1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Infected by jkkjk.dll

Discussion in 'Virus & Other Malware Removal' started by glgold, Feb 16, 2007.

Thread Status:
Not open for further replies.
Advertisement
  1. glgold

    glgold Thread Starter

    Joined:
    Feb 16, 2007
    Messages:
    11
    I am getting BHO warnings from spyguard when I boot and Virus warning for NOD32 as well. I have tried deleting the jkkjk files withe HJT but after reboot they are still there.

    Please help me clean it up.

    Following is a copy of my HJT log:

    Logfile of HijackThis v1.99.1
    Scan saved at 8:12:37 AM, on 2/16/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16414)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\System32\SCardSvr.exe
    C:\Program Files\Common Files\ActivCard\acachsrv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Common Files\ActivCard\acautoreg.exe
    C:\Program Files\Common Files\ActivCard\accoca.exe
    C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
    C:\WINDOWS\system32\E_S00RP1.EXE
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    C:\Program Files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe
    C:\Program Files\Eset\nod32krn.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\oodag.exe
    C:\WINDOWS\system32\SAgent4.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\msnmsgr.exe
    C:\Program Files\Windows Media Player\WMPNetwk.exe
    C:\WINDOWS\system32\devldr32.exe
    C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
    C:\WINDOWS\system32\taskswitch.exe
    C:\Program Files\Eset\nod32kui.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\Program Files\ActivCard\ActivCard Gold\acevtsrv.exe
    C:\WINDOWS\System32\alg.exe
    C:\WINDOWS\system32\msmsgr.exe
    C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE
    C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Microsoft ActiveSync\WCESMgr.exe
    C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE
    C:\KeyPass\KeePass.exe
    C:\WALLPA~1.90\WALLPA~1.EXE
    C:\Program Files\Windows Media Player\WMPNSCFG.exe
    C:\Program Files\ActivCard\ActivCard Gold\agquickp.exe
    C:\Program Files\PowerMenu\PowerMenu.exe
    C:\Program Files\HDDlife\HDDlifePro.exe
    C:\Program Files\SpywareGuard\sgmain.exe
    C:\Program Files\Trillian\trillian.exe
    C:\Program Files\SpywareGuard\sgbhp.exe
    C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
    O2 - BHO: (no name) - {2FBD6BBB-66EC-4227-A7D5-F5E720F1FBDA} - C:\WINDOWS\system32\geedd.dll (file missing)
    O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
    O2 - BHO: FiltrateIE Class - {B5D4581D-ED6A-4905-A267-25BAF7BE79C1} - C:\WINDOWS\system32\safeie.dll
    O2 - BHO: (no name) - {B5E77A25-8054-4098-8E1C-487B59FE2D3C} - C:\WINDOWS\system32\ddcayyx.dll
    O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll
    O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
    O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
    O3 - Toolbar: Stumble&Upon - {22D003CE-6952-46C5-80B9-D19B479620AB} - C:\WINDOWS\system32\s1927.dll
    O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
    O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [CoolSwitch] C:\WINDOWS\system32\taskswitch.exe
    O4 - HKLM\..\Run: [TkBellExe] rem "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
    O4 - HKLM\..\Run: [HealthMonitor] C:\Program Files\HealthMonitor\Interface.exe
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [EPSON Stylus CX4800 Series (Copy 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE /P35 "EPSON Stylus CX4800 Series (Copy 1)" /O6 "USB002" /M "Stylus CX4800"
    O4 - HKLM\..\Run: [SoundMan] rem SOUNDMAN.EXE
    O4 - HKLM\..\Run: [acEventServ] "C:\Program Files\ActivCard\ActivCard Gold\acevtsrv.exe"
    O4 - HKLM\..\Run: [Microsoft System Firewall 2006.2] msmsgr.exe
    O4 - HKLM\..\RunServices: [Microsoft System Firewall 2006.2] msmsgr.exe
    O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
    O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [WeatherAlarmClock] rem C:\Program Files\Weather Alarm Clock\WeatherAlarmClock.exe
    O4 - HKCU\..\Run: [EPSON Stylus CX4800 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE /P26 "EPSON Stylus CX4800 Series" /M "Stylus CX4800" /EF "HKCU"
    O4 - HKCU\..\Run: [KeePass Password Safe] C:\KeyPass\KeePass.exe
    O4 - HKCU\..\Run: [WallPaper] C:\WALLPA~1.90\WALLPA~1.EXE /h
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - Startup: HDDlife.lnk = C:\Program Files\HDDlife\HDDlifePro.exe
    O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
    O4 - Startup: Trillian.lnk = C:\Program Files\Trillian\trillian.exe
    O4 - Global Startup: ActivCard Gold Smart Card Agent.lnk = C:\Program Files\ActivCard\ActivCard Gold\agquickp.exe
    O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
    O4 - Global Startup: PowerMenu.lnk = C:\Program Files\PowerMenu\PowerMenu.exe
    O8 - Extra context menu item: &Download all by WellGet - C:\Program Files\WellGet\nxall.htm
    O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm
    O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm
    O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Download by &WellGet - C:\Program Files\WellGet\nxcatch.htm
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: StumbleUpon: &Blog This - res://C:\WINDOWS\system32\s1927.dll/blogimage
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll
    O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll
    O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll
    O9 - Extra button: WellGet - {35980F6E-A258-4E50-953D-813BB8556899} - C:\Program Files\WellGet\WellGet.exe
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
    O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
    O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
    O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra button: Add to TimeLeft Auction Watch - {21196042-830F-419f-A594-F9D456A6C29A} - C:\Program Files\TimeLeft3\TLIntergIE.html (HKCU)
    O9 - Extra 'Tools' menuitem: Add to TimeLeft Auction Watch - {21196042-830F-419f-A594-F9D456A6C29A} - C:\Program Files\TimeLeft3\TLIntergIE.html (HKCU)
    O11 - Options group: [INTERNATIONAL] International*
    O16 - DPF: {0D6709DD-4ED8-40CA-B459-2757AEEF7BEE} (Dldrv2 Control) - http://download.gigabyte.com.tw/object/Dldrv.ocx
    O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.goldenram.com/upgradedetect/upgradedetect.cab?1032
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1169212142984
    O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} - http://www.nick.com/common/groove/gx/GrooveAX27.cab
    O16 - DPF: {814EA0DA-E0D9-4AA4-833C-A1A6D38E79E9} (DASWebDownload Class) - http://das.microsoft.com/activate/cab/x86/i486/NTANSI/retail/DASAct.cab
    O16 - DPF: {82F2D6B2-6C58-4404-A930-9DB0FD90D4B1} (Driver_Detective_v43_Non_Member.DD_v43) - http://www.drivershq.com/cab/prod/Driver_Detective_v43_Non_Member.CAB
    O16 - DPF: {BDEE1959-AB6B-4745-A29B-F492861102CC} -
    O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712...amai.com/6712/player/install3.5/installer.exe
    O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://download.games.yahoo.com/games/web_games/popcap/bejeweled2/popcaploader_v6.cab
    O20 - Winlogon Notify: acAuth - C:\WINDOWS\SYSTEM32\acauth.dll
    O20 - Winlogon Notify: ddcayyx - C:\WINDOWS\SYSTEM32\ddcayyx.dll
    O20 - Winlogon Notify: ddcywtt - C:\WINDOWS\SYSTEM32\ddcywtt.dll
    O20 - Winlogon Notify: gebyyvw - C:\WINDOWS\SYSTEM32\gebyyvw.dll
    O20 - Winlogon Notify: geedd - C:\WINDOWS\system32\geedd.dll (file missing)
    O20 - Winlogon Notify: jkkjg - C:\WINDOWS\system32\jkkjg.dll
    O20 - Winlogon Notify: jkkjk - C:\WINDOWS\system32\jkkjk.dll (file missing)
    O20 - Winlogon Notify: RegCompact - C:\WINDOWS\SYSTEM32\RegCompact.dll
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
    O23 - Service: ActivCard Authentication Service (ACachSrv) - ActivCard - C:\Program Files\Common Files\ActivCard\acachsrv.exe
    O23 - Service: ActivCard Gold Autoregister (acautoreg) - ActivCard S.A. - C:\Program Files\Common Files\ActivCard\acautoreg.exe
    O23 - Service: ActivCard Gold service (Accoca) - ActivCard - C:\Program Files\Common Files\ActivCard\accoca.exe
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
    O23 - Service: EPSON V3 Service2(03) (EPSON_PM_RPCV2_01) - SEIKO EPSON CORPORATION - C:\WINDOWS\system32\E_S00RP1.EXE
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: mental ray 3.5 Satellite (32-bit) (mi-raysat_3dsmax9_32) - Unknown owner - C:\Program Files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe
    O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
    O23 - Service: Epson Printer Status Agent4 (StatusAgent4) - SEIKO EPSON CORPORATION - C:\WINDOWS\system32\SAgent4.exe
    O23 - Service: Windows Server Management Services (WSMSPSVC) - Unknown owner - C:\WINDOWS\msnmsgr.exe
     
  2. JSntgRvr

    JSntgRvr Moderator Malware Specialist

    Joined:
    Jul 1, 2003
    Messages:
    18,552
    First Name:
    José
    Hi, glgold. :)

    Welcome to TSG.

    Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version of Java components and upgrade the application. Beware it is NOT supported for use in 9x or ME and probably will not install in those systems

    Ugrading Java:
    • Download the latest version of Java Runtime Environment (JRE) 6 .
    • Scroll down to where it says "The J2SE Runtime Environment (JRE) allows end-users to run Java applications".
    • Click the "Download" button to the right.
    • Check the box that says: "Accept License Agreement".
    • The page will refresh.
    • Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
    • Close any programs you may have running - especially your web browser.
    • Go to Start > Control Panel, double-click on Add/Remove programs and remove all older versions of Java.
    • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
    • Click the Remove or Change/Remove button.
    • Repeat as many times as necessary to remove each Java version.
    • Reboot your computer once all Java components are removed.
    • Then from your desktop double-click on the download to install the newest version.
    Please download VundoFix.exe to your desktop.
    • Double-click VundoFix.exe to run it.
    • You will receive a message saying vundofix will close and re-open in a minute or less. Click OK
    • When VundoFix re-opens, click the Scan for Vundo button.
    • Once it's done scanning, click the Remove Vundo button.
    • You will receive a prompt asking if you want to remove the files, click YES
    • Once you click yes, your desktop will go blank as it starts removing Vundo.
    • When completed, it will prompt that it will shutdown your computer, click OK.
    • Turn your computer back on.
    • Please post the contents of C:\vundofix.txt and a new HiJackThis log.
    Note: It is possible that VundoFix encountered a file it could not remove. In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button" when VundoFix appears at reboot.
     
  3. glgold

    glgold Thread Starter

    Joined:
    Feb 16, 2007
    Messages:
    11
    I am working on the solution you provided but have run into some issues.

    1: I was unable to uninstall previous Java versions because they were not listed in the Uninstall programs list :confused:
    2: After running VundoFix the system rebooted to attempt to delete ddcayyx.dll. It was unable to delete after rebooting. I am rescanning and going to attempt again for a delete.

    Once the VundoFix runs and my system is up I will post the HJT and VundoFix logs
     
  4. glgold

    glgold Thread Starter

    Joined:
    Feb 16, 2007
    Messages:
    11
    Latest HJT an VundoFix logs

    HJT:

    Logfile of HijackThis v1.99.1
    Scan saved at 11:46:07 AM, on 2/16/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16414)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\ActivCard\acachsrv.exe
    C:\Program Files\Common Files\ActivCard\acautoreg.exe
    C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
    C:\WINDOWS\system32\E_S00RP1.EXE
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    C:\Program Files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe
    C:\Program Files\Eset\nod32krn.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\oodag.exe
    C:\WINDOWS\system32\SAgent4.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\msnmsgr.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\system32\devldr32.exe
    C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
    C:\WINDOWS\system32\taskswitch.exe
    C:\Program Files\Eset\nod32kui.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\Program Files\ActivCard\ActivCard Gold\acevtsrv.exe
    C:\WINDOWS\system32\msmsgr.exe
    C:\Program Files\Java\jre1.6.0\bin\jusched.exe
    C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE
    C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE
    C:\KeyPass\KeePass.exe
    C:\Program Files\Windows Media Player\WMPNSCFG.exe
    C:\Program Files\ActivCard\ActivCard Gold\agquickp.exe
    C:\Program Files\Adobe\Acrobat 7.0\Acrobat\acrobat_sl.exe
    C:\Program Files\PowerMenu\PowerMenu.exe
    C:\Program Files\HDDlife\HDDlifePro.exe
    C:\Program Files\SpywareGuard\sgmain.exe
    C:\Program Files\SpywareGuard\sgbhp.exe
    C:\Program Files\Trillian\trillian.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
    O2 - BHO: (no name) - {2FBD6BBB-66EC-4227-A7D5-F5E720F1FBDA} - C:\WINDOWS\system32\geedd.dll (file missing)
    O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
    O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
    O2 - BHO: FiltrateIE Class - {B5D4581D-ED6A-4905-A267-25BAF7BE79C1} - C:\WINDOWS\system32\safeie.dll
    O2 - BHO: (no name) - {B5E77A25-8054-4098-8E1C-487B59FE2D3C} - C:\WINDOWS\system32\ddcayyx.dll
    O2 - BHO: (no name) - {BFF06466-9EEA-4629-B3FB-F1A0256FADAB} - C:\WINDOWS\system32\ssqpq.dll (file missing)
    O2 - BHO: (no name) - {DB3CC9B2-7A6F-4CF5-9C47-3AF67B24F219} - C:\WINDOWS\system32\pmnli.dll (file missing)
    O2 - BHO: (no name) - {E03C740E-BB24-4d3c-B92A-6F84DE1DD99C} - C:\WINDOWS\system32\qisgcatv.dll
    O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll
    O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
    O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
    O3 - Toolbar: Stumble&Upon - {22D003CE-6952-46C5-80B9-D19B479620AB} - C:\WINDOWS\system32\s1927.dll
    O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
    O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [CoolSwitch] C:\WINDOWS\system32\taskswitch.exe
    O4 - HKLM\..\Run: [TkBellExe] rem "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
    O4 - HKLM\..\Run: [HealthMonitor] C:\Program Files\HealthMonitor\Interface.exe
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [EPSON Stylus CX4800 Series (Copy 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE /P35 "EPSON Stylus CX4800 Series (Copy 1)" /O6 "USB002" /M "Stylus CX4800"
    O4 - HKLM\..\Run: [SoundMan] rem SOUNDMAN.EXE
    O4 - HKLM\..\Run: [acEventServ] "C:\Program Files\ActivCard\ActivCard Gold\acevtsrv.exe"
    O4 - HKLM\..\Run: [Microsoft System Firewall 2006.2] msmsgr.exe
    O4 - HKLM\..\Run: [SpyHunter] C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"
    O4 - HKLM\..\RunServices: [Microsoft System Firewall 2006.2] msmsgr.exe
    O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
    O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [WeatherAlarmClock] rem C:\Program Files\Weather Alarm Clock\WeatherAlarmClock.exe
    O4 - HKCU\..\Run: [EPSON Stylus CX4800 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE /P26 "EPSON Stylus CX4800 Series" /M "Stylus CX4800" /EF "HKCU"
    O4 - HKCU\..\Run: [KeePass Password Safe] C:\KeyPass\KeePass.exe
    O4 - HKCU\..\Run: [WallPaper] C:\WALLPA~1.90\WALLPA~1.EXE /h
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - Startup: HDDlife.lnk = C:\Program Files\HDDlife\HDDlifePro.exe
    O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
    O4 - Startup: Trillian.lnk = C:\Program Files\Trillian\trillian.exe
    O4 - Global Startup: ActivCard Gold Smart Card Agent.lnk = C:\Program Files\ActivCard\ActivCard Gold\agquickp.exe
    O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
    O4 - Global Startup: PowerMenu.lnk = C:\Program Files\PowerMenu\PowerMenu.exe
    O8 - Extra context menu item: &Download all by WellGet - C:\Program Files\WellGet\nxall.htm
    O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm
    O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm
    O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Download by &WellGet - C:\Program Files\WellGet\nxcatch.htm
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: StumbleUpon: &Blog This - res://C:\WINDOWS\system32\s1927.dll/blogimage
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
    O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll
    O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll
    O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll
    O9 - Extra button: WellGet - {35980F6E-A258-4E50-953D-813BB8556899} - C:\Program Files\WellGet\WellGet.exe
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
    O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
    O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
    O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra button: Add to TimeLeft Auction Watch - {21196042-830F-419f-A594-F9D456A6C29A} - C:\Program Files\TimeLeft3\TLIntergIE.html (HKCU)
    O9 - Extra 'Tools' menuitem: Add to TimeLeft Auction Watch - {21196042-830F-419f-A594-F9D456A6C29A} - C:\Program Files\TimeLeft3\TLIntergIE.html (HKCU)
    O11 - Options group: [INTERNATIONAL] International*
    O16 - DPF: {0D6709DD-4ED8-40CA-B459-2757AEEF7BEE} (Dldrv2 Control) - http://download.gigabyte.com.tw/object/Dldrv.ocx
    O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.goldenram.com/upgradedetect/upgradedetect.cab?1032
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1169212142984
    O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} - http://www.nick.com/common/groove/gx/GrooveAX27.cab
    O16 - DPF: {814EA0DA-E0D9-4AA4-833C-A1A6D38E79E9} (DASWebDownload Class) - http://das.microsoft.com/activate/cab/x86/i486/NTANSI/retail/DASAct.cab
    O16 - DPF: {82F2D6B2-6C58-4404-A930-9DB0FD90D4B1} (Driver_Detective_v43_Non_Member.DD_v43) - http://www.drivershq.com/cab/prod/Driver_Detective_v43_Non_Member.CAB
    O16 - DPF: {BDEE1959-AB6B-4745-A29B-F492861102CC} -
    O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712...amai.com/6712/player/install3.5/installer.exe
    O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://download.games.yahoo.com/games/web_games/popcap/bejeweled2/popcaploader_v6.cab
    O20 - Winlogon Notify: acAuth - C:\WINDOWS\SYSTEM32\acauth.dll
    O20 - Winlogon Notify: geedd - C:\WINDOWS\system32\geedd.dll (file missing)
    O20 - Winlogon Notify: jkkjk - C:\WINDOWS\system32\jkkjk.dll (file missing)
    O20 - Winlogon Notify: RegCompact - C:\WINDOWS\SYSTEM32\RegCompact.dll
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
    O23 - Service: ActivCard Authentication Service (ACachSrv) - ActivCard - C:\Program Files\Common Files\ActivCard\acachsrv.exe
    O23 - Service: ActivCard Gold Autoregister (acautoreg) - ActivCard S.A. - C:\Program Files\Common Files\ActivCard\acautoreg.exe
    O23 - Service: ActivCard Gold service (Accoca) - ActivCard - C:\Program Files\Common Files\ActivCard\accoca.exe
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
    O23 - Service: EPSON V3 Service2(03) (EPSON_PM_RPCV2_01) - SEIKO EPSON CORPORATION - C:\WINDOWS\system32\E_S00RP1.EXE
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: mental ray 3.5 Satellite (32-bit) (mi-raysat_3dsmax9_32) - Unknown owner - C:\Program Files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe
    O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
    O23 - Service: Epson Printer Status Agent4 (StatusAgent4) - SEIKO EPSON CORPORATION - C:\WINDOWS\system32\SAgent4.exe
    O23 - Service: Windows Server Management Services (WSMSPSVC) - Unknown owner - C:\WINDOWS\msnmsgr.exe

    VundoFix.txt

    VundoFix V6.3.6

    Checking Java version...

    Java version is 1.5.0.2

    Java version is 1.5.0.4

    Java version is 1.5.0.5

    Java version is 1.5.0.6

    Scan started at 9:44:25 AM 2/16/2007

    Listing files found while scanning....

    C:\WINDOWS\system32\cbxxvvs.dll
    C:\WINDOWS\system32\ddcayyx.dll
    C:\WINDOWS\system32\ddcbxww.dll
    C:\WINDOWS\system32\ddcywtt.dll
    C:\WINDOWS\system32\fccdeba.dll
    C:\WINDOWS\system32\fccyvss.dll
    C:\WINDOWS\system32\gebyyvw.dll
    C:\WINDOWS\system32\geedd.dll
    C:\WINDOWS\system32\ilnmp.bak1
    C:\WINDOWS\system32\ilnmp.ini
    C:\WINDOWS\system32\jkkjk.dll
    C:\WINDOWS\system32\pmnli.dll
    C:\WINDOWS\system32\pmnlllj.dll
    C:\WINDOWS\system32\vtusrqp.dll

    Beginning removal...

    Attempting to delete C:\WINDOWS\system32\cbxxvvs.dll
    C:\WINDOWS\system32\cbxxvvs.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\ddcayyx.dll
    C:\WINDOWS\system32\ddcayyx.dll Could not be deleted.

    Attempting to delete C:\WINDOWS\system32\ddcbxww.dll
    C:\WINDOWS\system32\ddcbxww.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\ddcywtt.dll
    C:\WINDOWS\system32\ddcywtt.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\fccdeba.dll
    C:\WINDOWS\system32\fccdeba.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\fccyvss.dll
    C:\WINDOWS\system32\fccyvss.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\gebyyvw.dll
    C:\WINDOWS\system32\gebyyvw.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\ilnmp.bak1
    C:\WINDOWS\system32\ilnmp.bak1 Has been deleted!

    Attempting to delete C:\WINDOWS\system32\ilnmp.ini
    C:\WINDOWS\system32\ilnmp.ini Has been deleted!

    Attempting to delete C:\WINDOWS\system32\pmnli.dll
    C:\WINDOWS\system32\pmnli.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\pmnlllj.dll
    C:\WINDOWS\system32\pmnlllj.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\vtusrqp.dll
    C:\WINDOWS\system32\vtusrqp.dll Has been deleted!

    Performing Repairs to the registry.
    Done!

    Beginning removal...

    Attempting to delete C:\WINDOWS\system32\ddcayyx.dll
    C:\WINDOWS\system32\ddcayyx.dll Could not be deleted.

    Performing Repairs to the registry.
    Done!

    VundoFix V6.3.6

    Checking Java version...

    Java version is 1.5.0.2

    Java version is 1.5.0.4

    Java version is 1.5.0.5

    Java version is 1.5.0.6

    Scan started at 10:43:55 AM 2/16/2007

    Listing files found while scanning....

    C:\WINDOWS\system32\ddcayyx.dll
    C:\WINDOWS\system32\geedd.dll
    C:\WINDOWS\system32\jkkjk.dll
    C:\WINDOWS\system32\qpqss.bak1
    C:\WINDOWS\system32\qpqss.ini
    C:\WINDOWS\system32\ssqpq.dll

    Beginning removal...

    Attempting to delete C:\WINDOWS\system32\ddcayyx.dll
    C:\WINDOWS\system32\ddcayyx.dll Could not be deleted.

    Attempting to delete C:\WINDOWS\system32\qpqss.bak1
    C:\WINDOWS\system32\qpqss.bak1 Has been deleted!

    Attempting to delete C:\WINDOWS\system32\qpqss.ini
    C:\WINDOWS\system32\qpqss.ini Has been deleted!

    Attempting to delete C:\WINDOWS\system32\ssqpq.dll
    C:\WINDOWS\system32\ssqpq.dll Has been deleted!

    Performing Repairs to the registry.
    Done!

    Beginning removal...

    Attempting to delete C:\WINDOWS\system32\ddcayyx.dll
    C:\WINDOWS\system32\ddcayyx.dll Could not be deleted.

    Performing Repairs to the registry.
    Done!

    Beginning removal...
     
  5. JSntgRvr

    JSntgRvr Moderator Malware Specialist

    Joined:
    Jul 1, 2003
    Messages:
    18,552
    First Name:
    José
    Hi, glgold :)

    Download SDFix and save it to your Desktop.

    Double click SDFix.exe and it will extract the files to %systemdrive%
    (Drive that contains the Windows Directory, typically C:\SDFix)

    Please then reboot your computer in Safe Mode by doing the following :
    • Restart your computer
    • After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
    • Instead of Windows loading as normal, the Advanced Options Menu should appear;
    • Select the first option, to run Windows in Safe Mode, then press Enter.
    • Choose your usual account.
    • Open the extracted SDFix folder and double click RunThis.bat to start the script.
    • Type Y to begin the cleanup process.
    • It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
    • Press any Key and it will restart the PC.
    • When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
    • Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
      (Report.txt will also be copied to Clipboard ready for posting back on the forum).
    • Finally paste the contents of the Report.txt back on the forum with a new HijackThis log
     
  6. glgold

    glgold Thread Starter

    Joined:
    Feb 16, 2007
    Messages:
    11
    SDFix: Version 1.65

    Run by: Glenn - Fri 02/16/2007 @ 15:32:01.45

    Microsoft Windows XP [Version 5.1.2600]

    Running From: C:\SDFix

    Safe Mode:
    Checking Services:

    Name:
    WSMSPSVC

    Path:
    "C:\WINDOWS\msnmsgr.exe"

    WSMSPSVC Deleted

    Restoring Windows Registry Entries
    Restoring Default Hosts File


    Rebooting...

    Normal Mode:
    Checking Files:

    Below files will be copied to Backups folder then removed:

    C:\WINDOWS\msnmsgr.exe - Deleted
    C:\WINDOWS\Temp\removalfile.bat - Deleted



    ADS Check:

    C:\WINDOWS\system32
    No streams found.

    Final Check:


    Authorized Application Key Export:

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:mad:xpsp2res.dll,-22019"
    "C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe:*:Enabled:Yahoo! FT Server"
    "C:\\Program Files\\Trillian\\trillian.exe"="C:\\Program Files\\Trillian\\trillian.exe:*:Enabled:Trillian"
    "C:\\Program Files\\Ahead\\Nero\\nero.exe"="C:\\Program Files\\Ahead\\Nero\\nero.exe:*:Enabled:Nero Burning ROM"
    "C:\\Program Files\\Gigabyte\\Gigabyte Windows Utility Manager\\bios\\gwf32.exe"="C:\\Program Files\\Gigabyte\\Gigabyte Windows Utility Manager\\bios\\gwf32.exe:*:Enabled:gwflash"
    "C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe"="C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe:*:Enabled:Connection Manager"
    "C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe"="C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe:*:Enabled:ActiveSync Application"
    "C:\\Program Files\\FlashFXP\\flashfxp.exe"="C:\\Program Files\\FlashFXP\\flashfxp.exe:*:Enabled:FlashFXP v3"
    "C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE"="C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE:*:Disabled:Internet Explorer"
    "C:\\Program Files\\Java\\jre1.5.0_05\\bin\\javaw.exe"="C:\\Program Files\\Java\\jre1.5.0_05\\bin\\javaw.exe:*:Enabled:Java(TM) 2 Platform Standard Edition binary"
    "E:\\Desktop Stuff\\utorrent.exe"="E:\\Desktop Stuff\\utorrent.exe:*:Enabled:utorrent"
    "C:\\Program Files\\Google\\Google Earth Pro\\GoogleEarth.exe"="C:\\Program Files\\Google\\Google Earth Pro\\GoogleEarth.exe:*:Enabled:Google Earth Pro"
    "C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
    "C:\\Program Files\\Opera\\Opera.exe"="C:\\Program Files\\Opera\\Opera.exe:*:Enabled:Opera Internet Browser"
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:mad:xpsp3res.dll,-20000"
    "C:\\Program Files\\Atari\\Neverwinter Nights 2\\nwn2main_amdxp.exe"="C:\\Program Files\\Atari\\Neverwinter Nights 2\\nwn2main_amdxp.exe:*:Enabled:Neverwinter Nights 2 AMD"
    "C:\\Program Files\\Autodesk\\3ds Max 9\\3dsmax.exe"="C:\\Program Files\\Autodesk\\3ds Max 9\\3dsmax.exe:*:Enabled:Autodesk 3ds Max 9 32-bit"
    "C:\\Program Files\\Autodesk\\Backburner\\monitor.exe"="C:\\Program Files\\Autodesk\\Backburner\\monitor.exe:*:Enabled:backburner 2.3 monitor"
    "C:\\Program Files\\Autodesk\\Backburner\\manager.exe"="C:\\Program Files\\Autodesk\\Backburner\\manager.exe:*:Enabled:backburner 2.3 manager"
    "C:\\Program Files\\Autodesk\\Backburner\\server.exe"="C:\\Program Files\\Autodesk\\Backburner\\server.exe:*:Enabled:backburner 2.3 server"
    "C:\\Program Files\\Microsoft Office\\OFFICE11\\OUTLOOK.EXE"="C:\\Program Files\\Microsoft Office\\OFFICE11\\OUTLOOK.EXE:*:Enabled:OUTLOOK.EXE"
    "K:\\utorrent.exe"="K:\\utorrent.exe:*:Enabled:µTorrent"
    "C:\\Program Files\\FlashGet\\flashget.exe"="C:\\Program Files\\FlashGet\\flashget.exe:*:Enabled:Flashget"
    "C:\\Program Files\\REALORE\\Tiny Cars 2\\TinyCars2.exe"="C:\\Program Files\\REALORE\\Tiny Cars 2\\TinyCars2.exe:*:Enabled:TinyCars2"


    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:mad:xpsp2res.dll,-22019"
    "C:\\Program Files\\FlashFXP\\flashfxp.exe"="C:\\Program Files\\FlashFXP\\flashfxp.exe:*:Enabled:FlashFXP v3"
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:mad:xpsp3res.dll,-20000"


    Remaining Files:
    ---------------

    Backups Folder: - C:\SDFix\backups\backups.zip


    Checking For Files with Hidden Attributes :

    C:\Documents and Settings\Glenn\Application Data\rbap450.dll
    C:\Documents and Settings\Glenn\Local Settings\Temp\bfrvyopo.dll
    C:\Documents and Settings\Glenn\Local Settings\Temp\csxbnphg.dll
    C:\Documents and Settings\Glenn\Local Settings\Temp\ddinymka.dll
    C:\Documents and Settings\Glenn\Local Settings\Temp\depyfukr.dll
    C:\Documents and Settings\Glenn\Local Settings\Temp\epmuuocn.dll
    C:\Documents and Settings\Glenn\Local Settings\Temp\fmvyvvas.dll
    C:\Documents and Settings\Glenn\Local Settings\Temp\fyosuvtx.dll
    C:\Documents and Settings\Glenn\Local Settings\Temp\hrqesifi.dll
    C:\Documents and Settings\Glenn\Local Settings\Temp\irudfiof.dll
    C:\Documents and Settings\Glenn\Local Settings\Temp\iwlmqvef.dll
    C:\Documents and Settings\Glenn\Local Settings\Temp\jpogagud.dll
    C:\Documents and Settings\Glenn\Local Settings\Temp\lyusokuc.dll
    C:\Documents and Settings\Glenn\Local Settings\Temp\neupibht.dll
    C:\Documents and Settings\Glenn\Local Settings\Temp\oowuqdhx.dll
    C:\Documents and Settings\Glenn\Local Settings\Temp\ossikxwv.dll
    C:\Documents and Settings\Glenn\Local Settings\Temp\pawfuvtw.dll
    C:\Documents and Settings\Glenn\Local Settings\Temp\pemqbwfc.dll
    C:\Documents and Settings\Glenn\Local Settings\Temp\povwaemj.dll
    C:\Documents and Settings\Glenn\Local Settings\Temp\pxvyllbn.dll
    C:\Documents and Settings\Glenn\Local Settings\Temp\qcbaytfd.dll
    C:\Documents and Settings\Glenn\Local Settings\Temp\rbnjstcf.dll
    C:\Documents and Settings\Glenn\Local Settings\Temp\rgxmndgp.dll
    C:\Documents and Settings\Glenn\Local Settings\Temp\rxbryjbd.dll
    C:\Documents and Settings\Glenn\Local Settings\Temp\sqafgdad.dll
    C:\Documents and Settings\Glenn\Local Settings\Temp\tgdlpwkn.dll
    C:\Documents and Settings\Glenn\Local Settings\Temp\tkwregxi.dll
    C:\Documents and Settings\Glenn\Local Settings\Temp\unbdwyek.dll
    C:\Documents and Settings\Glenn\Local Settings\Temp\uoefknxc.dll
    C:\Documents and Settings\Glenn\Local Settings\Temp\usaevqfr.dll
    C:\Documents and Settings\Glenn\Local Settings\Temp\vcmmlbhc.dll
    C:\Documents and Settings\Glenn\Local Settings\Temp\vluwtkos.dll
    C:\Documents and Settings\Glenn\Local Settings\Temp\wcrqjlya.dll
    C:\Documents and Settings\Glenn\Local Settings\Temp\wdeoupvf.dll
    C:\Documents and Settings\Glenn\Local Settings\Temp\wlwbqpwm.dll
    C:\Documents and Settings\Glenn\Local Settings\Temp\yuwbfmhn.dll
    C:\Documents and Settings\Glenn\Local Settings\Temp\yysewmbl.dll
    C:\Program Files\Passwords\Access Password Recover\APR.dll
    C:\WINDOWS\system32\geebx.dll
    C:\WINDOWS\system32\mllml.dll
    C:\WINDOWS\system32\NTIBUN4.dll
    C:\WINDOWS\system32\NTICDMK7.dll
    C:\WINDOWS\system32\NTIDBD32.dll
    C:\WINDOWS\system32\NTIFCD3.dll
    C:\WINDOWS\system32\NTIMPEG2.dll
    C:\WINDOWS\system32\pmnno.dll
    C:\WINDOWS\system32\ssqrq.dll
    C:\Mobile Devices\IPAQ 3955\Pocket PC\PPC Tool & Security pack\[PocketPC] DVD to Pocket PC v1.0\DVD-to-PPC DEMO\DATA\WMEncoder.exe
    C:\Program Files\Outlook Express\msimn.exe
    C:\WINDOWS\system32\msmsgr.exe
    C:\WINDOWS\system32\KGyGaAvL.sys
    C:\Application Data\Microsoft\Windows\UsrClass.tmp.LOG
    C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp
    C:\Documents and Settings\Glenn\NTUSER.tmp.LOG
    C:\Documents and Settings\LocalService\NTUSER.tmp.LOG
    C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.tmp.LOG
    C:\Documents and Settings\NetworkService\NTUSER.tmp.LOG
    C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.tmp.LOG
    C:\WINDOWS\system32\config\default.tmp.LOG
    C:\WINDOWS\system32\config\SAM.tmp.LOG
    C:\WINDOWS\system32\config\SECURITY.tmp.LOG
    C:\WINDOWS\system32\config\software.tmp.LOG
    C:\WINDOWS\system32\config\system.tmp.LOG

    Finished


    and the HJT log

    Logfile of HijackThis v1.99.1
    Scan saved at 4:04:13 PM, on 2/16/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16414)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\ActivCard\acachsrv.exe
    C:\Program Files\Common Files\ActivCard\acautoreg.exe
    C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
    C:\WINDOWS\system32\E_S00RP1.EXE
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    C:\Program Files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe
    C:\Program Files\Eset\nod32krn.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\oodag.exe
    C:\WINDOWS\system32\SAgent4.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\devldr32.exe
    C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
    C:\WINDOWS\system32\taskswitch.exe
    C:\Program Files\Eset\nod32kui.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\Program Files\ActivCard\ActivCard Gold\acevtsrv.exe
    C:\WINDOWS\system32\msmsgr.exe
    C:\Program Files\Java\jre1.6.0\bin\jusched.exe
    C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE
    C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE
    C:\KeyPass\KeePass.exe
    C:\WALLPA~1.90\WALLPA~1.EXE
    C:\Program Files\Windows Media Player\WMPNSCFG.exe
    C:\Program Files\ActivCard\ActivCard Gold\agquickp.exe
    C:\Program Files\HDDlife\HDDlifePro.exe
    C:\Program Files\SpywareGuard\sgmain.exe
    C:\Program Files\Trillian\trillian.exe
    C:\Program Files\SpywareGuard\sgbhp.exe
    C:\Program Files\Microsoft ActiveSync\WCESMgr.exe
    C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\GPSoftware\Directory Opus\DOpus.exe
    C:\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    O3 - Toolbar: Stumble&Upon - {22D003CE-6952-46C5-80B9-D19B479620AB} - C:\WINDOWS\system32\s1927.dll
    O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
    O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [CoolSwitch] C:\WINDOWS\system32\taskswitch.exe
    O4 - HKLM\..\Run: [TkBellExe] rem "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
    O4 - HKLM\..\Run: [HealthMonitor] C:\Program Files\HealthMonitor\Interface.exe
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [EPSON Stylus CX4800 Series (Copy 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE /P35 "EPSON Stylus CX4800 Series (Copy 1)" /O6 "USB002" /M "Stylus CX4800"
    O4 - HKLM\..\Run: [SoundMan] rem SOUNDMAN.EXE
    O4 - HKLM\..\Run: [acEventServ] "C:\Program Files\ActivCard\ActivCard Gold\acevtsrv.exe"
    O4 - HKLM\..\Run: [Microsoft System Firewall 2006.2] msmsgr.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"
    O4 - HKLM\..\RunServices: [Microsoft System Firewall 2006.2] msmsgr.exe
    O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
    O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [WeatherAlarmClock] rem C:\Program Files\Weather Alarm Clock\WeatherAlarmClock.exe
    O4 - HKCU\..\Run: [EPSON Stylus CX4800 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE /P26 "EPSON Stylus CX4800 Series" /M "Stylus CX4800" /EF "HKCU"
    O4 - HKCU\..\Run: [KeePass Password Safe] C:\KeyPass\KeePass.exe
    O4 - HKCU\..\Run: [WallPaper] C:\WALLPA~1.90\WALLPA~1.EXE /h
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - Startup: HDDlife.lnk = C:\Program Files\HDDlife\HDDlifePro.exe
    O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
    O4 - Startup: Trillian.lnk = C:\Program Files\Trillian\trillian.exe
    O4 - Global Startup: ActivCard Gold Smart Card Agent.lnk = C:\Program Files\ActivCard\ActivCard Gold\agquickp.exe
    O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
    O8 - Extra context menu item: &Download all by WellGet - C:\Program Files\WellGet\nxall.htm
    O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm
    O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm
    O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Download by &WellGet - C:\Program Files\WellGet\nxcatch.htm
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: StumbleUpon: &Blog This - res://C:\WINDOWS\system32\s1927.dll/blogimage
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
    O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll
    O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll
    O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll
    O9 - Extra button: WellGet - {35980F6E-A258-4E50-953D-813BB8556899} - C:\Program Files\WellGet\WellGet.exe
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
    O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
    O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
    O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra button: Add to TimeLeft Auction Watch - {21196042-830F-419f-A594-F9D456A6C29A} - C:\Program Files\TimeLeft3\TLIntergIE.html (HKCU)
    O9 - Extra 'Tools' menuitem: Add to TimeLeft Auction Watch - {21196042-830F-419f-A594-F9D456A6C29A} - C:\Program Files\TimeLeft3\TLIntergIE.html (HKCU)
    O11 - Options group: [INTERNATIONAL] International*
    O16 - DPF: {0D6709DD-4ED8-40CA-B459-2757AEEF7BEE} (Dldrv2 Control) - http://download.gigabyte.com.tw/object/Dldrv.ocx
    O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.goldenram.com/upgradedetect/upgradedetect.cab?1032
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1169212142984
    O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} - http://www.nick.com/common/groove/gx/GrooveAX27.cab
    O16 - DPF: {814EA0DA-E0D9-4AA4-833C-A1A6D38E79E9} (DASWebDownload Class) - http://das.microsoft.com/activate/cab/x86/i486/NTANSI/retail/DASAct.cab
    O16 - DPF: {82F2D6B2-6C58-4404-A930-9DB0FD90D4B1} (Driver_Detective_v43_Non_Member.DD_v43) - http://www.drivershq.com/cab/prod/Driver_Detective_v43_Non_Member.CAB
    O16 - DPF: {BDEE1959-AB6B-4745-A29B-F492861102CC} -
    O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712...amai.com/6712/player/install3.5/installer.exe
    O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://download.games.yahoo.com/games/web_games/popcap/bejeweled2/popcaploader_v6.cab
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
    O23 - Service: ActivCard Authentication Service (ACachSrv) - ActivCard - C:\Program Files\Common Files\ActivCard\acachsrv.exe
    O23 - Service: ActivCard Gold Autoregister (acautoreg) - ActivCard S.A. - C:\Program Files\Common Files\ActivCard\acautoreg.exe
    O23 - Service: ActivCard Gold service (Accoca) - ActivCard - C:\Program Files\Common Files\ActivCard\accoca.exe
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
    O23 - Service: EPSON V3 Service2(03) (EPSON_PM_RPCV2_01) - SEIKO EPSON CORPORATION - C:\WINDOWS\system32\E_S00RP1.EXE
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: mental ray 3.5 Satellite (32-bit) (mi-raysat_3dsmax9_32) - Unknown owner - C:\Program Files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe
    O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
    O23 - Service: Epson Printer Status Agent4 (StatusAgent4) - SEIKO EPSON CORPORATION - C:\WINDOWS\system32\SAgent4.exe
     
  7. JSntgRvr

    JSntgRvr Moderator Malware Specialist

    Joined:
    Jul 1, 2003
    Messages:
    18,552
    First Name:
    José
    Hi, glgold :)

    Please download the OTMoveIt by OldTimer.
    • Save it to your desktop.
    • Please double-click OTMoveIt.exe to run it.
    • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):

      C:\Documents and Settings\Glenn\Local Settings\Temp\bfrvyopo.dll
      C:\Documents and Settings\Glenn\Local Settings\Temp\csxbnphg.dll
      C:\Documents and Settings\Glenn\Local Settings\Temp\ddinymka.dll
      C:\Documents and Settings\Glenn\Local Settings\Temp\depyfukr.dll
      C:\Documents and Settings\Glenn\Local Settings\Temp\epmuuocn.dll
      C:\Documents and Settings\Glenn\Local Settings\Temp\fmvyvvas.dll
      C:\Documents and Settings\Glenn\Local Settings\Temp\fyosuvtx.dll
      C:\Documents and Settings\Glenn\Local Settings\Temp\hrqesifi.dll
      C:\Documents and Settings\Glenn\Local Settings\Temp\irudfiof.dll
      C:\Documents and Settings\Glenn\Local Settings\Temp\iwlmqvef.dll
      C:\Documents and Settings\Glenn\Local Settings\Temp\jpogagud.dll
      C:\Documents and Settings\Glenn\Local Settings\Temp\lyusokuc.dll
      C:\Documents and Settings\Glenn\Local Settings\Temp\neupibht.dll
      C:\Documents and Settings\Glenn\Local Settings\Temp\oowuqdhx.dll
      C:\Documents and Settings\Glenn\Local Settings\Temp\ossikxwv.dll
      C:\Documents and Settings\Glenn\Local Settings\Temp\pawfuvtw.dll
      C:\Documents and Settings\Glenn\Local Settings\Temp\pemqbwfc.dll
      C:\Documents and Settings\Glenn\Local Settings\Temp\povwaemj.dll
      C:\Documents and Settings\Glenn\Local Settings\Temp\pxvyllbn.dll
      C:\Documents and Settings\Glenn\Local Settings\Temp\qcbaytfd.dll
      C:\Documents and Settings\Glenn\Local Settings\Temp\rbnjstcf.dll
      C:\Documents and Settings\Glenn\Local Settings\Temp\rgxmndgp.dll
      C:\Documents and Settings\Glenn\Local Settings\Temp\rxbryjbd.dll
      C:\Documents and Settings\Glenn\Local Settings\Temp\sqafgdad.dll
      C:\Documents and Settings\Glenn\Local Settings\Temp\tgdlpwkn.dll
      C:\Documents and Settings\Glenn\Local Settings\Temp\tkwregxi.dll
      C:\Documents and Settings\Glenn\Local Settings\Temp\unbdwyek.dll
      C:\Documents and Settings\Glenn\Local Settings\Temp\uoefknxc.dll
      C:\Documents and Settings\Glenn\Local Settings\Temp\usaevqfr.dll
      C:\Documents and Settings\Glenn\Local Settings\Temp\vcmmlbhc.dll
      C:\Documents and Settings\Glenn\Local Settings\Temp\vluwtkos.dll
      C:\Documents and Settings\Glenn\Local Settings\Temp\wcrqjlya.dll
      C:\Documents and Settings\Glenn\Local Settings\Temp\wdeoupvf.dll
      C:\Documents and Settings\Glenn\Local Settings\Temp\wlwbqpwm.dll
      C:\Documents and Settings\Glenn\Local Settings\Temp\yuwbfmhn.dll
      C:\Documents and Settings\Glenn\Local Settings\Temp\yysewmbl.dll
      C:\WINDOWS\system32\geebx.dll
      C:\WINDOWS\system32\mllml.dll
      C:\WINDOWS\system32\pmnno.dll
      C:\WINDOWS\system32\ssqrq.dll
      C:\WINDOWS\system32\msmsgr.exe
      C:\WINDOWS\system32\ddcayyx.dll


    • Return to OTMoveIt, right click on the "Paste List of Files/Folders to be moved" window and choose Paste.
    • Click the red Moveit! button.
    • Copy everything on the Results window to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it on your next reply.
    • Close OTMoveIt
    If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

    Please also run Vundofix once again and post its report.
     
  8. glgold

    glgold Thread Starter

    Joined:
    Feb 16, 2007
    Messages:
    11
    OTMoveIt Results:

    LoadLibrary failed for C:\Documents and Settings\Glenn\Local Settings\Temp\bfrvyopo.dll
    C:\Documents and Settings\Glenn\Local Settings\Temp\bfrvyopo.dll NOT unregistered.
    C:\Documents and Settings\Glenn\Local Settings\Temp\bfrvyopo.dll moved successfully.
    LoadLibrary failed for C:\Documents and Settings\Glenn\Local Settings\Temp\csxbnphg.dll
    C:\Documents and Settings\Glenn\Local Settings\Temp\csxbnphg.dll NOT unregistered.
    C:\Documents and Settings\Glenn\Local Settings\Temp\csxbnphg.dll moved successfully.
    LoadLibrary failed for C:\Documents and Settings\Glenn\Local Settings\Temp\ddinymka.dll
    C:\Documents and Settings\Glenn\Local Settings\Temp\ddinymka.dll NOT unregistered.
    C:\Documents and Settings\Glenn\Local Settings\Temp\ddinymka.dll moved successfully.
    LoadLibrary failed for C:\Documents and Settings\Glenn\Local Settings\Temp\depyfukr.dll
    C:\Documents and Settings\Glenn\Local Settings\Temp\depyfukr.dll NOT unregistered.
    C:\Documents and Settings\Glenn\Local Settings\Temp\depyfukr.dll moved successfully.
    LoadLibrary failed for C:\Documents and Settings\Glenn\Local Settings\Temp\epmuuocn.dll
    C:\Documents and Settings\Glenn\Local Settings\Temp\epmuuocn.dll NOT unregistered.
    C:\Documents and Settings\Glenn\Local Settings\Temp\epmuuocn.dll moved successfully.
    LoadLibrary failed for C:\Documents and Settings\Glenn\Local Settings\Temp\fmvyvvas.dll
    C:\Documents and Settings\Glenn\Local Settings\Temp\fmvyvvas.dll NOT unregistered.
    C:\Documents and Settings\Glenn\Local Settings\Temp\fmvyvvas.dll moved successfully.
    LoadLibrary failed for C:\Documents and Settings\Glenn\Local Settings\Temp\fyosuvtx.dll
    C:\Documents and Settings\Glenn\Local Settings\Temp\fyosuvtx.dll NOT unregistered.
    C:\Documents and Settings\Glenn\Local Settings\Temp\fyosuvtx.dll moved successfully.
    LoadLibrary failed for C:\Documents and Settings\Glenn\Local Settings\Temp\hrqesifi.dll
    C:\Documents and Settings\Glenn\Local Settings\Temp\hrqesifi.dll NOT unregistered.
    C:\Documents and Settings\Glenn\Local Settings\Temp\hrqesifi.dll moved successfully.
    LoadLibrary failed for C:\Documents and Settings\Glenn\Local Settings\Temp\irudfiof.dll
    C:\Documents and Settings\Glenn\Local Settings\Temp\irudfiof.dll NOT unregistered.
    C:\Documents and Settings\Glenn\Local Settings\Temp\irudfiof.dll moved successfully.
    LoadLibrary failed for C:\Documents and Settings\Glenn\Local Settings\Temp\iwlmqvef.dll
    C:\Documents and Settings\Glenn\Local Settings\Temp\iwlmqvef.dll NOT unregistered.
    C:\Documents and Settings\Glenn\Local Settings\Temp\iwlmqvef.dll moved successfully.
    LoadLibrary failed for C:\Documents and Settings\Glenn\Local Settings\Temp\jpogagud.dll
    C:\Documents and Settings\Glenn\Local Settings\Temp\jpogagud.dll NOT unregistered.
    C:\Documents and Settings\Glenn\Local Settings\Temp\jpogagud.dll moved successfully.
    LoadLibrary failed for C:\Documents and Settings\Glenn\Local Settings\Temp\lyusokuc.dll
    C:\Documents and Settings\Glenn\Local Settings\Temp\lyusokuc.dll NOT unregistered.
    C:\Documents and Settings\Glenn\Local Settings\Temp\lyusokuc.dll moved successfully.
    LoadLibrary failed for C:\Documents and Settings\Glenn\Local Settings\Temp\neupibht.dll
    C:\Documents and Settings\Glenn\Local Settings\Temp\neupibht.dll NOT unregistered.
    C:\Documents and Settings\Glenn\Local Settings\Temp\neupibht.dll moved successfully.
    LoadLibrary failed for C:\Documents and Settings\Glenn\Local Settings\Temp\oowuqdhx.dll
    C:\Documents and Settings\Glenn\Local Settings\Temp\oowuqdhx.dll NOT unregistered.
    C:\Documents and Settings\Glenn\Local Settings\Temp\oowuqdhx.dll moved successfully.
    LoadLibrary failed for C:\Documents and Settings\Glenn\Local Settings\Temp\ossikxwv.dll
    C:\Documents and Settings\Glenn\Local Settings\Temp\ossikxwv.dll NOT unregistered.
    C:\Documents and Settings\Glenn\Local Settings\Temp\ossikxwv.dll moved successfully.
    LoadLibrary failed for C:\Documents and Settings\Glenn\Local Settings\Temp\pawfuvtw.dll
    C:\Documents and Settings\Glenn\Local Settings\Temp\pawfuvtw.dll NOT unregistered.
    C:\Documents and Settings\Glenn\Local Settings\Temp\pawfuvtw.dll moved successfully.
    LoadLibrary failed for C:\Documents and Settings\Glenn\Local Settings\Temp\pemqbwfc.dll
    C:\Documents and Settings\Glenn\Local Settings\Temp\pemqbwfc.dll NOT unregistered.
    C:\Documents and Settings\Glenn\Local Settings\Temp\pemqbwfc.dll moved successfully.
    LoadLibrary failed for C:\Documents and Settings\Glenn\Local Settings\Temp\povwaemj.dll
    C:\Documents and Settings\Glenn\Local Settings\Temp\povwaemj.dll NOT unregistered.
    C:\Documents and Settings\Glenn\Local Settings\Temp\povwaemj.dll moved successfully.
    LoadLibrary failed for C:\Documents and Settings\Glenn\Local Settings\Temp\pxvyllbn.dll
    C:\Documents and Settings\Glenn\Local Settings\Temp\pxvyllbn.dll NOT unregistered.
    C:\Documents and Settings\Glenn\Local Settings\Temp\pxvyllbn.dll moved successfully.
    LoadLibrary failed for C:\Documents and Settings\Glenn\Local Settings\Temp\qcbaytfd.dll
    C:\Documents and Settings\Glenn\Local Settings\Temp\qcbaytfd.dll NOT unregistered.
    C:\Documents and Settings\Glenn\Local Settings\Temp\qcbaytfd.dll moved successfully.
    LoadLibrary failed for C:\Documents and Settings\Glenn\Local Settings\Temp\rbnjstcf.dll
    C:\Documents and Settings\Glenn\Local Settings\Temp\rbnjstcf.dll NOT unregistered.
    C:\Documents and Settings\Glenn\Local Settings\Temp\rbnjstcf.dll moved successfully.
    LoadLibrary failed for C:\Documents and Settings\Glenn\Local Settings\Temp\rgxmndgp.dll
    C:\Documents and Settings\Glenn\Local Settings\Temp\rgxmndgp.dll NOT unregistered.
    C:\Documents and Settings\Glenn\Local Settings\Temp\rgxmndgp.dll moved successfully.
    LoadLibrary failed for C:\Documents and Settings\Glenn\Local Settings\Temp\rxbryjbd.dll
    C:\Documents and Settings\Glenn\Local Settings\Temp\rxbryjbd.dll NOT unregistered.
    C:\Documents and Settings\Glenn\Local Settings\Temp\rxbryjbd.dll moved successfully.
    LoadLibrary failed for C:\Documents and Settings\Glenn\Local Settings\Temp\sqafgdad.dll
    C:\Documents and Settings\Glenn\Local Settings\Temp\sqafgdad.dll NOT unregistered.
    C:\Documents and Settings\Glenn\Local Settings\Temp\sqafgdad.dll moved successfully.
    LoadLibrary failed for C:\Documents and Settings\Glenn\Local Settings\Temp\tgdlpwkn.dll
    C:\Documents and Settings\Glenn\Local Settings\Temp\tgdlpwkn.dll NOT unregistered.
    C:\Documents and Settings\Glenn\Local Settings\Temp\tgdlpwkn.dll moved successfully.
    LoadLibrary failed for C:\Documents and Settings\Glenn\Local Settings\Temp\tkwregxi.dll
    C:\Documents and Settings\Glenn\Local Settings\Temp\tkwregxi.dll NOT unregistered.
    C:\Documents and Settings\Glenn\Local Settings\Temp\tkwregxi.dll moved successfully.
    LoadLibrary failed for C:\Documents and Settings\Glenn\Local Settings\Temp\unbdwyek.dll
    C:\Documents and Settings\Glenn\Local Settings\Temp\unbdwyek.dll NOT unregistered.
    C:\Documents and Settings\Glenn\Local Settings\Temp\unbdwyek.dll moved successfully.
    LoadLibrary failed for C:\Documents and Settings\Glenn\Local Settings\Temp\uoefknxc.dll
    C:\Documents and Settings\Glenn\Local Settings\Temp\uoefknxc.dll NOT unregistered.
    C:\Documents and Settings\Glenn\Local Settings\Temp\uoefknxc.dll moved successfully.
    LoadLibrary failed for C:\Documents and Settings\Glenn\Local Settings\Temp\usaevqfr.dll
    C:\Documents and Settings\Glenn\Local Settings\Temp\usaevqfr.dll NOT unregistered.
    C:\Documents and Settings\Glenn\Local Settings\Temp\usaevqfr.dll moved successfully.
    LoadLibrary failed for C:\Documents and Settings\Glenn\Local Settings\Temp\vcmmlbhc.dll
    C:\Documents and Settings\Glenn\Local Settings\Temp\vcmmlbhc.dll NOT unregistered.
    C:\Documents and Settings\Glenn\Local Settings\Temp\vcmmlbhc.dll moved successfully.
    LoadLibrary failed for C:\Documents and Settings\Glenn\Local Settings\Temp\vluwtkos.dll
    C:\Documents and Settings\Glenn\Local Settings\Temp\vluwtkos.dll NOT unregistered.
    C:\Documents and Settings\Glenn\Local Settings\Temp\vluwtkos.dll moved successfully.
    LoadLibrary failed for C:\Documents and Settings\Glenn\Local Settings\Temp\wcrqjlya.dll
    C:\Documents and Settings\Glenn\Local Settings\Temp\wcrqjlya.dll NOT unregistered.
    C:\Documents and Settings\Glenn\Local Settings\Temp\wcrqjlya.dll moved successfully.
    LoadLibrary failed for C:\Documents and Settings\Glenn\Local Settings\Temp\wdeoupvf.dll
    C:\Documents and Settings\Glenn\Local Settings\Temp\wdeoupvf.dll NOT unregistered.
    C:\Documents and Settings\Glenn\Local Settings\Temp\wdeoupvf.dll moved successfully.
    LoadLibrary failed for C:\Documents and Settings\Glenn\Local Settings\Temp\wlwbqpwm.dll
    C:\Documents and Settings\Glenn\Local Settings\Temp\wlwbqpwm.dll NOT unregistered.
    C:\Documents and Settings\Glenn\Local Settings\Temp\wlwbqpwm.dll moved successfully.
    LoadLibrary failed for C:\Documents and Settings\Glenn\Local Settings\Temp\yuwbfmhn.dll
    C:\Documents and Settings\Glenn\Local Settings\Temp\yuwbfmhn.dll NOT unregistered.
    C:\Documents and Settings\Glenn\Local Settings\Temp\yuwbfmhn.dll moved successfully.
    LoadLibrary failed for C:\Documents and Settings\Glenn\Local Settings\Temp\yysewmbl.dll
    C:\Documents and Settings\Glenn\Local Settings\Temp\yysewmbl.dll NOT unregistered.
    C:\Documents and Settings\Glenn\Local Settings\Temp\yysewmbl.dll moved successfully.
    DllUnregisterServer procedure not found in C:\WINDOWS\system32\geebx.dll
    C:\WINDOWS\system32\geebx.dll NOT unregistered.
    C:\WINDOWS\system32\geebx.dll moved successfully.
    DllUnregisterServer procedure not found in C:\WINDOWS\system32\mllml.dll
    C:\WINDOWS\system32\mllml.dll NOT unregistered.
    File move failed. C:\WINDOWS\system32\mllml.dll scheduled to be moved on reboot.
    DllUnregisterServer procedure not found in C:\WINDOWS\system32\pmnno.dll
    C:\WINDOWS\system32\pmnno.dll NOT unregistered.
    C:\WINDOWS\system32\pmnno.dll moved successfully.
    DllUnregisterServer procedure not found in C:\WINDOWS\system32\ssqrq.dll
    C:\WINDOWS\system32\ssqrq.dll NOT unregistered.
    C:\WINDOWS\system32\ssqrq.dll moved successfully.
    C:\WINDOWS\system32\msmsgr.exe moved successfully.
    DllUnregisterServer procedure not found in C:\WINDOWS\system32\ddcayyx.dll
    C:\WINDOWS\system32\ddcayyx.dll NOT unregistered.
    C:\WINDOWS\system32\ddcayyx.dll moved successfully.

    Created on 02/16/2007 21:25:25
     
  9. JSntgRvr

    JSntgRvr Moderator Malware Specialist

    Joined:
    Jul 1, 2003
    Messages:
    18,552
    First Name:
    José
    Hi, glgold :)

    Run Vundofix again and post the report.
     
  10. glgold

    glgold Thread Starter

    Joined:
    Feb 16, 2007
    Messages:
    11
    Did not think you would reply before VundoFix finished its run. No failed messages this time around. I am adding the info from the latest Vundo run.

    VundoFix V6.3.6

    Checking Java version...

    Java version is 1.5.0.2

    Java version is 1.5.0.4

    Java version is 1.5.0.5

    Java version is 1.5.0.6

    Scan started at 9:36:17 PM 2/16/2007

    Listing files found while scanning....

    C:\WINDOWS\system32\awtqp.dll
    C:\WINDOWS\system32\geedd.dll
    C:\WINDOWS\system32\jkkjk.dll
    C:\WINDOWS\system32\lmllm.bak1
    C:\WINDOWS\system32\lmllm.ini
    C:\WINDOWS\system32\mllml.dll

    Beginning removal...

    Attempting to delete C:\WINDOWS\system32\lmllm.bak1
    C:\WINDOWS\system32\lmllm.bak1 Has been deleted!

    Attempting to delete C:\WINDOWS\system32\lmllm.ini
    C:\WINDOWS\system32\lmllm.ini Has been deleted!

    Attempting to delete C:\WINDOWS\system32\mllml.dll
    C:\WINDOWS\system32\mllml.dll Has been deleted!

    Performing Repairs to the registry.
    Done!

    Also the latest HJT Log.

    Logfile of HijackThis v1.99.1
    Scan saved at 10:46:18 PM, on 2/16/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16414)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Common Files\ActivCard\acachsrv.exe
    C:\Program Files\Common Files\ActivCard\acautoreg.exe
    C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
    C:\WINDOWS\system32\E_S00RP1.EXE
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    C:\Program Files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe
    C:\Program Files\Eset\nod32krn.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\oodag.exe
    C:\WINDOWS\system32\SAgent4.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\devldr32.exe
    C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
    C:\WINDOWS\system32\taskswitch.exe
    C:\Program Files\Eset\nod32kui.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\Program Files\ActivCard\ActivCard Gold\acevtsrv.exe
    C:\Program Files\Java\jre1.6.0\bin\jusched.exe
    C:\Program Files\D4\D4.exe
    C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE
    C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE
    C:\KeyPass\KeePass.exe
    C:\WALLPA~1.90\WALLPA~1.EXE
    C:\Program Files\Windows Media Player\WMPNSCFG.exe
    C:\Program Files\ActivCard\ActivCard Gold\agquickp.exe
    C:\Program Files\HDDlife\HDDlifePro.exe
    C:\Program Files\SpywareGuard\sgmain.exe
    C:\Program Files\Trillian\trillian.exe
    C:\Program Files\SpywareGuard\sgbhp.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\GPSoftware\Directory Opus\DOpus.exe
    C:\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {19635695-A687-470C-A542-E913D2A30A76} - C:\WINDOWS\system32\awtqp.dll (file missing)
    O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
    O2 - BHO: (no name) - {2FBD6BBB-66EC-4227-A7D5-F5E720F1FBDA} - C:\WINDOWS\system32\geedd.dll (file missing)
    O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
    O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
    O2 - BHO: FiltrateIE Class - {B5D4581D-ED6A-4905-A267-25BAF7BE79C1} - C:\WINDOWS\system32\safeie.dll
    O2 - BHO: (no name) - {B5E77A25-8054-4098-8E1C-487B59FE2D3C} - C:\WINDOWS\system32\ddcayyx.dll (file missing)
    O2 - BHO: (no name) - {BFF06466-9EEA-4629-B3FB-F1A0256FADAB} - C:\WINDOWS\system32\ssqpq.dll (file missing)
    O2 - BHO: (no name) - {C144D039-587D-4828-B95F-165CB94912E6} - C:\WINDOWS\system32\mllml.dll (file missing)
    O2 - BHO: (no name) - {DB3CC9B2-7A6F-4CF5-9C47-3AF67B24F219} - C:\WINDOWS\system32\pmnli.dll (file missing)
    O2 - BHO: (no name) - {dcf3fcf5-69e0-4e4b-b398-92bcac2dec92} - C:\WINDOWS\system32\accmsp.dll
    O2 - BHO: (no name) - {E03C740E-BB24-4d3c-B92A-6F84DE1DD99C} - C:\WINDOWS\system32\qisgcatv.dll
    O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll
    O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
    O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
    O3 - Toolbar: Stumble&Upon - {22D003CE-6952-46C5-80B9-D19B479620AB} - C:\WINDOWS\system32\s1927.dll
    O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
    O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [CoolSwitch] C:\WINDOWS\system32\taskswitch.exe
    O4 - HKLM\..\Run: [TkBellExe] rem "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
    O4 - HKLM\..\Run: [HealthMonitor] C:\Program Files\HealthMonitor\Interface.exe
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [EPSON Stylus CX4800 Series (Copy 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE /P35 "EPSON Stylus CX4800 Series (Copy 1)" /O6 "USB002" /M "Stylus CX4800"
    O4 - HKLM\..\Run: [SoundMan] rem SOUNDMAN.EXE
    O4 - HKLM\..\Run: [acEventServ] "C:\Program Files\ActivCard\ActivCard Gold\acevtsrv.exe"
    O4 - HKLM\..\Run: [Microsoft System Firewall 2006.2] msmsgr.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"
    O4 - HKLM\..\Run: [Dimension4] C:\Program Files\D4\D4.exe
    O4 - HKLM\..\RunServices: [Microsoft System Firewall 2006.2] msmsgr.exe
    O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
    O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [WeatherAlarmClock] rem C:\Program Files\Weather Alarm Clock\WeatherAlarmClock.exe
    O4 - HKCU\..\Run: [EPSON Stylus CX4800 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE /P26 "EPSON Stylus CX4800 Series" /M "Stylus CX4800" /EF "HKCU"
    O4 - HKCU\..\Run: [KeePass Password Safe] C:\KeyPass\KeePass.exe
    O4 - HKCU\..\Run: [WallPaper] C:\WALLPA~1.90\WALLPA~1.EXE /h
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - Startup: HDDlife.lnk = C:\Program Files\HDDlife\HDDlifePro.exe
    O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
    O4 - Startup: Trillian.lnk = C:\Program Files\Trillian\trillian.exe
    O4 - Global Startup: ActivCard Gold Smart Card Agent.lnk = C:\Program Files\ActivCard\ActivCard Gold\agquickp.exe
    O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
    O8 - Extra context menu item: &Download all by WellGet - C:\Program Files\WellGet\nxall.htm
    O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm
    O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm
    O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Download by &WellGet - C:\Program Files\WellGet\nxcatch.htm
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: StumbleUpon: &Blog This - res://C:\WINDOWS\system32\s1927.dll/blogimage
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
    O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll
    O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll
    O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll
    O9 - Extra button: WellGet - {35980F6E-A258-4E50-953D-813BB8556899} - C:\Program Files\WellGet\WellGet.exe
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
    O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
    O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
    O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra button: Add to TimeLeft Auction Watch - {21196042-830F-419f-A594-F9D456A6C29A} - C:\Program Files\TimeLeft3\TLIntergIE.html (HKCU)
    O9 - Extra 'Tools' menuitem: Add to TimeLeft Auction Watch - {21196042-830F-419f-A594-F9D456A6C29A} - C:\Program Files\TimeLeft3\TLIntergIE.html (HKCU)
    O11 - Options group: [INTERNATIONAL] International*
    O16 - DPF: {0D6709DD-4ED8-40CA-B459-2757AEEF7BEE} (Dldrv2 Control) - http://download.gigabyte.com.tw/object/Dldrv.ocx
    O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.goldenram.com/upgradedetect/upgradedetect.cab?1032
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1169212142984
    O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} - http://www.nick.com/common/groove/gx/GrooveAX27.cab
    O16 - DPF: {814EA0DA-E0D9-4AA4-833C-A1A6D38E79E9} (DASWebDownload Class) - http://das.microsoft.com/activate/cab/x86/i486/NTANSI/retail/DASAct.cab
    O16 - DPF: {82F2D6B2-6C58-4404-A930-9DB0FD90D4B1} (Driver_Detective_v43_Non_Member.DD_v43) - http://www.drivershq.com/cab/prod/Driver_Detective_v43_Non_Member.CAB
    O16 - DPF: {BDEE1959-AB6B-4745-A29B-F492861102CC} -
    O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712...amai.com/6712/player/install3.5/installer.exe
    O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://download.games.yahoo.com/games/web_games/popcap/bejeweled2/popcaploader_v6.cab
    O20 - Winlogon Notify: acAuth - C:\WINDOWS\SYSTEM32\acauth.dll
    O20 - Winlogon Notify: accmsp - C:\WINDOWS\SYSTEM32\accmsp.dll
    O20 - Winlogon Notify: awtqp - C:\WINDOWS\system32\awtqp.dll (file missing)
    O20 - Winlogon Notify: geedd - C:\WINDOWS\system32\geedd.dll (file missing)
    O20 - Winlogon Notify: jkkjk - C:\WINDOWS\system32\jkkjk.dll (file missing)
    O20 - Winlogon Notify: RegCompact - C:\WINDOWS\SYSTEM32\RegCompact.dll
    O20 - Winlogon Notify: ssqrq - C:\WINDOWS\system32\ssqrq.dll (file missing)
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
    O23 - Service: ActivCard Authentication Service (ACachSrv) - ActivCard - C:\Program Files\Common Files\ActivCard\acachsrv.exe
    O23 - Service: ActivCard Gold Autoregister (acautoreg) - ActivCard S.A. - C:\Program Files\Common Files\ActivCard\acautoreg.exe
    O23 - Service: ActivCard Gold service (Accoca) - ActivCard - C:\Program Files\Common Files\ActivCard\accoca.exe
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
    O23 - Service: EPSON V3 Service2(03) (EPSON_PM_RPCV2_01) - SEIKO EPSON CORPORATION - C:\WINDOWS\system32\E_S00RP1.EXE
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: mental ray 3.5 Satellite (32-bit) (mi-raysat_3dsmax9_32) - Unknown owner - C:\Program Files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe
    O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
    O23 - Service: Epson Printer Status Agent4 (StatusAgent4) - SEIKO EPSON CORPORATION - C:\WINDOWS\system32\SAgent4.exe
     
  11. JSntgRvr

    JSntgRvr Moderator Malware Specialist

    Joined:
    Jul 1, 2003
    Messages:
    18,552
    First Name:
    José
    Hi, glgold :)

    Please re-open HiJackThis and scan. Check the boxes next to all the entries listed below.

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    O2 - BHO: (no name) - {19635695-A687-470C-A542-E913D2A30A76} - C:\WINDOWS\system32\awtqp.dll (file missing)
    O2 - BHO: (no name) - {2FBD6BBB-66EC-4227-A7D5-F5E720F1FBDA} - C:\WINDOWS\system32\geedd.dll (file missing)
    O2 - BHO: (no name) - {B5E77A25-8054-4098-8E1C-487B59FE2D3C} - C:\WINDOWS\system32\ddcayyx.dll (file missing)
    O2 - BHO: (no name) - {BFF06466-9EEA-4629-B3FB-F1A0256FADAB} - C:\WINDOWS\system32\ssqpq.dll (file missing)
    O2 - BHO: (no name) - {C144D039-587D-4828-B95F-165CB94912E6} - C:\WINDOWS\system32\mllml.dll (file missing)
    O2 - BHO: (no name) - {DB3CC9B2-7A6F-4CF5-9C47-3AF67B24F219} - C:\WINDOWS\system32\pmnli.dll (file missing)
    O2 - BHO: (no name) - {dcf3fcf5-69e0-4e4b-b398-92bcac2dec92} - C:\WINDOWS\system32\accmsp.dll
    O2 - BHO: (no name) - {E03C740E-BB24-4d3c-B92A-6F84DE1DD99C} - C:\WINDOWS\system32\qisgcatv.dll
    O4 - HKLM\..\Run: [Microsoft System Firewall 2006.2] msmsgr.exe
    O4 - HKLM\..\RunServices: [Microsoft System Firewall 2006.2] msmsgr.exe
    O20 - Winlogon Notify: acAuth - C:\WINDOWS\SYSTEM32\acauth.dll
    O20 - Winlogon Notify: accmsp - C:\WINDOWS\SYSTEM32\accmsp.dll
    O20 - Winlogon Notify: awtqp - C:\WINDOWS\system32\awtqp.dll (file missing)
    O20 - Winlogon Notify: geedd - C:\WINDOWS\system32\geedd.dll (file missing)
    O20 - Winlogon Notify: jkkjk - C:\WINDOWS\system32\jkkjk.dll (file missing)
    O20 - Winlogon Notify: ssqrq - C:\WINDOWS\system32\ssqrq.dll (file missing)


    Now close all windows and browsers, other than HiJackThis, then click Fix Checked.

    Close Hijackthis.
    • Please double-click OTMoveIt.exe to run it.
    • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):

      C:\WINDOWS\system32\awtqp.dll
      C:\WINDOWS\system32\geedd.dll
      C:\WINDOWS\system32\jkkjk.dll
      C:\WINDOWS\system32\qisgcatv.dll
      C:\WINDOWS\system32\accmsp.dll
      C:\WINDOWS\system32\msmsgr.exe
      C:\WINDOWS\SYSTEM32\acauth.dll


    • Return to OTMoveIt, right click on the "Paste List of Files/Folders to be moved" window and choose Paste.
    • Click the red Moveit! button.
      • If able, copy everything on the Results window to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it on a note pad document. Save it on the desktop and post its contents in your next reply.
    • Close OTMoveIt
    If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

    Download CWShredder here to its own folder.

    Update CWShredder

    * Open CWShredder and click I AGREE
    * Click Check For Update
    * Close CWShredder

    [​IMG]Please download ATF Cleaner by Atribune.
    This program is for XP and Windows 2000 only

    • Double-click ATF-Cleaner.exe to run the program.
      Under Main choose: Select All
      Click the Empty Selected button.
    If you use Firefox browser
    • Click Firefox at the top and choose: Select All
      Click the Empty Selected button.
      NOTE: If you would like to keep your saved passwords, please click No at the prompt.
    If you use Opera browser
    • Click Opera at the top and choose: Select All
      Click the Empty Selected button.
      NOTE: If you would like to keep your saved passwords, please click No at the prompt.
    Click Exit on the Main menu to close the program.
    For Technical Support, double-click the e-mail address located at the bottom of each menu.

    [​IMG]Download AVG Anti-Spyware from HERE and save that file to your desktop.
    This is a 30 day trial of the program
    1. Once you have downloaded AVG Anti-Spyware, locate the icon on the desktop and double-click it to launch the set up program.
    2. Once the setup is complete you will need run AVG Anti-Spyware and update the definition files.
    3. On the main screen select the icon "Update" then select the "Update now" link.
      • Next select the "Start Update" button, the update will start and a progress bar will show the updates being installed.
    4. Once the update has completed select the "Scanner" icon at the top of the screen, then select the "Settings" tab.
    5. Once in the Settings screen click on "Recommended actions" and then select "Quarantine".
    6. Under "Reports"
      • Select "Automatically generate report after every scan"
      • Un-Select "Only if threats were found"
    Close AVG Anti-Spyware, Do Not run a scan just yet, we will shortly

    Now copy these instructions to notepad and save them to your desktop. You will need them to refer to in safe mode.

    Boot into Safe Mode:

    Restart your computer and as soon as it starts booting up again continuously tap F8. A menu should come up where you will be given the option to enter Safe Mode.

    Perform the following steps in safe mode:

    Run the CWShredder. Click I Agree, then Fix and then Next, let it fix everything it asks about.

    Close the Shredder.


    1. IMPORTANT: Do not open any other windows or programs while AVG Anti-Spyware is scanning, it may interfere with the scanning proccess:
    2. Lauch AVG Anti-Spyware by double-clicking the icon on your desktop.
    3. Select the "Scanner" icon at the top and then the "Scan" tab then click on "Complete System Scan".
    4. AVG Anti-Spyware will now begin the scanning process, be patient this may take a little time.
      Once the scan is complete do the following:
    5. If you have any infections you will prompted, then select "Apply all actions"
    6. Next select the "Reports" icon at the top.
    7. Select the "Save report as" button in the lower left hand of the screen and save it to a text file on your system (make sure to remember where you saved that file, this is important).
    8. Close AVG Anti-Spyware .
    Restart back into Windows normally now.

    Please go HERE to run Panda's ActiveScan
    • Once you are on the Panda site click the Scan your PC button
    • A new window will open...click the Check Now button
    • Enter your Country
    • Enter your State/Province
    • Enter your e-mail address and click send
    • Select either Home User or Company
    • Click the big Scan Now button
    • If it wants to install an ActiveX component allow it
    • It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
    • When download is complete, click on My Computer to start the scan
    • When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location.
    Post a fresh Hijackthis log along with the AVG Anti-spyware and ActiveScan reports.
     
  12. glgold

    glgold Thread Starter

    Joined:
    Feb 16, 2007
    Messages:
    11
    Latest Runs: btw the accmsp and acauth files were part of the ActiveCard sotware for my Card Reader. No Active Scan report available. 3 times I ran it and 3 times it closed out partway through the scan

    CWShredder==================

    File/Folder C:\WINDOWS\system32\awtqp.dll not found.
    File/Folder C:\WINDOWS\system32\geedd.dll not found.
    File/Folder C:\WINDOWS\system32\jkkjk.dll not found.
    File/Folder C:\WINDOWS\system32\qisgcatv.dll not found.
    DllUnregisterServer procedure not found in C:\WINDOWS\system32\accmsp.dll
    C:\WINDOWS\system32\accmsp.dll NOT unregistered.
    File move failed. C:\WINDOWS\system32\accmsp.dll scheduled to be moved on reboot.
    File/Folder C:\WINDOWS\system32\msmsgr.exe not found.
    DllUnregisterServer procedure not found in C:\WINDOWS\SYSTEM32\acauth.dll
    C:\WINDOWS\SYSTEM32\acauth.dll NOT unregistered.
    C:\WINDOWS\SYSTEM32\acauth.dll moved successfully.

    Created on 02/17/2007 22:00:31

    AVG Scan============
    ---------------------------------------------------------
    AVG Anti-Spyware - Scan Report
    ---------------------------------------------------------

    + Created at: 12:01:28 AM 2/18/2007

    + Scan result:



    HKU\S-1-5-21-1004336348-1958367476-725345543-1004\Software\Internet Security -> Adware.Generic : Cleaned with backup (quarantined).
    C:\Program Files\Common Files\Real\WeatherBug\MiniBugTransporter.dll -> Adware.Minibug : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{936975EF-AFF1-4B5C-96F9-5B84E1A6E768}\RP65\A0028122.dll -> Adware.Virtumonde : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{936975EF-AFF1-4B5C-96F9-5B84E1A6E768}\RP65\A0028123.dll -> Adware.Virtumonde : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{936975EF-AFF1-4B5C-96F9-5B84E1A6E768}\RP65\A0028124.dll -> Adware.Virtumonde : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{936975EF-AFF1-4B5C-96F9-5B84E1A6E768}\RP65\A0028125.dll -> Adware.Virtumonde : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{936975EF-AFF1-4B5C-96F9-5B84E1A6E768}\RP65\A0028126.dll -> Adware.Virtumonde : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{936975EF-AFF1-4B5C-96F9-5B84E1A6E768}\RP65\A0028127.dll -> Adware.Virtumonde : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{936975EF-AFF1-4B5C-96F9-5B84E1A6E768}\RP65\A0028129.dll -> Adware.Virtumonde : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{936975EF-AFF1-4B5C-96F9-5B84E1A6E768}\RP65\A0028130.dll -> Adware.Virtumonde : Cleaned with backup (quarantined).
    C:\VundoFix Backups\cbxxvvs.dll.bad -> Adware.Virtumonde : Cleaned with backup (quarantined).
    C:\VundoFix Backups\ddcayyx.dll.bad -> Adware.Virtumonde : Cleaned with backup (quarantined).
    C:\VundoFix Backups\ddcbxww.dll.bad -> Adware.Virtumonde : Cleaned with backup (quarantined).
    C:\VundoFix Backups\ddcywtt.dll.bad -> Adware.Virtumonde : Cleaned with backup (quarantined).
    C:\VundoFix Backups\fccdeba.dll.bad -> Adware.Virtumonde : Cleaned with backup (quarantined).
    C:\VundoFix Backups\fccyvss.dll.bad -> Adware.Virtumonde : Cleaned with backup (quarantined).
    C:\VundoFix Backups\gebyyvw.dll.bad -> Adware.Virtumonde : Cleaned with backup (quarantined).
    C:\VundoFix Backups\pmnlllj.dll.bad -> Adware.Virtumonde : Cleaned with backup (quarantined).
    C:\VundoFix Backups\vtusrqp.dll.bad -> Adware.Virtumonde : Cleaned with backup (quarantined).
    C:\_OTMoveIt\MovedFiles\WINDOWS\system32\ddcayyx.dll -> Adware.Virtumonde : Cleaned with backup (quarantined).
    E:\System Volume Information\_restore{936975EF-AFF1-4B5C-96F9-5B84E1A6E768}\RP39\A0010580.exe -> Downloader.Adload.do : Cleaned with backup (quarantined).
    K:\D&D Holding Cell\Not on Port Drive\generators\character\ddcc3+5.exe -> Downloader.Adload.do : Cleaned with backup (quarantined).
    K:\D&D Holding Cell\Not on Port Drive\generators\character\toolsdl_char_gen.zip/ddcc3+5.exe -> Downloader.Adload.do : Cleaned with backup (quarantined).
    E:\System Volume Information\_restore{936975EF-AFF1-4B5C-96F9-5B84E1A6E768}\RP39\A0008767.exe -> Not-A-Virus.PSWTool.Win32.PassView.162 : Cleaned with backup (quarantined).
    K:\Here\Apps\Burning Software\Padus DiskJuggler\DiscJuggler3.00.780-DTU.zip/pducrack.exe -> Not-A-Virus.VirTool.Win32.AvSpoffer.a : Cleaned with backup (quarantined).
    K:\Here\Apps\Burning Software\Padus DiskJuggler\DiskJuggler3.00.790.zip/pducrack.exe -> Not-A-Virus.VirTool.Win32.AvSpoffer.a : Cleaned with backup (quarantined).
    K:\eDonkey2000\Reflexive Games and universal KG.zip/Reflexive Crackers+Keygens_All what you need to crack reflexive.rar/Reflexive Patcher.exe -> Not-A-Virus.VirTool.Win32.AvSpoffer.a : Cleaned with backup (quarantined).
    :mozilla.6:C:\Documents and Settings\All Users\Application Data\Mozilla\Profiles\Default User\0985d1x0.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned.
    :mozilla.7:C:\Documents and Settings\All Users\Application Data\Mozilla\Profiles\Default User\0985d1x0.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned.
    :mozilla.253:C:\Documents and Settings\Glenn\Application Data\Mozilla\Firefox\Profiles\svuqgu3m.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
    :mozilla.254:C:\Documents and Settings\Glenn\Application Data\Mozilla\Firefox\Profiles\svuqgu3m.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
    :mozilla.255:C:\Documents and Settings\Glenn\Application Data\Mozilla\Firefox\Profiles\svuqgu3m.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
    :mozilla.256:C:\Documents and Settings\Glenn\Application Data\Mozilla\Firefox\Profiles\svuqgu3m.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
    :mozilla.30:C:\Documents and Settings\All Users\Documents\Mozilla\Firefox\Profiles\svuqgu3m.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
    :mozilla.643:C:\Documents and Settings\All Users\Documents\Mozilla\Firefox\Profiles\svuqgu3m.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
    :mozilla.628:C:\Documents and Settings\Glenn\Application Data\Mozilla\Firefox\Profiles\svuqgu3m.default\cookies.txt -> TrackingCookie.Adjuggler : Cleaned.
    :mozilla.629:C:\Documents and Settings\Glenn\Application Data\Mozilla\Firefox\Profiles\svuqgu3m.default\cookies.txt -> TrackingCookie.Adjuggler : Cleaned.
    :mozilla.533:C:\Documents and Settings\All Users\Documents\Mozilla\Firefox\Profiles\svuqgu3m.default\cookies.txt -> TrackingCookie.Admarketplace : Cleaned.
    :mozilla.208:C:\Documents and Settings\All Users\Documents\Mozilla\Firefox\Profiles\svuqgu3m.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
    :mozilla.612:C:\Documents and Settings\All Users\Application Data\Mozilla\Firefox\Profiles\default.fnq\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
    :mozilla.613:C:\Documents and Settings\All Users\Application Data\Mozilla\Firefox\Profiles\default.fnq\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
    :mozilla.614:C:\Documents and Settings\All Users\Application Data\Mozilla\Firefox\Profiles\default.fnq\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
    :mozilla.123:C:\Documents and Settings\nota\Application Data\Mozilla\Firefox\Profiles\cy2u54jq.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
    :mozilla.129:C:\Documents and Settings\nota\Application Data\Mozilla\Firefox\Profiles\cy2u54jq.default\cookies.txt -> TrackingCookie.Bluestreak : Cleaned.
    :mozilla.131:C:\Documents and Settings\nota\Application Data\Mozilla\Firefox\Profiles\cy2u54jq.default\cookies.txt -> TrackingCookie.Burstbeacon : Cleaned.
    :mozilla.130:C:\Documents and Settings\nota\Application Data\Mozilla\Firefox\Profiles\cy2u54jq.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
    :mozilla.151:C:\Documents and Settings\Glenn\Application Data\Mozilla\Firefox\Profiles\svuqgu3m.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
    :mozilla.648:C:\Documents and Settings\Glenn\Application Data\Mozilla\Firefox\Profiles\svuqgu3m.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
    :mozilla.106:C:\Documents and Settings\All Users\Documents\Mozilla\Firefox\Profiles\svuqgu3m.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
    :mozilla.107:C:\Documents and Settings\All Users\Documents\Mozilla\Firefox\Profiles\svuqgu3m.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
    :mozilla.108:C:\Documents and Settings\All Users\Documents\Mozilla\Firefox\Profiles\svuqgu3m.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
    :mozilla.110:C:\Documents and Settings\All Users\Documents\Mozilla\Firefox\Profiles\svuqgu3m.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
    :mozilla.511:C:\Documents and Settings\All Users\Application Data\Mozilla\Firefox\Profiles\default.fnq\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
    :mozilla.512:C:\Documents and Settings\All Users\Application Data\Mozilla\Firefox\Profiles\default.fnq\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
    :mozilla.513:C:\Documents and Settings\All Users\Application Data\Mozilla\Firefox\Profiles\default.fnq\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
    :mozilla.514:C:\Documents and Settings\All Users\Application Data\Mozilla\Firefox\Profiles\default.fnq\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
    :mozilla.56:C:\Documents and Settings\nota\Application Data\Mozilla\Firefox\Profiles\cy2u54jq.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
    :mozilla.57:C:\Documents and Settings\nota\Application Data\Mozilla\Firefox\Profiles\cy2u54jq.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
    :mozilla.28:C:\Documents and Settings\All Users\Documents\Mozilla\Firefox\Profiles\svuqgu3m.default\cookies.txt -> TrackingCookie.Clickhype : Cleaned.
    :mozilla.569:C:\Documents and Settings\Glenn\Application Data\Mozilla\Firefox\Profiles\svuqgu3m.default\cookies.txt -> TrackingCookie.Clickhype : Cleaned.
    :mozilla.307:C:\Documents and Settings\Glenn\Application Data\Mozilla\Firefox\Profiles\svuqgu3m.default\cookies.txt -> TrackingCookie.Clickzs : Cleaned.
    :mozilla.308:C:\Documents and Settings\Glenn\Application Data\Mozilla\Firefox\Profiles\svuqgu3m.default\cookies.txt -> TrackingCookie.Clickzs : Cleaned.
    :mozilla.701:C:\Documents and Settings\All Users\Application Data\Mozilla\Firefox\Profiles\default.fnq\cookies.txt -> TrackingCookie.Clickzs : Cleaned.
    :mozilla.704:C:\Documents and Settings\All Users\Application Data\Mozilla\Firefox\Profiles\default.fnq\cookies.txt -> TrackingCookie.Clickzs : Cleaned.
    :mozilla.139:C:\Documents and Settings\Glenn\Application Data\Mozilla\Firefox\Profiles\svuqgu3m.default\cookies.txt -> TrackingCookie.Com : Cleaned.
    :mozilla.13:C:\Documents and Settings\nota\Application Data\Mozilla\Firefox\Profiles\cy2u54jq.default\cookies.txt -> TrackingCookie.Com : Cleaned.
    :mozilla.140:C:\Documents and Settings\Glenn\Application Data\Mozilla\Firefox\Profiles\svuqgu3m.default\cookies.txt -> TrackingCookie.Com : Cleaned.
    :mozilla.14:C:\Documents and Settings\nota\Application Data\Mozilla\Firefox\Profiles\cy2u54jq.default\cookies.txt -> TrackingCookie.Com : Cleaned.
    :mozilla.191:C:\Documents and Settings\All Users\Application Data\Mozilla\Firefox\Profiles\default.fnq\cookies.txt -> TrackingCookie.Com : Cleaned.
    :mozilla.192:C:\Documents and Settings\All Users\Application Data\Mozilla\Firefox\Profiles\default.fnq\cookies.txt -> TrackingCookie.Com : Cleaned.
    :mozilla.265:C:\Documents and Settings\All Users\Documents\Mozilla\Firefox\Profiles\svuqgu3m.default\cookies.txt -> TrackingCookie.Com : Cleaned.
    :mozilla.266:C:\Documents and Settings\All Users\Documents\Mozilla\Firefox\Profiles\svuqgu3m.default\cookies.txt -> TrackingCookie.Com : Cleaned.
    :mozilla.267:C:\Documents and Settings\All Users\Documents\Mozilla\Firefox\Profiles\svuqgu3m.default\cookies.txt -> TrackingCookie.Com : Cleaned.
    :mozilla.58:C:\Documents and Settings\nota\Application Data\Mozilla\Firefox\Profiles\cy2u54jq.default\cookies.txt -> TrackingCookie.Com : Cleaned.
    :mozilla.79:C:\Documents and Settings\Glenn\Application Data\Mozilla\Firefox\Profiles\svuqgu3m.default\cookies.txt -> TrackingCookie.Com : Cleaned.
    :mozilla.81:C:\Documents and Settings\Glenn\Application Data\Mozilla\Firefox\Profiles\svuqgu3m.default\cookies.txt -> TrackingCookie.Com : Cleaned.
    :mozilla.82:C:\Documents and Settings\Glenn\Application Data\Mozilla\Firefox\Profiles\svuqgu3m.default\cookies.txt -> TrackingCookie.Com : Cleaned.
    :mozilla.83:C:\Documents and Settings\Glenn\Application Data\Mozilla\Firefox\Profiles\svuqgu3m.default\cookies.txt -> TrackingCookie.Com : Cleaned.
    :mozilla.84:C:\Documents and Settings\Glenn\Application Data\Mozilla\Firefox\Profiles\svuqgu3m.default\cookies.txt -> TrackingCookie.Com : Cleaned.
    :mozilla.340:C:\Documents and Settings\All Users\Application Data\Mozilla\Firefox\Profiles\default.fnq\cookies.txt -> TrackingCookie.Counted : Cleaned.
    :mozilla.302:C:\Documents and Settings\Glenn\Application Data\Mozilla\Firefox\Profiles\svuqgu3m.default\cookies.txt -> TrackingCookie.Cpvfeed : Cleaned.
    :mozilla.303:C:\Documents and Settings\Glenn\Application Data\Mozilla\Firefox\Profiles\svuqgu3m.default\cookies.txt -> TrackingCookie.Cpvfeed : Cleaned.
    :mozilla.304:C:\Documents and Settings\Glenn\Application Data\Mozilla\Firefox\Profiles\svuqgu3m.default\cookies.txt -> TrackingCookie.Cpvfeed : Cleaned.
    :mozilla.305:C:\Documents and Settings\Glenn\Application Data\Mozilla\Firefox\Profiles\svuqgu3m.default\cookies.txt -> TrackingCookie.Cpvfeed : Cleaned.
    :mozilla.245:C:\Documents and Settings\All Users\Documents\Mozilla\Firefox\Profiles\svuqgu3m.default\cookies.txt -> TrackingCookie.Enhance : Cleaned.
    :mozilla.301:C:\Documents and Settings\All Users\Application Data\Mozilla\Firefox\Profiles\default.fnq\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
    :mozilla.302:C:\Documents and Settings\All Users\Application Data\Mozilla\Firefox\Profiles\default.fnq\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
    :mozilla.303:C:\Documents and Settings\All Users\Application Data\Mozilla\Firefox\Profiles\default.fnq\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
    :mozilla.304:C:\Documents and Settings\All Users\Application Data\Mozilla\Firefox\Profiles\default.fnq\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
    :mozilla.305:C:\Documents and Settings\All Users\Application Data\Mozilla\Firefox\Profiles\default.fnq\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
    :mozilla.306:C:\Documents and Settings\All Users\Application Data\Mozilla\Firefox\Profiles\default.fnq\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
    :mozilla.307:C:\Documents and Settings\All Users\Application Data\Mozilla\Firefox\Profiles\default.fnq\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
    :mozilla.322:C:\Documents and Settings\Glenn\Application Data\Mozilla\Firefox\Profiles\svuqgu3m.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
    :mozilla.323:C:\Documents and Settings\Glenn\Application Data\Mozilla\Firefox\Profiles\svuqgu3m.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
    :mozilla.328:C:\Documents and Settings\All Users\Application Data\Mozilla\Firefox\Profiles\default.fnq\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
    :mozilla.329:C:\Documents and Settings\All Users\Application Data\Mozilla\Firefox\Profiles\default.fnq\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
    :mozilla.32:C:\Documents and Settings\Glenn\Application Data\Mozilla\Firefox\Profiles\svuqgu3m.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
    :mozilla.330:C:\Documents and Settings\All Users\Application Data\Mozilla\Firefox\Profiles\default.fnq\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
    :mozilla.481:C:\Documents and Settings\All Users\Application Data\Mozilla\Firefox\Profiles\default.fnq\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
    :mozilla.522:C:\Documents and Settings\All Users\Documents\Mozilla\Firefox\Profiles\svuqgu3m.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
    :mozilla.534:C:\Documents and Settings\All Users\Application Data\Mozilla\Firefox\Profiles\default.fnq\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
    :mozilla.537:C:\Documents and Settings\All Users\Documents\Mozilla\Firefox\Profiles\svuqgu3m.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
    :mozilla.538:C:\Documents and Settings\All Users\Documents\Mozilla\Firefox\Profiles\svuqgu3m.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
    :mozilla.539:C:\Documents and Settings\All Users\Documents\Mozilla\Firefox\Profiles\svuqgu3m.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
    :mozilla.550:C:\Documents and Settings\All Users\Documents\Mozilla\Firefox\Profiles\svuqgu3m.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
    :mozilla.551:C:\Documents and Settings\All Users\Application Data\Mozilla\Firefox\Profiles\default.fnq\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
    :mozilla.559:C:\Documents and Settings\All Users\Documents\Mozilla\Firefox\Profiles\svuqgu3m.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
    :mozilla.560:C:\Documents and Settings\All Users\Documents\Mozilla\Firefox\Profiles\svuqgu3m.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
    :mozilla.563:C:\Documents and Settings\All Users\Documents\Mozilla\Firefox\Profiles\svuqgu3m.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
    :mozilla.564:C:\Documents and Settings\All Users\Documents\Mozilla\Firefox\Profiles\svuqgu3m.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
    :mozilla.571:C:\Documents and Settings\All Users\Documents\Mozilla\Firefox\Profiles\svuqgu3m.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
    :mozilla.572:C:\Documents and Settings\All Users\Documents\Mozilla\Firefox\Profiles\svuqgu3m.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
    :mozilla.573:C:\Documents and Settings\All Users\Documents\Mozilla\Firefox\Profiles\svuqgu3m.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
    :mozilla.574:C:\Documents and Settings\All Users\Documents\Mozilla\Firefox\Profiles\svuqgu3m.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
    :mozilla.575:C:\Documents and Settings\All Users\Documents\Mozilla\Firefox\Profiles\svuqgu3m.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
    :mozilla.577:C:\Documents and Settings\All Users\Application Data\Mozilla\Firefox\Profiles\default.fnq\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
    :mozilla.578:C:\Documents and Settings\All Users\Application Data\Mozilla\Firefox\Profiles\default.fnq\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
    :mozilla.580:C:\Documents and Settings\All Users\Documents\Mozilla\Firefox\Profiles\svuqgu3m.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
    :mozilla.588:C:\Documents and Settings\All Users\Application Data\Mozilla\Firefox\Profiles\default.fnq\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
    :mozilla.612:C:\Documents and Settings\All Users\Documents\Mozilla\Firefox\Profiles\svuqgu3m.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
    :mozilla.641:C:\Documents and Settings\All Users\Documents\Mozilla\Firefox\Profiles\svuqgu3m.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
    :mozilla.691:C:\Documents and Settings\All Users\Documents\Mozilla\Firefox\Profiles\svuqgu3m.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
    :mozilla.696:C:\Documents and Settings\All Users\Documents\Mozilla\Firefox\Profiles\svuqgu3m.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
    :mozilla.724:C:\Documents and Settings\All Users\Documents\Mozilla\Firefox\Profiles\svuqgu3m.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
    :mozilla.777:C:\Documents and Settings\All Users\Application Data\Mozilla\Firefox\Profiles\default.fnq\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
    :mozilla.778:C:\Documents and Settings\All Users\Application Data\Mozilla\Firefox\Profiles\default.fnq\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
    :mozilla.780:C:\Documents and Settings\All Users\Documents\Mozilla\Firefox\Profiles\svuqgu3m.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
    :mozilla.78:C:\Documents and Settings\nota\Application Data\Mozilla\Firefox\Profiles\cy2u54jq.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
    :mozilla.819:C:\Documents and Settings\All Users\Application Data\Mozilla\Firefox\Profiles\default.fnq\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
    :mozilla.82:C:\Documents and Settings\nota\Application Data\Mozilla\Firefox\Profiles\cy2u54jq.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
    :mozilla.832:C:\Documents and Settings\All Users\Application Data\Mozilla\Firefox\Profiles\default.fnq\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
    :mozilla.833:C:\Documents and Settings\All Users\Application Data\Mozilla\Firefox\Profiles\default.fnq\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
    :mozilla.835:C:\Documents and Settings\All Users\Application Data\Mozilla\Firefox\Profiles\default.fnq\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
    :mozilla.83:C:\Documents and Settings\nota\Application Data\Mozilla\Firefox\Profiles\cy2u54jq.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
    :mozilla.852:C:\Documents and Settings\All Users\Documents\Mozilla\Firefox\Profiles\svuqgu3m.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
    :mozilla.860:C:\Documents and Settings\All Users\Documents\Mozilla\Firefox\Profiles\svuqgu3m.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
    :mozilla.861:C:\Documents and Settings\All Users\Documents\Mozilla\Firefox\Profiles\svuqgu3m.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
    :mozilla.904:C:\Documents and Settings\All Users\Application Data\Mozilla\Firefox\Profiles\default.fnq\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
    :mozilla.96:C:\Documents and Settings\nota\Application Data\Mozilla\Firefox\Profiles\cy2u54jq.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
    :mozilla.258:C:\Documents and Settings\Glenn\Application Data\Mozilla\Firefox\Profiles\svuqgu3m.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
    :mozilla.259:C:\Documents and Settings\Glenn\Application Data\Mozilla\Firefox\Profiles\svuqgu3m.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
    :mozilla.260:C:\Documents and Settings\Glenn\Application Data\Mozilla\Firefox\Profiles\svuqgu3m.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
    :mozilla.261:C:\Documents and Settings\Glenn\Application Data\Mozilla\Firefox\Profiles\svuqgu3m.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
    :mozilla.302:C:\Documents and Settings\All Users\Documents\Mozilla\Firefox\Profiles\svuqgu3m.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
    :mozilla.31:C:\Documents and Settings\All Users\Documents\Mozilla\Firefox\Profiles\svuqgu3m.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
    :mozilla.32:C:\Documents and Settings\All Users\Documents\Mozilla\Firefox\Profiles\svuqgu3m.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
    :mozilla.33:C:\Documents and Settings\All Users\Documents\Mozilla\Firefox\Profiles\svuqgu3m.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
    :mozilla.34:C:\Documents and Settings\All Users\Documents\Mozilla\Firefox\Profiles\svuqgu3m.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
    :mozilla.35:C:\Documents and Settings\All Users\Documents\Mozilla\Firefox\Profiles\svuqgu3m.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
    :mozilla.37:C:\Documents and Settings\All Users\Application Data\Mozilla\Firefox\Profiles\default.fnq\cookies.txt -> TrackingCookie.Falkag : Cleaned.
    :mozilla.37:C:\Documents and Settings\nota\Application Data\Mozilla\Firefox\Profiles\cy2u54jq.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
    :mozilla.39:C:\Documents and Settings\All Users\Application Data\Mozilla\Firefox\Profiles\default.fnq\cookies.txt -> TrackingCookie.Falkag : Cleaned.
    :mozilla.43:C:\Documents and Settings\All Users\Application Data\Mozilla\Firefox\Profiles\default.fnq\cookies.txt -> TrackingCookie.Falkag : Cleaned.
    :mozilla.44:C:\Documents and Settings\All Users\Application Data\Mozilla\Firefox\Profiles\default.fnq\cookies.txt -> TrackingCookie.Falkag : Cleaned.
    :mozilla.45:C:\Documents and Settings\All Users\Application Data\Mozilla\Firefox\Profiles\default.fnq\cookies.txt -> TrackingCookie.Falkag : Cleaned.
    :mozilla.46:C:\Documents and Settings\All Users\Application Data\Mozilla\Firefox\Profiles\default.fnq\cookies.txt -> TrackingCookie.Falkag : Cleaned.
    :mozilla.491:C:\Documents and Settings\All Users\Application Data\Mozilla\Firefox\Profiles\default.fnq\cookies.txt -> TrackingCookie.Falkag : Cleaned.
    :mozilla.492:C:\Documents and Settings\All Users\Application Data\Mozilla\Firefox\Profiles\default.fnq\cookies.txt -> TrackingCookie.Falkag : Cleaned.
    :mozilla.127:C:\Documents and Settings\nota\Application Data\Mozilla\Firefox\Profiles\cy2u54jq.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
     
  13. glgold

    glgold Thread Starter

    Joined:
    Feb 16, 2007
    Messages:
    11
    :mozilla.794:C:\Documents and Settings\All Users\Documents\Mozilla\Firefox\Profiles\svuqgu3m.default\cookies.txt -> TrackingCookie.Goclick : Cleaned.
    :mozilla.795:C:\Documents and Settings\All Users\Documents\Mozilla\Firefox\Profiles\svuqgu3m.default\cookies.txt -> TrackingCookie.Goclick : Cleaned.
    :mozilla.108:C:\Documents and Settings\nota\Application Data\Mozilla\Firefox\Profiles\cy2u54jq.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
    :mozilla.423:C:\Documents and Settings\All Users\Application Data\Mozilla\Firefox\Profiles\default.fnq\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
    :mozilla.457:C:\Documents and Settings\All Users\Documents\Mozilla\Firefox\Profiles\svuqgu3m.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
    :mozilla.469:C:\Documents and Settings\All Users\Documents\Mozilla\Firefox\Profiles\svuqgu3m.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
    :mozilla.720:C:\Documents and Settings\Glenn\Application Data\Mozilla\Firefox\Profiles\svuqgu3m.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
    :mozilla.99:C:\Documents and Settings\All Users\Documents\Mozilla\Firefox\Profiles\svuqgu3m.default\cookies.txt -> TrackingCookie.Information : Cleaned.
    :mozilla.925:C:\Documents and Settings\All Users\Application Data\Mozilla\Firefox\Profiles\default.fnq\cookies.txt -> TrackingCookie.Ivwbox : Cleaned.
    :mozilla.62:C:\Documents and Settings\All Users\Application Data\Mozilla\Profiles\default\d1scyk55.slt\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
    :mozilla.630:C:\Documents and Settings\Glenn\Application Data\Mozilla\Firefox\Profiles\svuqgu3m.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
    :mozilla.631:C:\Documents and Settings\Glenn\Application Data\Mozilla\Firefox\Profiles\svuqgu3m.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
    :mozilla.632:C:\Documents and Settings\Glenn\Application Data\Mozilla\Firefox\Profiles\svuqgu3m.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
    :mozilla.637:C:\Documents and Settings\Glenn\Application Data\Mozilla\Firefox\Profiles\svuqgu3m.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
    :mozilla.638:C:\Documents and Settings\Glenn\Application Data\Mozilla\Firefox\Profiles\svuqgu3m.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
    :mozilla.639:C:\Documents and Settings\Glenn\Application Data\Mozilla\Firefox\Profiles\svuqgu3m.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
    :mozilla.63:C:\Documents and Settings\All Users\Application Data\Mozilla\Profiles\default\d1scyk55.slt\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
    :mozilla.640:C:\Documents and Settings\Glenn\Application Data\Mozilla\Firefox\Profiles\svuqgu3m.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
    :mozilla.64:C:\Documents and Settings\All Users\Application Data\Mozilla\Profiles\default\d1scyk55.slt\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
    :mozilla.839:C:\Documents and Settings\All Users\Documents\Mozilla\Firefox\Profiles\svuqgu3m.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
    :mozilla.840:C:\Documents and Settings\All Users\Documents\Mozilla\Firefox\Profiles\svuqgu3m.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
    :mozilla.719:C:\Documents and Settings\All Users\Documents\Mozilla\Firefox\Profiles\svuqgu3m.default\cookies.txt -> TrackingCookie.Masterstats : Cleaned.
    :mozilla.673:C:\Documents and Settings\All Users\Application Data\Mozilla\Firefox\Profiles\default.fnq\cookies.txt -> TrackingCookie.Myaffiliateprogram : Cleaned.
    :mozilla.121:C:\Documents and Settings\nota\Application Data\Mozilla\Firefox\Profiles\cy2u54jq.default\cookies.txt -> TrackingCookie.Onestat : Cleaned.
    :mozilla.122:C:\Documents and Settings\nota\Application Data\Mozilla\Firefox\Profiles\cy2u54jq.default\cookies.txt -> TrackingCookie.Onestat : Cleaned.
    :mozilla.239:C:\Documents and Settings\All Users\Application Data\Mozilla\Firefox\Profiles\default.fnq\cookies.txt -> TrackingCookie.Onestat : Cleaned.
    :mozilla.240:C:\Documents and Settings\All Users\Application Data\Mozilla\Firefox\Profiles\default.fnq\cookies.txt -> TrackingCookie.Onestat : Cleaned.
    :mozilla.241:C:\Documents and Settings\All Users\Application Data\Mozilla\Firefox\Profiles\default.fnq\cookies.txt -> TrackingCookie.Onestat : Cleaned.
    :mozilla.242:C:\Documents and Settings\All Users\Application Data\Mozilla\Firefox\Profiles\default.fnq\cookies.txt -> TrackingCookie.Onestat : Cleaned.
    :mozilla.243:C:\Documents and Settings\All Users\Application Data\Mozilla\Firefox\Profiles\default.fnq\cookies.txt -> TrackingCookie.Onestat : Cleaned.
    :mozilla.244:C:\Documents and Settings\All Users\Application Data\Mozilla\Firefox\Profiles\default.fnq\cookies.txt -> TrackingCookie.Onestat : Cleaned.
    :mozilla.245:C:\Documents and Settings\All Users\Application Data\Mozilla\Firefox\Profiles\default.fnq\cookies.txt -> TrackingCookie.Onestat : Cleaned.
    :mozilla.246:C:\Documents and Settings\All Users\Application Data\Mozilla\Firefox\Profiles\default.fnq\cookies.txt -> TrackingCookie.Onestat : Cleaned.
    :mozilla.331:C:\Documents and Settings\All Users\Documents\Mozilla\Firefox\Profiles\svuqgu3m.default\cookies.txt -> TrackingCookie.Onestat : Cleaned.
    :mozilla.332:C:\Documents and Settings\All Users\Documents\Mozilla\Firefox\Profiles\svuqgu3m.default\cookies.txt -> TrackingCookie.Onestat : Cleaned.
    :mozilla.333:C:\Documents and Settings\All Users\Documents\Mozilla\Firefox\Profiles\svuqgu3m.default\cookies.txt -> TrackingCookie.Onestat : Cleaned.
    :mozilla.334:C:\Documents and Settings\All Users\Documents\Mozilla\Firefox\Profiles\svuqgu3m.default\cookies.txt -> TrackingCookie.Onestat : Cleaned.
    :mozilla.335:C:\Documents and Settings\All Users\Documents\Mozilla\Firefox\Profiles\svuqgu3m.default\cookies.txt -> TrackingCookie.Onestat : Cleaned.
    :mozilla.336:C:\Documents and Settings\All Users\Documents\Mozilla\Firefox\Profiles\svuqgu3m.default\cookies.txt -> TrackingCookie.Onestat : Cleaned.
    :mozilla.764:C:\Documents and Settings\All Users\Application Data\Mozilla\Firefox\Profiles\default.fnq\cookies.txt -> TrackingCookie.Pro-market : Cleaned.
    :mozilla.765:C:\Documents and Settings\All Users\Application Data\Mozilla\Firefox\Profiles\default.fnq\cookies.txt -> TrackingCookie.Pro-market : Cleaned.
    :mozilla.209:C:\Documents and Settings\All Users\Documents\Mozilla\Firefox\Profiles\svuqgu3m.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
    :mozilla.210:C:\Documents and Settings\All Users\Documents\Mozilla\Firefox\Profiles\svuqgu3m.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
    :mozilla.211:C:\Documents and Settings\All Users\Documents\Mozilla\Firefox\Profiles\svuqgu3m.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
    :mozilla.212:C:\Documents and Settings\All Users\Documents\Mozilla\Firefox\Profiles\svuqgu3m.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
    :mozilla.213:C:\Documents and Settings\All Users\Documents\Mozilla\Firefox\Profiles\svuqgu3m.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
    :mozilla.86:C:\Documents and Settings\All Users\Application Data\Mozilla\Firefox\Profiles\default.fnq\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
    :mozilla.318:C:\Documents and Settings\All Users\Application Data\Mozilla\Firefox\Profiles\default.fnq\cookies.txt -> TrackingCookie.Revenue : Cleaned.
    :mozilla.11:C:\Documents and Settings\All Users\Application Data\Mozilla\Profiles\Default User\0985d1x0.slt\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
    :mozilla.12:C:\Documents and Settings\All Users\Application Data\Mozilla\Profiles\Default User\0985d1x0.slt\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
    :mozilla.13:C:\Documents and Settings\All Users\Application Data\Mozilla\Profiles\Default User\0985d1x0.slt\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
    :mozilla.205:C:\Documents and Settings\All Users\Application Data\Mozilla\Firefox\Profiles\default.fnq\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
    :mozilla.206:C:\Documents and Settings\All Users\Application Data\Mozilla\Firefox\Profiles\default.fnq\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
    :mozilla.207:C:\Documents and Settings\All Users\Application Data\Mozilla\Firefox\Profiles\default.fnq\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
    :mozilla.208:C:\Documents and Settings\All Users\Application Data\Mozilla\Firefox\Profiles\default.fnq\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
    :mozilla.246:C:\Documents and Settings\All Users\Documents\Mozilla\Firefox\Profiles\svuqgu3m.default\cookies.txt -> TrackingCookie.Sitestat : Cleaned.
    :mozilla.247:C:\Documents and Settings\All Users\Documents\Mozilla\Firefox\Profiles\svuqgu3m.default\cookies.txt -> TrackingCookie.Sitestat : Cleaned.
    :mozilla.746:C:\Documents and Settings\All Users\Application Data\Mozilla\Firefox\Profiles\default.fnq\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
    :mozilla.373:C:\Documents and Settings\All Users\Documents\Mozilla\Firefox\Profiles\svuqgu3m.default\cookies.txt -> TrackingCookie.Starware : Cleaned.
    :mozilla.374:C:\Documents and Settings\All Users\Documents\Mozilla\Firefox\Profiles\svuqgu3m.default\cookies.txt -> TrackingCookie.Starware : Cleaned.
    :mozilla.375:C:\Documents and Settings\All Users\Documents\Mozilla\Firefox\Profiles\svuqgu3m.default\cookies.txt -> TrackingCookie.Starware : Cleaned.
    :mozilla.140:C:\Documents and Settings\All Users\Documents\Mozilla\Firefox\Profiles\svuqgu3m.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
    :mozilla.141:C:\Documents and Settings\All Users\Documents\Mozilla\Firefox\Profiles\svuqgu3m.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
    :mozilla.142:C:\Documents and Settings\All Users\Documents\Mozilla\Firefox\Profiles\svuqgu3m.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
    :mozilla.143:C:\Documents and Settings\All Users\Documents\Mozilla\Firefox\Profiles\svuqgu3m.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
    :mozilla.144:C:\Documents and Settings\All Users\Documents\Mozilla\Firefox\Profiles\svuqgu3m.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
    :mozilla.145:C:\Documents and Settings\All Users\Documents\Mozilla\Firefox\Profiles\svuqgu3m.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
    :mozilla.146:C:\Documents and Settings\All Users\Documents\Mozilla\Firefox\Profiles\svuqgu3m.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
    :mozilla.147:C:\Documents and Settings\All Users\Documents\Mozilla\Firefox\Profiles\svuqgu3m.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
    :mozilla.148:C:\Documents and Settings\All Users\Documents\Mozilla\Firefox\Profiles\svuqgu3m.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
    :mozilla.149:C:\Documents and Settings\All Users\Documents\Mozilla\Firefox\Profiles\svuqgu3m.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
    :mozilla.150:C:\Documents and Settings\All Users\Documents\Mozilla\Firefox\Profiles\svuqgu3m.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
    :mozilla.151:C:\Documents and Settings\All Users\Application Data\Mozilla\Firefox\Profiles\default.fnq\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
    :mozilla.151:C:\Documents and Settings\All Users\Documents\Mozilla\Firefox\Profiles\svuqgu3m.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
    :mozilla.152:C:\Documents and Settings\All Users\Application Data\Mozilla\Firefox\Profiles\default.fnq\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
    :mozilla.152:C:\Documents and Settings\All Users\Documents\Mozilla\Firefox\Profiles\svuqgu3m.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
    :mozilla.153:C:\Documents and Settings\All Users\Application Data\Mozilla\Firefox\Profiles\default.fnq\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
    :mozilla.153:C:\Documents and Settings\All Users\Documents\Mozilla\Firefox\Profiles\svuqgu3m.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
    :mozilla.154:C:\Documents and Settings\All Users\Application Data\Mozilla\Firefox\Profiles\default.fnq\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
    :mozilla.154:C:\Documents and Settings\All Users\Documents\Mozilla\Firefox\Profiles\svuqgu3m.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
    :mozilla.155:C:\Documents and Settings\All Users\Application Data\Mozilla\Firefox\Profiles\default.fnq\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
    :mozilla.155:C:\Documents and Settings\All Users\Documents\Mozilla\Firefox\Profiles\svuqgu3m.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
    :mozilla.156:C:\Documents and Settings\All Users\Application Data\Mozilla\Firefox\Profiles\default.fnq\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
    :mozilla.156:C:\Documents and Settings\All Users\Documents\Mozilla\Firefox\Profiles\svuqgu3m.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
    :mozilla.157:C:\Documents and Settings\All Users\Application Data\Mozilla\Firefox\Profiles\default.fnq\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
    :mozilla.157:C:\Documents and Settings\All Users\Documents\Mozilla\Firefox\Profiles\svuqgu3m.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
    :mozilla.158:C:\Documents and Settings\All Users\Application Data\Mozilla\Firefox\Profiles\default.fnq\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
    :mozilla.158:C:\Documents and Settings\All Users\Documents\Mozilla\Firefox\Profiles\svuqgu3m.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
    :mozilla.159:C:\Documents and Settings\All Users\Application Data\Mozilla\Firefox\Profiles\default.fnq\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
    :mozilla.159:C:\Documents and Settings\All Users\Documents\Mozilla\Firefox\Profiles\svuqgu3m.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
    :mozilla.160:C:\Documents and Settings\All Users\Application Data\Mozilla\Firefox\Profiles\default.fnq\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
    :mozilla.160:C:\Documents and Settings\All Users\Documents\Mozilla\Firefox\Profiles\svuqgu3m.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
    :mozilla.161:C:\Documents and Settings\All Users\Application Data\Mozilla\Firefox\Profiles\default.fnq\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
    :mozilla.161:C:\Documents and Settings\All Users\Documents\Mozilla\Firefox\Profiles\svuqgu3m.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
    :mozilla.162:C:\Documents and Settings\All Users\Application Data\Mozilla\Firefox\Profiles\default.fnq\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
    :mozilla.162:C:\Documents and Settings\All Users\Documents\Mozilla\Firefox\Profiles\svuqgu3m.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
    :mozilla.163:C:\Documents and Settings\All Users\Documents\Mozilla\Firefox\Profiles\svuqgu3m.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
    :mozilla.164:C:\Documents and Settings\All Users\Documents\Mozilla\Firefox\Profiles\svuqgu3m.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
    :mozilla.165:C:\Documents and Settings\All Users\Documents\Mozilla\Firefox\Profiles\svuqgu3m.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
    :mozilla.166:C:\Documents and Settings\All Users\Documents\Mozilla\Firefox\Profiles\svuqgu3m.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
    :mozilla.167:C:\Documents and Settings\All Users\Documents\Mozilla\Firefox\Profiles\svuqgu3m.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
    :mozilla.168:C:\Documents and Settings\All Users\Documents\Mozilla\Firefox\Profiles\svuqgu3m.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
    :mozilla.169:C:\Documents and Settings\All Users\Documents\Mozilla\Firefox\Profiles\svuqgu3m.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
    :mozilla.170:C:\Documents and Settings\All Users\Documents\Mozilla\Firefox\Profiles\svuqgu3m.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
    :mozilla.171:C:\Documents and Settings\All Users\Documents\Mozilla\Firefox\Profiles\svuqgu3m.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
    :mozilla.172:C:\Documents and Settings\All Users\Documents\Mozilla\Firefox\Profiles\svuqgu3m.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
    :mozilla.173:C:\Documents and Settings\All Users\Documents\Mozilla\Firefox\Profiles\svuqgu3m.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
    :mozilla.174:C:\Documents and Settings\All Users\Documents\Mozilla\Firefox\Profiles\svuqgu3m.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
    :mozilla.175:C:\Documents and Settings\All Users\Documents\Mozilla\Firefox\Profiles\svuqgu3m.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
    :mozilla.176:C:\Documents and Settings\All Users\Documents\Mozilla\Firefox\Profiles\svuqgu3m.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
    :mozilla.177:C:\Documents and Settings\All Users\Documents\Mozilla\Firefox\Profiles\svuqgu3m.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
    :mozilla.178:C:\Documents and Settings\All Users\Documents\Mozilla\Firefox\Profiles\svuqgu3m.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
    :mozilla.179:C:\Documents and Settings\All Users\Documents\Mozilla\Firefox\Profiles\svuqgu3m.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
    :mozilla.180:C:\Documents and Settings\All Users\Documents\Mozilla\Firefox\Profiles\svuqgu3m.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
    :mozilla.181:C:\Documents and Settings\All Users\Documents\Mozilla\Firefox\Profiles\svuqgu3m.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
    :mozilla.182:C:\Documents and Settings\All Users\Documents\Mozilla\Firefox\Profiles\svuqgu3m.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
    :mozilla.183:C:\Documents and Settings\All Users\Documents\Mozilla\Firefox\Profiles\svuqgu3m.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
    :mozilla.184:C:\Documents and Settings\All Users\Documents\Mozilla\Firefox\Profiles\svuqgu3m.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
    :mozilla.185:C:\Documents and Settings\All Users\Documents\Mozilla\Firefox\Profiles\svuqgu3m.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
    :mozilla.186:C:\Documents and Settings\All Users\Documents\Mozilla\Firefox\Profiles\svuqgu3m.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
    :mozilla.187:C:\Documents and Settings\All Users\Documents\Mozilla\Firefox\Profiles\svuqgu3m.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
    :mozilla.188:C:\Documents and Settings\All Users\Documents\Mozilla\Firefox\Profiles\svuqgu3m.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
    :mozilla.189:C:\Documents and Settings\All Users\Documents\Mozilla\Firefox\Profiles\svuqgu3m.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
    :mozilla.55:C:\Documents and Settings\nota\Application Data\Mozilla\Firefox\Profiles\cy2u54jq.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
    :mozilla.94:C:\Documents and Settings\Glenn\Application Data\Mozilla\Firefox\Profiles\svuqgu3m.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
    :mozilla.135:C:\Documents and Settings\Glenn\Application Data\Mozilla\Firefox\Profiles\svuqgu3m.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
    :mozilla.136:C:\Documents and Settings\Glenn\Application Data\Mozilla\Firefox\Profiles\svuqgu3m.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
    :mozilla.137:C:\Documents and Settings\Glenn\Application Data\Mozilla\Firefox\Profiles\svuqgu3m.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
    :mozilla.138:C:\Documents and Settings\Glenn\Application Data\Mozilla\Firefox\Profiles\svuqgu3m.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
    :mozilla.438:C:\Documents and Settings\All Users\Documents\Mozilla\Firefox\Profiles\svuqgu3m.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
    :mozilla.439:C:\Documents and Settings\All Users\Documents\Mozilla\Firefox\Profiles\svuqgu3m.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
    :mozilla.583:C:\Documents and Settings\Glenn\Application Data\Mozilla\Firefox\Profiles\svuqgu3m.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
    :mozilla.584:C:\Documents and Settings\Glenn\Application Data\Mozilla\Firefox\Profiles\svuqgu3m.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
    :mozilla.498:C:\Documents and Settings\All Users\Documents\Mozilla\Firefox\Profiles\svuqgu3m.default\cookies.txt -> TrackingCookie.Tracking101 : Cleaned.
    :mozilla.237:C:\Documents and Settings\All Users\Application Data\Mozilla\Firefox\Profiles\default.fnq\cookies.txt -> TrackingCookie.Trafic : Cleaned.
    :mozilla.361:C:\Documents and Settings\All Users\Documents\Mozilla\Firefox\Profiles\svuqgu3m.default\cookies.txt -> TrackingCookie.Trafic : Cleaned.
    :mozilla.524:C:\Documents and Settings\Glenn\Application Data\Mozilla\Firefox\Profiles\svuqgu3m.default\cookies.txt -> TrackingCookie.Trafic : Cleaned.
    :mozilla.124:C:\Documents and Settings\nota\Application Data\Mozilla\Firefox\Profiles\cy2u54jq.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
    :mozilla.132:C:\Documents and Settings\All Users\Documents\Mozilla\Firefox\Profiles\svuqgu3m.default\cookies.txt -> TrackingCookie.Web-stat : Cleaned.
    :mozilla.133:C:\Documents and Settings\All Users\Documents\Mozilla\Firefox\Profiles\svuqgu3m.default\cookies.txt -> TrackingCookie.Web-stat : Cleaned.
    :mozilla.134:C:\Documents and Settings\All Users\Documents\Mozilla\Firefox\Profiles\svuqgu3m.default\cookies.txt -> TrackingCookie.Web-stat : Cleaned.
    :mozilla.135:C:\Documents and Settings\All Users\Documents\Mozilla\Firefox\Profiles\svuqgu3m.default\cookies.txt -> TrackingCookie.Web-stat : Cleaned.
    :mozilla.136:C:\Documents and Settings\All Users\Documents\Mozilla\Firefox\Profiles\svuqgu3m.default\cookies.txt -> TrackingCookie.Web-stat : Cleaned.
    :mozilla.137:C:\Documents and Settings\All Users\Documents\Mozilla\Firefox\Profiles\svuqgu3m.default\cookies.txt -> TrackingCookie.Web-stat : Cleaned.
    :mozilla.537:C:\Documents and Settings\Glenn\Application Data\Mozilla\Firefox\Profiles\svuqgu3m.default\cookies.txt -> TrackingCookie.Web-stat : Cleaned.
    :mozilla.538:C:\Documents and Settings\Glenn\Application Data\Mozilla\Firefox\Profiles\svuqgu3m.default\cookies.txt -> TrackingCookie.Web-stat : Cleaned.
    :mozilla.539:C:\Documents and Settings\Glenn\Application Data\Mozilla\Firefox\Profiles\svuqgu3m.default\cookies.txt -> TrackingCookie.Web-stat : Cleaned.
    :mozilla.540:C:\Documents and Settings\Glenn\Application Data\Mozilla\Firefox\Profiles\svuqgu3m.default\cookies.txt -> TrackingCookie.Web-stat : Cleaned.
    :mozilla.817:C:\Documents and Settings\All Users\Application Data\Mozilla\Firefox\Profiles\default.fnq\cookies.txt -> TrackingCookie.Web-stat : Cleaned.
    :mozilla.818:C:\Documents and Settings\All Users\Application Data\Mozilla\Firefox\Profiles\default.fnq\cookies.txt -> TrackingCookie.Web-stat : Cleaned.
    :mozilla.836:C:\Documents and Settings\All Users\Application Data\Mozilla\Firefox\Profiles\default.fnq\cookies.txt -> TrackingCookie.Web-stat : Cleaned.
    :mozilla.837:C:\Documents and Settings\All Users\Application Data\Mozilla\Firefox\Profiles\default.fnq\cookies.txt -> TrackingCookie.Web-stat : Cleaned.
    :mozilla.926:C:\Documents and Settings\All Users\Application Data\Mozilla\Firefox\Profiles\default.fnq\cookies.txt -> TrackingCookie.Xhit : Cleaned.
    :mozilla.167:C:\Documents and Settings\Glenn\Application Data\Mozilla\Firefox\Profiles\svuqgu3m.default\cookies.txt -> TrackingCookie.Yadro : Cleaned.
    :mozilla.400:C:\Documents and Settings\All Users\Application Data\Mozilla\Firefox\Profiles\default.fnq\cookies.txt -> TrackingCookie.Yadro : Cleaned.
    :mozilla.506:C:\Documents and Settings\All Users\Documents\Mozilla\Firefox\Profiles\svuqgu3m.default\cookies.txt -> TrackingCookie.Yadro : Cleaned.
    :mozilla.59:C:\Documents and Settings\nota\Application Data\Mozilla\Firefox\Profiles\cy2u54jq.default\cookies.txt -> TrackingCookie.Yadro : Cleaned.
    :mozilla.160:C:\Documents and Settings\Glenn\Application Data\Mozilla\Firefox\Profiles\svuqgu3m.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
    :mozilla.161:C:\Documents and Settings\Glenn\Application Data\Mozilla\Firefox\Profiles\svuqgu3m.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
    :mozilla.162:C:\Documents and Settings\Glenn\Application Data\Mozilla\Firefox\Profiles\svuqgu3m.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
    :mozilla.163:C:\Documents and Settings\Glenn\Application Data\Mozilla\Firefox\Profiles\svuqgu3m.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
    :mozilla.164:C:\Documents and Settings\Glenn\Application Data\Mozilla\Firefox\Profiles\svuqgu3m.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
    :mozilla.165:C:\Documents and Settings\Glenn\Application Data\Mozilla\Firefox\Profiles\svuqgu3m.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
    :mozilla.37:C:\Documents and Settings\All Users\Documents\Mozilla\Firefox\Profiles\svuqgu3m.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
    :mozilla.39:C:\Documents and Settings\All Users\Documents\Mozilla\Firefox\Profiles\svuqgu3m.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
    :mozilla.40:C:\Documents and Settings\All Users\Documents\Mozilla\Firefox\Profiles\svuqgu3m.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
    :mozilla.41:C:\Documents and Settings\All Users\Documents\Mozilla\Firefox\Profiles\svuqgu3m.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
    :mozilla.48:C:\Documents and Settings\All Users\Documents\Mozilla\Firefox\Profiles\svuqgu3m.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
    :mozilla.49:C:\Documents and Settings\All Users\Documents\Mozilla\Firefox\Profiles\svuqgu3m.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
    :mozilla.500:C:\Documents and Settings\All Users\Application Data\Mozilla\Firefox\Profiles\default.fnq\cookies.txt -> TrackingCookie.Zedo : Cleaned.
    :mozilla.501:C:\Documents and Settings\All Users\Application Data\Mozilla\Firefox\Profiles\default.fnq\cookies.txt -> TrackingCookie.Zedo : Cleaned.
    :mozilla.50:C:\Documents and Settings\All Users\Documents\Mozilla\Firefox\Profiles\svuqgu3m.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
    K:\System Volume Information\_restore{936975EF-AFF1-4B5C-96F9-5B84E1A6E768}\RP26\A0003981.exe -> Trojan.Agent.vw : Cleaned with backup (quarantined).
    K:\System Volume Information\_restore{936975EF-AFF1-4B5C-96F9-5B84E1A6E768}\RP26\A0003982.exe -> Trojan.Agent.vw : Cleaned with backup (quarantined).
    K:\System Volume Information\_restore{936975EF-AFF1-4B5C-96F9-5B84E1A6E768}\RP26\A0003983.exe -> Trojan.Agent.vw : Cleaned with backup (quarantined).
    K:\System Volume Information\_restore{936975EF-AFF1-4B5C-96F9-5B84E1A6E768}\RP26\A0003984.exe -> Trojan.Agent.vw : Cleaned with backup (quarantined).
    C:\WINDOWS\system32\hosts.txt -> Trojan.Bambo.Hosts.A : Cleaned with backup (quarantined).
    C:\Documents and Settings\Glenn\My Documents\CrackDown Store\[servant salamander] Serials\Servant Salamander 2.5 beta 10a.zip/2.5beta10af.exe -> Trojan.Proxcrak.A : Cleaned with backup (quarantined).

    ::Report end
     
  14. glgold

    glgold Thread Starter

    Joined:
    Feb 16, 2007
    Messages:
    11
    HJT Log=============
    Logfile of HijackThis v1.99.1
    Scan saved at 8:44:16 AM, on 2/18/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16414)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Common Files\ActivCard\acachsrv.exe
    C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\WINDOWS\system32\E_S00RP1.EXE
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    C:\Program Files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe
    C:\Program Files\Eset\nod32krn.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\oodag.exe
    C:\WINDOWS\system32\SAgent4.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\devldr32.exe
    C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
    C:\WINDOWS\system32\taskswitch.exe
    C:\Program Files\Eset\nod32kui.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\Program Files\Java\jre1.6.0\bin\jusched.exe
    C:\Program Files\D4\D4.exe
    C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
    C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE
    C:\KeyPass\KeePass.exe
    C:\WALLPA~1.90\WALLPA~1.EXE
    C:\Program Files\Windows Media Player\WMPNSCFG.exe
    C:\Program Files\HDDlife\HDDlifePro.exe
    C:\Program Files\SpywareGuard\sgmain.exe
    C:\Program Files\SpywareGuard\sgbhp.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\GPSoftware\Directory Opus\dopusrt.exe
    C:\Program Files\GPSoftware\Directory Opus\DOpus.exe
    C:\WINDOWS\system32\taskmgr.exe
    C:\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
    O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
    O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
    O2 - BHO: FiltrateIE Class - {B5D4581D-ED6A-4905-A267-25BAF7BE79C1} - C:\WINDOWS\system32\safeie.dll
    O2 - BHO: (no name) - {dcf3fcf5-69e0-4e4b-b398-92bcac2dec92} - C:\WINDOWS\system32\accmsp.dll (file missing)
    O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll
    O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
    O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
    O3 - Toolbar: Stumble&Upon - {22D003CE-6952-46C5-80B9-D19B479620AB} - C:\WINDOWS\system32\s1927.dll
    O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
    O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [CoolSwitch] C:\WINDOWS\system32\taskswitch.exe
    O4 - HKLM\..\Run: [TkBellExe] rem "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
    O4 - HKLM\..\Run: [HealthMonitor] C:\Program Files\HealthMonitor\Interface.exe
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [EPSON Stylus CX4800 Series (Copy 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE /P35 "EPSON Stylus CX4800 Series (Copy 1)" /O6 "USB002" /M "Stylus CX4800"
    O4 - HKLM\..\Run: [SoundMan] rem SOUNDMAN.EXE
    O4 - HKLM\..\Run: [acEventServ] "C:\Program Files\ActivCard\ActivCard Gold\acevtsrv.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"
    O4 - HKLM\..\Run: [Dimension4] C:\Program Files\D4\D4.exe
    O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
    O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [WeatherAlarmClock] rem C:\Program Files\Weather Alarm Clock\WeatherAlarmClock.exe
    O4 - HKCU\..\Run: [EPSON Stylus CX4800 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE /P26 "EPSON Stylus CX4800 Series" /M "Stylus CX4800" /EF "HKCU"
    O4 - HKCU\..\Run: [KeePass Password Safe] C:\KeyPass\KeePass.exe
    O4 - HKCU\..\Run: [WallPaper] C:\WALLPA~1.90\WALLPA~1.EXE /h
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - Startup: HDDlife.lnk = C:\Program Files\HDDlife\HDDlifePro.exe
    O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
    O4 - Startup: Trillian.lnk = C:\Program Files\Trillian\trillian.exe
    O4 - Global Startup: ActivCard Gold Smart Card Agent.lnk = C:\Program Files\ActivCard\ActivCard Gold\agquickp.exe
    O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
    O8 - Extra context menu item: &Download all by WellGet - C:\Program Files\WellGet\nxall.htm
    O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm
    O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm
    O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Download by &WellGet - C:\Program Files\WellGet\nxcatch.htm
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O8 - Extra context menu item: StumbleUpon: &Blog This - res://C:\WINDOWS\system32\s1927.dll/blogimage
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll
    O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll
    O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll
    O9 - Extra button: WellGet - {35980F6E-A258-4E50-953D-813BB8556899} - C:\Program Files\WellGet\WellGet.exe
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
    O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
    O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
    O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra button: Add to TimeLeft Auction Watch - {21196042-830F-419f-A594-F9D456A6C29A} - C:\Program Files\TimeLeft3\TLIntergIE.html (HKCU)
    O9 - Extra 'Tools' menuitem: Add to TimeLeft Auction Watch - {21196042-830F-419f-A594-F9D456A6C29A} - C:\Program Files\TimeLeft3\TLIntergIE.html (HKCU)
    O11 - Options group: [INTERNATIONAL] International*
    O16 - DPF: {0D6709DD-4ED8-40CA-B459-2757AEEF7BEE} (Dldrv2 Control) - http://download.gigabyte.com.tw/object/Dldrv.ocx
    O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.goldenram.com/upgradedetect/upgradedetect.cab?1032
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1169212142984
    O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} - http://www.nick.com/common/groove/gx/GrooveAX27.cab
    O16 - DPF: {814EA0DA-E0D9-4AA4-833C-A1A6D38E79E9} (DASWebDownload Class) - http://das.microsoft.com/activate/cab/x86/i486/NTANSI/retail/DASAct.cab
    O16 - DPF: {82F2D6B2-6C58-4404-A930-9DB0FD90D4B1} (Driver_Detective_v43_Non_Member.DD_v43) - http://www.drivershq.com/cab/prod/Driver_Detective_v43_Non_Member.CAB
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
    O16 - DPF: {BDEE1959-AB6B-4745-A29B-F492861102CC} -
    O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712...amai.com/6712/player/install3.5/installer.exe
    O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://download.games.yahoo.com/games/web_games/popcap/bejeweled2/popcaploader_v6.cab
    O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
    O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
    O20 - Winlogon Notify: accmsp - accmsp.dll (file missing)
    O20 - Winlogon Notify: RegCompact - C:\WINDOWS\SYSTEM32\RegCompact.dll
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
    O23 - Service: ActivCard Authentication Service (ACachSrv) - ActivCard - C:\Program Files\Common Files\ActivCard\acachsrv.exe
    O23 - Service: ActivCard Gold Autoregister (acautoreg) - ActivCard S.A. - C:\Program Files\Common Files\ActivCard\acautoreg.exe
    O23 - Service: ActivCard Gold service (Accoca) - ActivCard - C:\Program Files\Common Files\ActivCard\accoca.exe
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
    O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: EPSON V3 Service2(03) (EPSON_PM_RPCV2_01) - SEIKO EPSON CORPORATION - C:\WINDOWS\system32\E_S00RP1.EXE
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: mental ray 3.5 Satellite (32-bit) (mi-raysat_3dsmax9_32) - Unknown owner - C:\Program Files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe
    O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
    O23 - Service: Epson Printer Status Agent4 (StatusAgent4) - SEIKO EPSON CORPORATION - C:\WINDOWS\system32\SAgent4.exe
     
  15. JSntgRvr

    JSntgRvr Moderator Malware Specialist

    Joined:
    Jul 1, 2003
    Messages:
    18,552
    First Name:
    José
    Hi, glgold :)

    Lets return those files to the System32 folder:

    Download the enclosed file and extract its contents to the desktop. It is a batch file. Once extracted double click on it to run it. A new document will be produced. Post its contents in your next reply.

    Please re-open HiJackThis and scan. Check the boxes next to all the entries listed below.

    O2 - BHO: FiltrateIE Class - {B5D4581D-ED6A-4905-A267-25BAF7BE79C1} - C:\WINDOWS\system32\safeie.dll
    O2 - BHO: (no name) - {dcf3fcf5-69e0-4e4b-b398-92bcac2dec92} - C:\WINDOWS\system32\accmsp.dll (file missing)



    Now close all windows and browsers, other than HiJackThis, then click Fix Checked.

    Close Hijackthis.
    • Please double-click OTMoveIt.exe to run it.
    • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):

      C:\WINDOWS\system32\safeie.dll

    • Return to OTMoveIt, right click on the "Paste List of Files/Folders to be moved" window and choose Paste.
    • Click the red Moveit! button.
      • If able, copy everything on the Results window to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it on a note pad document. Save it on the desktop and post its contents in your next reply.
    • Close OTMoveIt
    If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

    How is the computer doing?
     

    Attached Files:

  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/544543

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice