\DOCUME~1\JOSHJO~1\LOCALS~1\Temp\clclean.0001
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Ativa\USB AWGUA54\Wireless Utility\Ativawcui.exe
C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
C:\WINDOWS\system32\LVComsX.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\MOZILL~2\THUNDE~1.EXE
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Documents and Settings\User\Desktop\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: (no name) - {8FFA5154-8203-444F-9024-00B96EBC264E} - C:\WINDOWS\system32\mlljj.dll (file missing)
O2 - BHO: (no name) - {E56B96E4-8B90-46C2-84B6-889309631C75} - C:\WINDOWS\system32\pmkhg.dll (file missing)
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [MBMon] Rundll32 CTMBHA.DLL,MBMon
O4 - HKLM\..\Run: [ISUSPM Startup] "c:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [SetDefaultMIDI] MIDIDef.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_7 -reboot 1
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Ativa Wireless USB Utility.lnk = C:\Program Files\Ativa\USB AWGUA54\Wireless Utility\Ativawcui.exe
O4 - Global Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O20 - Winlogon Notify: mlljj - C:\WINDOWS\system32\mlljj.dll (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Creative Labs Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe


SDFix


SDFix: Version 1.85

Run by User - Mon 05/28/2007 - 15:17:55.48

Microsoft Windows XP [Version 5.1.2600]

Running From: C:\SDFix

Safe Mode:
Checking Services:

Name:
Client IP-IPX
core

ImagePath:




Restoring Windows Registry Values
Restoring Windows Default Hosts File

Rebooting...


Normal Mode:
Checking Files:

Below files will be copied to Backups folder then removed:

C:\WINDOWS\system32\drivers\core.cache.dsk - Deleted
C:\WINDOWS\system32\drivers\core.sys - Deleted
C:\WINDOWS\system32\unsvchosts.lzma - Deleted
C:\DOCUME~1\JOSHJO~1\LOCALS~1\Temp\temp.bat - Deleted



Removing Temp Files...

ADS Check:

Checking if ADS is attached to system32 Folder
C:\WINDOWS\system32
No streams found.

Checking if ADS is attached to svchost.exe
C:\WINDOWS\system32\svchost.exe
No streams found.



Final Check:

Remaining Services:
------------------



Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe:*:Enabled:AOL"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe:*:Enabled:AOL"
"C:\\Program Files\\America Online 9.0\\waol.exe"="C:\\Program Files\\America Online 9.0\\waol.exe:*:Enabled:AOL"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"="C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe:*:Enabled:AOL Loader"
"C:\\Program Files\\Common Files\\AOL\\1141353323\\ee\\aolsoftware.exe"="C:\\Program Files\\Common Files\\AOL\\1141353323\\ee\\aolsoftware.exe:*:Enabled:AOL Services"
"C:\\Program Files\\Common Files\\AOL\\1141353323\\ee\\aim6.exe"="C:\\Program Files\\Common Files\\AOL\\1141353323\\ee\\aim6.exe:*:Enabled:AIM"
"C:\\Program Files\\Azureus\\Azureus.exe"="C:\\Program Files\\Azureus\\Azureus.exe:*:Enabled:Azureus"
"C:\\Program Files\\World of Warcraft\\WoW.exe"="C:\\Program Files\\World of Warcraft\\WoW.exe:*:Enabled:World of Warcraft"
"C:\\Program Files\\World of Warcraft\\WoW-1.12.0-enUS-downloader.exe"="C:\\Program Files\\World of Warcraft\\WoW-1.12.0-enUS-downloader.exe:*:Enabled:WoW-1.12.0-enUS-downloader"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Disabled:LimeWire"
"C:\\Program Files\\BitLord\\BitLord.exe"="C:\\Program Files\\BitLord\\BitLord.exe:*:Enabled:BitLord"
"C:\\Program Files\\THQ\\Dawn of War\\W40k.exe"="C:\\Program Files\\THQ\\Dawn of War\\W40k.exe:*:Disabled:W40K"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Dark Oberon\\dark-oberon.exe"="C:\\Program Files\\Dark Oberon\\dark-oberon.exe:*:Disabled:dark-oberon"
"C:\\Program Files\\Atari\\Neverwinter Nights 2\\nwn2main_amdxp.exe"="C:\\Program Files\\Atari\\Neverwinter Nights 2\\nwn2main_amdxp.exe:*:Disabled:Neverwinter Nights 2 AMD"
"C:\\Program Files\\Atari\\Neverwinter Nights 2\\nwn2main.exe"="C:\\Program Files\\Atari\\Neverwinter Nights 2\\nwn2main.exe:*:Disabled:Neverwinter Nights 2 Main"
"C:\\Program Files\\Atari\\Neverwinter Nights 2\\nwn2server.exe"="C:\\Program Files\\Atari\\Neverwinter Nights 2\\nwn2server.exe:*:Disabled:Neverwinter Nights 2 Server"
"C:\\Program Files\\Atari\\Neverwinter Nights 2\\nwupdate.exe"="C:\\Program Files\\Atari\\Neverwinter Nights 2\\nwupdate.exe:*:Disabled:Neverwinter Nights 2 Updater"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"="C:\\Program Files\\Grisoft\\AVG7\\avginet.exe:*:Enabled:avginet.exe"
"C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe:*:Enabled:avgamsvr.exe"
"C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe:*:Enabled:avgcc.exe"
"C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe:*:Enabled:avgemc.exe"
"C:\\Documents and Settings\\User\\Desktop\\warsow_0.21_windows\\warsow.exe"="C:\\Documents and Settings\\User\\Desktop\\warsow_0.21_windows\\warsow.exe:*:Enabled:Warsow"
"C:\\Program Files\\THQ\\S.T.A.L.K.E.R. - Shadow of Chernobyl\\bin\\XR_3DA.exe"="C:\\Program Files\\THQ\\S.T.A.L.K.E.R. - Shadow of Chernobyl\\bin\\XR_3DA.exe:*:Enabled:S.T.A.L.K.E.R. - Shadow of Chernobyl (CLI)"
"C:\\Program Files\\THQ\\S.T.A.L.K.E.R. - Shadow of Chernobyl\\bin\\dedicated\\XR_3DA.exe"="C:\\Program Files\\THQ\\S.T.A.L.K.E.R. - Shadow of Chernobyl\\bin\\dedicated\\XR_3DA.exe:*:Enabled:S.T.A.L.K.E.R. - Shadow of Chernobyl (SRV)"
"C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype"
"C:\\Program Files\\THQ\\Company of Heroes\\BugReport\\BugReport.exe"="C:\\Program Files\\THQ\\Company of Heroes\\BugReport\\BugReport.exe:*:Disabled:BugReport"
"C:\\Program Files\\BitLord2\\BitLord.exe"="C:\\Program Files\\BitLord2\\BitLord.exe:*:Enabled: "

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe:*:Enabled:AOL"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe:*:Enabled:AOL"
"C:\\Program Files\\America Online 9.0\\waol.exe"="C:\\Program Files\\America Online 9.0\\waol.exe:*:Enabled:AOL"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

Remaining Files:
---------------

Backups Folder: - C:\SDFix\backups\backups.zip

Checking For Files with Hidden Attributes:

C:\WINDOWS\system32\pmkhg.dll
C:\i386\msimn.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch1\lock.tmp
C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch2\lock.tmp
C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch3\lock.tmp
C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch4\lock.tmp
C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp
C:\Documents and Settings\User\My Documents\~WRL0003.tmp
C:\Documents and Settings\User\My Documents\~WRL0327.tmp
C:\Documents and Settings\User\My Documents\~WRL0423.tmp
C:\Documents and Settings\User\My Documents\~WRL0485.tmp
C:\Documents and Settings\User\My Documents\~WRL0557.tmp
C:\Documents and Settings\User\My Documents\~WRL0589.tmp
C:\Documents and Settings\User\My Documents\~WRL0643.tmp
C:\Documents and Settings\User\My Documents\~WRL0706.tmp
C:\Documents and Settings\User\My Documents\~WRL0709.tmp
C:\Documents and Settings\User\My Documents\~WRL1124.tmp
C:\Documents and Settings\User\My Documents\~WRL1194.tmp
C:\Documents and Settings\User\My Documents\~WRL1399.tmp
C:\Documents and Settings\User\My Documents\~WRL1454.tmp
C:\Documents and Settings\User\My Documents\~WRL1495.tmp
C:\Documents and Settings\User\My Documents\~WRL1496.tmp
C:\Documents and Settings\User\My Documents\~WRL1506.tmp
C:\Documents and Settings\User\My Documents\~WRL1625.tmp
C:\Documents and Settings\User\My Documents\~WRL1638.tmp
C:\Documents and Settings\User\My Documents\~WRL1653.tmp
C:\Documents and Settings\User\My Documents\~WRL1698.tmp
C:\Documents and Settings\User\My Documents\~WRL1762.tmp
C:\Documents and Settings\User\My Documents\~WRL1806.tmp
C:\Documents and Settings\User\My Documents\~WRL1949.tmp
C:\Documents and Settings\User\My Documents\~WRL1953.tmp
C:\Documents and Settings\User\My Documents\~WRL2092.tmp
C:\Documents and Settings\User\My Documents\~WRL2137.tmp
C:\Documents and Settings\User\My Documents\~WRL2178.tmp
C:\Documents and Settings\User\My Documents\~WRL2247.tmp
C:\Documents and Settings\User\My Documents\~WRL2376.tmp
C:\Documents and Settings\User\My Documents\~WRL3209.tmp
C:\Documents and Settings\User\My Documents\~WRL3366.tmp
C:\Documents and Settings\User\My Documents\~WRL3554.tmp
C:\Documents and Settings\User\My Documents\~WRL3743.tmp
C:\Documents and Settings\User\My Documents\~WRL3936.tmp
C:\Documents and Settings\User\My Documents\~WRL4001.tmp
C:\Documents and Settings\User\My Documents\~WRL4083.tmp

Finished


VundoFix


VundoFix V6.4.1

Checking Java version...

Java version is 1.4.2.3
Old versions of java are exploitable and should be removed.

Java version is 1.5.0.8
Old versions of java are exploitable and should be removed.

Java version is 1.5.0.9
Old versions of java are exploitable and should be removed.

Java version is 1.5.0.11

Scan started at 3:26:39 PM 5/28/2007

Listing files found while scanning....

C:\WINDOWS\system32\jjllm.bak1
C:\WINDOWS\system32\jjllm.ini
C:\WINDOWS\system32\mldadpor.dll
C:\WINDOWS\system32\mlljj.dll
C:\WINDOWS\system32\pmkhg.dll
C:\WINDOWS\system32\ropdadlm.ini
C:\WINDOWS\system32\tuvvuro.dll

Beginning removal...

Attempting to delete C:\WINDOWS\system32\jjllm.bak1
C:\WINDOWS\system32\jjllm.bak1 Has been deleted!

Attempting to delete C:\WINDOWS\system32\jjllm.ini
C:\WINDOWS\system32\jjllm.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\mldadpor.dll
C:\WINDOWS\system32\mldadpor.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\pmkhg.dll
C:\WINDOWS\system32\pmkhg.dll Could not be deleted.

Attempting to delete C:\WINDOWS\system32\ropdadlm.ini
C:\WINDOWS\system32\ropdadlm.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\tuvvuro.dll
C:\WINDOWS\system32\tuvvuro.dll Could not be deleted.

Performing Repairs to the registry.
Done!

Beginning removal...

Attempting to delete C:\WINDOWS\system32\pmkhg.dll
C:\WINDOWS\system32\pmkhg.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\tuvvuro.dll
C:\WINDOWS\system32\tuvvuro.dll Has been deleted!

Performing Repairs to the registry.
Done!


ComboFix

"Josh Joseph" - 2007-05-28 15:37:36 Service Pack 2
ComboFix 07-05.27.V - Running from: "C:\Documents and Settings\Josh Joseph\Desktop\"


(((((((((((((((((((((((((((((((((((((((((((((((((( V Log )))))))))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\system32\cywxnqsu.dll
C:\WINDOWS\system32\ghkmp.bak1
C:\WINDOWS\system32\ghkmp.ini


* * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *


(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


"C:\DOCUME~1\JOSHJO~1\APPLIC~1\Dxcknwrd.dll"
"C:\WINDOWS\system32\wnsintcc.exe"
"C:\WINDOWS\system32\tmp75.tmp"
"C:\WINDOWS\system32\bund1\ClientBundle1.exe"
"C:\WINDOWS\system32\bund1\temp.txt"
"C:\WINDOWS\system32\bund1"
"C:\Program Files\Common Files\{3C1EE~1"
"C:\Program Files\Common Files\{4C1EE~1"
"C:\Program Files\Common Files\{4C1EE~2"
"C:\WINDOWS\system32\drivers\sfsync02.sys"

Purity Folders:

C:\WINDOWS\system32\SSEMBL~1
C:\WINDOWS\system32\SKS~1
C:\WINDOWS\YMBOLS~1
C:\Program Files\Common Files\SEMBLY~1
C:\Program Files\STEM32~1
C:\DOCUME~1\JOSHJO~1\MYDOCU~1\STEM~1



((((((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))


-------\LEGACY_SFSYNC02
-------\sfsync02


((((((((((((((((((((((((((((((( Files Created from 2007-04-28 to 2007-05-28 ))))))))))))))))))))))))))))))))))


2007-05-28 15:39 0 --a------ C:\WINDOWS\system32\sfsync02.dll
2007-05-28 15:26 <DIR> d-------- C:\VundoFix Backups
2007-05-26 10:55 <DIR> d-------- C:\d9acaa63c696aabae7f8
2007-05-26 10:31 <DIR> d-------- C:\Program Files\Warcraft III


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-05-26 15:49:12 -------- d-----w C:\Program Files\Common Files\Real
2007-05-26 15:48:54 -------- d-----w C:\DOCUME~1\JOSHJO~1\APPLIC~1\Real
2007-04-23 04:51:26 -------- d-----w C:\Program Files\Windows Media Connect 2
2007-04-21 18:38:20 8,464 ----a-w C:\WINDOWS\system32\sporder.dll
2007-04-18 16:12:23 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll
2007-04-16 02:43:38 -------- d-----w C:\DOCUME~1\JOSHJO~1\APPLIC~1\.gaim
2007-04-13 04:35:13 -------- d-----w C:\DOCUME~1\JOSHJO~1\APPLIC~1\Skype
2007-03-17 13:43:01 292,864 ----a-w C:\WINDOWS\system32\winsrv.dll
2007-03-17 02:13:59 285 ----a-w C:\WINDOWS\EReg072.dat
2007-03-17 02:12:34 4,608 ----a-w C:\WINDOWS\system32\w95inf32.dll
2007-03-17 02:12:34 2,272 ----a-w C:\WINDOWS\system32\w95inf16.dll
2007-03-08 15:36:28 577,536 ----a-w C:\WINDOWS\system32\user32.dll
2007-03-08 15:36:28 40,960 ----a-w C:\WINDOWS\system32\mf3216.dll
2007-03-08 15:36:28 281,600 ----a-w C:\WINDOWS\system32\gdi32.dll
2007-03-08 13:47:48 1,843,584 ----a-w C:\WINDOWS\system32\win32k.sys


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}=C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2006-01-12 19:38]
{53707962-6F74-2D53-2644-206D7942484F}=C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2005-05-31 01:04]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}=C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll [2006-12-15 04:23]
{8FFA5154-8203-444F-9024-00B96EBC264E}=C:\WINDOWS\system32\mlljj.dll []
{E56B96E4-8B90-46C2-84B6-889309631C75}=C:\WINDOWS\system32\pmkhg.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe" [2006-12-15 04:23]
"SigmatelSysTrayApp"="stsystra.exe" []
"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2005-06-17 08:56]
"DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-02-23 17:19]
"CTSysVol"="C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe" [2005-09-15 10:47]
"MBMon"="CTMBHA.DLL" [2005-05-19 09:54 C:\WINDOWS\system32\CTMBHA.DLL]
"ISUSPM Startup"="c:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" []
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 11:44]
"LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [2005-06-08 15:24]
"LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [2005-06-08 15:14]
"nwiz"="nwiz.exe" [2006-10-22 13:22 C:\WINDOWS\system32\nwiz.exe]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-02-16 10:54]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-03-14 19:05]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-04-22 20:57]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-10-22 12:22]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SetDefaultMIDI"="MIDIDef.exe" []
"LogitechSoftwareUpdate"="C:\Program Files\Logitech\Video\ManifestEngine.exe" [2005-06-08 14:44]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 06:00]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2005-10-24 14:53]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\mlljj]
C:\WINDOWS\system32\mlljj.dll


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]
AutoRun\command- G:\OblivionLauncher.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\H]
AutoRun\command- H:\Suppress_AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\I]
AutoRun\command- I:\AutoPlay.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\J]
AutoRun\command- J:\Suppress_AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}]
AutoRun\command- E:\setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{78d25bd6-f691-11da-bd68-00123f7e069b}]
AutoRun\command- F:\setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f261c033-4a47-11db-bd92-00123f7e069b}]
AutoRun\command- F:\autorun\autorun.exe


Contents of the 'Scheduled Tasks' folder
2007-04-18 21:32:00 C:\WINDOWS\tasks\AppleSoftwareUpdate.job
2007-05-28 20:41:00 C:\WINDOWS\tasks\Symantec NetDetect.job

********************************************************************

catchme 0.3.681 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-05-28 15:43:24
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0


********************************************************************

Completion time: 2007-05-28 15:44:06 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-05-28 15:44

--- E O F ---


Thanks so much for your help!!

#4 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:09:49 AM

Posted 28 May 2007 - 05:53 PM

Launch/start Hijackthis.
Click on the 'Open Misc Tools section' button.
Click on the button labeled 'Delete a file on reboot...'.
A new window will open asking you to select the file that you would like to delete on reboot.
Navigate to the file:
C:\WINDOWS\system32\sfsync02.dll
Click on it once, and then click on the 'Open' button.
You will now be asked if you would like to reboot your computer to delete the file.
Click on the 'Yes' button if you would like to reboot now.

**********************

Download/install AVG Anti-Spyware 7.5.

Please follow these instructions very carefully.

Launch/start up AVG Anti-Spyware.
On the main page click the 'Update' tab,and then 'Start Update'.
Note:
If you have any problems running the update process prior to running the scan,download/install the 'Full Database' from here:
http://download.ewido.net/avgas-signatures-full-current.exe

Once the updates have been installed,do the following:
Select the 'Scanner' icon at the top of the screen, then select the 'Settings' tab.
Once in the 'Settings' screen,under 'How to act?',then under 'Set default action for detected malware to:', click on 'Recommended actions',then click on 'Quarantine'.
Under 'Reports' select 'Automatically generate report after every scan' and unselect 'Only if threats were found'.
Exit AVG Anti-Spyware,don't run the scan just yet.

You might want to print/copy the following as you need to be in Safe Mode from here on.

Reboot your computer into SAFE MODE using the F8 method.
To do this,restart your computer and after hearing your computer beep once during startup (but before the Windows icon appears) press the F8 key repeatedly.
A menu will appear with several options.
Use the arrow keys on your keyboard to navigate and select the option to run Windows in "Safe Mode".

Have Hijack This fix the following [If still present], by placing a check in the appropriate boxes and selecting 'Fix checked'.
Make sure all browser and all Windows Explorer windows are closed before fixing:

O2 - BHO: (no name) - {8FFA5154-8203-444F-9024-00B96EBC264E} - C:\WINDOWS\system32\mlljj.dll (file missing)
O2 - BHO: (no name) - {E56B96E4-8B90-46C2-84B6-889309631C75} - C:\WINDOWS\system32\pmkhg.dll (file missing)
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O20 - Winlogon Notify: mlljj - C:\WINDOWS\system32\mlljj.dll (file missing)


Still in Safe Mode launch AVG Anti-Spyware.
Click the 'Scanner' icon at the top.
To start the scan click on 'Complete System Scan'.
Please be patient,it takes a while for the scan to finish.

Once the scan is complete,do the following.
If AVG Anti-Spyware detected any infected objects:,click on 'Apply All Actions'.

Next click on 'Save Report'.
Copy and paste that report into your next reply.
The report can be found under the 'Reports' tab at the top.
Close AVG Anti-Spyware when you've done.
Reboot normally.

**************************

Run 'BitDefender Online Scanner' using Internet Explorer:
http://www.bitdefender.com/scan8/ie.html
Read the 'END USER SOFTWARE LICENSE AGREEMENT' then click 'I agree'.
You'll be prompted to install the activex control,please do so.
Once installed,disable your current antivirus program,then click the 'Click here to scan' button.
The virus signatures will then load.
Once loaded the scan will start.
The scan will take quite some time so please be patient.
Once the scan has finished select the 'Detected Problems' tab.
Click on 'Click here to export scan'.
Save the file as an HTML file to your desktop.
Then click on the saved file and allow it to open with your browser.
Go to 'Edit'/'Select All' then copy and paste that log into your next reply.
*Note*
Don't forget to re-enable your antivirus program.

Post the AVG Anti Spyware report,the BitDefender Online Scanner log,and a new Hijackthis log into your next reply.
Let me know how your pc is running now please.

Posted Image
Posted Image

#5 jojoseph

jojoseph
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:03:49 AM

Posted 28 May 2007 - 06:13 PM

Alright, will do. Thanks again for the help. BTW, the computer is running much faster once again, and the pop-ups (or times IE opens trying to load a pop-up) have gone down like 95%. So very strange that this all happened... I check my comp with spy-bot and ad-aware every day....

#6 jojoseph

jojoseph
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:03:49 AM

Posted 28 May 2007 - 11:45 PM

Hijack this

Logfile of HijackThis v1.99.1
Scan saved at 10:55:05 PM, on 5/28/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16441)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\USER\Desktop\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: (no name) - {8FFA5154-8203-444F-9024-00B96EBC264E} - C:\WINDOWS\system32\mlljj.dll (file missing)
O2 - BHO: (no name) - {E56B96E4-8B90-46C2-84B6-889309631C75} - C:\WINDOWS\system32\pmkhg.dll (file missing)
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [MBMon] Rundll32 CTMBHA.DLL,MBMon
O4 - HKLM\..\Run: [ISUSPM Startup] "c:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [SetDefaultMIDI] MIDIDef.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_7 -reboot 1
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Ativa Wireless USB Utility.lnk = C:\Program Files\Ativa\USB AWGUA54\Wireless Utility\Ativawcui.exe
O4 - Global Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O20 - Winlogon Notify: mlljj - C:\WINDOWS\system32\mlljj.dll (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Creative Labs Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe



AVG

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 11:22:39 PM 5/28/2007

+ Scan result:



C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP631\A0064679.exe -> Adware.Agent : Cleaned.
C:\QooBox\Quarantine\C\WINDOWS\system32\bund1\ClientBundle1.exe.vir -> Adware.NewDotNet : Cleaned.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP631\A0064677.dll -> Adware.NewDotNet : Cleaned.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP633\A0064764.exe -> Adware.NewDotNet : Cleaned.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP633\A0064765.exe -> Adware.NewDotNet : Cleaned.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP633\A0064851.dll -> Adware.NewDotNet : Cleaned.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP633\A0064939.exe -> Adware.NewDotNet : Cleaned.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP633\A0064940.exe -> Adware.NewDotNet : Cleaned.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP636\A0065770.exe -> Adware.NewDotNet : Cleaned.
C:\WINDOWS\system32\micro1\f1.exe -> Adware.NewDotNet : Cleaned.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP634\A0065521.exe -> Adware.PurityScan : Cleaned.
C:\WINDOWS\system32\micro1\f4.exe -> Adware.SurfSide : Cleaned.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP578\A0059757.exe -> Adware.Toolbar888 : Cleaned.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP636\A0065754.dll -> Adware.Virtumonde : Cleaned.
C:\VundoFix Backups\tuvvuro.dll.bad -> Adware.Virtumonde : Cleaned.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP629\A0064546.exe -> Adware.WebBuying : Cleaned.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP630\A0064626.dll -> Adware.WebBuying : Cleaned.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP630\A0064627.exe -> Adware.WebBuying : Cleaned.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP631\A0064678.dll -> Adware.WebBuying : Cleaned.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP631\snapshot\MFEX-1.DAT -> Adware.WebBuying : Cleaned.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP631\A0064690.exe -> Downloader.Agent.ac : Cleaned.
C:\Program Files\Common Files\quou\quoud\vocabulary -> Downloader.TSUpdate.j : Cleaned.
C:\SDFix\backups_old1\core.sys -> Rootkit.Agent.eq : Cleaned.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP636\A0065685.sys -> Rootkit.Agent.eq : Cleaned.
:mozilla.257:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\7i9cepfd.default\cookies.txt -> TrackingCookie.247realmedia : Cleaned.
:mozilla.258:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\7i9cepfd.default\cookies.txt -> TrackingCookie.247realmedia : Cleaned.
:mozilla.259:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\7i9cepfd.default\cookies.txt -> TrackingCookie.247realmedia : Cleaned.
:mozilla.260:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\7i9cepfd.default\cookies.txt -> TrackingCookie.247realmedia : Cleaned.
:mozilla.261:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\7i9cepfd.default\cookies.txt -> TrackingCookie.247realmedia : Cleaned.
:mozilla.290:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\7i9cepfd.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.291:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\7i9cepfd.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.292:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\7i9cepfd.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.293:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\7i9cepfd.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.294:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\7i9cepfd.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.295:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\7i9cepfd.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.296:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\7i9cepfd.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.297:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\7i9cepfd.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.298:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\7i9cepfd.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.299:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\7i9cepfd.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.300:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\7i9cepfd.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.301:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\7i9cepfd.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.302:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\7i9cepfd.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.303:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\7i9cepfd.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.304:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\7i9cepfd.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.305:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\7i9cepfd.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.306:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\7i9cepfd.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.307:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\7i9cepfd.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.308:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\7i9cepfd.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.309:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\7i9cepfd.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.310:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\7i9cepfd.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.311:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\7i9cepfd.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.312:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\7i9cepfd.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.313:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\7i9cepfd.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.314:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\7i9cepfd.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.315:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\7i9cepfd.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.316:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\7i9cepfd.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.317:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\7i9cepfd.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.318:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\7i9cepfd.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.319:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\7i9cepfd.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.320:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\7i9cepfd.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.321:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\7i9cepfd.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.322:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\7i9cepfd.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.323:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\7i9cepfd.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.324:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\7i9cepfd.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.325:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\7i9cepfd.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.326:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\7i9cepfd.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.327:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\7i9cepfd.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.328:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\7i9cepfd.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.329:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\7i9cepfd.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.330:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\7i9cepfd.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.331:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\7i9cepfd.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.332:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\7i9cepfd.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.333:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\7i9cepfd.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.334:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\7i9cepfd.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.335:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\7i9cepfd.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.336:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\7i9cepfd.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.337:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\7i9cepfd.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.338:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\7i9cepfd.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.358:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\7i9cepfd.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.426:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\7i9cepfd.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.572:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\7i9cepfd.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.627:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\7i9cepfd.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.758:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\7i9cepfd.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\User\Cookies\josh_joseph@aavalue[1].txt -> TrackingCookie.Aavalue : Cleaned.
C:\Documents and Settings\User\Cookies\josh_joseph@arn.aavalue[1].txt -> TrackingCookie.Aavalue : Cleaned.
C:\Documents and Settings\User\Cookies\josh_joseph@getmusicfree.aavalue[1].txt -> TrackingCookie.Aavalue : Cleaned.
:mozilla.885:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\7i9cepfd.default\cookies.txt -> TrackingCookie.Abcsearch : Cleaned.
:mozilla.162:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\7i9cepfd.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.163:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\7i9cepfd.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.164:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\7i9cepfd.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.165:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\7i9cepfd.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.166:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\7i9cepfd.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.167:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\7i9cepfd.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.169:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\7i9cepfd.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.170:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\7i9cepfd.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.176:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\7i9cepfd.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.679:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\7i9cepfd.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
C:\Documents and Settings\User\Cookies\josh_joseph@adbrite[1].txt -> TrackingCookie.Adbrite : Cleaned.
C:\Documents and Settings\User\Cookies\josh_joseph@ads.adbrite[2].txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.140:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\7i9cepfd.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.143:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\7i9cepfd.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.144:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\7i9cepfd.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.145:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\7i9cepfd.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.147:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\7i9cepfd.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.27:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\7i9cepfd.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.28:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\7i9cepfd.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.29:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\7i9cepfd.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.30:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\7i9cepfd.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.31:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\7i9cepfd.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.18:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\7i9cepfd.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
:mozilla.798:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\7i9cepfd.default\cookies.txt -> TrackingCookie.Bridgetrack : Cleaned.
:mozilla.799:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\7i9cepfd.default\cookies.txt -> TrackingCookie.Bridgetrack : Cleaned.
:mozilla.44:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\7i9cepfd.default\cookies.txt -> TrackingCookie.Burstbeacon : Cleaned.
:mozilla.41:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\7i9cepfd.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.42:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\7i9cepfd.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.43:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\7i9cepfd.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.781:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\7i9cepfd.default\cookies.txt -> TrackingCookie.Clickhype : Cleaned.
:mozilla.171:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\7i9cepfd.default\cookies.txt -> TrackingCookie.Clickzs : Cleaned.
:mozilla.172:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\7i9cepfd.default\cookies.txt -> TrackingCookie.Clickzs : Cleaned.
:mozilla.218:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\7i9cepfd.default\cookies.txt -> TrackingCookie.Com : Cleaned.
:mozilla.219:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\7i9cepfd.default\cookies.txt -> TrackingCookie.Com : Cleaned.
:mozilla.220:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\7i9cepfd.default\cookies.txt -> TrackingCookie.Com : Cleaned.
C:\Documents and Settings\User\Cookies\josh_joseph@cpvfeed[2].txt -> TrackingCookie.Cpvfeed : Cleaned.
:mozilla.45:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\7i9cepfd.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.151:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\7i9cepfd.default\cookies.txt -> TrackingCookie.Enhance : Cleaned.
:mozilla.152:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\7i9cepfd.default\cookies.txt -> TrackingCookie.Enhance : Cleaned.
:mozilla.899:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\7i9cepfd.default\cookies.txt -> TrackingCookie.Etracker : Cleaned.
:mozilla.142:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\7i9cepfd.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.460:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\7i9cepfd.default\cookies.txt -> TrackingCookie.Gemius : Cleaned.
:mozilla.461:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\7i9cepfd.default\cookies.txt -> TrackingCookie.Gemius : Cleaned.
:mozilla.486:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\7i9cepfd.default\cookies.txt -> TrackingCookie.Imrworldwide : Cleaned.
:mozilla.487:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\7i9cepfd.default\cookies.txt -> TrackingCookie.Imrworldwide : Cleaned.
C:\Documents and Settings\User\Cookies\josh_joseph@server.iad.liveperson[2].txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.610:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\7i9cepfd.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.611:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\7i9cepfd.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.70:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\7i9cepfd.default\cookies.txt -> TrackingCookie.Paypal : Cleaned.
:mozilla.79:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\7i9cepfd.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.80:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\7i9cepfd.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.81:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\7i9cepfd.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.82:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\7i9cepfd.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.83:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\7i9cepfd.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
C:\Documents and Settings\User\Cookies\josh_joseph@ads.pointroll[1].txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.84:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\7i9cepfd.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.85:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\7i9cepfd.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.86:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\7i9cepfd.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.88:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\7i9cepfd.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.89:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\7i9cepfd.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.639:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\7i9cepfd.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.640:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\7i9cepfd.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.641:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\7i9cepfd.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.642:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\7i9cepfd.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.643:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\7i9cepfd.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.644:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\7i9cepfd.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.645:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\7i9cepfd.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.100:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\7i9cepfd.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.101:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\7i9cepfd.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.102:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\7i9cepfd.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.103:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\7i9cepfd.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.104:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\7i9cepfd.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.105:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\7i9cepfd.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.106:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\7i9cepfd.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.107:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\7i9cepfd.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.108:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\7i9cepfd.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.109:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\7i9cepfd.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.110:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\7i9cepfd.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.111:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\7i9cepfd.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.112:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\7i9cepfd.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.113:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\7i9cepfd.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.114:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\7i9cepfd.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.121:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\7i9cepfd.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.122:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\7i9cepfd.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.123:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\7i9cepfd.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.124:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\7i9cepfd.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.97:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\7i9cepfd.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.98:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\7i9cepfd.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.99:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\7i9cepfd.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.192:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\7i9cepfd.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.193:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\7i9cepfd.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.194:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\7i9cepfd.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.195:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\7i9cepfd.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.196:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\7i9cepfd.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.197:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\7i9cepfd.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.198:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\7i9cepfd.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.130:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\7i9cepfd.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.131:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\7i9cepfd.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.132:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\7i9cepfd.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.133:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\7i9cepfd.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.134:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\7i9cepfd.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.135:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\7i9cepfd.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.136:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\7i9cepfd.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.137:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\7i9cepfd.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.138:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\7i9cepfd.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.139:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\7i9cepfd.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
C:\Documents and Settings\User\Cookies\josh_joseph@adopt.specificclick[2].txt -> TrackingCookie.Specificclick : Cleaned.
C:\Documents and Settings\User\Cookies\josh_joseph@specificclick[2].txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.168:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\7i9cepfd.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.238:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\7i9cepfd.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.248:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\7i9cepfd.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.36:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\7i9cepfd.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.37:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\7i9cepfd.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.38:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\7i9cepfd.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.39:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\7i9cepfd.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.40:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\7i9cepfd.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.711:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\7i9cepfd.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.712:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\7i9cepfd.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.713:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\7i9cepfd.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.714:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\7i9cepfd.default\cookies.txt -> TrackingCookie.Trafic : Cleaned.
:mozilla.719:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\7i9cepfd.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.651:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\7i9cepfd.default\cookies.txt -> TrackingCookie.Valuead : Cleaned.
:mozilla.652:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\7i9cepfd.default\cookies.txt -> TrackingCookie.Valuead : Cleaned.
:mozilla.653:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\7i9cepfd.default\cookies.txt -> TrackingCookie.Valuead : Cleaned.
:mozilla.654:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\7i9cepfd.default\cookies.txt -> TrackingCookie.Valuead : Cleaned.
:mozilla.655:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\7i9cepfd.default\cookies.txt -> TrackingCookie.Valuead : Cleaned.
:mozilla.816:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\7i9cepfd.default\cookies.txt -> TrackingCookie.Webtrends : Cleaned.
:mozilla.115:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\7i9cepfd.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.116:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\7i9cepfd.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.117:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\7i9cepfd.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.118:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\7i9cepfd.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.119:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\7i9cepfd.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.120:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\7i9cepfd.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.125:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\7i9cepfd.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.126:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\7i9cepfd.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.127:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\7i9cepfd.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.128:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\7i9cepfd.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.129:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\7i9cepfd.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.141:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\7i9cepfd.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP634\A0065582.exe -> Trojan.Agent : Cleaned.
C:\QooBox\Quarantine\C\WINDOWS\system32\wnsintcc.exe.vir -> Trojan.Small : Cleaned.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP636\A0065769.exe -> Trojan.Small : Cleaned.


::Report end



As it happens, the bitdefender scan has hours to go...

And I find it a little weird that the mlljj file keeps showing up after HijackThis deleted it...

Thanks again for your help!

#7 jojoseph

jojoseph
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:03:49 AM

Posted 28 May 2007 - 11:47 PM

Whoops! Was looking at the wrong HJT log:


Logfile of HijackThis v1.99.1
Scan saved at 11:43:24 PM, on 5/28/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16441)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\WINDOWS\stsystra.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Logitech\Video\LogiTray.exe
C:\DOCUME~1\JOSHJO~1\LOCALS~1\Temp\clclean.0001
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Ativa\USB AWGUA54\Wireless Utility\Ativawcui.exe
C:\WINDOWS\system32\LVComsX.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\dllhost.exe
C:\PROGRA~1\MOZILL~2\THUNDE~1.EXE
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Grisoft\AVG7\avgcc.exe
C:\Documents and Settings\USER\Desktop\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: (no name) - {8FFA5154-8203-444F-9024-00B96EBC264E} - C:\WINDOWS\system32\mlljj.dll (file missing)
O2 - BHO: (no name) - {E56B96E4-8B90-46C2-84B6-889309631C75} - C:\WINDOWS\system32\pmkhg.dll (file missing)
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [MBMon] Rundll32 CTMBHA.DLL,MBMon
O4 - HKLM\..\Run: [ISUSPM Startup] "c:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [SetDefaultMIDI] MIDIDef.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_7 -reboot 1
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Ativa Wireless USB Utility.lnk = C:\Program Files\Ativa\USB AWGUA54\Wireless Utility\Ativawcui.exe
O4 - Global Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Creative Labs Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

#8 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:09:49 AM

Posted 29 May 2007 - 06:35 AM

Have Hijack This fix the following by placing a check in the appropriate boxes and selecting 'Fix checked'.
Make sure all browser and all Windows Explorer windows are closed before fixing:
O2 - BHO: (no name) - {8FFA5154-8203-444F-9024-00B96EBC264E} - C:\WINDOWS\system32\mlljj.dll (file missing)
O2 - BHO: (no name) - {E56B96E4-8B90-46C2-84B6-889309631C75} - C:\WINDOWS\system32\pmkhg.dll (file missing)
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)

Exit Hijackthis.

*********************

Your log is clean :thumbsup:
If all's ok,please do the following:

Find and delete:
HostsXpert 3.8
SDFix.exe
Combofix
VundoFix.exe

C:\SDFix
C:\VundoFix Backups
C:\QooBox

Click on Start/All Programs/Accessories/System Tools/System Restore.
In the 'System Restore' window,click on the 'Create a Restore Point' button,then click 'Next'.
In the window that appears,enter a description\name for the Restore Point,then click on 'Create',wait,then click 'Close'.
The date and time will be created automatically.

Next click on Start/All Programs/Accessories/System Tools/Disk Cleanup.
The 'Select Drive' box will appear,click on Ok.
The 'Disk Cleanup for [C:]' box will appear,click on the 'More Options' tab.
At the bottom in the 'System Restore' window,click on the 'Clean up...' button.
A box will pop up 'Are you sure you want to delete all but the most recent restore point?',click on 'Yes'.
Click on 'Yes' at 'Are you sure you want to perform these actions?'.
Now wait until 'Disk Cleanup' finishes and the box disappears.

Read through the information found here,to help you prevent any possible future infections.
'How to prevent Malware' by miekiemoes:
http://users.telenet.be/bluepatchy/miekiem...prevention.html

Please Note:
Your version of Sun Java is out of date.
Older versions have vulnerabilities that malware can use to infect your system.
Please follow these steps to remove older versions of Sun Java,and then update.
1. Download the latest version of Java Runtime Environment (JRE)
2. Scroll down to where it says 'Java Runtime Environment (JRE) 6u1'.
3. Click the "Download" button to the right.
4. Check the box that says: "Accept License Agreement".
5. The page will refresh.
6. Click on the link to download 'Windows Offline Installation, Multi-language' and save to your desktop.
7. Close any programs you may have running - especially your web browser.
8. Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
9. Check any item with Java Runtime Environment (JRE or J2SE) in the name.
10. Click the Change/Remove button.
11. Repeat as many times as necessary to remove each Java versions.
12. Reboot your computer once all Java components are removed.
13. Then from your desktop double-click on jre-6u1-windows-i586-p.exe to install the newest version.
Posted Image
Posted Image

#9 jojoseph

jojoseph
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:03:49 AM

Posted 29 May 2007 - 08:34 AM

Wow. Thanks again!

#10 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:09:49 AM

Posted 29 May 2007 - 09:36 AM

You're welcome jojoseph :thumbsup:

This thread will now be closed.
If you need this topic reopened, please contact a member of the HJT Team and we will reopen it for you.
Include the address of this thread in your request.
If you should have a new issue, please start a new topic.
This applies only to the original topic starter.
Everyone else please begin a New Topic.
Posted Image
Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users