Mobile/PDA About Us Advertise here
User User name Password  
  Not registered yet? Register here.
Lost your password? Click here. 		 
  Home   News   Guides   Downloads   Glossary   Hardware   Profiles   Forums   v4  
 Advertise at AfterDawn.com     Link to us!     Private messages     Compose a private message     List of all updated threads     Threads without replies     Search messages
Friday 29.8.2025 / 08:09
Search AfterDawn Forums:        In English   Suomeksi   På svenska
afterdawn.com > forums > software, operating systems and more > windows - virus and spyware problems > maca1 hijak this, scan, need help
Show topics
 
Forums
Forums
maca1 Hijak This, Scan, Need Help
  Jump to:
 
Posted Message
jorahan
Suspended permanently
_ 		19. October 2006 @ 08:29 _ Link to this message    Send private message to this user   
-Hi I was wondering what (if anything) my computer is infected with. Can someone please examine the log file and tell me? Thanks in Advance.
-Pieter

Logfile of HijackThis v1.99.1
Scan saved at 6:27:36 PM, on 10/19/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Icons\Seticon.exe
C:\USBStorage\USBDetector.exe
C:\WINDOWS\System32\RunDll32.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Common Files\{C00B7FE5-0693-1033-0102-040222050001}\Update.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\System32\fdeploy.exe
C:\WINDOWS\System32\msxml2r.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\System32\svchost.exe
C:\Downloads\HijackThis_v1.99.1.exe

R3 - URLSearchHook: (no name) - {A8BD6820-6ED7-423E-9558-2D1486B0FEEA} - C:\Program Files\DeluxeCommunications\DxcBho.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: ToolBar888 - {C004DEC2-2623-438e-9CA2-C9043AB28508} - C:\Program Files\Common Files\{300B7FE5-0693-1033-0102-040222050001}\MyToolBar.dll
O2 - BHO: PrintViewBHO Class - {D4E0C464-30CE-4075-9A10-71FD106C2847} - C:\PROGRA~1\PRINTV~1\PRINTH~1.DLL
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: ToolBar888 - {C004DEC2-2623-438e-9CA2-C9043AB28508} - C:\Program Files\Common Files\{300B7FE5-0693-1033-0102-040222050001}\MyToolBar.dll
O4 - HKLM\..\Run: [SetIcon] C:\Program Files\Icons\Seticon.exe
O4 - HKLM\..\Run: [USBDetector] C:\USBStorage\USBDetector.exe
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [SW20] C:\WINDOWS\System32\sw20.exe
O4 - HKLM\..\Run: [SW24] C:\WINDOWS\System32\sw24.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [PVModule] C:\PROGRA~1\PRINTV~1\pvmodule.exe
O4 - HKLM\..\Run: [DeluxeCommunications] C:\Program Files\DeluxeCommunications\Dxc.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [fdeploy] C:\WINDOWS\System32\fdeploy.exe
O4 - HKCU\..\Run: [rsfsaps] C:\WINDOWS\System32\rsfsaps.exe
O4 - HKCU\..\Run: [shmedia] C:\WINDOWS\System32\shmedia.exe
O4 - HKCU\..\Run: [msaatext] C:\WINDOWS\System32\msaatext.exe
O4 - HKCU\..\Run: [msxml2r] C:\WINDOWS\System32\msxml2r.exe
O4 - HKCU\..\Run: [kbdgr1] C:\WINDOWS\System32\kbdgr1.exe
O4 - HKCU\..\Run: [dmcompos] C:\WINDOWS\System32\dmcompos.exe
O4 - HKCU\..\Run: [tapiui] C:\WINDOWS\System32\tapiui.exe
O4 - HKCU\..\Run: [cprocsvc] C:\WINDOWS\System32\crunner\cproc.exe
O4 - HKCU\..\Run: [DeluxeCommunications] C:\Program Files\DeluxeCommunications\Dxc.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - AppInit_DLLs: dxclib303562752.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: CA ISafe (CAISafe) - Computer Associates International, Inc. - C:\WINDOWS\System32\ZoneLabs\isafe.exe
O23 - Service: dgrpsetu.exe - Unknown owner - C:\WINDOWS\System32\dgrpsetu.exe
O23 - Service: dpus11.exe - Unknown owner - C:\WINDOWS\System32\dpus11.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: msdtcuiu.exe - Unknown owner - C:\WINDOWS\System32\msdtcuiu.exe (file missing)
O23 - Service: ntdsbcli.exe - Unknown owner - C:\WINDOWS\System32\ntdsbcli.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: odexl32.exe - Unknown owner - C:\WINDOWS\System32\odexl32.exe (file missing)
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: termsrv.exe - Unknown owner - C:\WINDOWS\System32\termsrv.exe (file missing)
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
[ + quote]
Ich bin der Träumer
私が持っているあなたのすべて

This message has been edited since posting. Last time this message was edited on 19. October 2006 @ 11:37
Advertisement
_ 		__
maca1
Senior Member
_ 		19. October 2006 @ 08:52 _ Link to this message    Send private message to this user   
Hi jorahan.

You are quite infected, you are running XP service pack1 while Windows XP has been updated to service pack2 but that can't be installed on your system until it's clean

1. Download combofix from one of these two sites:
http://download.bleepingcomputer.com/sUBs/combofix.exe
http://www.techsupportforum.com/sectools/combofix.exe

2. Double click combofix.exe & follow the prompts.
3. When finished, it shall produce a log for you. Post that log in your next reply with a new HjT log.
Note:
Do not mouseclick combofix's window while it's running. That may cause it to stall.



[ + quote]

This message has been edited since posting. Last time this message was edited on 19. October 2006 @ 08:57
jorahan
Suspended permanently
_ 		19. October 2006 @ 09:52 _ Link to this message    Send private message to this user   
DANG! I dont wanna be infected:

Admin - 06-10-19 19:41:02.70 Service Pack 1
ComboFix 06.10.19 - Running from: "C:\Downloads"

((((((((((((((((((((((((((((((((((((((((((( E-Give / Ssk's Log )))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\system32\dxclib303562752.dll
C:\Documents and Settings\Admin\Application Data\Dxcknwrd.dll
C:\WINDOWS\system32\bkd.exe
C:\Program Files\DeluxeCommunications\Dxc.exe
C:\Program Files\DeluxeCommunications\DxcBho.dll
C:\Program Files\DeluxeCommunications\DxcCore.dll


* * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *


C:\WINDOWS\system32\dxclib303562752.dll
C:\Program Files\DeluxeCommunications\Dxc.exe
C:\Program Files\DeluxeCommunications\DxcBho.dll
C:\Program Files\DeluxeCommunications\DxcCore.dll
(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\system32\winsys.exe
C:\Program Files\Common Files\Yazzle1122OinAdmin.exe
C:\Program Files\Common Files\misc002
C:\Program Files\Inetget2
C:\Program Files\Ipwins
C:\Program Files\PrintView
C:\WINDOWS\system32\crunner
C:\Program Files\Common Files\{300B7FE5-0693-1033-0102-040222050001}
C:\Program Files\Common Files\{C00B7FE5-0693-1033-0102-040222050001}


((((((((((((((((((((((((((((((( Files Created from 2006-09-19 to 2006-10-19 ))))))))))))))))))))))))))))))))))


2006-10-19 19:37 18,944 --a------ C:\WINDOWS\system32\adsldpc.exe
2006-10-19 19:37 18,944 --a------ C:\Documents and Settings\Admin\HRCC.exe
2006-10-19 19:34 18,944 --a------ C:\Documents and Settings\Admin\TGNE.exe
2006-10-19 18:02 18,944 --a------ C:\Documents and Settings\Admin\FNNQ.exe
2006-10-18 20:41 96,768 --------- C:\WINDOWS\system32\dxclib303562752.dll
2006-10-18 20:01 45,056 --a------ C:\Documents and Settings\Admin\QREN.exe
2006-10-18 18:01 45,056 --a------ C:\Documents and Settings\Admin\OHDT.exe
2006-10-17 18:24 45,056 --a------ C:\Documents and Settings\Admin\TEMO.exe
2006-10-17 12:38 45,056 --a------ C:\Documents and Settings\Admin\TRAU.exe
2006-10-17 06:51 45,056 --a------ C:\WINDOWS\system32\IECI.exe
2006-10-17 06:51 45,056 --a------ C:\WINDOWS\system32\dxdiagn.exe
2006-10-17 06:51 45,056 --a------ C:\Documents and Settings\Admin\SQSE.exe
2006-10-16 22:05 45,056 --a------ C:\Documents and Settings\Admin\IEJF.exe
2006-10-16 18:28 45,056 --a------ C:\Documents and Settings\Admin\MFOK.exe
2006-10-16 18:04 45,056 --a------ C:\Documents and Settings\Admin\UOLF.exe
2006-10-16 12:28 45,056 --a------ C:\Documents and Settings\Admin\EBKS.exe
2006-10-16 07:50 45,056 --a------ C:\Documents and Settings\Admin\QRML.exe
2006-10-15 21:59 45,056 --a------ C:\Documents and Settings\Admin\PIUJ.exe
2006-10-15 21:44 45,056 --a------ C:\WINDOWS\system32\JKRC.exe
2006-10-15 21:43 45,056 --a------ C:\Documents and Settings\Admin\NGDH.exe
2006-10-15 20:18 45,056 --a------ C:\Documents and Settings\Admin\EGRS.exe
2006-10-15 18:56 45,056 --a------ C:\Documents and Settings\Admin\AFME.exe
2006-10-15 17:16 45,056 --a------ C:\Documents and Settings\Admin\CUAR.exe
2006-10-15 16:21 45,056 --a------ C:\Documents and Settings\Admin\DFAC.exe
2006-10-15 15:10 45,056 --a------ C:\Documents and Settings\Admin\HPMD.exe
2006-10-15 13:33 45,056 --a------ C:\Documents and Settings\Admin\NRRG.exe
2006-10-15 09:54 45,056 --a------ C:\Documents and Settings\Admin\MAPF.exe
2006-10-15 09:12 48,640 --a------ C:\Documents and Settings\Admin\7.exe
2006-10-15 09:12 45,056 --a------ C:\WINDOWS\system32\KNST.exe
2006-10-15 09:10 45,056 --a------ C:\Documents and Settings\Admin\URPC.exe
2006-10-14 17:25 45,056 --a------ C:\Documents and Settings\Admin\SHHT.exe
2006-10-14 15:43 45,056 --a------ C:\Documents and Settings\Admin\OHEI.exe
2006-10-14 10:13 45,056 --a------ C:\Documents and Settings\Admin\RURS.exe
2006-10-14 02:49 45,056 --a------ C:\WINDOWS\system32\JJKP.exe
2006-10-14 02:49 35,591 --a------ C:\WINDOWS\system32\msaatext.exe
2006-10-14 02:48 45,056 --a------ C:\Documents and Settings\Admin\IKGB.exe
2006-10-13 22:22 45,056 --a------ C:\WINDOWS\system32\clbcatex.exe
2006-10-13 22:22 45,056 --a------ C:\WINDOWS\system32\ASAL.exe
2006-10-08 22:06 24,576 --a------ C:\WINDOWS\system32\SNSL.exe
2006-10-08 22:06 115,947 --a------ C:\WINDOWS\system32\5.exe
2006-10-08 22:05 24,576 --a------ C:\WINDOWS\system32\dbmsrpcn.exe
2006-10-02 18:56 192,512 --a------ C:\WINDOWS\system32\srkey.exe
2006-09-23 20:22 73,728 --a------ C:\WINDOWS\system32\FLKill.exe
2006-09-23 20:22 53,248 --a------ C:\WINDOWS\system32\suppdll.dll
2006-09-23 20:22 35,363 --a------ C:\WINDOWS\system32\windrvNT.sys
2006-09-20 18:53 36,480 -ra------ C:\WINDOWS\system32\drivers\P2k.sys


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2006-10-19 19:47 -------- d-------- C:\Program Files\Common Files
2006-10-19 19:37 -------- d-------- C:\Program Files\Mozilla Firefox
2006-10-18 20:41 -------- d-------- C:\Program Files\DeluxeCommunications
2006-10-15 21:07 -------- d-------- C:\Program Files\GameSpy Arcade
2006-10-15 18:53 -------- d-------- C:\Documents and Settings\Admin\Application Data\Azureus
2006-10-15 16:19 -------- d-------- C:\Program Files\FlashGet
2006-10-15 16:18 -------- d-------- C:\Program Files\FlashFXP
2006-10-15 16:17 -------- d-------- C:\Program Files\Postal 2 Demo
2006-10-15 16:17 -------- d-------- C:\Program Files\BitLord
2006-10-13 19:01 -------- d-------- C:\Program Files\Azureus
2006-10-08 21:35 -------- d-------- C:\Documents and Settings\Admin\Application Data\uTorrent
2006-10-08 20:35 -------- d-------- C:\Program Files\ReflexiveArcade
2006-10-05 20:26 -------- d-------- C:\Program Files\KXploit Tool
2006-10-02 19:01 -------- d--h----- C:\Program Files\InstallShield Installation Information
2006-10-02 18:45 -------- d-------- C:\Program Files\directx
2006-10-01 17:39 -------- d-------- C:\Program Files\Valusoft
2006-10-01 14:14 -------- d-------- C:\Program Files\MSN Messenger
2006-10-01 14:14 -------- d-------- C:\Program Files\Common Files\Microsoft Shared
2006-10-01 10:51 -------- d-------- C:\Program Files\Folder Lock
2006-09-30 22:08 -------- d-------- C:\Program Files\Winamp
2006-09-29 21:41 -------- d-------- C:\Documents and Settings\Admin\Application Data\Google
2006-09-29 21:40 -------- d-------- C:\Program Files\Google
2006-09-29 21:23 -------- d-------- C:\Program Files\Windows Media Player
2006-09-29 18:18 778656 --a------ C:\WINDOWS\system32\drivers\avg7core.sys
2006-09-28 20:12 -------- d-------- C:\Program Files\DivX
2006-09-28 18:57 -------- d-------- C:\Program Files\CDex_150
2006-09-23 20:03 -------- d-------- C:\Documents and Settings\Admin\Application Data\uk.co.planetside
2006-09-23 19:53 -------- d-------- C:\Program Files\Terragen
2006-09-21 21:36 -------- d-------- C:\Program Files\PSP
2006-09-18 20:11 778240 --a------ C:\WINDOWS\system32\divx_xx0c.dll
2006-09-18 20:11 778240 --a------ C:\WINDOWS\system32\divx_xx07.dll
2006-09-18 20:11 761856 --a------ C:\WINDOWS\system32\divx_xx11.dll
2006-09-18 20:11 620180 --a------ C:\WINDOWS\system32\DivX.dll
2006-09-14 21:15 -------- d-------- C:\Program Files\Motorola
2006-09-14 21:03 -------- d--h----- C:\Program Files\WindowsUpdate
2006-09-08 17:30 14 --a------ C:\WINDOWS\system32\systeminfo.dll
2006-09-08 17:30 -------- d-------- C:\Program Files\DVD X Studios
2006-09-08 16:17 -------- d-------- C:\Program Files\AC3Filter
2006-09-08 15:25 98304 --a------ C:\WINDOWS\system32\CmdLineExt.dll
2006-09-08 15:24 -------- d-------- C:\Program Files\MyGlobalSearch
2006-09-08 15:24 -------- d-------- C:\Program Files\Cliprex_WhenUSave_Installer
2006-09-08 15:17 -------- d---s---- C:\Documents and Settings\Admin\Application Data\Microsoft
2006-09-08 15:15 -------- d-------- C:\Program Files\Eidos
2006-09-04 21:44 -------- d-------- C:\Documents and Settings\Admin\Application Data\Media Player Classic
2006-09-03 20:39 73216 --a------ C:\WINDOWS\ST6UNST.EXE
2006-09-03 20:39 286720 --------- C:\WINDOWS\Setup1.exe
2006-09-03 20:30 -------- d-------- C:\Program Files\TES IV Save Manager
2006-09-02 22:38 -------- d-------- C:\Documents and Settings\Admin\Application Data\Macromedia
2006-09-02 09:49 952 --ahs---- C:\WINDOWS\system32\KGyGaAvL.sys
2006-09-02 09:49 56 -r-hs---- C:\WINDOWS\system32\DEB57E620A.sys
2006-09-02 05:29 -------- d-------- C:\Program Files\MSXML 4.0
2006-09-02 05:26 -------- d-------- C:\Program Files\Microsoft Games
2006-09-01 23:57 -------- d-------- C:\Program Files\Lavasoft
2006-09-01 23:48 -------- d-------- C:\Program Files\Java
2006-09-01 23:44 -------- d-------- C:\Program Files\Common Files\Java
2006-09-01 22:48 -------- d-------- C:\Program Files\RAR Password Cracker
2006-09-01 19:37 -------- d-------- C:\Program Files\Avanquest update
2006-09-01 19:36 -------- d-------- C:\Program Files\Motorola Phone Tools
2006-09-01 19:35 22768 --a------ C:\WINDOWS\system32\drivers\usbsermpt.sys
2006-08-31 16:16 -------- d-------- C:\Documents and Settings\Admin\Application Data\Apple Computer
2006-08-31 08:22 -------- d-------- C:\Program Files\Thugs at Bay
2006-08-31 04:53 -------- d-------- C:\Program Files\WinRAR
2006-08-31 04:08 -------- d-------- C:\Program Files\Common Files\Adobe
2006-08-31 04:07 -------- d-------- C:\Program Files\Adobe
2006-08-31 03:06 -------- d-------- C:\Program Files\DVD Shrink
2006-08-31 03:06 -------- d-------- C:\Program Files\DVD Decrypter
2006-08-31 03:02 99965 --a------ C:\WINDOWS\UninstallFirefox.exe
2006-08-31 03:01 -------- d-------- C:\Program Files\XviD
2006-08-31 03:01 -------- d-------- C:\Program Files\Real Alternative
2006-08-31 03:01 -------- d-------- C:\Program Files\QuickTime Alternative
2006-08-31 03:00 -------- d-------- C:\Program Files\Media Player Classic
2006-08-31 03:00 -------- d-------- C:\Program Files\Combined Community codec Pack
2006-08-31 02:57 223128 --a------ C:\WINDOWS\system32\drivers\vaxscsi.sys
2006-08-31 02:57 -------- d-------- C:\Program Files\Alcohol Soft
2006-08-31 02:56 90240 --a------ C:\WINDOWS\system32\drivers\sptd5021.sys
2006-08-31 02:56 642560 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2006-08-31 02:51 -------- d-------- C:\Program Files\Common Files\Ahead
2006-08-31 02:51 -------- d-------- C:\Program Files\Ahead
2006-08-31 01:55 -------- d-------- C:\Program Files\Creative
2006-08-31 01:29 10578 --a------ C:\WINDOWS\system32\drivers\hamachi.sys
2006-08-31 01:29 -------- d-------- C:\Program Files\Hamachi
2006-08-29 14:04 27904 --a------ C:\WINDOWS\system32\drivers\avg7rsxp.sys
2006-08-29 14:03 499712 --a------ C:\WINDOWS\system32\msvcp71.dll
2006-08-29 14:03 4992 --a------ C:\WINDOWS\system32\drivers\avgtdi.sys
2006-08-29 14:03 4288 --a------ C:\WINDOWS\system32\drivers\avg7rsw.sys
2006-08-29 14:03 348160 --a------ C:\WINDOWS\system32\msvcr71.dll
2006-08-29 14:03 23424 --a------ C:\WINDOWS\system32\drivers\avgmfrs.sys
2006-08-29 14:02 -------- d-------- C:\Program Files\Grisoft
2006-08-29 13:52 -------- d-------- C:\Program Files\Common Files\InstallShield
2006-08-29 13:31 -------- d-------- C:\Program Files\C-Media 3D Audio
2006-08-29 12:57 -------- d-------- C:\Program Files\Icons
2006-08-29 12:57 -------- d-------- C:\Program Files\Common Files\Wise Installation Wizard
2006-08-29 12:44 -------- d--h----- C:\Program Files\Uninstall Information
2006-08-29 12:34 -------- d-------- C:\Program Files\xerox
2006-08-29 12:34 -------- d-------- C:\Program Files\microsoft frontpage
2006-08-29 12:33 0 -rahs---- C:\MSDOS.SYS
2006-08-29 12:33 0 -rahs---- C:\IO.SYS
2006-08-29 12:33 0 --a------ C:\CONFIG.SYS
2006-08-29 12:33 0 --a------ C:\AUTOEXEC.BAT
2006-08-29 12:32 -------- d-------- C:\Program Files\Internet Explorer
2006-08-29 12:31 -------- d-------- C:\Program Files\Outlook Express
2006-08-29 12:31 -------- d-------- C:\Program Files\NetMeeting
2006-08-29 12:31 -------- d-------- C:\Program Files\Movie Maker
2006-08-29 12:31 -------- d-------- C:\Program Files\Common Files\System
2006-08-29 12:31 -------- d-------- C:\Program Files\Common Files\Services
2006-08-29 12:31 -------- d-------- C:\Program Files\Common Files\MSSoap
2006-08-29 12:30 -------- d-------- C:\Program Files\ComPlus Applications
2006-08-29 12:29 -------- d-------- C:\Program Files\Windows NT
2006-08-29 12:29 -------- d-------- C:\Program Files\Online Services
2006-08-29 12:29 -------- d-------- C:\Program Files\MSN Gaming Zone
2006-08-29 12:29 -------- d-------- C:\Program Files\MSN
2006-08-29 12:29 -------- d-------- C:\Program Files\Messenger
2006-08-29 05:12 -------- d-------- C:\Program Files\Common Files\SpeechEngines
2006-08-29 05:12 -------- d-------- C:\Program Files\Common Files\ODBC
2006-08-29 05:11 62 --ahs---- C:\Documents and Settings\Admin\Application Data\desktop.ini
2006-08-29 03:02 35591 --a------ C:\WINDOWS\system32\dmcompos.exe
2006-08-29 03:02 35079 --a------ C:\WINDOWS\system32\dgrpsetu.exe
2006-08-27 21:23 -------- d-------- C:\Program Files\Enterbrain
2006-08-27 14:56 -------- d-------- C:\Program Files\Common Files\Enterbrain
2006-08-27 14:44 -------- d-------- C:\Program Files\Game_Maker6
2006-08-27 09:00 197120 --a------ C:\WINDOWS\system32\Ramp_c.scr
2006-08-24 23:52 -------- d-------- C:\Documents and Settings\Admin\Application Data\Real
2006-08-24 23:52 -------- d-------- C:\Documents and Settings\Admin\Application Data\AdobeUM
2006-08-24 21:03 -------- d-------- C:\Documents and Settings\Admin\Application Data\Creative
2006-08-24 11:58 2368 --a------ C:\WINDOWS\system32\SVKP.sys
2006-08-23 23:38 75776 --a------ C:\WINDOWS\zllsputility.exe
2006-08-22 17:07 -------- d-------- C:\Program Files\Ligos
2006-08-22 10:02 -------- d-------- C:\Program Files\Zone Labs
2006-08-22 09:53 -------- d-------- C:\Documents and Settings\Admin\Application Data\Lavasoft
2006-08-22 09:51 14848 --a------ C:\WINDOWS\system32\htui.exe
2006-08-22 09:51 131104 --a------ C:\WINDOWS\system32\fdeploy.exe
2006-08-22 09:50 151072 --a------ C:\WINDOWS\system32\Fastmp3_Setup1.exe
2006-08-22 09:50 14848 --a------ C:\WINDOWS\system32\inst.exe
2006-08-21 09:51 737280 --a------ C:\WINDOWS\iun6002.exe
2006-08-21 09:18 -------- d-------- C:\Documents and Settings\Admin\Application Data\Sun
2006-08-21 09:16 -------- d-------- C:\Program Files\Common Files\DirectX
2006-08-21 08:55 -------- d-------- C:\Documents and Settings\Admin\Application Data\My Games
2006-08-21 08:54 -------- d-------- C:\Documents and Settings\Admin\Application Data\Hamachi
2006-08-21 08:51 -------- d-------- C:\Documents and Settings\Admin\Application Data\Talkback
2006-08-21 08:51 -------- d-------- C:\Documents and Settings\Admin\Application Data\Mozilla
2006-08-20 22:48 -------- d-------- C:\Documents and Settings\Admin\Application Data\Adobe
2006-08-20 20:03 -------- d-------- C:\Documents and Settings\Admin\Application Data\Identities
2006-08-20 20:03 -------- d-------- C:\Documents and Settings\Admin\Application Data\AVG7
2006-08-20 19:41 -------- d-------- C:\Program Files\LimeWire
2006-08-20 19:41 -------- d-------- C:\Program Files\ICQLite
2006-08-20 00:36 -------- d-------- C:\Program Files\ICQToolbar
2006-08-15 22:34 21840 --a------ C:\WINDOWS\system32\SIntfNT.dll
2006-08-15 22:34 17212 --a------ C:\WINDOWS\system32\SIntf32.dll
2006-08-15 22:34 12067 --a------ C:\WINDOWS\system32\SIntf16.dll
2006-08-11 19:35 520192 --a------ C:\WINDOWS\system32\DivXsm.exe
2006-08-11 19:35 3596288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2006-08-11 19:35 200704 --a------ C:\WINDOWS\system32\ssldivx.dll
2006-08-11 19:35 109568 --------- C:\WINDOWS\system32\pxinsi64.exe
2006-08-11 19:35 108544 --------- C:\WINDOWS\system32\pxcpyi64.exe
2006-08-11 19:35 1044480 --a------ C:\WINDOWS\system32\libdivx.dll
2006-08-11 19:31 73728 --a------ C:\WINDOWS\system32\dpl100.dll
2006-08-11 19:31 593920 --a------ C:\WINDOWS\system32\dpuGUI11.dll
2006-08-11 19:31 57344 --a------ C:\WINDOWS\system32\dpv11.dll
2006-08-11 19:31 53248 --a------ C:\WINDOWS\system32\dpuGUI10.dll
2006-08-11 19:31 344064 --a------ C:\WINDOWS\system32\dpus11.dll
2006-08-11 19:31 294912 --a------ C:\WINDOWS\system32\dpu11.dll
2006-08-11 19:31 294912 --a------ C:\WINDOWS\system32\dpu10.dll
2006-08-11 19:31 196608 --a------ C:\WINDOWS\system32\dtu100.dll
2006-08-11 19:31 12288 --a------ C:\WINDOWS\system32\DivXWMPExtType.dll
2006-08-11 19:31 118784 --a------ C:\WINDOWS\system32\DivXCodecUpdateChecker.exe
2006-07-29 19:32 48936 --a------ C:\WINDOWS\system32\sirenacm.dll
2006-07-28 09:30 62744 --a------ C:\WINDOWS\system32\xinput1_2.dll
2006-07-28 09:30 236824 --a------ C:\WINDOWS\system32\xactengine2_3.dll


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"msnmsgr"="\"C:\\Program Files\\MSN Messenger\\MsnMsgr.Exe\" /background"
"fdeploy"="C:\\WINDOWS\\System32\\fdeploy.exe"
"rsfsaps"="C:\\WINDOWS\\System32\\rsfsaps.exe"
"shmedia"="C:\\WINDOWS\\System32\\shmedia.exe"
"msaatext"="C:\\WINDOWS\\System32\\msaatext.exe"
"msxml2r"="C:\\WINDOWS\\System32\\msxml2r.exe"
"kbdgr1"="C:\\WINDOWS\\System32\\kbdgr1.exe"
"dmcompos"="C:\\WINDOWS\\System32\\dmcompos.exe"
"tapiui"="C:\\WINDOWS\\System32\\tapiui.exe"
"cprocsvc"="C:\\WINDOWS\\System32\\crunner\\cproc.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"SetIcon"="C:\\Program Files\\Icons\\Seticon.exe"
"USBDetector"="C:\\USBStorage\\USBDetector.exe"
"SiSUSBRG"="C:\\WINDOWS\\SiSUSBrg.exe"
"Cmaudio"="RunDll32 cmicnfg.cpl,CMICtrlWnd"
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\System32\\NvCpl.dll,NvStartup"
"nwiz"="nwiz.exe /install"
"AVG7_CC"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgcc.exe /STARTUP"
"NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"WinampAgent"="C:\\Program Files\\Winamp\\winampa.exe"
"SunJavaUpdateSched"="C:\\Program Files\\Java\\jre1.5.0_06\\bin\\jusched.exe"
"SW20"="C:\\WINDOWS\\System32\\sw20.exe"
"SW24"="C:\\WINDOWS\\System32\\sw24.exe"
"NvMediaCenter"="RUNDLL32.EXE C:\\WINDOWS\\System32\\NvMcTray.dll,NvTaskbarInit"
"Zone Labs Client"="\"C:\\Program Files\\Zone Labs\\ZoneAlarm\\zlclient.exe\""

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000001

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,e2,02,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\
ff,ff,04,00,00,00
"RestoredStateInfo"=hex:18,00,00,00,12,03,00,00,23,00,00,00,dc,00,00,00,d2,00,\
00,00,01,00,00,00

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE"

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

Completion time: 06-10-19 19:48:30.18
C:\ComboFix.txt ... 06-10-19 19:48

[ + quote]
Ich bin der Träumer
私が持っているあなたのすべて
maca1
Senior Member
_ 		19. October 2006 @ 10:08 _ Link to this message    Send private message to this user   
Download AVG Anti-Spyware http://www.ewido.net/en/download/
· Install and run
· Click Scanner
· select the "Settings" tab.
· Once in the Settings screen click on "Recommended actions" and then select "Delete".
· Select "Automatically generate report after every scan"
· UnSelect "Only if threats were found"
· Click Complete System Scan and the scan will begin.
· When the scan is finished, Set all items to delete
· Click Apply all actions
· Click the Save report button.
· Save the report to your C: Drive
Reboot

Run ActiveScan online virus scan:
http://www.pandasoftware.com/products/activescan.htm
When the scan is finished, save the results from the scan!

Come back here and post a new Hijack This log along with the logs from the AVG and Panda scans.
[ + quote]
jorahan
Suspended permanently
_ 		19. October 2006 @ 11:27 _ Link to this message    Send private message to this user   
I did what you said, The scan finished, There was alot! I select delete, and i think most of them deleted. it minimized before I could see, then stopped responding. Anyway here is my hijak this report.

Logfile of HijackThis v1.99.1
Scan saved at 9:25:28 PM, on 10/19/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\Program Files\Icons\Seticon.exe
C:\USBStorage\USBDetector.exe
C:\WINDOWS\System32\RunDll32.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\System32\fdeploy.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\System32\ZoneLabs\isafe.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Downloads\HijackThis_v1.99.1.exe

R3 - URLSearchHook: (no name) - {A8BD6820-6ED7-423E-9558-2D1486B0FEEA} - C:\Program Files\DeluxeCommunications\DxcBho.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: ToolBar888 - {C004DEC2-2623-438e-9CA2-C9043AB28508} - C:\Program Files\Common Files\{300B7FE5-0693-1033-0102-040222050001}\MyToolBar.dll (file missing)
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: ToolBar888 - {C004DEC2-2623-438e-9CA2-C9043AB28508} - C:\Program Files\Common Files\{300B7FE5-0693-1033-0102-040222050001}\MyToolBar.dll (file missing)
O4 - HKLM\..\Run: [SetIcon] C:\Program Files\Icons\Seticon.exe
O4 - HKLM\..\Run: [USBDetector] C:\USBStorage\USBDetector.exe
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [SW20] C:\WINDOWS\System32\sw20.exe
O4 - HKLM\..\Run: [SW24] C:\WINDOWS\System32\sw24.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [DeluxeCommunications] C:\Program Files\DeluxeCommunications\Dxc.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [fdeploy] C:\WINDOWS\System32\fdeploy.exe
O4 - HKCU\..\Run: [rsfsaps] C:\WINDOWS\System32\rsfsaps.exe
O4 - HKCU\..\Run: [shmedia] C:\WINDOWS\System32\shmedia.exe
O4 - HKCU\..\Run: [msaatext] C:\WINDOWS\System32\msaatext.exe
O4 - HKCU\..\Run: [kbdgr1] C:\WINDOWS\System32\kbdgr1.exe
O4 - HKCU\..\Run: [dmcompos] C:\WINDOWS\System32\dmcompos.exe
O4 - HKCU\..\Run: [tapiui] C:\WINDOWS\System32\tapiui.exe
O4 - HKCU\..\Run: [cprocsvc] C:\WINDOWS\System32\crunner\cproc.exe
O4 - HKCU\..\Run: [DeluxeCommunications] C:\Program Files\DeluxeCommunications\Dxc.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - AppInit_DLLs: dxclib303562752.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: CA ISafe (CAISafe) - Computer Associates International, Inc. - C:\WINDOWS\System32\ZoneLabs\isafe.exe
O23 - Service: dgrpsetu.exe - Unknown owner - C:\WINDOWS\System32\dgrpsetu.exe
O23 - Service: dpus11.exe - Unknown owner - C:\WINDOWS\System32\dpus11.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: msdtcuiu.exe - Unknown owner - C:\WINDOWS\System32\msdtcuiu.exe (file missing)
O23 - Service: ntdsbcli.exe - Unknown owner - C:\WINDOWS\System32\ntdsbcli.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: odexl32.exe - Unknown owner - C:\WINDOWS\System32\odexl32.exe (file missing)
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: termsrv.exe - Unknown owner - C:\WINDOWS\System32\termsrv.exe (file missing)
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe


[ + quote]
Ich bin der Träumer
私が持っているあなたのすべて
jorahan
Suspended permanently
_ 		19. October 2006 @ 11:40 _ Link to this message    Send private message to this user   
-edited
[ + quote]
Ich bin der Träumer
私が持っているあなたのすべて

This message has been edited since posting. Last time this message was edited on 19. October 2006 @ 11:40
maca1
Senior Member
_ 		19. October 2006 @ 13:43 _ Link to this message    Send private message to this user   
Go back and follow the instructions.
[ + quote]
jorahan
Suspended permanently
_ 		23. October 2006 @ 05:46 _ Link to this message    Send private message to this user   
Thanks I did this, Here are all the reports:
--------------------------------------------------------------------------------

Panda:


Incident Status Location

Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt[.realmedia.com/]
Spyware:Cookie/fe.lea.lycos Not disinfected C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt[fe.lea.lycos.de/]
Spyware:Cookie/Apmebf Not disinfected C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt[.apmebf.com/]
Spyware:Cookie/Maxserving Not disinfected C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt[.maxserving.com/]
Spyware:Cookie/Hbmediapro Not disinfected C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt[.adopt.hbmediapro.com/]
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt[.go.com/]
Spyware:Cookie/Adserver Not disinfected C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt[adserver.filefront.com/]
Spyware:Cookie/Searchportal Not disinfected C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt[searchportal.information.com/]
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Admin\Cookies\admin@ad.sensismediasmart.com[1].txt
Spyware:Cookie/Hbmediapro Not disinfected C:\Documents and Settings\Admin\Cookies\admin@adopt.hbmediapro[2].txt
Spyware:Cookie/Advnt Not disinfected C:\Documents and Settings\Admin\Cookies\admin@www.advnt01[1].txt
Adware:Adware/DeluxeComunications Not disinfected C:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\7ZXSZOPQ\126[1].net
Spyware:Cookie/Hbmediapro Not disinfected C:\Documents and Settings\General\Cookies\general@adopt.hbmediapro[1].txt
Potentially unwanted tool:Application/MyWebSearch Not disinfected C:\Program Files\Mozilla Firefox\plugins\NPMyGlSh.dll
Adware:Adware/Maxifiles Not disinfected C:\WINDOWS\system32\5.exe
Virus:Trj/Downloader.KTZ Disinfected C:\WINDOWS\system32\dbmsrpcn.exe
Adware:Adware/SpySheriff Not disinfected C:\WINDOWS\system32\htui.exe
Adware:Adware/SpySheriff Not disinfected C:\WINDOWS\system32\inst.exe
Virus:Trj/Downloader.KTZ Disinfected C:\WINDOWS\system32\SNSL.exe

------------------------------------------------------------------


Hijak This:

Logfile of HijackThis v1.99.1
Scan saved at 3:40:54 PM, on 10/23/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Icons\Seticon.exe
C:\USBStorage\USBDetector.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\RunDll32.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Downloads\HijackThis_v1.99.1.exe

R3 - URLSearchHook: (no name) - {A8BD6820-6ED7-423E-9558-2D1486B0FEEA} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: ToolBar888 - {C004DEC2-2623-438e-9CA2-C9043AB28508} - C:\Program Files\Common Files\{300B7FE5-0693-1033-0102-040222050001}\MyToolBar.dll (file missing)
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: ToolBar888 - {C004DEC2-2623-438e-9CA2-C9043AB28508} - C:\Program Files\Common Files\{300B7FE5-0693-1033-0102-040222050001}\MyToolBar.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [SetIcon] C:\Program Files\Icons\Seticon.exe
O4 - HKLM\..\Run: [USBDetector] C:\USBStorage\USBDetector.exe
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [SW20] C:\WINDOWS\System32\sw20.exe
O4 - HKLM\..\Run: [SW24] C:\WINDOWS\System32\sw24.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [fdeploy] C:\WINDOWS\System32\fdeploy.exe
O4 - HKCU\..\Run: [rsfsaps] C:\WINDOWS\System32\rsfsaps.exe
O4 - HKCU\..\Run: [shmedia] C:\WINDOWS\System32\shmedia.exe
O4 - HKCU\..\Run: [msaatext] C:\WINDOWS\System32\msaatext.exe
O4 - HKCU\..\Run: [kbdgr1] C:\WINDOWS\System32\kbdgr1.exe
O4 - HKCU\..\Run: [dmcompos] C:\WINDOWS\System32\dmcompos.exe
O4 - HKCU\..\Run: [tapiui] C:\WINDOWS\System32\tapiui.exe
O4 - HKCU\..\Run: [cprocsvc] C:\WINDOWS\System32\crunner\cproc.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - AppInit_DLLs: dxclib303562752.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: CA ISafe (CAISafe) - Computer Associates International, Inc. - C:\WINDOWS\System32\ZoneLabs\isafe.exe
O23 - Service: dgrpsetu.exe - Unknown owner - C:\WINDOWS\System32\dgrpsetu.exe
O23 - Service: dpus11.exe - Unknown owner - C:\WINDOWS\System32\dpus11.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: msdtcuiu.exe - Unknown owner - C:\WINDOWS\System32\msdtcuiu.exe (file missing)
O23 - Service: ntdsbcli.exe - Unknown owner - C:\WINDOWS\System32\ntdsbcli.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: odexl32.exe - Unknown owner - C:\WINDOWS\System32\odexl32.exe (file missing)
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: termsrv.exe - Unknown owner - C:\WINDOWS\System32\termsrv.exe (file missing)
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

-------------------------------------------------------------------------



AVG:

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 7:09:46 AM 10/22/2006

+ Scan result:



C:\Program Files\DeluxeCommunications -> Adware.DeluxeCommunications : Cleaned.
HKLM\SOFTWARE\Classes\CLSID\{A8BD6820-6ED7-423E-9558-2D1486B0FEEA} -> Adware.DeluxeCommunications : Cleaned.
HKLM\SOFTWARE\DeluxeCommunications -> Adware.DeluxeCommunications : Cleaned.
HKLM\SOFTWARE\DeluxeCommunications\Internet Explorer -> Adware.DeluxeCommunications : Cleaned.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\DeluxeCommunications -> Adware.DeluxeCommunications : Cleaned.
HKU\S-1-5-21-507921405-117609710-1801674531-1006\Software\DeluxeCommunications -> Adware.DeluxeCommunications : Cleaned.
HKU\S-1-5-21-507921405-117609710-1801674531-1006\Software\DeluxeCommunications\Internet Explorer -> Adware.DeluxeCommunications : Cleaned.
HKU\S-1-5-21-507921405-117609710-1801674531-1006\Software\Microsoft\Windows\CurrentVersion\Run\\DeluxeCommunications -> Adware.DeluxeCommunications : Cleaned.
C:\System Volume Information\_restore{E4F15D0D-087F-4805-BEE5-EF35929FE5EF}\RP79\A0112043.exe -> Adware.SaveNow : Cleaned.
C:\System Volume Information\_restore{E4F15D0D-087F-4805-BEE5-EF35929FE5EF}\RP75\A0095305.dll -> Adware.Softomate : Cleaned.
C:\System Volume Information\_restore{E4F15D0D-087F-4805-BEE5-EF35929FE5EF}\RP75\A0095306.exe -> Adware.Softomate : Cleaned.
C:\System Volume Information\_restore{E4F15D0D-087F-4805-BEE5-EF35929FE5EF}\RP75\A0095307.dll -> Adware.Softomate : Cleaned.
C:\System Volume Information\_restore{E4F15D0D-087F-4805-BEE5-EF35929FE5EF}\RP75\A0096305.dll -> Adware.Softomate : Cleaned.
C:\System Volume Information\_restore{E4F15D0D-087F-4805-BEE5-EF35929FE5EF}\RP75\A0096306.exe -> Adware.Softomate : Cleaned.
C:\System Volume Information\_restore{E4F15D0D-087F-4805-BEE5-EF35929FE5EF}\RP75\A0096307.dll -> Adware.Softomate : Cleaned.
C:\System Volume Information\_restore{E4F15D0D-087F-4805-BEE5-EF35929FE5EF}\RP76\A0098360.dll -> Adware.Softomate : Cleaned.
C:\System Volume Information\_restore{E4F15D0D-087F-4805-BEE5-EF35929FE5EF}\RP76\A0098361.exe -> Adware.Softomate : Cleaned.
C:\System Volume Information\_restore{E4F15D0D-087F-4805-BEE5-EF35929FE5EF}\RP76\A0098362.dll -> Adware.Softomate : Cleaned.
C:\System Volume Information\_restore{E4F15D0D-087F-4805-BEE5-EF35929FE5EF}\RP77\A0106352.dll -> Adware.Softomate : Cleaned.
C:\System Volume Information\_restore{E4F15D0D-087F-4805-BEE5-EF35929FE5EF}\RP77\A0106353.exe -> Adware.Softomate : Cleaned.
C:\System Volume Information\_restore{E4F15D0D-087F-4805-BEE5-EF35929FE5EF}\RP77\A0106354.dll -> Adware.Softomate : Cleaned.
C:\System Volume Information\_restore{E4F15D0D-087F-4805-BEE5-EF35929FE5EF}\RP78\A0109902.dll -> Adware.Softomate : Cleaned.
C:\System Volume Information\_restore{E4F15D0D-087F-4805-BEE5-EF35929FE5EF}\RP78\A0109903.exe -> Adware.Softomate : Cleaned.
C:\System Volume Information\_restore{E4F15D0D-087F-4805-BEE5-EF35929FE5EF}\RP79\A0109944.dll -> Adware.Softomate : Cleaned.
C:\System Volume Information\_restore{E4F15D0D-087F-4805-BEE5-EF35929FE5EF}\RP79\A0109945.exe -> Adware.Softomate : Cleaned.
C:\System Volume Information\_restore{E4F15D0D-087F-4805-BEE5-EF35929FE5EF}\RP79\A0109946.dll -> Adware.Softomate : Cleaned.
C:\System Volume Information\_restore{E4F15D0D-087F-4805-BEE5-EF35929FE5EF}\RP79\A0111982.dll -> Adware.Softomate : Cleaned.
C:\System Volume Information\_restore{E4F15D0D-087F-4805-BEE5-EF35929FE5EF}\RP79\A0111983.dll -> Adware.Softomate : Cleaned.
C:\System Volume Information\_restore{E4F15D0D-087F-4805-BEE5-EF35929FE5EF}\RP79\A0111984.exe -> Adware.Softomate : Cleaned.
C:\System Volume Information\_restore{E4F15D0D-087F-4805-BEE5-EF35929FE5EF}\RP79\A0111966.exe -> Adware.SurfSide : Cleaned.
C:\System Volume Information\_restore{E4F15D0D-087F-4805-BEE5-EF35929FE5EF}\RP79\A0112976.dll -> Adware.SurfSide : Cleaned.
C:\System Volume Information\_restore{E4F15D0D-087F-4805-BEE5-EF35929FE5EF}\RP79\A0112977.dll -> Adware.SurfSide : Cleaned.
C:\System Volume Information\_restore{E4F15D0D-087F-4805-BEE5-EF35929FE5EF}\RP79\A0112978.exe -> Adware.SurfSide : Cleaned.
C:\System Volume Information\_restore{E4F15D0D-087F-4805-BEE5-EF35929FE5EF}\RP79\A0112979.dll -> Adware.SurfSide : Cleaned.
C:\Program Files\ICQToolbar\version.txt -> Adware.Systemdoctor : Cleaned.
C:\System Volume Information\_restore{E4F15D0D-087F-4805-BEE5-EF35929FE5EF}\RP78\A0107384.exe -> Adware.Trymedia : Cleaned.
C:\System Volume Information\_restore{E4F15D0D-087F-4805-BEE5-EF35929FE5EF}\RP79\A0112041.exe -> Backdoor.Small.ml : Cleaned.
C:\System Volume Information\_restore{E4F15D0D-087F-4805-BEE5-EF35929FE5EF}\RP79\A0112040.exe -> Downloader.Agent.acr : Cleaned.
C:\System Volume Information\_restore{E4F15D0D-087F-4805-BEE5-EF35929FE5EF}\RP79\A0112042.exe -> Downloader.Reqlook.h : Cleaned.
:mozilla.211:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.212:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.213:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.214:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.215:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.216:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.217:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.218:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.219:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.221:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.519:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.631:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Admin\Cookies\admin@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Admin\Cookies\admin@partygaming.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.337:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.39:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.40:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.41:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
C:\Documents and Settings\Admin\Cookies\admin@adbrite[1].txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.477:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.Addcontrol : Cleaned.
:mozilla.61:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.Adjuggler : Cleaned.
:mozilla.62:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.Adjuggler : Cleaned.
:mozilla.63:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.Adjuggler : Cleaned.
:mozilla.504:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.Admarketplace : Cleaned.
:mozilla.299:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.300:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.301:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.302:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.303:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.27:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.Adtech : Cleaned.
:mozilla.29:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.Adtech : Cleaned.
C:\Documents and Settings\Admin\Cookies\admin@www.adtrak[2].txt -> TrackingCookie.Adtrak : Cleaned.
:mozilla.100:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.98:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.99:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.26:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
:mozilla.308:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.Bluestreak : Cleaned.
C:\Documents and Settings\Admin\Cookies\admin@bluestreak[1].txt -> TrackingCookie.Bluestreak : Cleaned.
:mozilla.159:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.163:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.164:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.158:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.160:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.161:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.162:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.165:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.166:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.195:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.Com : Cleaned.
:mozilla.196:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.Com : Cleaned.
:mozilla.197:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.Com : Cleaned.
:mozilla.198:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.Com : Cleaned.
:mozilla.199:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.Com : Cleaned.
:mozilla.200:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.Com : Cleaned.
:mozilla.201:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.Com : Cleaned.
:mozilla.202:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.Com : Cleaned.
:mozilla.203:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.Com : Cleaned.
:mozilla.528:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.Cpvfeed : Cleaned.
:mozilla.529:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.Cpvfeed : Cleaned.
:mozilla.530:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.Cpvfeed : Cleaned.
:mozilla.531:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.Cpvfeed : Cleaned.
:mozilla.25:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.459:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.460:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.461:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.462:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.463:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
C:\Documents and Settings\Admin\Cookies\admin@adopt.euroclick[2].txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.434:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.435:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.436:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.437:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.438:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.75:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.76:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.77:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.78:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.79:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.43:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.44:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.45:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.46:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.47:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.48:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.49:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.153:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.154:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.155:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.156:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.227:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.228:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.290:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.291:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.429:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.317:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.Hitslink : Cleaned.
:mozilla.561:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.Hotlog : Cleaned.
:mozilla.253:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.Ivwbox : Cleaned.
C:\Documents and Settings\Admin\Cookies\admin@ivwbox[1].txt -> TrackingCookie.Ivwbox : Cleaned.
:mozilla.32:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.Myaffiliateprogram : Cleaned.
:mozilla.33:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.Myaffiliateprogram : Cleaned.
:mozilla.381:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.Onestat : Cleaned.
:mozilla.382:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.Onestat : Cleaned.
:mozilla.383:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.Onestat : Cleaned.
:mozilla.286:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.428:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
C:\Documents and Settings\Admin\Cookies\admin@ads.planetactive[1].txt -> TrackingCookie.Planetactive : Cleaned.
:mozilla.509:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.510:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.511:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.512:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.629:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.Qksrv : Cleaned.
:mozilla.630:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.Qksrv : Cleaned.
:mozilla.58:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.59:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.60:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.750:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.Realtracker : Cleaned.
:mozilla.737:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.738:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.739:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.740:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.635:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.Revenue : Cleaned.
:mozilla.540:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.541:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.493:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.494:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.495:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.496:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.497:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
C:\Documents and Settings\Admin\Cookies\admin@bs.serving-sys[1].txt -> TrackingCookie.Serving-sys : Cleaned.
C:\Documents and Settings\Admin\Cookies\admin@serving-sys[2].txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.12:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.13:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.14:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.15:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.16:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.17:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.18:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.19:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.20:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.21:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.22:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.23:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.24:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.240:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.244:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.245:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.246:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.345:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.132:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.Targetnet : Cleaned.
:mozilla.136:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.Targetnet : Cleaned.
:mozilla.137:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.Targetnet : Cleaned.
:mozilla.138:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.Targetnet : Cleaned.
:mozilla.140:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.Targetnet : Cleaned.
:mozilla.313:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned.
:mozilla.314:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned.
:mozilla.42:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.292:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.Valueclick : Cleaned.
:mozilla.406:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned.
:mozilla.693:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.Yadro : Cleaned.
:mozilla.694:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.Yadro : Cleaned.
C:\Documents and Settings\Admin\Cookies\admin@yadro[1].txt -> TrackingCookie.Yadro : Cleaned.
:mozilla.102:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.103:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.104:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.105:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.106:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.107:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.108:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.109:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
C:\Documents and Settings\Admin\Cookies\admin@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.695:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.696:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.697:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.


::Report end

--------------------------------------------------------------------


thanks!


[ + quote]
Ich bin der Träumer
私が持っているあなたのすべて
jorahan
Suspended permanently
_ 		23. October 2006 @ 05:46 _ Link to this message    Send private message to this user   
Here are all the reports:
--------------------------------------------------------------------------------

Panda:


Incident Status Location

Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt[.realmedia.com/]
Spyware:Cookie/fe.lea.lycos Not disinfected C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt[fe.lea.lycos.de/]
Spyware:Cookie/Apmebf Not disinfected C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt[.apmebf.com/]
Spyware:Cookie/Maxserving Not disinfected C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt[.maxserving.com/]
Spyware:Cookie/Hbmediapro Not disinfected C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt[.adopt.hbmediapro.com/]
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt[.go.com/]
Spyware:Cookie/Adserver Not disinfected C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt[adserver.filefront.com/]
Spyware:Cookie/Searchportal Not disinfected C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt[searchportal.information.com/]
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Admin\Cookies\admin@ad.sensismediasmart.com[1].txt
Spyware:Cookie/Hbmediapro Not disinfected C:\Documents and Settings\Admin\Cookies\admin@adopt.hbmediapro[2].txt
Spyware:Cookie/Advnt Not disinfected C:\Documents and Settings\Admin\Cookies\admin@www.advnt01[1].txt
Adware:Adware/DeluxeComunications Not disinfected C:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\7ZXSZOPQ\126[1].net
Spyware:Cookie/Hbmediapro Not disinfected C:\Documents and Settings\General\Cookies\general@adopt.hbmediapro[1].txt
Potentially unwanted tool:Application/MyWebSearch Not disinfected C:\Program Files\Mozilla Firefox\plugins\NPMyGlSh.dll
Adware:Adware/Maxifiles Not disinfected C:\WINDOWS\system32\5.exe
Virus:Trj/Downloader.KTZ Disinfected C:\WINDOWS\system32\dbmsrpcn.exe
Adware:Adware/SpySheriff Not disinfected C:\WINDOWS\system32\htui.exe
Adware:Adware/SpySheriff Not disinfected C:\WINDOWS\system32\inst.exe
Virus:Trj/Downloader.KTZ Disinfected C:\WINDOWS\system32\SNSL.exe

------------------------------------------------------------------


Hijak This:

Logfile of HijackThis v1.99.1
Scan saved at 3:40:54 PM, on 10/23/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Icons\Seticon.exe
C:\USBStorage\USBDetector.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\RunDll32.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Downloads\HijackThis_v1.99.1.exe

R3 - URLSearchHook: (no name) - {A8BD6820-6ED7-423E-9558-2D1486B0FEEA} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: ToolBar888 - {C004DEC2-2623-438e-9CA2-C9043AB28508} - C:\Program Files\Common Files\{300B7FE5-0693-1033-0102-040222050001}\MyToolBar.dll (file missing)
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: ToolBar888 - {C004DEC2-2623-438e-9CA2-C9043AB28508} - C:\Program Files\Common Files\{300B7FE5-0693-1033-0102-040222050001}\MyToolBar.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [SetIcon] C:\Program Files\Icons\Seticon.exe
O4 - HKLM\..\Run: [USBDetector] C:\USBStorage\USBDetector.exe
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [SW20] C:\WINDOWS\System32\sw20.exe
O4 - HKLM\..\Run: [SW24] C:\WINDOWS\System32\sw24.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [fdeploy] C:\WINDOWS\System32\fdeploy.exe
O4 - HKCU\..\Run: [rsfsaps] C:\WINDOWS\System32\rsfsaps.exe
O4 - HKCU\..\Run: [shmedia] C:\WINDOWS\System32\shmedia.exe
O4 - HKCU\..\Run: [msaatext] C:\WINDOWS\System32\msaatext.exe
O4 - HKCU\..\Run: [kbdgr1] C:\WINDOWS\System32\kbdgr1.exe
O4 - HKCU\..\Run: [dmcompos] C:\WINDOWS\System32\dmcompos.exe
O4 - HKCU\..\Run: [tapiui] C:\WINDOWS\System32\tapiui.exe
O4 - HKCU\..\Run: [cprocsvc] C:\WINDOWS\System32\crunner\cproc.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - AppInit_DLLs: dxclib303562752.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: CA ISafe (CAISafe) - Computer Associates International, Inc. - C:\WINDOWS\System32\ZoneLabs\isafe.exe
O23 - Service: dgrpsetu.exe - Unknown owner - C:\WINDOWS\System32\dgrpsetu.exe
O23 - Service: dpus11.exe - Unknown owner - C:\WINDOWS\System32\dpus11.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: msdtcuiu.exe - Unknown owner - C:\WINDOWS\System32\msdtcuiu.exe (file missing)
O23 - Service: ntdsbcli.exe - Unknown owner - C:\WINDOWS\System32\ntdsbcli.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: odexl32.exe - Unknown owner - C:\WINDOWS\System32\odexl32.exe (file missing)
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: termsrv.exe - Unknown owner - C:\WINDOWS\System32\termsrv.exe (file missing)
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

-------------------------------------------------------------------------



AVG:

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 7:09:46 AM 10/22/2006

+ Scan result:



C:\Program Files\DeluxeCommunications -> Adware.DeluxeCommunications : Cleaned.
HKLM\SOFTWARE\Classes\CLSID\{A8BD6820-6ED7-423E-9558-2D1486B0FEEA} -> Adware.DeluxeCommunications : Cleaned.
HKLM\SOFTWARE\DeluxeCommunications -> Adware.DeluxeCommunications : Cleaned.
HKLM\SOFTWARE\DeluxeCommunications\Internet Explorer -> Adware.DeluxeCommunications : Cleaned.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\DeluxeCommunications -> Adware.DeluxeCommunications : Cleaned.
HKU\S-1-5-21-507921405-117609710-1801674531-1006\Software\DeluxeCommunications -> Adware.DeluxeCommunications : Cleaned.
HKU\S-1-5-21-507921405-117609710-1801674531-1006\Software\DeluxeCommunications\Internet Explorer -> Adware.DeluxeCommunications : Cleaned.
HKU\S-1-5-21-507921405-117609710-1801674531-1006\Software\Microsoft\Windows\CurrentVersion\Run\\DeluxeCommunications -> Adware.DeluxeCommunications : Cleaned.
C:\System Volume Information\_restore{E4F15D0D-087F-4805-BEE5-EF35929FE5EF}\RP79\A0112043.exe -> Adware.SaveNow : Cleaned.
C:\System Volume Information\_restore{E4F15D0D-087F-4805-BEE5-EF35929FE5EF}\RP75\A0095305.dll -> Adware.Softomate : Cleaned.
C:\System Volume Information\_restore{E4F15D0D-087F-4805-BEE5-EF35929FE5EF}\RP75\A0095306.exe -> Adware.Softomate : Cleaned.
C:\System Volume Information\_restore{E4F15D0D-087F-4805-BEE5-EF35929FE5EF}\RP75\A0095307.dll -> Adware.Softomate : Cleaned.
C:\System Volume Information\_restore{E4F15D0D-087F-4805-BEE5-EF35929FE5EF}\RP75\A0096305.dll -> Adware.Softomate : Cleaned.
C:\System Volume Information\_restore{E4F15D0D-087F-4805-BEE5-EF35929FE5EF}\RP75\A0096306.exe -> Adware.Softomate : Cleaned.
C:\System Volume Information\_restore{E4F15D0D-087F-4805-BEE5-EF35929FE5EF}\RP75\A0096307.dll -> Adware.Softomate : Cleaned.
C:\System Volume Information\_restore{E4F15D0D-087F-4805-BEE5-EF35929FE5EF}\RP76\A0098360.dll -> Adware.Softomate : Cleaned.
C:\System Volume Information\_restore{E4F15D0D-087F-4805-BEE5-EF35929FE5EF}\RP76\A0098361.exe -> Adware.Softomate : Cleaned.
C:\System Volume Information\_restore{E4F15D0D-087F-4805-BEE5-EF35929FE5EF}\RP76\A0098362.dll -> Adware.Softomate : Cleaned.
C:\System Volume Information\_restore{E4F15D0D-087F-4805-BEE5-EF35929FE5EF}\RP77\A0106352.dll -> Adware.Softomate : Cleaned.
C:\System Volume Information\_restore{E4F15D0D-087F-4805-BEE5-EF35929FE5EF}\RP77\A0106353.exe -> Adware.Softomate : Cleaned.
C:\System Volume Information\_restore{E4F15D0D-087F-4805-BEE5-EF35929FE5EF}\RP77\A0106354.dll -> Adware.Softomate : Cleaned.
C:\System Volume Information\_restore{E4F15D0D-087F-4805-BEE5-EF35929FE5EF}\RP78\A0109902.dll -> Adware.Softomate : Cleaned.
C:\System Volume Information\_restore{E4F15D0D-087F-4805-BEE5-EF35929FE5EF}\RP78\A0109903.exe -> Adware.Softomate : Cleaned.
C:\System Volume Information\_restore{E4F15D0D-087F-4805-BEE5-EF35929FE5EF}\RP79\A0109944.dll -> Adware.Softomate : Cleaned.
C:\System Volume Information\_restore{E4F15D0D-087F-4805-BEE5-EF35929FE5EF}\RP79\A0109945.exe -> Adware.Softomate : Cleaned.
C:\System Volume Information\_restore{E4F15D0D-087F-4805-BEE5-EF35929FE5EF}\RP79\A0109946.dll -> Adware.Softomate : Cleaned.
C:\System Volume Information\_restore{E4F15D0D-087F-4805-BEE5-EF35929FE5EF}\RP79\A0111982.dll -> Adware.Softomate : Cleaned.
C:\System Volume Information\_restore{E4F15D0D-087F-4805-BEE5-EF35929FE5EF}\RP79\A0111983.dll -> Adware.Softomate : Cleaned.
C:\System Volume Information\_restore{E4F15D0D-087F-4805-BEE5-EF35929FE5EF}\RP79\A0111984.exe -> Adware.Softomate : Cleaned.
C:\System Volume Information\_restore{E4F15D0D-087F-4805-BEE5-EF35929FE5EF}\RP79\A0111966.exe -> Adware.SurfSide : Cleaned.
C:\System Volume Information\_restore{E4F15D0D-087F-4805-BEE5-EF35929FE5EF}\RP79\A0112976.dll -> Adware.SurfSide : Cleaned.
C:\System Volume Information\_restore{E4F15D0D-087F-4805-BEE5-EF35929FE5EF}\RP79\A0112977.dll -> Adware.SurfSide : Cleaned.
C:\System Volume Information\_restore{E4F15D0D-087F-4805-BEE5-EF35929FE5EF}\RP79\A0112978.exe -> Adware.SurfSide : Cleaned.
C:\System Volume Information\_restore{E4F15D0D-087F-4805-BEE5-EF35929FE5EF}\RP79\A0112979.dll -> Adware.SurfSide : Cleaned.
C:\Program Files\ICQToolbar\version.txt -> Adware.Systemdoctor : Cleaned.
C:\System Volume Information\_restore{E4F15D0D-087F-4805-BEE5-EF35929FE5EF}\RP78\A0107384.exe -> Adware.Trymedia : Cleaned.
C:\System Volume Information\_restore{E4F15D0D-087F-4805-BEE5-EF35929FE5EF}\RP79\A0112041.exe -> Backdoor.Small.ml : Cleaned.
C:\System Volume Information\_restore{E4F15D0D-087F-4805-BEE5-EF35929FE5EF}\RP79\A0112040.exe -> Downloader.Agent.acr : Cleaned.
C:\System Volume Information\_restore{E4F15D0D-087F-4805-BEE5-EF35929FE5EF}\RP79\A0112042.exe -> Downloader.Reqlook.h : Cleaned.
:mozilla.211:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.212:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.213:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.214:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.215:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.216:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.217:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.218:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.219:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.221:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.519:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.631:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Admin\Cookies\admin@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Admin\Cookies\admin@partygaming.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.337:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.39:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.40:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.41:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
C:\Documents and Settings\Admin\Cookies\admin@adbrite[1].txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.477:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.Addcontrol : Cleaned.
:mozilla.61:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.Adjuggler : Cleaned.
:mozilla.62:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.Adjuggler : Cleaned.
:mozilla.63:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.Adjuggler : Cleaned.
:mozilla.504:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.Admarketplace : Cleaned.
:mozilla.299:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.300:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.301:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.302:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.303:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.27:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.Adtech : Cleaned.
:mozilla.29:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.Adtech : Cleaned.
C:\Documents and Settings\Admin\Cookies\admin@www.adtrak[2].txt -> TrackingCookie.Adtrak : Cleaned.
:mozilla.100:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.98:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.99:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.26:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
:mozilla.308:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.Bluestreak : Cleaned.
C:\Documents and Settings\Admin\Cookies\admin@bluestreak[1].txt -> TrackingCookie.Bluestreak : Cleaned.
:mozilla.159:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.163:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.164:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.158:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.160:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.161:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.162:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.165:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.166:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.195:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.Com : Cleaned.
:mozilla.196:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.Com : Cleaned.
:mozilla.197:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.Com : Cleaned.
:mozilla.198:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.Com : Cleaned.
:mozilla.199:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.Com : Cleaned.
:mozilla.200:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.Com : Cleaned.
:mozilla.201:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.Com : Cleaned.
:mozilla.202:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.Com : Cleaned.
:mozilla.203:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.Com : Cleaned.
:mozilla.528:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.Cpvfeed : Cleaned.
:mozilla.529:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.Cpvfeed : Cleaned.
:mozilla.530:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.Cpvfeed : Cleaned.
:mozilla.531:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.Cpvfeed : Cleaned.
:mozilla.25:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.459:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.460:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.461:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.462:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.463:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
C:\Documents and Settings\Admin\Cookies\admin@adopt.euroclick[2].txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.434:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.435:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.436:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.437:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.438:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.75:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.76:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.77:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.78:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.79:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.43:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.44:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.45:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.46:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.47:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.48:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.49:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.153:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.154:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.155:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.156:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.227:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.228:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.290:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.291:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.429:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.317:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.Hitslink : Cleaned.
:mozilla.561:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.Hotlog : Cleaned.
:mozilla.253:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.Ivwbox : Cleaned.
C:\Documents and Settings\Admin\Cookies\admin@ivwbox[1].txt -> TrackingCookie.Ivwbox : Cleaned.
:mozilla.32:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.Myaffiliateprogram : Cleaned.
:mozilla.33:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.Myaffiliateprogram : Cleaned.
:mozilla.381:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.Onestat : Cleaned.
:mozilla.382:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.Onestat : Cleaned.
:mozilla.383:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.Onestat : Cleaned.
:mozilla.286:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.428:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
C:\Documents and Settings\Admin\Cookies\admin@ads.planetactive[1].txt -> TrackingCookie.Planetactive : Cleaned.
:mozilla.509:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.510:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.511:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.512:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.629:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.Qksrv : Cleaned.
:mozilla.630:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.Qksrv : Cleaned.
:mozilla.58:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.59:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.60:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.750:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.Realtracker : Cleaned.
:mozilla.737:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.738:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.739:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.740:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.635:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.Revenue : Cleaned.
:mozilla.540:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.541:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.493:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.494:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.495:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.496:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.497:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
C:\Documents and Settings\Admin\Cookies\admin@bs.serving-sys[1].txt -> TrackingCookie.Serving-sys : Cleaned.
C:\Documents and Settings\Admin\Cookies\admin@serving-sys[2].txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.12:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.13:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.14:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.15:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.16:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.17:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.18:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.19:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.20:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.21:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.22:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.23:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.24:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.240:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.244:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.245:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.246:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.345:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.132:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.Targetnet : Cleaned.
:mozilla.136:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.Targetnet : Cleaned.
:mozilla.137:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.Targetnet : Cleaned.
:mozilla.138:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.Targetnet : Cleaned.
:mozilla.140:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.Targetnet : Cleaned.
:mozilla.313:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned.
:mozilla.314:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned.
:mozilla.42:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.292:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.Valueclick : Cleaned.
:mozilla.406:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned.
:mozilla.693:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.Yadro : Cleaned.
:mozilla.694:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.Yadro : Cleaned.
C:\Documents and Settings\Admin\Cookies\admin@yadro[1].txt -> TrackingCookie.Yadro : Cleaned.
:mozilla.102:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.103:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.104:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.105:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.106:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.107:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.108:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.109:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
C:\Documents and Settings\Admin\Cookies\admin@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.695:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.696:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.697:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.


::Report end

--------------------------------------------------------------------


thanks!


[ + quote]
Ich bin der Träumer
私が持っているあなたのすべて
jorahan
Suspended permanently
_ 		23. October 2006 @ 22:50 _ Link to this message    Send private message to this user   
Anyone?
[ + quote]
Ich bin der Träumer
私が持っているあなたのすべて
jorahan
Suspended permanently
_ 		25. October 2006 @ 16:15 _ Link to this message    Send private message to this user   
maca1? anyone?
[ + quote]
Ich bin der Träumer
私が持っているあなたのすべて
Niobis
Senior Member
_ 		25. October 2006 @ 21:42 _ Link to this message    Send private message to this user   
Hey jorahan, maca1 seems to be away for a few days, as you can see. :) Let's see if we can finish and get you cleaned up.

It is recommended you uninstall the MyWebSearch plugin for Firefox. Did you install it?

Turn off System Restore.
Right click My Computer > Properties > System Restore tab > check "Turn off System Restore".
Click Apply the OK.

Show hidden files and folders.
Control Panel > Folder Options > View tab > check "Show hidden files and folders".

Restart in safe mode and delete these files(if found):
C:\WINDOWS\system32\5.exe
C:\WINDOWS\system32\htui.exe
C:\WINDOWS\system32\inst.exe

Restart in normal mode.

Download SmitfraudFix.zip to the desktop from here
* Extract the files to the desktop.
* Open the newly created folder SmitfaudFix.
* Double-click smitfraudfix.cmd
* Select 1 and hit Enter to create a report of the infected files. The report can be found at the root of the system drive, usually at C:\rapport.txt.

Post back with the contents of rapport.txt and a new HijackThis log.

[ + quote]
Don't be fooled any longer.
http://www.youtube.com/watch?v=BUtbGYgsIu4&feature=related
jorahan
Suspended permanently
_ 		26. October 2006 @ 00:54 _ Link to this message    Send private message to this user   
OK, I deleted them via Command prompt. They were all there, But i deleted them.

SmitFraudFix v2.113

Scan done at 10:51:45.42, Thu 10/26/2006
Run from C:\Downloads\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
Fix run in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Admin


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Admin\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Start Menu


»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\Admin\FAVORI~1


»»»»»»»»»»»»»»»»»»»»»»»» Desktop


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files


»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys


»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"


»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="dxclib303562752.dll"


»»»»»»»»»»»»»»»»»»»»»»»» pe386-msguard-lzx32


»»»»»»»»»»»»»»»»»»»»»»»» Scanning wininet.dll infection


»»»»»»»»»»»»»»»»»»»»»»»» End






HJT:
Logfile of HijackThis v1.99.1
Scan saved at 10:53:58 AM, on 10/26/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Icons\Seticon.exe
C:\USBStorage\USBDetector.exe
C:\WINDOWS\System32\RunDll32.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Downloads\HijackThis_v1.99.1.exe

R3 - URLSearchHook: (no name) - {A8BD6820-6ED7-423E-9558-2D1486B0FEEA} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: ToolBar888 - {C004DEC2-2623-438e-9CA2-C9043AB28508} - C:\Program Files\Common Files\{300B7FE5-0693-1033-0102-040222050001}\MyToolBar.dll (file missing)
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: ToolBar888 - {C004DEC2-2623-438e-9CA2-C9043AB28508} - C:\Program Files\Common Files\{300B7FE5-0693-1033-0102-040222050001}\MyToolBar.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [SetIcon] C:\Program Files\Icons\Seticon.exe
O4 - HKLM\..\Run: [USBDetector] C:\USBStorage\USBDetector.exe
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [SW20] C:\WINDOWS\System32\sw20.exe
O4 - HKLM\..\Run: [SW24] C:\WINDOWS\System32\sw24.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime Alternative\qttask.exe" -atboottime
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [fdeploy] C:\WINDOWS\System32\fdeploy.exe
O4 - HKCU\..\Run: [cprocsvc] C:\WINDOWS\System32\crunner\cproc.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - AppInit_DLLs: dxclib303562752.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: CA ISafe (CAISafe) - Computer Associates International, Inc. - C:\WINDOWS\System32\ZoneLabs\isafe.exe
O23 - Service: dgrpsetu.exe - Unknown owner - C:\WINDOWS\System32\dgrpsetu.exe
O23 - Service: dpus11.exe - Unknown owner - C:\WINDOWS\System32\dpus11.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: msdtcuiu.exe - Unknown owner - C:\WINDOWS\System32\msdtcuiu.exe (file missing)
O23 - Service: ntdsbcli.exe - Unknown owner - C:\WINDOWS\System32\ntdsbcli.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: odexl32.exe - Unknown owner - C:\WINDOWS\System32\odexl32.exe (file missing)
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: termsrv.exe - Unknown owner - C:\WINDOWS\System32\termsrv.exe (file missing)
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe


[ + quote]
Ich bin der Träumer
私が持っているあなたのすべて
Niobis
Senior Member
_ 		26. October 2006 @ 02:20 _ Link to this message    Send private message to this user   
Run a scan only with HijackThis, check these:

R3 - URLSearchHook: (no name) - {A8BD6820-6ED7-423E-9558-2D1486B0FEEA} - (no file)
O2 - BHO: ToolBar888 - {C004DEC2-2623-438e-9CA2-C9043AB28508} - C:\Program Files\Common Files\{300B7FE5-0693-1033-0102-040222050001}\MyToolBar.dll (file missing)
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O3 - Toolbar: ToolBar888 - {C004DEC2-2623-438e-9CA2-C9043AB28508} - C:\Program Files\Common Files\{300B7FE5-0693-1033-0102-040222050001}\MyToolBar.dll (file missing)
O4 - HKCU\..\Run: [fdeploy] C:\WINDOWS\System32\fdeploy.exe
O4 - HKCU\..\Run: [cprocsvc] C:\WINDOWS\System32\crunner\cproc.exe
O20 - AppInit_DLLs: dxclib303562752.dll

Close all windows except HijackThis then click "Fix checked".
Close HijackThis.

Go to Start > Run > type services.msc > click OK.
Find each of the following and double click each to open.
Beside Startup type click the drop down menu and select Disabled.

dgrpsetu.exe
dpus11.exe
msdtcuiu.exe
ntdsbcli.exe
odexl32.exe
termsrv.exe

Close Services.

Open HijackThis.
Click "Open the misc tools section".
Click "Delete an NT service".
Copy/paste each of the following into the area and click OK after each one. You will be prompted to restart after each one. Do so after the last one and restart in safe mode.

O23 - Service: dgrpsetu.exe - Unknown owner - C:\WINDOWS\System32\dgrpsetu.exe
O23 - Service: dpus11.exe - Unknown owner - C:\WINDOWS\System32\dpus11.exe (file missing)
O23 - Service: msdtcuiu.exe - Unknown owner - C:\WINDOWS\System32\msdtcuiu.exe (file missing)
O23 - Service: ntdsbcli.exe - Unknown owner - C:\WINDOWS\System32\ntdsbcli.exe (file missing)
O23 - Service: odexl32.exe - Unknown owner - C:\WINDOWS\System32\odexl32.exe (file missing)
O23 - Service: termsrv.exe - Unknown owner - C:\WINDOWS\System32\termsrv.exe (file missing)

In safe mode:

Show hidden files and folders.
Control Panel > Folder Options > View tab > check "Show hidden files and folders".

Find and delete each of the following.
C:\WINDOWS\System32\dgrpsetu.exe <--file
C:\WINDOWS\System32\dxclib303562752.dll <--file
C:\WINDOWS\System32\fdeploy.exe <--file
C:\WINDOWS\System32\crunner <--folder(may not be there)

Restart in normal mode and post a new HijackThis log.
[ + quote]
Don't be fooled any longer.
http://www.youtube.com/watch?v=BUtbGYgsIu4&feature=related

This message has been edited since posting. Last time this message was edited on 26. October 2006 @ 02:24
jorahan
Suspended permanently
_ 		26. October 2006 @ 09:55 _ Link to this message    Send private message to this user   
Quote:
Open HijackThis.
Click "Open the misc tools section".
Click "Delete an NT service".
Copy/paste each of the following into the area and click OK after each one. You will be prompted to restart after each one. Do so after the last one and restart in safe mode.

O23 - Service: dgrpsetu.exe - Unknown owner - C:\WINDOWS\System32\dgrpsetu.exe
O23 - Service: dpus11.exe - Unknown owner - C:\WINDOWS\System32\dpus11.exe (file missing)
O23 - Service: msdtcuiu.exe - Unknown owner - C:\WINDOWS\System32\msdtcuiu.exe (file missing)
O23 - Service: ntdsbcli.exe - Unknown owner - C:\WINDOWS\System32\ntdsbcli.exe (file missing)
O23 - Service: odexl32.exe - Unknown owner - C:\WINDOWS\System32\odexl32.exe (file missing)
O23 - Service: termsrv.exe - Unknown owner - C:\WINDOWS\System32\termsrv.exe (file missing)
None of these found



Quote:
C:\WINDOWS\System32\dxclib303562752.dll <--file
C:\WINDOWS\System32\fdeploy.exe <--file
C:\WINDOWS\System32\crunner <--folder(may not be there)

none of these found





NEW HJT:

Logfile of HijackThis v1.99.1
Scan saved at 8:01:00 PM, on 10/26/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Icons\Seticon.exe
C:\USBStorage\USBDetector.exe
C:\WINDOWS\System32\RunDll32.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\Program Files\Winamp\winampa.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\WINDOWS\System32\ZoneLabs\isafe.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\svchost.exe
C:\Downloads\HijackThis_v1.99.1.exe
C:\Program Files\Mozilla Firefox\firefox.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: (no name) - {C004DEC2-2623-438e-9CA2-C9043AB28508} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [SetIcon] C:\Program Files\Icons\Seticon.exe
O4 - HKLM\..\Run: [USBDetector] C:\USBStorage\USBDetector.exe
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [SW20] C:\WINDOWS\System32\sw20.exe
O4 - HKLM\..\Run: [SW24] C:\WINDOWS\System32\sw24.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime Alternative\qttask.exe" -atboottime
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: CA ISafe (CAISafe) - Computer Associates International, Inc. - C:\WINDOWS\System32\ZoneLabs\isafe.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe


[ + quote]
Ich bin der Träumer
私が持っているあなたのすべて

This message has been edited since posting. Last time this message was edited on 26. October 2006 @ 10:03
Niobis
Senior Member
_ 		26. October 2006 @ 11:35 _ Link to this message    Send private message to this user   
What you mean the services were not found with HjT? They're gone none the less. :)

Fix this with HjT.
O3 - Toolbar: (no name) - {C004DEC2-2623-438e-9CA2-C9043AB28508} - (no file)

Log will be clean after that, but I'd suggest you run one more online scan just to be safe.

Go here and run Kaspersky Online Scanner.
Accept the terms.
After downloading, click "My Computer".
After scanning, click "Save report as".
Save as a text file and post it here.
[ + quote]
Don't be fooled any longer.
http://www.youtube.com/watch?v=BUtbGYgsIu4&feature=related
NicHt
Member
_ 		26. October 2006 @ 16:07 _ Link to this message    Send private message to this user   
Err. I had the same exact problem and I did all the steps, here are my scan results:

KASPERSKY ONLINE SCANNER REPORT
Friday, October 27, 2006 1:51:50 AM
Operating System: Microsoft Windows XP Professional, Service Pack 1 (Build 2600)
Kaspersky Online Scanner version: 5.0.83.0
Kaspersky Anti-Virus database last update: 26/10/2006
Kaspersky Anti-Virus database records: 221808
Scan Settings
Scan using the following antivirus database standard
Scan Archives true
Scan Mail Bases true
Scan Target My Computer
A:\
C:\
D:\
F:\
Scan Statistics
Total number of scanned objects 82920
Number of viruses found 3
Number of infected objects 27 / 0
Number of suspicious objects 0
Duration of the scan process 01:40:40

Infected Object Name Virus Name Last Action
C:\Documents and Settings\Admin\7.exe Infected: Trojan-Downloader.Win32.Reqlook.n skipped
C:\Documents and Settings\Admin\AFME.exe Infected: Trojan-Downloader.Win32.Adload.gu skipped
C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\cert8.db Object is locked skipped
C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\formhistory.dat Object is locked skipped
C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\history.dat Object is locked skipped
C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\key3.db Object is locked skipped
C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\parent.lock Object is locked skipped
C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\search.sqlite Object is locked skipped
C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\urlclassifier2.sqlite Object is locked skipped
C:\Documents and Settings\Admin\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Admin\CUAR.exe Infected: Trojan-Downloader.Win32.Adload.gu skipped
C:\Documents and Settings\Admin\DFAC.exe Infected: Trojan-Downloader.Win32.Adload.gu skipped
C:\Documents and Settings\Admin\EBKS.exe Infected: Trojan-Downloader.Win32.Adload.gu skipped
C:\Documents and Settings\Admin\EGRS.exe Infected: Trojan-Downloader.Win32.Adload.gu skipped
C:\Documents and Settings\Admin\HPMD.exe Infected: Trojan-Downloader.Win32.Adload.gu skipped
C:\Documents and Settings\Admin\IEJF.exe Infected: Trojan-Downloader.Win32.Adload.gu skipped
C:\Documents and Settings\Admin\IKGB.exe Infected: Trojan-Downloader.Win32.Adload.gu skipped
C:\Documents and Settings\Admin\Local Settings\Application Data\Microsoft\Messenger\x09vernp@hotmail.com\SharingMetadata\Logs\Dfsr.log Object is locked skipped
C:\Documents and Settings\Admin\Local Settings\Application Data\Microsoft\Messenger\x09vernp@hotmail.com\SharingMetadata\pending.dat Object is locked skipped
C:\Documents and Settings\Admin\Local Settings\Application Data\Microsoft\Messenger\x09vernp@hotmail.com\SharingMetadata\Working\database_AC0_B8F_C00B_7FE5\dfsr.db Object is locked skipped
C:\Documents and Settings\Admin\Local Settings\Application Data\Microsoft\Messenger\x09vernp@hotmail.com\SharingMetadata\Working\database_AC0_B8F_C00B_7FE5\fsr.log Object is locked skipped
C:\Documents and Settings\Admin\Local Settings\Application Data\Microsoft\Messenger\x09vernp@hotmail.com\SharingMetadata\Working\database_AC0_B8F_C00B_7FE5\tmp.edb Object is locked skipped
C:\Documents and Settings\Admin\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Admin\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Admin\Local Settings\Application Data\Microsoft\Windows Live Contacts\x09vernp@hotmail.com\real\members.stg Object is locked skipped
C:\Documents and Settings\Admin\Local Settings\Application Data\Microsoft\Windows Live Contacts\x09vernp@hotmail.com\shadow\members.stg Object is locked skipped
C:\Documents and Settings\Admin\Local Settings\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\Cache\_CACHE_001_ Object is locked skipped
C:\Documents and Settings\Admin\Local Settings\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\Cache\_CACHE_002_ Object is locked skipped
C:\Documents and Settings\Admin\Local Settings\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\Cache\_CACHE_003_ Object is locked skipped
C:\Documents and Settings\Admin\Local Settings\Application Data\Mozilla\Firefox\Profiles\l9ysj3j4.default\Cache\_CACHE_MAP_ Object is locked skipped
C:\Documents and Settings\Admin\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Admin\Local Settings\History\History.IE5\MSHist012006102620061027\index.dat Object is locked skipped
C:\Documents and Settings\Admin\Local Settings\Temp\~DF1A3.tmp Object is locked skipped
C:\Documents and Settings\Admin\Local Settings\Temp\~DF6509.tmp Object is locked skipped
C:\Documents and Settings\Admin\Local Settings\Temp\~DF6518.tmp Object is locked skipped
C:\Documents and Settings\Admin\Local Settings\Temp\~DF8BCD.tmp Object is locked skipped
C:\Documents and Settings\Admin\Local Settings\Temp\~DF8C27.tmp Object is locked skipped
C:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Admin\MAPF.exe Infected: Trojan-Downloader.Win32.Adload.gu skipped
C:\Documents and Settings\Admin\MFOK.exe Infected: Trojan-Downloader.Win32.Adload.gu skipped
C:\Documents and Settings\Admin\NGDH.exe Infected: Trojan-Downloader.Win32.Adload.gu skipped
C:\Documents and Settings\Admin\NRRG.exe Infected: Trojan-Downloader.Win32.Adload.gu skipped
C:\Documents and Settings\Admin\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Admin\NTUSER.DAT.LOG Object is locked skipped
C:\Documents and Settings\Admin\OHDT.exe Object is locked skipped
C:\Documents and Settings\Admin\OHEI.exe Infected: Trojan-Downloader.Win32.Adload.gu skipped
C:\Documents and Settings\Admin\PIUJ.exe Infected: Trojan-Downloader.Win32.Adload.gu skipped
C:\Documents and Settings\Admin\QREN.exe Object is locked skipped
C:\Documents and Settings\Admin\QRML.exe Infected: Trojan-Downloader.Win32.Adload.gu skipped
C:\Documents and Settings\Admin\RURS.exe Infected: Trojan-Downloader.Win32.Adload.gu skipped
C:\Documents and Settings\Admin\SHHT.exe Infected: Trojan-Downloader.Win32.Adload.gu skipped
C:\Documents and Settings\Admin\t3st.bmp Infected: Trojan.Win32.HideProc.g skipped
C:\Documents and Settings\Admin\UOLF.exe Infected: Trojan-Downloader.Win32.Adload.gu skipped
C:\Documents and Settings\Admin\URPC.exe Infected: Trojan-Downloader.Win32.Adload.gu skipped
C:\Documents and Settings\All Users\Application Data\avg7\Log\emc.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log.lck Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Dr Watson\user.dmp Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\logs\starwind.2006-10-26.19-57-45.log Object is locked skipped
C:\UFantasy.ini Object is locked skipped
C:\WINDOWS\Debug\oakley.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\Internet Logs\fwdbglog.txt Object is locked skipped
C:\WINDOWS\Internet Logs\fwpktlog.txt Object is locked skipped
C:\WINDOWS\Internet Logs\IAMDB.RDB Object is locked skipped
C:\WINDOWS\Internet Logs\PIETERS-DESKTOP.ldb Object is locked skipped
C:\WINDOWS\Internet Logs\tvDebug.log Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\ASAL.exe Infected: Trojan-Downloader.Win32.Adload.gu skipped
C:\WINDOWS\system32\clbcatex.exe Infected: Trojan-Downloader.Win32.Adload.gu skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\drivers\sptd.sys Object is locked skipped
C:\WINDOWS\system32\drivers\sptd5021.sys Object is locked skipped
C:\WINDOWS\system32\drivers\vaxscsi.sys Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\JJKP.exe Infected: Trojan-Downloader.Win32.Adload.gu skipped
C:\WINDOWS\system32\JKRC.exe Infected: Trojan-Downloader.Win32.Adload.gu skipped
C:\WINDOWS\system32\KNST.exe Infected: Trojan-Downloader.Win32.Adload.gu skipped
C:\WINDOWS\system32\t3st.bmp Infected: Trojan.Win32.HideProc.g skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\Temp\ZLT056ce.TMP Object is locked skipped
C:\WINDOWS\Temp\ZLT056d2.TMP Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
Scan process completed.
[ + quote]
Niobis
Senior Member
_ 		26. October 2006 @ 22:20 _ Link to this message    Send private message to this user   
NicHt,

Go here to download the trial version of AVG Anti-spyware.

Install and update.
Restart your computer in safe mode(press F8 upon boot, select "Safe Mode" from menu and press Enter).
Open AVG AS and click "Scanner".
Click "Complete System Scan".
When it finishes scanning, set all items to "Quarantine".
Click "Apply All Actions".
Click "Save Report".
Click "Save report as" and save it to the desktop.

Restart in normal mode.
Download HijackThis.
Create a folder for it and extract the file there.
Do a system scan and save a log file.
Post the HjT log and the AVGAS report in your own thread, please.
[ + quote]
Don't be fooled any longer.
http://www.youtube.com/watch?v=BUtbGYgsIu4&feature=related
creaky
Moderator
_ 		26. October 2006 @ 22:24 _ Link to this message    Send private message to this user   
Quote:
Err. I had the same exact problem and I did all the steps, here are my scan results:
- that's becuase you're jorahan. not a problem as long as your posts improve. Anyway, i won't hold this thread up any longer
[ + quote]


Main PC ~ Intel C2Q Q6600 (G0 Stepping)/Gigabyte GA-EP45-DS3/2GB Crucial Ballistix PC2-8500/Zalman CNPS9700/Antec 900/Corsair HX 620W
Network ~ DD-WRT ~ 2node WDS-WPA2/AES ~ Buffalo WHR-G54S. 3node WPA2/AES ~ WRT54GS v6 (inc. WEP BSSID), WRT54G v2, WRT54G2 v1. *** Forum Rules ***
Advertisement
_ 		__
 
_
Niobis
Senior Member
_ 		26. October 2006 @ 22:29 _ Link to this message    Send private message to this user   
Ah, edited! Wrong tab. :)
[ + quote]
Don't be fooled any longer.
http://www.youtube.com/watch?v=BUtbGYgsIu4&feature=related

This message has been edited since posting. Last time this message was edited on 26. October 2006 @ 22:31
afterdawn.com > forums > software, operating systems and more > windows - virus and spyware problems > maca1 hijak this, scan, need help
 

Digital video: AfterDawn.com | AfterDawn Forums
Music: MP3Lizard.com
Gaming: Blasteroids.com | Blasteroids Forums | Compare game prices
Software: Software downloads
Blogs: User profile pages
RSS feeds: AfterDawn.com News | Software updates | AfterDawn Forums
International: AfterDawn in Finnish | AfterDawn in Swedish | AfterDawn in Norwegian | download.fi
Navigate: Search | Site map
About us: About AfterDawn Ltd | Advertise on our sites | Rules, Restrictions, Legal disclaimer & Privacy policy
Contact us: Send feedback | Contact our media sales team
 
  © 1999-2025 by AfterDawn Ltd.

  IDG TechNetwork