Computers been playing up, nothing major, just loadsa little niggles, and as of about half hour ago, when i couldnt load up msn, i was REALLY annoyed! Check this out please Logfile of HijackThis v1.99.1 Scan saved at 18:42:30, on 06/10/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\PROGRA~1\COMMON~1\Stardock\SDMCP.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\explorer.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Q2hyaXM\command.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\HPZipm12.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\LClock\LClock.exe C:\Program Files\iTunes\iTunesHelper.exe D:\Documents and Settings\Chris\Yinstall.exe C:\windows\system32\stonedrv.exe C:\WINDOWS\v1201.exe c:\windows\system32\winlogon7.exe C:\Program Files\iPod\bin\iPodService.exe C:\dfndrff_e24.exe C:\kybrdff_e24.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\Program Files\Common Files\{44A874C3-0BF3-2057-0830-05092905002c}\Update.exe C:\Program Files\PeerGuardian2\pg2.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\WinRAR\WinRAR.exe D:\DOCUME~1\Chris\LOCALS~1\Temp\Rar$EX00.078\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.wanadoo.co.uk/iesearch/default.htm R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wanadoo.co.uk/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.wanadoo.co.uk R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Wanadoo F2 - REG:system.ini: Shell=explorer.exe "C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00025.exe" O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll O3 - Toolbar: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - (no file) O3 - Toolbar: Wanadoo - {8B68564D-53FD-4293-B80C-993A9F3988EE} - C:\PROGRA~1\Wanadoo\WSBar\WSBar.dll (file missing) O3 - Toolbar: ToolBar888 - {C004DEC2-2623-438e-9CA2-C9043AB28508} - C:\Program Files\Common Files\{34A874C3-0BF4-2057-0830-05092905002c}\MyToolBar.dll O4 - HKLM\..\Run: [LClock] C:\Program Files\LClock\LClock.exe O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [explorer] D:\Documents and Settings\Chris\Yinstall.exe O4 - HKLM\..\Run: [stonedrv] c:\windows\system32\stonedrv.exe O4 - HKLM\..\Run: [SvcManager] winlogon7.exe O4 - HKLM\..\Run: [ACTX1] C:\WINDOWS\v1201.exe O4 - HKLM\..\Run: [nwr66710] RUNDLL32.EXE w0027fe4.dll,n 0056670b0000000a0027fe4 O4 - HKLM\..\Run: [defender] C:\\dfndrff_e24.exe O4 - HKLM\..\Run: [keyboard] C:\\kybrdff_e24.exe O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKLM\..\RunServices: [stonedrv] c:\windows\system32\stonedrv.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [PeerGuardian] C:\Program Files\PeerGuardian2\pg2.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [stonedrv] c:\windows\system32\stonedrv.exe O4 - HKCU\..\Run: [shell] "C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00025.exe" O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Search with Wanadoo - res://C:\PROGRA~1\Wanadoo\WSBar\WSBar.dll/VSearch.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=http://www.wanadoo.co.uk O16 - DPF: {E055C02E-6258-40FF-80A7-3BDA52FACAD7} (Installer Class) - http://activex.matcash.com/speedtest2.dll O17 - HKLM\System\CCS\Services\Tcpip\..\{A63F059F-F9E6-4A1A-A157-8813BE59A2FC}: NameServer = 195.92.195.95 195.92.195.94 O20 - Winlogon Notify: MCPClient - C:\PROGRA~1\COMMON~1\Stardock\mcpstub.dll O20 - Winlogon Notify: Reliability - C:\WINDOWS\system32\j0j6la1s1d.dll O20 - Winlogon Notify: SharedDlls - C:\WINDOWS\system32\WQVXENCD.dll (file missing) O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\Q2hyaXM\command.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
Just run vundofix and it said it found it, although my wallpaper didn't dissapear :s Logfile of HijackThis v1.99.1 Scan saved at 19:02:51, on 06/10/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\PROGRA~1\COMMON~1\Stardock\SDMCP.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Q2hyaXM\command.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\HPZipm12.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\explorer.exe C:\Program Files\LClock\LClock.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\QuickTime\qttask.exe D:\Documents and Settings\Chris\Yinstall.exe C:\Program Files\iPod\bin\iPodService.exe C:\windows\system32\stonedrv.exe C:\WINDOWS\system32\winlogon7.exe C:\WINDOWS\v1201.exe C:\dfndrff_e24.exe C:\kybrdff_e24.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\Program Files\Common Files\{44A874C3-0BF3-2057-0830-05092905002c}\Update.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\WinRAR\WinRAR.exe C:\WINDOWS\system32\rundll32.exe D:\DOCUME~1\Chris\LOCALS~1\Temp\Rar$EX05.219\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.wanadoo.co.uk/iesearch/default.htm R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wanadoo.co.uk/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.wanadoo.co.uk R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Wanadoo F2 - REG:system.ini: Shell=explorer.exe "C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00025.exe" O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll O3 - Toolbar: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - (no file) O3 - Toolbar: Wanadoo - {8B68564D-53FD-4293-B80C-993A9F3988EE} - C:\PROGRA~1\Wanadoo\WSBar\WSBar.dll (file missing) O3 - Toolbar: ToolBar888 - {C004DEC2-2623-438e-9CA2-C9043AB28508} - C:\Program Files\Common Files\{34A874C3-0BF4-2057-0830-05092905002c}\MyToolBar.dll O4 - HKLM\..\Run: [LClock] C:\Program Files\LClock\LClock.exe O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [explorer] D:\Documents and Settings\Chris\Yinstall.exe O4 - HKLM\..\Run: [stonedrv] c:\windows\system32\stonedrv.exe O4 - HKLM\..\Run: [SvcManager] winlogon7.exe O4 - HKLM\..\Run: [ACTX1] C:\WINDOWS\v1201.exe O4 - HKLM\..\Run: [nwr66710] RUNDLL32.EXE w0027fe4.dll,n 0056670b0000000a0027fe4 O4 - HKLM\..\Run: [defender] C:\\dfndrff_e24.exe O4 - HKLM\..\Run: [keyboard] C:\\kybrdff_e24.exe O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKLM\..\RunServices: [stonedrv] c:\windows\system32\stonedrv.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [PeerGuardian] C:\Program Files\PeerGuardian2\pg2.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [stonedrv] c:\windows\system32\stonedrv.exe O4 - HKCU\..\Run: [shell] "C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00025.exe" O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Search with Wanadoo - res://C:\PROGRA~1\Wanadoo\WSBar\WSBar.dll/VSearch.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=http://www.wanadoo.co.uk O16 - DPF: {E055C02E-6258-40FF-80A7-3BDA52FACAD7} (Installer Class) - http://activex.matcash.com/speedtest2.dll O17 - HKLM\System\CCS\Services\Tcpip\..\{A63F059F-F9E6-4A1A-A157-8813BE59A2FC}: NameServer = 195.92.195.94 195.92.195.95 O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O20 - Winlogon Notify: Extensions - C:\WINDOWS\system32\j0j6la1s1d.dll O20 - Winlogon Notify: MCPClient - C:\PROGRA~1\COMMON~1\Stardock\mcpstub.dll O20 - Winlogon Notify: SharedDlls - C:\WINDOWS\system32\WQVXENCD.dll (file missing) O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\Q2hyaXM\command.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
Click here http://www.atribune.org/ccount/click.php?id=7 to download Look2Me-Destroyer.exe and save it to your desktop. Close all windows before continuing. Double-click Look2Me-Destroyer.exe to run it. Put a check next to Run this program as a task. You will receive a message saying Look2Me-Destroyer will close and re-open in approximately 10 seconds. Click OK When Look2Me-Destroyer re-opens, click the Scan for L2M button, your desktop icons will disappear, this is normal. Once it's done scanning, click the Remove L2M button. You will receive a Done Scanning message, click OK. When completed, you will receive this message: Done removing infected files! Look2Me-Destroyer will now shutdown your computer, click OK. Your computer will then shutdown. Turn your computer back on. Please post the contents of C:\Look2Me-Destroyer.txt and a new HijackThis log. If Look2Me-Destroyer does not reopen automatically, reboot and try again. If you receive a message from your firewall about this program accessing the internet please allow it. If you receive a runtime error '339' please download MSWINSCK.OCX from here http://www.ascentive.com/support/new/images/lib/MSWINSCK.OCX and place it in your C:\Windows\System32 Folder. Download Ewido Anti-Spyware http://www.ewido.net/en/download/ · Install and run ewido · Click Scanner · select the "Settings" tab. · Once in the Settings screen click on "Recommended actions" and then select "Delete". · Select "Automatically generate report after every scan" · UnSelect "Only if threats were found" · Click Complete System Scan and the scan will begin. · When the scan is finished, Set all items to delete · Click Apply all actions · Click the Save report button. · Save the report to your C: Drive Reboot Post that log and a new HiJack log
Right here goes: Look2Me-Destroyer V1.0.12 Scanning for infected files..... Scan started at 06/10/2006 19:31:06 Infected! C:\WINDOWS\system32\j0j6la1s1d.dll Infected! C:\WINDOWS\system32\WQVXENCD.dll Infected! C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP71\A0019300.dll Infected! C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP71\A0019301.dll Infected! C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP71\A0019337.dll Infected! C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP71\A0019338.dll Infected! C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP71\A0019339.dll Infected! C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP71\A0019354.dll Infected! C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP71\A0019355.dll Infected! C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP72\A0020354.dll Infected! C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP73\A0021367.dll Infected! C:\WINDOWS\system32\cudial32.dll Infected! C:\WINDOWS\system32\gp8ql3l51.dll Infected! C:\WINDOWS\system32\h44mleh11h4.dll Infected! C:\WINDOWS\system32\ir8ol5l31.dll Infected! C:\WINDOWS\system32\j0j6la1s1d.dll Infected! C:\WINDOWS\system32\j84o0ih3e84.dll Infected! C:\WINDOWS\system32\jt0407dqe.dll Infected! C:\WINDOWS\system32\rwpsnd.dll Infected! C:\WINDOWS\system32\swrenacm.dll Infected! C:\WINDOWS\system32\guard.tmp Attempting to delete infected files... Attempting to delete: C:\WINDOWS\system32\j0j6la1s1d.dll C:\WINDOWS\system32\j0j6la1s1d.dll Deleted successfully! Attempting to delete: C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP71\A0019300.dll C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP71\A0019300.dll Deleted successfully! Attempting to delete: C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP71\A0019301.dll C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP71\A0019301.dll Deleted successfully! Attempting to delete: C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP71\A0019337.dll C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP71\A0019337.dll Deleted successfully! Attempting to delete: C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP71\A0019338.dll C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP71\A0019338.dll Deleted successfully! Attempting to delete: C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP71\A0019339.dll C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP71\A0019339.dll Deleted successfully! Attempting to delete: C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP71\A0019354.dll C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP71\A0019354.dll Deleted successfully! Attempting to delete: C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP71\A0019355.dll C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP71\A0019355.dll Deleted successfully! Attempting to delete: C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP72\A0020354.dll C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP72\A0020354.dll Deleted successfully! Attempting to delete: C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP73\A0021367.dll C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP73\A0021367.dll Deleted successfully! Attempting to delete: C:\WINDOWS\system32\cudial32.dll C:\WINDOWS\system32\cudial32.dll Deleted successfully! Attempting to delete: C:\WINDOWS\system32\gp8ql3l51.dll C:\WINDOWS\system32\gp8ql3l51.dll Deleted successfully! Attempting to delete: C:\WINDOWS\system32\h44mleh11h4.dll C:\WINDOWS\system32\h44mleh11h4.dll Deleted successfully! Attempting to delete: C:\WINDOWS\system32\ir8ol5l31.dll C:\WINDOWS\system32\ir8ol5l31.dll Deleted successfully! Attempting to delete: C:\WINDOWS\system32\j0j6la1s1d.dll C:\WINDOWS\system32\j0j6la1s1d.dll Deleted successfully! Attempting to delete: C:\WINDOWS\system32\j84o0ih3e84.dll C:\WINDOWS\system32\j84o0ih3e84.dll Deleted successfully! Attempting to delete: C:\WINDOWS\system32\jt0407dqe.dll C:\WINDOWS\system32\jt0407dqe.dll Deleted successfully! Attempting to delete: C:\WINDOWS\system32\rwpsnd.dll C:\WINDOWS\system32\rwpsnd.dll Deleted successfully! Attempting to delete: C:\WINDOWS\system32\swrenacm.dll C:\WINDOWS\system32\swrenacm.dll Deleted successfully! Attempting to delete: C:\WINDOWS\system32\guard.tmp C:\WINDOWS\system32\guard.tmp Deleted successfully! Making registry repairs. Removing: HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Extensions Removing: HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SharedDLLs Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{3C270C5E-11FA-4DA9-8E90-E62DD8CF7C46}" HKCR\Clsid\{3C270C5E-11FA-4DA9-8E90-E62DD8CF7C46} Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{BF979F65-4A78-462B-BB2C-0F791BBE5857}" HKCR\Clsid\{BF979F65-4A78-462B-BB2C-0F791BBE5857} Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{2BA228C3-1171-4754-8C09-E39E256FD193}" HKCR\Clsid\{2BA228C3-1171-4754-8C09-E39E256FD193} Restoring Windows certificates. Replaced hosts file with default windows hosts file Restoring SeDebugPrivilege for Administrators - Succeeded ***AND HERES THE HJT LOG*** Logfile of HijackThis v1.99.1 Scan saved at 19:41:56, on 06/10/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\PROGRA~1\COMMON~1\Stardock\SDMCP.exe C:\WINDOWS\explorer.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Q2hyaXM\command.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\HPZipm12.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\LClock\LClock.exe C:\Program Files\iTunes\iTunesHelper.exe D:\Documents and Settings\Chris\Yinstall.exe C:\windows\system32\stonedrv.exe C:\WINDOWS\system32\winlogon7.exe C:\WINDOWS\v1201.exe C:\dfndrff_e24.exe C:\kybrdff_e24.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\Program Files\Common Files\{44A874C3-0BF3-2057-0830-05092905002c}\Update.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\PeerGuardian2\pg2.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Mozilla Firefox\firefox.exe D:\DOCUME~1\Chris\LOCALS~1\Temp\Rar$EX00.313\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.wanadoo.co.uk/iesearch/default.htm R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wanadoo.co.uk/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.wanadoo.co.uk R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Wanadoo F2 - REG:system.ini: Shell=explorer.exe "C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00025.exe" O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll O3 - Toolbar: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - (no file) O3 - Toolbar: Wanadoo - {8B68564D-53FD-4293-B80C-993A9F3988EE} - C:\PROGRA~1\Wanadoo\WSBar\WSBar.dll (file missing) O3 - Toolbar: ToolBar888 - {C004DEC2-2623-438e-9CA2-C9043AB28508} - C:\Program Files\Common Files\{34A874C3-0BF4-2057-0830-05092905002c}\MyToolBar.dll O4 - HKLM\..\Run: [LClock] C:\Program Files\LClock\LClock.exe O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [explorer] D:\Documents and Settings\Chris\Yinstall.exe O4 - HKLM\..\Run: [stonedrv] c:\windows\system32\stonedrv.exe O4 - HKLM\..\Run: [SvcManager] winlogon7.exe O4 - HKLM\..\Run: [ACTX1] C:\WINDOWS\v1201.exe O4 - HKLM\..\Run: [nwr66710] RUNDLL32.EXE w0027fe4.dll,n 0056670b0000000a0027fe4 O4 - HKLM\..\Run: [defender] C:\\dfndrff_e24.exe O4 - HKLM\..\Run: [keyboard] C:\\kybrdff_e24.exe O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKLM\..\RunServices: [stonedrv] c:\windows\system32\stonedrv.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [PeerGuardian] C:\Program Files\PeerGuardian2\pg2.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [stonedrv] c:\windows\system32\stonedrv.exe O4 - HKCU\..\Run: [shell] "C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00025.exe" O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Search with Wanadoo - res://C:\PROGRA~1\Wanadoo\WSBar\WSBar.dll/VSearch.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=http://www.wanadoo.co.uk O16 - DPF: {E055C02E-6258-40FF-80A7-3BDA52FACAD7} (Installer Class) - http://activex.matcash.com/speedtest2.dll O17 - HKLM\System\CCS\Services\Tcpip\..\{A63F059F-F9E6-4A1A-A157-8813BE59A2FC}: NameServer = 195.92.195.94 195.92.195.95 O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O20 - Winlogon Notify: MCPClient - C:\PROGRA~1\COMMON~1\Stardock\mcpstub.dll O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\Q2hyaXM\command.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
Im doing that now. I thought id post those first as it was taking a while, see if you spotted anything out of place
--------------------------------------------------------- AVG Anti-Spyware - Scan Report --------------------------------------------------------- + Created at: 20:37:47 06/10/2006 + Scan result: D:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP12\A0002135.exe -> Adware.180Solutions : Cleaned. C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP73\A0021417.dll -> Adware.CommAd : Cleaned. C:\WINDOWS\Q2hyaXM\__delete_on_reboot__a_s_a_p_p_s_r_v_._d_l_l_ -> Adware.CommAd : Cleaned. C:\WINDOWS\Q2hyaXM\command.exe -> Adware.CommAd : Cleaned. C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP73\A0021379.dll -> Adware.Look2Me : Cleaned. C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP73\A0021380.dll -> Adware.Look2Me : Cleaned. C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP73\A0021381.dll -> Adware.Look2Me : Cleaned. C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP73\A0021382.dll -> Adware.Look2Me : Cleaned. C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP73\A0021383.dll -> Adware.Look2Me : Cleaned. C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP73\A0021384.dll -> Adware.Look2Me : Cleaned. C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP73\A0021385.dll -> Adware.Look2Me : Cleaned. C:\WINDOWS\system32\guard.tmp_tobedeleted -> Adware.Look2Me : Cleaned. C:\warebundlenewer.exe -> Adware.Look2Me : Cleaned. C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP71\A0019480.exe -> Adware.PurityScan : Cleaned. C:\WINDOWS\system32\Yinstall.exe -> Adware.PurityScan : Cleaned. D:\Documents and Settings\Chris\Local Settings\Temp\Temporary Internet Files\Content.IE5\ZQ8BS54P\Yinstall[1].mp3 -> Adware.PurityScan : Cleaned. D:\Documents and Settings\Chris\Yinstall.exe -> Adware.PurityScan : Cleaned. D:\Documents and Settings\Chris\mt-uninstaller.exe -> Adware.PurityScan : Cleaned. D:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP71\A0019294.exe -> Adware.PurityScan : Cleaned. D:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP71\A0019362.exe -> Adware.PurityScan : Cleaned. D:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP71\A0019455.exe -> Adware.PurityScan : Cleaned. C:\Program Files\Deskbar\deskbar.dll -> Adware.Softomate : Cleaned. C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP71\A0019345.exe/IUCMORE.DLL -> Adware.Ucmore : Cleaned. C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP71\A0019345.exe/UCMTSAIE.DLL -> Adware.Ucmore : Cleaned. C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP71\A0019345.exe/empty_00000001 -> Adware.Ucmore : Cleaned. C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP71\A0019346.dll -> Adware.Ucmore : Cleaned. C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP71\A0019347.dll -> Adware.Ucmore : Cleaned. D:\Documents and Settings\Steve.SN048853520471.000\Start Menu\Programs\UCmore - The Search Accelerator -> Adware.Ucmore : Cleaned. D:\Documents and Settings\Steve.SN048853520471.000\Start Menu\Programs\UCmore - The Search Accelerator\How To Uninstall.lnk -> Adware.Ucmore : Error during cleaning. D:\Documents and Settings\Steve.SN048853520471.000\Start Menu\Programs\UCmore - The Search Accelerator\UCmore - The Search Accelerator.lnk -> Adware.Ucmore : Error during cleaning. D:\Documents and Settings\Steve.SN048853520471.000\Start Menu\Programs\UCmore - The Search Accelerator\UCmore Tour.lnk -> Adware.Ucmore : Error during cleaning. C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP72\A0020355.rbf -> Backdoor.MSNMaker.z : Cleaned. D:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP71\A0019295.pif -> Backdoor.MSNMaker.z : Cleaned. C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP71\A0019482.exe -> Downloader.Adload.fu : Cleaned. C:\WINDOWS\system32\drsmartload1135a.exe -> Downloader.Adload.fu : Cleaned. D:\Documents and Settings\Chris\Local Settings\Temp\Temporary Internet Files\Content.IE5\61C5678J\drsmartload1135a[1].exe -> Downloader.Adload.fu : Cleaned. D:\Documents and Settings\Chris\drsmartload1135a.exe -> Downloader.Adload.fu : Cleaned. D:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP71\A0019291.exe -> Downloader.Adload.fu : Cleaned. D:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP71\A0019457.exe -> Downloader.Adload.fu : Cleaned. C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP71\A0019328.exe -> Downloader.Adload.gf : Cleaned. C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP71\A0019474.exe -> Downloader.Adload.gf : Cleaned. C:\WINDOWS\system32\nwr66710.dll -> Downloader.Agent.awb : Cleaned. C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP71\A0019483.exe -> Downloader.Harnig.cu : Cleaned. C:\WINDOWS\system32\loadadv455.exe -> Downloader.Harnig.cu : Cleaned. D:\Documents and Settings\Chris\Local Settings\Temp\Temporary Internet Files\Content.IE5\2R47MNIF\loadadv455[1].exe -> Downloader.Harnig.cu : Cleaned. D:\Documents and Settings\Chris\loadadv455.exe -> Downloader.Harnig.cu : Cleaned. D:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP71\A0019292.exe -> Downloader.Harnig.cu : Cleaned. D:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP71\A0019458.exe -> Downloader.Harnig.cu : Cleaned. C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP71\A0019335.exe -> Downloader.Small : Cleaned. C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP71\A0019336.dll -> Downloader.Small : Cleaned. C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP71\A0018292.exe -> Downloader.Small.ajc : Cleaned. C:\Program Files\Messenger\mewomyw.dll -> Downloader.Small.ctp : Cleaned. C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP73\A0021414.exe -> Hijacker.Small : Cleaned. C:\Program Files\Common Files\pofoz.html -> Hijacker.Small.jf : Cleaned. C:\Program Files\Internet Explorer\mecewem.html -> Hijacker.Small.jf : Cleaned. C:\WINDOWS\Downloaded Program Files\speedtest2.dll -> Not-A-Virus.Downloader.Win32.InsTool.a : Cleaned. C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP71\A0019341.exe -> Not-A-Virus.Monitor.Win32.NetMon.a : Cleaned. C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP71\A0019473.exe -> Not-A-Virus.Monitor.Win32.NetMon.a : Cleaned. C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP71\A0019320.exe -> Proxy.Small.bo : Cleaned. C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP71\A0019321.exe -> Proxy.Small.bo : Cleaned. C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP71\A0019352.exe -> Proxy.Small.bo : Cleaned. C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP71\A0019465.exe -> Proxy.Small.bo : Cleaned. C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP71\A0019466.exe -> Proxy.Small.bo : Cleaned. C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP73\A0021413.exe -> Proxy.Small.bo : Cleaned. C:\WINDOWS\system32\__delete_on_reboot__s_t_o_n_e_d_r_v_._e_x_e_ -> Proxy.Small.bo : Cleaned. D:\Documents and Settings\Chris\Local Settings\Temp\Temporary Internet Files\Content.IE5\ZQ8BS54P\ljeuqaxuj[1].htm -> Proxy.Small.bo : Cleaned. :mozilla.127:\RECYCLER\S-1-5-21-2067689471-534587028-3215152666-500\Dd56\Application Data\Mozilla\Firefox\Profiles\y2mp4w9d.default\cookies.txt -> TrackingCookie.247realmedia : Cleaned. :mozilla.15:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\3s9w2q5e.default\cookies.txt -> TrackingCookie.2o7 : Cleaned. :mozilla.76:\RECYCLER\S-1-5-21-2067689471-534587028-3215152666-500\Dd56\Application Data\Mozilla\Firefox\Profiles\y2mp4w9d.default\cookies.txt -> TrackingCookie.2o7 : Cleaned. :mozilla.168:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\m6482rnr.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned. :mozilla.169:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\m6482rnr.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned. :mozilla.170:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\m6482rnr.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned. :mozilla.178:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\m6482rnr.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned. :mozilla.607:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\m6482rnr.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned. :mozilla.80:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\3s9w2q5e.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned. :mozilla.81:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\3s9w2q5e.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned. :mozilla.17:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\m6482rnr.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned. :mozilla.18:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\m6482rnr.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned. :mozilla.19:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\m6482rnr.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned. :mozilla.20:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\m6482rnr.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned. :mozilla.22:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\m6482rnr.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned. :mozilla.23:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\m6482rnr.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned. :mozilla.24:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\m6482rnr.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned. :mozilla.62:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\3s9w2q5e.default\cookies.txt -> TrackingCookie.Adtech : Cleaned. :mozilla.63:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\3s9w2q5e.default\cookies.txt -> TrackingCookie.Adtech : Cleaned. :mozilla.82:\RECYCLER\S-1-5-21-2067689471-534587028-3215152666-500\Dd56\Application Data\Mozilla\Firefox\Profiles\y2mp4w9d.default\cookies.txt -> TrackingCookie.Adtech : Cleaned. :mozilla.83:\RECYCLER\S-1-5-21-2067689471-534587028-3215152666-500\Dd56\Application Data\Mozilla\Firefox\Profiles\y2mp4w9d.default\cookies.txt -> TrackingCookie.Adtech : Cleaned. :mozilla.63:\RECYCLER\S-1-5-21-2067689471-534587028-3215152666-500\Dd56\Application Data\Mozilla\Firefox\Profiles\y2mp4w9d.default\cookies.txt -> TrackingCookie.Advertising : Cleaned. :mozilla.64:\RECYCLER\S-1-5-21-2067689471-534587028-3215152666-500\Dd56\Application Data\Mozilla\Firefox\Profiles\y2mp4w9d.default\cookies.txt -> TrackingCookie.Advertising : Cleaned. :mozilla.65:\RECYCLER\S-1-5-21-2067689471-534587028-3215152666-500\Dd56\Application Data\Mozilla\Firefox\Profiles\y2mp4w9d.default\cookies.txt -> TrackingCookie.Advertising : Cleaned. :mozilla.66:\RECYCLER\S-1-5-21-2067689471-534587028-3215152666-500\Dd56\Application Data\Mozilla\Firefox\Profiles\y2mp4w9d.default\cookies.txt -> TrackingCookie.Advertising : Cleaned. :mozilla.132:\RECYCLER\S-1-5-21-2067689471-534587028-3215152666-500\Dd56\Application Data\Mozilla\Firefox\Profiles\y2mp4w9d.default\cookies.txt -> TrackingCookie.Adviva : Cleaned. :mozilla.61:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\3s9w2q5e.default\cookies.txt -> TrackingCookie.Adviva : Cleaned. :mozilla.28:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\3s9w2q5e.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned. :mozilla.36:\RECYCLER\S-1-5-21-2067689471-534587028-3215152666-500\Dd56\Application Data\Mozilla\Firefox\Profiles\y2mp4w9d.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned. :mozilla.144:\RECYCLER\S-1-5-21-2067689471-534587028-3215152666-500\Dd56\Application Data\Mozilla\Firefox\Profiles\y2mp4w9d.default\cookies.txt -> TrackingCookie.Bfast : Cleaned. :mozilla.22:\RECYCLER\S-1-5-21-2067689471-534587028-3215152666-500\Dd56\Application Data\Mozilla\Firefox\Profiles\y2mp4w9d.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned. :mozilla.27:\RECYCLER\S-1-5-21-2067689471-534587028-3215152666-500\Dd56\Application Data\Mozilla\Firefox\Profiles\y2mp4w9d.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned. :mozilla.36:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\m6482rnr.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned. :mozilla.37:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\m6482rnr.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned. :mozilla.38:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\m6482rnr.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned. :mozilla.39:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\m6482rnr.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned. :mozilla.40:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\m6482rnr.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned. :mozilla.41:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\m6482rnr.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned. :mozilla.42:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\m6482rnr.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned. :mozilla.43:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\m6482rnr.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned. :mozilla.57:\RECYCLER\S-1-5-21-2067689471-534587028-3215152666-500\Dd56\Application Data\Mozilla\Firefox\Profiles\y2mp4w9d.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned. :mozilla.58:\RECYCLER\S-1-5-21-2067689471-534587028-3215152666-500\Dd56\Application Data\Mozilla\Firefox\Profiles\y2mp4w9d.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned. :mozilla.59:\RECYCLER\S-1-5-21-2067689471-534587028-3215152666-500\Dd56\Application Data\Mozilla\Firefox\Profiles\y2mp4w9d.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned. :mozilla.60:\RECYCLER\S-1-5-21-2067689471-534587028-3215152666-500\Dd56\Application Data\Mozilla\Firefox\Profiles\y2mp4w9d.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned. :mozilla.61:\RECYCLER\S-1-5-21-2067689471-534587028-3215152666-500\Dd56\Application Data\Mozilla\Firefox\Profiles\y2mp4w9d.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned. :mozilla.613:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\m6482rnr.default\cookies.txt -> TrackingCookie.Clickhype : Cleaned. :mozilla.614:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\m6482rnr.default\cookies.txt -> TrackingCookie.Clickhype : Cleaned. :mozilla.615:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\m6482rnr.default\cookies.txt -> TrackingCookie.Clickhype : Cleaned. :mozilla.616:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\m6482rnr.default\cookies.txt -> TrackingCookie.Clickhype : Cleaned. :mozilla.102:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\m6482rnr.default\cookies.txt -> TrackingCookie.Com : Cleaned. :mozilla.103:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\m6482rnr.default\cookies.txt -> TrackingCookie.Com : Cleaned. :mozilla.113:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\m6482rnr.default\cookies.txt -> TrackingCookie.Cpvfeed : Cleaned. :mozilla.114:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\m6482rnr.default\cookies.txt -> TrackingCookie.Cpvfeed : Cleaned. :mozilla.115:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\m6482rnr.default\cookies.txt -> TrackingCookie.Cpvfeed : Cleaned. :mozilla.116:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\m6482rnr.default\cookies.txt -> TrackingCookie.Cpvfeed : Cleaned. :mozilla.25:\RECYCLER\S-1-5-21-2067689471-534587028-3215152666-500\Dd56\Application Data\Mozilla\Firefox\Profiles\y2mp4w9d.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned. :mozilla.26:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\3s9w2q5e.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned. :mozilla.408:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\m6482rnr.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned. :mozilla.409:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\m6482rnr.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned. :mozilla.410:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\m6482rnr.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned. D:\RECYCLER\S-1-5-21-2067689471-534587028-3215152666-500\Dd56\Cookies\stephen@e-2dj6wflygoazobq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned. :mozilla.504:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\m6482rnr.default\cookies.txt -> TrackingCookie.Etracker : Cleaned. :mozilla.505:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\m6482rnr.default\cookies.txt -> TrackingCookie.Etracker : Cleaned. :mozilla.438:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\m6482rnr.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned. :mozilla.439:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\m6482rnr.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned. :mozilla.440:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\m6482rnr.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned. :mozilla.51:\RECYCLER\S-1-5-21-2067689471-534587028-3215152666-500\Dd56\Application Data\Mozilla\Firefox\Profiles\y2mp4w9d.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned. :mozilla.52:\RECYCLER\S-1-5-21-2067689471-534587028-3215152666-500\Dd56\Application Data\Mozilla\Firefox\Profiles\y2mp4w9d.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned. :mozilla.53:\RECYCLER\S-1-5-21-2067689471-534587028-3215152666-500\Dd56\Application Data\Mozilla\Firefox\Profiles\y2mp4w9d.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned. :mozilla.54:\RECYCLER\S-1-5-21-2067689471-534587028-3215152666-500\Dd56\Application Data\Mozilla\Firefox\Profiles\y2mp4w9d.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned. :mozilla.66:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\3s9w2q5e.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned. :mozilla.67:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\3s9w2q5e.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned. :mozilla.68:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\3s9w2q5e.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned. D:\RECYCLER\S-1-5-21-2067689471-534587028-3215152666-500\Dd56\Cookies\stephen@adopt.euroclick[1].txt -> TrackingCookie.Euroclick : Cleaned. :mozilla.77:\RECYCLER\S-1-5-21-2067689471-534587028-3215152666-500\Dd56\Application Data\Mozilla\Firefox\Profiles\y2mp4w9d.default\cookies.txt -> TrackingCookie.Falkag : Cleaned. :mozilla.19:\RECYCLER\S-1-5-21-2067689471-534587028-3215152666-500\Dd56\Application Data\Mozilla\Firefox\Profiles\y2mp4w9d.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned. :mozilla.20:\RECYCLER\S-1-5-21-2067689471-534587028-3215152666-500\Dd56\Application Data\Mozilla\Firefox\Profiles\y2mp4w9d.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned. :mozilla.21:\RECYCLER\S-1-5-21-2067689471-534587028-3215152666-500\Dd56\Application Data\Mozilla\Firefox\Profiles\y2mp4w9d.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned. :mozilla.24:\RECYCLER\S-1-5-21-2067689471-534587028-3215152666-500\Dd56\Application Data\Mozilla\Firefox\Profiles\y2mp4w9d.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned. :mozilla.28:\RECYCLER\S-1-5-21-2067689471-534587028-3215152666-500\Dd56\Application Data\Mozilla\Firefox\Profiles\y2mp4w9d.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned. :mozilla.29:\RECYCLER\S-1-5-21-2067689471-534587028-3215152666-500\Dd56\Application Data\Mozilla\Firefox\Profiles\y2mp4w9d.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned. :mozilla.311:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\m6482rnr.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned. :mozilla.392:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\m6482rnr.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned. :mozilla.407:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\m6482rnr.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned. :mozilla.556:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\m6482rnr.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned. :mozilla.564:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\m6482rnr.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned. :mozilla.59:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\3s9w2q5e.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned. :mozilla.771:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\m6482rnr.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned. :mozilla.772:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\m6482rnr.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned. :mozilla.774:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\m6482rnr.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned. :mozilla.789:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\m6482rnr.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned. :mozilla.790:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\m6482rnr.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned. :mozilla.811:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\m6482rnr.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned. :mozilla.822:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\m6482rnr.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned. :mozilla.82:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\3s9w2q5e.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned. :mozilla.836:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\m6482rnr.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned. :mozilla.846:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\m6482rnr.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned. :mozilla.849:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\m6482rnr.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned. :mozilla.108:\RECYCLER\S-1-5-21-2067689471-534587028-3215152666-500\Dd56\Application Data\Mozilla\Firefox\Profiles\y2mp4w9d.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned. :mozilla.109:\RECYCLER\S-1-5-21-2067689471-534587028-3215152666-500\Dd56\Application Data\Mozilla\Firefox\Profiles\y2mp4w9d.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned. :mozilla.111:\RECYCLER\S-1-5-21-2067689471-534587028-3215152666-500\Dd56\Application Data\Mozilla\Firefox\Profiles\y2mp4w9d.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned. :mozilla.821:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\m6482rnr.default\cookies.txt -> TrackingCookie.Hypertracker : Cleaned. :mozilla.183:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\m6482rnr.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned. :mozilla.184:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\m6482rnr.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned. :mozilla.185:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\m6482rnr.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned. :mozilla.538:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\m6482rnr.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned. :mozilla.539:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\m6482rnr.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned. :mozilla.540:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\m6482rnr.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned. :mozilla.557:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\m6482rnr.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned. :mozilla.558:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\m6482rnr.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned. :mozilla.785:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\m6482rnr.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned. :mozilla.786:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\m6482rnr.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned. :mozilla.841:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\m6482rnr.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned. :mozilla.65:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\3s9w2q5e.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned. :mozilla.84:\RECYCLER\S-1-5-21-2067689471-534587028-3215152666-500\Dd56\Application Data\Mozilla\Firefox\Profiles\y2mp4w9d.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned. :mozilla.834:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\m6482rnr.default\cookies.txt -> TrackingCookie.Onestat : Cleaned. :mozilla.835:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\m6482rnr.default\cookies.txt -> TrackingCookie.Onestat : Cleaned. :mozilla.196:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\m6482rnr.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned. :mozilla.197:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\m6482rnr.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned. :mozilla.198:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\m6482rnr.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned. :mozilla.199:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\m6482rnr.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned. :mozilla.202:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\m6482rnr.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned. :mozilla.203:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\m6482rnr.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned. :mozilla.204:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\m6482rnr.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned. :mozilla.530:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\m6482rnr.default\cookies.txt -> TrackingCookie.Revenue : Cleaned. :mozilla.416:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\m6482rnr.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned. :mozilla.417:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\m6482rnr.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned. :mozilla.418:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\m6482rnr.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned. :mozilla.419:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\m6482rnr.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned. :mozilla.420:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\m6482rnr.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned. :mozilla.421:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\m6482rnr.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned. :mozilla.707:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\m6482rnr.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned. :mozilla.708:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\m6482rnr.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned. :mozilla.48:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\3s9w2q5e.default\cookies.txt -> TrackingCookie.Sitestat : Cleaned. :mozilla.50:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\3s9w2q5e.default\cookies.txt -> TrackingCookie.Sitestat : Cleaned. :mozilla.639:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\m6482rnr.default\cookies.txt -> TrackingCookie.Sitestat : Cleaned. :mozilla.55:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\3s9w2q5e.default\cookies.txt -> TrackingCookie.Starware : Cleaned. :mozilla.56:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\3s9w2q5e.default\cookies.txt -> TrackingCookie.Starware : Cleaned. :mozilla.57:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\3s9w2q5e.default\cookies.txt -> TrackingCookie.Starware : Cleaned. :mozilla.58:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\3s9w2q5e.default\cookies.txt -> TrackingCookie.Starware : Cleaned. :mozilla.323:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\m6482rnr.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned. :mozilla.324:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\m6482rnr.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned. :mozilla.325:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\m6482rnr.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned. :mozilla.326:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\m6482rnr.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned. :mozilla.327:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\m6482rnr.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned. :mozilla.328:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\m6482rnr.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned. :mozilla.330:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\m6482rnr.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned. :mozilla.331:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\m6482rnr.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned. :mozilla.51:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\3s9w2q5e.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned. :mozilla.52:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\3s9w2q5e.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned. D:\Documents and Settings\Chris\Local Settings\Temp\Cookies\chris@statcounter[1].txt -> TrackingCookie.Statcounter : Cleaned. :mozilla.23:\RECYCLER\S-1-5-21-2067689471-534587028-3215152666-500\Dd56\Application Data\Mozilla\Firefox\Profiles\y2mp4w9d.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned. :mozilla.257:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\m6482rnr.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned. :mozilla.261:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\m6482rnr.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned. :mozilla.263:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\m6482rnr.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned. :mozilla.26:\RECYCLER\S-1-5-21-2067689471-534587028-3215152666-500\Dd56\Application Data\Mozilla\Firefox\Profiles\y2mp4w9d.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned. :mozilla.30:\RECYCLER\S-1-5-21-2067689471-534587028-3215152666-500\Dd56\Application Data\Mozilla\Firefox\Profiles\y2mp4w9d.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned. :mozilla.31:\RECYCLER\S-1-5-21-2067689471-534587028-3215152666-500\Dd56\Application Data\Mozilla\Firefox\Profiles\y2mp4w9d.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned. :mozilla.32:\RECYCLER\S-1-5-21-2067689471-534587028-3215152666-500\Dd56\Application Data\Mozilla\Firefox\Profiles\y2mp4w9d.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned. :mozilla.85:\RECYCLER\S-1-5-21-2067689471-534587028-3215152666-500\Dd56\Application Data\Mozilla\Firefox\Profiles\y2mp4w9d.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned. :mozilla.86:\RECYCLER\S-1-5-21-2067689471-534587028-3215152666-500\Dd56\Application Data\Mozilla\Firefox\Profiles\y2mp4w9d.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned. :mozilla.87:\RECYCLER\S-1-5-21-2067689471-534587028-3215152666-500\Dd56\Application Data\Mozilla\Firefox\Profiles\y2mp4w9d.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned. :mozilla.88:\RECYCLER\S-1-5-21-2067689471-534587028-3215152666-500\Dd56\Application Data\Mozilla\Firefox\Profiles\y2mp4w9d.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned. :mozilla.49:\RECYCLER\S-1-5-21-2067689471-534587028-3215152666-500\Dd56\Application Data\Mozilla\Firefox\Profiles\y2mp4w9d.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned. :mozilla.50:\RECYCLER\S-1-5-21-2067689471-534587028-3215152666-500\Dd56\Application Data\Mozilla\Firefox\Profiles\y2mp4w9d.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned. :mozilla.48:\RECYCLER\S-1-5-21-2067689471-534587028-3215152666-500\Dd56\Application Data\Mozilla\Firefox\Profiles\y2mp4w9d.default\cookies.txt -> TrackingCookie.Valueclick : Cleaned. :mozilla.491:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\m6482rnr.default\cookies.txt -> TrackingCookie.Web-stat : Cleaned. :mozilla.492:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\m6482rnr.default\cookies.txt -> TrackingCookie.Web-stat : Cleaned. :mozilla.525:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\m6482rnr.default\cookies.txt -> TrackingCookie.Web-stat : Cleaned. :mozilla.12:\RECYCLER\S-1-5-21-2067689471-534587028-3215152666-500\Dd56\Application Data\Mozilla\Firefox\Profiles\y2mp4w9d.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned. :mozilla.54:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\m6482rnr.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned. :mozilla.55:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\m6482rnr.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned. :mozilla.56:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\m6482rnr.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned. :mozilla.57:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\m6482rnr.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned. :mozilla.58:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\m6482rnr.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned. :mozilla.59:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\m6482rnr.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned. :mozilla.60:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\m6482rnr.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned. :mozilla.61:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\m6482rnr.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned. :mozilla.62:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\m6482rnr.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned. :mozilla.63:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\m6482rnr.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned. D:\Documents and Settings\Chris\Local Settings\Temp\Cookies\chris@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Cleaned. D:\RECYCLER\S-1-5-21-2067689471-534587028-3215152666-500\Dd56\Cookies\stephen@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Cleaned. :mozilla.134:\RECYCLER\S-1-5-21-2067689471-534587028-3215152666-500\Dd56\Application Data\Mozilla\Firefox\Profiles\y2mp4w9d.default\cookies.txt -> TrackingCookie.Zedo : Cleaned. :mozilla.135:\RECYCLER\S-1-5-21-2067689471-534587028-3215152666-500\Dd56\Application Data\Mozilla\Firefox\Profiles\y2mp4w9d.default\cookies.txt -> TrackingCookie.Zedo : Cleaned. :mozilla.136:\RECYCLER\S-1-5-21-2067689471-534587028-3215152666-500\Dd56\Application Data\Mozilla\Firefox\Profiles\y2mp4w9d.default\cookies.txt -> TrackingCookie.Zedo : Cleaned. :mozilla.824:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\m6482rnr.default\cookies.txt -> TrackingCookie.Zedo : Cleaned. :mozilla.825:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\m6482rnr.default\cookies.txt -> TrackingCookie.Zedo : Cleaned. :mozilla.826:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\m6482rnr.default\cookies.txt -> TrackingCookie.Zedo : Cleaned. C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP71\A0019316.exe -> Trojan.ProcKill.DJ : Cleaned. C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP71\A0019322.exe -> Trojan.ProcKill.DJ : Cleaned. C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP71\A0019323.exe -> Trojan.ProcKill.DJ : Cleaned. C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP71\A0019342.exe -> Trojan.ProcKill.DJ : Cleaned. C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP71\A0019343.exe -> Trojan.ProcKill.DJ : Cleaned. C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP71\A0019344.exe -> Trojan.ProcKill.DJ : Cleaned. C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP71\A0019463.exe -> Trojan.ProcKill.DJ : Cleaned. C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP71\A0019467.exe -> Trojan.ProcKill.DJ : Cleaned. C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP71\A0019468.exe -> Trojan.ProcKill.DJ : Cleaned. C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP71\A0019469.exe -> Trojan.ProcKill.DJ : Cleaned. D:\Documents and Settings\Chris\Local Settings\Temp\Temporary Internet Files\Content.IE5\1EFFTYZP\htozsp[1].htm -> Trojan.ProcKill.DJ : Cleaned. D:\Documents and Settings\Chris\Local Settings\Temp\Temporary Internet Files\Content.IE5\2R47MNIF\oaikjxxq[1].htm -> Trojan.ProcKill.DJ : Cleaned. D:\Documents and Settings\Chris\Local Settings\Temp\Temporary Internet Files\Content.IE5\61C5678J\jhqbhroln[1].htm -> Trojan.ProcKill.DJ : Cleaned. D:\Documents and Settings\Chris\Local Settings\Temp\Temporary Internet Files\Content.IE5\61C5678J\ucbacz[1].htm -> Trojan.ProcKill.DJ : Cleaned. C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00025.exe -> Trojan.Sinowal.ay : Cleaned. C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP71\A0019318.exe -> Trojan.Sinowal.ay : Cleaned. C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP71\A0019461.exe -> Trojan.Sinowal.ay : Cleaned. C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP72\A0019489.exe -> Trojan.Sinowal.ay : Cleaned. C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP71\A0019308.exe -> Trojan.Sinowal.az : Cleaned. C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP71\A0019387.exe -> Trojan.Sinowal.az : Cleaned. C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP71\A0019459.exe -> Trojan.Sinowal.az : Cleaned. D:\Documents and Settings\Chris\Local Settings\Temp\Temporary Internet Files\Content.IE5\1EFFTYZP\edyokhrbd[1].txt -> Trojan.Sinowal.az : Cleaned. C:\Program Files\Common Files\Microsoft Shared\Web Folders\__delete_on_reboot__i_b_m_0_0_0_2_5_._d_l_l_ -> Trojan.Sinowal.bc : Cleaned. C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00017.dll -> Trojan.Sinowal.bc : Cleaned. C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP71\A0019319.dll -> Trojan.Sinowal.bc : Cleaned. C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP71\A0019462.dll -> Trojan.Sinowal.bc : Cleaned. C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP72\A0019542.dll -> Trojan.Sinowal.bc : Cleaned. C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP73\A0021416.dll -> Trojan.Sinowal.bc : Cleaned. C:\Program Files\Common Files\Microsoft Shared\Web Folders\__delete_on_reboot__i_b_m_0_0_0_2_6_._d_l_l_ -> Trojan.Sinowal.bd : Cleaned. C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00016.dll -> Trojan.Sinowal.bd : Cleaned. C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00018.dll -> Trojan.Sinowal.bd : Cleaned. C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00020.dll -> Trojan.Sinowal.bd : Cleaned. C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00022.dll -> Trojan.Sinowal.bd : Cleaned. C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP71\A0019317.dll -> Trojan.Sinowal.bd : Cleaned. C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP71\A0019329.dll -> Trojan.Sinowal.bd : Cleaned. C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP71\A0019460.dll -> Trojan.Sinowal.bd : Cleaned. C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP73\A0021415.dll -> Trojan.Sinowal.bd : Cleaned. ::Report end ***** HJT ***** Logfile of HijackThis v1.99.1 Scan saved at 21:07:55, on 06/10/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\HPZipm12.exe C:\WINDOWS\system32\svchost.exe C:\PROGRA~1\COMMON~1\Stardock\SDMCP.exe C:\WINDOWS\Explorer.EXE C:\Program Files\LClock\LClock.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\system32\winlogon7.exe C:\dfndrff_e24.exe C:\kybrdff_e24.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe C:\Program Files\Common Files\{44A874C3-0BF3-2057-0830-05092905002c}\Update.exe C:\Program Files\PeerGuardian2\pg2.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\Program Files\WinRAR\WinRAR.exe D:\DOCUME~1\Chris\LOCALS~1\Temp\Rar$EX00.640\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.wanadoo.co.uk/iesearch/default.htm R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wanadoo.co.uk/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.wanadoo.co.uk R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Wanadoo O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll O3 - Toolbar: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - (no file) O3 - Toolbar: Wanadoo - {8B68564D-53FD-4293-B80C-993A9F3988EE} - C:\PROGRA~1\Wanadoo\WSBar\WSBar.dll (file missing) O3 - Toolbar: ToolBar888 - {C004DEC2-2623-438e-9CA2-C9043AB28508} - C:\Program Files\Common Files\{34A874C3-0BF4-2057-0830-05092905002c}\MyToolBar.dll O4 - HKLM\..\Run: [LClock] C:\Program Files\LClock\LClock.exe O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [explorer] D:\Documents and Settings\Chris\Yinstall.exe O4 - HKLM\..\Run: [SvcManager] winlogon7.exe O4 - HKLM\..\Run: [nwr66710] RUNDLL32.EXE w0027fe4.dll,n 0056670b0000000a0027fe4 O4 - HKLM\..\Run: [defender] C:\\dfndrff_e24.exe O4 - HKLM\..\Run: [keyboard] C:\\kybrdff_e24.exe O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [PeerGuardian] C:\Program Files\PeerGuardian2\pg2.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Search with Wanadoo - res://C:\PROGRA~1\Wanadoo\WSBar\WSBar.dll/VSearch.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=http://www.wanadoo.co.uk O16 - DPF: {E055C02E-6258-40FF-80A7-3BDA52FACAD7} (Installer Class) - http://activex.matcash.com/speedtest2.dll O17 - HKLM\System\CCS\Services\Tcpip\..\{A63F059F-F9E6-4A1A-A157-8813BE59A2FC}: NameServer = 195.92.195.95 195.92.195.94 O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O20 - Winlogon Notify: MCPClient - C:\PROGRA~1\COMMON~1\Stardock\mcpstub.dll O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\Q2hyaXM\command.exe (file missing) O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
Important: Your Java is out of date Download the latest version of [bold]Java Runtime Environment (JRE) 5.0 Update 9[/bold] here http://java.sun.com/javase/downloads/index.jsp Go to add/remove programs and remove all previous versions of java and install the latest one you've downloaded. 1. Download combofix from one of these two sites: http://download.bleepingcomputer.com/sUBs/combofix.exe http://www.techsupportforum.com/sectools/combofix.exe 2. Double click combofix.exe & follow the prompts. 3. When finished, it shall produce a log for you. Post that log in your next reply with a new HJT log. Note: Do not mouseclick combofix's window while it's running. That may cause it to stall.
Chris - 06-10-07 10:35:39.32 Service Pack 2 ComboFix 06.09.28 - Running from: "D:\Documents and Settings\Chris\Desktop" (((((((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) C:\dfndrff_e24.exe C:\kybrdff_e24.exe C:\MTE3NDI6ODoxNgnew.exe C:\MTE3NDI6ODoxNgV2.exe C:\RDFX4.exe C:\Program Files\Deskbar C:\Program Files\Common Files\{34A874C3-0BF3-2057-0830-05092905002c} C:\Program Files\Common Files\{34A874C3-0BF4-2057-0830-05092905002c} C:\Program Files\Common Files\{44A874C3-0BF3-2057-0830-05092905002c} C:\WINDOWS\Q2hyaXM C:\Program Files\Common Files\{44A874C3-0BF4-2057-0830-05092905002c} ((((((((((((((((((((((((((((((( Files Created from 2006-09-07 to 2006-10-07 )))))))))))))))))))))))))))))))))) 2006-10-06 19:46 3,968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys 2006-10-06 18:27 40,960 --a------ C:\WINDOWS\system32\svchost6.exe 2006-10-06 17:26 0 --a------ C:\tyeoh.exe 2006-10-06 17:24 0 --a------ C:\teqnsq.exe 2006-10-06 17:23 0 --a------ C:\pmmbhym.exe 2006-10-06 17:21 0 --a------ C:\otwlkons.exe 2006-10-06 17:18 0 --a------ C:\ffgwmpsk.exe 2006-10-06 16:36 115,947 --a------ C:\WINDOWS\system32\mny.exe 2006-10-06 16:36 115,712 --a------ C:\WINDOWS\system32\c.exe 2006-10-06 16:26 76,288 --a------ C:\ccreenfd.exe 2006-10-06 16:04 70,936 --a------ C:\WINDOWS\system32\lzx32.sys 2006-10-06 16:03 40,960 --a------ C:\WINDOWS\system32\winlogon7.exe 2006-10-06 09:40 40,960 --a------ C:\ufhkfrm.exe 2006-10-06 09:40 1,465 --a------ C:\fpkbgcl.exe 2006-10-06 09:39 76,288 --a------ C:\jyxpor.exe 2006-10-06 09:31 578,560 --a------ C:\Installer4.exe 2006-10-06 09:31 1,233 --a------ C:\WINDOWS\system32\nwr66710.sys 2006-10-06 09:30 77,312 --a------ C:\jttsdgjj.exe 2006-10-06 09:30 1,465 --a------ C:\ovvpecjh.exe 2006-09-17 15:07 44,114 --a------ C:\WINDOWS\BricoPackUninst.cmd 2006-09-17 15:06 3,038 --a------ C:\WINDOWS\BricoPackFoldersDelete.cmd 2006-09-14 20:01 24,816 --a------ C:\WINDOWS\system32\mdimon.dll (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))) Rootkit driver pe386 is present. A rootkit scan is required 2006-10-07 10:37 -------- d-------- C:\Program Files\Common Files 2006-10-07 10:37 -------- d-------- C:\Program Files\Common Files 2006-10-07 10:34 -------- d-------- C:\Program Files\Java 2006-10-07 10:34 -------- d-------- C:\Program Files\Java 2006-10-07 10:32 -------- d-------- C:\Program Files\Common Files\Java 2006-10-07 10:21 -------- d-------- C:\Program Files\PeerGuardian2 2006-10-07 10:21 -------- d-------- C:\Program Files\PeerGuardian2 2006-10-07 10:12 -------- d-------- C:\Program Files\Mozilla Firefox 2006-10-07 10:12 -------- d-------- C:\Program Files\Mozilla Firefox 2006-10-06 20:37 -------- d-------- C:\Program Files\Internet Explorer 2006-10-06 20:37 -------- d-------- C:\Program Files\Internet Explorer 2006-10-06 19:23 -------- d-------- C:\Program Files\Grisoft 2006-10-06 19:23 -------- d-------- C:\Program Files\Grisoft 2006-10-06 18:47 -------- d-------- C:\Program Files\MSN Messenger 2006-10-06 18:47 -------- d-------- C:\Program Files\MSN Messenger 2006-10-06 17:18 -------- d-------- C:\Program Files\Bit_Torrent 2006-10-06 17:18 -------- d-------- C:\Program Files\Bit_Torrent 2006-10-06 16:48 -------- d-------- C:\Program Files\CCleaner 2006-10-06 16:48 -------- d-------- C:\Program Files\CCleaner 2006-10-06 16:47 -------- d-------- C:\Program Files\Zone Labs 2006-10-06 16:47 -------- d-------- C:\Program Files\Zone Labs 2006-10-06 09:30 -------- d-------- C:\Program Files\Messenger 2006-10-06 09:30 -------- d-------- C:\Program Files\Messenger 2006-10-03 16:41 -------- d-------- C:\Program Files\Adobe 2006-10-03 16:41 -------- d-------- C:\Program Files\Adobe 2006-10-03 16:40 -------- d-------- C:\Program Files\Common Files\Adobe 2006-10-03 16:39 -------- d-------- C:\Program Files\Common Files\Adobe Systems Shared 2006-10-02 16:55 -------- d--h----- C:\Program Files\InstallShield Installation Information 2006-10-02 16:55 -------- d--h----- C:\Program Files\InstallShield Installation Information 2006-10-02 16:51 -------- d-------- C:\Program Files\QuickTime 2006-10-02 16:51 -------- d-------- C:\Program Files\QuickTime 2006-10-02 16:50 -------- d-------- C:\Program Files\iTunes 2006-10-02 16:50 -------- d-------- C:\Program Files\iTunes 2006-10-02 16:50 -------- d-------- C:\Program Files\iPod 2006-10-02 16:50 -------- d-------- C:\Program Files\iPod 2006-10-02 16:01 -------- d-------- C:\Program Files\Windows Media Player 2006-10-02 16:01 -------- d-------- C:\Program Files\Windows Media Player 2006-09-24 09:52 -------- d-------- C:\Program Files\Messenger Plus! Live 2006-09-24 09:52 -------- d-------- C:\Program Files\Messenger Plus! Live 2006-09-23 22:02 -------- d-------- C:\Program Files\Last.fm 2006-09-23 22:02 -------- d-------- C:\Program Files\Last.fm 2006-09-21 20:52 -------- d-------- C:\Program Files\mpegable 2006-09-21 20:52 -------- d-------- C:\Program Files\mpegable 2006-09-21 20:51 -------- d-------- C:\Program Files\Windows Media Connect 2 2006-09-21 20:51 -------- d-------- C:\Program Files\Windows Media Connect 2 2006-09-21 20:48 -------- d-------- C:\Program Files\Shareaza 2006-09-21 20:48 -------- d-------- C:\Program Files\Shareaza 2006-09-17 16:47 -------- d-------- C:\Program Files\Outlook Express 2006-09-17 16:47 -------- d-------- C:\Program Files\Outlook Express 2006-09-17 16:34 -------- d-------- C:\Program Files\Common Files\Microsoft Shared 2006-09-17 16:24 -------- d-------- C:\Program Files\Microsoft ActiveSync 2006-09-17 16:24 -------- d-------- C:\Program Files\Microsoft ActiveSync 2006-09-17 16:23 -------- d-------- C:\Program Files\Microsoft Office 2006-09-17 16:23 -------- d-------- C:\Program Files\Microsoft Office 2006-09-17 16:23 -------- d-------- C:\Program Files\Common Files\DESIGNER 2006-09-17 16:22 -------- d-------- C:\Program Files\Microsoft.NET 2006-09-17 16:22 -------- d-------- C:\Program Files\Microsoft.NET 2006-09-17 16:22 -------- d-------- C:\Program Files\Common Files\System 2006-09-17 16:22 -------- d-------- C:\Program Files\Common Files\ODBC 2006-09-17 15:25 -------- d-------- C:\Program Files\DivX 2006-09-17 15:25 -------- d-------- C:\Program Files\DivX 2006-09-17 15:25 -------- d-------- C:\Program Files\Common Files\aolshare 2006-09-17 15:25 -------- d-------- C:\Program Files\AOL 9.0 2006-09-17 15:25 -------- d-------- C:\Program Files\AOL 9.0 2006-09-14 19:58 -------- d-------- C:\Program Files\Microsoft Visual Studio 2006-09-14 19:58 -------- d-------- C:\Program Files\Microsoft Visual Studio 2006-09-13 19:03 -------- d-------- C:\Program Files\Warez 2006-09-13 19:03 -------- d-------- C:\Program Files\Warez 2006-08-28 09:24 -------- d-------- C:\Program Files\EA GAMES 2006-08-28 09:24 -------- d-------- C:\Program Files\EA GAMES 2006-08-27 17:24 -------- d-------- C:\Program Files\HiVision Multimedia 2006-08-27 17:24 -------- d-------- C:\Program Files\HiVision Multimedia 2006-08-26 22:57 -------- d-------- C:\Program Files\HP 2006-08-26 22:57 -------- d-------- C:\Program Files\HP 2006-08-26 22:57 -------- d-------- C:\Program Files\Common Files\HP 2006-08-26 22:56 -------- d-------- C:\Program Files\Hewlett-Packard 2006-08-26 22:56 -------- d-------- C:\Program Files\Hewlett-Packard 2006-08-26 22:56 -------- d-------- C:\Program Files\Common Files\Hewlett-Packard 2006-08-24 22:42 8704 --a------ C:\WINDOWS\system32\wdfmgr.exe 2006-08-24 22:42 8704 --a------ C:\WINDOWS\system32\uwdf.exe 2006-08-24 22:30 99840 --a------ C:\WINDOWS\system32\wmpshell.dll 2006-08-24 22:30 990208 --a------ C:\WINDOWS\system32\drmv2clt.dll 2006-08-24 22:30 937984 --a------ C:\WINDOWS\system32\WMNetMgr.dll 2006-08-24 22:30 8337920 --a------ C:\WINDOWS\system32\wmploc.dll 2006-08-24 22:30 790016 --------- C:\WINDOWS\system32\WMVSENCD.dll 2006-08-24 22:30 757248 --a------ C:\WINDOWS\system32\WMADMOD.dll 2006-08-24 22:30 7168 --a------ C:\WINDOWS\system32\asferror.dll 2006-08-24 22:30 656896 --------- C:\WINDOWS\system32\WMVXENCD.dll 2006-08-24 22:30 63488 --a------ C:\WINDOWS\system32\wpdmtpus.dll 2006-08-24 22:30 629760 --a------ C:\WINDOWS\system32\wpd_ci.dll 2006-08-24 22:30 611840 --------- C:\WINDOWS\system32\wmpmde.dll 2006-08-24 22:30 603648 --a------ C:\WINDOWS\system32\WMSPDMOD.dll 2006-08-24 22:30 537600 --a------ C:\WINDOWS\system32\blackbox.dll 2006-08-24 22:30 532992 --------- C:\WINDOWS\system32\wmdrmsdk.dll 2006-08-24 22:30 428032 --a------ C:\WINDOWS\system32\wmdrmdev.dll 2006-08-24 22:30 414208 --a------ C:\WINDOWS\system32\msscp.dll 2006-08-24 22:30 4096 --a------ C:\WINDOWS\system32\wmvdmoe2.dll 2006-08-24 22:30 4096 --a------ C:\WINDOWS\system32\wmvdmod.dll 2006-08-24 22:30 4096 --a------ C:\WINDOWS\system32\WMVADVE.DLL 2006-08-24 22:30 4096 --a------ C:\WINDOWS\system32\WMVADVD.dll 2006-08-24 22:30 4096 --a------ C:\WINDOWS\system32\wmsdmoe2.dll 2006-08-24 22:30 4096 --a------ C:\WINDOWS\system32\wmsdmod.dll 2006-08-24 22:30 4096 --a------ C:\WINDOWS\system32\wdfapi.dll 2006-08-24 22:30 4096 --a------ C:\WINDOWS\system32\MPG4DMOD.dll 2006-08-24 22:30 4096 --a------ C:\WINDOWS\system32\MP4SDMOD.dll 2006-08-24 22:30 4096 --a------ C:\WINDOWS\system32\MP43DMOD.dll 2006-08-24 22:30 37376 --a------ C:\WINDOWS\system32\wmdmps.dll 2006-08-24 22:30 35840 --a------ C:\WINDOWS\system32\wpdconns.dll 2006-08-24 22:30 349184 --a------ C:\WINDOWS\system32\wpdsp.dll 2006-08-24 22:30 347648 --a------ C:\WINDOWS\system32\wmdrmnet.dll 2006-08-24 22:30 33792 --a------ C:\WINDOWS\system32\wmdmlog.dll 2006-08-24 22:30 320512 --a------ C:\WINDOWS\system32\mswmdm.dll 2006-08-24 22:30 316928 --------- C:\WINDOWS\system32\MP4SDECD.dll 2006-08-24 22:30 314368 --a------ C:\WINDOWS\system32\wmpdxm.dll 2006-08-24 22:30 305152 --------- C:\WINDOWS\system32\MSDelta.dll 2006-08-24 22:30 295424 --------- C:\WINDOWS\system32\wmpeffects.dll 2006-08-24 22:30 284160 --------- C:\WINDOWS\system32\PortableDeviceApi.dll 2006-08-24 22:30 276480 --a------ C:\WINDOWS\system32\audiodev.dll 2006-08-24 22:30 27648 --a------ C:\WINDOWS\system32\mspmsnsv.dll 2006-08-24 22:30 259072 --------- C:\WINDOWS\system32\MPG4DECD.dll 2006-08-24 22:30 2589184 --------- C:\WINDOWS\system32\WpdShext.dll 2006-08-24 22:30 258560 --------- C:\WINDOWS\system32\MP43DECD.dll 2006-08-24 22:30 2450944 --a------ C:\WINDOWS\system32\wmvcore.dll 2006-08-24 22:30 242176 --a------ C:\WINDOWS\system32\wmpasf.dll 2006-08-24 22:30 228352 --a------ C:\WINDOWS\system32\cewmdm.dll 2006-08-24 22:30 227328 --a------ C:\WINDOWS\system32\wmerror.dll 2006-08-24 22:30 222208 --a------ C:\WINDOWS\system32\WMASF.dll 2006-08-24 22:30 211968 --------- C:\WINDOWS\system32\MFPLAT.dll 2006-08-24 22:30 210432 --a------ C:\WINDOWS\system32\qasf.dll 2006-08-24 22:30 204800 --a------ C:\WINDOWS\system32\wmpsrcwp.dll 2006-08-24 22:30 198144 --------- C:\WINDOWS\system32\PortableDeviceWMDRM.dll 2006-08-24 22:30 179712 --a------ C:\WINDOWS\system32\msnetobj.dll 2006-08-24 22:30 175104 --a------ C:\WINDOWS\system32\mspmsp.dll 2006-08-24 22:30 166912 --------- C:\WINDOWS\system32\PortableDeviceTypes.dll 2006-08-24 22:30 1660416 --a------ C:\WINDOWS\system32\wmpencen.dll 2006-08-24 22:30 157184 --a------ C:\WINDOWS\system32\wmidx.dll 2006-08-24 22:30 154624 --a------ C:\WINDOWS\system32\wpdmtp.dll 2006-08-24 22:30 1539584 --------- C:\WINDOWS\system32\WMVDECOD.dll 2006-08-24 22:30 1532416 --------- C:\WINDOWS\system32\WMVENCOD.dll 2006-08-24 22:30 1392128 --------- C:\WINDOWS\system32\WMVSDECD.dll 2006-08-24 22:30 133120 --------- C:\WINDOWS\system32\WPDShServiceObj.dll 2006-08-24 22:30 1327616 --a------ C:\WINDOWS\system32\WMSPDMOE.dll 2006-08-24 22:30 132096 --------- C:\WINDOWS\system32\PortableDeviceWiaCompat.dll 2006-08-24 22:30 130048 --------- C:\WINDOWS\system32\wmpps.dll 2006-08-24 22:30 11264 --a------ C:\WINDOWS\system32\LAPRXY.dll 2006-08-24 22:30 1118208 --a------ C:\WINDOWS\system32\WMADMOE.dll 2006-08-24 22:30 101888 --------- C:\WINDOWS\system32\PortableDeviceClassExtension.dll 2006-08-24 20:31 100864 --a------ C:\WINDOWS\system32\logagent.exe 2006-08-24 20:27 249344 --------- C:\WINDOWS\system32\drmupgds.exe 2006-08-24 20:26 95288 --------- C:\WINDOWS\system32\WUDFCoinstaller.dll 2006-08-24 20:26 38656 --a------ C:\WINDOWS\system32\drivers\wpdusb.sys 2006-08-24 20:26 17408 --------- C:\WINDOWS\system32\wpdshextautoplay.exe 2006-08-24 19:22 90112 --------- C:\WINDOWS\system32\drivers\WudfRd.sys 2006-08-24 19:19 316416 --------- C:\WINDOWS\system32\WUDFx.dll 2006-08-24 19:19 145920 --------- C:\WINDOWS\system32\WudfHost.exe 2006-08-24 19:18 84864 --------- C:\WINDOWS\system32\drivers\WudfPf.sys 2006-08-24 19:18 56320 --------- C:\WINDOWS\system32\WudfSvc.dll 2006-08-24 19:18 168448 --------- C:\WINDOWS\system32\WudfPlatform.dll 2006-08-23 23:12 218624 --a------ C:\WINDOWS\system32\uxtheme.dll 2006-08-23 23:12 -------- d-------- C:\Program Files\LClock 2006-08-23 23:12 -------- d-------- C:\Program Files\LClock 2006-08-23 23:12 -------- d-------- C:\Program Files\Glass2k 2006-08-23 23:12 -------- d-------- C:\Program Files\Glass2k 2006-08-21 13:21 16896 --a------ C:\WINDOWS\system32\fltlib.dll 2006-08-21 10:14 23040 --a------ C:\WINDOWS\system32\fltmc.exe 2006-08-21 10:14 128896 --a------ C:\WINDOWS\system32\drivers\fltmgr.sys 2006-08-14 16:55 -------- d--h----- C:\Program Files\BitLord 2006-08-14 16:55 -------- d--h----- C:\Program Files\BitLord 2006-08-11 11:29 60416 --a------ C:\WINDOWS\system32\rbap350.dll 2006-08-11 11:29 54784 --a------ C:\WINDOWS\system32\RBQT350.DLL 2006-08-11 11:29 39936 --a------ C:\WINDOWS\system32\RBShell350.dll 2006-08-11 11:29 25600 --a------ C:\WINDOWS\system32\ecryptstrong.dll 2006-08-11 11:29 18944 --a------ C:\WINDOWS\system32\ecrypt.dll 2006-08-11 11:29 170496 --a------ C:\WINDOWS\system32\plugin.dll 2006-08-11 11:29 105472 --a------ C:\WINDOWS\system32\charset.dll 2006-08-10 19:11 -------- d-------- C:\Program Files\VideoLAN 2006-08-10 19:11 -------- d-------- C:\Program Files\VideoLAN 2006-08-10 18:56 47104 --------- C:\WINDOWS\AKDeInstall.exe 2006-08-10 17:29 -------- d-------- C:\Program Files\AC3Filter 2006-08-10 17:29 -------- d-------- C:\Program Files\AC3Filter 2006-08-09 19:59 -------- d-------- C:\Program Files\WinRAR 2006-08-09 19:59 -------- d-------- C:\Program Files\WinRAR 2006-08-08 20:33 -------- d-------- C:\Program Files\Nokia 2006-08-08 20:33 -------- d-------- C:\Program Files\Nokia 2006-08-08 20:30 -------- d-------- C:\Program Files\DIFX 2006-08-08 20:30 -------- d-------- C:\Program Files\DIFX 2006-08-08 20:30 -------- d-------- C:\Program Files\Common Files\PCSuite 2006-08-08 20:30 -------- d-------- C:\Program Files\Common Files\Nokia 2006-08-08 19:28 -------- d-------- C:\Program Files\SpywareBlaster 2006-08-08 19:28 -------- d-------- C:\Program Files\SpywareBlaster 2006-08-08 19:20 -------- d-------- C:\Program Files\WinCleaner Memory Optimizer 2006-08-08 19:20 -------- d-------- C:\Program Files\WinCleaner Memory Optimizer 2006-08-08 19:18 -------- d-------- C:\Program Files\Advanced System Optimizer 2006-08-08 19:18 -------- d-------- C:\Program Files\Advanced System Optimizer 2006-08-07 19:43 -------- d-------- C:\Program Files\Stardock 2006-08-07 19:43 -------- d-------- C:\Program Files\Stardock 2006-08-07 19:43 -------- d-------- C:\Program Files\Common Files\stardock 2006-08-06 13:35 0 -rahs---- C:\MSDOS.SYS 2006-08-06 13:35 0 -rahs---- C:\IO.SYS 2006-07-29 19:32 48936 --a------ C:\WINDOWS\system32\sirenacm.dll 2006-07-27 14:24 679424 --a------ C:\WINDOWS\system32\inetcomm.dll 2006-07-27 03:05 73728 --a------ C:\WINDOWS\system32\dpl100.dll 2006-07-27 03:05 3596288 --a------ C:\WINDOWS\system32\qt-dx331.dll 2006-07-27 03:05 192512 --a------ C:\WINDOWS\system32\dtu100.dll 2006-07-27 03:05 109568 --------- C:\WINDOWS\system32\pxinsi64.exe 2006-07-27 03:05 108544 --------- C:\WINDOWS\system32\pxcpyi64.exe 2006-07-21 09:24 72704 --a------ C:\WINDOWS\system32\hlink.dll (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries are not shown [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MsnMsgr"="\"C:\\Program Files\\MSN Messenger\\MsnMsgr.Exe\" /background" "PeerGuardian"="C:\\Program Files\\PeerGuardian2\\pg2.exe" "ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "LClock"="C:\\Program Files\\LClock\\LClock.exe" "iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\"" "QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime" "SvcManager"="winlogon7.exe" "nwr66710"="RUNDLL32.EXE w0027fe4.dll,n 0056670b0000000a0027fe4" "Zone Labs Client"="\"C:\\Program Files\\Zone Labs\\ZoneAlarm\\zlclient.exe\"" "!AVG Anti-Spyware"="\"C:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized" "SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.5.0_09\\bin\\jusched.exe\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL] "Installed"="1" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI] "Installed"="1" "NoChange"="1" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS] "Installed"="1" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components] "DeskHtmlVersion"=dword:00000110 "DeskHtmlMinorVersion"=dword:00000005 "Settings"=dword:00000001 "GeneralFlags"=dword:00000001 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components\0] "Source"="About:Home" "SubscribedURL"="About:Home" "FriendlyName"="My Current Home Page" "Flags"=dword:00000002 "Position"=hex:2c,00,00,00,00,01,00,00,00,00,00,00,00,04,00,00,e2,03,00,00,00,\ 00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00 "CurrentState"=hex:04,00,00,40 "OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\ ff,ff,04,00,00,00 "RestoredStateInfo"=hex:18,00,00,00,6a,02,00,00,23,00,00,00,a4,00,00,00,9a,00,\ 00,00,01,00,00,00 [HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE" [HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Runonce] "RunNarrator"="" [HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE" [HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Runonce] "RunNarrator"="" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\shellexecutehooks] "{AEB6717E-7E19-11d0-97EE-00C04FD91972}"="" "{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer] "NoDriveTypeAutoRun"=dword:00000091 "NoRecentDocsHistory"=dword:00000001 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system] "dontdisplaylastusername"=dword:00000000 "legalnoticecaption"="" "legalnoticetext"="" "shutdownwithoutlogon"=dword:00000001 "undockwithoutlogon"=dword:00000001 [HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer] "NoDriveTypeAutoRun"=dword:00000091 "CDRAutoRun"=dword:00000000 [HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer] "NoDriveTypeAutoRun"=dword:00000091 "CDRAutoRun"=dword:00000000 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] "0aMCPClient"="{F5DF91F9-15E9-416B-A7C3-7519B11ECBFC}" "PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}" "CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}" "WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}" "SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}" "WPDShServiceObj"="{AAA288BA-9A4C-45B0-95D7-94D524869DB5}" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupfolder] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupfolder\D:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk] "path"="D:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\HP Digital Imaging Monitor.lnk" "backup"="C:\\WINDOWS\\pss\\HP Digital Imaging Monitor.lnkCommon Startup" "location"="Common Startup" "command"="C:\\PROGRA~1\\HP\\DIGITA~1\\bin\\hpqtra08.exe " "item"="HP Digital Imaging Monitor" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupfolder\D:^Documents and Settings^All Users^Start Menu^Programs^Startup^Privoxy.lnk] "path"="D:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Privoxy.lnk" "backup"="C:\\WINDOWS\\pss\\Privoxy.lnkCommon Startup" "location"="Common Startup" "command"="C:\\PROGRA~1\\Privoxy\\privoxy.exe " "item"="Privoxy" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupfolder\D:^Documents and Settings^All Users^Start Menu^Programs^Startup^Remote Control.lnk] "path"="D:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Remote Control.lnk" "backup"="C:\\WINDOWS\\pss\\Remote Control.lnkCommon Startup" "location"="Common Startup" "command"="C:\\PROGRA~1\\HIVISI~1\\DVB-T1~1\\DVBTRCtl.EXE " "item"="Remote Control" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\Alcmtr] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="ALCMTR" "hkey"="HKLM" "command"="ALCMTR.EXE" "inimapping"="0" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\AlcWzrd] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="ALCWZRD" "hkey"="HKLM" "command"="ALCWZRD.EXE" "inimapping"="0" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\ccApp] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="ccApp" "hkey"="HKLM" "command"="\"C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\"" "inimapping"="0" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\DTVR Agent] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="Scheduled" "hkey"="HKLM" "command"="C:\\Program Files\\HiVision Multimedia\\DVB-T PLUS\\DTVR\\Scheduled.exe" "inimapping"="0" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\EmailChecker] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="ech" "hkey"="HKLM" "command"="C:\\APPS\\EmailChecker\\ech.exe" "inimapping"="0" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\High Definition Audio Property Page Shortcut] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="HDAudPropShortcut" "hkey"="HKLM" "command"="HDAudPropShortcut.exe" "inimapping"="0" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\HP Software Update] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="HPWuSchd2" "hkey"="HKLM" "command"="C:\\Program Files\\HP\\HP Software Update\\HPWuSchd2.exe" "inimapping"="0" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\IMJPMIG8.1] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="IMJPMIG" "hkey"="HKLM" "command"="\"C:\\WINDOWS\\IME\\imjp8_1\\IMJPMIG.EXE\" /Spoil /RemAdvDef /Migration32" "inimapping"="0" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\IS CfgWiz] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="cfgwiz" "hkey"="HKLM" "command"="C:\\Program Files\\Norton Internet Security\\cfgwiz.exe /GUID {257BBC47-1B26-432e-9F84-188603799DD3} /MODE CfgWiz /CMDLINE \"REBOOT\"" "inimapping"="0" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\NvCplDaemon] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="NvCpl" "hkey"="HKLM" "command"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup" "inimapping"="0" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\NvMediaCenter] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="NvMcTray" "hkey"="HKLM" "command"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvMcTray.dll,NvTaskbarInit" "inimapping"="0" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\nwiz] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="nwiz" "hkey"="HKLM" "command"="nwiz.exe /install" "inimapping"="0" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\PCMService] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="PCMService" "hkey"="HKLM" "command"="\"c:\\Apps\\Powercinema\\PCMService.exe\"" "inimapping"="0" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\PCSuiteTrayApplication] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="LAUNCH~1" "hkey"="HKLM" "command"="C:\\PROGRA~1\\Nokia\\NOKIAP~1\\LAUNCH~1.EXE -startup" "inimapping"="0" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\PcSync] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="PcSync2" "hkey"="HKCU" "command"="C:\\Program Files\\Nokia\\Nokia PC Suite 6\\PcSync2.exe /NoDialog" "inimapping"="0" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\PHIME2002A] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="TINTSETP" "hkey"="HKLM" "command"="C:\\WINDOWS\\system32\\IME\\TINTLGNT\\TINTSETP.EXE /IMEName" "inimapping"="0" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\PHIME2002ASync] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="TINTSETP" "hkey"="HKLM" "command"="C:\\WINDOWS\\system32\\IME\\TINTLGNT\\TINTSETP.EXE /SYNC" "inimapping"="0" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\RoxioDragToDisc] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="DrgToDsc" "hkey"="HKLM" "command"="\"C:\\Program Files\\Roxio\\Easy Media Creator 7\\Drag to Disc\\DrgToDsc.exe\"" "inimapping"="0" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\SoundMan] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="SOUNDMAN" "hkey"="HKLM" "command"="SOUNDMAN.EXE" "inimapping"="0" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\SpeedTouch USB Diagnostics] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="Dragdiag" "hkey"="HKLM" "command"="\"C:\\Program Files\\Thomson\\SpeedTouch USB\\Dragdiag.exe\" /icon" "inimapping"="0" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\SSC_UserPrompt] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="UsrPrmpt" "hkey"="HKLM" "command"="C:\\Program Files\\Common Files\\Symantec Shared\\Security Center\\UsrPrmpt.exe" "inimapping"="0" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\SunJavaUpdateSched] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="jusched" "hkey"="HKLM" "command"="C:\\Program Files\\Java\\jre1.5.0_02\\bin\\jusched.exe" "inimapping"="0" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\TkBellExe] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="realsched" "hkey"="HKLM" "command"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot" "inimapping"="0" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\Ulead AutoDetector v2] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="monitor" "hkey"="HKLM" "command"="C:\\Program Files\\Common Files\\Ulead Systems\\AutoDetector\\monitor.exe" "inimapping"="0" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\Warez] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="Warez" "hkey"="HKCU" "command"="\"C:\\Program Files\\Warez\\Warez.exe\" /minimized" "inimapping"="0" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\WinMem] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="WinMemOpt" "hkey"="HKCU" "command"="C:\\Program Files\\WinCleaner Memory Optimizer\\WinMemOpt.exe" "inimapping"="0" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\services] "UleadBurningHelper"=dword:00000002 "SPBBCSvc"=dword:00000003 "SNDSrvc"=dword:00000003 "ServiceLayer"=dword:00000003 "SAVScan"=dword:00000003 "NVSvc"=dword:00000002 "navapsvc"=dword:00000002 "ISSVC"=dword:00000003 "GenericHidService"=dword:00000002 "CyberLink Media Library Service"=dword:00000002 "CLSched"=dword:00000002 "CLCapSvc"=dword:00000002 "ccSetMgr"=dword:00000002 "ccPwdSvc"=dword:00000003 "ccProxy"=dword:00000002 "ccEvtMgr"=dword:00000002 "AOL ACS"=dword:00000002 HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\MCPClient HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders securityproviders REG_SZ msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll Contents of the 'Scheduled Tasks' folder C:\WINDOWS\tasks\At1.job C:\WINDOWS\tasks\Setup my PC.job C:\WINDOWS\tasks\Symantec NetDetect.job C:\WINDOWS\tasks\WebReg psc 1500 series.job Completion time: 07/10/2006 10:38:20.98 ComboFix.txt ****** Logfile of HijackThis v1.99.1 Scan saved at 10:42:24, on 07/10/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\PROGRA~1\COMMON~1\Stardock\SDMCP.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\HPZipm12.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\Program Files\LClock\LClock.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\system32\winlogon7.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe C:\Program Files\MSN Messenger\MsnMsgr.Exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\WinRAR\WinRAR.exe D:\DOCUME~1\Chris\LOCALS~1\Temp\Rar$EX00.406\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.wanadoo.co.uk/iesearch/default.htm R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wanadoo.co.uk/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.wanadoo.co.uk R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Wanadoo O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll O4 - HKLM\..\Run: [LClock] C:\Program Files\LClock\LClock.exe O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [SvcManager] winlogon7.exe O4 - HKLM\..\Run: [nwr66710] RUNDLL32.EXE w0027fe4.dll,n 0056670b0000000a0027fe4 O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe" O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [PeerGuardian] C:\Program Files\PeerGuardian2\pg2.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Search with Wanadoo - res://C:\PROGRA~1\Wanadoo\WSBar\WSBar.dll/VSearch.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\npjpi150_09.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\npjpi150_09.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=http://www.wanadoo.co.uk O16 - DPF: {E055C02E-6258-40FF-80A7-3BDA52FACAD7} (Installer Class) - http://activex.matcash.com/speedtest2.dll O17 - HKLM\System\CCS\Services\Tcpip\..\{A63F059F-F9E6-4A1A-A157-8813BE59A2FC}: NameServer = 195.92.195.94 195.92.195.95 O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O20 - Winlogon Notify: MCPClient - C:\PROGRA~1\COMMON~1\Stardock\mcpstub.dll O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe Everything seems to be working pretty wwell now thanks guys, VERY much appreciated!
You have a rootkit infection, let's try some things now to get rid of that. Your hijackthis.exe is running from a temp folder Find your hijackthis.exe here D:\DOCUME~1\Chris\LOCALS~1\Temp\Rar$EX00.406\[bold]HijackThis.exe [/bold] Create a new permanent folder such as [bold]C:\HJT\ [/bold] then move your hijackthis.exe in there. Next run Hijackthis and "Do a system scan only" place a check beside these [bold]O4 - HKLM\..\Run: [SvcManager] winlogon7.exe O4 - HKLM\..\Run: [nwr66710] RUNDLL32.EXE w0027fe4.dll,n 0056670b0000000a0027fe4 [/bold] make sure all other windows are closed and click [bold]fix checked[/bold] Please download The Avenger by Swandog46 to your Desktop. http://swandog46.geekstogo.com/avenger.zip Click on Avenger.zip to open the file Extract avenger.exe to your desktop 2. Copy all the text in bold contained [bold]inside[/bold] the 2 lines below to your Clipboard by highlighting it and pressing (Ctrl+C): ___________________________________________ [bold]Drivers to unload: pe386[/bold] ________________________________________________ Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system. 3. Now, start The Avenger program by clicking on its icon on your desktop. Under "Script file to execute" choose "Input Script Manually". Now click on the Magnifying Glass icon which will open a new window titled "View/edit script" Paste the text copied to clipboard into this window by pressing (Ctrl+V). Click Done Now click on the Green Light to begin execution of the script Answer "Yes" twice when prompted. 4. The Avenger will automatically do the following: It will Restart your computer. ( In cases where the code to execute contains "Drivers to Unload", The Avenger will actually restart your system twice.) On reboot, it will briefly open a black command window on your desktop, this is normal. After the restart, it creates a log file that should open with the results of Avenger’s actions. This log file will be located at C:\avenger.txt The Avenger will also have backed up all the files, etc., that you asked it to delete, and will have zipped them and moved the zip archives to C:\avenger\backup.zip. 5. Please copy/paste the content of c:\avenger.txt into your reply. Run combofix again and post that log also.
Avenger didnt leave a report, or text file of any kind. :s Chris - 06-10-07 18:35:10.32 Service Pack 2 ComboFix 06.09.28 - Running from: "D:\Documents and Settings\Chris\Desktop" ((((((((((((((((((((((((((((((( Files Created from 2006-09-07 to 2006-10-07 )))))))))))))))))))))))))))))))))) 2006-10-07 18:34 0 --a------ C:\backup.reg 2006-10-07 18:15 96 --a------ C:\avexport.bat 2006-10-07 18:15 336 --a------ C:\reboot.bat 2006-10-07 18:15 19,814 --a------ C:\reboot.exe 2006-10-07 18:15 126,976 --a------ C:\zip.exe 2006-10-06 19:46 3,968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys 2006-10-06 18:27 40,960 --a------ C:\WINDOWS\system32\svchost6.exe 2006-10-06 17:26 0 --a------ C:\tyeoh.exe 2006-10-06 17:24 0 --a------ C:\teqnsq.exe 2006-10-06 17:23 0 --a------ C:\pmmbhym.exe 2006-10-06 17:21 0 --a------ C:\otwlkons.exe 2006-10-06 17:18 0 --a------ C:\ffgwmpsk.exe 2006-10-06 16:36 115,947 --a------ C:\WINDOWS\system32\mny.exe 2006-10-06 16:36 115,712 --a------ C:\WINDOWS\system32\c.exe 2006-10-06 16:26 76,288 --a------ C:\ccreenfd.exe 2006-10-06 16:04 70,936 --a------ C:\WINDOWS\system32\lzx32.sys 2006-10-06 16:03 40,960 --a------ C:\WINDOWS\system32\winlogon7.exe 2006-10-06 09:40 40,960 --a------ C:\ufhkfrm.exe 2006-10-06 09:40 1,465 --a------ C:\fpkbgcl.exe 2006-10-06 09:39 76,288 --a------ C:\jyxpor.exe 2006-10-06 09:31 578,560 --a------ C:\Installer4.exe 2006-10-06 09:31 1,233 --a------ C:\WINDOWS\system32\nwr66710.sys 2006-10-06 09:30 77,312 --a------ C:\jttsdgjj.exe 2006-10-06 09:30 1,465 --a------ C:\ovvpecjh.exe 2006-09-17 15:07 44,114 --a------ C:\WINDOWS\BricoPackUninst.cmd 2006-09-17 15:06 3,038 --a------ C:\WINDOWS\BricoPackFoldersDelete.cmd 2006-09-14 20:01 24,816 --a------ C:\WINDOWS\system32\mdimon.dll (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))) 2006-10-07 18:34 -------- d-------- C:\Program Files\PeerGuardian2 2006-10-07 18:34 -------- d-------- C:\Program Files\PeerGuardian2 2006-10-07 18:13 -------- d-------- C:\Program Files\Mozilla Firefox 2006-10-07 18:13 -------- d-------- C:\Program Files\Mozilla Firefox 2006-10-07 10:37 -------- d-------- C:\Program Files\Common Files 2006-10-07 10:37 -------- d-------- C:\Program Files\Common Files 2006-10-07 10:34 -------- d-------- C:\Program Files\Java 2006-10-07 10:34 -------- d-------- C:\Program Files\Java 2006-10-07 10:32 -------- d-------- C:\Program Files\Common Files\Java 2006-10-06 20:37 -------- d-------- C:\Program Files\Internet Explorer 2006-10-06 20:37 -------- d-------- C:\Program Files\Internet Explorer 2006-10-06 19:23 -------- d-------- C:\Program Files\Grisoft 2006-10-06 19:23 -------- d-------- C:\Program Files\Grisoft 2006-10-06 18:47 -------- d-------- C:\Program Files\MSN Messenger 2006-10-06 18:47 -------- d-------- C:\Program Files\MSN Messenger 2006-10-06 17:18 -------- d-------- C:\Program Files\Bit_Torrent 2006-10-06 17:18 -------- d-------- C:\Program Files\Bit_Torrent 2006-10-06 16:48 -------- d-------- C:\Program Files\CCleaner 2006-10-06 16:48 -------- d-------- C:\Program Files\CCleaner 2006-10-06 16:47 -------- d-------- C:\Program Files\Zone Labs 2006-10-06 16:47 -------- d-------- C:\Program Files\Zone Labs 2006-10-06 09:30 -------- d-------- C:\Program Files\Messenger 2006-10-06 09:30 -------- d-------- C:\Program Files\Messenger 2006-10-03 16:41 -------- d-------- C:\Program Files\Adobe 2006-10-03 16:41 -------- d-------- C:\Program Files\Adobe 2006-10-03 16:40 -------- d-------- C:\Program Files\Common Files\Adobe 2006-10-03 16:39 -------- d-------- C:\Program Files\Common Files\Adobe Systems Shared 2006-10-02 16:55 -------- d--h----- C:\Program Files\InstallShield Installation Information 2006-10-02 16:55 -------- d--h----- C:\Program Files\InstallShield Installation Information 2006-10-02 16:51 -------- d-------- C:\Program Files\QuickTime 2006-10-02 16:51 -------- d-------- C:\Program Files\QuickTime 2006-10-02 16:50 -------- d-------- C:\Program Files\iTunes 2006-10-02 16:50 -------- d-------- C:\Program Files\iTunes 2006-10-02 16:50 -------- d-------- C:\Program Files\iPod 2006-10-02 16:50 -------- d-------- C:\Program Files\iPod 2006-10-02 16:01 -------- d-------- C:\Program Files\Windows Media Player 2006-10-02 16:01 -------- d-------- C:\Program Files\Windows Media Player 2006-09-24 09:52 -------- d-------- C:\Program Files\Messenger Plus! Live 2006-09-24 09:52 -------- d-------- C:\Program Files\Messenger Plus! Live 2006-09-23 22:02 -------- d-------- C:\Program Files\Last.fm 2006-09-23 22:02 -------- d-------- C:\Program Files\Last.fm 2006-09-21 20:52 -------- d-------- C:\Program Files\mpegable 2006-09-21 20:52 -------- d-------- C:\Program Files\mpegable 2006-09-21 20:51 -------- d-------- C:\Program Files\Windows Media Connect 2 2006-09-21 20:51 -------- d-------- C:\Program Files\Windows Media Connect 2 2006-09-21 20:48 -------- d-------- C:\Program Files\Shareaza 2006-09-21 20:48 -------- d-------- C:\Program Files\Shareaza 2006-09-17 16:47 -------- d-------- C:\Program Files\Outlook Express 2006-09-17 16:47 -------- d-------- C:\Program Files\Outlook Express 2006-09-17 16:34 -------- d-------- C:\Program Files\Common Files\Microsoft Shared 2006-09-17 16:24 -------- d-------- C:\Program Files\Microsoft ActiveSync 2006-09-17 16:24 -------- d-------- C:\Program Files\Microsoft ActiveSync 2006-09-17 16:23 -------- d-------- C:\Program Files\Microsoft Office 2006-09-17 16:23 -------- d-------- C:\Program Files\Microsoft Office 2006-09-17 16:23 -------- d-------- C:\Program Files\Common Files\DESIGNER 2006-09-17 16:22 -------- d-------- C:\Program Files\Microsoft.NET 2006-09-17 16:22 -------- d-------- C:\Program Files\Microsoft.NET 2006-09-17 16:22 -------- d-------- C:\Program Files\Common Files\System 2006-09-17 16:22 -------- d-------- C:\Program Files\Common Files\ODBC 2006-09-17 15:25 -------- d-------- C:\Program Files\DivX 2006-09-17 15:25 -------- d-------- C:\Program Files\DivX 2006-09-17 15:25 -------- d-------- C:\Program Files\Common Files\aolshare 2006-09-17 15:25 -------- d-------- C:\Program Files\AOL 9.0 2006-09-17 15:25 -------- d-------- C:\Program Files\AOL 9.0 2006-09-14 19:58 -------- d-------- C:\Program Files\Microsoft Visual Studio 2006-09-14 19:58 -------- d-------- C:\Program Files\Microsoft Visual Studio 2006-09-13 19:03 -------- d-------- C:\Program Files\Warez 2006-09-13 19:03 -------- d-------- C:\Program Files\Warez 2006-08-28 09:24 -------- d-------- C:\Program Files\EA GAMES 2006-08-28 09:24 -------- d-------- C:\Program Files\EA GAMES 2006-08-27 17:24 -------- d-------- C:\Program Files\HiVision Multimedia 2006-08-27 17:24 -------- d-------- C:\Program Files\HiVision Multimedia 2006-08-26 22:57 -------- d-------- C:\Program Files\HP 2006-08-26 22:57 -------- d-------- C:\Program Files\HP 2006-08-26 22:57 -------- d-------- C:\Program Files\Common Files\HP 2006-08-26 22:56 -------- d-------- C:\Program Files\Hewlett-Packard 2006-08-26 22:56 -------- d-------- C:\Program Files\Hewlett-Packard 2006-08-26 22:56 -------- d-------- C:\Program Files\Common Files\Hewlett-Packard 2006-08-24 22:42 8704 --a------ C:\WINDOWS\system32\wdfmgr.exe 2006-08-24 22:42 8704 --a------ C:\WINDOWS\system32\uwdf.exe 2006-08-24 22:30 99840 --a------ C:\WINDOWS\system32\wmpshell.dll 2006-08-24 22:30 990208 --a------ C:\WINDOWS\system32\drmv2clt.dll 2006-08-24 22:30 937984 --a------ C:\WINDOWS\system32\WMNetMgr.dll 2006-08-24 22:30 8337920 --a------ C:\WINDOWS\system32\wmploc.dll 2006-08-24 22:30 790016 --------- C:\WINDOWS\system32\WMVSENCD.dll 2006-08-24 22:30 757248 --a------ C:\WINDOWS\system32\WMADMOD.dll 2006-08-24 22:30 7168 --a------ C:\WINDOWS\system32\asferror.dll 2006-08-24 22:30 656896 --------- C:\WINDOWS\system32\WMVXENCD.dll 2006-08-24 22:30 63488 --a------ C:\WINDOWS\system32\wpdmtpus.dll 2006-08-24 22:30 629760 --a------ C:\WINDOWS\system32\wpd_ci.dll 2006-08-24 22:30 611840 --------- C:\WINDOWS\system32\wmpmde.dll 2006-08-24 22:30 603648 --a------ C:\WINDOWS\system32\WMSPDMOD.dll 2006-08-24 22:30 537600 --a------ C:\WINDOWS\system32\blackbox.dll 2006-08-24 22:30 532992 --------- C:\WINDOWS\system32\wmdrmsdk.dll 2006-08-24 22:30 428032 --a------ C:\WINDOWS\system32\wmdrmdev.dll 2006-08-24 22:30 414208 --a------ C:\WINDOWS\system32\msscp.dll 2006-08-24 22:30 4096 --a------ C:\WINDOWS\system32\wmvdmoe2.dll 2006-08-24 22:30 4096 --a------ C:\WINDOWS\system32\wmvdmod.dll 2006-08-24 22:30 4096 --a------ C:\WINDOWS\system32\WMVADVE.DLL 2006-08-24 22:30 4096 --a------ C:\WINDOWS\system32\WMVADVD.dll 2006-08-24 22:30 4096 --a------ C:\WINDOWS\system32\wmsdmoe2.dll 2006-08-24 22:30 4096 --a------ C:\WINDOWS\system32\wmsdmod.dll 2006-08-24 22:30 4096 --a------ C:\WINDOWS\system32\wdfapi.dll 2006-08-24 22:30 4096 --a------ C:\WINDOWS\system32\MPG4DMOD.dll 2006-08-24 22:30 4096 --a------ C:\WINDOWS\system32\MP4SDMOD.dll 2006-08-24 22:30 4096 --a------ C:\WINDOWS\system32\MP43DMOD.dll 2006-08-24 22:30 37376 --a------ C:\WINDOWS\system32\wmdmps.dll 2006-08-24 22:30 35840 --a------ C:\WINDOWS\system32\wpdconns.dll 2006-08-24 22:30 349184 --a------ C:\WINDOWS\system32\wpdsp.dll 2006-08-24 22:30 347648 --a------ C:\WINDOWS\system32\wmdrmnet.dll 2006-08-24 22:30 33792 --a------ C:\WINDOWS\system32\wmdmlog.dll 2006-08-24 22:30 320512 --a------ C:\WINDOWS\system32\mswmdm.dll 2006-08-24 22:30 316928 --------- C:\WINDOWS\system32\MP4SDECD.dll 2006-08-24 22:30 314368 --a------ C:\WINDOWS\system32\wmpdxm.dll 2006-08-24 22:30 305152 --------- C:\WINDOWS\system32\MSDelta.dll 2006-08-24 22:30 295424 --------- C:\WINDOWS\system32\wmpeffects.dll 2006-08-24 22:30 284160 --------- C:\WINDOWS\system32\PortableDeviceApi.dll 2006-08-24 22:30 276480 --a------ C:\WINDOWS\system32\audiodev.dll 2006-08-24 22:30 27648 --a------ C:\WINDOWS\system32\mspmsnsv.dll 2006-08-24 22:30 259072 --------- C:\WINDOWS\system32\MPG4DECD.dll 2006-08-24 22:30 2589184 --------- C:\WINDOWS\system32\WpdShext.dll 2006-08-24 22:30 258560 --------- C:\WINDOWS\system32\MP43DECD.dll 2006-08-24 22:30 2450944 --a------ C:\WINDOWS\system32\wmvcore.dll 2006-08-24 22:30 242176 --a------ C:\WINDOWS\system32\wmpasf.dll 2006-08-24 22:30 228352 --a------ C:\WINDOWS\system32\cewmdm.dll 2006-08-24 22:30 227328 --a------ C:\WINDOWS\system32\wmerror.dll 2006-08-24 22:30 222208 --a------ C:\WINDOWS\system32\WMASF.dll 2006-08-24 22:30 211968 --------- C:\WINDOWS\system32\MFPLAT.dll 2006-08-24 22:30 210432 --a------ C:\WINDOWS\system32\qasf.dll 2006-08-24 22:30 204800 --a------ C:\WINDOWS\system32\wmpsrcwp.dll 2006-08-24 22:30 198144 --------- C:\WINDOWS\system32\PortableDeviceWMDRM.dll 2006-08-24 22:30 179712 --a------ C:\WINDOWS\system32\msnetobj.dll 2006-08-24 22:30 175104 --a------ C:\WINDOWS\system32\mspmsp.dll 2006-08-24 22:30 166912 --------- C:\WINDOWS\system32\PortableDeviceTypes.dll 2006-08-24 22:30 1660416 --a------ C:\WINDOWS\system32\wmpencen.dll 2006-08-24 22:30 157184 --a------ C:\WINDOWS\system32\wmidx.dll 2006-08-24 22:30 154624 --a------ C:\WINDOWS\system32\wpdmtp.dll 2006-08-24 22:30 1539584 --------- C:\WINDOWS\system32\WMVDECOD.dll 2006-08-24 22:30 1532416 --------- C:\WINDOWS\system32\WMVENCOD.dll 2006-08-24 22:30 1392128 --------- C:\WINDOWS\system32\WMVSDECD.dll 2006-08-24 22:30 133120 --------- C:\WINDOWS\system32\WPDShServiceObj.dll 2006-08-24 22:30 1327616 --a------ C:\WINDOWS\system32\WMSPDMOE.dll 2006-08-24 22:30 132096 --------- C:\WINDOWS\system32\PortableDeviceWiaCompat.dll 2006-08-24 22:30 130048 --------- C:\WINDOWS\system32\wmpps.dll 2006-08-24 22:30 11264 --a------ C:\WINDOWS\system32\LAPRXY.dll 2006-08-24 22:30 1118208 --a------ C:\WINDOWS\system32\WMADMOE.dll 2006-08-24 22:30 101888 --------- C:\WINDOWS\system32\PortableDeviceClassExtension.dll 2006-08-24 20:31 100864 --a------ C:\WINDOWS\system32\logagent.exe 2006-08-24 20:27 249344 --------- C:\WINDOWS\system32\drmupgds.exe 2006-08-24 20:26 95288 --------- C:\WINDOWS\system32\WUDFCoinstaller.dll 2006-08-24 20:26 38656 --a------ C:\WINDOWS\system32\drivers\wpdusb.sys 2006-08-24 20:26 17408 --------- C:\WINDOWS\system32\wpdshextautoplay.exe 2006-08-24 19:22 90112 --------- C:\WINDOWS\system32\drivers\WudfRd.sys 2006-08-24 19:19 316416 --------- C:\WINDOWS\system32\WUDFx.dll 2006-08-24 19:19 145920 --------- C:\WINDOWS\system32\WudfHost.exe 2006-08-24 19:18 84864 --------- C:\WINDOWS\system32\drivers\WudfPf.sys 2006-08-24 19:18 56320 --------- C:\WINDOWS\system32\WudfSvc.dll 2006-08-24 19:18 168448 --------- C:\WINDOWS\system32\WudfPlatform.dll 2006-08-23 23:12 218624 --a------ C:\WINDOWS\system32\uxtheme.dll 2006-08-23 23:12 -------- d-------- C:\Program Files\LClock 2006-08-23 23:12 -------- d-------- C:\Program Files\LClock 2006-08-23 23:12 -------- d-------- C:\Program Files\Glass2k 2006-08-23 23:12 -------- d-------- C:\Program Files\Glass2k 2006-08-21 13:21 16896 --a------ C:\WINDOWS\system32\fltlib.dll 2006-08-21 10:14 23040 --a------ C:\WINDOWS\system32\fltmc.exe 2006-08-21 10:14 128896 --a------ C:\WINDOWS\system32\drivers\fltmgr.sys 2006-08-14 16:55 -------- d--h----- C:\Program Files\BitLord 2006-08-14 16:55 -------- d--h----- C:\Program Files\BitLord 2006-08-11 11:29 60416 --a------ C:\WINDOWS\system32\rbap350.dll 2006-08-11 11:29 54784 --a------ C:\WINDOWS\system32\RBQT350.DLL 2006-08-11 11:29 39936 --a------ C:\WINDOWS\system32\RBShell350.dll 2006-08-11 11:29 25600 --a------ C:\WINDOWS\system32\ecryptstrong.dll 2006-08-11 11:29 18944 --a------ C:\WINDOWS\system32\ecrypt.dll 2006-08-11 11:29 170496 --a------ C:\WINDOWS\system32\plugin.dll 2006-08-11 11:29 105472 --a------ C:\WINDOWS\system32\charset.dll 2006-08-10 19:11 -------- d-------- C:\Program Files\VideoLAN 2006-08-10 19:11 -------- d-------- C:\Program Files\VideoLAN 2006-08-10 18:56 47104 --------- C:\WINDOWS\AKDeInstall.exe 2006-08-10 17:29 -------- d-------- C:\Program Files\AC3Filter 2006-08-10 17:29 -------- d-------- C:\Program Files\AC3Filter 2006-08-09 19:59 -------- d-------- C:\Program Files\WinRAR 2006-08-09 19:59 -------- d-------- C:\Program Files\WinRAR 2006-08-08 20:33 -------- d-------- C:\Program Files\Nokia 2006-08-08 20:33 -------- d-------- C:\Program Files\Nokia 2006-08-08 20:30 -------- d-------- C:\Program Files\DIFX 2006-08-08 20:30 -------- d-------- C:\Program Files\DIFX 2006-08-08 20:30 -------- d-------- C:\Program Files\Common Files\PCSuite 2006-08-08 20:30 -------- d-------- C:\Program Files\Common Files\Nokia 2006-08-08 19:28 -------- d-------- C:\Program Files\SpywareBlaster 2006-08-08 19:28 -------- d-------- C:\Program Files\SpywareBlaster 2006-08-08 19:20 -------- d-------- C:\Program Files\WinCleaner Memory Optimizer 2006-08-08 19:20 -------- d-------- C:\Program Files\WinCleaner Memory Optimizer 2006-08-08 19:18 -------- d-------- C:\Program Files\Advanced System Optimizer 2006-08-08 19:18 -------- d-------- C:\Program Files\Advanced System Optimizer 2006-08-07 19:43 -------- d-------- C:\Program Files\Stardock 2006-08-07 19:43 -------- d-------- C:\Program Files\Stardock 2006-08-07 19:43 -------- d-------- C:\Program Files\Common Files\stardock 2006-08-06 13:35 0 -rahs---- C:\MSDOS.SYS 2006-08-06 13:35 0 -rahs---- C:\IO.SYS 2006-07-29 19:32 48936 --a------ C:\WINDOWS\system32\sirenacm.dll 2006-07-27 14:24 679424 --a------ C:\WINDOWS\system32\inetcomm.dll 2006-07-27 03:05 73728 --a------ C:\WINDOWS\system32\dpl100.dll 2006-07-27 03:05 3596288 --a------ C:\WINDOWS\system32\qt-dx331.dll 2006-07-27 03:05 192512 --a------ C:\WINDOWS\system32\dtu100.dll 2006-07-27 03:05 109568 --------- C:\WINDOWS\system32\pxinsi64.exe 2006-07-27 03:05 108544 --------- C:\WINDOWS\system32\pxcpyi64.exe 2006-07-21 09:24 72704 --a------ C:\WINDOWS\system32\hlink.dll (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries are not shown [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MsnMsgr"="\"C:\\Program Files\\MSN Messenger\\MsnMsgr.Exe\" /background" "PeerGuardian"="C:\\Program Files\\PeerGuardian2\\pg2.exe" "ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "LClock"="C:\\Program Files\\LClock\\LClock.exe" "iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\"" "QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime" "Zone Labs Client"="\"C:\\Program Files\\Zone Labs\\ZoneAlarm\\zlclient.exe\"" "!AVG Anti-Spyware"="\"C:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized" "SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.5.0_09\\bin\\jusched.exe\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL] "Installed"="1" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI] "Installed"="1" "NoChange"="1" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS] "Installed"="1" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components] "DeskHtmlVersion"=dword:00000110 "DeskHtmlMinorVersion"=dword:00000005 "Settings"=dword:00000001 "GeneralFlags"=dword:00000001 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components\0] "Source"="About:Home" "SubscribedURL"="About:Home" "FriendlyName"="My Current Home Page" "Flags"=dword:00000002 "Position"=hex:2c,00,00,00,00,01,00,00,00,00,00,00,00,04,00,00,e2,03,00,00,00,\ 00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00 "CurrentState"=hex:04,00,00,40 "OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\ ff,ff,04,00,00,00 "RestoredStateInfo"=hex:18,00,00,00,6a,02,00,00,23,00,00,00,a4,00,00,00,9a,00,\ 00,00,01,00,00,00 [HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE" [HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Runonce] "RunNarrator"="" [HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE" [HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Runonce] "RunNarrator"="" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\shellexecutehooks] "{AEB6717E-7E19-11d0-97EE-00C04FD91972}"="" "{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer] "NoDriveTypeAutoRun"=dword:00000091 "NoRecentDocsHistory"=dword:00000001 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system] "dontdisplaylastusername"=dword:00000000 "legalnoticecaption"="" "legalnoticetext"="" "shutdownwithoutlogon"=dword:00000001 "undockwithoutlogon"=dword:00000001 [HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer] "NoDriveTypeAutoRun"=dword:00000091 "CDRAutoRun"=dword:00000000 [HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer] "NoDriveTypeAutoRun"=dword:00000091 "CDRAutoRun"=dword:00000000 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] "0aMCPClient"="{F5DF91F9-15E9-416B-A7C3-7519B11ECBFC}" "PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}" "CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}" "WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}" "SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}" "WPDShServiceObj"="{AAA288BA-9A4C-45B0-95D7-94D524869DB5}" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupfolder] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupfolder\D:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk] "path"="D:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\HP Digital Imaging Monitor.lnk" "backup"="C:\\WINDOWS\\pss\\HP Digital Imaging Monitor.lnkCommon Startup" "location"="Common Startup" "command"="C:\\PROGRA~1\\HP\\DIGITA~1\\bin\\hpqtra08.exe " "item"="HP Digital Imaging Monitor" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupfolder\D:^Documents and Settings^All Users^Start Menu^Programs^Startup^Privoxy.lnk] "path"="D:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Privoxy.lnk" "backup"="C:\\WINDOWS\\pss\\Privoxy.lnkCommon Startup" "location"="Common Startup" "command"="C:\\PROGRA~1\\Privoxy\\privoxy.exe " "item"="Privoxy" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupfolder\D:^Documents and Settings^All Users^Start Menu^Programs^Startup^Remote Control.lnk] "path"="D:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Remote Control.lnk" "backup"="C:\\WINDOWS\\pss\\Remote Control.lnkCommon Startup" "location"="Common Startup" "command"="C:\\PROGRA~1\\HIVISI~1\\DVB-T1~1\\DVBTRCtl.EXE " "item"="Remote Control" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\Alcmtr] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="ALCMTR" "hkey"="HKLM" "command"="ALCMTR.EXE" "inimapping"="0" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\AlcWzrd] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="ALCWZRD" "hkey"="HKLM" "command"="ALCWZRD.EXE" "inimapping"="0" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\ccApp] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="ccApp" "hkey"="HKLM" "command"="\"C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\"" "inimapping"="0" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\DTVR Agent] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="Scheduled" "hkey"="HKLM" "command"="C:\\Program Files\\HiVision Multimedia\\DVB-T PLUS\\DTVR\\Scheduled.exe" "inimapping"="0" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\EmailChecker] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="ech" "hkey"="HKLM" "command"="C:\\APPS\\EmailChecker\\ech.exe" "inimapping"="0" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\High Definition Audio Property Page Shortcut] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="HDAudPropShortcut" "hkey"="HKLM" "command"="HDAudPropShortcut.exe" "inimapping"="0" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\HP Software Update] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="HPWuSchd2" "hkey"="HKLM" "command"="C:\\Program Files\\HP\\HP Software Update\\HPWuSchd2.exe" "inimapping"="0" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\IMJPMIG8.1] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="IMJPMIG" "hkey"="HKLM" "command"="\"C:\\WINDOWS\\IME\\imjp8_1\\IMJPMIG.EXE\" /Spoil /RemAdvDef /Migration32" "inimapping"="0" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\IS CfgWiz] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="cfgwiz" "hkey"="HKLM" "command"="C:\\Program Files\\Norton Internet Security\\cfgwiz.exe /GUID {257BBC47-1B26-432e-9F84-188603799DD3} /MODE CfgWiz /CMDLINE \"REBOOT\"" "inimapping"="0" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\NvCplDaemon] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="NvCpl" "hkey"="HKLM" "command"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup" "inimapping"="0" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\NvMediaCenter] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="NvMcTray" "hkey"="HKLM" "command"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvMcTray.dll,NvTaskbarInit" "inimapping"="0" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\nwiz] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="nwiz" "hkey"="HKLM" "command"="nwiz.exe /install" "inimapping"="0" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\PCMService] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="PCMService" "hkey"="HKLM" "command"="\"c:\\Apps\\Powercinema\\PCMService.exe\"" "inimapping"="0" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\PCSuiteTrayApplication] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="LAUNCH~1" "hkey"="HKLM" "command"="C:\\PROGRA~1\\Nokia\\NOKIAP~1\\LAUNCH~1.EXE -startup" "inimapping"="0" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\PcSync] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="PcSync2" "hkey"="HKCU" "command"="C:\\Program Files\\Nokia\\Nokia PC Suite 6\\PcSync2.exe /NoDialog" "inimapping"="0" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\PHIME2002A] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="TINTSETP" "hkey"="HKLM" "command"="C:\\WINDOWS\\system32\\IME\\TINTLGNT\\TINTSETP.EXE /IMEName" "inimapping"="0" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\PHIME2002ASync] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="TINTSETP" "hkey"="HKLM" "command"="C:\\WINDOWS\\system32\\IME\\TINTLGNT\\TINTSETP.EXE /SYNC" "inimapping"="0" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\RoxioDragToDisc] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="DrgToDsc" "hkey"="HKLM" "command"="\"C:\\Program Files\\Roxio\\Easy Media Creator 7\\Drag to Disc\\DrgToDsc.exe\"" "inimapping"="0" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\SoundMan] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="SOUNDMAN" "hkey"="HKLM" "command"="SOUNDMAN.EXE" "inimapping"="0" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\SpeedTouch USB Diagnostics] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="Dragdiag" "hkey"="HKLM" "command"="\"C:\\Program Files\\Thomson\\SpeedTouch USB\\Dragdiag.exe\" /icon" "inimapping"="0" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\SSC_UserPrompt] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="UsrPrmpt" "hkey"="HKLM" "command"="C:\\Program Files\\Common Files\\Symantec Shared\\Security Center\\UsrPrmpt.exe" "inimapping"="0" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\SunJavaUpdateSched] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="jusched" "hkey"="HKLM" "command"="C:\\Program Files\\Java\\jre1.5.0_02\\bin\\jusched.exe" "inimapping"="0" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\TkBellExe] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="realsched" "hkey"="HKLM" "command"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot" "inimapping"="0" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\Ulead AutoDetector v2] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="monitor" "hkey"="HKLM" "command"="C:\\Program Files\\Common Files\\Ulead Systems\\AutoDetector\\monitor.exe" "inimapping"="0" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\Warez] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="Warez" "hkey"="HKCU" "command"="\"C:\\Program Files\\Warez\\Warez.exe\" /minimized" "inimapping"="0" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\WinMem] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="WinMemOpt" "hkey"="HKCU" "command"="C:\\Program Files\\WinCleaner Memory Optimizer\\WinMemOpt.exe" "inimapping"="0" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\services] "UleadBurningHelper"=dword:00000002 "SPBBCSvc"=dword:00000003 "SNDSrvc"=dword:00000003 "ServiceLayer"=dword:00000003 "SAVScan"=dword:00000003 "NVSvc"=dword:00000002 "navapsvc"=dword:00000002 "ISSVC"=dword:00000003 "GenericHidService"=dword:00000002 "CyberLink Media Library Service"=dword:00000002 "CLSched"=dword:00000002 "CLCapSvc"=dword:00000002 "ccSetMgr"=dword:00000002 "ccPwdSvc"=dword:00000003 "ccProxy"=dword:00000002 "ccEvtMgr"=dword:00000002 "AOL ACS"=dword:00000002 HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\MCPClient HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders securityproviders REG_SZ msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll Contents of the 'Scheduled Tasks' folder C:\WINDOWS\tasks\At1.job C:\WINDOWS\tasks\Setup my PC.job C:\WINDOWS\tasks\Symantec NetDetect.job C:\WINDOWS\tasks\WebReg psc 1500 series.job Completion time: 07/10/2006 18:36:21.45 ComboFix.txt ComboFix2.txt
That's fine. Run ActiveScan online virus scan with IE: http://www.pandasoftware.com/products/activescan.htm When the scan is finished, save the results from the scan! post a new Hijack This log along with the Panda report.
Incident Status Location Adware:adware/dollarrevenue Not disinfected c:\windows\keyboard1.dat Adware:adware/searchexe Not disinfected Windows Registry Adware:adware/ucmore Not disinfected Windows Registry Adware:Adware/Look2Me Not disinfected C:\Installer4.exe Virus:Trj/Torpig.DM Disinfected C:\jttsdgjj.exe Virus:Trj/Wupi.N Disinfected C:\ufhkfrm.exe Adware:Adware/DollarRevenue Not disinfected C:\WINDOWS\system32\mny.exe[²ÜÇ\nsProcess.dll] Virus:Bck/Keylog.IM Not disinfected C:\WINDOWS\system32\mny.exe[Activate.exe] Virus:Trj/Wupi.N Disinfected C:\WINDOWS\system32\svchost6.exe Virus:Trj/Wupi.N Disinfected C:\WINDOWS\system32\winlogon7.exe Spyware:Cookie/YieldManager Not disinfected D:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\m6482rnr.default\cookies.txt[ad.yieldmanager.com/] Spyware:Cookie/Casalemedia Not disinfected D:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\m6482rnr.default\cookies.txt[.casalemedia.com/] Spyware:Cookie/RealMedia Not disinfected D:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\m6482rnr.default\cookies.txt[.realmedia.com/] Spyware:Cookie/Adrevolver Not disinfected D:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\m6482rnr.default\cookies.txt[.adrevolver.com/] Spyware:Cookie/WUpd Not disinfected D:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\m6482rnr.default\cookies.txt[.revenue.net/] Spyware:Cookie/DriveCleaner Not disinfected D:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\m6482rnr.default\cookies.txt[.drivecleaner.com/] Spyware:Cookie/DriveCleaner Not disinfected D:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\m6482rnr.default\cookies.txt[www.drivecleaner.com/.freeware/] Spyware:Cookie/DriveCleaner Not disinfected D:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\m6482rnr.default\cookies.txt[stats.drivecleaner.com/] Spyware:Cookie/DriveCleaner Not disinfected D:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\m6482rnr.default\cookies.txt[drivecleaner.com/] Spyware:Cookie/DriveCleaner Not disinfected D:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\m6482rnr.default\cookies.txt[stats.drivecleaner.com/] Spyware:Cookie/Com.com Not disinfected D:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\m6482rnr.default\cookies.txt[.com.com/] Spyware:Cookie/ErrorSafe Not disinfected D:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\m6482rnr.default\cookies.txt[.errorsafe.com/] Spyware:Cookie/ErrorSafe Not disinfected D:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\m6482rnr.default\cookies.txt[www.errorsafe.com/pages/scanner/] Spyware:Cookie/Hbmediapro Not disinfected D:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\m6482rnr.default\cookies.txt[.adopt.hbmediapro.com/] Spyware:Cookie/DriveCleaner Not disinfected D:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\m6482rnr.default\cookies.txt[drivecleaner.com/.freeware/] Spyware:Cookie/Server.iad.Liveperson Not disinfected D:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\m6482rnr.default\cookies.txt[server.iad.liveperson.net/] Spyware:Cookie/Server.iad.Liveperson Not disinfected D:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\m6482rnr.default\cookies.txt[server.iad.liveperson.net/hc/45553385] Spyware:Cookie/Reliablestats Not disinfected D:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\m6482rnr.default\cookies.txt[stats1.reliablestats.com/] Spyware:Cookie/888 Not disinfected D:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\m6482rnr.default\cookies.txt[.888.com/] Spyware:Cookie/Statcounter Not disinfected D:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\m6482rnr.default\cookies.txt[.statcounter.com/] Spyware:Cookie/Maxserving Not disinfected D:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\m6482rnr.default\cookies.txt[.maxserving.com/] Spyware:Cookie/Serving-sys Not disinfected D:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\m6482rnr.default\cookies.txt[.serving-sys.com/] Spyware:Cookie/Serving-sys Not disinfected D:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\m6482rnr.default\cookies.txt[.bs.serving-sys.com/] Spyware:Cookie/Atwola Not disinfected D:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\m6482rnr.default\cookies.txt[.atwola.com/] Spyware:Cookie/Searchportal Not disinfected D:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\m6482rnr.default\cookies.txt[searchportal.information.com/] Spyware:Cookie/Server.iad.Liveperson Not disinfected D:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\m6482rnr.default\cookies.txt[server.iad.liveperson.net/hc/15824921] Spyware:Cookie/Apmebf Not disinfected D:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\m6482rnr.default\cookies.txt[.apmebf.com/] Spyware:Cookie/cs.sexcounter Not disinfected D:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\m6482rnr.default\cookies.txt[.cs.sexcounter.com/] Spyware:Cookie/Server.iad.Liveperson Not disinfected D:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\m6482rnr.default\cookies.txt[server.iad.liveperson.net/hc/29419095] Spyware:Cookie/Zedo Not disinfected D:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\m6482rnr.default\cookies.txt[.zedo.com/] Spyware:Cookie/onestat.com Not disinfected D:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\m6482rnr.default\cookies.txt[stat.onestat.com/] Spyware:Cookie/DomainSponsor Not disinfected D:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\m6482rnr.default\cookies.txt[landing.domainsponsor.com/] Spyware:Cookie/Server.iad.Liveperson Not disinfected D:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\m6482rnr.default\cookies.txt[server.iad.liveperson.net/hc/2378597] Spyware:Cookie/Statcounter Not disinfected D:\Documents and Settings\Chris\Cookies\chris@statcounter[2].txt Adware:Adware/DollarRevenue Not disinfected D:\Documents and Settings\Chris\Local Settings\Temp\Temporary Internet Files\Content.IE5\1EFFTYZP\mcs[1].mp3[²ÜÇ\nsProcess.dll] Virus:Bck/Keylog.IM Not disinfected D:\Documents and Settings\Chris\Local Settings\Temp\Temporary Internet Files\Content.IE5\1EFFTYZP\mcs[1].mp3[Activate.exe] Adware:Adware/DollarRevenue Not disinfected D:\Documents and Settings\Chris\mny.exe[²ÜÇ\nsProcess.dll] Virus:Bck/Keylog.IM Not disinfected D:\Documents and Settings\Chris\mny.exe[Activate.exe] Logfile of HijackThis v1.99.1 Scan saved at 20:11:15, on 07/10/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\HPZipm12.exe C:\WINDOWS\system32\svchost.exe C:\PROGRA~1\COMMON~1\Stardock\SDMCP.exe C:\WINDOWS\Explorer.EXE C:\Program Files\LClock\LClock.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe C:\Program Files\MSN Messenger\MsnMsgr.Exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\WINDOWS\system32\NOTEPAD.EXE D:\Documents and Settings\Chris\Desktop\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wanadoo.co.uk/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.wanadoo.co.uk R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Wanadoo O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll O4 - HKLM\..\Run: [LClock] C:\Program Files\LClock\LClock.exe O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe" O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [PeerGuardian] C:\Program Files\PeerGuardian2\pg2.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Search with Wanadoo - res://C:\PROGRA~1\Wanadoo\WSBar\WSBar.dll/VSearch.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=http://www.wanadoo.co.uk O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O16 - DPF: {E055C02E-6258-40FF-80A7-3BDA52FACAD7} (Installer Class) - http://activex.matcash.com/speedtest2.dll O17 - HKLM\System\CCS\Services\Tcpip\..\{A63F059F-F9E6-4A1A-A157-8813BE59A2FC}: NameServer = 195.92.195.95 195.92.195.94 O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O20 - Winlogon Notify: MCPClient - C:\PROGRA~1\COMMON~1\Stardock\mcpstub.dll O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
DownLoad http://www.downloads.subratam.org/KillBox.zip Copy these instructions to Notepad for safe mode. Restart your computer into safe mode now. (keep tapping F8 on startup) Double-click on Killbox.exe to run it. Now put a tick by Standard File Kill. In the "Full Path of File to Delete" box, copy and paste each of the following lines one at a time then click on the X button after you enter each file. It will ask for confimation to delete the file. Click Yes. Note: It is possible that Killbox will tell you that one or more files do not exist. If that happens, just continue on with all the files. C:\Installer4.exe c:\windows\keyboard1.dat C:\jttsdgjj.exe C:\WINDOWS\system32\mny.exe[²ÜÇ\nsProcess.dll] C:\ufhkfrm.exe D:\Documents and Settings\Chris\mny.exe[Activate.exe] C:\WINDOWS\system32\mny.exe[Activate.exe] C:\WINDOWS\system32\mny.exe D:\Documents and Settings\Chris\Local Settings\Temp\Temporary Internet Files\Content.IE5\1EFFTYZP\ D:\Documents and Settings\Chris\mny.exe D:\Documents and Settings\Chris\mny.exe[²ÜÇ\nsProcess.dll] Next in Killbox go to Tools > Delete Temp Files In the window that pops up, put a check by ALL the options there except these three: XP Prefetch Recent History Now click the Delete Selected Temp Files button. Exit the Killbox. Reboot to Normal Mode. post another hjt log
