maca1 Hijak This, Scan, Need Help

Discussion in 'Windows - Virus and spyware problems' started by jorahan, Oct 19, 2006.

  1. jorahan

    jorahan Guest

    -Hi I was wondering what (if anything) my computer is infected with. Can someone please examine the log file and tell me? Thanks in Advance.
    -Pieter

    Logfile of HijackThis v1.99.1
    Scan saved at 6:27:36 PM, on 10/19/2006
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\wdfmgr.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Icons\Seticon.exe
    C:\USBStorage\USBDetector.exe
    C:\WINDOWS\System32\RunDll32.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
    C:\Program Files\Winamp\winampa.exe
    C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    C:\Program Files\Common Files\{C00B7FE5-0693-1033-0102-040222050001}\Update.exe
    C:\Program Files\MSN Messenger\MsnMsgr.Exe
    C:\WINDOWS\System32\fdeploy.exe
    C:\WINDOWS\System32\msxml2r.exe
    C:\WINDOWS\System32\wuauclt.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Downloads\HijackThis_v1.99.1.exe

    R3 - URLSearchHook: (no name) - {A8BD6820-6ED7-423E-9558-2D1486B0FEEA} - C:\Program Files\DeluxeCommunications\DxcBho.dll
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O2 - BHO: ToolBar888 - {C004DEC2-2623-438e-9CA2-C9043AB28508} - C:\Program Files\Common Files\{300B7FE5-0693-1033-0102-040222050001}\MyToolBar.dll
    O2 - BHO: PrintViewBHO Class - {D4E0C464-30CE-4075-9A10-71FD106C2847} - C:\PROGRA~1\PRINTV~1\PRINTH~1.DLL
    O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: ToolBar888 - {C004DEC2-2623-438e-9CA2-C9043AB28508} - C:\Program Files\Common Files\{300B7FE5-0693-1033-0102-040222050001}\MyToolBar.dll
    O4 - HKLM\..\Run: [SetIcon] C:\Program Files\Icons\Seticon.exe
    O4 - HKLM\..\Run: [USBDetector] C:\USBStorage\USBDetector.exe
    O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
    O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    O4 - HKLM\..\Run: [SW20] C:\WINDOWS\System32\sw20.exe
    O4 - HKLM\..\Run: [SW24] C:\WINDOWS\System32\sw24.exe
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
    O4 - HKLM\..\Run: [PVModule] C:\PROGRA~1\PRINTV~1\pvmodule.exe
    O4 - HKLM\..\Run: [DeluxeCommunications] C:\Program Files\DeluxeCommunications\Dxc.exe
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [fdeploy] C:\WINDOWS\System32\fdeploy.exe
    O4 - HKCU\..\Run: [rsfsaps] C:\WINDOWS\System32\rsfsaps.exe
    O4 - HKCU\..\Run: [shmedia] C:\WINDOWS\System32\shmedia.exe
    O4 - HKCU\..\Run: [msaatext] C:\WINDOWS\System32\msaatext.exe
    O4 - HKCU\..\Run: [msxml2r] C:\WINDOWS\System32\msxml2r.exe
    O4 - HKCU\..\Run: [kbdgr1] C:\WINDOWS\System32\kbdgr1.exe
    O4 - HKCU\..\Run: [dmcompos] C:\WINDOWS\System32\dmcompos.exe
    O4 - HKCU\..\Run: [tapiui] C:\WINDOWS\System32\tapiui.exe
    O4 - HKCU\..\Run: [cprocsvc] C:\WINDOWS\System32\crunner\cproc.exe
    O4 - HKCU\..\Run: [DeluxeCommunications] C:\Program Files\DeluxeCommunications\Dxc.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O20 - AppInit_DLLs: dxclib303562752.dll
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    O23 - Service: CA ISafe (CAISafe) - Computer Associates International, Inc. - C:\WINDOWS\System32\ZoneLabs\isafe.exe
    O23 - Service: dgrpsetu.exe - Unknown owner - C:\WINDOWS\System32\dgrpsetu.exe
    O23 - Service: dpus11.exe - Unknown owner - C:\WINDOWS\System32\dpus11.exe (file missing)
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: msdtcuiu.exe - Unknown owner - C:\WINDOWS\System32\msdtcuiu.exe (file missing)
    O23 - Service: ntdsbcli.exe - Unknown owner - C:\WINDOWS\System32\ntdsbcli.exe (file missing)
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
    O23 - Service: odexl32.exe - Unknown owner - C:\WINDOWS\System32\odexl32.exe (file missing)
    O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
    O23 - Service: termsrv.exe - Unknown owner - C:\WINDOWS\System32\termsrv.exe (file missing)
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
     
    Last edited by a moderator: Oct 19, 2006
    jorahan, Oct 19, 2006
    #1
  2. maca1

    maca1 Regular member

    Joined:
    Mar 15, 2006
    Messages:
    630
    Likes Received:
    0
    Trophy Points:
    26
    Hi jorahan.

    You are quite infected, you are running XP service pack1 while Windows XP has been updated to service pack2 but that can't be installed on your system until it's clean

    1. Download combofix from one of these two sites:
    http://download.bleepingcomputer.com/sUBs/combofix.exe
    http://www.techsupportforum.com/sectools/combofix.exe

    2. Double click combofix.exe & follow the prompts.
    3. When finished, it shall produce a log for you. Post that log in your next reply with a new HjT log.
    Note:
    Do not mouseclick combofix's window while it's running. That may cause it to stall.


     
    Last edited: Oct 19, 2006
    maca1, Oct 19, 2006
    #2
  3. jorahan

    jorahan Guest

    DANG! I dont wanna be infected:

    Admin - 06-10-19 19:41:02.70 Service Pack 1
    ComboFix 06.10.19 - Running from: "C:\Downloads"

    ((((((((((((((((((((((((((((((((((((((((((( E-Give / Ssk's Log )))))))))))))))))))))))))))))))))))))))))))))))))


    C:\WINDOWS\system32\dxclib303562752.dll
    C:\Documents and Settings\Admin\Application Data\Dxcknwrd.dll
    C:\WINDOWS\system32\bkd.exe
    C:\Program Files\DeluxeCommunications\Dxc.exe
    C:\Program Files\DeluxeCommunications\DxcBho.dll
    C:\Program Files\DeluxeCommunications\DxcCore.dll


    * * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *


    C:\WINDOWS\system32\dxclib303562752.dll
    C:\Program Files\DeluxeCommunications\Dxc.exe
    C:\Program Files\DeluxeCommunications\DxcBho.dll
    C:\Program Files\DeluxeCommunications\DxcCore.dll
    (((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


    C:\WINDOWS\system32\winsys.exe
    C:\Program Files\Common Files\Yazzle1122OinAdmin.exe
    C:\Program Files\Common Files\misc002
    C:\Program Files\Inetget2
    C:\Program Files\Ipwins
    C:\Program Files\PrintView
    C:\WINDOWS\system32\crunner
    C:\Program Files\Common Files\{300B7FE5-0693-1033-0102-040222050001}
    C:\Program Files\Common Files\{C00B7FE5-0693-1033-0102-040222050001}


    ((((((((((((((((((((((((((((((( Files Created from 2006-09-19 to 2006-10-19 ))))))))))))))))))))))))))))))))))


    2006-10-19 19:37 18,944 --a------ C:\WINDOWS\system32\adsldpc.exe
    2006-10-19 19:37 18,944 --a------ C:\Documents and Settings\Admin\HRCC.exe
    2006-10-19 19:34 18,944 --a------ C:\Documents and Settings\Admin\TGNE.exe
    2006-10-19 18:02 18,944 --a------ C:\Documents and Settings\Admin\FNNQ.exe
    2006-10-18 20:41 96,768 --------- C:\WINDOWS\system32\dxclib303562752.dll
    2006-10-18 20:01 45,056 --a------ C:\Documents and Settings\Admin\QREN.exe
    2006-10-18 18:01 45,056 --a------ C:\Documents and Settings\Admin\OHDT.exe
    2006-10-17 18:24 45,056 --a------ C:\Documents and Settings\Admin\TEMO.exe
    2006-10-17 12:38 45,056 --a------ C:\Documents and Settings\Admin\TRAU.exe
    2006-10-17 06:51 45,056 --a------ C:\WINDOWS\system32\IECI.exe
    2006-10-17 06:51 45,056 --a------ C:\WINDOWS\system32\dxdiagn.exe
    2006-10-17 06:51 45,056 --a------ C:\Documents and Settings\Admin\SQSE.exe
    2006-10-16 22:05 45,056 --a------ C:\Documents and Settings\Admin\IEJF.exe
    2006-10-16 18:28 45,056 --a------ C:\Documents and Settings\Admin\MFOK.exe
    2006-10-16 18:04 45,056 --a------ C:\Documents and Settings\Admin\UOLF.exe
    2006-10-16 12:28 45,056 --a------ C:\Documents and Settings\Admin\EBKS.exe
    2006-10-16 07:50 45,056 --a------ C:\Documents and Settings\Admin\QRML.exe
    2006-10-15 21:59 45,056 --a------ C:\Documents and Settings\Admin\PIUJ.exe
    2006-10-15 21:44 45,056 --a------ C:\WINDOWS\system32\JKRC.exe
    2006-10-15 21:43 45,056 --a------ C:\Documents and Settings\Admin\NGDH.exe
    2006-10-15 20:18 45,056 --a------ C:\Documents and Settings\Admin\EGRS.exe
    2006-10-15 18:56 45,056 --a------ C:\Documents and Settings\Admin\AFME.exe
    2006-10-15 17:16 45,056 --a------ C:\Documents and Settings\Admin\CUAR.exe
    2006-10-15 16:21 45,056 --a------ C:\Documents and Settings\Admin\DFAC.exe
    2006-10-15 15:10 45,056 --a------ C:\Documents and Settings\Admin\HPMD.exe
    2006-10-15 13:33 45,056 --a------ C:\Documents and Settings\Admin\NRRG.exe
    2006-10-15 09:54 45,056 --a------ C:\Documents and Settings\Admin\MAPF.exe
    2006-10-15 09:12 48,640 --a------ C:\Documents and Settings\Admin\7.exe
    2006-10-15 09:12 45,056 --a------ C:\WINDOWS\system32\KNST.exe
    2006-10-15 09:10 45,056 --a------ C:\Documents and Settings\Admin\URPC.exe
    2006-10-14 17:25 45,056 --a------ C:\Documents and Settings\Admin\SHHT.exe
    2006-10-14 15:43 45,056 --a------ C:\Documents and Settings\Admin\OHEI.exe
    2006-10-14 10:13 45,056 --a------ C:\Documents and Settings\Admin\RURS.exe
    2006-10-14 02:49 45,056 --a------ C:\WINDOWS\system32\JJKP.exe
    2006-10-14 02:49 35,591 --a------ C:\WINDOWS\system32\msaatext.exe
    2006-10-14 02:48 45,056 --a------ C:\Documents and Settings\Admin\IKGB.exe
    2006-10-13 22:22 45,056 --a------ C:\WINDOWS\system32\clbcatex.exe
    2006-10-13 22:22 45,056 --a------ C:\WINDOWS\system32\ASAL.exe
    2006-10-08 22:06 24,576 --a------ C:\WINDOWS\system32\SNSL.exe
    2006-10-08 22:06 115,947 --a------ C:\WINDOWS\system32\5.exe
    2006-10-08 22:05 24,576 --a------ C:\WINDOWS\system32\dbmsrpcn.exe
    2006-10-02 18:56 192,512 --a------ C:\WINDOWS\system32\srkey.exe
    2006-09-23 20:22 73,728 --a------ C:\WINDOWS\system32\FLKill.exe
    2006-09-23 20:22 53,248 --a------ C:\WINDOWS\system32\suppdll.dll
    2006-09-23 20:22 35,363 --a------ C:\WINDOWS\system32\windrvNT.sys
    2006-09-20 18:53 36,480 -ra------ C:\WINDOWS\system32\drivers\P2k.sys


    (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


    2006-10-19 19:47 -------- d-------- C:\Program Files\Common Files
    2006-10-19 19:37 -------- d-------- C:\Program Files\Mozilla Firefox
    2006-10-18 20:41 -------- d-------- C:\Program Files\DeluxeCommunications
    2006-10-15 21:07 -------- d-------- C:\Program Files\GameSpy Arcade
    2006-10-15 18:53 -------- d-------- C:\Documents and Settings\Admin\Application Data\Azureus
    2006-10-15 16:19 -------- d-------- C:\Program Files\FlashGet
    2006-10-15 16:18 -------- d-------- C:\Program Files\FlashFXP
    2006-10-15 16:17 -------- d-------- C:\Program Files\Postal 2 Demo
    2006-10-15 16:17 -------- d-------- C:\Program Files\BitLord
    2006-10-13 19:01 -------- d-------- C:\Program Files\Azureus
    2006-10-08 21:35 -------- d-------- C:\Documents and Settings\Admin\Application Data\uTorrent
    2006-10-08 20:35 -------- d-------- C:\Program Files\ReflexiveArcade
    2006-10-05 20:26 -------- d-------- C:\Program Files\KXploit Tool
    2006-10-02 19:01 -------- d--h----- C:\Program Files\InstallShield Installation Information
    2006-10-02 18:45 -------- d-------- C:\Program Files\directx
    2006-10-01 17:39 -------- d-------- C:\Program Files\Valusoft
    2006-10-01 14:14 -------- d-------- C:\Program Files\MSN Messenger
    2006-10-01 14:14 -------- d-------- C:\Program Files\Common Files\Microsoft Shared
    2006-10-01 10:51 -------- d-------- C:\Program Files\Folder Lock
    2006-09-30 22:08 -------- d-------- C:\Program Files\Winamp
    2006-09-29 21:41 -------- d-------- C:\Documents and Settings\Admin\Application Data\Google
    2006-09-29 21:40 -------- d-------- C:\Program Files\Google
    2006-09-29 21:23 -------- d-------- C:\Program Files\Windows Media Player
    2006-09-29 18:18 778656 --a------ C:\WINDOWS\system32\drivers\avg7core.sys
    2006-09-28 20:12 -------- d-------- C:\Program Files\DivX
    2006-09-28 18:57 -------- d-------- C:\Program Files\CDex_150
    2006-09-23 20:03 -------- d-------- C:\Documents and Settings\Admin\Application Data\uk.co.planetside
    2006-09-23 19:53 -------- d-------- C:\Program Files\Terragen
    2006-09-21 21:36 -------- d-------- C:\Program Files\PSP
    2006-09-18 20:11 778240 --a------ C:\WINDOWS\system32\divx_xx0c.dll
    2006-09-18 20:11 778240 --a------ C:\WINDOWS\system32\divx_xx07.dll
    2006-09-18 20:11 761856 --a------ C:\WINDOWS\system32\divx_xx11.dll
    2006-09-18 20:11 620180 --a------ C:\WINDOWS\system32\DivX.dll
    2006-09-14 21:15 -------- d-------- C:\Program Files\Motorola
    2006-09-14 21:03 -------- d--h----- C:\Program Files\WindowsUpdate
    2006-09-08 17:30 14 --a------ C:\WINDOWS\system32\systeminfo.dll
    2006-09-08 17:30 -------- d-------- C:\Program Files\DVD X Studios
    2006-09-08 16:17 -------- d-------- C:\Program Files\AC3Filter
    2006-09-08 15:25 98304 --a------ C:\WINDOWS\system32\CmdLineExt.dll
    2006-09-08 15:24 -------- d-------- C:\Program Files\MyGlobalSearch
    2006-09-08 15:24 -------- d-------- C:\Program Files\Cliprex_WhenUSave_Installer
    2006-09-08 15:17 -------- d---s---- C:\Documents and Settings\Admin\Application Data\Microsoft
    2006-09-08 15:15 -------- d-------- C:\Program Files\Eidos
    2006-09-04 21:44 -------- d-------- C:\Documents and Settings\Admin\Application Data\Media Player Classic
    2006-09-03 20:39 73216 --a------ C:\WINDOWS\ST6UNST.EXE
    2006-09-03 20:39 286720 --------- C:\WINDOWS\Setup1.exe
    2006-09-03 20:30 -------- d-------- C:\Program Files\TES IV Save Manager
    2006-09-02 22:38 -------- d-------- C:\Documents and Settings\Admin\Application Data\Macromedia
    2006-09-02 09:49 952 --ahs---- C:\WINDOWS\system32\KGyGaAvL.sys
    2006-09-02 09:49 56 -r-hs---- C:\WINDOWS\system32\DEB57E620A.sys
    2006-09-02 05:29 -------- d-------- C:\Program Files\MSXML 4.0
    2006-09-02 05:26 -------- d-------- C:\Program Files\Microsoft Games
    2006-09-01 23:57 -------- d-------- C:\Program Files\Lavasoft
    2006-09-01 23:48 -------- d-------- C:\Program Files\Java
    2006-09-01 23:44 -------- d-------- C:\Program Files\Common Files\Java
    2006-09-01 22:48 -------- d-------- C:\Program Files\RAR Password Cracker
    2006-09-01 19:37 -------- d-------- C:\Program Files\Avanquest update
    2006-09-01 19:36 -------- d-------- C:\Program Files\Motorola Phone Tools
    2006-09-01 19:35 22768 --a------ C:\WINDOWS\system32\drivers\usbsermpt.sys
    2006-08-31 16:16 -------- d-------- C:\Documents and Settings\Admin\Application Data\Apple Computer
    2006-08-31 08:22 -------- d-------- C:\Program Files\Thugs at Bay
    2006-08-31 04:53 -------- d-------- C:\Program Files\WinRAR
    2006-08-31 04:08 -------- d-------- C:\Program Files\Common Files\Adobe
    2006-08-31 04:07 -------- d-------- C:\Program Files\Adobe
    2006-08-31 03:06 -------- d-------- C:\Program Files\DVD Shrink
    2006-08-31 03:06 -------- d-------- C:\Program Files\DVD Decrypter
    2006-08-31 03:02 99965 --a------ C:\WINDOWS\UninstallFirefox.exe
    2006-08-31 03:01 -------- d-------- C:\Program Files\XviD
    2006-08-31 03:01 -------- d-------- C:\Program Files\Real Alternative
    2006-08-31 03:01 -------- d-------- C:\Program Files\QuickTime Alternative
    2006-08-31 03:00 -------- d-------- C:\Program Files\Media Player Classic
    2006-08-31 03:00 -------- d-------- C:\Program Files\Combined Community Codec Pack
    2006-08-31 02:57 223128 --a------ C:\WINDOWS\system32\drivers\vaxscsi.sys
    2006-08-31 02:57 -------- d-------- C:\Program Files\Alcohol Soft
    2006-08-31 02:56 90240 --a------ C:\WINDOWS\system32\drivers\sptd5021.sys
    2006-08-31 02:56 642560 --a------ C:\WINDOWS\system32\drivers\sptd.sys
    2006-08-31 02:51 -------- d-------- C:\Program Files\Common Files\Ahead
    2006-08-31 02:51 -------- d-------- C:\Program Files\Ahead
    2006-08-31 01:55 -------- d-------- C:\Program Files\Creative
    2006-08-31 01:29 10578 --a------ C:\WINDOWS\system32\drivers\hamachi.sys
    2006-08-31 01:29 -------- d-------- C:\Program Files\Hamachi
    2006-08-29 14:04 27904 --a------ C:\WINDOWS\system32\drivers\avg7rsxp.sys
    2006-08-29 14:03 499712 --a------ C:\WINDOWS\system32\msvcp71.dll
    2006-08-29 14:03 4992 --a------ C:\WINDOWS\system32\drivers\avgtdi.sys
    2006-08-29 14:03 4288 --a------ C:\WINDOWS\system32\drivers\avg7rsw.sys
    2006-08-29 14:03 348160 --a------ C:\WINDOWS\system32\msvcr71.dll
    2006-08-29 14:03 23424 --a------ C:\WINDOWS\system32\drivers\avgmfrs.sys
    2006-08-29 14:02 -------- d-------- C:\Program Files\Grisoft
    2006-08-29 13:52 -------- d-------- C:\Program Files\Common Files\InstallShield
    2006-08-29 13:31 -------- d-------- C:\Program Files\C-Media 3D Audio
    2006-08-29 12:57 -------- d-------- C:\Program Files\Icons
    2006-08-29 12:57 -------- d-------- C:\Program Files\Common Files\Wise Installation Wizard
    2006-08-29 12:44 -------- d--h----- C:\Program Files\Uninstall Information
    2006-08-29 12:34 -------- d-------- C:\Program Files\xerox
    2006-08-29 12:34 -------- d-------- C:\Program Files\microsoft frontpage
    2006-08-29 12:33 0 -rahs---- C:\MSDOS.SYS
    2006-08-29 12:33 0 -rahs---- C:\IO.SYS
    2006-08-29 12:33 0 --a------ C:\CONFIG.SYS
    2006-08-29 12:33 0 --a------ C:\AUTOEXEC.BAT
    2006-08-29 12:32 -------- d-------- C:\Program Files\Internet Explorer
    2006-08-29 12:31 -------- d-------- C:\Program Files\Outlook Express
    2006-08-29 12:31 -------- d-------- C:\Program Files\NetMeeting
    2006-08-29 12:31 -------- d-------- C:\Program Files\Movie Maker
    2006-08-29 12:31 -------- d-------- C:\Program Files\Common Files\System
    2006-08-29 12:31 -------- d-------- C:\Program Files\Common Files\Services
    2006-08-29 12:31 -------- d-------- C:\Program Files\Common Files\MSSoap
    2006-08-29 12:30 -------- d-------- C:\Program Files\ComPlus Applications
    2006-08-29 12:29 -------- d-------- C:\Program Files\Windows NT
    2006-08-29 12:29 -------- d-------- C:\Program Files\Online Services
    2006-08-29 12:29 -------- d-------- C:\Program Files\MSN Gaming Zone
    2006-08-29 12:29 -------- d-------- C:\Program Files\MSN
    2006-08-29 12:29 -------- d-------- C:\Program Files\Messenger
    2006-08-29 05:12 -------- d-------- C:\Program Files\Common Files\SpeechEngines
    2006-08-29 05:12 -------- d-------- C:\Program Files\Common Files\ODBC
    2006-08-29 05:11 62 --ahs---- C:\Documents and Settings\Admin\Application Data\desktop.ini
    2006-08-29 03:02 35591 --a------ C:\WINDOWS\system32\dmcompos.exe
    2006-08-29 03:02 35079 --a------ C:\WINDOWS\system32\dgrpsetu.exe
    2006-08-27 21:23 -------- d-------- C:\Program Files\Enterbrain
    2006-08-27 14:56 -------- d-------- C:\Program Files\Common Files\Enterbrain
    2006-08-27 14:44 -------- d-------- C:\Program Files\Game_Maker6
    2006-08-27 09:00 197120 --a------ C:\WINDOWS\system32\Ramp_c.scr
    2006-08-24 23:52 -------- d-------- C:\Documents and Settings\Admin\Application Data\Real
    2006-08-24 23:52 -------- d-------- C:\Documents and Settings\Admin\Application Data\AdobeUM
    2006-08-24 21:03 -------- d-------- C:\Documents and Settings\Admin\Application Data\Creative
    2006-08-24 11:58 2368 --a------ C:\WINDOWS\system32\SVKP.sys
    2006-08-23 23:38 75776 --a------ C:\WINDOWS\zllsputility.exe
    2006-08-22 17:07 -------- d-------- C:\Program Files\Ligos
    2006-08-22 10:02 -------- d-------- C:\Program Files\Zone Labs
    2006-08-22 09:53 -------- d-------- C:\Documents and Settings\Admin\Application Data\Lavasoft
    2006-08-22 09:51 14848 --a------ C:\WINDOWS\system32\htui.exe
    2006-08-22 09:51 131104 --a------ C:\WINDOWS\system32\fdeploy.exe
    2006-08-22 09:50 151072 --a------ C:\WINDOWS\system32\Fastmp3_Setup1.exe
    2006-08-22 09:50 14848 --a------ C:\WINDOWS\system32\inst.exe
    2006-08-21 09:51 737280 --a------ C:\WINDOWS\iun6002.exe
    2006-08-21 09:18 -------- d-------- C:\Documents and Settings\Admin\Application Data\Sun
    2006-08-21 09:16 -------- d-------- C:\Program Files\Common Files\DirectX
    2006-08-21 08:55 -------- d-------- C:\Documents and Settings\Admin\Application Data\My Games
    2006-08-21 08:54 -------- d-------- C:\Documents and Settings\Admin\Application Data\Hamachi
    2006-08-21 08:51 -------- d-------- C:\Documents and Settings\Admin\Application Data\Talkback
    2006-08-21 08:51 -------- d-------- C:\Documents and Settings\Admin\Application Data\Mozilla
    2006-08-20 22:48 -------- d-------- C:\Documents and Settings\Admin\Application Data\Adobe
    2006-08-20 20:03 -------- d-------- C:\Documents and Settings\Admin\Application Data\Identities
    2006-08-20 20:03 -------- d-------- C:\Documents and Settings\Admin\Application Data\AVG7
    2006-08-20 19:41 -------- d-------- C:\Program Files\LimeWire
    2006-08-20 19:41 -------- d-------- C:\Program Files\ICQLite
    2006-08-20 00:36 -------- d-------- C:\Program Files\ICQToolbar
    2006-08-15 22:34 21840 --a------ C:\WINDOWS\system32\SIntfNT.dll
    2006-08-15 22:34 17212 --a------ C:\WINDOWS\system32\SIntf32.dll
    2006-08-15 22:34 12067 --a------ C:\WINDOWS\system32\SIntf16.dll
    2006-08-11 19:35 520192 --a------ C:\WINDOWS\system32\DivXsm.exe
    2006-08-11 19:35 3596288 --a------ C:\WINDOWS\system32\qt-dx331.dll
    2006-08-11 19:35 200704 --a------ C:\WINDOWS\system32\ssldivx.dll
    2006-08-11 19:35 109568 --------- C:\WINDOWS\system32\pxinsi64.exe
    2006-08-11 19:35 108544 --------- C:\WINDOWS\system32\pxcpyi64.exe
    2006-08-11 19:35 1044480 --a------ C:\WINDOWS\system32\libdivx.dll
    2006-08-11 19:31 73728 --a------ C:\WINDOWS\system32\dpl100.dll
    2006-08-11 19:31 593920 --a------ C:\WINDOWS\system32\dpuGUI11.dll
    2006-08-11 19:31 57344 --a------ C:\WINDOWS\system32\dpv11.dll
    2006-08-11 19:31 53248 --a------ C:\WINDOWS\system32\dpuGUI10.dll
    2006-08-11 19:31 344064 --a------ C:\WINDOWS\system32\dpus11.dll
    2006-08-11 19:31 294912 --a------ C:\WINDOWS\system32\dpu11.dll
    2006-08-11 19:31 294912 --a------ C:\WINDOWS\system32\dpu10.dll
    2006-08-11 19:31 196608 --a------ C:\WINDOWS\system32\dtu100.dll
    2006-08-11 19:31 12288 --a------ C:\WINDOWS\system32\DivXWMPExtType.dll
    2006-08-11 19:31 118784 --a------ C:\WINDOWS\system32\DivXCodecUpdateChecker.exe
    2006-07-29 19:32 48936 --a------ C:\WINDOWS\system32\sirenacm.dll
    2006-07-28 09:30 62744 --a------ C:\WINDOWS\system32\xinput1_2.dll
    2006-07-28 09:30 236824 --a------ C:\WINDOWS\system32\xactengine2_3.dll


    (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

    *Note* empty entries are not shown

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
    "msnmsgr"="\"C:\\Program Files\\MSN Messenger\\MsnMsgr.Exe\" /background"
    "fdeploy"="C:\\WINDOWS\\System32\\fdeploy.exe"
    "rsfsaps"="C:\\WINDOWS\\System32\\rsfsaps.exe"
    "shmedia"="C:\\WINDOWS\\System32\\shmedia.exe"
    "msaatext"="C:\\WINDOWS\\System32\\msaatext.exe"
    "msxml2r"="C:\\WINDOWS\\System32\\msxml2r.exe"
    "kbdgr1"="C:\\WINDOWS\\System32\\kbdgr1.exe"
    "dmcompos"="C:\\WINDOWS\\System32\\dmcompos.exe"
    "tapiui"="C:\\WINDOWS\\System32\\tapiui.exe"
    "cprocsvc"="C:\\WINDOWS\\System32\\crunner\\cproc.exe"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
    "SetIcon"="C:\\Program Files\\Icons\\Seticon.exe"
    "USBDetector"="C:\\USBStorage\\USBDetector.exe"
    "SiSUSBRG"="C:\\WINDOWS\\SiSUSBrg.exe"
    "Cmaudio"="RunDll32 cmicnfg.cpl,CMICtrlWnd"
    "NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\System32\\NvCpl.dll,NvStartup"
    "nwiz"="nwiz.exe /install"
    "AVG7_CC"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgcc.exe /STARTUP"
    "NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"
    "WinampAgent"="C:\\Program Files\\Winamp\\winampa.exe"
    "SunJavaUpdateSched"="C:\\Program Files\\Java\\jre1.5.0_06\\bin\\jusched.exe"
    "SW20"="C:\\WINDOWS\\System32\\sw20.exe"
    "SW24"="C:\\WINDOWS\\System32\\sw24.exe"
    "NvMediaCenter"="RUNDLL32.EXE C:\\WINDOWS\\System32\\NvMcTray.dll,NvTaskbarInit"
    "Zone Labs Client"="\"C:\\Program Files\\Zone Labs\\ZoneAlarm\\zlclient.exe\""

    [HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
    "DeskHtmlVersion"=dword:00000110
    "DeskHtmlMinorVersion"=dword:00000005
    "Settings"=dword:00000001
    "GeneralFlags"=dword:00000001

    [HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
    "Source"="About:Home"
    "SubscribedURL"="About:Home"
    "FriendlyName"="My Current Home Page"
    "Flags"=dword:00000002
    "Position"=hex:2c,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,e2,02,00,00,00,\
    00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
    "CurrentState"=hex:04,00,00,40
    "OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\
    ff,ff,04,00,00,00
    "RestoredStateInfo"=hex:18,00,00,00,12,03,00,00,23,00,00,00,dc,00,00,00,d2,00,\
    00,00,01,00,00,00

    [HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
    "AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE"

    [HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
    "AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
    "{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
    "{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
    "{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
    "NoDriveTypeAutoRun"=dword:00000091

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "dontdisplaylastusername"=dword:00000000
    "legalnoticecaption"=""
    "legalnoticetext"=""
    "shutdownwithoutlogon"=dword:00000001
    "undockwithoutlogon"=dword:00000001

    [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
    "NoDriveTypeAutoRun"=dword:00000091

    [HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
    "NoDriveTypeAutoRun"=dword:00000091

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
    "PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
    "CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
    "WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
    "SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
    "SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

    Completion time: 06-10-19 19:48:30.18
    C:\ComboFix.txt ... 06-10-19 19:48
     
    jorahan, Oct 19, 2006
    #3
  4. maca1

    maca1 Regular member

    Joined:
    Mar 15, 2006
    Messages:
    630
    Likes Received:
    0
    Trophy Points:
    26
    Download AVG Anti-Spyware http://www.ewido.net/en/download/
    · Install and run
    · Click Scanner
    · select the "Settings" tab.
    · Once in the Settings screen click on "Recommended actions" and then select "Delete".
    · Select "Automatically generate report after every scan"
    · UnSelect "Only if threats were found"
    · Click Complete System Scan and the scan will begin.
    · When the scan is finished, Set all items to delete
    · Click Apply all actions
    · Click the Save report button.
    · Save the report to your C: Drive
    Reboot

    Run ActiveScan online virus scan:
    http://www.pandasoftware.com/products/activescan.htm
    When the scan is finished, save the results from the scan!

    Come back here and post a new Hijack This log along with the logs from the AVG and Panda scans.
     
    maca1, Oct 19, 2006
    #4
  5. jorahan

    jorahan Guest

    I did what you said, The scan finished, There was alot! I select delete, and i think most of them deleted. it minimized before I could see, then stopped responding. Anyway here is my hijak this report.

    Logfile of HijackThis v1.99.1
    Scan saved at 9:25:28 PM, on 10/19/2006
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\System32\nvsvc32.exe
    C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\wdfmgr.exe
    C:\Program Files\Icons\Seticon.exe
    C:\USBStorage\USBDetector.exe
    C:\WINDOWS\System32\RunDll32.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
    C:\Program Files\Winamp\winampa.exe
    C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    C:\Program Files\MSN Messenger\MsnMsgr.Exe
    C:\WINDOWS\System32\fdeploy.exe
    C:\WINDOWS\System32\wuauclt.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    C:\WINDOWS\System32\ZoneLabs\isafe.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\Downloads\HijackThis_v1.99.1.exe

    R3 - URLSearchHook: (no name) - {A8BD6820-6ED7-423E-9558-2D1486B0FEEA} - C:\Program Files\DeluxeCommunications\DxcBho.dll
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O2 - BHO: ToolBar888 - {C004DEC2-2623-438e-9CA2-C9043AB28508} - C:\Program Files\Common Files\{300B7FE5-0693-1033-0102-040222050001}\MyToolBar.dll (file missing)
    O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: ToolBar888 - {C004DEC2-2623-438e-9CA2-C9043AB28508} - C:\Program Files\Common Files\{300B7FE5-0693-1033-0102-040222050001}\MyToolBar.dll (file missing)
    O4 - HKLM\..\Run: [SetIcon] C:\Program Files\Icons\Seticon.exe
    O4 - HKLM\..\Run: [USBDetector] C:\USBStorage\USBDetector.exe
    O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
    O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    O4 - HKLM\..\Run: [SW20] C:\WINDOWS\System32\sw20.exe
    O4 - HKLM\..\Run: [SW24] C:\WINDOWS\System32\sw24.exe
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
    O4 - HKLM\..\Run: [DeluxeCommunications] C:\Program Files\DeluxeCommunications\Dxc.exe
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [fdeploy] C:\WINDOWS\System32\fdeploy.exe
    O4 - HKCU\..\Run: [rsfsaps] C:\WINDOWS\System32\rsfsaps.exe
    O4 - HKCU\..\Run: [shmedia] C:\WINDOWS\System32\shmedia.exe
    O4 - HKCU\..\Run: [msaatext] C:\WINDOWS\System32\msaatext.exe
    O4 - HKCU\..\Run: [kbdgr1] C:\WINDOWS\System32\kbdgr1.exe
    O4 - HKCU\..\Run: [dmcompos] C:\WINDOWS\System32\dmcompos.exe
    O4 - HKCU\..\Run: [tapiui] C:\WINDOWS\System32\tapiui.exe
    O4 - HKCU\..\Run: [cprocsvc] C:\WINDOWS\System32\crunner\cproc.exe
    O4 - HKCU\..\Run: [DeluxeCommunications] C:\Program Files\DeluxeCommunications\Dxc.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O20 - AppInit_DLLs: dxclib303562752.dll
    O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    O23 - Service: CA ISafe (CAISafe) - Computer Associates International, Inc. - C:\WINDOWS\System32\ZoneLabs\isafe.exe
    O23 - Service: dgrpsetu.exe - Unknown owner - C:\WINDOWS\System32\dgrpsetu.exe
    O23 - Service: dpus11.exe - Unknown owner - C:\WINDOWS\System32\dpus11.exe (file missing)
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: msdtcuiu.exe - Unknown owner - C:\WINDOWS\System32\msdtcuiu.exe (file missing)
    O23 - Service: ntdsbcli.exe - Unknown owner - C:\WINDOWS\System32\ntdsbcli.exe (file missing)
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
    O23 - Service: odexl32.exe - Unknown owner - C:\WINDOWS\System32\odexl32.exe (file missing)
    O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
    O23 - Service: termsrv.exe - Unknown owner - C:\WINDOWS\System32\termsrv.exe (file missing)
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

     
    jorahan, Oct 19, 2006
    #5
  6. jorahan

    jorahan Guest

    -edited
     
    Last edited by a moderator: Oct 19, 2006
    jorahan, Oct 19, 2006
    #6
  7. maca1

    maca1 Regular member

    Joined:
    Mar 15, 2006
    Messages:
    630
    Likes Received:
    0
    Trophy Points:
    26
    Go back and follow the instructions.
     
    maca1, Oct 19, 2006
    #7
  8. jorahan

    jorahan Guest

    Thanks I did this, Here are all the reports:
    --------------------------------------------------------------------------------

    Panda:


    Incident Status Location

    Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt[.realmedia.com/]
    Spyware:Cookie/fe.lea.lycos Not disinfected C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt[fe.lea.lycos.de/]
    Spyware:Cookie/Apmebf Not disinfected C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt[.apmebf.com/]
    Spyware:Cookie/Maxserving Not disinfected C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt[.maxserving.com/]
    Spyware:Cookie/Hbmediapro Not disinfected C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt[.adopt.hbmediapro.com/]
    Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt[.go.com/]
    Spyware:Cookie/Adserver Not disinfected C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt[adserver.filefront.com/]
    Spyware:Cookie/Searchportal Not disinfected C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt[searchportal.information.com/]
    Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Admin\Cookies\admin@ad.sensismediasmart.com[1].txt
    Spyware:Cookie/Hbmediapro Not disinfected C:\Documents and Settings\Admin\Cookies\admin@adopt.hbmediapro[2].txt
    Spyware:Cookie/Advnt Not disinfected C:\Documents and Settings\Admin\Cookies\admin@www.advnt01[1].txt
    Adware:Adware/DeluxeComunications Not disinfected C:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\7ZXSZOPQ\126[1].net
    Spyware:Cookie/Hbmediapro Not disinfected C:\Documents and Settings\General\Cookies\general@adopt.hbmediapro[1].txt
    Potentially unwanted tool:Application/MyWebSearch Not disinfected C:\Program Files\Mozilla Firefox\plugins\NPMyGlSh.dll
    Adware:Adware/Maxifiles Not disinfected C:\WINDOWS\system32\5.exe
    Virus:Trj/Downloader.KTZ Disinfected C:\WINDOWS\system32\dbmsrpcn.exe
    Adware:Adware/SpySheriff Not disinfected C:\WINDOWS\system32\htui.exe
    Adware:Adware/SpySheriff Not disinfected C:\WINDOWS\system32\inst.exe
    Virus:Trj/Downloader.KTZ Disinfected C:\WINDOWS\system32\SNSL.exe

    ------------------------------------------------------------------


    Hijak This:

    Logfile of HijackThis v1.99.1
    Scan saved at 3:40:54 PM, on 10/23/2006
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Icons\Seticon.exe
    C:\USBStorage\USBDetector.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\System32\RunDll32.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
    C:\Program Files\Winamp\winampa.exe
    C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\wuauclt.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\Downloads\HijackThis_v1.99.1.exe

    R3 - URLSearchHook: (no name) - {A8BD6820-6ED7-423E-9558-2D1486B0FEEA} - (no file)
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
    O2 - BHO: ToolBar888 - {C004DEC2-2623-438e-9CA2-C9043AB28508} - C:\Program Files\Common Files\{300B7FE5-0693-1033-0102-040222050001}\MyToolBar.dll (file missing)
    O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: ToolBar888 - {C004DEC2-2623-438e-9CA2-C9043AB28508} - C:\Program Files\Common Files\{300B7FE5-0693-1033-0102-040222050001}\MyToolBar.dll (file missing)
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
    O4 - HKLM\..\Run: [SetIcon] C:\Program Files\Icons\Seticon.exe
    O4 - HKLM\..\Run: [USBDetector] C:\USBStorage\USBDetector.exe
    O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
    O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    O4 - HKLM\..\Run: [SW20] C:\WINDOWS\System32\sw20.exe
    O4 - HKLM\..\Run: [SW24] C:\WINDOWS\System32\sw24.exe
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [fdeploy] C:\WINDOWS\System32\fdeploy.exe
    O4 - HKCU\..\Run: [rsfsaps] C:\WINDOWS\System32\rsfsaps.exe
    O4 - HKCU\..\Run: [shmedia] C:\WINDOWS\System32\shmedia.exe
    O4 - HKCU\..\Run: [msaatext] C:\WINDOWS\System32\msaatext.exe
    O4 - HKCU\..\Run: [kbdgr1] C:\WINDOWS\System32\kbdgr1.exe
    O4 - HKCU\..\Run: [dmcompos] C:\WINDOWS\System32\dmcompos.exe
    O4 - HKCU\..\Run: [tapiui] C:\WINDOWS\System32\tapiui.exe
    O4 - HKCU\..\Run: [cprocsvc] C:\WINDOWS\System32\crunner\cproc.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O20 - AppInit_DLLs: dxclib303562752.dll
    O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    O23 - Service: CA ISafe (CAISafe) - Computer Associates International, Inc. - C:\WINDOWS\System32\ZoneLabs\isafe.exe
    O23 - Service: dgrpsetu.exe - Unknown owner - C:\WINDOWS\System32\dgrpsetu.exe
    O23 - Service: dpus11.exe - Unknown owner - C:\WINDOWS\System32\dpus11.exe (file missing)
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: msdtcuiu.exe - Unknown owner - C:\WINDOWS\System32\msdtcuiu.exe (file missing)
    O23 - Service: ntdsbcli.exe - Unknown owner - C:\WINDOWS\System32\ntdsbcli.exe (file missing)
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
    O23 - Service: odexl32.exe - Unknown owner - C:\WINDOWS\System32\odexl32.exe (file missing)
    O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
    O23 - Service: termsrv.exe - Unknown owner - C:\WINDOWS\System32\termsrv.exe (file missing)
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

    -------------------------------------------------------------------------



    AVG:

    ---------------------------------------------------------
    AVG Anti-Spyware - Scan Report
    ---------------------------------------------------------

    + Created at: 7:09:46 AM 10/22/2006

    + Scan result:



    C:\Program Files\DeluxeCommunications -> Adware.DeluxeCommunications : Cleaned.
    HKLM\SOFTWARE\Classes\CLSID\{A8BD6820-6ED7-423E-9558-2D1486B0FEEA} -> Adware.DeluxeCommunications : Cleaned.
    HKLM\SOFTWARE\DeluxeCommunications -> Adware.DeluxeCommunications : Cleaned.
    HKLM\SOFTWARE\DeluxeCommunications\Internet Explorer -> Adware.DeluxeCommunications : Cleaned.
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\DeluxeCommunications -> Adware.DeluxeCommunications : Cleaned.
    HKU\S-1-5-21-507921405-117609710-1801674531-1006\Software\DeluxeCommunications -> Adware.DeluxeCommunications : Cleaned.
    HKU\S-1-5-21-507921405-117609710-1801674531-1006\Software\DeluxeCommunications\Internet Explorer -> Adware.DeluxeCommunications : Cleaned.
    HKU\S-1-5-21-507921405-117609710-1801674531-1006\Software\Microsoft\Windows\CurrentVersion\Run\\DeluxeCommunications -> Adware.DeluxeCommunications : Cleaned.
    C:\System Volume Information\_restore{E4F15D0D-087F-4805-BEE5-EF35929FE5EF}\RP79\A0112043.exe -> Adware.SaveNow : Cleaned.
    C:\System Volume Information\_restore{E4F15D0D-087F-4805-BEE5-EF35929FE5EF}\RP75\A0095305.dll -> Adware.Softomate : Cleaned.
    C:\System Volume Information\_restore{E4F15D0D-087F-4805-BEE5-EF35929FE5EF}\RP75\A0095306.exe -> Adware.Softomate : Cleaned.
    C:\System Volume Information\_restore{E4F15D0D-087F-4805-BEE5-EF35929FE5EF}\RP75\A0095307.dll -> Adware.Softomate : Cleaned.
    C:\System Volume Information\_restore{E4F15D0D-087F-4805-BEE5-EF35929FE5EF}\RP75\A0096305.dll -> Adware.Softomate : Cleaned.
    C:\System Volume Information\_restore{E4F15D0D-087F-4805-BEE5-EF35929FE5EF}\RP75\A0096306.exe -> Adware.Softomate : Cleaned.
    C:\System Volume Information\_restore{E4F15D0D-087F-4805-BEE5-EF35929FE5EF}\RP75\A0096307.dll -> Adware.Softomate : Cleaned.
    C:\System Volume Information\_restore{E4F15D0D-087F-4805-BEE5-EF35929FE5EF}\RP76\A0098360.dll -> Adware.Softomate : Cleaned.
    C:\System Volume Information\_restore{E4F15D0D-087F-4805-BEE5-EF35929FE5EF}\RP76\A0098361.exe -> Adware.Softomate : Cleaned.
    C:\System Volume Information\_restore{E4F15D0D-087F-4805-BEE5-EF35929FE5EF}\RP76\A0098362.dll -> Adware.Softomate : Cleaned.
    C:\System Volume Information\_restore{E4F15D0D-087F-4805-BEE5-EF35929FE5EF}\RP77\A0106352.dll -> Adware.Softomate : Cleaned.
    C:\System Volume Information\_restore{E4F15D0D-087F-4805-BEE5-EF35929FE5EF}\RP77\A0106353.exe -> Adware.Softomate : Cleaned.
    C:\System Volume Information\_restore{E4F15D0D-087F-4805-BEE5-EF35929FE5EF}\RP77\A0106354.dll -> Adware.Softomate : Cleaned.
    C:\System Volume Information\_restore{E4F15D0D-087F-4805-BEE5-EF35929FE5EF}\RP78\A0109902.dll -> Adware.Softomate : Cleaned.
    C:\System Volume Information\_restore{E4F15D0D-087F-4805-BEE5-EF35929FE5EF}\RP78\A0109903.exe -> Adware.Softomate : Cleaned.
    C:\System Volume Information\_restore{E4F15D0D-087F-4805-BEE5-EF35929FE5EF}\RP79\A0109944.dll -> Adware.Softomate : Cleaned.
    C:\System Volume Information\_restore{E4F15D0D-087F-4805-BEE5-EF35929FE5EF}\RP79\A0109945.exe -> Adware.Softomate : Cleaned.
    C:\System Volume Information\_restore{E4F15D0D-087F-4805-BEE5-EF35929FE5EF}\RP79\A0109946.dll -> Adware.Softomate : Cleaned.
    C:\System Volume Information\_restore{E4F15D0D-087F-4805-BEE5-EF35929FE5EF}\RP79\A0111982.dll -> Adware.Softomate : Cleaned.
    C:\System Volume Information\_restore{E4F15D0D-087F-4805-BEE5-EF35929FE5EF}\RP79\A0111983.dll -> Adware.Softomate : Cleaned.
    C:\System Volume Information\_restore{E4F15D0D-087F-4805-BEE5-EF35929FE5EF}\RP79\A0111984.exe -> Adware.Softomate : Cleaned.
    C:\System Volume Information\_restore{E4F15D0D-087F-4805-BEE5-EF35929FE5EF}\RP79\A0111966.exe -> Adware.SurfSide : Cleaned.
    C:\System Volume Information\_restore{E4F15D0D-087F-4805-BEE5-EF35929FE5EF}\RP79\A0112976.dll -> Adware.SurfSide : Cleaned.
    C:\System Volume Information\_restore{E4F15D0D-087F-4805-BEE5-EF35929FE5EF}\RP79\A0112977.dll -> Adware.SurfSide : Cleaned.
    C:\System Volume Information\_restore{E4F15D0D-087F-4805-BEE5-EF35929FE5EF}\RP79\A0112978.exe -> Adware.SurfSide : Cleaned.
    C:\System Volume Information\_restore{E4F15D0D-087F-4805-BEE5-EF35929FE5EF}\RP79\A0112979.dll -> Adware.SurfSide : Cleaned.
    C:\Program Files\ICQToolbar\version.txt -> Adware.Systemdoctor : Cleaned.
    C:\System Volume Information\_restore{E4F15D0D-087F-4805-BEE5-EF35929FE5EF}\RP78\A0107384.exe -> Adware.Trymedia : Cleaned.
    C:\System Volume Information\_restore{E4F15D0D-087F-4805-BEE5-EF35929FE5EF}\RP79\A0112041.exe -> Backdoor.Small.ml : Cleaned.
    C:\System Volume Information\_restore{E4F15D0D-087F-4805-BEE5-EF35929FE5EF}\RP79\A0112040.exe -> Downloader.Agent.acr : Cleaned.
    C:\System Volume Information\_restore{E4F15D0D-087F-4805-BEE5-EF35929FE5EF}\RP79\A0112042.exe -> Downloader.Reqlook.h : Cleaned.
    :mozilla.211:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
    :mozilla.212:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
    :mozilla.213:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
    :mozilla.214:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
    :mozilla.215:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
    :mozilla.216:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
    :mozilla.217:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
    :mozilla.218:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
    :mozilla.219:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
    :mozilla.221:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
    :mozilla.519:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
    :mozilla.631:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
    C:\Documents and Settings\Admin\Cookies\admin@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
    C:\Documents and Settings\Admin\Cookies\admin@partygaming.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
    :mozilla.337:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
    :mozilla.39:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
    :mozilla.40:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
    :mozilla.41:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
    C:\Documents and Settings\Admin\Cookies\admin@adbrite[1].txt -> TrackingCookie.Adbrite : Cleaned.
    :mozilla.477:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.Addcontrol : Cleaned.
    :mozilla.61:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.Adjuggler : Cleaned.
    :mozilla.62:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.Adjuggler : Cleaned.
    :mozilla.63:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.Adjuggler : Cleaned.
    :mozilla.504:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.Admarketplace : Cleaned.
    :mozilla.299:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
    :mozilla.300:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
    :mozilla.301:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
    :mozilla.302:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
    :mozilla.303:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
    :mozilla.27:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.Adtech : Cleaned.
    :mozilla.29:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.Adtech : Cleaned.
    C:\Documents and Settings\Admin\Cookies\admin@www.adtrak[2].txt -> TrackingCookie.Adtrak : Cleaned.
    :mozilla.100:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
    :mozilla.98:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
    :mozilla.99:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
    :mozilla.26:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
    :mozilla.308:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.Bluestreak : Cleaned.
    C:\Documents and Settings\Admin\Cookies\admin@bluestreak[1].txt -> TrackingCookie.Bluestreak : Cleaned.
    :mozilla.159:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
    :mozilla.163:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
    :mozilla.164:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
    :mozilla.158:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
    :mozilla.160:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
    :mozilla.161:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
    :mozilla.162:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
    :mozilla.165:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
    :mozilla.166:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
    :mozilla.195:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.Com : Cleaned.
    :mozilla.196:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.Com : Cleaned.
    :mozilla.197:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.Com : Cleaned.
    :mozilla.198:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.Com : Cleaned.
    :mozilla.199:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.Com : Cleaned.
    :mozilla.200:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.Com : Cleaned.
    :mozilla.201:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.Com : Cleaned.
    :mozilla.202:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.Com : Cleaned.
    :mozilla.203:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.Com : Cleaned.
    :mozilla.528:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.Cpvfeed : Cleaned.
    :mozilla.529:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.Cpvfeed : Cleaned.
    :mozilla.530:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.Cpvfeed : Cleaned.
    :mozilla.531:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.Cpvfeed : Cleaned.
    :mozilla.25:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.
    :mozilla.459:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
    :mozilla.460:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
    :mozilla.461:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
    :mozilla.462:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
    :mozilla.463:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
    C:\Documents and Settings\Admin\Cookies\admin@adopt.euroclick[2].txt -> TrackingCookie.Euroclick : Cleaned.
    :mozilla.434:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
    :mozilla.435:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
    :mozilla.436:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
    :mozilla.437:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
    :mozilla.438:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
    :mozilla.75:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
    :mozilla.76:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
    :mozilla.77:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
    :mozilla.78:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
    :mozilla.79:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
    :mozilla.43:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
    :mozilla.44:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
    :mozilla.45:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
    :mozilla.46:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
    :mozilla.47:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
    :mozilla.48:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
    :mozilla.49:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
    :mozilla.153:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
    :mozilla.154:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
    :mozilla.155:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
    :mozilla.156:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
    :mozilla.227:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
    :mozilla.228:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
    :mozilla.290:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
    :mozilla.291:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
    :mozilla.429:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
    :mozilla.317:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.Hitslink : Cleaned.
    :mozilla.561:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.Hotlog : Cleaned.
    :mozilla.253:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.Ivwbox : Cleaned.
    C:\Documents and Settings\Admin\Cookies\admin@ivwbox[1].txt -> TrackingCookie.Ivwbox : Cleaned.
    :mozilla.32:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.Myaffiliateprogram : Cleaned.
    :mozilla.33:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.Myaffiliateprogram : Cleaned.
    :mozilla.381:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.Onestat : Cleaned.
    :mozilla.382:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.Onestat : Cleaned.
    :mozilla.383:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.Onestat : Cleaned.
    :mozilla.286:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
    :mozilla.428:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
    C:\Documents and Settings\Admin\Cookies\admin@ads.planetactive[1].txt -> TrackingCookie.Planetactive : Cleaned.
    :mozilla.509:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
    :mozilla.510:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
    :mozilla.511:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
    :mozilla.512:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
    :mozilla.629:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.Qksrv : Cleaned.
    :mozilla.630:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.Qksrv : Cleaned.
    :mozilla.58:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
    :mozilla.59:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
    :mozilla.60:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
    :mozilla.750:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.Realtracker : Cleaned.
    :mozilla.737:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
    :mozilla.738:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
    :mozilla.739:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
    :mozilla.740:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
    :mozilla.635:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.Revenue : Cleaned.
    :mozilla.540:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
    :mozilla.541:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
    :mozilla.493:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
    :mozilla.494:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
    :mozilla.495:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
    :mozilla.496:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
    :mozilla.497:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
    C:\Documents and Settings\Admin\Cookies\admin@bs.serving-sys[1].txt -> TrackingCookie.Serving-sys : Cleaned.
    C:\Documents and Settings\Admin\Cookies\admin@serving-sys[2].txt -> TrackingCookie.Serving-sys : Cleaned.
    :mozilla.12:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
    :mozilla.13:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
    :mozilla.14:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
    :mozilla.15:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
    :mozilla.16:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
    :mozilla.17:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
    :mozilla.18:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
    :mozilla.19:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
    :mozilla.20:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
    :mozilla.21:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
    :mozilla.22:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
    :mozilla.23:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
    :mozilla.24:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
    :mozilla.240:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
    :mozilla.244:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
    :mozilla.245:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
    :mozilla.246:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
    :mozilla.345:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
    :mozilla.132:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.Targetnet : Cleaned.
    :mozilla.136:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.Targetnet : Cleaned.
    :mozilla.137:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.Targetnet : Cleaned.
    :mozilla.138:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.Targetnet : Cleaned.
    :mozilla.140:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.Targetnet : Cleaned.
    :mozilla.313:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned.
    :mozilla.314:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned.
    :mozilla.42:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
    :mozilla.292:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.Valueclick : Cleaned.
    :mozilla.406:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned.
    :mozilla.693:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.Yadro : Cleaned.
    :mozilla.694:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.Yadro : Cleaned.
    C:\Documents and Settings\Admin\Cookies\admin@yadro[1].txt -> TrackingCookie.Yadro : Cleaned.
    :mozilla.102:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
    :mozilla.103:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
    :mozilla.104:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
    :mozilla.105:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
    :mozilla.106:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
    :mozilla.107:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
    :mozilla.108:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
    :mozilla.109:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
    C:\Documents and Settings\Admin\Cookies\admin@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Cleaned.
    :mozilla.695:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
    :mozilla.696:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
    :mozilla.697:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.


    ::Report end

    --------------------------------------------------------------------


    thanks!

     
    jorahan, Oct 23, 2006
    #8
  9. jorahan

    jorahan Guest

    Here are all the reports:
    --------------------------------------------------------------------------------

    Panda:


    Incident Status Location

    Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt[.realmedia.com/]
    Spyware:Cookie/fe.lea.lycos Not disinfected C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt[fe.lea.lycos.de/]
    Spyware:Cookie/Apmebf Not disinfected C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt[.apmebf.com/]
    Spyware:Cookie/Maxserving Not disinfected C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt[.maxserving.com/]
    Spyware:Cookie/Hbmediapro Not disinfected C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt[.adopt.hbmediapro.com/]
    Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt[.go.com/]
    Spyware:Cookie/Adserver Not disinfected C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt[adserver.filefront.com/]
    Spyware:Cookie/Searchportal Not disinfected C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt[searchportal.information.com/]
    Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Admin\Cookies\admin@ad.sensismediasmart.com[1].txt
    Spyware:Cookie/Hbmediapro Not disinfected C:\Documents and Settings\Admin\Cookies\admin@adopt.hbmediapro[2].txt
    Spyware:Cookie/Advnt Not disinfected C:\Documents and Settings\Admin\Cookies\admin@www.advnt01[1].txt
    Adware:Adware/DeluxeComunications Not disinfected C:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\7ZXSZOPQ\126[1].net
    Spyware:Cookie/Hbmediapro Not disinfected C:\Documents and Settings\General\Cookies\general@adopt.hbmediapro[1].txt
    Potentially unwanted tool:Application/MyWebSearch Not disinfected C:\Program Files\Mozilla Firefox\plugins\NPMyGlSh.dll
    Adware:Adware/Maxifiles Not disinfected C:\WINDOWS\system32\5.exe
    Virus:Trj/Downloader.KTZ Disinfected C:\WINDOWS\system32\dbmsrpcn.exe
    Adware:Adware/SpySheriff Not disinfected C:\WINDOWS\system32\htui.exe
    Adware:Adware/SpySheriff Not disinfected C:\WINDOWS\system32\inst.exe
    Virus:Trj/Downloader.KTZ Disinfected C:\WINDOWS\system32\SNSL.exe

    ------------------------------------------------------------------


    Hijak This:

    Logfile of HijackThis v1.99.1
    Scan saved at 3:40:54 PM, on 10/23/2006
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Icons\Seticon.exe
    C:\USBStorage\USBDetector.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\System32\RunDll32.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
    C:\Program Files\Winamp\winampa.exe
    C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\wuauclt.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\Downloads\HijackThis_v1.99.1.exe

    R3 - URLSearchHook: (no name) - {A8BD6820-6ED7-423E-9558-2D1486B0FEEA} - (no file)
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
    O2 - BHO: ToolBar888 - {C004DEC2-2623-438e-9CA2-C9043AB28508} - C:\Program Files\Common Files\{300B7FE5-0693-1033-0102-040222050001}\MyToolBar.dll (file missing)
    O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: ToolBar888 - {C004DEC2-2623-438e-9CA2-C9043AB28508} - C:\Program Files\Common Files\{300B7FE5-0693-1033-0102-040222050001}\MyToolBar.dll (file missing)
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
    O4 - HKLM\..\Run: [SetIcon] C:\Program Files\Icons\Seticon.exe
    O4 - HKLM\..\Run: [USBDetector] C:\USBStorage\USBDetector.exe
    O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
    O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    O4 - HKLM\..\Run: [SW20] C:\WINDOWS\System32\sw20.exe
    O4 - HKLM\..\Run: [SW24] C:\WINDOWS\System32\sw24.exe
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [fdeploy] C:\WINDOWS\System32\fdeploy.exe
    O4 - HKCU\..\Run: [rsfsaps] C:\WINDOWS\System32\rsfsaps.exe
    O4 - HKCU\..\Run: [shmedia] C:\WINDOWS\System32\shmedia.exe
    O4 - HKCU\..\Run: [msaatext] C:\WINDOWS\System32\msaatext.exe
    O4 - HKCU\..\Run: [kbdgr1] C:\WINDOWS\System32\kbdgr1.exe
    O4 - HKCU\..\Run: [dmcompos] C:\WINDOWS\System32\dmcompos.exe
    O4 - HKCU\..\Run: [tapiui] C:\WINDOWS\System32\tapiui.exe
    O4 - HKCU\..\Run: [cprocsvc] C:\WINDOWS\System32\crunner\cproc.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O20 - AppInit_DLLs: dxclib303562752.dll
    O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    O23 - Service: CA ISafe (CAISafe) - Computer Associates International, Inc. - C:\WINDOWS\System32\ZoneLabs\isafe.exe
    O23 - Service: dgrpsetu.exe - Unknown owner - C:\WINDOWS\System32\dgrpsetu.exe
    O23 - Service: dpus11.exe - Unknown owner - C:\WINDOWS\System32\dpus11.exe (file missing)
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: msdtcuiu.exe - Unknown owner - C:\WINDOWS\System32\msdtcuiu.exe (file missing)
    O23 - Service: ntdsbcli.exe - Unknown owner - C:\WINDOWS\System32\ntdsbcli.exe (file missing)
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
    O23 - Service: odexl32.exe - Unknown owner - C:\WINDOWS\System32\odexl32.exe (file missing)
    O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
    O23 - Service: termsrv.exe - Unknown owner - C:\WINDOWS\System32\termsrv.exe (file missing)
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

    -------------------------------------------------------------------------



    AVG:

    ---------------------------------------------------------
    AVG Anti-Spyware - Scan Report
    ---------------------------------------------------------

    + Created at: 7:09:46 AM 10/22/2006

    + Scan result:



    C:\Program Files\DeluxeCommunications -> Adware.DeluxeCommunications : Cleaned.
    HKLM\SOFTWARE\Classes\CLSID\{A8BD6820-6ED7-423E-9558-2D1486B0FEEA} -> Adware.DeluxeCommunications : Cleaned.
    HKLM\SOFTWARE\DeluxeCommunications -> Adware.DeluxeCommunications : Cleaned.
    HKLM\SOFTWARE\DeluxeCommunications\Internet Explorer -> Adware.DeluxeCommunications : Cleaned.
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\DeluxeCommunications -> Adware.DeluxeCommunications : Cleaned.
    HKU\S-1-5-21-507921405-117609710-1801674531-1006\Software\DeluxeCommunications -> Adware.DeluxeCommunications : Cleaned.
    HKU\S-1-5-21-507921405-117609710-1801674531-1006\Software\DeluxeCommunications\Internet Explorer -> Adware.DeluxeCommunications : Cleaned.
    HKU\S-1-5-21-507921405-117609710-1801674531-1006\Software\Microsoft\Windows\CurrentVersion\Run\\DeluxeCommunications -> Adware.DeluxeCommunications : Cleaned.
    C:\System Volume Information\_restore{E4F15D0D-087F-4805-BEE5-EF35929FE5EF}\RP79\A0112043.exe -> Adware.SaveNow : Cleaned.
    C:\System Volume Information\_restore{E4F15D0D-087F-4805-BEE5-EF35929FE5EF}\RP75\A0095305.dll -> Adware.Softomate : Cleaned.
    C:\System Volume Information\_restore{E4F15D0D-087F-4805-BEE5-EF35929FE5EF}\RP75\A0095306.exe -> Adware.Softomate : Cleaned.
    C:\System Volume Information\_restore{E4F15D0D-087F-4805-BEE5-EF35929FE5EF}\RP75\A0095307.dll -> Adware.Softomate : Cleaned.
    C:\System Volume Information\_restore{E4F15D0D-087F-4805-BEE5-EF35929FE5EF}\RP75\A0096305.dll -> Adware.Softomate : Cleaned.
    C:\System Volume Information\_restore{E4F15D0D-087F-4805-BEE5-EF35929FE5EF}\RP75\A0096306.exe -> Adware.Softomate : Cleaned.
    C:\System Volume Information\_restore{E4F15D0D-087F-4805-BEE5-EF35929FE5EF}\RP75\A0096307.dll -> Adware.Softomate : Cleaned.
    C:\System Volume Information\_restore{E4F15D0D-087F-4805-BEE5-EF35929FE5EF}\RP76\A0098360.dll -> Adware.Softomate : Cleaned.
    C:\System Volume Information\_restore{E4F15D0D-087F-4805-BEE5-EF35929FE5EF}\RP76\A0098361.exe -> Adware.Softomate : Cleaned.
    C:\System Volume Information\_restore{E4F15D0D-087F-4805-BEE5-EF35929FE5EF}\RP76\A0098362.dll -> Adware.Softomate : Cleaned.
    C:\System Volume Information\_restore{E4F15D0D-087F-4805-BEE5-EF35929FE5EF}\RP77\A0106352.dll -> Adware.Softomate : Cleaned.
    C:\System Volume Information\_restore{E4F15D0D-087F-4805-BEE5-EF35929FE5EF}\RP77\A0106353.exe -> Adware.Softomate : Cleaned.
    C:\System Volume Information\_restore{E4F15D0D-087F-4805-BEE5-EF35929FE5EF}\RP77\A0106354.dll -> Adware.Softomate : Cleaned.
    C:\System Volume Information\_restore{E4F15D0D-087F-4805-BEE5-EF35929FE5EF}\RP78\A0109902.dll -> Adware.Softomate : Cleaned.
    C:\System Volume Information\_restore{E4F15D0D-087F-4805-BEE5-EF35929FE5EF}\RP78\A0109903.exe -> Adware.Softomate : Cleaned.
    C:\System Volume Information\_restore{E4F15D0D-087F-4805-BEE5-EF35929FE5EF}\RP79\A0109944.dll -> Adware.Softomate : Cleaned.
    C:\System Volume Information\_restore{E4F15D0D-087F-4805-BEE5-EF35929FE5EF}\RP79\A0109945.exe -> Adware.Softomate : Cleaned.
    C:\System Volume Information\_restore{E4F15D0D-087F-4805-BEE5-EF35929FE5EF}\RP79\A0109946.dll -> Adware.Softomate : Cleaned.
    C:\System Volume Information\_restore{E4F15D0D-087F-4805-BEE5-EF35929FE5EF}\RP79\A0111982.dll -> Adware.Softomate : Cleaned.
    C:\System Volume Information\_restore{E4F15D0D-087F-4805-BEE5-EF35929FE5EF}\RP79\A0111983.dll -> Adware.Softomate : Cleaned.
    C:\System Volume Information\_restore{E4F15D0D-087F-4805-BEE5-EF35929FE5EF}\RP79\A0111984.exe -> Adware.Softomate : Cleaned.
    C:\System Volume Information\_restore{E4F15D0D-087F-4805-BEE5-EF35929FE5EF}\RP79\A0111966.exe -> Adware.SurfSide : Cleaned.
    C:\System Volume Information\_restore{E4F15D0D-087F-4805-BEE5-EF35929FE5EF}\RP79\A0112976.dll -> Adware.SurfSide : Cleaned.
    C:\System Volume Information\_restore{E4F15D0D-087F-4805-BEE5-EF35929FE5EF}\RP79\A0112977.dll -> Adware.SurfSide : Cleaned.
    C:\System Volume Information\_restore{E4F15D0D-087F-4805-BEE5-EF35929FE5EF}\RP79\A0112978.exe -> Adware.SurfSide : Cleaned.
    C:\System Volume Information\_restore{E4F15D0D-087F-4805-BEE5-EF35929FE5EF}\RP79\A0112979.dll -> Adware.SurfSide : Cleaned.
    C:\Program Files\ICQToolbar\version.txt -> Adware.Systemdoctor : Cleaned.
    C:\System Volume Information\_restore{E4F15D0D-087F-4805-BEE5-EF35929FE5EF}\RP78\A0107384.exe -> Adware.Trymedia : Cleaned.
    C:\System Volume Information\_restore{E4F15D0D-087F-4805-BEE5-EF35929FE5EF}\RP79\A0112041.exe -> Backdoor.Small.ml : Cleaned.
    C:\System Volume Information\_restore{E4F15D0D-087F-4805-BEE5-EF35929FE5EF}\RP79\A0112040.exe -> Downloader.Agent.acr : Cleaned.
    C:\System Volume Information\_restore{E4F15D0D-087F-4805-BEE5-EF35929FE5EF}\RP79\A0112042.exe -> Downloader.Reqlook.h : Cleaned.
    :mozilla.211:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
    :mozilla.212:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
    :mozilla.213:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
    :mozilla.214:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
    :mozilla.215:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
    :mozilla.216:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
    :mozilla.217:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
    :mozilla.218:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
    :mozilla.219:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
    :mozilla.221:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
    :mozilla.519:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
    :mozilla.631:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
    C:\Documents and Settings\Admin\Cookies\admin@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
    C:\Documents and Settings\Admin\Cookies\admin@partygaming.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
    :mozilla.337:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
    :mozilla.39:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
    :mozilla.40:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
    :mozilla.41:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
    C:\Documents and Settings\Admin\Cookies\admin@adbrite[1].txt -> TrackingCookie.Adbrite : Cleaned.
    :mozilla.477:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.Addcontrol : Cleaned.
    :mozilla.61:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.Adjuggler : Cleaned.
    :mozilla.62:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.Adjuggler : Cleaned.
    :mozilla.63:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.Adjuggler : Cleaned.
    :mozilla.504:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.Admarketplace : Cleaned.
    :mozilla.299:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
    :mozilla.300:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
    :mozilla.301:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
    :mozilla.302:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
    :mozilla.303:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
    :mozilla.27:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.Adtech : Cleaned.
    :mozilla.29:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.Adtech : Cleaned.
    C:\Documents and Settings\Admin\Cookies\admin@www.adtrak[2].txt -> TrackingCookie.Adtrak : Cleaned.
    :mozilla.100:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
    :mozilla.98:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
    :mozilla.99:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
    :mozilla.26:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
    :mozilla.308:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.Bluestreak : Cleaned.
    C:\Documents and Settings\Admin\Cookies\admin@bluestreak[1].txt -> TrackingCookie.Bluestreak : Cleaned.
    :mozilla.159:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
    :mozilla.163:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
    :mozilla.164:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
    :mozilla.158:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
    :mozilla.160:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
    :mozilla.161:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
    :mozilla.162:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
    :mozilla.165:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
    :mozilla.166:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
    :mozilla.195:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.Com : Cleaned.
    :mozilla.196:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.Com : Cleaned.
    :mozilla.197:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.Com : Cleaned.
    :mozilla.198:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.Com : Cleaned.
    :mozilla.199:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.Com : Cleaned.
    :mozilla.200:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.Com : Cleaned.
    :mozilla.201:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.Com : Cleaned.
    :mozilla.202:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.Com : Cleaned.
    :mozilla.203:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.Com : Cleaned.
    :mozilla.528:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.Cpvfeed : Cleaned.
    :mozilla.529:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.Cpvfeed : Cleaned.
    :mozilla.530:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.Cpvfeed : Cleaned.
    :mozilla.531:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.Cpvfeed : Cleaned.
    :mozilla.25:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.
    :mozilla.459:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
    :mozilla.460:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
    :mozilla.461:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
    :mozilla.462:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
    :mozilla.463:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
    C:\Documents and Settings\Admin\Cookies\admin@adopt.euroclick[2].txt -> TrackingCookie.Euroclick : Cleaned.
    :mozilla.434:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
    :mozilla.435:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
    :mozilla.436:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
    :mozilla.437:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
    :mozilla.438:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
    :mozilla.75:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
    :mozilla.76:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
    :mozilla.77:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
    :mozilla.78:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
    :mozilla.79:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
    :mozilla.43:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
    :mozilla.44:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
    :mozilla.45:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
    :mozilla.46:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
    :mozilla.47:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
    :mozilla.48:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
    :mozilla.49:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
    :mozilla.153:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
    :mozilla.154:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
    :mozilla.155:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
    :mozilla.156:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
    :mozilla.227:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
    :mozilla.228:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
    :mozilla.290:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
    :mozilla.291:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
    :mozilla.429:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
    :mozilla.317:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.Hitslink : Cleaned.
    :mozilla.561:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.Hotlog : Cleaned.
    :mozilla.253:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.Ivwbox : Cleaned.
    C:\Documents and Settings\Admin\Cookies\admin@ivwbox[1].txt -> TrackingCookie.Ivwbox : Cleaned.
    :mozilla.32:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.Myaffiliateprogram : Cleaned.
    :mozilla.33:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.Myaffiliateprogram : Cleaned.
    :mozilla.381:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.Onestat : Cleaned.
    :mozilla.382:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.Onestat : Cleaned.
    :mozilla.383:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.Onestat : Cleaned.
    :mozilla.286:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
    :mozilla.428:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
    C:\Documents and Settings\Admin\Cookies\admin@ads.planetactive[1].txt -> TrackingCookie.Planetactive : Cleaned.
    :mozilla.509:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
    :mozilla.510:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
    :mozilla.511:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
    :mozilla.512:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
    :mozilla.629:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.Qksrv : Cleaned.
    :mozilla.630:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.Qksrv : Cleaned.
    :mozilla.58:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
    :mozilla.59:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
    :mozilla.60:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
    :mozilla.750:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.Realtracker : Cleaned.
    :mozilla.737:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
    :mozilla.738:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
    :mozilla.739:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
    :mozilla.740:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
    :mozilla.635:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.Revenue : Cleaned.
    :mozilla.540:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
    :mozilla.541:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
    :mozilla.493:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
    :mozilla.494:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
    :mozilla.495:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
    :mozilla.496:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
    :mozilla.497:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
    C:\Documents and Settings\Admin\Cookies\admin@bs.serving-sys[1].txt -> TrackingCookie.Serving-sys : Cleaned.
    C:\Documents and Settings\Admin\Cookies\admin@serving-sys[2].txt -> TrackingCookie.Serving-sys : Cleaned.
    :mozilla.12:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
    :mozilla.13:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
    :mozilla.14:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
    :mozilla.15:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
    :mozilla.16:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
    :mozilla.17:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
    :mozilla.18:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
    :mozilla.19:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
    :mozilla.20:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
    :mozilla.21:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
    :mozilla.22:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
    :mozilla.23:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
    :mozilla.24:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
    :mozilla.240:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
    :mozilla.244:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
    :mozilla.245:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
    :mozilla.246:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
    :mozilla.345:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
    :mozilla.132:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.Targetnet : Cleaned.
    :mozilla.136:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.Targetnet : Cleaned.
    :mozilla.137:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.Targetnet : Cleaned.
    :mozilla.138:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.Targetnet : Cleaned.
    :mozilla.140:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.Targetnet : Cleaned.
    :mozilla.313:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned.
    :mozilla.314:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned.
    :mozilla.42:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
    :mozilla.292:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.Valueclick : Cleaned.
    :mozilla.406:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned.
    :mozilla.693:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.Yadro : Cleaned.
    :mozilla.694:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.Yadro : Cleaned.
    C:\Documents and Settings\Admin\Cookies\admin@yadro[1].txt -> TrackingCookie.Yadro : Cleaned.
    :mozilla.102:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
    :mozilla.103:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
    :mozilla.104:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
    :mozilla.105:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
    :mozilla.106:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
    :mozilla.107:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
    :mozilla.108:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
    :mozilla.109:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
    C:\Documents and Settings\Admin\Cookies\admin@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Cleaned.
    :mozilla.695:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
    :mozilla.696:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
    :mozilla.697:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.


    ::Report end

    --------------------------------------------------------------------


    thanks!

     
    jorahan, Oct 23, 2006
    #9
  10. jorahan

    jorahan Guest

    Anyone?
     
    jorahan, Oct 23, 2006
    #10
  11. jorahan

    jorahan Guest

    maca1? anyone?
     
    jorahan, Oct 25, 2006
    #11
  12. Niobis

    Niobis Active member

    Joined:
    Jan 30, 2005
    Messages:
    2,326
    Likes Received:
    0
    Trophy Points:
    66
    Hey jorahan, maca1 seems to be away for a few days, as you can see. :) Let's see if we can finish and get you cleaned up.

    It is recommended you uninstall the MyWebSearch plugin for Firefox. Did you install it?

    Turn off System Restore.
    Right click My Computer > Properties > System Restore tab > check "Turn off System Restore".
    Click Apply the OK.

    Show hidden files and folders.
    Control Panel > Folder Options > View tab > check "Show hidden files and folders".

    Restart in safe mode and delete these files(if found):
    C:\WINDOWS\system32\[bold]5.exe[/bold]
    C:\WINDOWS\system32\[bold]htui.exe[/bold]
    C:\WINDOWS\system32\[bold]inst.exe[/bold]

    Restart in normal mode.

    Download SmitfraudFix.zip to the desktop from here
    * Extract the files to the desktop.
    * Open the newly created folder SmitfaudFix.
    * Double-click smitfraudfix.cmd
    * Select 1 and hit Enter to create a report of the infected files. The report can be found at the root of the system drive, usually at C:\rapport.txt.

    Post back with the contents of rapport.txt and a new HijackThis log.
     
    Niobis, Oct 25, 2006
    #12
  13. jorahan

    jorahan Guest

    OK, I deleted them via Command prompt. They were all there, But i deleted them.

    SmitFraudFix v2.113

    Scan done at 10:51:45.42, Thu 10/26/2006
    Run from C:\Downloads\SmitfraudFix
    OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
    Fix run in normal mode

    »»»»»»»»»»»»»»»»»»»»»»»» C:\


    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32


    »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Admin


    »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Admin\Application Data


    »»»»»»»»»»»»»»»»»»»»»»»» Start Menu


    »»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\Admin\FAVORI~1


    »»»»»»»»»»»»»»»»»»»»»»»» Desktop


    »»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files


    »»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys


    »»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
    "Source"="About:Home"
    "SubscribedURL"="About:Home"
    "FriendlyName"="My Current Home Page"


    »»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
    !!!Attention, following keys are not inevitably infected!!!

    SrchSTS.exe by S!Ri
    Search SharedTaskScheduler's .dll


    »»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
    !!!Attention, following keys are not inevitably infected!!!

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "AppInit_DLLs"="dxclib303562752.dll"


    »»»»»»»»»»»»»»»»»»»»»»»» pe386-msguard-lzx32


    »»»»»»»»»»»»»»»»»»»»»»»» Scanning wininet.dll infection


    »»»»»»»»»»»»»»»»»»»»»»»» End






    HJT:
    Logfile of HijackThis v1.99.1
    Scan saved at 10:53:58 AM, on 10/26/2006
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Icons\Seticon.exe
    C:\USBStorage\USBDetector.exe
    C:\WINDOWS\System32\RunDll32.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
    C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
    C:\Program Files\Winamp\winampa.exe
    C:\Program Files\MSN Messenger\MsnMsgr.Exe
    C:\WINDOWS\System32\wuauclt.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Downloads\HijackThis_v1.99.1.exe

    R3 - URLSearchHook: (no name) - {A8BD6820-6ED7-423E-9558-2D1486B0FEEA} - (no file)
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
    O2 - BHO: ToolBar888 - {C004DEC2-2623-438e-9CA2-C9043AB28508} - C:\Program Files\Common Files\{300B7FE5-0693-1033-0102-040222050001}\MyToolBar.dll (file missing)
    O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: ToolBar888 - {C004DEC2-2623-438e-9CA2-C9043AB28508} - C:\Program Files\Common Files\{300B7FE5-0693-1033-0102-040222050001}\MyToolBar.dll (file missing)
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
    O4 - HKLM\..\Run: [SetIcon] C:\Program Files\Icons\Seticon.exe
    O4 - HKLM\..\Run: [USBDetector] C:\USBStorage\USBDetector.exe
    O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
    O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    O4 - HKLM\..\Run: [SW20] C:\WINDOWS\System32\sw20.exe
    O4 - HKLM\..\Run: [SW24] C:\WINDOWS\System32\sw24.exe
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime Alternative\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [fdeploy] C:\WINDOWS\System32\fdeploy.exe
    O4 - HKCU\..\Run: [cprocsvc] C:\WINDOWS\System32\crunner\cproc.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O20 - AppInit_DLLs: dxclib303562752.dll
    O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    O23 - Service: CA ISafe (CAISafe) - Computer Associates International, Inc. - C:\WINDOWS\System32\ZoneLabs\isafe.exe
    O23 - Service: dgrpsetu.exe - Unknown owner - C:\WINDOWS\System32\dgrpsetu.exe
    O23 - Service: dpus11.exe - Unknown owner - C:\WINDOWS\System32\dpus11.exe (file missing)
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: msdtcuiu.exe - Unknown owner - C:\WINDOWS\System32\msdtcuiu.exe (file missing)
    O23 - Service: ntdsbcli.exe - Unknown owner - C:\WINDOWS\System32\ntdsbcli.exe (file missing)
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
    O23 - Service: odexl32.exe - Unknown owner - C:\WINDOWS\System32\odexl32.exe (file missing)
    O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
    O23 - Service: termsrv.exe - Unknown owner - C:\WINDOWS\System32\termsrv.exe (file missing)
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

     
    jorahan, Oct 26, 2006
    #13
  14. Niobis

    Niobis Active member

    Joined:
    Jan 30, 2005
    Messages:
    2,326
    Likes Received:
    0
    Trophy Points:
    66
    Run a scan only with HijackThis, check these:

    [bold]R3 - URLSearchHook: (no name) - {A8BD6820-6ED7-423E-9558-2D1486B0FEEA} - (no file)
    O2 - BHO: ToolBar888 - {C004DEC2-2623-438e-9CA2-C9043AB28508} - C:\Program Files\Common Files\{300B7FE5-0693-1033-0102-040222050001}\MyToolBar.dll (file missing)
    O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
    O3 - Toolbar: ToolBar888 - {C004DEC2-2623-438e-9CA2-C9043AB28508} - C:\Program Files\Common Files\{300B7FE5-0693-1033-0102-040222050001}\MyToolBar.dll (file missing)
    O4 - HKCU\..\Run: [fdeploy] C:\WINDOWS\System32\fdeploy.exe
    O4 - HKCU\..\Run: [cprocsvc] C:\WINDOWS\System32\crunner\cproc.exe
    O20 - AppInit_DLLs: dxclib303562752.dll[/bold]

    Close all windows except HijackThis then click "Fix checked".
    Close HijackThis.

    Go to Start > Run > type services.msc > click OK.
    Find each of the following and double click each to open.
    Beside Startup type click the drop down menu and select Disabled.

    [bold]dgrpsetu.exe
    dpus11.exe
    msdtcuiu.exe
    ntdsbcli.exe
    odexl32.exe
    termsrv.exe[/bold]

    Close Services.

    Open HijackThis.
    Click "Open the misc tools section".
    Click "Delete an NT service".
    Copy/paste each of the following into the area and click OK after each one. You will be prompted to restart after each one. Do so after the last one and restart in safe mode.

    [bold]O23 - Service: dgrpsetu.exe - Unknown owner - C:\WINDOWS\System32\dgrpsetu.exe
    O23 - Service: dpus11.exe - Unknown owner - C:\WINDOWS\System32\dpus11.exe (file missing)
    O23 - Service: msdtcuiu.exe - Unknown owner - C:\WINDOWS\System32\msdtcuiu.exe (file missing)
    O23 - Service: ntdsbcli.exe - Unknown owner - C:\WINDOWS\System32\ntdsbcli.exe (file missing)
    O23 - Service: odexl32.exe - Unknown owner - C:\WINDOWS\System32\odexl32.exe (file missing)
    O23 - Service: termsrv.exe - Unknown owner - C:\WINDOWS\System32\termsrv.exe (file missing) [/bold]

    In safe mode:

    Show hidden files and folders.
    Control Panel > Folder Options > View tab > check "Show hidden files and folders".

    Find and delete each of the following.
    C:\WINDOWS\System32\[bold]dgrpsetu.exe[/bold] <--file
    C:\WINDOWS\System32\[bold]dxclib303562752.dll[/bold] <--file
    C:\WINDOWS\System32\[bold]fdeploy.exe[/bold] <--file
    C:\WINDOWS\System32\[bold]crunner[/bold] <--folder(may not be there)

    Restart in normal mode and post a new HijackThis log.
     
    Last edited: Oct 26, 2006
    Niobis, Oct 26, 2006
    #14
  15. jorahan

    jorahan Guest

    None of these found




    none of these found





    NEW HJT:

    Logfile of HijackThis v1.99.1
    Scan saved at 8:01:00 PM, on 10/26/2006
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Icons\Seticon.exe
    C:\USBStorage\USBDetector.exe
    C:\WINDOWS\System32\RunDll32.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
    C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
    C:\Program Files\Winamp\winampa.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\MSN Messenger\MsnMsgr.Exe
    C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    C:\WINDOWS\System32\ZoneLabs\isafe.exe
    C:\WINDOWS\System32\wuauclt.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Downloads\HijackThis_v1.99.1.exe
    C:\Program Files\Mozilla Firefox\firefox.exe

    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: (no name) - {C004DEC2-2623-438e-9CA2-C9043AB28508} - (no file)
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
    O4 - HKLM\..\Run: [SetIcon] C:\Program Files\Icons\Seticon.exe
    O4 - HKLM\..\Run: [USBDetector] C:\USBStorage\USBDetector.exe
    O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
    O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    O4 - HKLM\..\Run: [SW20] C:\WINDOWS\System32\sw20.exe
    O4 - HKLM\..\Run: [SW24] C:\WINDOWS\System32\sw24.exe
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime Alternative\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    O23 - Service: CA ISafe (CAISafe) - Computer Associates International, Inc. - C:\WINDOWS\System32\ZoneLabs\isafe.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
    O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

     
    Last edited by a moderator: Oct 26, 2006
    jorahan, Oct 26, 2006
    #15
  16. Niobis

    Niobis Active member

    Joined:
    Jan 30, 2005
    Messages:
    2,326
    Likes Received:
    0
    Trophy Points:
    66
    What you mean the services were not found with HjT? They're gone none the less. :)

    Fix this with HjT.
    O3 - Toolbar: (no name) - {C004DEC2-2623-438e-9CA2-C9043AB28508} - (no file)

    Log will be clean after that, but I'd suggest you run one more online scan just to be safe.

    Go here and run Kaspersky Online Scanner.
    Accept the terms.
    After downloading, click "My Computer".
    After scanning, click "Save report as".
    Save as a text file and post it here.
     
    Niobis, Oct 26, 2006
    #16
  17. NicHt

    NicHt Regular member

    Joined:
    Oct 26, 2006
    Messages:
    429
    Likes Received:
    0
    Trophy Points:
    26
    Err. I had the same exact problem and I did all the steps, here are my scan results:

    KASPERSKY ONLINE SCANNER REPORT
    Friday, October 27, 2006 1:51:50 AM
    Operating System: Microsoft Windows XP Professional, Service Pack 1 (Build 2600)
    Kaspersky Online Scanner version: 5.0.83.0
    Kaspersky Anti-Virus database last update: 26/10/2006
    Kaspersky Anti-Virus database records: 221808
    Scan Settings
    Scan using the following antivirus database standard
    Scan Archives true
    Scan Mail Bases true
    Scan Target My Computer
    A:\
    C:\
    D:\
    F:\
    Scan Statistics
    Total number of scanned objects 82920
    Number of viruses found 3
    Number of infected objects 27 / 0
    Number of suspicious objects 0
    Duration of the scan process 01:40:40

    Infected Object Name Virus Name Last Action
    C:\Documents and Settings\Admin\7.exe Infected: Trojan-Downloader.Win32.Reqlook.n skipped
    C:\Documents and Settings\Admin\AFME.exe Infected: Trojan-Downloader.Win32.Adload.gu skipped
    C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cert8.db Object is locked skipped
    C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\formhistory.dat Object is locked skipped
    C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\history.dat Object is locked skipped
    C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\key3.db Object is locked skipped
    C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\parent.lock Object is locked skipped
    C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\search.sqlite Object is locked skipped
    C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\urlclassifier2.sqlite Object is locked skipped
    C:\Documents and Settings\Admin\Cookies\index.dat Object is locked skipped
    C:\Documents and Settings\Admin\CUAR.exe Infected: Trojan-Downloader.Win32.Adload.gu skipped
    C:\Documents and Settings\Admin\DFAC.exe Infected: Trojan-Downloader.Win32.Adload.gu skipped
    C:\Documents and Settings\Admin\EBKS.exe Infected: Trojan-Downloader.Win32.Adload.gu skipped
    C:\Documents and Settings\Admin\EGRS.exe Infected: Trojan-Downloader.Win32.Adload.gu skipped
    C:\Documents and Settings\Admin\HPMD.exe Infected: Trojan-Downloader.Win32.Adload.gu skipped
    C:\Documents and Settings\Admin\IEJF.exe Infected: Trojan-Downloader.Win32.Adload.gu skipped
    C:\Documents and Settings\Admin\IKGB.exe Infected: Trojan-Downloader.Win32.Adload.gu skipped
    C:\Documents and Settings\Admin\Local Settings\Application Data\Microsoft\Messenger\x09vernp@hotmail.com\SharingMetadata\Logs\Dfsr.log Object is locked skipped
    C:\Documents and Settings\Admin\Local Settings\Application Data\Microsoft\Messenger\x09vernp@hotmail.com\SharingMetadata\pending.dat Object is locked skipped
    C:\Documents and Settings\Admin\Local Settings\Application Data\Microsoft\Messenger\x09vernp@hotmail.com\SharingMetadata\Working\database_AC0_B8F_C00B_7FE5\dfsr.db Object is locked skipped
    C:\Documents and Settings\Admin\Local Settings\Application Data\Microsoft\Messenger\x09vernp@hotmail.com\SharingMetadata\Working\database_AC0_B8F_C00B_7FE5\fsr.log Object is locked skipped
    C:\Documents and Settings\Admin\Local Settings\Application Data\Microsoft\Messenger\x09vernp@hotmail.com\SharingMetadata\Working\database_AC0_B8F_C00B_7FE5\tmp.edb Object is locked skipped
    C:\Documents and Settings\Admin\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
    C:\Documents and Settings\Admin\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
    C:\Documents and Settings\Admin\Local Settings\Application Data\Microsoft\Windows Live Contacts\x09vernp@hotmail.com\real\members.stg Object is locked skipped
    C:\Documents and Settings\Admin\Local Settings\Application Data\Microsoft\Windows Live Contacts\x09vernp@hotmail.com\shadow\members.stg Object is locked skipped
    C:\Documents and Settings\Admin\Local Settings\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\Cache\_CACHE_001_ Object is locked skipped
    C:\Documents and Settings\Admin\Local Settings\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\Cache\_CACHE_002_ Object is locked skipped
    C:\Documents and Settings\Admin\Local Settings\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\Cache\_CACHE_003_ Object is locked skipped
    C:\Documents and Settings\Admin\Local Settings\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\Cache\_CACHE_MAP_ Object is locked skipped
    C:\Documents and Settings\Admin\Local Settings\History\History.IE5\index.dat Object is locked skipped
    C:\Documents and Settings\Admin\Local Settings\History\History.IE5\MSHist012006102620061027\index.dat Object is locked skipped
    C:\Documents and Settings\Admin\Local Settings\Temp\~DF1A3.tmp Object is locked skipped
    C:\Documents and Settings\Admin\Local Settings\Temp\~DF6509.tmp Object is locked skipped
    C:\Documents and Settings\Admin\Local Settings\Temp\~DF6518.tmp Object is locked skipped
    C:\Documents and Settings\Admin\Local Settings\Temp\~DF8BCD.tmp Object is locked skipped
    C:\Documents and Settings\Admin\Local Settings\Temp\~DF8C27.tmp Object is locked skipped
    C:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
    C:\Documents and Settings\Admin\MAPF.exe Infected: Trojan-Downloader.Win32.Adload.gu skipped
    C:\Documents and Settings\Admin\MFOK.exe Infected: Trojan-Downloader.Win32.Adload.gu skipped
    C:\Documents and Settings\Admin\NGDH.exe Infected: Trojan-Downloader.Win32.Adload.gu skipped
    C:\Documents and Settings\Admin\NRRG.exe Infected: Trojan-Downloader.Win32.Adload.gu skipped
    C:\Documents and Settings\Admin\NTUSER.DAT Object is locked skipped
    C:\Documents and Settings\Admin\NTUSER.DAT.LOG Object is locked skipped
    C:\Documents and Settings\Admin\OHDT.exe Object is locked skipped
    C:\Documents and Settings\Admin\OHEI.exe Infected: Trojan-Downloader.Win32.Adload.gu skipped
    C:\Documents and Settings\Admin\PIUJ.exe Infected: Trojan-Downloader.Win32.Adload.gu skipped
    C:\Documents and Settings\Admin\QREN.exe Object is locked skipped
    C:\Documents and Settings\Admin\QRML.exe Infected: Trojan-Downloader.Win32.Adload.gu skipped
    C:\Documents and Settings\Admin\RURS.exe Infected: Trojan-Downloader.Win32.Adload.gu skipped
    C:\Documents and Settings\Admin\SHHT.exe Infected: Trojan-Downloader.Win32.Adload.gu skipped
    C:\Documents and Settings\Admin\t3st.bmp Infected: Trojan.Win32.HideProc.g skipped
    C:\Documents and Settings\Admin\UOLF.exe Infected: Trojan-Downloader.Win32.Adload.gu skipped
    C:\Documents and Settings\Admin\URPC.exe Infected: Trojan-Downloader.Win32.Adload.gu skipped
    C:\Documents and Settings\All Users\Application Data\avg7\Log\emc.log Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log.lck Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Microsoft\Dr Watson\user.dmp Object is locked skipped
    C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
    C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
    C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
    C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
    C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
    C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
    C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
    C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
    C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
    C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
    C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
    C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\logs\starwind.2006-10-26.19-57-45.log Object is locked skipped
    C:\UFantasy.ini Object is locked skipped
    C:\WINDOWS\Debug\oakley.log Object is locked skipped
    C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
    C:\WINDOWS\Internet Logs\fwdbglog.txt Object is locked skipped
    C:\WINDOWS\Internet Logs\fwpktlog.txt Object is locked skipped
    C:\WINDOWS\Internet Logs\IAMDB.RDB Object is locked skipped
    C:\WINDOWS\Internet Logs\PIETERS-DESKTOP.ldb Object is locked skipped
    C:\WINDOWS\Internet Logs\tvDebug.log Object is locked skipped
    C:\WINDOWS\SchedLgU.Txt Object is locked skipped
    C:\WINDOWS\Sti_Trace.log Object is locked skipped
    C:\WINDOWS\system32\ASAL.exe Infected: Trojan-Downloader.Win32.Adload.gu skipped
    C:\WINDOWS\system32\clbcatex.exe Infected: Trojan-Downloader.Win32.Adload.gu skipped
    C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
    C:\WINDOWS\system32\config\default Object is locked skipped
    C:\WINDOWS\system32\config\default.LOG Object is locked skipped
    C:\WINDOWS\system32\config\SAM Object is locked skipped
    C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
    C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
    C:\WINDOWS\system32\config\SECURITY Object is locked skipped
    C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
    C:\WINDOWS\system32\config\software Object is locked skipped
    C:\WINDOWS\system32\config\software.LOG Object is locked skipped
    C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
    C:\WINDOWS\system32\config\system Object is locked skipped
    C:\WINDOWS\system32\config\system.LOG Object is locked skipped
    C:\WINDOWS\system32\drivers\sptd.sys Object is locked skipped
    C:\WINDOWS\system32\drivers\sptd5021.sys Object is locked skipped
    C:\WINDOWS\system32\drivers\vaxscsi.sys Object is locked skipped
    C:\WINDOWS\system32\h323log.txt Object is locked skipped
    C:\WINDOWS\system32\JJKP.exe Infected: Trojan-Downloader.Win32.Adload.gu skipped
    C:\WINDOWS\system32\JKRC.exe Infected: Trojan-Downloader.Win32.Adload.gu skipped
    C:\WINDOWS\system32\KNST.exe Infected: Trojan-Downloader.Win32.Adload.gu skipped
    C:\WINDOWS\system32\t3st.bmp Infected: Trojan.Win32.HideProc.g skipped
    C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
    C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
    C:\WINDOWS\Temp\ZLT056ce.TMP Object is locked skipped
    C:\WINDOWS\Temp\ZLT056d2.TMP Object is locked skipped
    C:\WINDOWS\wiadebug.log Object is locked skipped
    C:\WINDOWS\wiaservc.log Object is locked skipped
    Scan process completed.
     
    NicHt, Oct 26, 2006
    #17
  18. Niobis

    Niobis Active member

    Joined:
    Jan 30, 2005
    Messages:
    2,326
    Likes Received:
    0
    Trophy Points:
    66
    NicHt,

    Go here to download the trial version of AVG Anti-spyware.

    Install and update.
    Restart your computer in safe mode(press F8 upon boot, select "Safe Mode" from menu and press Enter).
    Open AVG AS and click "Scanner".
    Click "Complete System Scan".
    When it finishes scanning, set all items to "Quarantine".
    Click "Apply All Actions".
    Click "Save Report".
    Click "Save report as" and save it to the desktop.

    Restart in normal mode.
    Download HijackThis.
    Create a folder for it and extract the file there.
    Do a system scan and save a log file.
    Post the HjT log and the AVGAS report [bold]in your own thread, please[/bold].
     
    Niobis, Oct 26, 2006
    #18
  19. creaky

    creaky Moderator Staff Member

    Joined:
    Jan 14, 2005
    Messages:
    27,900
    Likes Received:
    1
    Trophy Points:
    96
    - that's becuase you're jorahan. not a problem as long as your posts improve. Anyway, i won't hold this thread up any longer
     
    creaky, Oct 26, 2006
    #19
  20. Niobis

    Niobis Active member

    Joined:
    Jan 30, 2005
    Messages:
    2,326
    Likes Received:
    0
    Trophy Points:
    66
    Ah, edited! Wrong tab. :)
     
    Last edited: Oct 26, 2006
    Niobis, Oct 26, 2006
    #20

Share This Page