Hijack This Log - Win32:Trojano-2280 problem
Hello, I have a problem with a Trojano virus which I need help with please. The PC is used by the whole family, I download a lot of graphics for my craft stuff and my Paint Shop Pro and the rest of my family use Yahoo messenger, MSN messenger and Limewire.
I use Ad-aware spychecker but when I run it it freezes at
C:\Documents and settings\WinXP\Local Settings\Temp\mit2DE.tmp.cab. and I can't shut down AdAware although I can use Spybot alright.
I have tried the online virus checker -Kaspersky Online Virus Scan but it won't even let me press on 'Accept'
I use Avast virus checker. When I ran a check yesterday it found this virus Win32:Trojano-2280 amongst others. Avast said to 'Move to chest' which I tried several times but it wouldn't work. My husband tried it on his desktop and managed to move it but the warning keeps popping up. I have been trying to move it on my desktop still but I get a message saying
Avast: The process cannot access the file because i"t is being used by another process.
Cannot process "C:\Documents and settings\Sharon\Local settings\temporary internet files\Content.IE5\OYUML9SO\spr[4].exe"file
All of which means nothing to me lol
My son, daughter and I use Firefox but until late yesterday my husband used Internet Explorer.
This is my ComboFix Log
"Sharon" - 07-03-27 12:47:46 Service Pack 2
ComboFix 07-03-27.4 - Running from: "C:\Documents and Settings\Sharon"
(((((((((((((((((((((((((((((((((((((((((((((((((( V Log )))))))))))))))))))))))))))))))))))))))))))))))))))))))
"C:\WINDOWS\system32\geedb.dll"
* * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
C:\WINDOWS\system32\awvtq.dll
C:\WINDOWS\system32\pmnli.dll
C:\WINDOWS\system32\vtsts.dll
((((((((((((((((((((((((((((((( Files Created from 2007-02-27 to 2007-03-27 ))))))))))))))))))))))))))))))))))
2007-03-27 12:33 26,694 --a
C:\WINDOWS\system32\jkkjihe.dll
2007-03-27 12:20 26,694 --a
C:\WINDOWS\system32\wvuurrr.dll
2007-03-27 12:10 26,694 --a
C:\WINDOWS\system32\fccayxu.dll
2007-03-27 05:26 26,694 --a
C:\WINDOWS\system32\fcccddc.dll
2007-03-27 04:54 26,694 --a
C:\WINDOWS\system32\nnnlljg.dll
2007-03-27 04:22 26,694 --a
C:\WINDOWS\system32\khfddef.dll
2007-03-27 00:41 71,620 --a
C:\DOCUME~1\Graham\jjj.exe
2007-03-27 00:41 26,694 --a
C:\WINDOWS\system32\efcdeda.dll
2007-03-26 23:41 26,694 --a
C:\WINDOWS\system32\cbxxyvw.dll
2007-03-26 23:09 26,694 --a
C:\WINDOWS\system32\opnolif.dll
2007-03-26 22:56 <DIR> d
C:\DOCUME~1\WINXP~1\APPLIC~1\Apple Computer
2007-03-26 22:50 48,708 --a
C:\WINDOWS\system32\hgwhwpkv.dll
2007-03-26 22:50 26,694 --a
C:\WINDOWS\system32\xxyvttq.dll
2007-03-26 22:48 907,109 ---hs---- C:\WINDOWS\system32\bdeeg.bak1
2007-03-26 22:48 132,116 --a
C:\WINDOWS\system32\yalefqkf.dll
2007-03-26 22:48 123,972 --a
C:\WINDOWS\system32\vaevraiv.dll
2007-03-26 22:22 26,694 --a
C:\WINDOWS\system32\fccbyvt.dll
2007-03-26 22:14 907,109 ---hs---- C:\WINDOWS\system32\kjjlm.bak1
2007-03-26 22:14 280,676 ---hs---- C:\WINDOWS\system32\jkkli.dll
2007-03-26 22:13 280,676 ---hs---- C:\WINDOWS\system32\mljjk.dll
2007-03-26 22:07 26,694 --a
C:\WINDOWS\system32\ljjggfg.dll
2007-03-26 21:51 280,676 ---hs---- C:\WINDOWS\system32\vtsqr.dll
2007-03-26 21:51 280,676 ---hs---- C:\WINDOWS\system32\jkhff.dll
2007-03-26 21:51 280,676 ---hs---- C:\WINDOWS\system32\awtsq.dll
2007-03-26 21:41 26,694 --a
C:\WINDOWS\system32\jkkllih.dll
2007-03-26 21:41 26,694 --a
C:\WINDOWS\system32\efcayyx.dll
2007-03-26 21:40 26,694 --a
C:\WINDOWS\system32\qomjjih.dll
2007-03-26 21:40 <DIR> d
C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
2007-03-26 08:36 <DIR> d
C:\DOCUME~1\DAVETH~1\APPLIC~1\Apple Computer
2007-03-26 03:20 <DIR> d
C:\DOCUME~1\Graham\APPLIC~1\SeekmoToolbar
2007-03-25 20:43 <DIR> d
C:\DOCUME~1\WINXP~1\APPLIC~1\SeekmoToolbar
2007-03-25 15:48 <DIR> d
C:\DOCUME~1\Sharon\APPLIC~1\SeekmoToolbar
2007-03-25 15:26 <DIR> d
C:\DOCUME~1\DAVETH~1\APPLIC~1\SeekmoToolbar
2007-03-25 15:08 <DIR> d
C:\Program Files\SeekmoToolbar
2007-03-25 06:35 <DIR> d
C:\DOCUME~1\Graham\APPLIC~1\Apple Computer
2007-03-25 06:28 <DIR> d
C:\Program Files\Apple Software Update
2007-03-25 06:28 <DIR> d
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer
2007-03-24 06:44 <DIR> d
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Yahoo! Companion
2007-03-24 02:03 <DIR> d
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Yahoo!
2007-03-24 01:58 <DIR> d
C:\Program Files\Yahoo!
2007-03-18 19:16 <DIR> d
C:\Program Files\Inbox
2007-03-10 23:18 69,698 --a
C:\WINDOWS\distro_uPlayMe_stub_973387.exe
2007-03-10 23:18 139,264 --a
C:\WINDOWS\mirar_distro_876260.exe
2007-03-10 23:17 <DIR> d
C:\WINDOWS\system32\UpMedia
2007-03-10 23:08 <DIR> d
C:\Program Files\DFX
2007-03-10 21:17 <DIR> d
C:\DOCUME~1\Graham\APPLIC~1\Jasc Software Inc
2007-03-10 18:03 <DIR> d
C:\Program Files\MSECache
2007-03-04 18:36 <DIR> d
C:\DOCUME~1\Graham\APPLIC~1\Teleca
2007-03-04 15:50 <DIR> d
C:\Program Files\uMark Lite
2007-03-03 16:01 30,921 --a
C:\WINDOWS\system32\drivers\SQCaptur.sys
2007-03-03 16:01 25,449 --a
C:\WINDOWS\system32\drivers\SQCamD.sys
2007-03-03 15:52 85,376 --a
C:\WINDOWS\system32\drivers\NABTSFEC.sys
2007-03-03 15:52 5,504 --a
C:\WINDOWS\system32\drivers\MSTEE.sys
2007-03-03 15:52 19,328 --a
C:\WINDOWS\system32\drivers\WSTCODEC.SYS
2007-03-03 15:52 17,024 --a
C:\WINDOWS\system32\drivers\CCDECODE.sys
2007-03-03 15:52 15,360 --a
C:\WINDOWS\system32\drivers\StreamIP.sys
2007-03-03 15:52 11,136 --a
C:\WINDOWS\system32\drivers\SLIP.sys
2007-03-03 15:52 10,880 --a
C:\WINDOWS\system32\drivers\NdisIP.sys
2007-03-03 15:51 53,760 --a
C:\WINDOWS\system32\vfwwdm32.dll
2007-03-01 22:43 <DIR> d
C:\Program Files\C-evo
2007-03-01 00:27 28,672 --a
C:\WINDOWS\system32\f3PSSavr.scr
2007-02-28 23:43 <DIR> d
C:\Program Files\IrfanView
2007-02-28 21:39 <DIR> d
C:\DOCUME~1\Sharon\Contacts
2007-02-28 03:03 <DIR> d
C:\DOCUME~1\DAVETH~1\APPLIC~1\Teleca
2007-02-28 03:01 <DIR> d
C:\296fd8cc62103a7562e0
2007-02-28 03:00 <DIR> d
C:\Program Files\MSXML 4.0
2007-02-28 00:22 <DIR> d
C:\DOCUME~1\Sharon\APPLIC~1\Teleca
2007-02-27 14:19 <DIR> d
C:\Program Files\Disc2Phone
2007-02-27 14:15 31,616 --a
C:\WINDOWS\system32\drivers\usbccgp.sys
2007-02-27 14:10 <DIR> d
C:\WINDOWS\system32\URTTemp
2007-02-27 14:08 <DIR> d
C:\DOCUME~1\WINXP~1\APPLIC~1\Teleca
2007-02-27 14:07 <DIR> d
C:\Program Files\Sony Ericsson
2007-02-27 14:07 <DIR> d
C:\Program Files\Common Files\Teleca Shared
2007-02-27 14:07 <DIR> d
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Teleca
2007-02-27 14:07 <DIR> d
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Sony Ericsson
2007-02-27 14:04 6,176 --a
C:\WINDOWS\system32\drivers\w810cm.sys
2007-02-27 14:04 5,808 --a
C:\WINDOWS\system32\drivers\w810wh.sys
2007-02-27 14:04 <DIR> d
C:\WINDOWS\Downloaded Installations
(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))
2007-03-27 12:56 26694 --a
C:\WINDOWS\system32\fccawvt.dll
2007-02-20 17:24 1177 --a
C:\WINDOWS\mozver.dat
2007-02-20 16:28 0 --a
C:\WINDOWS\nsreg.dat
2007-02-18 22:46
d
C:\Program Files\partygaming
2007-02-18 16:40
d
C:\DOCUME~1\Sharon\APPLIC~1\help
2007-02-18 16:39
d
C:\Program Files\ulead systems
2007-02-17 19:34
d
C:\Program Files\lavasoft
2007-02-17 19:34
d
C:\Program Files\Common Files\wise installation wizard
2007-02-17 19:34
d
C:\DOCUME~1\Sharon\APPLIC~1\lavasoft
2007-02-17 18:46
d
C:\DOCUME~1\Sharon\APPLIC~1\adobeum
2007-02-17 18:46
d
C:\DOCUME~1\Sharon\APPLIC~1\adobe
2007-02-17 16:31
d
C:\DOCUME~1\Sharon\APPLIC~1\openoffice.org2
2007-02-17 15:40
d
C:\Program Files\alwil software
2007-02-17 01:05
d
C:\Program Files\Common Files\jasc software inc
2007-02-17 01:05
d
C:\DOCUME~1\Sharon\APPLIC~1\jasc software inc
2007-02-17 01:03
d
C:\DOCUME~1\Sharon\APPLIC~1\jasc
2007-02-17 01:01
d
C:\Program Files\jasc software inc
2007-02-16 23:16
d
C:\DOCUME~1\Sharon\APPLIC~1\inkscape
2007-02-15 23:26
d
C:\Program Files\real
2007-02-15 23:25
d
C:\Program Files\windows live toolbar
2007-02-15 23:22
d
C:\Program Files\msn messenger
2007-02-15 20:56
d
C:\Program Files\google
2007-02-15 20:36
d
C:\Program Files\java
2007-02-15 20:33
d
C:\Program Files\limewire
2007-02-15 20:33
d
C:\Program Files\Common Files\java
2007-01-19 12:53 51056 --a
C:\WINDOWS\system32\sirenacm.dll
2007-01-15 17:32 689280 --a
C:\WINDOWS\system32\aswboot.exe
2007-01-15 17:23 90112 --a
C:\WINDOWS\system32\avastss.scr
2007-01-08 19:01 17408 --a
C:\WINDOWS\system32\corpol.dll
2006-12-11 16:41 62 --ahs---- C:\DOCUME~1\Sharon\APPLIC~1\desktop.ini
(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries & legit default entries are not shown
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\ctfmon.exe"
"msnmsgr"="\"C:\\Program Files\\MSN Messenger\\msnmsgr.exe\" /background"
"swg"="C:\\Program Files\\Google\\GoogleToolbarNotifier\\1.2.1128.5462\\GoogleToolbarNotifier.exe"
"MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.5.0_11\\bin\\jusched.exe\""
"avast!"="C:\\PROGRA~1\\ALWILS~1\\Avast4\\ashDisp.exe"
@=""
"Sony Ericsson PC Suite"="\"C:\\Program Files\\Sony Ericsson\\Mobile2\\Application Launcher\\Application Launcher.exe\" /startoptions"
"seekmo"="\"c:\\program files\\seekmo\\seekmo.exe\""
"SeekmoToolbar"="C:\\Program Files\\SeekmoToolbar\\Bin\\4.8.4.0\\${HOOKOE_FILE}"
"SoundService"="rundll32.exe \"C:\\WINDOWS\\system32\\vaevraiv.dll\",setvm"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{7D064D71-DD76-4596-90C0-921766AD560A}"=""
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"WPDShServiceObj"="{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\geedb
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\qomjjih
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
WudfServiceGroup REG_MULTI_SZ WUDFSvc\0\0
Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
********************************************************************
catchme 0.2 W2K/XP/Vista - userland rootkit detector by Gmer, 17 October 2006
http://www.gmer.net
scanning hidden processes ...
scanning hidden services ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0
********************************************************************
Completion time: 07-03-27 12:59:29
Sorry for the 'essay' but I wanted to explain as much as I can :-)
Thank you
Sharon
I use Ad-aware spychecker but when I run it it freezes at
C:\Documents and settings\WinXP\Local Settings\Temp\mit2DE.tmp.cab. and I can't shut down AdAware although I can use Spybot alright.
I have tried the online virus checker -Kaspersky Online Virus Scan but it won't even let me press on 'Accept'
I use Avast virus checker. When I ran a check yesterday it found this virus Win32:Trojano-2280 amongst others. Avast said to 'Move to chest' which I tried several times but it wouldn't work. My husband tried it on his desktop and managed to move it but the warning keeps popping up. I have been trying to move it on my desktop still but I get a message saying
Avast: The process cannot access the file because i"t is being used by another process.
Cannot process "C:\Documents and settings\Sharon\Local settings\temporary internet files\Content.IE5\OYUML9SO\spr[4].exe"file
All of which means nothing to me lol
My son, daughter and I use Firefox but until late yesterday my husband used Internet Explorer.
This is my ComboFix Log
"Sharon" - 07-03-27 12:47:46 Service Pack 2
ComboFix 07-03-27.4 - Running from: "C:\Documents and Settings\Sharon"
(((((((((((((((((((((((((((((((((((((((((((((((((( V Log )))))))))))))))))))))))))))))))))))))))))))))))))))))))
"C:\WINDOWS\system32\geedb.dll"
* * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
C:\WINDOWS\system32\awvtq.dll
C:\WINDOWS\system32\pmnli.dll
C:\WINDOWS\system32\vtsts.dll
((((((((((((((((((((((((((((((( Files Created from 2007-02-27 to 2007-03-27 ))))))))))))))))))))))))))))))))))
2007-03-27 12:33 26,694 --a
C:\WINDOWS\system32\jkkjihe.dll
2007-03-27 12:20 26,694 --a
C:\WINDOWS\system32\wvuurrr.dll
2007-03-27 12:10 26,694 --a
C:\WINDOWS\system32\fccayxu.dll
2007-03-27 05:26 26,694 --a
C:\WINDOWS\system32\fcccddc.dll
2007-03-27 04:54 26,694 --a
C:\WINDOWS\system32\nnnlljg.dll
2007-03-27 04:22 26,694 --a
C:\WINDOWS\system32\khfddef.dll
2007-03-27 00:41 71,620 --a
C:\DOCUME~1\Graham\jjj.exe
2007-03-27 00:41 26,694 --a
C:\WINDOWS\system32\efcdeda.dll
2007-03-26 23:41 26,694 --a
C:\WINDOWS\system32\cbxxyvw.dll
2007-03-26 23:09 26,694 --a
C:\WINDOWS\system32\opnolif.dll
2007-03-26 22:56 <DIR> d
C:\DOCUME~1\WINXP~1\APPLIC~1\Apple Computer
2007-03-26 22:50 48,708 --a
C:\WINDOWS\system32\hgwhwpkv.dll
2007-03-26 22:50 26,694 --a
C:\WINDOWS\system32\xxyvttq.dll
2007-03-26 22:48 907,109 ---hs---- C:\WINDOWS\system32\bdeeg.bak1
2007-03-26 22:48 132,116 --a
C:\WINDOWS\system32\yalefqkf.dll
2007-03-26 22:48 123,972 --a
C:\WINDOWS\system32\vaevraiv.dll
2007-03-26 22:22 26,694 --a
C:\WINDOWS\system32\fccbyvt.dll
2007-03-26 22:14 907,109 ---hs---- C:\WINDOWS\system32\kjjlm.bak1
2007-03-26 22:14 280,676 ---hs---- C:\WINDOWS\system32\jkkli.dll
2007-03-26 22:13 280,676 ---hs---- C:\WINDOWS\system32\mljjk.dll
2007-03-26 22:07 26,694 --a
C:\WINDOWS\system32\ljjggfg.dll
2007-03-26 21:51 280,676 ---hs---- C:\WINDOWS\system32\vtsqr.dll
2007-03-26 21:51 280,676 ---hs---- C:\WINDOWS\system32\jkhff.dll
2007-03-26 21:51 280,676 ---hs---- C:\WINDOWS\system32\awtsq.dll
2007-03-26 21:41 26,694 --a
C:\WINDOWS\system32\jkkllih.dll
2007-03-26 21:41 26,694 --a
C:\WINDOWS\system32\efcayyx.dll
2007-03-26 21:40 26,694 --a
C:\WINDOWS\system32\qomjjih.dll
2007-03-26 21:40 <DIR> d
C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
2007-03-26 08:36 <DIR> d
C:\DOCUME~1\DAVETH~1\APPLIC~1\Apple Computer
2007-03-26 03:20 <DIR> d
C:\DOCUME~1\Graham\APPLIC~1\SeekmoToolbar
2007-03-25 20:43 <DIR> d
C:\DOCUME~1\WINXP~1\APPLIC~1\SeekmoToolbar
2007-03-25 15:48 <DIR> d
C:\DOCUME~1\Sharon\APPLIC~1\SeekmoToolbar
2007-03-25 15:26 <DIR> d
C:\DOCUME~1\DAVETH~1\APPLIC~1\SeekmoToolbar
2007-03-25 15:08 <DIR> d
C:\Program Files\SeekmoToolbar
2007-03-25 06:35 <DIR> d
C:\DOCUME~1\Graham\APPLIC~1\Apple Computer
2007-03-25 06:28 <DIR> d
C:\Program Files\Apple Software Update
2007-03-25 06:28 <DIR> d
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer
2007-03-24 06:44 <DIR> d
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Yahoo! Companion
2007-03-24 02:03 <DIR> d
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Yahoo!
2007-03-24 01:58 <DIR> d
C:\Program Files\Yahoo!
2007-03-18 19:16 <DIR> d
C:\Program Files\Inbox
2007-03-10 23:18 69,698 --a
C:\WINDOWS\distro_uPlayMe_stub_973387.exe
2007-03-10 23:18 139,264 --a
C:\WINDOWS\mirar_distro_876260.exe
2007-03-10 23:17 <DIR> d
C:\WINDOWS\system32\UpMedia
2007-03-10 23:08 <DIR> d
C:\Program Files\DFX
2007-03-10 21:17 <DIR> d
C:\DOCUME~1\Graham\APPLIC~1\Jasc Software Inc
2007-03-10 18:03 <DIR> d
C:\Program Files\MSECache
2007-03-04 18:36 <DIR> d
C:\DOCUME~1\Graham\APPLIC~1\Teleca
2007-03-04 15:50 <DIR> d
C:\Program Files\uMark Lite
2007-03-03 16:01 30,921 --a
C:\WINDOWS\system32\drivers\SQCaptur.sys
2007-03-03 16:01 25,449 --a
C:\WINDOWS\system32\drivers\SQCamD.sys
2007-03-03 15:52 85,376 --a
C:\WINDOWS\system32\drivers\NABTSFEC.sys
2007-03-03 15:52 5,504 --a
C:\WINDOWS\system32\drivers\MSTEE.sys
2007-03-03 15:52 19,328 --a
C:\WINDOWS\system32\drivers\WSTCODEC.SYS
2007-03-03 15:52 17,024 --a
C:\WINDOWS\system32\drivers\CCDECODE.sys
2007-03-03 15:52 15,360 --a
C:\WINDOWS\system32\drivers\StreamIP.sys
2007-03-03 15:52 11,136 --a
C:\WINDOWS\system32\drivers\SLIP.sys
2007-03-03 15:52 10,880 --a
C:\WINDOWS\system32\drivers\NdisIP.sys
2007-03-03 15:51 53,760 --a
C:\WINDOWS\system32\vfwwdm32.dll
2007-03-01 22:43 <DIR> d
C:\Program Files\C-evo
2007-03-01 00:27 28,672 --a
C:\WINDOWS\system32\f3PSSavr.scr
2007-02-28 23:43 <DIR> d
C:\Program Files\IrfanView
2007-02-28 21:39 <DIR> d
C:\DOCUME~1\Sharon\Contacts
2007-02-28 03:03 <DIR> d
C:\DOCUME~1\DAVETH~1\APPLIC~1\Teleca
2007-02-28 03:01 <DIR> d
C:\296fd8cc62103a7562e0
2007-02-28 03:00 <DIR> d
C:\Program Files\MSXML 4.0
2007-02-28 00:22 <DIR> d
C:\DOCUME~1\Sharon\APPLIC~1\Teleca
2007-02-27 14:19 <DIR> d
C:\Program Files\Disc2Phone
2007-02-27 14:15 31,616 --a
C:\WINDOWS\system32\drivers\usbccgp.sys
2007-02-27 14:10 <DIR> d
C:\WINDOWS\system32\URTTemp
2007-02-27 14:08 <DIR> d
C:\DOCUME~1\WINXP~1\APPLIC~1\Teleca
2007-02-27 14:07 <DIR> d
C:\Program Files\Sony Ericsson
2007-02-27 14:07 <DIR> d
C:\Program Files\Common Files\Teleca Shared
2007-02-27 14:07 <DIR> d
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Teleca
2007-02-27 14:07 <DIR> d
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Sony Ericsson
2007-02-27 14:04 6,176 --a
C:\WINDOWS\system32\drivers\w810cm.sys
2007-02-27 14:04 5,808 --a
C:\WINDOWS\system32\drivers\w810wh.sys
2007-02-27 14:04 <DIR> d
C:\WINDOWS\Downloaded Installations
(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))
2007-03-27 12:56 26694 --a
C:\WINDOWS\system32\fccawvt.dll
2007-02-20 17:24 1177 --a
C:\WINDOWS\mozver.dat
2007-02-20 16:28 0 --a
C:\WINDOWS\nsreg.dat
2007-02-18 22:46
d
C:\Program Files\partygaming
2007-02-18 16:40
d
C:\DOCUME~1\Sharon\APPLIC~1\help
2007-02-18 16:39
d
C:\Program Files\ulead systems
2007-02-17 19:34
d
C:\Program Files\lavasoft
2007-02-17 19:34
d
C:\Program Files\Common Files\wise installation wizard
2007-02-17 19:34
d
C:\DOCUME~1\Sharon\APPLIC~1\lavasoft
2007-02-17 18:46
d
C:\DOCUME~1\Sharon\APPLIC~1\adobeum
2007-02-17 18:46
d
C:\DOCUME~1\Sharon\APPLIC~1\adobe
2007-02-17 16:31
d
C:\DOCUME~1\Sharon\APPLIC~1\openoffice.org2
2007-02-17 15:40
d
C:\Program Files\alwil software
2007-02-17 01:05
d
C:\Program Files\Common Files\jasc software inc
2007-02-17 01:05
d
C:\DOCUME~1\Sharon\APPLIC~1\jasc software inc
2007-02-17 01:03
d
C:\DOCUME~1\Sharon\APPLIC~1\jasc
2007-02-17 01:01
d
C:\Program Files\jasc software inc
2007-02-16 23:16
d
C:\DOCUME~1\Sharon\APPLIC~1\inkscape
2007-02-15 23:26
d
C:\Program Files\real
2007-02-15 23:25
d
C:\Program Files\windows live toolbar
2007-02-15 23:22
d
C:\Program Files\msn messenger
2007-02-15 20:56
d
C:\Program Files\google
2007-02-15 20:36
d
C:\Program Files\java
2007-02-15 20:33
d
C:\Program Files\limewire
2007-02-15 20:33
d
C:\Program Files\Common Files\java
2007-01-19 12:53 51056 --a
C:\WINDOWS\system32\sirenacm.dll
2007-01-15 17:32 689280 --a
C:\WINDOWS\system32\aswboot.exe
2007-01-15 17:23 90112 --a
C:\WINDOWS\system32\avastss.scr
2007-01-08 19:01 17408 --a
C:\WINDOWS\system32\corpol.dll
2006-12-11 16:41 62 --ahs---- C:\DOCUME~1\Sharon\APPLIC~1\desktop.ini
(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries & legit default entries are not shown
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\ctfmon.exe"
"msnmsgr"="\"C:\\Program Files\\MSN Messenger\\msnmsgr.exe\" /background"
"swg"="C:\\Program Files\\Google\\GoogleToolbarNotifier\\1.2.1128.5462\\GoogleToolbarNotifier.exe"
"MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.5.0_11\\bin\\jusched.exe\""
"avast!"="C:\\PROGRA~1\\ALWILS~1\\Avast4\\ashDisp.exe"
@=""
"Sony Ericsson PC Suite"="\"C:\\Program Files\\Sony Ericsson\\Mobile2\\Application Launcher\\Application Launcher.exe\" /startoptions"
"seekmo"="\"c:\\program files\\seekmo\\seekmo.exe\""
"SeekmoToolbar"="C:\\Program Files\\SeekmoToolbar\\Bin\\4.8.4.0\\${HOOKOE_FILE}"
"SoundService"="rundll32.exe \"C:\\WINDOWS\\system32\\vaevraiv.dll\",setvm"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{7D064D71-DD76-4596-90C0-921766AD560A}"=""
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"WPDShServiceObj"="{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\geedb
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\qomjjih
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
WudfServiceGroup REG_MULTI_SZ WUDFSvc\0\0
Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
********************************************************************
catchme 0.2 W2K/XP/Vista - userland rootkit detector by Gmer, 17 October 2006
http://www.gmer.net
scanning hidden processes ...
scanning hidden services ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0
********************************************************************
Completion time: 07-03-27 12:59:29
Sorry for the 'essay' but I wanted to explain as much as I can :-)
Thank you
Sharon
0
Comments
Next, Open HijackThis and press do a system scan and save a logfile and post a logfile here
Thank you
Sharon
OK, now I have found the free version I feel such a fool lol lol
Here is my logfile
Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 21:32:12, on 28/03/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZONELABS\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe
C:\Program Files\OpenOffice.org 2.0\program\soffice.exe
C:\Program Files\OpenOffice.org 2.0\program\soffice.BIN
C:\Program Files\MSN Messenger\msrr.exe
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\Alwil Software\Avast4\ashSimpl.exe
C:\Documents and Settings\Sharon\Desktop\HiJackThis_v2\HiJackThis_v2.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.inbox.com/search/dispatcher.aspx?tp=aus&qkw=%s&tbid=70026
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://uk.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://uk.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://uk.search.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.inbox.com/search/ie.aspx?tb_id=70026
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.inbox.com/support/sa_customize.aspx?TbId=70026
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://uk.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://uk.search.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.inbox.com/search/ie.aspx?tb_id=70026
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://dnl.inbox.com/support/sa_customize.aspx?TbId=70026
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {0EC487D2-919D-4F49-98A5-49C06C518B0c} - C:\WINDOWS\system32\yalefqkf.dll
O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Inbox\ctbr.dll
O2 - BHO: (no name) - {20F18540-1B96-47E7-A855-94D537D6DB62} - C:\WINDOWS\system32\geedb.dll (file missing)
O2 - BHO: (no name) - {2269F137-F806-45A4-8300-553E2B6D1212} - C:\WINDOWS\system32\yalefqkf.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {53BCCC17-5BE4-4ED8-A99F-225C11371A00} - C:\WINDOWS\system32\yalefqkf.dll
O2 - BHO: (no name) - {57E218E6-5A80-4f0c-AB25-83598F25D7E9} - C:\WINDOWS\system32\hgwhwpkv.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: (no name) - {79901EB9-A100-419C-BAE7-B70FBB030424} - C:\WINDOWS\system32\mljjg.dll
O2 - BHO: (no name) - {7D064D71-DD76-4596-90C0-921766AD560A} - C:\WINDOWS\system32\qomjjih.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: (no name) - {CA00E36B-FD7C-4591-AF3C-A1C74F21407f} - C:\WINDOWS\system32\yalefqkf.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: &Inbox Toolbar - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\PROGRA~1\Inbox\ctbr.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [seekmo] "c:\program files\seekmo\seekmo.exe"
O4 - HKLM\..\Run: [SeekmoToolbar] C:\Program Files\SeekmoToolbar\Bin\4.8.4.0\${HOOKOE_FILE}
O4 - HKLM\..\Run: [SoundService] rundll32.exe "C:\WINDOWS\system32\vaevraiv.dll",setvm
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: OpenOffice.org 2.0.lnk = C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe
O4 - Global Startup: Ulead Photo Express 4.0 SE Calendar Checker .lnk = C:\Program Files\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: Compare Prices with &Dealio - C:\Program Files\Dealio\kb103\res\DealioSearch.html
O8 - Extra context menu item: Inbox Search - tbr:iemenu
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1165854538114
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~1\Inbox\ctbr.dll
O20 - Winlogon Notify: geedb - C:\WINDOWS\system32\geedb.dll (file missing)
O20 - Winlogon Notify: mljjg - C:\WINDOWS\system32\mljjg.dll
O20 - Winlogon Notify: qomjjih - C:\WINDOWS\SYSTEM32\qomjjih.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZONELABS\vsmon.exe
--
End of file - 9989 bytes
Please download VundoFix.exe to your desktop.
Also
* Click here to download HJTsetup.exe
This is the vundofix log:-
VundoFix V6.3.18
Checking Java version...
Java version is 1.5.0.3
Old versions of java are exploitable and should be removed.
Java version is 1.5.0.11
Scan started at 13:15:00 29/03/2007
Listing files found while scanning....
C:\WINDOWS\system32\awtqroo.dll
C:\WINDOWS\system32\awtrqop.dll
C:\WINDOWS\system32\awtrstq.dll
C:\WINDOWS\system32\awtsq.dll
C:\WINDOWS\system32\bdeeg.bak1
C:\WINDOWS\system32\bdeeg.ini
C:\WINDOWS\system32\byxvvsr.dll
C:\WINDOWS\system32\cbxurqq.dll
C:\WINDOWS\system32\cbxxyvw.dll
C:\WINDOWS\system32\ddcawtq.dll
C:\WINDOWS\system32\ddcyxwt.dll
C:\WINDOWS\system32\efcayyx.dll
C:\WINDOWS\system32\efcbcbc.dll
C:\WINDOWS\system32\efcdeda.dll
C:\WINDOWS\system32\fccawvt.dll
C:\WINDOWS\system32\fccayxu.dll
C:\WINDOWS\system32\fccbyvt.dll
C:\WINDOWS\system32\fcccddc.dll
C:\WINDOWS\system32\fccdbbx.dll
C:\WINDOWS\system32\geedb.dll
C:\WINDOWS\system32\gjjlm.bak1
C:\WINDOWS\system32\gjjlm.bak2
C:\WINDOWS\system32\gjjlm.ini
C:\WINDOWS\system32\gjjlm.ini2
C:\WINDOWS\system32\hgwhwpkv.dll
C:\WINDOWS\system32\hsptwhqy.dll
C:\WINDOWS\system32\iifcaby.dll
C:\WINDOWS\system32\iifffeb.dll
C:\WINDOWS\system32\jkhff.dll
C:\WINDOWS\system32\jkkjihe.dll
C:\WINDOWS\system32\jkkli.dll
C:\WINDOWS\system32\jkkllih.dll
C:\WINDOWS\system32\khfddef.dll
C:\WINDOWS\system32\kjjlm.bak1
C:\WINDOWS\system32\kjjlm.ini
C:\WINDOWS\system32\ljjggfg.dll
C:\WINDOWS\system32\mljjg.dll
C:\WINDOWS\system32\mljjk.dll
C:\WINDOWS\system32\nnnkihe.dll
C:\WINDOWS\system32\nnnlljg.dll
C:\WINDOWS\system32\nnnmnkl.dll
C:\WINDOWS\system32\opnolif.dll
C:\WINDOWS\system32\pmnllli.dll
C:\WINDOWS\system32\qomjjih.dll
C:\WINDOWS\system32\qttss.ini
C:\WINDOWS\system32\rqrqrol.dll
C:\WINDOWS\system32\ssqolih.dll
C:\WINDOWS\system32\ssqpqpq.dll
C:\WINDOWS\system32\ssttq.dll
C:\WINDOWS\system32\tuvsppp.dll
C:\WINDOWS\system32\tuvsstt.dll
C:\WINDOWS\system32\tuvvsro.dll
C:\WINDOWS\system32\urqpnon.dll
C:\WINDOWS\system32\urqrqon.dll
C:\WINDOWS\system32\vaevraiv.dll
C:\WINDOWS\system32\viarveav.ini
C:\WINDOWS\system32\vtsqr.dll
C:\WINDOWS\system32\vtuvvww.dll
C:\WINDOWS\system32\wvurssp.dll
C:\WINDOWS\system32\wvuurrr.dll
C:\WINDOWS\system32\wvuuvsr.dll
C:\WINDOWS\system32\xxyvtqo.dll
C:\WINDOWS\system32\xxyvttq.dll
C:\WINDOWS\system32\xxyvvuu.dll
C:\WINDOWS\system32\xxyxutr.dll
C:\WINDOWS\system32\yaywwxx.dll
C:\WINDOWS\system32\yayxxxy.dll
Beginning removal...
Attempting to delete C:\WINDOWS\system32\awtqroo.dll
C:\WINDOWS\system32\awtqroo.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\awtrqop.dll
C:\WINDOWS\system32\awtrqop.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\awtrstq.dll
C:\WINDOWS\system32\awtrstq.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\awtsq.dll
C:\WINDOWS\system32\awtsq.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\bdeeg.bak1
C:\WINDOWS\system32\bdeeg.bak1 Has been deleted!
Attempting to delete C:\WINDOWS\system32\bdeeg.ini
C:\WINDOWS\system32\bdeeg.ini Has been deleted!
Attempting to delete C:\WINDOWS\system32\byxvvsr.dll
C:\WINDOWS\system32\byxvvsr.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\cbxurqq.dll
C:\WINDOWS\system32\cbxurqq.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\cbxxyvw.dll
C:\WINDOWS\system32\cbxxyvw.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\ddcawtq.dll
C:\WINDOWS\system32\ddcawtq.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\ddcyxwt.dll
C:\WINDOWS\system32\ddcyxwt.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\efcayyx.dll
C:\WINDOWS\system32\efcayyx.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\efcbcbc.dll
C:\WINDOWS\system32\efcbcbc.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\efcdeda.dll
C:\WINDOWS\system32\efcdeda.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\fccawvt.dll
C:\WINDOWS\system32\fccawvt.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\fccayxu.dll
C:\WINDOWS\system32\fccayxu.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\fccbyvt.dll
C:\WINDOWS\system32\fccbyvt.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\fcccddc.dll
C:\WINDOWS\system32\fcccddc.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\fccdbbx.dll
C:\WINDOWS\system32\fccdbbx.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\gjjlm.bak1
C:\WINDOWS\system32\gjjlm.bak1 Has been deleted!
Attempting to delete C:\WINDOWS\system32\gjjlm.bak2
C:\WINDOWS\system32\gjjlm.bak2 Has been deleted!
Attempting to delete C:\WINDOWS\system32\gjjlm.ini
C:\WINDOWS\system32\gjjlm.ini Has been deleted!
Attempting to delete C:\WINDOWS\system32\gjjlm.ini2
C:\WINDOWS\system32\gjjlm.ini2 Has been deleted!
Attempting to delete C:\WINDOWS\system32\hgwhwpkv.dll
C:\WINDOWS\system32\hgwhwpkv.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\hsptwhqy.dll
C:\WINDOWS\system32\hsptwhqy.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\iifcaby.dll
C:\WINDOWS\system32\iifcaby.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\iifffeb.dll
C:\WINDOWS\system32\iifffeb.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\jkhff.dll
C:\WINDOWS\system32\jkhff.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\jkkjihe.dll
C:\WINDOWS\system32\jkkjihe.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\jkkli.dll
C:\WINDOWS\system32\jkkli.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\jkkllih.dll
C:\WINDOWS\system32\jkkllih.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\khfddef.dll
C:\WINDOWS\system32\khfddef.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\kjjlm.bak1
C:\WINDOWS\system32\kjjlm.bak1 Has been deleted!
Attempting to delete C:\WINDOWS\system32\kjjlm.ini
C:\WINDOWS\system32\kjjlm.ini Has been deleted!
Attempting to delete C:\WINDOWS\system32\ljjggfg.dll
C:\WINDOWS\system32\ljjggfg.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\mljjg.dll
C:\WINDOWS\system32\mljjg.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\mljjk.dll
C:\WINDOWS\system32\mljjk.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\nnnkihe.dll
C:\WINDOWS\system32\nnnkihe.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\nnnlljg.dll
C:\WINDOWS\system32\nnnlljg.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\nnnmnkl.dll
C:\WINDOWS\system32\nnnmnkl.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\opnolif.dll
C:\WINDOWS\system32\opnolif.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\pmnllli.dll
C:\WINDOWS\system32\pmnllli.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\qomjjih.dll
C:\WINDOWS\system32\qomjjih.dll Could not be deleted.
Attempting to delete C:\WINDOWS\system32\qttss.ini
C:\WINDOWS\system32\qttss.ini Has been deleted!
Attempting to delete C:\WINDOWS\system32\rqrqrol.dll
C:\WINDOWS\system32\rqrqrol.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\ssqolih.dll
C:\WINDOWS\system32\ssqolih.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\ssqpqpq.dll
C:\WINDOWS\system32\ssqpqpq.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\ssttq.dll
C:\WINDOWS\system32\ssttq.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\tuvsppp.dll
C:\WINDOWS\system32\tuvsppp.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\tuvsstt.dll
C:\WINDOWS\system32\tuvsstt.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\tuvvsro.dll
C:\WINDOWS\system32\tuvvsro.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\urqpnon.dll
C:\WINDOWS\system32\urqpnon.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\urqrqon.dll
C:\WINDOWS\system32\urqrqon.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\vaevraiv.dll
C:\WINDOWS\system32\vaevraiv.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\viarveav.ini
C:\WINDOWS\system32\viarveav.ini Has been deleted!
Attempting to delete C:\WINDOWS\system32\vtsqr.dll
C:\WINDOWS\system32\vtsqr.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\vtuvvww.dll
C:\WINDOWS\system32\vtuvvww.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\wvurssp.dll
C:\WINDOWS\system32\wvurssp.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\wvuurrr.dll
C:\WINDOWS\system32\wvuurrr.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\wvuuvsr.dll
C:\WINDOWS\system32\wvuuvsr.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\xxyvtqo.dll
C:\WINDOWS\system32\xxyvtqo.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\xxyvttq.dll
C:\WINDOWS\system32\xxyvttq.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\xxyvvuu.dll
C:\WINDOWS\system32\xxyvvuu.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\xxyxutr.dll
C:\WINDOWS\system32\xxyxutr.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\yaywwxx.dll
C:\WINDOWS\system32\yaywwxx.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\yayxxxy.dll
C:\WINDOWS\system32\yayxxxy.dll Has been deleted!
Performing Repairs to the registry.
Done!
VundoFix V6.3.18
Checking Java version...
Java version is 1.5.0.3
Old versions of java are exploitable and should be removed.
Java version is 1.5.0.11
Scan started at 13:27:55 29/03/2007
Listing files found while scanning....
C:\WINDOWS\system32\geedb.dll
C:\WINDOWS\system32\ilnmp.bak1
C:\WINDOWS\system32\ilnmp.ini
C:\WINDOWS\system32\pmnli.dll
C:\WINDOWS\system32\qomjjih.dll
Beginning removal...
Attempting to delete C:\WINDOWS\system32\ilnmp.bak1
C:\WINDOWS\system32\ilnmp.bak1 Has been deleted!
Attempting to delete C:\WINDOWS\system32\ilnmp.ini
C:\WINDOWS\system32\ilnmp.ini Has been deleted!
Attempting to delete C:\WINDOWS\system32\pmnli.dll
C:\WINDOWS\system32\pmnli.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\qomjjih.dll
C:\WINDOWS\system32\qomjjih.dll Has been deleted!
Performing Repairs to the registry.
Done!
and this is the HijackThis Log which I ran after:-
Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 13:41:19, on 29/03/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZONELABS\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe
C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe
C:\Program Files\OpenOffice.org 2.0\program\soffice.exe
C:\Program Files\OpenOffice.org 2.0\program\soffice.BIN
C:\Program Files\MSN Messenger\msrr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\PROGRA~1\Inbox\CToolbar.exe
c:\PROGRA~1\Inbox\CMail.exe
C:\Documents and Settings\Sharon\Desktop\HiJackThis_v2\HiJackThis_v2.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.inbox.com/search/dispatcher.aspx?tp=aus&qkw=%s&tbid=70026
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://uk.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://uk.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://uk.search.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.inbox.com/search/ie.aspx?tb_id=70026
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.inbox.com/support/sa_customize.aspx?TbId=70026
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://uk.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://uk.search.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.inbox.com/search/ie.aspx?tb_id=70026
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://dnl.inbox.com/support/sa_customize.aspx?TbId=70026
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
R3 - URLSearchHook: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Inbox\ctbr.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {0EC487D2-919D-4F49-98A5-49C06C518B0c} - C:\WINDOWS\system32\yalefqkf.dll
O2 - BHO: (no name) - {126E9693-9D2A-46D2-A2AF-0F89DDACB40C} - C:\WINDOWS\system32\pmnli.dll (file missing)
O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Inbox\ctbr.dll
O2 - BHO: (no name) - {20F18540-1B96-47E7-A855-94D537D6DB62} - C:\WINDOWS\system32\geedb.dll (file missing)
O2 - BHO: (no name) - {2269F137-F806-45A4-8300-553E2B6D1212} - C:\WINDOWS\system32\yalefqkf.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {53BCCC17-5BE4-4ED8-A99F-225C11371A00} - C:\WINDOWS\system32\yalefqkf.dll
O2 - BHO: (no name) - {57E218E6-5A80-4f0c-AB25-83598F25D7E9} - C:\WINDOWS\system32\hgwhwpkv.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: (no name) - {7D064D71-DD76-4596-90C0-921766AD560A} - C:\WINDOWS\system32\tuvstqr.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: (no name) - {CA00E36B-FD7C-4591-AF3C-A1C74F21407f} - C:\WINDOWS\system32\yalefqkf.dll
O2 - BHO: (no name) - {DFD4461F-7AA3-479A-8DDE-F681BE946EC7} - C:\WINDOWS\system32\mljjg.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: &Inbox Toolbar - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\PROGRA~1\Inbox\ctbr.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [seekmo] "c:\program files\seekmo\seekmo.exe"
O4 - HKLM\..\Run: [SeekmoToolbar] C:\Program Files\SeekmoToolbar\Bin\4.8.4.0\${HOOKOE_FILE}
O4 - HKLM\..\Run: [SoundService] rundll32.exe "C:\WINDOWS\system32\vaevraiv.dll",setvm
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: OpenOffice.org 2.0.lnk = C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe
O4 - Global Startup: Ulead Photo Express 4.0 SE Calendar Checker .lnk = C:\Program Files\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: Compare Prices with &Dealio - C:\Program Files\Dealio\kb103\res\DealioSearch.html
O8 - Extra context menu item: Inbox Search - tbr:iemenu
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1165854538114
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~1\Inbox\ctbr.dll
O20 - Winlogon Notify: geedb - C:\WINDOWS\system32\geedb.dll (file missing)
O20 - Winlogon Notify: tuvstqr - C:\WINDOWS\SYSTEM32\tuvstqr.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZONELABS\vsmon.exe
--
End of file - 10472 bytes
I'm HjT-Student in finnish HijackThis school. My intructions with checking before I post for you. I hope SharonS, that you not follow to instruction for oldguy2 because I'm post this thread first. oldguy2, I hope that you not post any more messages this thread
Go to Add/Remove application and delete these programs (you get to Add/Remove application with thus, Press Start->Controlpanel->Add/Remove application):
Crawler Toolbar
Seekmo Toolbar
Open HijackThis, press do a system scan only, checkmark these lines:
R3 - URLSearchHook: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Inbox\ctbr.dll
O2 - BHO: (no name) - {126E9693-9D2A-46D2-A2AF-0F89DDACB40C} - C:\WINDOWS\system32\pmnli.dll (file missing)
O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Inbox\ctbr.dll
O2 - BHO: (no name) - {20F18540-1B96-47E7-A855-94D537D6DB62} - C:\WINDOWS\system32\geedb.dll (file missing)
O2 - BHO: (no name) - {57E218E6-5A80-4f0c-AB25-83598F25D7E9} - C:\WINDOWS\system32\hgwhwpkv.dll (file missing)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {DFD4461F-7AA3-479A-8DDE-F681BE946EC7} - C:\WINDOWS\system32\mljjg.dll (file missing)
O3 - Toolbar: &Inbox Toolbar - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\PROGRA~1\Inbox\ctbr.dll
O4 - HKLM\..\Run: [seekmo] "c:\program files\seekmo\seekmo.exe"
O4 - HKLM\..\Run: [SeekmoToolbar] C:\Program Files\SeekmoToolbar\Bin\4.8.4.0\${HOOKOE_FILE}
O4 - HKLM\..\Run: [SoundService] rundll32.exe "C:\WINDOWS\system32\vaevraiv.dll",setvm
O20 - Winlogon Notify: geedb - C:\WINDOWS\system32\geedb.dll (file missing)
Next, press Fix checked
Please make your hidden files be seems:
1. Close all programs so that you are at your desktop.
2. Double-click on the My Computer icon.
3. Select the Tools menu and click Folder Options.
4. After the new window appears select the View tab.
5. Put a checkmark in the checkbox labeled Display the contents of system folders.
6. Under the Hidden files and folders section select the radio button labeled Show hidden files and folders.
7. Remove the checkmark from the checkbox labeled Hide file extensions for known file types.
8. Remove the checkmark from the checkbox labeled Hide protected operating system files.
9. Press the Apply button and then the OK button and shutdown My Computer.
10. Now your computer is configured to show all hidden files.
Reboot your computer in safe mode:
# Restart your computer.
# When the machine first starts again it will generally list some equipment that is installed in your machine, amount of memory, hard drives installed etc. At this point you should gently tap the F8 key repeatedly until you are presented with a Windows XP Advanced Options menu.
# Select the option for Safe Mode using the arrow keys.
# Then press enter on your keyboard to boot into Safe Mode.
Once in Safe mode:
Delete these Folders:
C:\PROGRA~1\Inbox
C:\program files\seekmo
C:\Program Files\SeekmoToolbar
C:\WINDOWS\system32\vaevraiv.dll
Reboot your computer in normal mode
Download this version(1.99.1) for HijackThis, Link.
Scan your computer again for VundoFix and post fresh HijackThis(1.99.1 version) and VundoFix raport.
Here are my logs from Vundofix and HijackThis
Vundofix
VundoFix V6.3.18
Checking Java version...
Java version is 1.5.0.3
Old versions of java are exploitable and should be removed.
Java version is 1.5.0.11
Scan started at 13:15:00 29/03/2007
Listing files found while scanning....
C:\WINDOWS\system32\awtqroo.dll
C:\WINDOWS\system32\awtrqop.dll
C:\WINDOWS\system32\awtrstq.dll
C:\WINDOWS\system32\awtsq.dll
C:\WINDOWS\system32\bdeeg.bak1
C:\WINDOWS\system32\bdeeg.ini
C:\WINDOWS\system32\byxvvsr.dll
C:\WINDOWS\system32\cbxurqq.dll
C:\WINDOWS\system32\cbxxyvw.dll
C:\WINDOWS\system32\ddcawtq.dll
C:\WINDOWS\system32\ddcyxwt.dll
C:\WINDOWS\system32\efcayyx.dll
C:\WINDOWS\system32\efcbcbc.dll
C:\WINDOWS\system32\efcdeda.dll
C:\WINDOWS\system32\fccawvt.dll
C:\WINDOWS\system32\fccayxu.dll
C:\WINDOWS\system32\fccbyvt.dll
C:\WINDOWS\system32\fcccddc.dll
C:\WINDOWS\system32\fccdbbx.dll
C:\WINDOWS\system32\geedb.dll
C:\WINDOWS\system32\gjjlm.bak1
C:\WINDOWS\system32\gjjlm.bak2
C:\WINDOWS\system32\gjjlm.ini
C:\WINDOWS\system32\gjjlm.ini2
C:\WINDOWS\system32\hgwhwpkv.dll
C:\WINDOWS\system32\hsptwhqy.dll
C:\WINDOWS\system32\iifcaby.dll
C:\WINDOWS\system32\iifffeb.dll
C:\WINDOWS\system32\jkhff.dll
C:\WINDOWS\system32\jkkjihe.dll
C:\WINDOWS\system32\jkkli.dll
C:\WINDOWS\system32\jkkllih.dll
C:\WINDOWS\system32\khfddef.dll
C:\WINDOWS\system32\kjjlm.bak1
C:\WINDOWS\system32\kjjlm.ini
C:\WINDOWS\system32\ljjggfg.dll
C:\WINDOWS\system32\mljjg.dll
C:\WINDOWS\system32\mljjk.dll
C:\WINDOWS\system32\nnnkihe.dll
C:\WINDOWS\system32\nnnlljg.dll
C:\WINDOWS\system32\nnnmnkl.dll
C:\WINDOWS\system32\opnolif.dll
C:\WINDOWS\system32\pmnllli.dll
C:\WINDOWS\system32\qomjjih.dll
C:\WINDOWS\system32\qttss.ini
C:\WINDOWS\system32\rqrqrol.dll
C:\WINDOWS\system32\ssqolih.dll
C:\WINDOWS\system32\ssqpqpq.dll
C:\WINDOWS\system32\ssttq.dll
C:\WINDOWS\system32\tuvsppp.dll
C:\WINDOWS\system32\tuvsstt.dll
C:\WINDOWS\system32\tuvvsro.dll
C:\WINDOWS\system32\urqpnon.dll
C:\WINDOWS\system32\urqrqon.dll
C:\WINDOWS\system32\vaevraiv.dll
C:\WINDOWS\system32\viarveav.ini
C:\WINDOWS\system32\vtsqr.dll
C:\WINDOWS\system32\vtuvvww.dll
C:\WINDOWS\system32\wvurssp.dll
C:\WINDOWS\system32\wvuurrr.dll
C:\WINDOWS\system32\wvuuvsr.dll
C:\WINDOWS\system32\xxyvtqo.dll
C:\WINDOWS\system32\xxyvttq.dll
C:\WINDOWS\system32\xxyvvuu.dll
C:\WINDOWS\system32\xxyxutr.dll
C:\WINDOWS\system32\yaywwxx.dll
C:\WINDOWS\system32\yayxxxy.dll
Beginning removal...
Attempting to delete C:\WINDOWS\system32\awtqroo.dll
C:\WINDOWS\system32\awtqroo.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\awtrqop.dll
C:\WINDOWS\system32\awtrqop.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\awtrstq.dll
C:\WINDOWS\system32\awtrstq.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\awtsq.dll
C:\WINDOWS\system32\awtsq.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\bdeeg.bak1
C:\WINDOWS\system32\bdeeg.bak1 Has been deleted!
Attempting to delete C:\WINDOWS\system32\bdeeg.ini
C:\WINDOWS\system32\bdeeg.ini Has been deleted!
Attempting to delete C:\WINDOWS\system32\byxvvsr.dll
C:\WINDOWS\system32\byxvvsr.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\cbxurqq.dll
C:\WINDOWS\system32\cbxurqq.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\cbxxyvw.dll
C:\WINDOWS\system32\cbxxyvw.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\ddcawtq.dll
C:\WINDOWS\system32\ddcawtq.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\ddcyxwt.dll
C:\WINDOWS\system32\ddcyxwt.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\efcayyx.dll
C:\WINDOWS\system32\efcayyx.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\efcbcbc.dll
C:\WINDOWS\system32\efcbcbc.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\efcdeda.dll
C:\WINDOWS\system32\efcdeda.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\fccawvt.dll
C:\WINDOWS\system32\fccawvt.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\fccayxu.dll
C:\WINDOWS\system32\fccayxu.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\fccbyvt.dll
C:\WINDOWS\system32\fccbyvt.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\fcccddc.dll
C:\WINDOWS\system32\fcccddc.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\fccdbbx.dll
C:\WINDOWS\system32\fccdbbx.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\gjjlm.bak1
C:\WINDOWS\system32\gjjlm.bak1 Has been deleted!
Attempting to delete C:\WINDOWS\system32\gjjlm.bak2
C:\WINDOWS\system32\gjjlm.bak2 Has been deleted!
Attempting to delete C:\WINDOWS\system32\gjjlm.ini
C:\WINDOWS\system32\gjjlm.ini Has been deleted!
Attempting to delete C:\WINDOWS\system32\gjjlm.ini2
C:\WINDOWS\system32\gjjlm.ini2 Has been deleted!
Attempting to delete C:\WINDOWS\system32\hgwhwpkv.dll
C:\WINDOWS\system32\hgwhwpkv.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\hsptwhqy.dll
C:\WINDOWS\system32\hsptwhqy.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\iifcaby.dll
C:\WINDOWS\system32\iifcaby.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\iifffeb.dll
C:\WINDOWS\system32\iifffeb.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\jkhff.dll
C:\WINDOWS\system32\jkhff.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\jkkjihe.dll
C:\WINDOWS\system32\jkkjihe.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\jkkli.dll
C:\WINDOWS\system32\jkkli.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\jkkllih.dll
C:\WINDOWS\system32\jkkllih.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\khfddef.dll
C:\WINDOWS\system32\khfddef.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\kjjlm.bak1
C:\WINDOWS\system32\kjjlm.bak1 Has been deleted!
Attempting to delete C:\WINDOWS\system32\kjjlm.ini
C:\WINDOWS\system32\kjjlm.ini Has been deleted!
Attempting to delete C:\WINDOWS\system32\ljjggfg.dll
C:\WINDOWS\system32\ljjggfg.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\mljjg.dll
C:\WINDOWS\system32\mljjg.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\mljjk.dll
C:\WINDOWS\system32\mljjk.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\nnnkihe.dll
C:\WINDOWS\system32\nnnkihe.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\nnnlljg.dll
C:\WINDOWS\system32\nnnlljg.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\nnnmnkl.dll
C:\WINDOWS\system32\nnnmnkl.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\opnolif.dll
C:\WINDOWS\system32\opnolif.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\pmnllli.dll
C:\WINDOWS\system32\pmnllli.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\qomjjih.dll
C:\WINDOWS\system32\qomjjih.dll Could not be deleted.
Attempting to delete C:\WINDOWS\system32\qttss.ini
C:\WINDOWS\system32\qttss.ini Has been deleted!
Attempting to delete C:\WINDOWS\system32\rqrqrol.dll
C:\WINDOWS\system32\rqrqrol.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\ssqolih.dll
C:\WINDOWS\system32\ssqolih.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\ssqpqpq.dll
C:\WINDOWS\system32\ssqpqpq.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\ssttq.dll
C:\WINDOWS\system32\ssttq.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\tuvsppp.dll
C:\WINDOWS\system32\tuvsppp.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\tuvsstt.dll
C:\WINDOWS\system32\tuvsstt.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\tuvvsro.dll
C:\WINDOWS\system32\tuvvsro.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\urqpnon.dll
C:\WINDOWS\system32\urqpnon.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\urqrqon.dll
C:\WINDOWS\system32\urqrqon.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\vaevraiv.dll
C:\WINDOWS\system32\vaevraiv.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\viarveav.ini
C:\WINDOWS\system32\viarveav.ini Has been deleted!
Attempting to delete C:\WINDOWS\system32\vtsqr.dll
C:\WINDOWS\system32\vtsqr.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\vtuvvww.dll
C:\WINDOWS\system32\vtuvvww.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\wvurssp.dll
C:\WINDOWS\system32\wvurssp.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\wvuurrr.dll
C:\WINDOWS\system32\wvuurrr.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\wvuuvsr.dll
C:\WINDOWS\system32\wvuuvsr.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\xxyvtqo.dll
C:\WINDOWS\system32\xxyvtqo.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\xxyvttq.dll
C:\WINDOWS\system32\xxyvttq.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\xxyvvuu.dll
C:\WINDOWS\system32\xxyvvuu.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\xxyxutr.dll
C:\WINDOWS\system32\xxyxutr.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\yaywwxx.dll
C:\WINDOWS\system32\yaywwxx.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\yayxxxy.dll
C:\WINDOWS\system32\yayxxxy.dll Has been deleted!
Performing Repairs to the registry.
Done!
VundoFix V6.3.18
Checking Java version...
Java version is 1.5.0.3
Old versions of java are exploitable and should be removed.
Java version is 1.5.0.11
Scan started at 13:27:55 29/03/2007
Listing files found while scanning....
C:\WINDOWS\system32\geedb.dll
C:\WINDOWS\system32\ilnmp.bak1
C:\WINDOWS\system32\ilnmp.ini
C:\WINDOWS\system32\pmnli.dll
C:\WINDOWS\system32\qomjjih.dll
Beginning removal...
Attempting to delete C:\WINDOWS\system32\ilnmp.bak1
C:\WINDOWS\system32\ilnmp.bak1 Has been deleted!
Attempting to delete C:\WINDOWS\system32\ilnmp.ini
C:\WINDOWS\system32\ilnmp.ini Has been deleted!
Attempting to delete C:\WINDOWS\system32\pmnli.dll
C:\WINDOWS\system32\pmnli.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\qomjjih.dll
C:\WINDOWS\system32\qomjjih.dll Has been deleted!
Performing Repairs to the registry.
Done!
VundoFix V6.3.18
Checking Java version...
Java version is 1.5.0.3
Old versions of java are exploitable and should be removed.
Java version is 1.5.0.11
Scan started at 20:19:45 29/03/2007
Listing files found while scanning....
C:\WINDOWS\system32\awtqr.dll
C:\WINDOWS\system32\bccdd.ini
C:\WINDOWS\system32\ddccb.dll
C:\WINDOWS\system32\gebbcyy.dll
C:\WINDOWS\system32\geedb.dll
C:\WINDOWS\system32\ljjgdba.dll
C:\WINDOWS\system32\rqtwa.ini
C:\WINDOWS\system32\rrutv.bak1
C:\WINDOWS\system32\rrutv.ini
C:\WINDOWS\system32\tuvstqr.dll
C:\WINDOWS\system32\tuvtqoo.dll
C:\WINDOWS\system32\vturr.dll
Beginning removal...
Attempting to delete C:\WINDOWS\system32\awtqr.dll
C:\WINDOWS\system32\awtqr.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\bccdd.ini
C:\WINDOWS\system32\bccdd.ini Has been deleted!
Attempting to delete C:\WINDOWS\system32\ddccb.dll
C:\WINDOWS\system32\ddccb.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\gebbcyy.dll
C:\WINDOWS\system32\gebbcyy.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\ljjgdba.dll
C:\WINDOWS\system32\ljjgdba.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\rqtwa.ini
C:\WINDOWS\system32\rqtwa.ini Has been deleted!
Attempting to delete C:\WINDOWS\system32\rrutv.bak1
C:\WINDOWS\system32\rrutv.bak1 Has been deleted!
Attempting to delete C:\WINDOWS\system32\rrutv.ini
C:\WINDOWS\system32\rrutv.ini Has been deleted!
Attempting to delete C:\WINDOWS\system32\tuvstqr.dll
C:\WINDOWS\system32\tuvstqr.dll Could not be deleted.
Attempting to delete C:\WINDOWS\system32\tuvtqoo.dll
C:\WINDOWS\system32\tuvtqoo.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\vturr.dll
C:\WINDOWS\system32\vturr.dll Has been deleted!
Performing Repairs to the registry.
Done!
Beginning removal...
Attempting to delete C:\WINDOWS\system32\tuvstqr.dll
C:\WINDOWS\system32\tuvstqr.dll Has been deleted!
Performing Repairs to the registry.
Done!
VundoFix V6.3.18
Checking Java version...
Java version is 1.5.0.3
Old versions of java are exploitable and should be removed.
Java version is 1.5.0.11
Scan started at 16:00:40 30/03/2007
Listing files found while scanning....
C:\WINDOWS\system32\awtqo.dll
C:\WINDOWS\system32\byxvuts.dll
C:\WINDOWS\system32\cbxvsrr.dll
C:\WINDOWS\system32\cbxwxyw.dll
C:\WINDOWS\system32\cbxyxvw.dll
C:\WINDOWS\system32\ddcyv.dll
C:\WINDOWS\system32\efcyywu.dll
C:\WINDOWS\system32\gebabba.dll
C:\WINDOWS\system32\jkkkjhe.dll
C:\WINDOWS\system32\kmllm.bak1
C:\WINDOWS\system32\kmllm.ini
C:\WINDOWS\system32\mljgded.dll
C:\WINDOWS\system32\mljhihf.dll
C:\WINDOWS\system32\mllmk.dll
C:\WINDOWS\system32\oaayltgw.dll
C:\WINDOWS\system32\oqtwa.ini
C:\WINDOWS\system32\ssqnmnm.dll
C:\WINDOWS\system32\ttnblfvw.dll
C:\WINDOWS\system32\tuvutqo.dll
C:\WINDOWS\system32\urqomnm.dll
C:\WINDOWS\system32\vycdd.ini
C:\WINDOWS\system32\wvflbntt.ini
C:\WINDOWS\system32\yayvttt.dll
Beginning removal...
Attempting to delete C:\WINDOWS\system32\awtqo.dll
C:\WINDOWS\system32\awtqo.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\byxvuts.dll
C:\WINDOWS\system32\byxvuts.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\cbxvsrr.dll
C:\WINDOWS\system32\cbxvsrr.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\cbxwxyw.dll
C:\WINDOWS\system32\cbxwxyw.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\cbxyxvw.dll
C:\WINDOWS\system32\cbxyxvw.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\ddcyv.dll
C:\WINDOWS\system32\ddcyv.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\efcyywu.dll
C:\WINDOWS\system32\efcyywu.dll Could not be deleted.
Attempting to delete C:\WINDOWS\system32\gebabba.dll
C:\WINDOWS\system32\gebabba.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\jkkkjhe.dll
C:\WINDOWS\system32\jkkkjhe.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\kmllm.bak1
C:\WINDOWS\system32\kmllm.bak1 Has been deleted!
Attempting to delete C:\WINDOWS\system32\kmllm.ini
C:\WINDOWS\system32\kmllm.ini Has been deleted!
Attempting to delete C:\WINDOWS\system32\mljgded.dll
C:\WINDOWS\system32\mljgded.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\mljhihf.dll
C:\WINDOWS\system32\mljhihf.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\mllmk.dll
C:\WINDOWS\system32\mllmk.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\oaayltgw.dll
C:\WINDOWS\system32\oaayltgw.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\oqtwa.ini
C:\WINDOWS\system32\oqtwa.ini Has been deleted!
Attempting to delete C:\WINDOWS\system32\ssqnmnm.dll
C:\WINDOWS\system32\ssqnmnm.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\ttnblfvw.dll
C:\WINDOWS\system32\ttnblfvw.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\tuvutqo.dll
C:\WINDOWS\system32\tuvutqo.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\urqomnm.dll
C:\WINDOWS\system32\urqomnm.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\vycdd.ini
C:\WINDOWS\system32\vycdd.ini Has been deleted!
Attempting to delete C:\WINDOWS\system32\wvflbntt.ini
C:\WINDOWS\system32\wvflbntt.ini Has been deleted!
Attempting to delete C:\WINDOWS\system32\yayvttt.dll
C:\WINDOWS\system32\yayvttt.dll Has been deleted!
Performing Repairs to the registry.
Done!
Beginning removal...
Attempting to delete C:\WINDOWS\system32\efcyywu.dll
C:\WINDOWS\system32\efcyywu.dll Has been deleted!
Performing Repairs to the registry.
Done!
Now HijackThis
Logfile of HijackThis v1.99.1
Scan saved at 16:22:27, on 30/03/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZONELABS\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe
C:\Program Files\OpenOffice.org 2.0\program\soffice.exe
C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe
C:\Program Files\OpenOffice.org 2.0\program\soffice.BIN
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\MSN Messenger\msrr.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.inbox.com/search/dispatcher.aspx?tp=aus&qkw=%s&tbid=70026
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://uk.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://uk.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://uk.search.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.inbox.com/search/ie.aspx?tb_id=70026
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.inbox.com/support/sa_customize.aspx?TbId=70026
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://uk.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://uk.search.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.inbox.com/search/ie.aspx?tb_id=70026
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://dnl.inbox.com/support/sa_customize.aspx?TbId=70026
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {0EC487D2-919D-4F49-98A5-49C06C518B0c} - C:\WINDOWS\system32\yalefqkf.dll
O2 - BHO: (no name) - {2269F137-F806-45A4-8300-553E2B6D1212} - C:\WINDOWS\system32\yalefqkf.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {53BCCC17-5BE4-4ED8-A99F-225C11371A00} - C:\WINDOWS\system32\yalefqkf.dll
O2 - BHO: (no name) - {57E218E6-5A80-4f0c-AB25-83598F25D7E9} - C:\WINDOWS\system32\oaayltgw.dll (file missing)
O2 - BHO: (no name) - {6D1453C6-84AB-4836-A988-BA9477ED9E40} - C:\WINDOWS\system32\vturr.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: (no name) - {7D064D71-DD76-4596-90C0-921766AD560A} - C:\WINDOWS\system32\nnnnonm.dll
O2 - BHO: (no name) - {8BE7ECE5-BEED-4525-9169-4A73814AA404} - C:\WINDOWS\system32\mllmk.dll (file missing)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: (no name) - {CA00E36B-FD7C-4591-AF3C-A1C74F21407f} - C:\WINDOWS\system32\yalefqkf.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [SoundService] rundll32.exe "C:\WINDOWS\system32\ttnblfvw.dll",setvm
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Startup: OpenOffice.org 2.0.lnk = C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe
O4 - Global Startup: Ulead Photo Express 4.0 SE Calendar Checker .lnk = C:\Program Files\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: Compare Prices with &Dealio - C:\Program Files\Dealio\kb103\res\DealioSearch.html
O8 - Extra context menu item: Inbox Search - tbr:iemenu
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1165854538114
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~1\Inbox\ctbr.dll (file missing)
O20 - Winlogon Notify: nnnnonm - C:\WINDOWS\SYSTEM32\nnnnonm.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZONELABS\vsmon.exe
Sharon
First delete this text file C:\Vundofix.txt.
- Double-click VundoFix.exe to run it.
- Click the Scan for Vundo button.
- Once the scan is complete, Right Click inside the listbox (white box) and click add more files
- Copy&Paste the 2 entries below into the top 2 boxes (one line per box):
- C:\WINDOWS\system32\nnnnonm.dll
- C:\WINDOWS\SYSTEM32\mnonnnn.*
- Click Add Files and Click Close Window
- Click the Remove Vundo button.
- You will receive a prompt asking if you want to remove the files, click YES
- Once you click yes, your desktop will go blank as it starts removing Vundo.
- When completed, it will prompt that it will reboot your computer, click OK.
- Please post the contents of C:\vundofix.txt and a new HijackThis log.
Note: It is possible that VundoFix encountered a file it could not remove.In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button." when VundoFix appears at reboot.
Open HijackThis, press do a system scan only, checkmark these lines:
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.inbox.com/search/dispatch...=%s&tbid=70026
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.inbox.com/search/ie.aspx?tb_id=70026
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.inbox.com/support/sa_cust...spx?TbId=70026
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.inbox.com/search/ie.aspx?tb_id=70026
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://dnl.inbox.com/support/sa_cust...spx?TbId=70026
O2 - BHO: (no name) - {57E218E6-5A80-4f0c-AB25-83598F25D7E9} - C:\WINDOWS\system32\oaayltgw.dll (file missing)
O2 - BHO: (no name) - {6D1453C6-84AB-4836-A988-BA9477ED9E40} - C:\WINDOWS\system32\vturr.dll (file missing)
O2 - BHO: (no name) - {8BE7ECE5-BEED-4525-9169-4A73814AA404} - C:\WINDOWS\system32\mllmk.dll (file missing)
O4 - HKLM\..\Run: [SoundService] rundll32.exe "C:\WINDOWS\system32\ttnblfvw.dll",setvm
O8 - Extra context menu item: Inbox Search - tbr:iemenu
O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~1\Inbox\ctbr.dll (file missing)
Next, press Fix checked
Please download F-Secure Blacklight (blbeta.exe) and save to your C:\ drive.
1. Open a command window by going to Start > Run and typing: cmd
2. Copy/paste or type the following in the command window:
C:\blbeta.exe /expert
3. Hit "Enter" to start the program and then close the cmd box.
4. Accept the user agreement and click "Next".
5 Click "Scan".
6. After the scan is complete, click "Next", then "Exit". BlackLight will create a log in C:\ drive named "fsbl-xxxxxxx.log" (the xxxxxxx will be the date and time of the scan).
7. The log will have a list of all items found. Do not choose to rename any yet! I want to see the log first because legitimate items can also be present...like "wbemtest.exe".
8. Exit Blacklight and post the contents of the log in your next reply.
Note: If you download Blacklight to your desktop, just double-click to run from there and it will create the "fsbl-xxxxxxx.log" on your desktop.
Please post Blacklight log, Vundofix log and fresh HijackThis log
03/31/07 18:56:47 [Info]: BlackLight Engine 1.0.61 initialized
03/31/07 18:56:47 [Info]: OS: 5.1 build 2600 (Service Pack 2)
03/31/07 18:56:48 [Note]: 7019 4
03/31/07 18:56:48 [Note]: 7005 0
03/31/07 18:57:16 [Note]: 7006 0
03/31/07 18:57:16 [Note]: 7011 2016
03/31/07 18:57:17 [Note]: 7026 0
03/31/07 18:57:17 [Note]: 7026 0
03/31/07 18:57:20 [Note]: FSRAW library version 1.7.1021
03/31/07 19:06:12 [Note]: 7006 0
03/31/07 19:06:12 [Note]: 7011 2016
03/31/07 19:06:13 [Note]: 7026 0
03/31/07 19:06:13 [Note]: 7026 0
03/31/07 19:06:16 [Note]: FSRAW library version 1.7.1021
03/31/07 19:07:04 [Note]: 7007 0
VundoFix Log -
VundoFix V6.3.18
Checking Java version...
Java version is 1.5.0.3
Old versions of java are exploitable and should be removed.
Java version is 1.5.0.11
Scan started at 17:59:05 31/03/2007
Listing files found while scanning....
C:\WINDOWS\system32\cbxxvvs.dll
C:\WINDOWS\system32\ddcbyxu.dll
C:\WINDOWS\system32\ddcywxv.dll
C:\WINDOWS\system32\efccbaw.dll
C:\WINDOWS\system32\fccccba.dll
C:\WINDOWS\system32\gebyayy.dll
C:\WINDOWS\system32\jjkkj.ini
C:\WINDOWS\system32\jkkjj.dll
C:\WINDOWS\system32\mljgffd.dll
C:\WINDOWS\system32\mljgggd.dll
C:\WINDOWS\system32\mljjkhf.dll
C:\WINDOWS\system32\nnnnonm.dll
C:\WINDOWS\system32\opnnkhg.dll
C:\WINDOWS\system32\opnnkhh.dll
C:\WINDOWS\system32\qqstv.bak1
C:\WINDOWS\system32\qqstv.bak2
C:\WINDOWS\system32\qqstv.ini
C:\WINDOWS\system32\ssqqnol.dll
C:\WINDOWS\system32\urqnonk.dll
C:\WINDOWS\system32\vtsqq.dll
C:\WINDOWS\system32\wvutrrq.dll
C:\WINDOWS\system32\wvutuss.dll
Beginning removal...
Attempting to delete C:\WINDOWS\system32\cbxxvvs.dll
C:\WINDOWS\system32\cbxxvvs.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\ddcbyxu.dll
C:\WINDOWS\system32\ddcbyxu.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\ddcywxv.dll
C:\WINDOWS\system32\ddcywxv.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\efccbaw.dll
C:\WINDOWS\system32\efccbaw.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\fccccba.dll
C:\WINDOWS\system32\fccccba.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\gebyayy.dll
C:\WINDOWS\system32\gebyayy.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\jjkkj.ini
C:\WINDOWS\system32\jjkkj.ini Has been deleted!
Attempting to delete C:\WINDOWS\system32\jkkjj.dll
C:\WINDOWS\system32\jkkjj.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\mljgffd.dll
C:\WINDOWS\system32\mljgffd.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\mljgggd.dll
C:\WINDOWS\system32\mljgggd.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\mljjkhf.dll
C:\WINDOWS\system32\mljjkhf.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\nnnnonm.dll
C:\WINDOWS\system32\nnnnonm.dll Could not be deleted.
Attempting to delete C:\WINDOWS\system32\nnnnonm.dll
C:\WINDOWS\system32\nnnnonm.dll Could not be deleted.
Attempting to delete C:\WINDOWS\system32\opnnkhg.dll
C:\WINDOWS\system32\opnnkhg.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\opnnkhh.dll
C:\WINDOWS\system32\opnnkhh.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\qqstv.bak1
C:\WINDOWS\system32\qqstv.bak1 Has been deleted!
Attempting to delete C:\WINDOWS\system32\qqstv.bak2
C:\WINDOWS\system32\qqstv.bak2 Has been deleted!
Attempting to delete C:\WINDOWS\system32\qqstv.ini
C:\WINDOWS\system32\qqstv.ini Has been deleted!
Attempting to delete C:\WINDOWS\system32\ssqqnol.dll
C:\WINDOWS\system32\ssqqnol.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\urqnonk.dll
C:\WINDOWS\system32\urqnonk.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\vtsqq.dll
C:\WINDOWS\system32\vtsqq.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\wvutrrq.dll
C:\WINDOWS\system32\wvutrrq.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\wvutuss.dll
C:\WINDOWS\system32\wvutuss.dll Has been deleted!
Performing Repairs to the registry.
Done!
Beginning removal...
Attempting to delete C:\WINDOWS\system32\nnnnonm.dll
C:\WINDOWS\system32\nnnnonm.dll Has been deleted!
Performing Repairs to the registry.
Done!
New HijackThis Log
Logfile of HijackThis v1.99.1
Scan saved at 19:20:49, on 31/03/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZONELABS\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe
C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe
C:\Program Files\OpenOffice.org 2.0\program\soffice.exe
C:\Program Files\OpenOffice.org 2.0\program\soffice.BIN
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\MSN Messenger\msrr.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://uk.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://uk.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://uk.search.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://uk.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://uk.search.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [SoundService] rundll32.exe "C:\WINDOWS\system32\ujpwxevk.dll",setvm
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Startup: OpenOffice.org 2.0.lnk = C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe
O4 - Global Startup: Ulead Photo Express 4.0 SE Calendar Checker .lnk = C:\Program Files\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: Compare Prices with &Dealio - C:\Program Files\Dealio\kb103\res\DealioSearch.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1165854538114
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZONELABS\vsmon.exe
Thank you
Sharon
Rename HijackThis to Scanner.
- * Double-click VundoFix.exe to run it.
Please download AVG Anti-Spyware to your Desktop or to your usual Download Folder.* Put a check next to Run VundoFix as a task.
* You will receive a message saying vundofix will close and re-open in a minute or less. Click OK
* When VundoFix re-opens,Click Scan for Vundo button.
* Once the scan is complete, Right Click inside the listbox (white box) and click add more files
* Copy&Paste the 2 entries below into the top 2 boxes
o C:\WINDOWS\system32\ujpwxevk.dll
* Click Add Files and Click Close Window
* Click the Remove Vundo button.
* You will receive a prompt asking if you want to remove the files, click YES
* Once you click yes, your desktop will go blank as it starts removing Vundo.
* When completed, it will prompt that it will shutdown your computer, click OK.
* Turn your computer back on.
* Please post the contents of C:\vundofix.txt
http://www.ewido.net/en/download/
- Install AVG Anti-Spyware by double clicking the installer.
- Follow the prompts. Make sure that Launch AVG Anti-Spyware is checked.
- On the main screen under Your Computer's security.
- Click on Change state next to Resident shield. It should now change to inactive.
- Click on Change state next to Automatic updates. It should now change to inactive.
- Next to Last Update, click on Update now. (You will need an active internet connection to perform this)
- Wait until you see the Update succesfull message.
- Right-click the AVG Anti-Spyware Tray Icon and uncheck Start with Windows.
- Right-click the AVG Anti-Spyware Tray Icon and select Exit. Confirm by clicking Yes.
If you are having problems with the updater, you can use this link to manually update AVG Anti-Spyware.AVG Anti-Spyware manual updates.
Download the Full database to your Desktop or to your usual Download Folder and install it by double clicking the file. Make sure that AVG Anti-Spyware is closed before installing the update.
Open HijackThis, press do a system scan only, checkmark this line:
O4 - HKLM\..\Run: [SoundService] rundll32.exe "C:\WINDOWS\system32\ujpwxevk.dll",setvm
Next, close all program, press Fix checked.
Reboot your computer in Safe Mode.
- If the computer is running, shut down Windows, and then turn off the power.
- Wait 30 seconds, and then turn the computer on.
- Start tapping the F8 key. The Windows Advanced Options Menu appears. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, restart the computer and try again.
- Ensure that the Safe Mode option is selected.
- Press Enter. The computer then begins to start in Safe mode.
- Login on your usual account.
Close ALL open Windows / Programs / Folders. Please start AVG Anti-Spyware and run a full scan.- Click on Scanner on the toolbar.
- Click on the Settings tab.
- Under How to act?
- Click on Recommended Action and choose Quarantine from the popup menu.
- Under How to scan?
- All checkboxes should be ticked.
- Under Possibly unwanted software:
- All checkboxes should be ticked.
- Under Reports:
- Select Automatically generate report after every scan and uncheck Only if threats were found.
- Under What to scan?
- Select Scan every file.
- Click on the Scan tab.
- Click on Complete System Scan to start the scan process.
- Let the program scan the machine.
- When the scan has finished, follow the instructions below.
- Make sure that Set all elements to: shows Quarantine (1), if not click on the link and choose Quarantine from the popup menu. (2)
- At the bottom of the window click on the Apply all Actions button. (3)
- When done, click the Save Scan Report button. (4)
- Click the Save Report as button.
- Save the report to your Desktop.
- Right-click the AVG Anti-Spyware Tray Icon and select Exit. Confirm by clicking Yes.
Reboot back into Normal Mode, and post a new HJT log, AVG Anti-Spyware report and the contents of C:\vundofix.txtIMPORTANT : Don't click on the "Save Scan Report" button before you did hit the "Apply all Actions" button.
I have to do this in different posts because the text is too long for just one. The AVG log is in three posts.
Here is my AVG log (I couldn't do it in Safe Mode because everything is bigger on safe mode and I couldn't see the checkboxes)
AVG Anti-Spyware - Scan Report
+ Created at: 16:33:02 01/04/2007
+ Scan result:
C:\Documents and Settings\Dave the duck\Local Settings\Temp\18046E.tmp -> Adware.180Solution : Cleaned with backup (quarantined).
HKU\S-1-5-21-1220945662-1580818891-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5929CD6E-2062-44A4-B2C5-2C7E78FBAB38} -> Adware.Generic : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{C0115199-5C2A-420E-B321-2DD77C23E110}\RP80\A0024020.dll -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Win XP\Local Settings\Temp\mit2DE.tmp.cab/Mirar_VC_Setup_876260_V58IE7.exe -> Adware.Mirar : Cleaned with backup (quarantined).
C:\Documents and Settings\Win XP\Local Settings\Temp\mit2DE.tmp/Mirar_VC_Setup_876260_V58IE7.exe -> Adware.Mirar : Cleaned with backup (quarantined).
C:\Documents and Settings\Win XP\Local Settings\Temporary Internet Files\Content.IE5\DNEPK990\mirar_distro_876260[1].exe -> Adware.SaveNow : Cleaned with backup (quarantined).
C:\WINDOWS\mirar_distro_876260.exe -> Adware.SaveNow : Cleaned with backup (quarantined).
C:\Documents and Settings\Dave the duck\Local Settings\Temporary Internet Files\Content.IE5\MQU1XBQC\is67295[1].exe -> Adware.Virtumonde : Cleaned with backup (quarantined).
C:\Documents and Settings\Graham\Local Settings\Temporary Internet Files\Content.IE5\MZL2NLHM\is67295[1].exe -> Adware.Virtumonde : Cleaned with backup (quarantined).
C:\Documents and Settings\Sharon\Local Settings\Temporary Internet Files\Content.IE5\BL07W6RH\is67295[1].exe -> Adware.Virtumonde : Cleaned with backup (quarantined).
C:\Documents and Settings\Sharon\Local Settings\Temporary Internet Files\Content.IE5\C0B03TBE\is67295[1].exe -> Adware.Virtumonde : Cleaned with backup (quarantined).
C:\Documents and Settings\Win XP\Local Settings\Temporary Internet Files\Content.IE5\3NIEMN8Z\is67295[1].exe -> Adware.Virtumonde : Cleaned with backup (quarantined).
C:\Documents and Settings\Win XP\Local Settings\Temporary Internet Files\Content.IE5\UUH45BW8\is67295[1].exe -> Adware.Virtumonde : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{C0115199-5C2A-420E-B321-2DD77C23E110}\RP80\A0022443.EXE -> Adware.Virtumonde : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{C0115199-5C2A-420E-B321-2DD77C23E110}\RP80\A0022682.dll -> Adware.Virtumonde : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{C0115199-5C2A-420E-B321-2DD77C23E110}\RP80\A0022683.dll -> Adware.Virtumonde : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{C0115199-5C2A-420E-B321-2DD77C23E110}\RP80\A0022684.dll -> Adware.Virtumonde : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{C0115199-5C2A-420E-B321-2DD77C23E110}\RP80\A0022687.dll -> Adware.Virtumonde : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{C0115199-5C2A-420E-B321-2DD77C23E110}\RP80\A0022688.dll -> Adware.Virtumonde : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{C0115199-5C2A-420E-B321-2DD77C23E110}\RP80\A0022689.dll -> Adware.Virtumonde : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{C0115199-5C2A-420E-B321-2DD77C23E110}\RP80\A0022690.dll -> Adware.Virtumonde : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{C0115199-5C2A-420E-B321-2DD77C23E110}\RP80\A0022691.dll -> Adware.Virtumonde : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{C0115199-5C2A-420E-B321-2DD77C23E110}\RP80\A0022692.dll -> Adware.Virtumonde : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{C0115199-5C2A-420E-B321-2DD77C23E110}\RP80\A0022693.dll -> Adware.Virtumonde : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{C0115199-5C2A-420E-B321-2DD77C23E110}\RP80\A0022694.dll -> Adware.Virtumonde : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{C0115199-5C2A-420E-B321-2DD77C23E110}\RP80\A0022695.dll -> Adware.Virtumonde : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{C0115199-5C2A-420E-B321-2DD77C23E110}\RP80\A0022696.dll -> Adware.Virtumonde : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{C0115199-5C2A-420E-B321-2DD77C23E110}\RP80\A0022697.dll -> Adware.Virtumonde : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{C0115199-5C2A-420E-B321-2DD77C23E110}\RP80\A0022698.dll -> Adware.Virtumonde : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{C0115199-5C2A-420E-B321-2DD77C23E110}\RP80\A0022699.dll -> Adware.Virtumonde : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{C0115199-5C2A-420E-B321-2DD77C23E110}\RP80\A0022702.dll -> Adware.Virtumonde : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{C0115199-5C2A-420E-B321-2DD77C23E110}\RP80\A0022703.dll -> Adware.Virtumonde : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{C0115199-5C2A-420E-B321-2DD77C23E110}\RP80\A0022705.dll -> Adware.Virtumonde : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{C0115199-5C2A-420E-B321-2DD77C23E110}\RP80\A0022707.dll -> Adware.Virtumonde : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{C0115199-5C2A-420E-B321-2DD77C23E110}\RP80\A0022708.dll -> Adware.Virtumonde : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{C0115199-5C2A-420E-B321-2DD77C23E110}\RP80\A0022710.dll -> Adware.Virtumonde : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{C0115199-5C2A-420E-B321-2DD77C23E110}\RP80\A0022713.dll -> Adware.Virtumonde : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{C0115199-5C2A-420E-B321-2DD77C23E110}\RP80\A0022714.dll -> Adware.Virtumonde : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{C0115199-5C2A-420E-B321-2DD77C23E110}\RP80\A0022715.dll -> Adware.Virtumonde : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{C0115199-5C2A-420E-B321-2DD77C23E110}\RP80\A0022716.dll -> Adware.Virtumonde : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{C0115199-5C2A-420E-B321-2DD77C23E110}\RP80\A0022717.dll -> Adware.Virtumonde : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{C0115199-5C2A-420E-B321-2DD77C23E110}\RP80\A0022719.dll -> Adware.Virtumonde : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{C0115199-5C2A-420E-B321-2DD77C23E110}\RP80\A0022720.dll -> Adware.Virtumonde : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{C0115199-5C2A-420E-B321-2DD77C23E110}\RP80\A0022721.dll -> Adware.Virtumonde : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{C0115199-5C2A-420E-B321-2DD77C23E110}\RP80\A0022723.dll -> Adware.Virtumonde : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{C0115199-5C2A-420E-B321-2DD77C23E110}\RP80\A0022724.dll -> Adware.Virtumonde : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{C0115199-5C2A-420E-B321-2DD77C23E110}\RP80\A0022725.dll -> Adware.Virtumonde : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{C0115199-5C2A-420E-B321-2DD77C23E110}\RP80\A0022726.dll -> Adware.Virtumonde : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{C0115199-5C2A-420E-B321-2DD77C23E110}\RP80\A0022727.dll -> Adware.Virtumonde : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{C0115199-5C2A-420E-B321-2DD77C23E110}\RP80\A0022730.dll -> Adware.Virtumonde : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{C0115199-5C2A-420E-B321-2DD77C23E110}\RP80\A0022731.dll -> Adware.Virtumonde : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{C0115199-5C2A-420E-B321-2DD77C23E110}\RP80\A0022732.dll -> Adware.Virtumonde : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{C0115199-5C2A-420E-B321-2DD77C23E110}\RP80\A0022733.dll -> Adware.Virtumonde : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{C0115199-5C2A-420E-B321-2DD77C23E110}\RP80\A0022734.dll -> Adware.Virtumonde : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{C0115199-5C2A-420E-B321-2DD77C23E110}\RP80\A0022735.dll -> Adware.Virtumonde : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{C0115199-5C2A-420E-B321-2DD77C23E110}\RP80\A0022736.dll -> Adware.Virtumonde : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{C0115199-5C2A-420E-B321-2DD77C23E110}\RP80\A0022737.dll -> Adware.Virtumonde : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{C0115199-5C2A-420E-B321-2DD77C23E110}\RP80\A0022738.dll -> Adware.Virtumonde : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{C0115199-5C2A-420E-B321-2DD77C23E110}\RP80\A0022739.dll -> Adware.Virtumonde : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{C0115199-5C2A-420E-B321-2DD77C23E110}\RP80\A0022751.DLL -> Adware.Virtumonde : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{C0115199-5C2A-420E-B321-2DD77C23E110}\RP80\A0022762.exe -> Adware.Virtumonde : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{C0115199-5C2A-420E-B321-2DD77C23E110}\RP80\A0022949.dll -> Adware.Virtumonde : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{C0115199-5C2A-420E-B321-2DD77C23E110}\RP80\A0022961.dll -> Adware.Virtumonde : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{C0115199-5C2A-420E-B321-2DD77C23E110}\RP80\A0022983.exe -> Adware.Virtumonde : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{C0115199-5C2A-420E-B321-2DD77C23E110}\RP80\A0024001.exe -> Adware.Virtumonde : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{C0115199-5C2A-420E-B321-2DD77C23E110}\RP80\A0024091.dll -> Adware.Virtumonde : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{C0115199-5C2A-420E-B321-2DD77C23E110}\RP80\A0024092.dll -> Adware.Virtumonde : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{C0115199-5C2A-420E-B321-2DD77C23E110}\RP80\A0024093.dll -> Adware.Virtumonde : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{C0115199-5C2A-420E-B321-2DD77C23E110}\RP80\A0024094.dll -> Adware.Virtumonde : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{C0115199-5C2A-420E-B321-2DD77C23E110}\RP80\A0024096.dll -> Adware.Virtumonde : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{C0115199-5C2A-420E-B321-2DD77C23E110}\RP80\A0024097.dll -> Adware.Virtumonde : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{C0115199-5C2A-420E-B321-2DD77C23E110}\RP80\A0024098.dll -> Adware.Virtumonde : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{C0115199-5C2A-420E-B321-2DD77C23E110}\RP80\A0024099.dll -> Adware.Virtumonde : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{C0115199-5C2A-420E-B321-2DD77C23E110}\RP80\A0024103.dll -> Adware.Virtumonde : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{C0115199-5C2A-420E-B321-2DD77C23E110}\RP80\A0024105.dll -> Adware.Virtumonde : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{C0115199-5C2A-420E-B321-2DD77C23E110}\RP80\A0024107.dll -> Adware.Virtumonde : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{C0115199-5C2A-420E-B321-2DD77C23E110}\RP80\A0024118.DLL -> Adware.Virtumonde : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{C0115199-5C2A-420E-B321-2DD77C23E110}\RP80\A0024300.exe -> Adware.Virtumonde : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{C0115199-5C2A-420E-B321-2DD77C23E110}\RP80\A0024419.exe -> Adware.Virtumonde : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{C0115199-5C2A-420E-B321-2DD77C23E110}\RP80\A0024525.dll -> Adware.Virtumonde : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{C0115199-5C2A-420E-B321-2DD77C23E110}\RP80\A0024526.dll -> Adware.Virtumonde : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{C0115199-5C2A-420E-B321-2DD77C23E110}\RP80\A0024527.dll -> Adware.Virtumonde : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{C0115199-5C2A-420E-B321-2DD77C23E110}\RP80\A0024528.dll -> Adware.Virtumonde : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{C0115199-5C2A-420E-B321-2DD77C23E110}\RP80\A0024529.dll -> Adware.Virtumonde : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{C0115199-5C2A-420E-B321-2DD77C23E110}\RP80\A0024530.dll -> Adware.Virtumonde : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{C0115199-5C2A-420E-B321-2DD77C23E110}\RP80\A0024533.dll -> Adware.Virtumonde : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{C0115199-5C2A-420E-B321-2DD77C23E110}\RP80\A0024534.dll -> Adware.Virtumonde : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{C0115199-5C2A-420E-B321-2DD77C23E110}\RP80\A0024535.dll -> Adware.Virtumonde : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{C0115199-5C2A-420E-B321-2DD77C23E110}\RP80\A0024536.dll -> Adware.Virtumonde : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{C0115199-5C2A-420E-B321-2DD77C23E110}\RP80\A0024537.dll -> Adware.Virtumonde : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{C0115199-5C2A-420E-B321-2DD77C23E110}\RP80\A0024538.dll -> Adware.Virtumonde : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{C0115199-5C2A-420E-B321-2DD77C23E110}\RP80\A0024540.dll -> Adware.Virtumonde : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{C0115199-5C2A-420E-B321-2DD77C23E110}\RP80\A0024541.dll -> Adware.Virtumonde : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{C0115199-5C2A-420E-B321-2DD77C23E110}\RP80\A0024551.DLL -> Adware.Virtumonde : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{C0115199-5C2A-420E-B321-2DD77C23E110}\RP82\A0026692.exe -> Adware.Virtumonde : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{C0115199-5C2A-420E-B321-2DD77C23E110}\RP82\A0026790.dll -> Adware.Virtumonde : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{C0115199-5C2A-420E-B321-2DD77C23E110}\RP82\A0026791.dll -> Adware.Virtumonde : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{C0115199-5C2A-420E-B321-2DD77C23E110}\RP82\A0026792.dll -> Adware.Virtumonde : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{C0115199-5C2A-420E-B321-2DD77C23E110}\RP82\A0026793.dll -> Adware.Virtumonde : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{C0115199-5C2A-420E-B321-2DD77C23E110}\RP82\A0026794.dll -> Adware.Virtumonde : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{C0115199-5C2A-420E-B321-2DD77C23E110}\RP82\A0026795.dll -> Adware.Virtumonde : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{C0115199-5C2A-420E-B321-2DD77C23E110}\RP82\A0026796.dll -> Adware.Virtumonde : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{C0115199-5C2A-420E-B321-2DD77C23E110}\RP82\A0026797.dll -> Adware.Virtumonde : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{C0115199-5C2A-420E-B321-2DD77C23E110}\RP82\A0026799.dll -> Adware.Virtumonde : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{C0115199-5C2A-420E-B321-2DD77C23E110}\RP82\A0026800.dll -> Adware.Virtumonde : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{C0115199-5C2A-420E-B321-2DD77C23E110}\RP82\A0026801.dll -> Adware.Virtumonde : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{C0115199-5C2A-420E-B321-2DD77C23E110}\RP82\A0026802.dll -> Adware.Virtumonde : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{C0115199-5C2A-420E-B321-2DD77C23E110}\RP82\A0026804.dll -> Adware.Virtumonde : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{C0115199-5C2A-420E-B321-2DD77C23E110}\RP82\A0026806.dll -> Adware.Virtumonde : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{C0115199-5C2A-420E-B321-2DD77C23E110}\RP82\A0026816.DLL -> Adware.Virtumonde : Cleaned with backup (quarantined).
C:\VundoFix Backups\awtqopm.dll.bad -> Adware.Virtumonde : Cleaned with backup (quarantined).
C:\VundoFix Backups\awtqroo.dll.bad -> Adware.Virtumonde : Cleaned with backup (quarantined).
C:\VundoFix Backups\awtrqop.dll.bad -> Adware.Virtumonde : Cleaned with backup (quarantined).
C:\VundoFix Backups\awtrstq.dll.bad -> Adware.Virtumonde : Cleaned with backup (quarantined).
C:\VundoFix Backups\awttrqo.dll.bad -> Adware.Virtumonde : Cleaned with backup (quarantined).
C:\VundoFix Backups\awttuur.dll.bad -> Adware.Virtumonde : Cleaned with backup (quarantined).
C:\VundoFix Backups\byxvuts.dll.bad -> Adware.Virtumonde : Cleaned with backup (quarantined).
C:\VundoFix Backups\byxvvsr.dll.bad -> Adware.Virtumonde : Cleaned with backup (quarantined).
C:\VundoFix Backups\cbxurqq.dll.bad -> Adware.Virtumonde : Cleaned with backup (quarantined).
C:\VundoFix Backups\cbxvsrr.dll.bad -> Adware.Virtumonde : Cleaned with backup (quarantined).
C:\VundoFix Backups\cbxvwtu.dll.bad -> Adware.Virtumonde : Cleaned with backup (quarantined).
C:\VundoFix Backups\cbxwxyw.dll.bad -> Adware.Virtumonde : Cleaned with backup (quarantined).
C:\VundoFix Backups\cbxxvvs.dll.bad -> Adware.Virtumonde : Cleaned with backup (quarantined).
C:\VundoFix Backups\cbxxyvw.dll.bad -> Adware.Virtumonde : Cleaned with backup (quarantined).
C:\VundoFix Backups\cbxyxvw.dll.bad -> Adware.Virtumonde : Cleaned with backup (quarantined).
C:\VundoFix Backups\ddcawtq.dll.bad -> Adware.Virtumonde : Cleaned with backup (quarantined).
C:\VundoFix Backups\ddcbyxu.dll.bad -> Adware.Virtumonde : Cleaned with backup (quarantined).
C:\VundoFix Backups\ddcccax.dll.bad -> Adware.Virtumonde : Cleaned with backup (quarantined).
C:\VundoFix Backups\ddcywxv.dll.bad -> Adware.Virtumonde : Cleaned with backup (quarantined).
C:\VundoFix Backups\ddcyxvv.dll.bad -> Adware.Virtumonde : Cleaned with backup (quarantined).
C:\VundoFix Backups\ddcyxwt.dll.bad -> Adware.Virtumonde : Cleaned with backup (quarantined).
C:\VundoFix Backups\efcayyx.dll.bad -> Adware.Virtumonde : Cleaned with backup (quarantined).
C:\VundoFix Backups\efcbaxy.dll.bad -> Adware.Virtumonde : Cleaned with backup (quarantined).
C:\VundoFix Backups\efcbcbc.dll.bad -> Adware.Virtumonde : Cleaned with backup (quarantined).
C:\VundoFix Backups\efccbaw.dll.bad -> Adware.Virtumonde : Cleaned with backup (quarantined).
C:\VundoFix Backups\efcdeda.dll.bad -> Adware.Virtumonde : Cleaned with backup (quarantined).
C:\VundoFix Backups\efcyywu.dll.bad -> Adware.Virtumonde : Cleaned with backup (quarantined).
C:\VundoFix Backups\fccawvt.dll.bad -> Adware.Virtumonde : Cleaned with backup (quarantined).
C:\VundoFix Backups\fccayxu.dll.bad -> Adware.Virtumonde : Cleaned with backup (quarantined).
C:\VundoFix Backups\fccbyvt.dll.bad -> Adware.Virtumonde : Cleaned with backup (quarantined).
C:\VundoFix Backups\fccccba.dll.bad -> Adware.Virtumonde : Cleaned with backup (quarantined).
C:\VundoFix Backups\fcccddc.dll.bad -> Adware.Virtumonde : Cleaned with backup (quarantined).
C:\VundoFix Backups\fccdbbx.dll.bad -> Adware.Virtumonde : Cleaned with backup (quarantined).
C:\VundoFix Backups\gebabba.dll.bad -> Adware.Virtumonde : Cleaned with backup (quarantined).
C:\VundoFix Backups\gebbcyy.dll.bad -> Adware.Virtumonde : Cleaned with backup (quarantined).
C:\VundoFix Backups\gebyayy.dll.bad -> Adware.Virtumonde : Cleaned with backup (quarantined).
C:\VundoFix Backups\hggecca.dll.bad -> Adware.Virtumonde : Cleaned with backup (quarantined).
C:\VundoFix Backups\iifcaby.dll.bad -> Adware.Virtumonde : Cleaned with backup (quarantined).
C:\VundoFix Backups\iifffeb.dll.bad -> Adware.Virtumonde : Cleaned with backup (quarantined).
C:\VundoFix Backups\jkkjihe.dll.bad -> Adware.Virtumonde : Cleaned with backup (quarantined).
C:\VundoFix Backups\jkkkjhe.dll.bad -> Adware.Virtumonde : Cleaned with backup (quarantined).
C:\VundoFix Backups\jkkllih.dll.bad -> Adware.Virtumonde : Cleaned with backup (quarantined).
C:\VundoFix Backups\khfcbaa.dll.bad -> Adware.Virtumonde : Cleaned with backup (quarantined).
C:\VundoFix Backups\khfddef.dll.bad -> Adware.Virtumonde : Cleaned with backup (quarantined).
C:\VundoFix Backups\khffccd.dll.bad -> Adware.Virtumonde : Cleaned with backup (quarantined).
C:\VundoFix Backups\ljjgdba.dll.bad -> Adware.Virtumonde : Cleaned with backup (quarantined).
C:\VundoFix Backups\ljjggfg.dll.bad -> Adware.Virtumonde : Cleaned with backup (quarantined).
C:\VundoFix Backups\mljgded.dll.bad -> Adware.Virtumonde : Cleaned with backup (quarantined).
C:\VundoFix Backups\mljgffd.dll.bad -> Adware.Virtumonde : Cleaned with backup (quarantined).
C:\VundoFix Backups\mljgggd.dll.bad -> Adware.Virtumonde : Cleaned with backup (quarantined).
C:\VundoFix Backups\mljhihf.dll.bad -> Adware.Virtumonde : Cleaned with backup (quarantined).
C:\VundoFix Backups\mljjkhf.dll.bad -> Adware.Virtumonde : Cleaned with backup (quarantined).
C:\VundoFix Backups\mljkjii.dll.bad -> Adware.Virtumonde : Cleaned with backup (quarantined).
C:\VundoFix Backups\nnnkihe.dll.bad -> Adware.Virtumonde : Cleaned with backup (quarantined).
C:\VundoFix Backups\nnnlljg.dll.bad -> Adware.Virtumonde : Cleaned with backup (quarantined).
C:\VundoFix Backups\nnnmnkl.dll.bad -> Adware.Virtumonde : Cleaned with backup (quarantined).
C:\VundoFix Backups\nnnnonm.dll.bad -> Adware.Virtumonde : Cleaned with backup (quarantined).
C:\VundoFix Backups\opnnkhg.dll.bad -> Adware.Virtumonde : Cleaned with backup (quarantined).
C:\VundoFix Backups\opnnkhh.dll.bad -> Adware.Virtumonde : Cleaned with backup (quarantined).
C:\VundoFix Backups\opnolif.dll.bad -> Adware.Virtumonde : Cleaned with backup (quarantined).
C:\VundoFix Backups\pmnllli.dll.bad -> Adware.Virtumonde : Cleaned with backup (quarantined).
C:\VundoFix Backups\pmnllmm.dll.bad -> Adware.Virtumonde : Cleaned with backup (quarantined).
C:\VundoFix Backups\pmnmljk.dll.bad -> Adware.Virtumonde : Cleaned with backup (quarantined).
C:\VundoFix Backups\pmnopnn.dll.bad -> Adware.Virtumonde : Cleaned with backup (quarantined).
C:\VundoFix Backups\qomjjih.dll.bad -> Adware.Virtumonde : Cleaned with backup (quarantined).
C:\VundoFix Backups\rqrqrol.dll.bad -> Adware.Virtumonde : Cleaned with backup (quarantined).
C:\VundoFix Backups\ssqnmnm.dll.bad -> Adware.Virtumonde : Cleaned with backup (quarantined).
C:\VundoFix Backups\ssqolih.dll.bad -> Adware.Virtumonde : Cleaned with backup (quarantined).
C:\VundoFix Backups\ssqoool.dll.bad -> Adware.Virtumonde : Cleaned with backup (quarantined).
C:\VundoFix Backups\ssqpqpq.dll.bad -> Adware.Virtumonde : Cleaned with backup (quarantined).
C:\VundoFix Backups\ssqqnol.dll.bad -> Adware.Virtumonde : Cleaned with backup (quarantined).
C:\VundoFix Backups\tuvsppp.dll.bad -> Adware.Virtumonde : Cleaned with backup (quarantined).
C:\VundoFix Backups\tuvsstt.dll.bad -> Adware.Virtumonde : Cleaned with backup (quarantined).
C:\VundoFix Backups\tuvstqr.dll.bad -> Adware.Virtumonde : Cleaned with backup (quarantined).
C:\VundoFix Backups\tuvtqoo.dll.bad -> Adware.Virtumonde : Cleaned with backup (quarantined).
C:\VundoFix Backups\tuvutqo.dll.bad -> Adware.Virtumonde : Cleaned with backup (quarantined).
C:\VundoFix Backups\tuvvsro.dll.bad -> Adware.Virtumonde : Cleaned with backup (quarantined).
C:\VundoFix Backups\urqnonk.dll.bad -> Adware.Virtumonde : Cleaned with backup (quarantined).
C:\VundoFix Backups\urqomnm.dll.bad -> Adware.Virtumonde : Cleaned with backup (quarantined).
C:\VundoFix Backups\urqpnon.dll.bad -> Adware.Virtumonde : Cleaned with backup (quarantined).
C:\VundoFix Backups\urqrqon.dll.bad -> Adware.Virtumonde : Cleaned with backup (quarantined).
C:\VundoFix Backups\vtuvvww.dll.bad -> Adware.Virtumonde : Cleaned with backup (quarantined).
C:\VundoFix Backups\wvurssp.dll.bad -> Adware.Virtumonde : Cleaned with backup (quarantined).
C:\VundoFix Backups\wvutrrq.dll.bad -> Adware.Virtumonde : Cleaned with backup (quarantined).
C:\VundoFix Backups\wvutuss.dll.bad -> Adware.Virtumonde : Cleaned with backup (quarantined).
C:\VundoFix Backups\wvuurrr.dll.bad -> Adware.Virtumonde : Cleaned with backup (quarantined).
C:\VundoFix Backups\wvuuvsr.dll.bad -> Adware.Virtumonde : Cleaned with backup (quarantined).
C:\VundoFix Backups\xxyvtqo.dll.bad -> Adware.Virtumonde : Cleaned with backup (quarantined).
C:\VundoFix Backups\xxyvttq.dll.bad -> Adware.Virtumonde : Cleaned with backup (quarantined).
C:\VundoFix Backups\xxyvvuu.dll.bad -> Adware.Virtumonde : Cleaned with backup (quarantined).
C:\VundoFix Backups\xxyxutr.dll.bad -> Adware.Virtumonde : Cleaned with backup (quarantined).
C:\VundoFix Backups\yayvttt.dll.bad -> Adware.Virtumonde : Cleaned with backup (quarantined).
C:\VundoFix Backups\yayvwxu.dll.bad -> Adware.Virtumonde : Cleaned with backup (quarantined).
C:\VundoFix Backups\yaywwxx.dll.bad -> Adware.Virtumonde : Cleaned with backup (quarantined).
C:\VundoFix Backups\yayxxxy.dll.bad -> Adware.Virtumonde : Cleaned with backup (quarantined).
C:\WINDOWS\system32\khffecc.dll -> Adware.Virtumonde : Cleaned with backup (quarantined).
C:\WINDOWS\system32\mljigef.dll -> Adware.Virtumonde : Cleaned with backup (quarantined).
C:\Program Files\MSN Messenger\msnmsgr.exe -> Backdoor.MSNMaker.ag : Cleaned with backup (quarantined).
:mozilla.202:C:\Documents and Settings\Win XP\Application Data\Mozilla\Firefox\Profiles\ikmi61ac.default\cookies.txt -> TrackingCookie.247realmedia : Cleaned.
:mozilla.94:C:\Documents and Settings\Graham\Application Data\Mozilla\Firefox\Profiles\1altqh4q.default\cookies.txt -> TrackingCookie.247realmedia : Cleaned.
:mozilla.95:C:\Documents and Settings\Graham\Application Data\Mozilla\Firefox\Profiles\1altqh4q.default\cookies.txt -> TrackingCookie.247realmedia : Cleaned.
C:\Documents and Settings\Win XP\Cookies\win_xp@247realmedia[1].txt -> TrackingCookie.247realmedia : Cleaned.
:mozilla.100:C:\Documents and Settings\Win XP\Application Data\Mozilla\Firefox\Profiles\ikmi61ac.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.129:C:\Documents and Settings\Graham\Application Data\Mozilla\Firefox\Profiles\1altqh4q.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.130:C:\Documents and Settings\Graham\Application Data\Mozilla\Firefox\Profiles\1altqh4q.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.131:C:\Documents and Settings\Graham\Application Data\Mozilla\Firefox\Profiles\1altqh4q.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.132:C:\Documents and Settings\Graham\Application Data\Mozilla\Firefox\Profiles\1altqh4q.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.298:C:\Documents and Settings\Win XP\Application Data\Mozilla\Firefox\Profiles\ikmi61ac.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.487:C:\Documents and Settings\Win XP\Application Data\Mozilla\Firefox\Profiles\ikmi61ac.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.511:C:\Documents and Settings\Win XP\Application Data\Mozilla\Firefox\Profiles\ikmi61ac.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.514:C:\Documents and Settings\Win XP\Application Data\Mozilla\Firefox\Profiles\ikmi61ac.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.65:C:\Documents and Settings\Dave the duck\Application Data\Mozilla\Firefox\Profiles\pegb546w.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.7:C:\Documents and Settings\Dave the duck\Application Data\Mozilla\Firefox\Profiles\pegb546w.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.8:C:\Documents and Settings\Dave the duck\Application Data\Mozilla\Firefox\Profiles\pegb546w.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.90:C:\Documents and Settings\Win XP\Application Data\Mozilla\Firefox\Profiles\ikmi61ac.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.91:C:\Documents and Settings\Win XP\Application Data\Mozilla\Firefox\Profiles\ikmi61ac.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.92:C:\Documents and Settings\Win XP\Application Data\Mozilla\Firefox\Profiles\ikmi61ac.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.93:C:\Documents and Settings\Win XP\Application Data\Mozilla\Firefox\Profiles\ikmi61ac.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.94:C:\Documents and Settings\Win XP\Application Data\Mozilla\Firefox\Profiles\ikmi61ac.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.95:C:\Documents and Settings\Win XP\Application Data\Mozilla\Firefox\Profiles\ikmi61ac.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.96:C:\Documents and Settings\Win XP\Application Data\Mozilla\Firefox\Profiles\ikmi61ac.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.97:C:\Documents and Settings\Win XP\Application Data\Mozilla\Firefox\Profiles\ikmi61ac.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.98:C:\Documents and Settings\Win XP\Application Data\Mozilla\Firefox\Profiles\ikmi61ac.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.99:C:\Documents and Settings\Win XP\Application Data\Mozilla\Firefox\Profiles\ikmi61ac.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Dave the duck\Cookies\dave_the_duck@2o7[2].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Dave the duck\Cookies\dave_the_duck@2o7[3].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Dave the duck\Cookies\dave_the_duck@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Graham\Cookies\graham@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Win XP\Cookies\win_xp@2o7[2].txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.304:C:\Documents and Settings\Win XP\Application Data\Mozilla\Firefox\Profiles\ikmi61ac.default\cookies.txt -> TrackingCookie.Aavalue : Cleaned.
:mozilla.430:C:\Documents and Settings\Win XP\Application Data\Mozilla\Firefox\Profiles\ikmi61ac.default\cookies.txt -> TrackingCookie.Aavalue : Cleaned.
:mozilla.431:C:\Documents and Settings\Win XP\Application Data\Mozilla\Firefox\Profiles\ikmi61ac.default\cookies.txt -> TrackingCookie.Aavalue : Cleaned.
:mozilla.432:C:\Documents and Settings\Win XP\Application Data\Mozilla\Firefox\Profiles\ikmi61ac.default\cookies.txt -> TrackingCookie.Aavalue : Cleaned.
:mozilla.433:C:\Documents and Settings\Win XP\Application Data\Mozilla\Firefox\Profiles\ikmi61ac.default\cookies.txt -> TrackingCookie.Aavalue : Cleaned.
:mozilla.654:C:\Documents and Settings\Win XP\Application Data\Mozilla\Firefox\Profiles\ikmi61ac.default\cookies.txt -> TrackingCookie.Aavalue : Cleaned.
:mozilla.655:C:\Documents and Settings\Win XP\Application Data\Mozilla\Firefox\Profiles\ikmi61ac.default\cookies.txt -> TrackingCookie.Aavalue : Cleaned.
:mozilla.656:C:\Documents and Settings\Win XP\Application Data\Mozilla\Firefox\Profiles\ikmi61ac.default\cookies.txt -> TrackingCookie.Aavalue : Cleaned.
C:\Documents and Settings\Graham\Cookies\graham@www.abcsearch[1].txt -> TrackingCookie.Abcsearch : Cleaned.
C:\Documents and Settings\Sharon\Cookies\sharon@www.abcsearch[1].txt -> TrackingCookie.Abcsearch : Cleaned.
:mozilla.153:C:\Documents and Settings\Win XP\Application Data\Mozilla\Firefox\Profiles\ikmi61ac.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.154:C:\Documents and Settings\Win XP\Application Data\Mozilla\Firefox\Profiles\ikmi61ac.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.156:C:\Documents and Settings\Win XP\Application Data\Mozilla\Firefox\Profiles\ikmi61ac.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.157:C:\Documents and Settings\Win XP\Application Data\Mozilla\Firefox\Profiles\ikmi61ac.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.158:C:\Documents and Settings\Win XP\Application Data\Mozilla\Firefox\Profiles\ikmi61ac.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.200:C:\Documents and Settings\Win XP\Application Data\Mozilla\Firefox\Profiles\ikmi61ac.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.201:C:\Documents and Settings\Win XP\Application Data\Mozilla\Firefox\Profiles\ikmi61ac.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.224:C:\Documents and Settings\Graham\Application Data\Mozilla\Firefox\Profiles\1altqh4q.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.225:C:\Documents and Settings\Graham\Application Data\Mozilla\Firefox\Profiles\1altqh4q.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.314:C:\Documents and Settings\Win XP\Application Data\Mozilla\Firefox\Profiles\ikmi61ac.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
C:\Documents and Settings\Dave the duck\Cookies\dave_the_duck@adbrite[2].txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.241:C:\Documents and Settings\Sharon\Application Data\Mozilla\Firefox\Profiles\2pbjyck7.default\cookies.txt -> TrackingCookie.Adjuggler : Cleaned.
:mozilla.242:C:\Documents and Settings\Sharon\Application Data\Mozilla\Firefox\Profiles\2pbjyck7.default\cookies.txt -> TrackingCookie.Adjuggler : Cleaned.
:mozilla.243:C:\Documents and Settings\Sharon\Application Data\Mozilla\Firefox\Profiles\2pbjyck7.default\cookies.txt -> TrackingCookie.Adjuggler : Cleaned.
:mozilla.244:C:\Documents and Settings\Sharon\Application Data\Mozilla\Firefox\Profiles\2pbjyck7.default\cookies.txt -> TrackingCookie.Adjuggler : Cleaned.
:mozilla.245:C:\Documents and Settings\Sharon\Application Data\Mozilla\Firefox\Profiles\2pbjyck7.default\cookies.txt -> TrackingCookie.Adjuggler : Cleaned.
:mozilla.264:C:\Documents and Settings\Win XP\Application Data\Mozilla\Firefox\Profiles\ikmi61ac.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.265:C:\Documents and Settings\Win XP\Application Data\Mozilla\Firefox\Profiles\ikmi61ac.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.266:C:\Documents and Settings\Win XP\Application Data\Mozilla\Firefox\Profiles\ikmi61ac.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.267:C:\Documents and Settings\Win XP\Application Data\Mozilla\Firefox\Profiles\ikmi61ac.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.268:C:\Documents and Settings\Win XP\Application Data\Mozilla\Firefox\Profiles\ikmi61ac.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.269:C:\Documents and Settings\Win XP\Application Data\Mozilla\Firefox\Profiles\ikmi61ac.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.276:C:\Documents and Settings\Sharon\Application Data\Mozilla\Firefox\Profiles\2pbjyck7.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.277:C:\Documents and Settings\Sharon\Application Data\Mozilla\Firefox\Profiles\2pbjyck7.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.278:C:\Documents and Settings\Sharon\Application Data\Mozilla\Firefox\Profiles\2pbjyck7.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.35:C:\Documents and Settings\Graham\Application Data\Mozilla\Firefox\Profiles\1altqh4q.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.36:C:\Documents and Settings\Graham\Application Data\Mozilla\Firefox\Profiles\1altqh4q.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.37:C:\Documents and Settings\Graham\Application Data\Mozilla\Firefox\Profiles\1altqh4q.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.38:C:\Documents and Settings\Graham\Application Data\Mozilla\Firefox\Profiles\1altqh4q.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.39:C:\Documents and Settings\Graham\Application Data\Mozilla\Firefox\Profiles\1altqh4q.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.40:C:\Documents and Settings\Graham\Application Data\Mozilla\Firefox\Profiles\1altqh4q.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.80:C:\Documents and Settings\Sharon\Application Data\Mozilla\Firefox\Profiles\2pbjyck7.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.81:C:\Documents and Settings\Sharon\Application Data\Mozilla\Firefox\Profiles\2pbjyck7.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.82:C:\Documents and Settings\Sharon\Application Data\Mozilla\Firefox\Profiles\2pbjyck7.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.83:C:\Documents and Settings\Sharon\Application Data\Mozilla\Firefox\Profiles\2pbjyck7.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.84:C:\Documents and Settings\Sharon\Application Data\Mozilla\Firefox\Profiles\2pbjyck7.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.85:C:\Documents and Settings\Sharon\Application Data\Mozilla\Firefox\Profiles\2pbjyck7.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
C:\Documents and Settings\Win XP\Cookies\win_xp@adrevolver[2].txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.37:C:\Documents and Settings\Win XP\Application Data\Mozilla\Firefox\Profiles\ikmi61ac.default\cookies.txt -> TrackingCookie.Adtech : Cleaned.
:mozilla.38:C:\Documents and Settings\Win XP\Application Data\Mozilla\Firefox\Profiles\ikmi61ac.default\cookies.txt -> TrackingCookie.Adtech : Cleaned.
:mozilla.82:C:\Documents and Settings\Graham\Application Data\Mozilla\Firefox\Profiles\1altqh4q.default\cookies.txt -> TrackingCookie.Adtech : Cleaned.
:mozilla.83:C:\Documents and Settings\Graham\Application Data\Mozilla\Firefox\Profiles\1altqh4q.default\cookies.txt -> TrackingCookie.Adtech : Cleaned.
C:\Documents and Settings\Win XP\Cookies\win_xp@adtech[2].txt -> TrackingCookie.Adtech : Cleaned.
:mozilla.253:C:\Documents and Settings\Win XP\Application Data\Mozilla\Firefox\Profiles\ikmi61ac.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.254:C:\Documents and Settings\Win XP\Application Data\Mozilla\Firefox\Profiles\ikmi61ac.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.255:C:\Documents and Settings\Win XP\Application Data\Mozilla\Firefox\Profiles\ikmi61ac.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.382:C:\Documents and Settings\Sharon\Application Data\Mozilla\Firefox\Profiles\2pbjyck7.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.383:C:\Documents and Settings\Sharon\Application Data\Mozilla\Firefox\Profiles\2pbjyck7.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.73:C:\Documents and Settings\Graham\Application Data\Mozilla\Firefox\Profiles\1altqh4q.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.74:C:\Documents and Settings\Graham\Application Data\Mozilla\Firefox\Profiles\1altqh4q.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.75:C:\Documents and Settings\Graham\Application Data\Mozilla\Firefox\Profiles\1altqh4q.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.76:C:\Documents and Settings\Graham\Application Data\Mozilla\Firefox\Profiles\1altqh4q.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.85:C:\Documents and Settings\Dave the duck\Application Data\Mozilla\Firefox\Profiles\pegb546w.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.86:C:\Documents and Settings\Dave the duck\Application Data\Mozilla\Firefox\Profiles\pegb546w.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.87:C:\Documents and Settings\Dave the duck\Application Data\Mozilla\Firefox\Profiles\pegb546w.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
C:\Documents and Settings\Graham\Cookies\graham@advertising[2].txt -> TrackingCookie.Advertising : Cleaned.
C:\Documents and Settings\Win XP\Cookies\win_xp@advertising[1].txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.200:C:\Documents and Settings\Graham\Application Data\Mozilla\Firefox\Profiles\1altqh4q.default\cookies.txt -> TrackingCookie.Adviva : Cleaned.
:mozilla.22:C:\Documents and Settings\Graham\Application Data\Mozilla\Firefox\Profiles\1altqh4q.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
:mozilla.32:C:\Documents and Settings\Win XP\Application Data\Mozilla\Firefox\Profiles\ikmi61ac.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
:mozilla.385:C:\Documents and Settings\Sharon\Application Data\Mozilla\Firefox\Profiles\2pbjyck7.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
:mozilla.41:C:\Documents and Settings\Dave the duck\Application Data\Mozilla\Firefox\Profiles\pegb546w.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
C:\Documents and Settings\Dave the duck\Cookies\dave_the_duck@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned.
C:\Documents and Settings\Graham\Cookies\graham@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned.
C:\Documents and Settings\Win XP\Cookies\win_xp@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned.
:mozilla.34:C:\Documents and Settings\Dave the duck\Application Data\Mozilla\Firefox\Profiles\pegb546w.default\cookies.txt -> TrackingCookie.Bfast : Cleaned.
C:\Documents and Settings\Dave the duck\Cookies\dave_the_duck@bfast[1].txt -> TrackingCookie.Bfast : Cleaned.
C:\Documents and Settings\Graham\Cookies\graham@bfast[2].txt -> TrackingCookie.Bfast : Cleaned.
C:\Documents and Settings\Win XP\Cookies\win_xp@bfast[1].txt -> TrackingCookie.Bfast : Cleaned.
C:\Documents and Settings\Graham\Cookies\graham@bluestreak[1].txt -> TrackingCookie.Bluestreak : Cleaned.
:mozilla.122:C:\Documents and Settings\Sharon\Application Data\Mozilla\Firefox\Profiles\2pbjyck7.default\cookies.txt -> TrackingCookie.Burstbeacon : Cleaned.
:mozilla.38:C:\Documents and Settings\Dave the duck\Application Data\Mozilla\Firefox\Profiles\pegb546w.default\cookies.txt -> TrackingCookie.Burstbeacon : Cleaned.
:mozilla.116:C:\Documents and Settings\Sharon\Application Data\Mozilla\Firefox\Profiles\2pbjyck7.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.117:C:\Documents and Settings\Sharon\Application Data\Mozilla\Firefox\Profiles\2pbjyck7.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.118:C:\Documents and Settings\Sharon\Application Data\Mozilla\Firefox\Profiles\2pbjyck7.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.119:C:\Documents and Settings\Sharon\Application Data\Mozilla\Firefox\Profiles\2pbjyck7.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.223:C:\Documents and Settings\Win XP\Application Data\Mozilla\Firefox\Profiles\ikmi61ac.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.224:C:\Documents and Settings\Win XP\Application Data\Mozilla\Firefox\Profiles\ikmi61ac.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.225:C:\Documents and Settings\Win XP\Application Data\Mozilla\Firefox\Profiles\ikmi61ac.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.31:C:\Documents and Settings\Dave the duck\Application Data\Mozilla\Firefox\Profiles\pegb546w.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.33:C:\Documents and Settings\Dave the duck\Application Data\Mozilla\Firefox\Profiles\pegb546w.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
C:\Documents and Settings\Dave the duck\Cookies\dave_the_duck@burstnet[2].txt -> TrackingCookie.Burstnet : Cleaned.
C:\Documents and Settings\Dave the duck\Cookies\dave_the_duck@www.burstnet[1].txt -> TrackingCookie.Burstnet : Cleaned.
C:\Documents and Settings\Sharon\Cookies\sharon@burstnet[1].txt -> TrackingCookie.Burstnet : Cleaned.
C:\Documents and Settings\Sharon\Cookies\sharon@www.burstnet[2].txt -> TrackingCookie.Burstnet : Cleaned.
C:\Documents and Settings\Win XP\Cookies\win_xp@burstnet[2].txt -> TrackingCookie.Burstnet : Cleaned.
C:\Documents and Settings\Win XP\Cookies\win_xp@www.burstnet[2].txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.224:C:\Documents and Settings\Sharon\Application Data\Mozilla\Firefox\Profiles\2pbjyck7.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.225:C:\Documents and Settings\Sharon\Application Data\Mozilla\Firefox\Profiles\2pbjyck7.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.226:C:\Documents and Settings\Sharon\Application Data\Mozilla\Firefox\Profiles\2pbjyck7.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.227:C:\Documents and Settings\Sharon\Application Data\Mozilla\Firefox\Profiles\2pbjyck7.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.228:C:\Documents and Settings\Sharon\Application Data\Mozilla\Firefox\Profiles\2pbjyck7.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.229:C:\Documents and Settings\Sharon\Application Data\Mozilla\Firefox\Profiles\2pbjyck7.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
C:\Documents and Settings\Dave the duck\Cookies\dave_the_duck@casalemedia[2].txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.356:C:\Documents and Settings\Win XP\Application Data\Mozilla\Firefox\Profiles\ikmi61ac.default\cookies.txt -> TrackingCookie.Centrport : Cleaned.
C:\Documents and Settings\Graham\Cookies\graham@clickbank[2].txt -> TrackingCookie.Clickbank : Cleaned.
C:\Documents and Settings\Dave the duck\Cookies\dave_the_duck@ad1.clickhype[1].txt -> TrackingCookie.Clickhype : Cleaned.
:mozilla.293:C:\Documents and Settings\Sharon\Application Data\Mozilla\Firefox\Profiles\2pbjyck7.default\cookies.txt -> TrackingCookie.Com : Cleaned.
:mozilla.343:C:\Documents and Settings\Win XP\Application Data\Mozilla\Firefox\Profiles\ikmi61ac.default\cookies.txt -> TrackingCookie.Com : Cleaned.
:mozilla.344:C:\Documents and Settings\Win XP\Application Data\Mozilla\Firefox\Profiles\ikmi61ac.default\cookies.txt -> TrackingCookie.Com : Cleaned.
:mozilla.362:C:\Documents and Settings\Win XP\Application Data\Mozilla\Firefox\Profiles\ikmi61ac.default\cookies.txt -> TrackingCookie.Com : Cleaned.
C:\Documents and Settings\Sharon\Cookies\sharon@com[1].txt -> TrackingCookie.Com : Cleaned.
:mozilla.135:C:\Documents and Settings\Graham\Application Data\Mozilla\Firefox\Profiles\1altqh4q.default\cookies.txt -> TrackingCookie.Connextra : Cleaned.
:mozilla.136:C:\Documents and Settings\Graham\Application Data\Mozilla\Firefox\Profiles\1altqh4q.default\cookies.txt -> TrackingCookie.Connextra : Cleaned.
:mozilla.137:C:\Documents and Settings\Graham\Application Data\Mozilla\Firefox\Profiles\1altqh4q.default\cookies.txt -> TrackingCookie.Connextra : Cleaned.
:mozilla.165:C:\Documents and Settings\Win XP\Application Data\Mozilla\Firefox\Profiles\ikmi61ac.default\cookies.txt -> TrackingCookie.Connextra : Cleaned.
:mozilla.166:C:\Documents and Settings\Win XP\Application Data\Mozilla\Firefox\Profiles\ikmi61ac.default\cookies.txt -> TrackingCookie.Connextra : Cleaned.
:mozilla.167:C:\Documents and Settings\Win XP\Application Data\Mozilla\Firefox\Profiles\ikmi61ac.default\cookies.txt -> TrackingCookie.Connextra : Cleaned.
:mozilla.168:C:\Documents and Settings\Win XP\Application Data\Mozilla\Firefox\Profiles\ikmi61ac.default\cookies.txt -> TrackingCookie.Connextra : Cleaned.
:mozilla.169:C:\Documents and Settings\Win XP\Application Data\Mozilla\Firefox\Profiles\ikmi61ac.default\cookies.txt -> TrackingCookie.Connextra : Cleaned.
:mozilla.170:C:\Documents and Settings\Win XP\Application Data\Mozilla\Firefox\Profiles\ikmi61ac.default\cookies.txt -> TrackingCookie.Connextra : Cleaned.
:mozilla.214:C:\Documents and Settings\Win XP\Application Data\Mozilla\Firefox\Profiles\ikmi61ac.default\cookies.txt -> TrackingCookie.Connextra : Cleaned.
:mozilla.50:C:\Documents and Settings\Sharon\Application Data\Mozilla\Firefox\Profiles\2pbjyck7.default\cookies.txt -> TrackingCookie.Connextra : Cleaned.
:mozilla.51:C:\Documents and Settings\Sharon\Application Data\Mozilla\Firefox\Profiles\2pbjyck7.default\cookies.txt -> TrackingCookie.Connextra : Cleaned.
:mozilla.53:C:\Documents and Settings\Sharon\Application Data\Mozilla\Firefox\Profiles\2pbjyck7.default\cookies.txt -> TrackingCookie.Connextra : Cleaned.
C:\Documents and Settings\Dave the duck\Cookies\dave_the_duck@connextra[3].txt -> TrackingCookie.Connextra : Cleaned.
C:\Documents and Settings\Graham\Cookies\graham@connextra[3].txt -> TrackingCookie.Connextra : Cleaned.
C:\Documents and Settings\Sharon\Cookies\sharon@connextra[5].txt -> TrackingCookie.Connextra : Cleaned.
C:\Documents and Settings\Win XP\Cookies\win_xp@connextra[5].txt -> TrackingCookie.Connextra : Cleaned.
:mozilla.177:C:\Documents and Settings\Win XP\Application Data\Mozilla\Firefox\Profiles\ikmi61ac.default\cookies.txt -> TrackingCookie.Coremetrics : Cleaned.
C:\Documents and Settings\Dave the duck\Cookies\dave_the_duck@cpvfeed[2].txt -> TrackingCookie.Cpvfeed : Cleaned.
C:\Documents and Settings\Graham\Cookies\graham@cpvfeed[2].txt -> TrackingCookie.Cpvfeed : Cleaned.
C:\Documents and Settings\Sharon\Cookies\sharon@cpvfeed[1].txt -> TrackingCookie.Cpvfeed : Cleaned.
C:\Documents and Settings\Win XP\Cookies\win_xp@cpvfeed[2].txt -> TrackingCookie.Cpvfeed : Cleaned.
:mozilla.10:C:\Documents and Settings\Dave the duck\Application Data\Mozilla\Firefox\Profiles\pegb546w.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.16:C:\Documents and Settings\Graham\Application Data\Mozilla\Firefox\Profiles\1altqh4q.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.39:C:\Documents and Settings\Win XP\Application Data\Mozilla\Firefox\Profiles\ikmi61ac.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.40:C:\Documents and Settings\Win XP\Application Data\Mozilla\Firefox\Profiles\ikmi61ac.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.41:C:\Documents and Settings\Win XP\Application Data\Mozilla\Firefox\Profiles\ikmi61ac.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.
C:\Documents and Settings\Dave the duck\Cookies\dave_the_duck@doubleclick[2].txt -> TrackingCookie.Doubleclick : Cleaned.
C:\Documents and Settings\Graham\Cookies\graham@doubleclick[2].txt -> TrackingCookie.Doubleclick : Cleaned.
C:\Documents and Settings\Win XP\Cookies\win_xp@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.103:C:\Documents and Settings\Sharon\Application Data\Mozilla\Firefox\Profiles\2pbjyck7.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.243:C:\Documents and Settings\Graham\Application Data\Mozilla\Firefox\Profiles\1altqh4q.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.254:C:\Documents and Settings\Sharon\Application Data\Mozilla\Firefox\Profiles\2pbjyck7.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.258:C:\Documents and Settings\Graham\Application Data\Mozilla\Firefox\Profiles\1altqh4q.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.259:C:\Documents and Settings\Graham\Application Data\Mozilla\Firefox\Profiles\1altqh4q.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.282:C:\Documents and Settings\Graham\Application Data\Mozilla\Firefox\Profiles\1altqh4q.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.283:C:\Documents and Settings\Graham\Application Data\Mozilla\Firefox\Profiles\1altqh4q.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.284:C:\Documents and Settings\Graham\Application Data\Mozilla\Firefox\Profiles\1altqh4q.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.286:C:\Documents and Settings\Sharon\Application Data\Mozilla\Firefox\Profiles\2pbjyck7.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.381:C:\Documents and Settings\Win XP\Application Data\Mozilla\Firefox\Profiles\ikmi61ac.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.382:C:\Documents and Settings\Win XP\Application Data\Mozilla\Firefox\Profiles\ikmi61ac.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.383:C:\Documents and Settings\Win XP\Application Data\Mozilla\Firefox\Profiles\ikmi61ac.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.384:C:\Documents and Settings\Win XP\Application Data\Mozilla\Firefox\Profiles\ikmi61ac.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.385:C:\Documents and Settings\Win XP\Application Data\Mozilla\Firefox\Profiles\ikmi61ac.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.386:C:\Documents and Settings\Win XP\Application Data\Mozilla\Firefox\Profiles\ikmi61ac.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.387:C:\Documents and Settings\Win XP\Application Data\Mozilla\Firefox\Profiles\ikmi61ac.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.388:C:\Documents and Settings\Win XP\Application Data\Mozilla\Firefox\Profiles\ikmi61ac.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.389:C:\Documents and Settings\Win XP\Application Data\Mozilla\Firefox\Profiles\ikmi61ac.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.390:C:\Documents and Settings\Win XP\Application Data\Mozilla\Firefox\Profiles\ikmi61ac.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.391:C:\Documents and Settings\Win XP\Application Data\Mozilla\Firefox\Profiles\ikmi61ac.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.392:C:\Documents and Settings\Win XP\Application Data\Mozilla\Firefox\Profiles\ikmi61ac.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.393:C:\Documents and Settings\Win XP\Application Data\Mozilla\Firefox\Profiles\ikmi61ac.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.394:C:\Documents and Settings\Win XP\Application Data\Mozilla\Firefox\Profiles\ikmi61ac.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.395:C:\Documents and Settings\Win XP\Application Data\Mozilla\Firefox\Profiles\ikmi61ac.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.396:C:\Documents and Settings\Win XP\Application Data\Mozilla\Firefox\Profiles\ikmi61ac.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.101:C:\Documents and Settings\Dave the duck\Application Data\Mozilla\Firefox\Profiles\pegb546w.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.102:C:\Documents and Settings\Dave the duck\Application Data\Mozilla\Firefox\Profiles\pegb546w.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.104:C:\Documents and Settings\Dave the duck\Application Data\Mozilla\Firefox\Profiles\pegb546w.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.105:C:\Documents and Settings\Dave the duck\Application Data\Mozilla\Firefox\Profiles\pegb546w.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.246:C:\Documents and Settings\Win XP\Application Data\Mozilla\Firefox\Profiles\ikmi61ac.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.247:C:\Documents and Settings\Win XP\Application Data\Mozilla\Firefox\Profiles\ikmi61ac.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.248:C:\Documents and Settings\Graham\Application Data\Mozilla\Firefox\Profiles\1altqh4q.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.248:C:\Documents and Settings\Win XP\Application Data\Mozilla\Firefox\Profiles\ikmi61ac.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.249:C:\Documents and Settings\Graham\Application Data\Mozilla\Firefox\Profiles\1altqh4q.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.31:C:\Documents and Settings\Sharon\Application Data\Mozilla\Firefox\Profiles\2pbjyck7.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.32:C:\Documents and Settings\Sharon\Application Data\Mozilla\Firefox\Profiles\2pbjyck7.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.33:C:\Documents and Settings\Sharon\Application Data\Mozilla\Firefox\Profiles\2pbjyck7.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.34:C:\Documents and Settings\Sharon\Application Data\Mozilla\Firefox\Profiles\2pbjyck7.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
C:\Documents and Settings\Dave the duck\Cookies\dave_the_duck@adopt.euroclick[2].txt -> TrackingCookie.Euroclick : Cleaned.
C:\Documents and Settings\Sharon\Cookies\sharon@adopt.euroclick[2].txt -> TrackingCookie.Euroclick : Cleaned.
C:\Documents and Settings\Dave the duck\Cookies\dave_the_duck@as-eu.falkag[2].txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.179:C:\Documents and Settings\Win XP\Application Data\Mozilla\Firefox\Profiles\ikmi61ac.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.180:C:\Documents and Settings\Win XP\Application Data\Mozilla\Firefox\Profiles\ikmi61ac.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.181:C:\Documents and Settings\Win XP\Application Data\Mozilla\Firefox\Profiles\ikmi61ac.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.254:C:\Documents and Settings\Graham\Application Data\Mozilla\Firefox\Profiles\1altqh4q.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
C:\Documents and Settings\Dave the duck\Cookies\dave_the_duck@fastclick[2].txt -> TrackingCookie.Fastclick : Cleaned.
C:\Documents and Settings\Graham\Cookies\graham@fastclick[1].txt -> TrackingCookie.Fastclick : Cleaned.
C:\Documents and Settings\Win XP\Cookies\win_xp@fastclick[2].txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.317:C:\Documents and Settings\Sharon\Application Data\Mozilla\Firefox\Profiles\2pbjyck7.default\cookies.txt -> TrackingCookie.Fortunecity : Cleaned.
:mozilla.59:C:\Documents and Settings\Dave the duck\Application Data\Mozilla\Firefox\Profiles\pegb546w.default\cookies.txt -> TrackingCookie.Gemius : Cleaned.
:mozilla.334:C:\Documents and Settings\Graham\Application Data\Mozilla\Firefox\Profiles\1altqh4q.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.66:C:\Documents and Settings\Dave the duck\Application Data\Mozilla\Firefox\Profiles\pegb546w.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.67:C:\Documents and Settings\Dave the duck\Application Data\Mozilla\Firefox\Profiles\pegb546w.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.716:C:\Documents and Settings\Win XP\Application Data\Mozilla\Firefox\Profiles\ikmi61ac.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.717:C:\Documents and Settings\Win XP\Application Data\Mozilla\Firefox\Profiles\ikmi61ac.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.718:C:\Documents and Settings\Win XP\Application Data\Mozilla\Firefox\Profiles\ikmi61ac.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.719:C:\Documents and Settings\Win XP\Application Data\Mozilla\Firefox\Profiles\ikmi61ac.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.720:C:\Documents and Settings\Win XP\Application Data\Mozilla\Firefox\Profiles\ikmi61ac.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
C:\Documents and Settings\Sharon\Cookies\sharon@ehg-hollywood.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\Sharon\Cookies\sharon@hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.54:C:\Documents and Settings\Dave the duck\Application Data\Mozilla\Firefox\Profiles\pegb546w.default\cookies.txt -> TrackingCookie.Hotlog : Cleaned.
:mozilla.42:C:\Documents and Settings\Win XP\Application Data\Mozilla\Firefox\Profiles\ikmi61ac.default\cookies.txt -> TrackingCookie.Imrworldwide : Cleaned.
:mozilla.43:C:\Documents and Settings\Win XP\Application Data\Mozilla\Firefox\Profiles\ikmi61ac.default\cookies.txt -> TrackingCookie.Imrworldwide : Cleaned.
:mozilla.57:C:\Documents and Settings\Sharon\Application Data\Mozilla\Firefox\Profiles\2pbjyck7.default\cookies.txt -> TrackingCookie.Imrworldwide : Cleaned.
:mozilla.58:C:\Documents and Settings\Sharon\Application Data\Mozilla\Firefox\Profiles\2pbjyck7.default\cookies.txt -> TrackingCookie.Imrworldwide : Cleaned.
:mozilla.70:C:\Documents and Settings\Graham\Application Data\Mozilla\Firefox\Profiles\1altqh4q.default\cookies.txt -> TrackingCookie.Imrworldwide : Cleaned.
:mozilla.71:C:\Documents and Settings\Graham\Application Data\Mozilla\Firefox\Profiles\1altqh4q.default\cookies.txt -> TrackingCookie.Imrworldwide : Cleaned.
:mozilla.77:C:\Documents and Settings\Dave the duck\Application Data\Mozilla\Firefox\Profiles\pegb546w.default\cookies.txt -> TrackingCookie.Imrworldwide : Cleaned.
:mozilla.78:C:\Documents and Settings\Dave the duck\Application Data\Mozilla\Firefox\Profiles\pegb546w.default\cookies.txt -> TrackingCookie.Imrworldwide : Cleaned.
:mozilla.676:C:\Documents and Settings\Win XP\Application Data\Mozilla\Firefox\Profiles\ikmi61ac.default\cookies.txt -> TrackingCookie.Information : Cleaned.
:mozilla.209:C:\Documents and Settings\Graham\Application Data\Mozilla\Firefox\Profiles\1altqh4q.default\cookies.txt -> TrackingCookie.Intelli-direct : Cleaned.
:mozilla.464:C:\Documents and Settings\Win XP\Application Data\Mozilla\Firefox\Profiles\ikmi61ac.default\cookies.txt -> TrackingCookie.Intelli-direct : Cleaned.
C:\Documents and Settings\Dave the duck\Cookies\dave_the_duck@search.live[1].txt -> TrackingCookie.Live : Cleaned.
C:\Documents and Settings\Sharon\Cookies\sharon@search.live[2].txt -> TrackingCookie.Live : Cleaned.
C:\Documents and Settings\Win XP\Cookies\win_xp@search.live[1].txt -> TrackingCookie.Live : Cleaned.
:mozilla.328:C:\Documents and Settings\Graham\Application Data\Mozilla\Firefox\Profiles\1altqh4q.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.329:C:\Documents and Settings\Graham\Application Data\Mozilla\Firefox\Profiles\1altqh4q.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
C:\Documents and Settings\Dave the duck\Cookies\dave_the_duck@server.lon.liveperson[2].txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.108:C:\Documents and Settings\Win XP\Application Data\Mozilla\Firefox\Profiles\ikmi61ac.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.384:C:\Documents and Settings\Sharon\Application Data\Mozilla\Firefox\Profiles\2pbjyck7.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.78:C:\Documents and Settings\Graham\Application Data\Mozilla\Firefox\Profiles\1altqh4q.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned.
C:\Documents and Settings\Dave the duck\Cookies\dave_the_duck@mediaplex[1].txt -> TrackingCookie.Mediaplex : Cleaned.
C:\Documents and Settings\Graham\Cookies\graham@mediaplex[1].txt -> TrackingCookie.Mediaplex : Cleaned.
C:\Documents and Settings\Sharon\Cookies\sharon@mediaplex[1].txt -> TrackingCookie.Mediaplex : Cleaned.
C:\Documents and Settings\Win XP\Cookies\win_xp@mediaplex[1].txt -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.674:C:\Documents and Settings\Win XP\Application Data\Mozilla\Firefox\Profiles\ikmi61ac.default\cookies.txt -> TrackingCookie.Msn : Cleaned.
:mozilla.675:C:\Documents and Settings\Win XP\Application Data\Mozilla\Firefox\Profiles\ikmi61ac.default\cookies.txt -> TrackingCookie.Msn : Cleaned.
C:\Documents and Settings\Dave the duck\Cookies\dave_the_duck@search.msn[1].txt -> TrackingCookie.Msn : Cleaned.
C:\Documents and Settings\Dave the duck\Cookies\dave_the_duck@search.msn[2].txt -> TrackingCookie.Msn : Cleaned.
C:\Documents and Settings\Graham\Cookies\graham@www.myaffiliateprogram[1].txt -> TrackingCookie.Myaffiliateprogram : Cleaned.
:mozilla.26:C:\Documents and Settings\Sharon\Application Data\Mozilla\Firefox\Profiles\2pbjyck7.default\cookies.txt -> TrackingCookie.Netflame : Cleaned.
:mozilla.27:C:\Documents and Settings\Sharon\Application Data\Mozilla\Firefox\Profiles\2pbjyck7.default\cookies.txt -> TrackingCookie.Netflame : Cleaned.
C:\Documents and Settings\Sharon\Cookies\sharon@ssl-hints.netflame[2].txt -> TrackingCookie.Netflame : Cleaned.
:mozilla.303:C:\Documents and Settings\Graham\Application Data\Mozilla\Firefox\Profiles\1altqh4q.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.304:C:\Documents and Settings\Graham\Application Data\Mozilla\Firefox\Profiles\1altqh4q.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.506:C:\Documents and Settings\Win XP\Application Data\Mozilla\Firefox\Profiles\ikmi61ac.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.507:C:\Documents and Settings\Win XP\Application Data\Mozilla\Firefox\Profiles\ikmi61ac.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.508:C:\Documents and Settings\Win XP\Application Data\Mozilla\Firefox\Profiles\ikmi61ac.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.512:C:\Documents and Settings\Win XP\Application Data\Mozilla\Firefox\Profiles\ikmi61ac.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
C:\Documents and Settings\Dave the duck\Cookies\dave_the_duck@overture[1].txt -> TrackingCookie.Overture : Cleaned.
:mozilla.219:C:\Documents and Settings\Win XP\Application Data\Mozilla\Firefox\Profiles\ikmi61ac.default\cookies.txt -> TrackingCookie.Paypal : Cleaned.
:mozilla.338:C:\Documents and Settings\Graham\Application Data\Mozilla\Firefox\Profiles\1altqh4q.default\cookies.txt -> TrackingCookie.Paypal : Cleaned.
:mozilla.79:C:\Documents and Settings\Sharon\Application Data\Mozilla\Firefox\Profiles\2pbjyck7.default\cookies.txt -> TrackingCookie.Paypal : Cleaned.
C:\Documents and Settings\Win XP\Cookies\win_xp@www.paypal[1].txt -> TrackingCookie.Paypal : Cleaned.
:mozilla.203:C:\Documents and Settings\Graham\Application Data\Mozilla\Firefox\Profiles\1altqh4q.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.204:C:\Documents and Settings\Graham\Application Data\Mozilla\Firefox\Profiles\1altqh4q.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.205:C:\Documents and Settings\Graham\Application Data\Mozilla\Firefox\Profiles\1altqh4q.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.206:C:\Documents and Settings\Graham\Application Data\Mozilla\Firefox\Profiles\1altqh4q.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.325:C:\Documents and Settings\Win XP\Application Data\Mozilla\Firefox\Profiles\ikmi61ac.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.326:C:\Documents and Settings\Win XP\Application Data\Mozilla\Firefox\Profiles\ikmi61ac.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.327:C:\Documents and Settings\Win XP\Application Data\Mozilla\Firefox\Profiles\ikmi61ac.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.328:C:\Documents and Settings\Win XP\Application Data\Mozilla\Firefox\Profiles\ikmi61ac.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
C:\Documents and Settings\Graham\Cookies\graham@ads.pointroll[1].txt -> TrackingCookie.Pointroll : Cleaned.
C:\Documents and Settings\Graham\Cookies\graham@ads.pointroll[3].txt -> TrackingCookie.Pointroll : Cleaned.
C:\Documents and Settings\Sharon\Cookies\sharon@ads.pointroll[1].txt -> TrackingCookie.Pointroll : Cleaned.
C:\Documents and Settings\Win XP\Cookies\win_xp@ads.pointroll[1].txt -> TrackingCookie.Pointroll : Cleaned.
C:\Documents and Settings\Win XP\Cookies\win_xp@ads.pointroll[3].txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.522:C:\Documents and Settings\Win XP\Application Data\Mozilla\Firefox\Profiles\ikmi61ac.default\cookies.txt -> TrackingCookie.Pro-market : Cleaned.
:mozilla.523:C:\Documents and Settings\Win XP\Application Data\Mozilla\Firefox\Profiles\ikmi61ac.default\cookies.txt -> TrackingCookie.Pro-market : Cleaned.
:mozilla.133:C:\Documents and Settings\Graham\Application Data\Mozilla\Firefox\Profiles\1altqh4q.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.134:C:\Documents and Settings\Graham\Application Data\Mozilla\Firefox\Profiles\1altqh4q.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.36:C:\Documents and Settings\Dave the duck\Application Data\Mozilla\Firefox\Profiles\pegb546w.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.37:C:\Documents and Settings\Dave the duck\Application Data\Mozilla\Firefox\Profiles\pegb546w.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.526:C:\Documents and Settings\Win XP\Application Data\Mozilla\Firefox\Profiles\ikmi61ac.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.527:C:\Documents and Settings\Win XP\Application Data\Mozilla\Firefox\Profiles\ikmi61ac.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.528:C:\Documents and Settings\Win XP\Application Data\Mozilla\Firefox\Profiles\ikmi61ac.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.269:C:\Documents and Settings\Sharon\Application Data\Mozilla\Firefox\Profiles\2pbjyck7.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.316:C:\Documents and Settings\Graham\Application Data\Mozilla\Firefox\Profiles\1altqh4q.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.540:C:\Documents and Settings\Win XP\Application Data\Mozilla\Firefox\Profiles\ikmi61ac.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.541:C:\Documents and Settings\Win XP\Application Data\Mozilla\Firefox\Profiles\ikmi61ac.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.137:C:\Documents and Settings\Sharon\Application Data\Mozilla\Firefox\Profiles\2pbjyck7.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.138:C:\Documents and Settings\Graham\Application Data\Mozilla\Firefox\Profiles\1altqh4q.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.138:C:\Documents and Settings\Sharon\Application Data\Mozilla\Firefox\Profiles\2pbjyck7.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.139:C:\Documents and Settings\Graham\Application Data\Mozilla\Firefox\Profiles\1altqh4q.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.139:C:\Documents and Settings\Sharon\Application Data\Mozilla\Firefox\Profiles\2pbjyck7.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.140:C:\Documents and Settings\Graham\Application Data\Mozilla\Firefox\Profiles\1altqh4q.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.140:C:\Documents and Settings\Sharon\Application Data\Mozilla\Firefox\Profiles\2pbjyck7.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.141:C:\Documents and Settings\Graham\Application Data\Mozilla\Firefox\Profiles\1altqh4q.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.141:C:\Documents and Settings\Sharon\Application Data\Mozilla\Firefox\Profiles\2pbjyck7.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.142:C:\Documents and Settings\Graham\Application Data\Mozilla\Firefox\Profiles\1altqh4q.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.142:C:\Documents and Settings\Sharon\Application Data\Mozilla\Firefox\Profiles\2pbjyck7.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.143:C:\Documents and Settings\Graham\Application Data\Mozilla\Firefox\Profiles\1altqh4q.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.143:C:\Documents and Settings\Sharon\Application Data\Mozilla\Firefox\Profiles\2pbjyck7.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.144:C:\Documents and Settings\Graham\Application Data\Mozilla\Firefox\Profiles\1altqh4q.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.144:C:\Documents and Settings\Sharon\Application Data\Mozilla\Firefox\Profiles\2pbjyck7.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.145:C:\Documents and Settings\Graham\Application Data\Mozilla\Firefox\Profiles\1altqh4q.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.145:C:\Documents and Settings\Sharon\Application Data\Mozilla\Firefox\Profiles\2pbjyck7.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.146:C:\Documents and Settings\Graham\Application Data\Mozilla\Firefox\Profiles\1altqh4q.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.146:C:\Documents and Settings\Sharon\Application Data\Mozilla\Firefox\Profiles\2pbjyck7.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.147:C:\Documents and Settings\Graham\Application Data\Mozilla\Firefox\Profiles\1altqh4q.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.147:C:\Documents and Settings\Sharon\Application Data\Mozilla\Firefox\Profiles\2pbjyck7.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.148:C:\Documents and Settings\Sharon\Application Data\Mozilla\Firefox\Profiles\2pbjyck7.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.149:C:\Documents and Settings\Sharon\Application Data\Mozilla\Firefox\Profiles\2pbjyck7.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.150:C:\Documents and Settings\Sharon\Application Data\Mozilla\Firefox\Profiles\2pbjyck7.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.187:C:\Documents and Settings\Win XP\Application Data\Mozilla\Firefox\Profiles\ikmi61ac.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.188:C:\Documents and Settings\Win XP\Application Data\Mozilla\Firefox\Profiles\ikmi61ac.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.189:C:\Documents and Settings\Win XP\Application Data\Mozilla\Firefox\Profiles\ikmi61ac.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.190:C:\Documents and Settings\Win XP\Application Data\Mozilla\Firefox\Profiles\ikmi61ac.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.191:C:\Documents and Settings\Win XP\Application Data\Mozilla\Firefox\Profiles\ikmi61ac.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.93:C:\Documents and Settings\Dave the duck\Application Data\Mozilla\Firefox\Profiles\pegb546w.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.94:C:\Documents and Settings\Dave the duck\Application Data\Mozilla\Firefox\Profiles\pegb546w.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.95:C:\Documents and Settings\Dave the duck\Application Data\Mozilla\Firefox\Profiles\pegb546w.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.96:C:\Documents and Settings\Dave the duck\Application Data\Mozilla\Firefox\Profiles\pegb546w.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
C:\Documents and Settings\Dave the duck\Cookies\dave_the_duck@stats1.reliablestats[1].txt -> TrackingCookie.Reliablestats : Cleaned.
C:\Documents and Settings\Dave the duck\Cookies\dave_the_duck@stats1.reliablestats[2].txt -> TrackingCookie.Reliablestats : Cleaned.
C:\Documents and Settings\Graham\Cookies\graham@stats1.reliablestats[2].txt -> TrackingCookie.Reliablestats : Cleaned.
C:\Documents and Settings\Win XP\Cookies\win_xp@stats1.reliablestats[2].txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.542:C:\Documents and Settings\Win XP\Application Data\Mozilla\Firefox\Profiles\ikmi61ac.default\cookies.txt -> TrackingCookie.Revenue : Cleaned.
:mozilla.289:C:\Documents and Settings\Sharon\Application Data\Mozilla\Firefox\Profiles\2pbjyck7.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.290:C:\Documents and Settings\Sharon\Application Data\Mozilla\Firefox\Profiles\2pbjyck7.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.291:C:\Documents and Settings\Sharon\Application Data\Mozilla\Firefox\Profiles\2pbjyck7.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.292:C:\Documents and Settings\Sharon\Application Data\Mozilla\Firefox\Profiles\2pbjyck7.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.39:C:\Documents and Settings\Dave the duck\Application Data\Mozilla\Firefox\Profiles\pegb546w.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.40:C:\Documents and Settings\Dave the duck\Application Data\Mozilla\Firefox\Profiles\pegb546w.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.543:C:\Documents and Settings\Win XP\Application Data\Mozilla\Firefox\Profiles\ikmi61ac.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.544:C:\Documents and Settings\Win XP\Application Data\Mozilla\Firefox\Profiles\ikmi61ac.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.545:C:\Documents and Settings\Win XP\Application Data\Mozilla\Firefox\Profiles\ikmi61ac.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.546:C:\Documents and Settings\Win XP\Application Data\Mozilla\Firefox\Profiles\ikmi61ac.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.547:C:\Documents and Settings\Win XP\Application Data\Mozilla\Firefox\Profiles\ikmi61ac.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.548:C:\Documents and Settings\Win XP\Application Data\Mozilla\Firefox\Profiles\ikmi61ac.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.104:C:\Documents and Settings\Sharon\Application Data\Mozilla\Firefox\Profiles\2pbjyck7.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.105:C:\Documents and Settings\Sharon\Application Data\Mozilla\Firefox\Profiles\2pbjyck7.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.106:C:\Documents and Settings\Sharon\Application Data\Mozilla\Firefox\Profiles\2pbjyck7.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.107:C:\Documents and Settings\Sharon\Application Data\Mozilla\Firefox\Profiles\2pbjyck7.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.108:C:\Documents and Settings\Sharon\Application Data\Mozilla\Firefox\Profiles\2pbjyck7.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.109:C:\Documents and Settings\Sharon\Application Data\Mozilla\Firefox\Profiles\2pbjyck7.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.10:C:\Documents and Settings\Graham\Application Data\Mozilla\Firefox\Profiles\1altqh4q.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.11:C:\Documents and Settings\Graham\Application Data\Mozilla\Firefox\Profiles\1altqh4q.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.14:C:\Documents and Settings\Graham\Application Data\Mozilla\Firefox\Profiles\1altqh4q.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.15:C:\Documents and Settings\Graham\Application Data\Mozilla\Firefox\Profiles\1altqh4q.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.49:C:\Documents and Settings\Win XP\Application Data\Mozilla\Firefox\Profiles\ikmi61ac.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.50:C:\Documents and Settings\Win XP\Application Data\Mozilla\Firefox\Profiles\ikmi61ac.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.51:C:\Documents and Settings\Win XP\Application Data\Mozilla\Firefox\Profiles\ikmi61ac.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.52:C:\Documents and Settings\Win XP\Application Data\Mozilla\Firefox\Profiles\ikmi61ac.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.53:C:\Documents and Settings\Win XP\Application Data\Mozilla\Firefox\Profiles\ikmi61ac.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.54:C:\Documents and Settings\Win XP\Application Data\Mozilla\Firefox\Profiles\ikmi61ac.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.8:C:\Documents and Settings\Graham\Application Data\Mozilla\Firefox\Profiles\1altqh4q.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.9:C:\Documents and Settings\Graham\Application Data\Mozilla\Firefox\Profiles\1altqh4q.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
C:\Documents and Settings\Dave the duck\Cookies\dave_the_duck@bs.serving-sys[1].txt -> TrackingCookie.Serving-sys : Cleaned.
C:\Documents and Settings\Dave the duck\Cookies\dave_the_duck@serving-sys[1].txt -> TrackingCookie.Serving-sys : Cleaned.
C:\Documents and Settings\Graham\Cookies\graham@bs.serving-sys[2].txt -> TrackingCookie.Serving-sys : Cleaned.
C:\Documents and Settings\Graham\Cookies\graham@bs.serving-sys[3].txt -> TrackingCookie.Serving-sys : Cleaned.
C:\Documents and Settings\Graham\Cookies\graham@serving-sys[1].txt -> TrackingCookie.Serving-sys : Cleaned.
C:\Documents and Settings\Graham\Cookies\graham@serving-sys[2].txt -> TrackingCookie.Serving-sys : Cleaned.
C:\Documents and Settings\Win XP\Cookies\win_xp@bs.serving-sys[1].txt -> TrackingCookie.Serving-sys : Cleaned.
C:\Documents and Settings\Win XP\Cookies\win_xp@serving-sys[1].txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.145:C:\Documents and Settings\Win XP\Application Data\Mozilla\Firefox\Profiles\ikmi61ac.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.146:C:\Documents and Settings\Win XP\Application Data\Mozilla\Firefox\Profiles\ikmi61ac.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.147:C:\Documents and Settings\Win XP\Application Data\Mozilla\Firefox\Profiles\ikmi61ac.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.148:C:\Documents and Settings\Win XP\Application Data\Mozilla\Firefox\Profiles\ikmi61ac.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.567:C:\Documents and Settings\Win XP\Application Data\Mozilla\Firefox\Profiles\ikmi61ac.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.568:C:\Documents and Settings\Win XP\Application Data\Mozilla\Firefox\Profiles\ikmi61ac.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.569:C:\Documents and Settings\Win XP\Application Data\Mozilla\Firefox\Profiles\ikmi61ac.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.570:C:\Documents and Settings\Win XP\Application Data\Mozilla\Firefox\Profiles\ikmi61ac.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.446:C:\Documents and Settings\Win XP\Application Data\Mozilla\Firefox\Profiles\ikmi61ac.default\cookies.txt -> TrackingCookie.Starware : Cleaned.
:mozilla.447:C:\Documents and Settings\Win XP\Application Data\Mozilla\Firefox\Profiles\ikmi61ac.default\cookies.txt -> TrackingCookie.Starware : Cleaned.
:mozilla.687:C:\Documents and Settings\Win XP\Application Data\Mozilla\Firefox\Profiles\ikmi61ac.default\cookies.txt -> TrackingCookie.Starware : Cleaned.
:mozilla.234:C:\Documents and Settings\Sharon\Application Data\Mozilla\Firefox\Profiles\2pbjyck7.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.235:C:\Documents and Settings\Sharon\Application Data\Mozilla\Firefox\Profiles\2pbjyck7.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.98:C:\Documents and Settings\Dave the duck\Application Data\Mozilla\Firefox\Profiles\pegb546w.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
C:\Documents and Settings\Dave the duck\Cookies\dave_the_duck@statcounter[1].txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.678:C:\Documents and Settings\Win XP\Application Data\Mozilla\Firefox\Profiles\ikmi61ac.default\cookies.txt -> TrackingCookie.Statistik-gallup : Cleaned.
:mozilla.226:C:\Documents and Settings\Win XP\Application Data\Mozilla\Firefox\Profiles\ikmi61ac.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.227:C:\Documents and Settings\Win XP\Application Data\Mozilla\Firefox\Profiles\ikmi61ac.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.228:C:\Documents and Settings\Win XP\Application Data\Mozilla\Firefox\Profiles\ikmi61ac.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.261:C:\Documents and Settings\Sharon\Application Data\Mozilla\Firefox\Profiles\2pbjyck7.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.262:C:\Documents and Settings\Sharon\Application Data\Mozilla\Firefox\Profiles\2pbjyck7.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.69:C:\Documents and Settings\Sharon\Application Data\Mozilla\Firefox\Profiles\2pbjyck7.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.70:C:\Documents and Settings\Sharon\Application Data\Mozilla\Firefox\Profiles\2pbjyck7.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.72:C:\Documents and Settings\Sharon\Application Data\Mozilla\Firefox\Profiles\2pbjyck7.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.73:C:\Documents and Settings\Sharon\Application Data\Mozilla\Firefox\Profiles\2pbjyck7.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.74:C:\Documents and Settings\Sharon\Application Data\Mozilla\Firefox\Profiles\2pbjyck7.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
C:\Documents and Settings\Dave the duck\Cookies\dave_the_duck@targetnet[1].txt -> TrackingCookie.Targetnet : Cleaned.
:mozilla.282:C:\Documents and Settings\Win XP\Application Data\Mozilla\Firefox\Profiles\ikmi61ac.default\cookies.txt -> TrackingCookie.Toplist : Cleaned.
C:\Documents and Settings\Sharon\Cookies\sharon@toplist[1].txt -> TrackingCookie.Toplist : Cleaned.
:mozilla.130:C:\Documents and Settings\Win XP\Application Data\Mozilla\Firefox\Profiles\ikmi61ac.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned.
:mozilla.131:C:\Documents and Settings\Win XP\Application Data\Mozilla\Firefox\Profiles\ikmi61ac.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned.
:mozilla.132:C:\Documents and Settings\Win XP\Application Data\Mozilla\Firefox\Profiles\ikmi61ac.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned.
:mozilla.133:C:\Documents and Settings\Win XP\Application Data\Mozilla\Firefox\Profiles\ikmi61ac.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned.
:mozilla.45:C:\Documents and Settings\Graham\Application Data\Mozilla\Firefox\Profiles\1altqh4q.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned.
C:\Documents and Settings\Win XP\Cookies\win_xp@tradedoubler[1].txt -> TrackingCookie.Tradedoubler : Cleaned.
:mozilla.586:C:\Documents and Settings\Win XP\Application Data\Mozilla\Firefox\Profiles\ikmi61ac.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.587:C:\Documents and Settings\Win XP\Application Data\Mozilla\Firefox\Profiles\ikmi61ac.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.588:C:\Documents and Settings\Win XP\Application Data\Mozilla\Firefox\Profiles\ikmi61ac.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.589:C:\Documents and Settings\Win XP\Application Data\Mozilla\Firefox\Profiles\ikmi61ac.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.590:C:\Documents and Settings\Win XP\Application Data\Mozilla\Firefox\Profiles\ikmi61ac.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.591:C:\Documents and Settings\Win XP\Application Data\Mozilla\Firefox\Profiles\ikmi61ac.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.592:C:\Documents and Settings\Win XP\Application Data\Mozilla\Firefox\Profiles\ikmi61ac.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.163:C:\Documents and Settings\Sharon\Application Data\Mozilla\Firefox\Profiles\2pbjyck7.default\cookies.txt -> TrackingCookie.Trafic : Cleaned.
:mozilla.60:C:\Documents and Settings\Dave the duck\Application Data\Mozilla\Firefox\Profiles\pegb546w.default\cookies.txt -> TrackingCookie.Trafic : Cleaned.
:mozilla.251:C:\Documents and Settings\Win XP\Application Data\Mozilla\Firefox\Profiles\ikmi61ac.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.84:C:\Documents and Settings\Graham\Application Data\Mozilla\Firefox\Profiles\1altqh4q.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
C:\Documents and Settings\Dave the duck\Cookies\dave_the_duck@tribalfusion[1].txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.613:C:\Documents and Settings\Win XP\Application Data\Mozilla\Firefox\Profiles\ikmi61ac.default\cookies.txt -> TrackingCookie.Web-stat : Cleaned.
:mozilla.614:C:\Documents and Settings\Win XP\Application Data\Mozilla\Firefox\Profiles\ikmi61ac.default\cookies.txt -> TrackingCookie.Web-stat : Cleaned.
:mozilla.327:C:\Documents and Settings\Graham\Application Data\Mozilla\Firefox\Profiles\1altqh4q.default\cookies.txt -> TrackingCookie.Webtrends : Cleaned.
:mozilla.338:C:\Documents and Settings\Sharon\Application Data\Mozilla\Firefox\Profiles\2pbjyck7.default\cookies.txt -> TrackingCookie.Webtrends : Cleaned.
:mozilla.659:C:\Documents and Settings\Win XP\Application Data\Mozilla\Firefox\Profiles\ikmi61ac.default\cookies.txt -> TrackingCookie.Webtrends : Cleaned.
C:\Documents and Settings\Dave the duck\Cookies\dave_the_duck@m.webtrends[1].txt -> TrackingCookie.Webtrends : Cleaned.
C:\Documents and Settings\Graham\Cookies\graham@m.webtrends[2].txt -> TrackingCookie.Webtrends : Cleaned.
C:\Documents and Settings\Sharon\Cookies\sharon@m.webtrends[2].txt -> TrackingCookie.Webtrends : Cleaned.
C:\Documents and Settings\Win XP\Cookies\win_xp@m.webtrends[2].txt -> TrackingCookie.Webtrends : Cleaned.
:mozilla.214:C:\Documents and Settings\Graham\Application Data\Mozilla\Firefox\Profiles\1altqh4q.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned.
:mozilla.278:C:\Documents and Settings\Win XP\Application Data\Mozilla\Firefox\Profiles\ikmi61ac.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned.
C:\Documents and Settings\Dave the duck\Cookies\dave_the_duck@yadro[2].txt -> TrackingCookie.Yadro : Cleaned.
:mozilla.10:C:\Documents and Settings\Win XP\Application Data\Mozilla\Firefox\Profiles\ikmi61ac.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.11:C:\Documents and Settings\Win XP\Application Data\Mozilla\Firefox\Profiles\ikmi61ac.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.12:C:\Documents and Settings\Win XP\Application Data\Mozilla\Firefox\Profiles\ikmi61ac.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.13:C:\Documents and Settings\Win XP\Application Data\Mozilla\Firefox\Profiles\ikmi61ac.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.14:C:\Documents and Settings\Win XP\Application Data\Mozilla\Firefox\Profiles\ikmi61ac.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.159:C:\Documents and Settings\Graham\Application Data\Mozilla\Firefox\Profiles\1altqh4q.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.160:C:\Documents and Settings\Graham\Application Data\Mozilla\Firefox\Profiles\1altqh4q.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.161:C:\Documents and Settings\Graham\Application Data\Mozilla\Firefox\Profiles\1altqh4q.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.162:C:\Documents and Settings\Graham\Application Data\Mozilla\Firefox\Profiles\1altqh4q.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.187:C:\Documents and Settings\Sharon\Application Data\Mozilla\Firefox\Profiles\2pbjyck7.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.188:C:\Documents and Settings\Sharon\Application Data\Mozilla\Firefox\Profiles\2pbjyck7.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.189:C:\Documents and Settings\Sharon\Application Data\Mozilla\Firefox\Profiles\2pbjyck7.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.190:C:\Documents and Settings\Sharon\Application Data\Mozilla\Firefox\Profiles\2pbjyck7.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.191:C:\Documents and Settings\Sharon\Application Data\Mozilla\Firefox\Profiles\2pbjyck7.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.192:C:\Documents and Settings\Sharon\Application Data\Mozilla\Firefox\Profiles\2pbjyck7.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.27:C:\Documents and Settings\Dave the duck\Application Data\Mozilla\Firefox\Profiles\pegb546w.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.28:C:\Documents and Settings\Dave the duck\Application
:mozilla.29:C:\Documents and Settings\Dave the duck\Application Data\Mozilla\Firefox\Profiles\pegb546w.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.7:C:\Documents and Settings\Win XP\Application Data\Mozilla\Firefox\Profiles\ikmi61ac.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.8:C:\Documents and Settings\Win XP\Application Data\Mozilla\Firefox\Profiles\ikmi61ac.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.9:C:\Documents and Settings\Win XP\Application Data\Mozilla\Firefox\Profiles\ikmi61ac.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
C:\Documents and Settings\Dave the duck\Cookies\dave_the_duck@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.47:C:\Documents and Settings\Dave the duck\Application Data\Mozilla\Firefox\Profiles\pegb546w.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.48:C:\Documents and Settings\Dave the duck\Application Data\Mozilla\Firefox\Profiles\pegb546w.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.49:C:\Documents and Settings\Dave the duck\Application Data\Mozilla\Firefox\Profiles\pegb546w.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.51:C:\Documents and Settings\Dave the duck\Application Data\Mozilla\Firefox\Profiles\pegb546w.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
C:\Documents and Settings\Dave the duck\Cookies\dave_the_duck@zedo[1].txt -> TrackingCookie.Zedo : Cleaned.
C:\Documents and Settings\Graham\Cookies\graham@zedo[2].txt -> TrackingCookie.Zedo : Cleaned.
C:\Documents and Settings\Dave the duck\Local Settings\Temporary Internet Files\Content.IE5\IV1AYPZO\spcj[1].exe -> Worm.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Dave the duck\jjj.exe -> Worm.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Graham\Local Settings\Temporary Internet Files\Content.IE5\BHTXTSYV\spcj[1].exe -> Worm.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Graham\jjj.exe -> Worm.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Graham\x.exe -> Worm.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Win XP\Local Settings\Temporary Internet Files\Content.IE5\WDWTTIDP\spcj[1].exe -> Worm.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Win XP\Local Settings\Temporary Internet Files\Content.IE5\WDWTTIDP\spcj[2].exe -> Worm.Agent.a : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{C0115199-5C2A-420E-B321-2DD77C23E110}\RP82\A0025633.exe -> Worm.Agent.a : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{C0115199-5C2A-420E-B321-2DD77C23E110}\RP82\A0025693.exe -> Worm.Agent.a : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{C0115199-5C2A-420E-B321-2DD77C23E110}\RP82\A0026691.exe -> Worm.Agent.a : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{C0115199-5C2A-420E-B321-2DD77C23E110}\RP82\A0026782.exe -> Worm.Agent.a : Cleaned with backup (quarantined).
::Report end
VundoFix V6.3.18
Checking Java version...
Java version is 1.5.0.3
Old versions of java are exploitable and should be removed.
Java version is 1.5.0.11
Scan started at 17:59:05 31/03/2007
Listing files found while scanning....
C:\WINDOWS\system32\cbxxvvs.dll
C:\WINDOWS\system32\ddcbyxu.dll
C:\WINDOWS\system32\ddcywxv.dll
C:\WINDOWS\system32\efccbaw.dll
C:\WINDOWS\system32\fccccba.dll
C:\WINDOWS\system32\gebyayy.dll
C:\WINDOWS\system32\jjkkj.ini
C:\WINDOWS\system32\jkkjj.dll
C:\WINDOWS\system32\mljgffd.dll
C:\WINDOWS\system32\mljgggd.dll
C:\WINDOWS\system32\mljjkhf.dll
C:\WINDOWS\system32\nnnnonm.dll
C:\WINDOWS\system32\opnnkhg.dll
C:\WINDOWS\system32\opnnkhh.dll
C:\WINDOWS\system32\qqstv.bak1
C:\WINDOWS\system32\qqstv.bak2
C:\WINDOWS\system32\qqstv.ini
C:\WINDOWS\system32\ssqqnol.dll
C:\WINDOWS\system32\urqnonk.dll
C:\WINDOWS\system32\vtsqq.dll
C:\WINDOWS\system32\wvutrrq.dll
C:\WINDOWS\system32\wvutuss.dll
Beginning removal...
Attempting to delete C:\WINDOWS\system32\cbxxvvs.dll
C:\WINDOWS\system32\cbxxvvs.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\ddcbyxu.dll
C:\WINDOWS\system32\ddcbyxu.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\ddcywxv.dll
C:\WINDOWS\system32\ddcywxv.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\efccbaw.dll
C:\WINDOWS\system32\efccbaw.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\fccccba.dll
C:\WINDOWS\system32\fccccba.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\gebyayy.dll
C:\WINDOWS\system32\gebyayy.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\jjkkj.ini
C:\WINDOWS\system32\jjkkj.ini Has been deleted!
Attempting to delete C:\WINDOWS\system32\jkkjj.dll
C:\WINDOWS\system32\jkkjj.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\mljgffd.dll
C:\WINDOWS\system32\mljgffd.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\mljgggd.dll
C:\WINDOWS\system32\mljgggd.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\mljjkhf.dll
C:\WINDOWS\system32\mljjkhf.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\nnnnonm.dll
C:\WINDOWS\system32\nnnnonm.dll Could not be deleted.
Attempting to delete C:\WINDOWS\system32\nnnnonm.dll
C:\WINDOWS\system32\nnnnonm.dll Could not be deleted.
Attempting to delete C:\WINDOWS\system32\opnnkhg.dll
C:\WINDOWS\system32\opnnkhg.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\opnnkhh.dll
C:\WINDOWS\system32\opnnkhh.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\qqstv.bak1
C:\WINDOWS\system32\qqstv.bak1 Has been deleted!
Attempting to delete C:\WINDOWS\system32\qqstv.bak2
C:\WINDOWS\system32\qqstv.bak2 Has been deleted!
Attempting to delete C:\WINDOWS\system32\qqstv.ini
C:\WINDOWS\system32\qqstv.ini Has been deleted!
Attempting to delete C:\WINDOWS\system32\ssqqnol.dll
C:\WINDOWS\system32\ssqqnol.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\urqnonk.dll
C:\WINDOWS\system32\urqnonk.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\vtsqq.dll
C:\WINDOWS\system32\vtsqq.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\wvutrrq.dll
C:\WINDOWS\system32\wvutrrq.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\wvutuss.dll
C:\WINDOWS\system32\wvutuss.dll Has been deleted!
Performing Repairs to the registry.
Done!
Beginning removal...
Attempting to delete C:\WINDOWS\system32\nnnnonm.dll
C:\WINDOWS\system32\nnnnonm.dll Has been deleted!
Performing Repairs to the registry.
Done!
VundoFix V6.3.18
Checking Java version...
Java version is 1.5.0.3
Old versions of java are exploitable and should be removed.
Java version is 1.5.0.11
Scan started at 13:52:16 01/04/2007
Listing files found while scanning....
C:\WINDOWS\system32\awtqopm.dll
C:\WINDOWS\system32\awttrqo.dll
C:\WINDOWS\system32\awttuur.dll
C:\WINDOWS\system32\cbxvwtu.dll
C:\WINDOWS\system32\ddcccax.dll
C:\WINDOWS\system32\ddcyxvv.dll
C:\WINDOWS\system32\efcbaxy.dll
C:\WINDOWS\system32\hggecca.dll
C:\WINDOWS\system32\jjjlm.bak1
C:\WINDOWS\system32\jjjlm.bak2
C:\WINDOWS\system32\jjjlm.ini
C:\WINDOWS\system32\jjjlm.ini2
C:\WINDOWS\system32\khfcbaa.dll
C:\WINDOWS\system32\khffccd.dll
C:\WINDOWS\system32\kvexwpju.ini
C:\WINDOWS\system32\mljjj.dll
C:\WINDOWS\system32\mljkjii.dll
C:\WINDOWS\system32\mllji.dll
C:\WINDOWS\system32\pmnllmm.dll
C:\WINDOWS\system32\pmnmljk.dll
C:\WINDOWS\system32\pmnopnn.dll
C:\WINDOWS\system32\pnflqdux.dll
C:\WINDOWS\system32\ssqoool.dll
C:\WINDOWS\system32\ujpwxevk.dll
C:\WINDOWS\system32\yayvwxu.dll
Beginning removal...
Attempting to delete C:\WINDOWS\system32\awtqopm.dll
C:\WINDOWS\system32\awtqopm.dll Could not be deleted.
Attempting to delete C:\WINDOWS\system32\awttrqo.dll
C:\WINDOWS\system32\awttrqo.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\awttuur.dll
C:\WINDOWS\system32\awttuur.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\cbxvwtu.dll
C:\WINDOWS\system32\cbxvwtu.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\ddcccax.dll
C:\WINDOWS\system32\ddcccax.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\ddcyxvv.dll
C:\WINDOWS\system32\ddcyxvv.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\efcbaxy.dll
C:\WINDOWS\system32\efcbaxy.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\hggecca.dll
C:\WINDOWS\system32\hggecca.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\jjjlm.bak1
C:\WINDOWS\system32\jjjlm.bak1 Has been deleted!
Attempting to delete C:\WINDOWS\system32\jjjlm.bak2
C:\WINDOWS\system32\jjjlm.bak2 Has been deleted!
Attempting to delete C:\WINDOWS\system32\jjjlm.ini
C:\WINDOWS\system32\jjjlm.ini Has been deleted!
Attempting to delete C:\WINDOWS\system32\jjjlm.ini2
C:\WINDOWS\system32\jjjlm.ini2 Has been deleted!
Attempting to delete C:\WINDOWS\system32\khfcbaa.dll
C:\WINDOWS\system32\khfcbaa.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\khffccd.dll
C:\WINDOWS\system32\khffccd.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\kvexwpju.ini
C:\WINDOWS\system32\kvexwpju.ini Has been deleted!
Attempting to delete C:\WINDOWS\system32\mljjj.dll
C:\WINDOWS\system32\mljjj.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\mljkjii.dll
C:\WINDOWS\system32\mljkjii.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\pmnllmm.dll
C:\WINDOWS\system32\pmnllmm.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\pmnmljk.dll
C:\WINDOWS\system32\pmnmljk.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\pmnopnn.dll
C:\WINDOWS\system32\pmnopnn.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\pnflqdux.dll
C:\WINDOWS\system32\pnflqdux.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\ssqoool.dll
C:\WINDOWS\system32\ssqoool.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\ujpwxevk.dll
C:\WINDOWS\system32\ujpwxevk.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\yayvwxu.dll
C:\WINDOWS\system32\yayvwxu.dll Has been deleted!
Performing Repairs to the registry.
Done!
Beginning removal...
Attempting to delete C:\WINDOWS\system32\awtqopm.dll
C:\WINDOWS\system32\awtqopm.dll Has been deleted!
Performing Repairs to the registry.
Done!
VundoFix V6.3.18
Checking Java version...
Java version is 1.5.0.3
Old versions of java are exploitable and should be removed.
Java version is 1.5.0.11
Scan started at 16:48:06 01/04/2007
Listing files found while scanning....
C:\WINDOWS\system32\awtsq.dll
C:\WINDOWS\system32\awtsr.dll
C:\WINDOWS\system32\mllji.dll
C:\WINDOWS\system32\mojbufxw.ini
C:\WINDOWS\system32\qstwa.bak1
C:\WINDOWS\system32\qstwa.ini
C:\WINDOWS\system32\rstwa.bak1
C:\WINDOWS\system32\rstwa.ini
C:\WINDOWS\system32\vjtkkurt.dll
C:\WINDOWS\system32\wxfubjom.dll
Beginning removal...
Attempting to delete C:\WINDOWS\system32\awtsq.dll
C:\WINDOWS\system32\awtsq.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\awtsr.dll
C:\WINDOWS\system32\awtsr.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\mojbufxw.ini
C:\WINDOWS\system32\mojbufxw.ini Has been deleted!
Attempting to delete C:\WINDOWS\system32\qstwa.bak1
C:\WINDOWS\system32\qstwa.bak1 Has been deleted!
Attempting to delete C:\WINDOWS\system32\qstwa.ini
C:\WINDOWS\system32\qstwa.ini Has been deleted!
Attempting to delete C:\WINDOWS\system32\rstwa.bak1
C:\WINDOWS\system32\rstwa.bak1 Has been deleted!
Attempting to delete C:\WINDOWS\system32\rstwa.ini
C:\WINDOWS\system32\rstwa.ini Has been deleted!
Attempting to delete C:\WINDOWS\system32\vjtkkurt.dll
C:\WINDOWS\system32\vjtkkurt.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\wxfubjom.dll
C:\WINDOWS\system32\wxfubjom.dll Has been deleted!
Performing Repairs to the registry.
Done!
and finally my HJT Log
Logfile of HijackThis v1.99.1
Scan saved at 17:01:10, on 01/04/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZONELABS\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe
C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe
C:\Program Files\OpenOffice.org 2.0\program\soffice.exe
C:\Program Files\OpenOffice.org 2.0\program\soffice.BIN
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\HijackThis\Scanner.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://uk.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://uk.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://uk.search.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://uk.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://uk.search.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {0EC487D2-919D-4F49-98A5-49C06C518B0c} - C:\WINDOWS\system32\yalefqkf.dll
O2 - BHO: (no name) - {1721449C-4293-4F03-B6D0-FFE89C10DDB6} - C:\WINDOWS\system32\mljjj.dll (file missing)
O2 - BHO: (no name) - {2269F137-F806-45A4-8300-553E2B6D1212} - C:\WINDOWS\system32\yalefqkf.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {53BCCC17-5BE4-4ED8-A99F-225C11371A00} - C:\WINDOWS\system32\yalefqkf.dll
O2 - BHO: (no name) - {57E218E6-5A80-4f0c-AB25-83598F25D7E9} - C:\WINDOWS\system32\oaayltgw.dll (file missing)
O2 - BHO: (no name) - {6D1453C6-84AB-4836-A988-BA9477ED9E40} - C:\WINDOWS\system32\vturr.dll (file missing)
O2 - BHO: (no name) - {75F5D219-544C-47FF-A280-90378AF877D2} - C:\WINDOWS\system32\vtsqq.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: (no name) - {7D064D71-DD76-4596-90C0-921766AD560A} - C:\WINDOWS\system32\khffecc.dll (file missing)
O2 - BHO: (no name) - {8BE7ECE5-BEED-4525-9169-4A73814AA404} - C:\WINDOWS\system32\mllmk.dll (file missing)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: (no name) - {CA00E36B-FD7C-4591-AF3C-A1C74F21407f} - C:\WINDOWS\system32\yalefqkf.dll
O2 - BHO: (no name) - {F772E9D5-EA97-4D1A-BC84-181DA43E9136} - C:\WINDOWS\system32\awtsr.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [SoundService] rundll32.exe "C:\WINDOWS\system32\wxfubjom.dll",setvm
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Startup: OpenOffice.org 2.0.lnk = C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe
O4 - Global Startup: Ulead Photo Express 4.0 SE Calendar Checker .lnk = C:\Program Files\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: Compare Prices with &Dealio - C:\Program Files\Dealio\kb103\res\DealioSearch.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1165854538114
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: khffecc - khffecc.dll (file missing)
O20 - Winlogon Notify: mllji - C:\WINDOWS\system32\mllji.dll (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZONELABS\vsmon.exe
Download ATF (Atribune Temp File) Cleaner© by Atribune to your desktop.
Double-click ATF Cleaner.exe to open it.
Under Main choose:
Windows Temp
Current User Temp
All Users Temp
Cookies
Temporary Internet Files
Prefetch
Java Cache
*The other boxes are optional*
Then click the Empty Selected button.
Firefox:
Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.
Opera:
Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.
Click Exit on the Main menu to close the program.
- Double-click VundoFix.exe to run it.
- Click the Scan for Vundo button.
- Once the scan is complete, Right Click inside the listbox (white box) and click add more files
- Copy&Paste the entry below into the top box:
- C:\WINDOWS\system32\mllji.dll
- C:\WINDOWS\system32\yalefqkf.dll
- Click Add Files and Click Close Window
- Click the Remove Vundo button.
- You will receive a prompt asking if you want to remove the files, click YES
- Once you click yes, your desktop will go blank as it starts removing Vundo.
- When completed, it will prompt that it will reboot your computer, click OK.
- Please post the contents of C:\vundofix.txt and a new HijackThis log.
Note: It is possible that VundoFix encountered a file it could not remove.In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button." when VundoFix appears at reboot.
Open HijackThis, press do a system scan only, checkmark these lines:
O2 - BHO: (no name) - {1721449C-4293-4F03-B6D0-FFE89C10DDB6} - C:\WINDOWS\system32\mljjj.dll (file missing)
O2 - BHO: (no name) - {57E218E6-5A80-4f0c-AB25-83598F25D7E9} - C:\WINDOWS\system32\oaayltgw.dll (file missing)
O2 - BHO: (no name) - {6D1453C6-84AB-4836-A988-BA9477ED9E40} - C:\WINDOWS\system32\vturr.dll (file missing)
O2 - BHO: (no name) - {75F5D219-544C-47FF-A280-90378AF877D2} - C:\WINDOWS\system32\vtsqq.dll (file missing)
O2 - BHO: (no name) - {7D064D71-DD76-4596-90C0-921766AD560A} - C:\WINDOWS\system32\khffecc.dll (file missing)
O2 - BHO: (no name) - {8BE7ECE5-BEED-4525-9169-4A73814AA404} - C:\WINDOWS\system32\mllmk.dll (file missing)
O2 - BHO: (no name) - {F772E9D5-EA97-4D1A-BC84-181DA43E9136} - C:\WINDOWS\system32\awtsr.dll (file missing)
O4 - HKLM\..\Run: [SoundService] rundll32.exe "C:\WINDOWS\system32\wxfubjom.dll",setvm
O20 - Winlogon Notify: khffecc - khffecc.dll (file missing)
Next, press Fix checked.
Please run this online scan:
Panda ActiveScan
1. Download this file - combofix.exe
2. Double click combofix.exe & follow the prompts.
3. When finished, it shall produce a log for you. Post that log in your next reply
Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall
Post the contents of the Panda scan report, new HijackThis log and Combofix log.
Here is my HJT scan
Logfile of HijackThis v1.99.1
Scan saved at 19:17:08, on 02/04/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZONELABS\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe
C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe
C:\Program Files\OpenOffice.org 2.0\program\soffice.exe
C:\Program Files\OpenOffice.org 2.0\program\soffice.BIN
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\HijackThis\Scanner.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://uk.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://uk.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://uk.search.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://uk.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://uk.search.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {0EC487D2-919D-4F49-98A5-49C06C518B0c} - C:\WINDOWS\system32\yalefqkf.dll (file missing)
O2 - BHO: (no name) - {2269F137-F806-45A4-8300-553E2B6D1212} - C:\WINDOWS\system32\yalefqkf.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {53BCCC17-5BE4-4ED8-A99F-225C11371A00} - C:\WINDOWS\system32\yalefqkf.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: (no name) - {CA00E36B-FD7C-4591-AF3C-A1C74F21407f} - C:\WINDOWS\system32\yalefqkf.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Startup: OpenOffice.org 2.0.lnk = C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe
O4 - Global Startup: Ulead Photo Express 4.0 SE Calendar Checker .lnk = C:\Program Files\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: Compare Prices with &Dealio - C:\Program Files\Dealio\kb103\res\DealioSearch.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1165854538114
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: mllji - C:\WINDOWS\system32\mllji.dll (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZONELABS\vsmon.exe
and here's my ComboFix log
"Sharon" - 07-04-02 18:59:55 Service Pack 2
ComboFix 07-03-27.4 - Running from: "C:\Documents and Settings\Sharon\Desktop"
((((((((((((((((((((((((((((((( Files Created from 2007-03-02 to 2007-04-02 ))))))))))))))))))))))))))))))))))
2007-04-01 14:19 3,968 --a
C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-04-01 08:23 132,116 --a
C:\WINDOWS\system32\fosasfpi.dll
2007-04-01 08:00 132,116 --a
C:\WINDOWS\system32\sktldoeo.dll
2007-03-31 20:57 602,112 --a
C:\DOCUME~1\Sharon\x.exe
2007-03-29 22:23 71,654 --a
C:\DOCUME~1\Graham\oe.exe
2007-03-29 22:04 71,654 --a
C:\DOCUME~1\Graham\usi.exe
2007-03-29 21:04 132,116 --a
C:\WINDOWS\system32\xrcgfbjv.dll
2007-03-29 13:14 <DIR> d
C:\VundoFix Backups
2007-03-28 23:25 <DIR> d
C:\DOCUME~1\Graham\APPLIC~1\FUJIFILM
2007-03-28 23:18 8,096
C:\WINDOWS\system32\drivers\MASPINT.SYS
2007-03-28 23:18 4,030
C:\WINDOWS\system\WINASPI.DLL
2007-03-28 23:18 30,208
C:\WINDOWS\system32\WNASPI32.DLL
2007-03-28 23:18 2,486
C:\WINDOWS\system\AS16POST.BIN
2007-03-28 23:18 <DIR> d
C:\MWASPI
2007-03-28 23:13 <DIR> d
C:\Program Files\PIXELA
2007-03-28 23:12 401,408 --a
C:\WINDOWS\system32\FE05F3D6.dll
2007-03-28 23:12 401,408 --a
C:\WINDOWS\system32\FE05EFED.dll
2007-03-28 23:12 380,928 --a
C:\WINDOWS\system32\FE05F3D7.dll
2007-03-28 23:12 299,008 --a
C:\WINDOWS\system32\FE05F3D5.dll
2007-03-28 23:12 299,008 --a
C:\WINDOWS\system32\FE05F051.dll
2007-03-28 23:12 299,008 --a
C:\WINDOWS\system32\FE05DA0D.dll
2007-03-28 23:12 106,496 --a
C:\WINDOWS\system32\FPXS2Pro.dll
2007-03-28 23:10 274,432 --a
C:\WINDOWS\system32\FFTIFF16.dll
2007-03-28 23:10 159,744 --a
C:\WINDOWS\system32\FFRAFLIB.DLL
2007-03-28 23:09 <DIR> d
C:\Program Files\FinePixViewer
2007-03-28 23:07 81,924
C:\WINDOWS\system32\drivers\VC4CB104.SYS
2007-03-28 23:07 69,632
C:\WINDOWS\system32\FREGSHEX.DLL
2007-03-28 23:07 65,536
C:\WINDOWS\system32\FINFCHECK.dll
2007-03-28 23:07 45,056
C:\WINDOWS\system32\FINFCOPY.dll
2007-03-28 23:07 45,056
C:\WINDOWS\system32\FCLKBTN.DLL
2007-03-28 23:07 <DIR> d
C:\Program Files\REGSHAVE
2007-03-28 15:43 75,512 --a
C:\WINDOWS\zllsputility.exe
2007-03-28 15:43 4,212 ---h
C:\WINDOWS\system32\zllictbl.dat
2007-03-28 15:43 11,264 --a
C:\WINDOWS\system32\SpOrder.dll
2007-03-28 15:42 1,087,216 --a
C:\WINDOWS\system32\zpeng24.dll
2007-03-28 15:42 <DIR> d
C:\WINDOWS\system32\ZoneLabs
2007-03-28 15:41 <DIR> d
C:\WINDOWS\Internet Logs
2007-03-28 15:14 118,784 --a
C:\WINDOWS\system32\MSSTDFMT.DLL
2007-03-28 15:14 <DIR> d
C:\Program Files\SpywareBlaster
2007-03-26 22:56 <DIR> d
C:\DOCUME~1\WINXP~1\APPLIC~1\Apple Computer
2007-03-26 21:40 <DIR> d
C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
2007-03-26 08:36 <DIR> d
C:\DOCUME~1\DAVETH~1\APPLIC~1\Apple Computer
2007-03-25 06:35 <DIR> d
C:\DOCUME~1\Graham\APPLIC~1\Apple Computer
2007-03-25 06:28 <DIR> d
C:\Program Files\Apple Software Update
2007-03-25 06:28 <DIR> d
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer
2007-03-24 06:44 <DIR> d
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Yahoo! Companion
2007-03-24 02:03 <DIR> d
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Yahoo!
2007-03-24 01:58 <DIR> d
C:\Program Files\Yahoo!
2007-03-10 23:18 69,698 --a
C:\WINDOWS\distro_uPlayMe_stub_973387.exe
2007-03-10 23:17 <DIR> d
C:\WINDOWS\system32\UpMedia
2007-03-10 23:08 <DIR> d
C:\Program Files\DFX
2007-03-10 21:17 <DIR> d
C:\DOCUME~1\Graham\APPLIC~1\Jasc Software Inc
2007-03-10 18:03 <DIR> d
C:\Program Files\MSECache
2007-03-04 18:36 <DIR> d
C:\DOCUME~1\Graham\APPLIC~1\Teleca
2007-03-04 15:50 <DIR> d
C:\Program Files\uMark Lite
2007-03-03 16:01 30,921 --a
C:\WINDOWS\system32\drivers\SQCaptur.sys
2007-03-03 16:01 25,449 --a
C:\WINDOWS\system32\drivers\SQCamD.sys
2007-03-03 15:52 85,376 --a
C:\WINDOWS\system32\drivers\NABTSFEC.sys
2007-03-03 15:52 5,504 --a
C:\WINDOWS\system32\drivers\MSTEE.sys
2007-03-03 15:52 19,328 --a
C:\WINDOWS\system32\drivers\WSTCODEC.SYS
2007-03-03 15:52 17,024 --a
C:\WINDOWS\system32\drivers\CCDECODE.sys
2007-03-03 15:52 15,360 --a
C:\WINDOWS\system32\drivers\StreamIP.sys
2007-03-03 15:52 11,136 --a
C:\WINDOWS\system32\drivers\SLIP.sys
2007-03-03 15:52 10,880 --a
C:\WINDOWS\system32\drivers\NdisIP.sys
2007-03-03 15:51 53,760 --a
C:\WINDOWS\system32\vfwwdm32.dll
(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))
2007-03-05 18:26 28672 --a
C:\WINDOWS\system32\f3pssavr.scr
2007-03-01 22:43
d
C:\Program Files\c-evo
2007-02-28 23:43
d
C:\Program Files\irfanview
2007-02-28 03:00
d
C:\Program Files\msxml 4.0
2007-02-28 00:22
d
C:\DOCUME~1\Sharon\APPLIC~1\teleca
2007-02-27 14:19
d
C:\Program Files\disc2phone
2007-02-27 14:07
d
C:\Program Files\sony ericsson
2007-02-27 14:07
d
C:\Program Files\Common Files\teleca shared
2007-02-27 14:04 6176 --a
C:\WINDOWS\system32\drivers\w810cm.sys
2007-02-27 14:04 5808 --a
C:\WINDOWS\system32\drivers\w810wh.sys
2007-02-20 17:24 1177 --a
C:\WINDOWS\mozver.dat
2007-02-20 16:28 0 --a
C:\WINDOWS\nsreg.dat
2007-02-18 22:46
d
C:\Program Files\partygaming
2007-02-18 16:40
d
C:\DOCUME~1\Sharon\APPLIC~1\help
2007-02-18 16:39
d
C:\Program Files\ulead systems
2007-02-17 19:34
d
C:\Program Files\lavasoft
2007-02-17 19:34
d
C:\Program Files\Common Files\wise installation wizard
2007-02-17 19:34
d
C:\DOCUME~1\Sharon\APPLIC~1\lavasoft
2007-02-17 18:46
d
C:\DOCUME~1\Sharon\APPLIC~1\adobeum
2007-02-17 18:46
d
C:\DOCUME~1\Sharon\APPLIC~1\adobe
2007-02-17 16:31
d
C:\DOCUME~1\Sharon\APPLIC~1\openoffice.org2
2007-02-17 15:40
d
C:\Program Files\alwil software
2007-02-17 01:05
d
C:\Program Files\Common Files\jasc software inc
2007-02-17 01:05
d
C:\DOCUME~1\Sharon\APPLIC~1\jasc software inc
2007-02-17 01:03
d
C:\DOCUME~1\Sharon\APPLIC~1\jasc
2007-02-17 01:01
d
C:\Program Files\jasc software inc
2007-02-16 23:16
d
C:\DOCUME~1\Sharon\APPLIC~1\inkscape
2007-02-15 23:26
d
C:\Program Files\real
2007-02-15 23:25
d
C:\Program Files\windows live toolbar
2007-02-15 23:22
d
C:\Program Files\msn messenger
2007-02-15 20:56
d
C:\Program Files\google
2007-02-15 20:36
d
C:\Program Files\java
2007-02-15 20:33
d
C:\Program Files\Common Files\java
2007-01-19 12:53 51056 --a
C:\WINDOWS\system32\sirenacm.dll
2007-01-15 17:32 689280 --a
C:\WINDOWS\system32\aswboot.exe
2007-01-15 17:23 90112 --a
C:\WINDOWS\system32\avastss.scr
2007-01-08 19:01 17408 --a
C:\WINDOWS\system32\corpol.dll
(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries & legit default entries are not shown
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\ctfmon.exe"
"swg"="C:\\Program Files\\Google\\GoogleToolbarNotifier\\1.2.1128.5462\\GoogleToolbarNotifier.exe"
"MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.5.0_11\\bin\\jusched.exe\""
"avast!"="C:\\PROGRA~1\\ALWILS~1\\Avast4\\ashDisp.exe"
@=""
"Sony Ericsson PC Suite"="\"C:\\Program Files\\Sony Ericsson\\Mobile2\\Application Launcher\\Application Launcher.exe\" /startoptions"
"ZoneAlarm Client"="\"C:\\Program Files\\Zone Labs\\ZoneAlarm\\zlclient.exe\""
"REGSHAVE"="C:\\Program Files\\REGSHAVE\\REGSHAVE.EXE /AUTORUN"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{7D064D71-DD76-4596-90C0-921766AD560A}"=""
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"WPDShServiceObj"="{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\mllji
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
WudfServiceGroup REG_MULTI_SZ WUDFSvc\0\0
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4a174e79-8935-11db-9d1a-806d6172696f}]
Shell\AutoRun\command D:\SETUP.EXE
Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
********************************************************************
catchme 0.2 W2K/XP/Vista - userland rootkit detector by Gmer, 17 October 2006
http://www.gmer.net
scanning hidden processes ...
scanning hidden services ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0
********************************************************************
Completion time: 07-04-02 19:02:33
C:\ComboFix2.txt ... 07-03-27 12:59
Please post VundoFix report
Here it is
VundoFix V6.3.18
Checking Java version...
Java version is 1.5.0.3
Old versions of java are exploitable and should be removed.
Java version is 1.5.0.11
Scan started at 17:59:05 31/03/2007
Listing files found while scanning....
C:\WINDOWS\system32\cbxxvvs.dll
C:\WINDOWS\system32\ddcbyxu.dll
C:\WINDOWS\system32\ddcywxv.dll
C:\WINDOWS\system32\efccbaw.dll
C:\WINDOWS\system32\fccccba.dll
C:\WINDOWS\system32\gebyayy.dll
C:\WINDOWS\system32\jjkkj.ini
C:\WINDOWS\system32\jkkjj.dll
C:\WINDOWS\system32\mljgffd.dll
C:\WINDOWS\system32\mljgggd.dll
C:\WINDOWS\system32\mljjkhf.dll
C:\WINDOWS\system32\nnnnonm.dll
C:\WINDOWS\system32\opnnkhg.dll
C:\WINDOWS\system32\opnnkhh.dll
C:\WINDOWS\system32\qqstv.bak1
C:\WINDOWS\system32\qqstv.bak2
C:\WINDOWS\system32\qqstv.ini
C:\WINDOWS\system32\ssqqnol.dll
C:\WINDOWS\system32\urqnonk.dll
C:\WINDOWS\system32\vtsqq.dll
C:\WINDOWS\system32\wvutrrq.dll
C:\WINDOWS\system32\wvutuss.dll
Beginning removal...
Attempting to delete C:\WINDOWS\system32\cbxxvvs.dll
C:\WINDOWS\system32\cbxxvvs.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\ddcbyxu.dll
C:\WINDOWS\system32\ddcbyxu.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\ddcywxv.dll
C:\WINDOWS\system32\ddcywxv.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\efccbaw.dll
C:\WINDOWS\system32\efccbaw.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\fccccba.dll
C:\WINDOWS\system32\fccccba.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\gebyayy.dll
C:\WINDOWS\system32\gebyayy.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\jjkkj.ini
C:\WINDOWS\system32\jjkkj.ini Has been deleted!
Attempting to delete C:\WINDOWS\system32\jkkjj.dll
C:\WINDOWS\system32\jkkjj.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\mljgffd.dll
C:\WINDOWS\system32\mljgffd.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\mljgggd.dll
C:\WINDOWS\system32\mljgggd.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\mljjkhf.dll
C:\WINDOWS\system32\mljjkhf.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\nnnnonm.dll
C:\WINDOWS\system32\nnnnonm.dll Could not be deleted.
Attempting to delete C:\WINDOWS\system32\nnnnonm.dll
C:\WINDOWS\system32\nnnnonm.dll Could not be deleted.
Attempting to delete C:\WINDOWS\system32\opnnkhg.dll
C:\WINDOWS\system32\opnnkhg.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\opnnkhh.dll
C:\WINDOWS\system32\opnnkhh.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\qqstv.bak1
C:\WINDOWS\system32\qqstv.bak1 Has been deleted!
Attempting to delete C:\WINDOWS\system32\qqstv.bak2
C:\WINDOWS\system32\qqstv.bak2 Has been deleted!
Attempting to delete C:\WINDOWS\system32\qqstv.ini
C:\WINDOWS\system32\qqstv.ini Has been deleted!
Attempting to delete C:\WINDOWS\system32\ssqqnol.dll
C:\WINDOWS\system32\ssqqnol.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\urqnonk.dll
C:\WINDOWS\system32\urqnonk.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\vtsqq.dll
C:\WINDOWS\system32\vtsqq.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\wvutrrq.dll
C:\WINDOWS\system32\wvutrrq.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\wvutuss.dll
C:\WINDOWS\system32\wvutuss.dll Has been deleted!
Performing Repairs to the registry.
Done!
Beginning removal...
Attempting to delete C:\WINDOWS\system32\nnnnonm.dll
C:\WINDOWS\system32\nnnnonm.dll Has been deleted!
Performing Repairs to the registry.
Done!
VundoFix V6.3.18
Checking Java version...
Java version is 1.5.0.3
Old versions of java are exploitable and should be removed.
Java version is 1.5.0.11
Scan started at 13:52:16 01/04/2007
Listing files found while scanning....
C:\WINDOWS\system32\awtqopm.dll
C:\WINDOWS\system32\awttrqo.dll
C:\WINDOWS\system32\awttuur.dll
C:\WINDOWS\system32\cbxvwtu.dll
C:\WINDOWS\system32\ddcccax.dll
C:\WINDOWS\system32\ddcyxvv.dll
C:\WINDOWS\system32\efcbaxy.dll
C:\WINDOWS\system32\hggecca.dll
C:\WINDOWS\system32\jjjlm.bak1
C:\WINDOWS\system32\jjjlm.bak2
C:\WINDOWS\system32\jjjlm.ini
C:\WINDOWS\system32\jjjlm.ini2
C:\WINDOWS\system32\khfcbaa.dll
C:\WINDOWS\system32\khffccd.dll
C:\WINDOWS\system32\kvexwpju.ini
C:\WINDOWS\system32\mljjj.dll
C:\WINDOWS\system32\mljkjii.dll
C:\WINDOWS\system32\mllji.dll
C:\WINDOWS\system32\pmnllmm.dll
C:\WINDOWS\system32\pmnmljk.dll
C:\WINDOWS\system32\pmnopnn.dll
C:\WINDOWS\system32\pnflqdux.dll
C:\WINDOWS\system32\ssqoool.dll
C:\WINDOWS\system32\ujpwxevk.dll
C:\WINDOWS\system32\yayvwxu.dll
Beginning removal...
Attempting to delete C:\WINDOWS\system32\awtqopm.dll
C:\WINDOWS\system32\awtqopm.dll Could not be deleted.
Attempting to delete C:\WINDOWS\system32\awttrqo.dll
C:\WINDOWS\system32\awttrqo.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\awttuur.dll
C:\WINDOWS\system32\awttuur.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\cbxvwtu.dll
C:\WINDOWS\system32\cbxvwtu.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\ddcccax.dll
C:\WINDOWS\system32\ddcccax.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\ddcyxvv.dll
C:\WINDOWS\system32\ddcyxvv.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\efcbaxy.dll
C:\WINDOWS\system32\efcbaxy.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\hggecca.dll
C:\WINDOWS\system32\hggecca.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\jjjlm.bak1
C:\WINDOWS\system32\jjjlm.bak1 Has been deleted!
Attempting to delete C:\WINDOWS\system32\jjjlm.bak2
C:\WINDOWS\system32\jjjlm.bak2 Has been deleted!
Attempting to delete C:\WINDOWS\system32\jjjlm.ini
C:\WINDOWS\system32\jjjlm.ini Has been deleted!
Attempting to delete C:\WINDOWS\system32\jjjlm.ini2
C:\WINDOWS\system32\jjjlm.ini2 Has been deleted!
Attempting to delete C:\WINDOWS\system32\khfcbaa.dll
C:\WINDOWS\system32\khfcbaa.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\khffccd.dll
C:\WINDOWS\system32\khffccd.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\kvexwpju.ini
C:\WINDOWS\system32\kvexwpju.ini Has been deleted!
Attempting to delete C:\WINDOWS\system32\mljjj.dll
C:\WINDOWS\system32\mljjj.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\mljkjii.dll
C:\WINDOWS\system32\mljkjii.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\pmnllmm.dll
C:\WINDOWS\system32\pmnllmm.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\pmnmljk.dll
C:\WINDOWS\system32\pmnmljk.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\pmnopnn.dll
C:\WINDOWS\system32\pmnopnn.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\pnflqdux.dll
C:\WINDOWS\system32\pnflqdux.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\ssqoool.dll
C:\WINDOWS\system32\ssqoool.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\ujpwxevk.dll
C:\WINDOWS\system32\ujpwxevk.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\yayvwxu.dll
C:\WINDOWS\system32\yayvwxu.dll Has been deleted!
Performing Repairs to the registry.
Done!
Beginning removal...
Attempting to delete C:\WINDOWS\system32\awtqopm.dll
C:\WINDOWS\system32\awtqopm.dll Has been deleted!
Performing Repairs to the registry.
Done!
VundoFix V6.3.18
Checking Java version...
Java version is 1.5.0.3
Old versions of java are exploitable and should be removed.
Java version is 1.5.0.11
Scan started at 16:48:06 01/04/2007
Listing files found while scanning....
C:\WINDOWS\system32\awtsq.dll
C:\WINDOWS\system32\awtsr.dll
C:\WINDOWS\system32\mllji.dll
C:\WINDOWS\system32\mojbufxw.ini
C:\WINDOWS\system32\qstwa.bak1
C:\WINDOWS\system32\qstwa.ini
C:\WINDOWS\system32\rstwa.bak1
C:\WINDOWS\system32\rstwa.ini
C:\WINDOWS\system32\vjtkkurt.dll
C:\WINDOWS\system32\wxfubjom.dll
Beginning removal...
Attempting to delete C:\WINDOWS\system32\awtsq.dll
C:\WINDOWS\system32\awtsq.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\awtsr.dll
C:\WINDOWS\system32\awtsr.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\mojbufxw.ini
C:\WINDOWS\system32\mojbufxw.ini Has been deleted!
Attempting to delete C:\WINDOWS\system32\qstwa.bak1
C:\WINDOWS\system32\qstwa.bak1 Has been deleted!
Attempting to delete C:\WINDOWS\system32\qstwa.ini
C:\WINDOWS\system32\qstwa.ini Has been deleted!
Attempting to delete C:\WINDOWS\system32\rstwa.bak1
C:\WINDOWS\system32\rstwa.bak1 Has been deleted!
Attempting to delete C:\WINDOWS\system32\rstwa.ini
C:\WINDOWS\system32\rstwa.ini Has been deleted!
Attempting to delete C:\WINDOWS\system32\vjtkkurt.dll
C:\WINDOWS\system32\vjtkkurt.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\wxfubjom.dll
C:\WINDOWS\system32\wxfubjom.dll Has been deleted!
Performing Repairs to the registry.
Done!
VundoFix V6.3.18
Checking Java version...
Java version is 1.5.0.3
Old versions of java are exploitable and should be removed.
Java version is 1.5.0.11
Scan started at 17:44:59 02/04/2007
Listing files found while scanning....
C:\WINDOWS\system32\mllji.dll
Beginning removal...
Attempting to delete C:\WINDOWS\system32\yalefqkf.dll
C:\WINDOWS\system32\yalefqkf.dll Has been deleted!
Performing Repairs to the registry.
Done!
VundoFix V6.3.18
Checking Java version...
Java version is 1.5.0.3
Old versions of java are exploitable and should be removed.
Java version is 1.5.0.11
Open HijackThis, press do a system scan only, checkmark these lines:
O2 - BHO: (no name) - {0EC487D2-919D-4F49-98A5-49C06C518B0c} - C:\WINDOWS\system32\yalefqkf.dll (file missing)
O2 - BHO: (no name) - {2269F137-F806-45A4-8300-553E2B6D1212} - C:\WINDOWS\system32\yalefqkf.dll (file missing)
O2 - BHO: (no name) - {53BCCC17-5BE4-4ED8-A99F-225C11371A00} - C:\WINDOWS\system32\yalefqkf.dll (file missing)
O2 - BHO: (no name) - {CA00E36B-FD7C-4591-AF3C-A1C74F21407f} - C:\WINDOWS\system32\yalefqkf.dll (file missing)
O20 - Winlogon Notify: mllji - C:\WINDOWS\system32\mllji.dll (file missing)
Next, press Fix checked.
Post these files to virustotal and post results here:
C:\DOCUME~1\Graham\oe.exe
C:\DOCUME~1\Graham\usi.exe
Note. Send only one and after that an other
1. Go to start -> run.
type this in box and click ok
"%userprofile%\desktop\combofix.exe" /v fosasfpi sktldoeo xrcgfbjv
2. When finished, it shall produce a log for you. Post that log in your next reply
3. Reboot
Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall
Please make a hidden files be seems:
1. Close all programs so that you are at your desktop.
2. Double-click on the My Computer icon.
3. Select the Tools menu and click Folder Options.
4. After the new window appears select the View tab.
5. Put a checkmark in the checkbox labeled Display the contents of system folders.
6. Under the Hidden files and folders section select the radio button labeled Show hidden files and folders.
7. Remove the checkmark from the checkbox labeled Hide file extensions for known file types.
8. Remove the checkmark from the checkbox labeled Hide protected operating system files.
9. Press the Apply button and then the OK button and shutdown My Computer.
10. Now your computer is configured to show all hidden files.
Reboot your computer in Safe mode:
# Restart your computer.
# When the machine first starts again it will generally list some equipment that is installed in your machine, amount of memory, hard drives installed etc. At this point you should gently tap the F8 key repeatedly until you are presented with a Windows XP Advanced Options menu.
# Select the option for Safe Mode using the arrow keys.
# Then press enter on your keyboard to boot into Safe Mode.
Once in Safe mode:
Delete this file:
C:\DOCUME~1\Sharon\x.exe
Reboot your computer in normal mode.
Please post a fresh HijackThis log, combofix log and virustotal results
Here is my ComboFix Log
"Sharon" - 07-04-03 18:11:40 Service Pack 2
ComboFix 07-03-27.4 - Running from: "C:\Documents and Settings\Sharon\desktop"
Command switches used :: /v fosasfpi sktldoeo xrcgfbjv
(((((((((((((((((((((((((((((((((((((((((((((((((( V Log )))))))))))))))))))))))))))))))))))))))))))))))))))))))
C:\WINDOWS\system32\fosasfpi.dll
C:\WINDOWS\system32\sktldoeo.dll
C:\WINDOWS\system32\xrcgfbjv.dll
* * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
((((((((((((((((((((((((((((((( Files Created from 2007-03-03 to 2007-04-03 ))))))))))))))))))))))))))))))))))
2007-04-01 14:19 3,968 --a
C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-03-31 20:57 602,112 --a
C:\DOCUME~1\Sharon\x.exe
2007-03-29 22:23 71,654 --a
C:\DOCUME~1\Graham\oe.exe
2007-03-29 22:04 71,654 --a
C:\DOCUME~1\Graham\usi.exe
2007-03-29 13:14 <DIR> d
C:\VundoFix Backups
2007-03-28 23:25 <DIR> d
C:\DOCUME~1\Graham\APPLIC~1\FUJIFILM
2007-03-28 23:18 8,096
C:\WINDOWS\system32\drivers\MASPINT.SYS
2007-03-28 23:18 4,030
C:\WINDOWS\system\WINASPI.DLL
2007-03-28 23:18 30,208
C:\WINDOWS\system32\WNASPI32.DLL
2007-03-28 23:18 2,486
C:\WINDOWS\system\AS16POST.BIN
2007-03-28 23:18 <DIR> d
C:\MWASPI
2007-03-28 23:13 <DIR> d
C:\Program Files\PIXELA
2007-03-28 23:12 401,408 --a
C:\WINDOWS\system32\FE05F3D6.dll
2007-03-28 23:12 401,408 --a
C:\WINDOWS\system32\FE05EFED.dll
2007-03-28 23:12 380,928 --a
C:\WINDOWS\system32\FE05F3D7.dll
2007-03-28 23:12 299,008 --a
C:\WINDOWS\system32\FE05F3D5.dll
2007-03-28 23:12 299,008 --a
C:\WINDOWS\system32\FE05F051.dll
2007-03-28 23:12 299,008 --a
C:\WINDOWS\system32\FE05DA0D.dll
2007-03-28 23:12 106,496 --a
C:\WINDOWS\system32\FPXS2Pro.dll
2007-03-28 23:10 274,432 --a
C:\WINDOWS\system32\FFTIFF16.dll
2007-03-28 23:10 159,744 --a
C:\WINDOWS\system32\FFRAFLIB.DLL
2007-03-28 23:09 <DIR> d
C:\Program Files\FinePixViewer
2007-03-28 23:07 81,924
C:\WINDOWS\system32\drivers\VC4CB104.SYS
2007-03-28 23:07 69,632
C:\WINDOWS\system32\FREGSHEX.DLL
2007-03-28 23:07 65,536
C:\WINDOWS\system32\FINFCHECK.dll
2007-03-28 23:07 45,056
C:\WINDOWS\system32\FINFCOPY.dll
2007-03-28 23:07 45,056
C:\WINDOWS\system32\FCLKBTN.DLL
2007-03-28 23:07 <DIR> d
C:\Program Files\REGSHAVE
2007-03-28 15:43 75,512 --a
C:\WINDOWS\zllsputility.exe
2007-03-28 15:43 4,212 ---h
C:\WINDOWS\system32\zllictbl.dat
2007-03-28 15:43 11,264 --a
C:\WINDOWS\system32\SpOrder.dll
2007-03-28 15:42 1,087,216 --a
C:\WINDOWS\system32\zpeng24.dll
2007-03-28 15:42 <DIR> d
C:\WINDOWS\system32\ZoneLabs
2007-03-28 15:41 <DIR> d
C:\WINDOWS\Internet Logs
2007-03-28 15:14 118,784 --a
C:\WINDOWS\system32\MSSTDFMT.DLL
2007-03-28 15:14 <DIR> d
C:\Program Files\SpywareBlaster
2007-03-26 22:56 <DIR> d
C:\DOCUME~1\WINXP~1\APPLIC~1\Apple Computer
2007-03-26 21:40 <DIR> d
C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
2007-03-26 08:36 <DIR> d
C:\DOCUME~1\DAVETH~1\APPLIC~1\Apple Computer
2007-03-25 06:35 <DIR> d
C:\DOCUME~1\Graham\APPLIC~1\Apple Computer
2007-03-25 06:28 <DIR> d
C:\Program Files\Apple Software Update
2007-03-25 06:28 <DIR> d
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer
2007-03-24 06:44 <DIR> d
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Yahoo! Companion
2007-03-24 02:03 <DIR> d
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Yahoo!
2007-03-24 01:58 <DIR> d
C:\Program Files\Yahoo!
2007-03-10 23:18 69,698 --a
C:\WINDOWS\distro_uPlayMe_stub_973387.exe
2007-03-10 23:17 <DIR> d
C:\WINDOWS\system32\UpMedia
2007-03-10 23:08 <DIR> d
C:\Program Files\DFX
2007-03-10 21:17 <DIR> d
C:\DOCUME~1\Graham\APPLIC~1\Jasc Software Inc
2007-03-10 18:03 <DIR> d
C:\Program Files\MSECache
2007-03-04 18:36 <DIR> d
C:\DOCUME~1\Graham\APPLIC~1\Teleca
2007-03-04 15:50 <DIR> d
C:\Program Files\uMark Lite
2007-03-03 16:01 30,921 --a
C:\WINDOWS\system32\drivers\SQCaptur.sys
2007-03-03 16:01 25,449 --a
C:\WINDOWS\system32\drivers\SQCamD.sys
2007-03-03 15:52 85,376 --a
C:\WINDOWS\system32\drivers\NABTSFEC.sys
2007-03-03 15:52 5,504 --a
C:\WINDOWS\system32\drivers\MSTEE.sys
2007-03-03 15:52 19,328 --a
C:\WINDOWS\system32\drivers\WSTCODEC.SYS
2007-03-03 15:52 17,024 --a
C:\WINDOWS\system32\drivers\CCDECODE.sys
2007-03-03 15:52 15,360 --a
C:\WINDOWS\system32\drivers\StreamIP.sys
2007-03-03 15:52 11,136 --a
C:\WINDOWS\system32\drivers\SLIP.sys
2007-03-03 15:52 10,880 --a
C:\WINDOWS\system32\drivers\NdisIP.sys
2007-03-03 15:51 53,760 --a
C:\WINDOWS\system32\vfwwdm32.dll
(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))
2007-03-05 18:26 28672 --a
C:\WINDOWS\system32\f3pssavr.scr
2007-03-01 22:43
d
C:\Program Files\c-evo
2007-02-28 23:43
d
C:\Program Files\irfanview
2007-02-28 03:00
d
C:\Program Files\msxml 4.0
2007-02-28 00:22
d
C:\DOCUME~1\Sharon\APPLIC~1\teleca
2007-02-27 14:19
d
C:\Program Files\disc2phone
2007-02-27 14:07
d
C:\Program Files\sony ericsson
2007-02-27 14:07
d
C:\Program Files\Common Files\teleca shared
2007-02-27 14:04 6176 --a
C:\WINDOWS\system32\drivers\w810cm.sys
2007-02-27 14:04 5808 --a
C:\WINDOWS\system32\drivers\w810wh.sys
2007-02-20 17:24 1177 --a
C:\WINDOWS\mozver.dat
2007-02-20 16:28 0 --a
C:\WINDOWS\nsreg.dat
2007-02-18 22:46
d
C:\Program Files\partygaming
2007-02-18 16:40
d
C:\DOCUME~1\Sharon\APPLIC~1\help
2007-02-18 16:39
d
C:\Program Files\ulead systems
2007-02-17 19:34
d
C:\Program Files\lavasoft
2007-02-17 19:34
d
C:\Program Files\Common Files\wise installation wizard
2007-02-17 19:34
d
C:\DOCUME~1\Sharon\APPLIC~1\lavasoft
2007-02-17 18:46
d
C:\DOCUME~1\Sharon\APPLIC~1\adobeum
2007-02-17 18:46
d
C:\DOCUME~1\Sharon\APPLIC~1\adobe
2007-02-17 16:31
d
C:\DOCUME~1\Sharon\APPLIC~1\openoffice.org2
2007-02-17 15:40
d
C:\Program Files\alwil software
2007-02-17 01:05
d
C:\Program Files\Common Files\jasc software inc
2007-02-17 01:05
d
C:\DOCUME~1\Sharon\APPLIC~1\jasc software inc
2007-02-17 01:03
d
C:\DOCUME~1\Sharon\APPLIC~1\jasc
2007-02-17 01:01
d
C:\Program Files\jasc software inc
2007-02-16 23:16
d
C:\DOCUME~1\Sharon\APPLIC~1\inkscape
2007-02-15 23:26
d
C:\Program Files\real
2007-02-15 23:25
d
C:\Program Files\windows live toolbar
2007-02-15 23:22
d
C:\Program Files\msn messenger
2007-02-15 20:56
d
C:\Program Files\google
2007-02-15 20:36
d
C:\Program Files\java
2007-02-15 20:33
d
C:\Program Files\Common Files\java
2007-01-19 12:53 51056 --a
C:\WINDOWS\system32\sirenacm.dll
2007-01-15 17:32 689280 --a
C:\WINDOWS\system32\aswboot.exe
2007-01-15 17:23 90112 --a
C:\WINDOWS\system32\avastss.scr
2007-01-08 19:01 17408 --a
C:\WINDOWS\system32\corpol.dll
(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries & legit default entries are not shown
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\ctfmon.exe"
"swg"="C:\\Program Files\\Google\\GoogleToolbarNotifier\\1.2.1128.5462\\GoogleToolbarNotifier.exe"
"MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.5.0_11\\bin\\jusched.exe\""
"avast!"="C:\\PROGRA~1\\ALWILS~1\\Avast4\\ashDisp.exe"
@=""
"Sony Ericsson PC Suite"="\"C:\\Program Files\\Sony Ericsson\\Mobile2\\Application Launcher\\Application Launcher.exe\" /startoptions"
"ZoneAlarm Client"="\"C:\\Program Files\\Zone Labs\\ZoneAlarm\\zlclient.exe\""
"REGSHAVE"="C:\\Program Files\\REGSHAVE\\REGSHAVE.EXE /AUTORUN"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{7D064D71-DD76-4596-90C0-921766AD560A}"=""
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"WPDShServiceObj"="{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
WudfServiceGroup REG_MULTI_SZ WUDFSvc\0\0
Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
********************************************************************
catchme 0.2 W2K/XP/Vista - userland rootkit detector by Gmer, 17 October 2006
http://www.gmer.net
scanning hidden processes ...
scanning hidden services ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0
********************************************************************
Completion time: 07-04-03 18:21:54
C:\ComboFix3.txt ... 07-03-27 12:59
C:\ComboFix2.txt ... 07-04-02 19:02
Here is my HJT log
Logfile of HijackThis v1.99.1
Scan saved at 18:47:13, on 03/04/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZONELABS\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\OpenOffice.org 2.0\program\soffice.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\OpenOffice.org 2.0\program\soffice.BIN
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\HijackThis\Scanner.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://uk.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://uk.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://uk.search.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://uk.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://uk.search.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Startup: OpenOffice.org 2.0.lnk = C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe
O4 - Global Startup: Ulead Photo Express 4.0 SE Calendar Checker .lnk = C:\Program Files\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: Compare Prices with &Dealio - C:\Program Files\Dealio\kb103\res\DealioSearch.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1165854538114
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZONELABS\vsmon.exe
I haven't got the results of the other test yet but I'll post the results as soonas I get them
First for C:\DOCUME~1\Graham\oe.exe
omplete scanning result of "=?utf-8?q?oe.exe?=", processed in VirusTotal at 04/03/2007 22:56:54 (CET).
[ file data ]
* name: =?utf-8?q?oe.exe?=
* size: 71654
* md5.: d6c93ff10cf7a20eea83d74c2d63f79b
* sha1: d954d6349a552d209d05bd24f93845579a8da332
[ scan result ]
AhnLab-V3 2007.4.4.0/20070403 found nothing
AntiVir 7.3.1.48/20070403 found nothing
Authentium 4.93.8/20070403 found nothing
Avast 4.7.936.0/20070403 found nothing
AVG 7.5.0.447/20070403 found nothing
BitDefender 7.2/20070403 found nothing
CAT-QuickHeal 9.00/20070403 found [(Suspicious) - DNAScan]
ClamAV devel-20070312/20070403 found nothing
DrWeb 4.33/20070403 found nothing
eSafe 7.0.15.0/20070403 found [suspicious Trojan/Worm]
eTrust-Vet 30.6.3536/20070403 found nothing
Ewido 4.0/20070403 found nothing
F-Prot 4.3.1.45/20070403 found nothing
F-Secure 6.70.13030.0/20070403 found nothing
FileAdvisor 1/20070403 found nothing
Fortinet 2.85.0.0/20070403 found [suspicious]
Ikarus T3.1.1.3/20070403 found nothing
Kaspersky 4.0.2.24/20070403 found nothing
McAfee 4999/20070403 found nothing
Microsoft 1.2306/20070403 found nothing
NOD32v2 2167/20070403 found nothing
Norman 5.80.02/20070403 found nothing
Panda 9.0.0.4/20070403 found [Suspicious file]
Prevx1 V2/20070403 found nothing
Sophos 4.16.0/20070330 found nothing
Sunbelt 2.2.907.0/20070403 found [VIPRE.Suspicious]
Symantec 10/20070403 found nothing
TheHacker 6.1.6.084/20070402 found nothing
VBA32 3.11.3/20070403 found nothing
VirusBuster 4.3.7:9/20070403 found nothing
Webwasher-Gateway 6.0.1/20070403 found [Win32.Malware.gen (suspicious)]
[ notes ]
Sunbelt info: VIPRE.Suspicious is a generic detection for potential threats that are deemed suspicious through heuristics.
Now the one for C:\DOCUME~1\Graham\usi.exe
Complete scanning result of "=?utf-8?q?usi.exe?=", processed in VirusTotal at 04/03/2007 23:02:53 (CET).
[ file data ]
* name: =?utf-8?q?usi.exe?=
* size: 71654
* md5.: d6c93ff10cf7a20eea83d74c2d63f79b
* sha1: d954d6349a552d209d05bd24f93845579a8da332
[ scan result ]
AhnLab-V3 2007.4.4.0/20070403 found nothing
AntiVir 7.3.1.48/20070403 found nothing
Authentium 4.93.8/20070403 found nothing
Avast 4.7.936.0/20070403 found nothing
AVG 7.5.0.447/20070403 found nothing
BitDefender 7.2/20070403 found nothing
CAT-QuickHeal 9.00/20070403 found [(Suspicious) - DNAScan]
ClamAV devel-20070312/20070403 found nothing
DrWeb 4.33/20070403 found nothing
eSafe 7.0.15.0/20070403 found [suspicious Trojan/Worm]
eTrust-Vet 30.6.3536/20070403 found nothing
Ewido 4.0/20070403 found nothing
F-Prot 4.3.1.45/20070403 found nothing
F-Secure 6.70.13030.0/20070403 found nothing
FileAdvisor 1/20070403 found nothing
Fortinet 2.85.0.0/20070403 found [suspicious]
Ikarus T3.1.1.3/20070403 found nothing
Kaspersky 4.0.2.24/20070403 found nothing
McAfee 4999/20070403 found nothing
Microsoft 1.2306/20070403 found nothing
NOD32v2 2167/20070403 found nothing
Norman 5.80.02/20070403 found nothing
Panda 9.0.0.4/20070403 found [Suspicious file]
Prevx1 V2/20070403 found nothing
Sophos 4.16.0/20070330 found nothing
Sunbelt 2.2.907.0/20070403 found [VIPRE.Suspicious]
TheHacker 6.1.6.084/20070402 found nothing
VBA32 3.11.3/20070403 found nothing
VirusBuster 4.3.7:9/20070403 found nothing
Webwasher-Gateway 6.0.1/20070403 found [Win32.Malware.gen (suspicious)]
[ notes ]
Sunbelt info: VIPRE.Suspicious is a generic detection for potential threats that are deemed suspicious through heuristics.
Please download the Killbox.
Unzip it to the desktop but do NOT run it yet.
Copy the text to a Notepad file and save it to your desktop! We will need the file later.
Then please reboot into Safe Mode by restarting your computer and pressing F8 as your computer is booting up. Then select the Safe Mode option.
Once in Safe Mode, please run Killbox.
Select "Delete on Reboot".
Open the text file with these instructions in it, and copy the file names below to the clipboard by highlighting them and pressing Control-C:
- C:\WINDOWS\system32\f3pssavr.scr
Return to Killbox, go to the File menu, and choose "Paste from Clipboard".C:\DOCUME~1\Sharon\x.exe
C:\DOCUME~1\Graham\oe.exe
C:\DOCUME~1\Graham\usi.exe
Click the red-and-white "Delete File" button. Click "Yes" at the Delete on Reboot prompt. Click "No" at the Pending Operations prompt.
If your computer does not restart automatically, please restart it manually.
Please Scan again ComboFix and post a log to your next reply:D
Here's the ComboFix log
"Sharon" - 07-04-04 16:58:58 Service Pack 2
ComboFix 07-03-27.4 - Running from: "C:\Documents and Settings\Sharon\Desktop"
((((((((((((((((((((((((((((((( Files Created from 2007-03-04 to 2007-04-04 ))))))))))))))))))))))))))))))))))
2007-04-04 16:35 <DIR> d
C:\!KillBox
2007-04-04 16:34 <DIR> d--hs---- C:\WINDOWS\CSC
2007-04-01 14:19 3,968 --a
C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-03-29 13:14 <DIR> d
C:\VundoFix Backups
2007-03-28 23:25 <DIR> d
C:\DOCUME~1\Graham\APPLIC~1\FUJIFILM
2007-03-28 23:18 8,096
C:\WINDOWS\system32\drivers\MASPINT.SYS
2007-03-28 23:18 4,030
C:\WINDOWS\system\WINASPI.DLL
2007-03-28 23:18 30,208
C:\WINDOWS\system32\WNASPI32.DLL
2007-03-28 23:18 2,486
C:\WINDOWS\system\AS16POST.BIN
2007-03-28 23:18 <DIR> d
C:\MWASPI
2007-03-28 23:13 <DIR> d
C:\Program Files\PIXELA
2007-03-28 23:12 401,408 --a
C:\WINDOWS\system32\FE05F3D6.dll
2007-03-28 23:12 401,408 --a
C:\WINDOWS\system32\FE05EFED.dll
2007-03-28 23:12 380,928 --a
C:\WINDOWS\system32\FE05F3D7.dll
2007-03-28 23:12 299,008 --a
C:\WINDOWS\system32\FE05F3D5.dll
2007-03-28 23:12 299,008 --a
C:\WINDOWS\system32\FE05F051.dll
2007-03-28 23:12 299,008 --a
C:\WINDOWS\system32\FE05DA0D.dll
2007-03-28 23:12 106,496 --a
C:\WINDOWS\system32\FPXS2Pro.dll
2007-03-28 23:10 274,432 --a
C:\WINDOWS\system32\FFTIFF16.dll
2007-03-28 23:10 159,744 --a
C:\WINDOWS\system32\FFRAFLIB.DLL
2007-03-28 23:09 <DIR> d
C:\Program Files\FinePixViewer
2007-03-28 23:07 81,924
C:\WINDOWS\system32\drivers\VC4CB104.SYS
2007-03-28 23:07 69,632
C:\WINDOWS\system32\FREGSHEX.DLL
2007-03-28 23:07 65,536
C:\WINDOWS\system32\FINFCHECK.dll
2007-03-28 23:07 45,056
C:\WINDOWS\system32\FINFCOPY.dll
2007-03-28 23:07 45,056
C:\WINDOWS\system32\FCLKBTN.DLL
2007-03-28 23:07 <DIR> d
C:\Program Files\REGSHAVE
2007-03-28 15:43 75,512 --a
C:\WINDOWS\zllsputility.exe
2007-03-28 15:43 4,212 ---h
C:\WINDOWS\system32\zllictbl.dat
2007-03-28 15:43 11,264 --a
C:\WINDOWS\system32\SpOrder.dll
2007-03-28 15:42 1,087,216 --a
C:\WINDOWS\system32\zpeng24.dll
2007-03-28 15:42 <DIR> d
C:\WINDOWS\system32\ZoneLabs
2007-03-28 15:41 <DIR> d
C:\WINDOWS\Internet Logs
2007-03-28 15:14 118,784 --a
C:\WINDOWS\system32\MSSTDFMT.DLL
2007-03-28 15:14 <DIR> d
C:\Program Files\SpywareBlaster
2007-03-26 22:56 <DIR> d
C:\DOCUME~1\WINXP~1\APPLIC~1\Apple Computer
2007-03-26 21:40 <DIR> d
C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
2007-03-26 08:36 <DIR> d
C:\DOCUME~1\DAVETH~1\APPLIC~1\Apple Computer
2007-03-25 06:35 <DIR> d
C:\DOCUME~1\Graham\APPLIC~1\Apple Computer
2007-03-25 06:28 <DIR> d
C:\Program Files\Apple Software Update
2007-03-25 06:28 <DIR> d
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer
2007-03-24 06:44 <DIR> d
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Yahoo! Companion
2007-03-24 02:03 <DIR> d
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Yahoo!
2007-03-24 01:58 <DIR> d
C:\Program Files\Yahoo!
2007-03-10 23:18 69,698 --a
C:\WINDOWS\distro_uPlayMe_stub_973387.exe
2007-03-10 23:17 <DIR> d
C:\WINDOWS\system32\UpMedia
2007-03-10 23:08 <DIR> d
C:\Program Files\DFX
2007-03-10 21:17 <DIR> d
C:\DOCUME~1\Graham\APPLIC~1\Jasc Software Inc
2007-03-10 18:03 <DIR> d
C:\Program Files\MSECache
2007-03-04 18:36 <DIR> d
C:\DOCUME~1\Graham\APPLIC~1\Teleca
2007-03-04 15:50 <DIR> d
C:\Program Files\uMark Lite
(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))
2007-03-08 16:36 577536 --a
C:\WINDOWS\system32\user32.dll
2007-03-08 16:36 40960 --a
C:\WINDOWS\system32\mf3216.dll
2007-03-08 16:36 281600 --a
C:\WINDOWS\system32\gdi32.dll
2007-03-08 14:47 1843584 --a
C:\WINDOWS\system32\win32k.sys
2007-03-01 22:43
d
C:\Program Files\c-evo
2007-02-28 23:43
d
C:\Program Files\irfanview
2007-02-28 03:00
d
C:\Program Files\msxml 4.0
2007-02-28 00:22
d
C:\DOCUME~1\Sharon\APPLIC~1\teleca
2007-02-27 14:19
d
C:\Program Files\disc2phone
2007-02-27 14:07
d
C:\Program Files\sony ericsson
2007-02-27 14:07
d
C:\Program Files\Common Files\teleca shared
2007-02-27 14:04 6176 --a
C:\WINDOWS\system32\drivers\w810cm.sys
2007-02-27 14:04 5808 --a
C:\WINDOWS\system32\drivers\w810wh.sys
2007-02-20 17:24 1177 --a
C:\WINDOWS\mozver.dat
2007-02-20 16:28 0 --a
C:\WINDOWS\nsreg.dat
2007-02-18 22:46
d
C:\Program Files\partygaming
2007-02-18 16:40
d
C:\DOCUME~1\Sharon\APPLIC~1\help
2007-02-18 16:39
d
C:\Program Files\ulead systems
2007-02-17 19:34
d
C:\Program Files\lavasoft
2007-02-17 19:34
d
C:\Program Files\Common Files\wise installation wizard
2007-02-17 19:34
d
C:\DOCUME~1\Sharon\APPLIC~1\lavasoft
2007-02-17 18:46
d
C:\DOCUME~1\Sharon\APPLIC~1\adobeum
2007-02-17 18:46
d
C:\DOCUME~1\Sharon\APPLIC~1\adobe
2007-02-17 16:31
d
C:\DOCUME~1\Sharon\APPLIC~1\openoffice.org2
2007-02-17 15:40
d
C:\Program Files\alwil software
2007-02-17 01:05
d
C:\Program Files\Common Files\jasc software inc
2007-02-17 01:05
d
C:\DOCUME~1\Sharon\APPLIC~1\jasc software inc
2007-02-17 01:03
d
C:\DOCUME~1\Sharon\APPLIC~1\jasc
2007-02-17 01:01
d
C:\Program Files\jasc software inc
2007-02-16 23:16
d
C:\DOCUME~1\Sharon\APPLIC~1\inkscape
2007-02-15 23:26
d
C:\Program Files\real
2007-02-15 23:25
d
C:\Program Files\windows live toolbar
2007-02-15 23:22
d
C:\Program Files\msn messenger
2007-02-15 20:56
d
C:\Program Files\google
2007-02-15 20:36
d
C:\Program Files\java
2007-02-15 20:33
d
C:\Program Files\Common Files\java
2007-01-19 12:53 51056 --a
C:\WINDOWS\system32\sirenacm.dll
2007-01-15 17:32 689280 --a
C:\WINDOWS\system32\aswboot.exe
2007-01-15 17:23 90112 --a
C:\WINDOWS\system32\avastss.scr
2007-01-08 19:01 17408 --a
C:\WINDOWS\system32\corpol.dll
(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries & legit default entries are not shown
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\ctfmon.exe"
"swg"="C:\\Program Files\\Google\\GoogleToolbarNotifier\\1.2.1128.5462\\GoogleToolbarNotifier.exe"
"MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.5.0_11\\bin\\jusched.exe\""
"avast!"="C:\\PROGRA~1\\ALWILS~1\\Avast4\\ashDisp.exe"
@=""
"Sony Ericsson PC Suite"="\"C:\\Program Files\\Sony Ericsson\\Mobile2\\Application Launcher\\Application Launcher.exe\" /startoptions"
"ZoneAlarm Client"="\"C:\\Program Files\\Zone Labs\\ZoneAlarm\\zlclient.exe\""
"REGSHAVE"="C:\\Program Files\\REGSHAVE\\REGSHAVE.EXE /AUTORUN"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{7D064D71-DD76-4596-90C0-921766AD560A}"=""
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"WPDShServiceObj"="{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
WudfServiceGroup REG_MULTI_SZ WUDFSvc\0\0
Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
********************************************************************
catchme 0.2 W2K/XP/Vista - userland rootkit detector by Gmer, 17 October 2006
http://www.gmer.net
scanning hidden processes ...
scanning hidden services ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0
********************************************************************
Completion time: 07-04-04 17:01:32
C:\ComboFix3.txt ... 07-04-02 19:02
C:\ComboFix2.txt ... 07-04-03 18:21
Logfile of HijackThis v1.99.1
Scan saved at 19:51:29, on 04/04/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZONELABS\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe
C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe
C:\Program Files\OpenOffice.org 2.0\program\soffice.exe
C:\Program Files\OpenOffice.org 2.0\program\soffice.BIN
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\Program Files\HijackThis\Scanner.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://uk.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://uk.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://uk.search.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://uk.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://uk.search.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Startup: OpenOffice.org 2.0.lnk = C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe
O4 - Global Startup: Ulead Photo Express 4.0 SE Calendar Checker .lnk = C:\Program Files\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: Compare Prices with &Dealio - C:\Program Files\Dealio\kb103\res\DealioSearch.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1165854538114
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZONELABS\vsmon.exe
Open HijackThis, press do a system scan only, checkmark this line:
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
Next, press Fix checked.
Please Update your Java and Remove old Java Versions
- Download the latest version of Java Runtime Environment (JRE) 6u1 .<== scroll down the list to find THIS entry
- Click the "Download" button to the right.
- Check the box that says: "Accept License Agreement".
- The page will refresh.
- Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
Remove older Java Versions:- Close any programs you may have running - especially your web browser.
- Go to Start >> Control Panel double-click on Add/Remove Programs and remove all older versions of Java.
- Check any item with Java Runtime Environment (JRE or J2SE) in the name.
- Click the Remove or Change/Remove button.
- Repeat as many times as necessary to remove each Java versions.
- Reboot your computer once all Java components are removed.
Install latest Java Version:- From your desktop, double-click on jre-6-windows-i586.exe to install the newest version.
Post a fresh HijackThis logScan saved at 21:13:02, on 04/04/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZONELABS\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe
C:\Program Files\OpenOffice.org 2.0\program\soffice.exe
C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe
C:\Program Files\OpenOffice.org 2.0\program\soffice.BIN
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\HijackThis\Scanner.exe
C:\Program Files\HijackThis\Scanner.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://uk.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://uk.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://uk.search.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://uk.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://uk.search.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Startup: OpenOffice.org 2.0.lnk = C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe
O4 - Global Startup: Ulead Photo Express 4.0 SE Calendar Checker .lnk = C:\Program Files\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: Compare Prices with &Dealio - C:\Program Files\Dealio\kb103\res\DealioSearch.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\npjpi160_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\npjpi160_01.dll
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1165854538114
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZONELABS\vsmon.exe
Everything seems good. Do you have any problems?
Sharon