0

Hello,

I've had a problem with InternetExplorer & all programs that depend on it. I posted a full description of the problem here, but there were no responses so I figured I may assume the PC is infected with some kind of virii/spyware/malware & submit a full HijackThis! log file.

There we go:

Logfile of HijackThis v1.99.1
Scan saved at 05:44:21 م, on 11/06/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\xampp\apache\bin\apache.exe
C:\WINDOWS\system32\crypserv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PDFCreatorMessages.exe
C:\WINDOWS\System32\PAStiSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\xampp\apache\bin\apache.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\JawsSystems\Jaws PDF Creator\PDFClient.exe
C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-xa\msnappau.exe
C:\Program Files\Common Files\Mdn.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\msregstr.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\MSI\Core Center\CoreCenter.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Real\RealOne Player\RealPlay.exe
C:\Program Files\Real\RealOne Player\RealPlay.exe
D:\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = localhost:4001
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O2 - BHO: Khlp894uObj Class - {C09A9316-CE14-4D19-B07C-E3C981B5941B} - C:\WINDOWS\system32\khlp894u.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O3 - Toolbar: Systran50premi.IEPlugIn - {9A0844DB-84CF-4440-BDB1-1F4F7C4F7FB0} - C:\Program Files\SYSTRAN\5.0\Premium\IEPlugIn.dll
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [PDFCreatorClient] C:\Program Files\JawsSystems\Jaws PDF Creator\PDFClient.exe
O4 - HKLM\..\Run: [msnappau] "C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-xa\msnappau.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Wah] C:\Program Files\Common Files\Mdn.exe
O4 - HKLM\..\Run: [PDF Converter Registry Controller] "C:\Program Files\SYSTRAN\5.0\Premium\RegistryController.exe"
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [QuickTime Task] "D:\program files\qttask.exe" -atboottime
O4 - HKLM\..\Run: [mlan] C:\WINDOWS\mlan.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [MSRegstr] C:\WINDOWS\system32\msregstr.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: CoreCenter.lnk = C:\Program Files\MSI\Core Center\CoreCenter.exe
O4 - Global Startup: Server4PC.lnk = C:\Program Files\TechniSat DVB\bin\Server4PC.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Open and Translate in Word - res://C:\Program Files\SYSTRAN\5.0\Premium\IEShellExt.dll /10
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by13fd.bay13.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {99B6E512-3893-4155-9964-8EB8E06099CB} (WebSpyWareKiller Class) - http://download.zonelabs.com/bin/promotions/spywaredetector/WebSWK.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{4B914F7E-217C-4225-8F59-D8D981B213D2}: NameServer = 212.0.138.12 212.0.138.13
O23 - Service: Apache2 - Unknown owner - C:\Program Files\xampp\apache\bin\apache.exe" -k runservice (file missing)
O23 - Service: Crypkey License - Kenonic Controls Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe
O23 - Service: FileZilla Server FTP server (FileZilla Server) - Unknown owner - C:\Program Files\xampp\FileZillaFTP\FileZillaServer.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: MySql - Unknown owner - C:/apache/mysql/bin/mysqld-nt.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PDFCreatorMessages - Global Graphics Software Ltd - C:\WINDOWS\system32\PDFCreatorMessages.exe
O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe
O23 - Service: XAMPP Service (XAMPP) - Unknown owner - C:\Program Files\xampp\service.exe

====== end of log file

Something that I didn't mention in the first thread is that I have another wierd connection problem! Whenever I connect to the Internet for the first time nothing responds at all, even with using Firefox. It is when I disconnect & reconnect again that everything start to work fine & pages load as normal!

Thanks in advance for your kind help.

3
Contributors
35
Replies
36
Views
11 Years
Discussion Span
Last Post by kylethedarkn
0

Ok First download Ewido from here
Then download Ccleaner from here

  1. Install ewido anti-malware
  2. When installing, under "Additional Options" uncheck..
    • Install background guard
    • Install scan via context menu
  3. Launch ewido, there should be an icon on your desktop, double-click it.
  4. The program will now open to the main screen.
  5. When you run ewido for the first time, you may get a warning "Database could not be found!". Click OK. We will fix this in a moment.
  6. You will need to update ewido to the latest definition files.
    • On the left hand side of the main screen click update.
    • Then click on Start Update.
  7. The update will start and a progress bar will show the updates being installed.
    (the status bar at the bottom will display ("Update successful" )

If you are having problems with the updater, you can use this link to manually update ewido.
ewido manual updates

Once the updates are installed do the following:

  • Open up Ewido
  • Click on scanner
  • Click on Complete System Scan and the scan will begin.
  • You will be prompted to clean the first infection.
  • Select "Perform action on all infections", then proceed.
  • Once the scan has completed, there will be a button located on the bottom of the screen named Save report
  • Click Save report.
  • Save the report .txt file to your desktop or a location where you can find it easily.
  • Close ewido anti-malware.

Reboot.


Run CCleaner, click "Options" button and here go to "Advanced" tab and uncheck the option "Only delete files in Windows Temp folder older than 48 hours". Click OK to exit from the Options. Finally click "Run Cleaner" and click "OK" to continue cleaning.

After that post a new HJT log and include the Ewido log

0

Thanks for the response, kylethedarkn.

I did as instructed in your post. The Ewido scanner found about 212 infections, most of them are tracking cookies. There were an exploit & a worm so far. But CCleaner failed to work at all. It's installed correctly but when I double-click on it's icon the program never loads. This is the same problem that occurs to me with all IE-dependent programs; they just don't work.

Here is the Ewido's log file so far:

---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------

+ Created on: 12:23:21 م, 12/06/2006
+ Report-Checksum: A5C4B91A

+ Scan result:

HKLM\SOFTWARE\Classes\WinStatX.Installer -> Adware.WinTaskAd : Cleaned with backup
HKLM\SOFTWARE\Classes\WinStatX.Installer\CLSID -> Adware.WinTaskAd : Cleaned with backup
:mozilla.14:C:\Documents and Settings\Al Kundo.LIGHTENING-120-\Application Data\Mozilla\Firefox\Profiles\ztxvbzpn.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned with backup
:mozilla.15:C:\Documents and Settings\Al Kundo.LIGHTENING-120-\Application Data\Mozilla\Firefox\Profiles\ztxvbzpn.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned with backup
:mozilla.16:C:\Documents and Settings\Al Kundo.LIGHTENING-120-\Application Data\Mozilla\Firefox\Profiles\ztxvbzpn.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned with backup
:mozilla.17:C:\Documents and Settings\Al Kundo.LIGHTENING-120-\Application Data\Mozilla\Firefox\Profiles\ztxvbzpn.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned with backup
:mozilla.18:C:\Documents and Settings\Al Kundo.LIGHTENING-120-\Application Data\Mozilla\Firefox\Profiles\ztxvbzpn.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned with backup
:mozilla.19:C:\Documents and Settings\Al Kundo.LIGHTENING-120-\Application Data\Mozilla\Firefox\Profiles\ztxvbzpn.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned with backup
:mozilla.42:C:\Documents and Settings\Al Kundo.LIGHTENING-120-\Application Data\Mozilla\Firefox\Profiles\ztxvbzpn.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned with backup
:mozilla.43:C:\Documents and Settings\Al Kundo.LIGHTENING-120-\Application Data\Mozilla\Firefox\Profiles\ztxvbzpn.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.44:C:\Documents and Settings\Al Kundo.LIGHTENING-120-\Application Data\Mozilla\Firefox\Profiles\ztxvbzpn.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.45:C:\Documents and Settings\Al Kundo.LIGHTENING-120-\Application Data\Mozilla\Firefox\Profiles\ztxvbzpn.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.46:C:\Documents and Settings\Al Kundo.LIGHTENING-120-\Application Data\Mozilla\Firefox\Profiles\ztxvbzpn.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.47:C:\Documents and Settings\Al Kundo.LIGHTENING-120-\Application Data\Mozilla\Firefox\Profiles\ztxvbzpn.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.48:C:\Documents and Settings\Al Kundo.LIGHTENING-120-\Application Data\Mozilla\Firefox\Profiles\ztxvbzpn.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned with backup
:mozilla.49:C:\Documents and Settings\Al Kundo.LIGHTENING-120-\Application Data\Mozilla\Firefox\Profiles\ztxvbzpn.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned with backup
:mozilla.50:C:\Documents and Settings\Al Kundo.LIGHTENING-120-\Application Data\Mozilla\Firefox\Profiles\ztxvbzpn.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup
:mozilla.51:C:\Documents and Settings\Al Kundo.LIGHTENING-120-\Application Data\Mozilla\Firefox\Profiles\ztxvbzpn.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
:mozilla.52:C:\Documents and Settings\Al Kundo.LIGHTENING-120-\Application Data\Mozilla\Firefox\Profiles\ztxvbzpn.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
:mozilla.53:C:\Documents and Settings\Al Kundo.LIGHTENING-120-\Application Data\Mozilla\Firefox\Profiles\ztxvbzpn.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
:mozilla.56:C:\Documents and Settings\Al Kundo.LIGHTENING-120-\Application Data\Mozilla\Firefox\Profiles\ztxvbzpn.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.57:C:\Documents and Settings\Al Kundo.LIGHTENING-120-\Application Data\Mozilla\Firefox\Profiles\ztxvbzpn.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.58:C:\Documents and Settings\Al Kundo.LIGHTENING-120-\Application Data\Mozilla\Firefox\Profiles\ztxvbzpn.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.88:C:\Documents and Settings\Al Kundo.LIGHTENING-120-\Application Data\Mozilla\Firefox\Profiles\ztxvbzpn.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned with backup
:mozilla.89:C:\Documents and Settings\Al Kundo.LIGHTENING-120-\Application Data\Mozilla\Firefox\Profiles\ztxvbzpn.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned with backup
:mozilla.94:C:\Documents and Settings\Al Kundo.LIGHTENING-120-\Application Data\Mozilla\Firefox\Profiles\ztxvbzpn.default\cookies.txt -> TrackingCookie.247realmedia : Cleaned with backup
:mozilla.120:C:\Documents and Settings\Al Kundo.LIGHTENING-120-\Application Data\Mozilla\Firefox\Profiles\ztxvbzpn.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.121:C:\Documents and Settings\Al Kundo.LIGHTENING-120-\Application Data\Mozilla\Firefox\Profiles\ztxvbzpn.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.122:C:\Documents and Settings\Al Kundo.LIGHTENING-120-\Application Data\Mozilla\Firefox\Profiles\ztxvbzpn.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.123:C:\Documents and Settings\Al Kundo.LIGHTENING-120-\Application Data\Mozilla\Firefox\Profiles\ztxvbzpn.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.127:C:\Documents and Settings\Al Kundo.LIGHTENING-120-\Application Data\Mozilla\Firefox\Profiles\ztxvbzpn.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
C:\Documents and Settings\Al Kundo.LIGHTENING-120-\Cookies\al [email]kundo@2o7[1].txt[/email] -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\Al Kundo.LIGHTENING-120-\Cookies\al [email]kundo@ad.yieldmanager[1].txt[/email] -> TrackingCookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\Al Kundo.LIGHTENING-120-\Cookies\al [email]kundo@adopt.euroclick[1].txt[/email] -> TrackingCookie.Euroclick : Cleaned with backup
C:\Documents and Settings\Al Kundo.LIGHTENING-120-\Cookies\al [email]kundo@adrevolver[4].txt[/email] -> TrackingCookie.Adrevolver : Cleaned with backup
C:\Documents and Settings\Al Kundo.LIGHTENING-120-\Cookies\al [email]kundo@ads.addynamix[1].txt[/email] -> TrackingCookie.Addynamix : Cleaned with backup
C:\Documents and Settings\Al Kundo.LIGHTENING-120-\Cookies\al [email]kundo@ads.pointroll[1].txt[/email] -> TrackingCookie.Pointroll : Cleaned with backup
C:\Documents and Settings\Al Kundo.LIGHTENING-120-\Cookies\al [email]kundo@ads18.bpath[1].txt[/email] -> TrackingCookie.Bpath : Cleaned with backup
C:\Documents and Settings\Al Kundo.LIGHTENING-120-\Cookies\al [email]kundo@advertising[2].txt[/email] -> TrackingCookie.Advertising : Cleaned with backup
C:\Documents and Settings\Al Kundo.LIGHTENING-120-\Cookies\al [email]kundo@as-us.falkag[1].txt[/email] -> TrackingCookie.Falkag : Cleaned with backup
C:\Documents and Settings\Al Kundo.LIGHTENING-120-\Cookies\al [email]kundo@atdmt[2].txt[/email] -> TrackingCookie.Atdmt : Cleaned with backup
C:\Documents and Settings\Al Kundo.LIGHTENING-120-\Cookies\al [email]kundo@bluestreak[2].txt[/email] -> TrackingCookie.Bluestreak : Cleaned with backup
C:\Documents and Settings\Al Kundo.LIGHTENING-120-\Cookies\al [email]kundo@bs.serving-sys[1].txt[/email] -> TrackingCookie.Serving-sys : Cleaned with backup
C:\Documents and Settings\Al Kundo.LIGHTENING-120-\Cookies\al [email]kundo@burstnet[1].txt[/email] -> TrackingCookie.Burstnet : Cleaned with backup
C:\Documents and Settings\Al Kundo.LIGHTENING-120-\Cookies\al [email]kundo@c.enhance[1].txt[/email] -> TrackingCookie.Enhance : Cleaned with backup
C:\Documents and Settings\Al Kundo.LIGHTENING-120-\Cookies\al [email]kundo@c.goclick[1].txt[/email] -> TrackingCookie.Goclick : Cleaned with backup
C:\Documents and Settings\Al Kundo.LIGHTENING-120-\Cookies\al [email]kundo@casalemedia[1].txt[/email] -> TrackingCookie.Casalemedia : Cleaned with backup
C:\Documents and Settings\Al Kundo.LIGHTENING-120-\Cookies\al [email]kundo@centrport[1].txt[/email] -> TrackingCookie.Centrport : Cleaned with backup
C:\Documents and Settings\Al Kundo.LIGHTENING-120-\Cookies\al [email]kundo@clickagents[1].txt[/email] -> TrackingCookie.Clickagents : Cleaned with backup
C:\Documents and Settings\Al Kundo.LIGHTENING-120-\Cookies\al [email]kundo@cneteurope.122.2o7[1].txt[/email] -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\Al Kundo.LIGHTENING-120-\Cookies\al [email]kundo@com[2].txt[/email] -> TrackingCookie.Com : Cleaned with backup
C:\Documents and Settings\Al Kundo.LIGHTENING-120-\Cookies\al [email]kundo@cz6.clickzs[2].txt[/email] -> TrackingCookie.Clickzs : Cleaned with backup
C:\Documents and Settings\Al Kundo.LIGHTENING-120-\Cookies\al [email]kundo@data.coremetrics[1].txt[/email] -> TrackingCookie.Coremetrics : Cleaned with backup
C:\Documents and Settings\Al Kundo.LIGHTENING-120-\Cookies\al [email]kundo@data1.perf.overture[1].txt[/email] -> TrackingCookie.Overture : Cleaned with backup
C:\Documents and Settings\Al Kundo.LIGHTENING-120-\Cookies\al [email]kundo@doubleclick[1].txt[/email] -> TrackingCookie.Doubleclick : Cleaned with backup
C:\Documents and Settings\Al Kundo.LIGHTENING-120-\Cookies\al [email]kundo@e-2dj6wfl4qkazeeo.stats.esomniture[2].txt[/email] -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Al Kundo.LIGHTENING-120-\Cookies\al [email]kundo@edge.ru4[1].txt[/email] -> TrackingCookie.Ru4 : Cleaned with backup
C:\Documents and Settings\Al Kundo.LIGHTENING-120-\Cookies\al [email]kundo@ehg-dig.hitbox[1].txt[/email] -> TrackingCookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Al Kundo.LIGHTENING-120-\Cookies\al [email]kundo@ehg-nokiafin.hitbox[2].txt[/email] -> TrackingCookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Al Kundo.LIGHTENING-120-\Cookies\al [email]kundo@estat[1].txt[/email] -> TrackingCookie.Estat : Cleaned with backup
C:\Documents and Settings\Al Kundo.LIGHTENING-120-\Cookies\al [email]kundo@fastclick[1].txt[/email] -> TrackingCookie.Fastclick : Cleaned with backup
C:\Documents and Settings\Al Kundo.LIGHTENING-120-\Cookies\al [email]kundo@hg1.hitbox[1].txt[/email] -> TrackingCookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Al Kundo.LIGHTENING-120-\Cookies\al [email]kundo@hitbox[1].txt[/email] -> TrackingCookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Al Kundo.LIGHTENING-120-\Cookies\al [email]kundo@lop[2].txt[/email] -> TrackingCookie.Lop : Cleaned with backup
C:\Documents and Settings\Al Kundo.LIGHTENING-120-\Cookies\al [email]kundo@mediaplex[2].txt[/email] -> TrackingCookie.Mediaplex : Cleaned with backup
C:\Documents and Settings\Al Kundo.LIGHTENING-120-\Cookies\al [email]kundo@msninvite.112.2o7[1].txt[/email] -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\Al Kundo.LIGHTENING-120-\Cookies\al [email]kundo@msnportal.112.2o7[1].txt[/email] -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\Al Kundo.LIGHTENING-120-\Cookies\al [email]kundo@overture[2].txt[/email] -> TrackingCookie.Overture : Cleaned with backup
C:\Documents and Settings\Al Kundo.LIGHTENING-120-\Cookies\al [email]kundo@perf.overture[1].txt[/email] -> TrackingCookie.Overture : Cleaned with backup
C:\Documents and Settings\Al Kundo.LIGHTENING-120-\Cookies\al [email]kundo@questionmarket[1].txt[/email] -> TrackingCookie.Questionmarket : Cleaned with backup
C:\Documents and Settings\Al Kundo.LIGHTENING-120-\Cookies\al [email]kundo@s.as-us.falkag[1].txt[/email] -> TrackingCookie.Falkag : Cleaned with backup
C:\Documents and Settings\Al Kundo.LIGHTENING-120-\Cookies\al [email]kundo@sel.as-us.falkag[2].txt[/email] -> TrackingCookie.Falkag : Cleaned with backup
C:\Documents and Settings\Al Kundo.LIGHTENING-120-\Cookies\al [email]kundo@server.iad.liveperson[1].txt[/email] -> TrackingCookie.Liveperson : Cleaned with backup
C:\Documents and Settings\Al Kundo.LIGHTENING-120-\Cookies\al [email]kundo@serving-sys[2].txt[/email] -> TrackingCookie.Serving-sys : Cleaned with backup
C:\Documents and Settings\Al Kundo.LIGHTENING-120-\Cookies\al [email]kundo@starware[2].txt[/email] -> TrackingCookie.Starware : Cleaned with backup
C:\Documents and Settings\Al Kundo.LIGHTENING-120-\Cookies\al [email]kundo@statcounter[1].txt[/email] -> TrackingCookie.Statcounter : Cleaned with backup
C:\Documents and Settings\Al Kundo.LIGHTENING-120-\Cookies\al [email]kundo@statse.webtrendslive[2].txt[/email] -> TrackingCookie.Webtrendslive : Cleaned with backup
C:\Documents and Settings\Al Kundo.LIGHTENING-120-\Cookies\al [email]kundo@tacoda[2].txt[/email] -> TrackingCookie.Tacoda : Cleaned with backup
C:\Documents and Settings\Al Kundo.LIGHTENING-120-\Cookies\al [email]kundo@tradedoubler[2].txt[/email] -> TrackingCookie.Tradedoubler : Cleaned with backup
C:\Documents and Settings\Al Kundo.LIGHTENING-120-\Cookies\al [email]kundo@trafficmp[2].txt[/email] -> TrackingCookie.Trafficmp : Cleaned with backup
C:\Documents and Settings\Al Kundo.LIGHTENING-120-\Cookies\al [email]kundo@tribalfusion[2].txt[/email] -> TrackingCookie.Tribalfusion : Cleaned with backup
C:\Documents and Settings\Al Kundo.LIGHTENING-120-\Cookies\al [email]kundo@valueclick[1].txt[/email] -> TrackingCookie.Valueclick : Cleaned with backup
C:\Documents and Settings\Al Kundo.LIGHTENING-120-\Cookies\al [email]kundo@weborama[1].txt[/email] -> TrackingCookie.Weborama : Cleaned with backup
C:\Documents and Settings\Al Kundo.LIGHTENING-120-\Cookies\al [email]kundo@www.myaffiliateprogram[1].txt[/email] -> TrackingCookie.Myaffiliateprogram : Cleaned with backup
C:\Documents and Settings\Al Kundo.LIGHTENING-120-\Cookies\al [email]kundo@www.web-stat[2].txt[/email] -> TrackingCookie.Web-stat : Cleaned with backup
C:\Documents and Settings\Al Kundo.LIGHTENING-120-\Cookies\al [email]kundo@z1.adserver[1].txt[/email] -> TrackingCookie.Adserver : Cleaned with backup
C:\Documents and Settings\Al Kundo.LIGHTENING-120-\Cookies\al [email]kundo@zedo[1].txt[/email] -> TrackingCookie.Zedo : Cleaned with backup
C:\Documents and Settings\Al Kundo.LIGHTENING-120-\Local Settings\Temp\Cookies\al [email]kundo@atdmt[1].txt[/email] -> TrackingCookie.Atdmt : Cleaned with backup
C:\Documents and Settings\Al Kundo.LIGHTENING-120-\Local Settings\Temp\Cookies\al [email]kundo@doubleclick[1].txt[/email] -> TrackingCookie.Doubleclick : Cleaned with backup
:mozilla.16:C:\Documents and Settings\P4\Application Data\Mozilla\Firefox\Profiles\osk7tq1y.default\cookies.txt -> TrackingCookie.Adjuggler : Cleaned with backup
:mozilla.21:C:\Documents and Settings\P4\Application Data\Mozilla\Firefox\Profiles\osk7tq1y.default\cookies.txt -> TrackingCookie.Adjuggler : Cleaned with backup
:mozilla.22:C:\Documents and Settings\P4\Application Data\Mozilla\Firefox\Profiles\osk7tq1y.default\cookies.txt -> TrackingCookie.Adjuggler : Cleaned with backup
:mozilla.25:C:\Documents and Settings\P4\Application Data\Mozilla\Firefox\Profiles\osk7tq1y.default\cookies.txt -> TrackingCookie.Adjuggler : Cleaned with backup
:mozilla.26:C:\Documents and Settings\P4\Application Data\Mozilla\Firefox\Profiles\osk7tq1y.default\cookies.txt -> TrackingCookie.Adjuggler : Cleaned with backup
:mozilla.27:C:\Documents and Settings\P4\Application Data\Mozilla\Firefox\Profiles\osk7tq1y.default\cookies.txt -> TrackingCookie.Adjuggler : Cleaned with backup
:mozilla.28:C:\Documents and Settings\P4\Application Data\Mozilla\Firefox\Profiles\osk7tq1y.default\cookies.txt -> TrackingCookie.Adjuggler : Cleaned with backup
:mozilla.30:C:\Documents and Settings\P4\Application Data\Mozilla\Firefox\Profiles\osk7tq1y.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned with backup
:mozilla.43:C:\Documents and Settings\P4\Application Data\Mozilla\Firefox\Profiles\osk7tq1y.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned with backup
:mozilla.44:C:\Documents and Settings\P4\Application Data\Mozilla\Firefox\Profiles\osk7tq1y.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.45:C:\Documents and Settings\P4\Application Data\Mozilla\Firefox\Profiles\osk7tq1y.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.46:C:\Documents and Settings\P4\Application Data\Mozilla\Firefox\Profiles\osk7tq1y.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.47:C:\Documents and Settings\P4\Application Data\Mozilla\Firefox\Profiles\osk7tq1y.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.48:C:\Documents and Settings\P4\Application Data\Mozilla\Firefox\Profiles\osk7tq1y.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.49:C:\Documents and Settings\P4\Application Data\Mozilla\Firefox\Profiles\osk7tq1y.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.50:C:\Documents and Settings\P4\Application Data\Mozilla\Firefox\Profiles\osk7tq1y.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned with backup
:mozilla.51:C:\Documents and Settings\P4\Application Data\Mozilla\Firefox\Profiles\osk7tq1y.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup
:mozilla.52:C:\Documents and Settings\P4\Application Data\Mozilla\Firefox\Profiles\osk7tq1y.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup
:mozilla.53:C:\Documents and Settings\P4\Application Data\Mozilla\Firefox\Profiles\osk7tq1y.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup
:mozilla.54:C:\Documents and Settings\P4\Application Data\Mozilla\Firefox\Profiles\osk7tq1y.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup
:mozilla.55:C:\Documents and Settings\P4\Application Data\Mozilla\Firefox\Profiles\osk7tq1y.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned with backup
:mozilla.103:C:\Documents and Settings\P4\Application Data\Mozilla\Firefox\Profiles\osk7tq1y.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup
:mozilla.104:C:\Documents and Settings\P4\Application Data\Mozilla\Firefox\Profiles\osk7tq1y.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup
:mozilla.105:C:\Documents and Settings\P4\Application Data\Mozilla\Firefox\Profiles\osk7tq1y.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup
:mozilla.106:C:\Documents and Settings\P4\Application Data\Mozilla\Firefox\Profiles\osk7tq1y.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup
:mozilla.126:C:\Documents and Settings\P4\Application Data\Mozilla\Firefox\Profiles\osk7tq1y.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.127:C:\Documents and Settings\P4\Application Data\Mozilla\Firefox\Profiles\osk7tq1y.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.128:C:\Documents and Settings\P4\Application Data\Mozilla\Firefox\Profiles\osk7tq1y.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.129:C:\Documents and Settings\P4\Application Data\Mozilla\Firefox\Profiles\osk7tq1y.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.130:C:\Documents and Settings\P4\Application Data\Mozilla\Firefox\Profiles\osk7tq1y.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.131:C:\Documents and Settings\P4\Application Data\Mozilla\Firefox\Profiles\osk7tq1y.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.146:C:\Documents and Settings\P4\Application Data\Mozilla\Firefox\Profiles\osk7tq1y.default\cookies.txt -> TrackingCookie.Centrport : Cleaned with backup
:mozilla.148:C:\Documents and Settings\P4\Application Data\Mozilla\Firefox\Profiles\osk7tq1y.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.149:C:\Documents and Settings\P4\Application Data\Mozilla\Firefox\Profiles\osk7tq1y.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.150:C:\Documents and Settings\P4\Application Data\Mozilla\Firefox\Profiles\osk7tq1y.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.151:C:\Documents and Settings\P4\Application Data\Mozilla\Firefox\Profiles\osk7tq1y.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.152:C:\Documents and Settings\P4\Application Data\Mozilla\Firefox\Profiles\osk7tq1y.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.153:C:\Documents and Settings\P4\Application Data\Mozilla\Firefox\Profiles\osk7tq1y.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.158:C:\Documents and Settings\P4\Application Data\Mozilla\Firefox\Profiles\osk7tq1y.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
:mozilla.159:C:\Documents and Settings\P4\Application Data\Mozilla\Firefox\Profiles\osk7tq1y.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
:mozilla.160:C:\Documents and Settings\P4\Application Data\Mozilla\Firefox\Profiles\osk7tq1y.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
:mozilla.161:C:\Documents and Settings\P4\Application Data\Mozilla\Firefox\Profiles\osk7tq1y.default\cookies.txt -> TrackingCookie.Valuead : Cleaned with backup
:mozilla.162:C:\Documents and Settings\P4\Application Data\Mozilla\Firefox\Profiles\osk7tq1y.default\cookies.txt -> TrackingCookie.Valuead : Cleaned with backup
:mozilla.163:C:\Documents and Settings\P4\Application Data\Mozilla\Firefox\Profiles\osk7tq1y.default\cookies.txt -> TrackingCookie.Valuead : Cleaned with backup
:mozilla.164:C:\Documents and Settings\P4\Application Data\Mozilla\Firefox\Profiles\osk7tq1y.default\cookies.txt -> TrackingCookie.Valuead : Cleaned with backup
:mozilla.165:C:\Documents and Settings\P4\Application Data\Mozilla\Firefox\Profiles\osk7tq1y.default\cookies.txt -> TrackingCookie.Valuead : Cleaned with backup
:mozilla.166:C:\Documents and Settings\P4\Application Data\Mozilla\Firefox\Profiles\osk7tq1y.default\cookies.txt -> TrackingCookie.Valuead : Cleaned with backup
:mozilla.167:C:\Documents and Settings\P4\Application Data\Mozilla\Firefox\Profiles\osk7tq1y.default\cookies.txt -> TrackingCookie.Valuead : Cleaned with backup
:mozilla.170:C:\Documents and Settings\P4\Application Data\Mozilla\Firefox\Profiles\osk7tq1y.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup
:mozilla.171:C:\Documents and Settings\P4\Application Data\Mozilla\Firefox\Profiles\osk7tq1y.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup
:mozilla.172:C:\Documents and Settings\P4\Application Data\Mozilla\Firefox\Profiles\osk7tq1y.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup
:mozilla.173:C:\Documents and Settings\P4\Application Data\Mozilla\Firefox\Profiles\osk7tq1y.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup
:mozilla.174:C:\Documents and Settings\P4\Application Data\Mozilla\Firefox\Profiles\osk7tq1y.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup
:mozilla.175:C:\Documents and Settings\P4\Application Data\Mozilla\Firefox\Profiles\osk7tq1y.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup
:mozilla.176:C:\Documents and Settings\P4\Application Data\Mozilla\Firefox\Profiles\osk7tq1y.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
:mozilla.190:C:\Documents and Settings\P4\Application Data\Mozilla\Firefox\Profiles\osk7tq1y.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.225:C:\Documents and Settings\P4\Application Data\Mozilla\Firefox\Profiles\osk7tq1y.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.226:C:\Documents and Settings\P4\Application Data\Mozilla\Firefox\Profiles\osk7tq1y.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.231:C:\Documents and Settings\P4\Application Data\Mozilla\Firefox\Profiles\osk7tq1y.default\cookies.txt -> TrackingCookie.Myaffiliateprogram : Cleaned with backup
:mozilla.232:C:\Documents and Settings\P4\Application Data\Mozilla\Firefox\Profiles\osk7tq1y.default\cookies.txt -> TrackingCookie.Myaffiliateprogram : Cleaned with backup
:mozilla.233:C:\Documents and Settings\P4\Application Data\Mozilla\Firefox\Profiles\osk7tq1y.default\cookies.txt -> TrackingCookie.Revenue : Cleaned with backup
:mozilla.234:C:\Documents and Settings\P4\Application Data\Mozilla\Firefox\Profiles\osk7tq1y.default\cookies.txt -> TrackingCookie.Revenue : Cleaned with backup
:mozilla.235:C:\Documents and Settings\P4\Application Data\Mozilla\Firefox\Profiles\osk7tq1y.default\cookies.txt -> TrackingCookie.Revenue : Cleaned with backup
:mozilla.238:C:\Documents and Settings\P4\Application Data\Mozilla\Firefox\Profiles\osk7tq1y.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.239:C:\Documents and Settings\P4\Application Data\Mozilla\Firefox\Profiles\osk7tq1y.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.240:C:\Documents and Settings\P4\Application Data\Mozilla\Firefox\Profiles\osk7tq1y.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.241:C:\Documents and Settings\P4\Application Data\Mozilla\Firefox\Profiles\osk7tq1y.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.245:C:\Documents and Settings\P4\Application Data\Mozilla\Firefox\Profiles\osk7tq1y.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.251:C:\Documents and Settings\P4\Application Data\Mozilla\Firefox\Profiles\osk7tq1y.default\cookies.txt -> TrackingCookie.Bluestreak : Cleaned with backup
:mozilla.287:C:\Documents and Settings\P4\Application Data\Mozilla\Firefox\Profiles\osk7tq1y.default\cookies.txt -> TrackingCookie.Adtech : Cleaned with backup
:mozilla.288:C:\Documents and Settings\P4\Application Data\Mozilla\Firefox\Profiles\osk7tq1y.default\cookies.txt -> TrackingCookie.Adtech : Cleaned with backup
:mozilla.292:C:\Documents and Settings\P4\Application Data\Mozilla\Firefox\Profiles\osk7tq1y.default\cookies.txt -> TrackingCookie.Valueclick : Cleaned with backup
:mozilla.334:C:\Documents and Settings\P4\Application Data\Mozilla\Firefox\Profiles\osk7tq1y.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned with backup
:mozilla.346:C:\Documents and Settings\P4\Application Data\Mozilla\Firefox\Profiles\osk7tq1y.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup
:mozilla.347:C:\Documents and Settings\P4\Application Data\Mozilla\Firefox\Profiles\osk7tq1y.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup
:mozilla.348:C:\Documents and Settings\P4\Application Data\Mozilla\Firefox\Profiles\osk7tq1y.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup
:mozilla.380:C:\Documents and Settings\P4\Application Data\Mozilla\Firefox\Profiles\osk7tq1y.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned with backup
:mozilla.398:C:\Documents and Settings\P4\Application Data\Mozilla\Firefox\Profiles\osk7tq1y.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup
:mozilla.399:C:\Documents and Settings\P4\Application Data\Mozilla\Firefox\Profiles\osk7tq1y.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup
:mozilla.410:C:\Documents and Settings\P4\Application Data\Mozilla\Firefox\Profiles\osk7tq1y.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned with backup
:mozilla.411:C:\Documents and Settings\P4\Application Data\Mozilla\Firefox\Profiles\osk7tq1y.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned with backup
:mozilla.434:C:\Documents and Settings\P4\Application Data\Mozilla\Firefox\Profiles\osk7tq1y.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.435:C:\Documents and Settings\P4\Application Data\Mozilla\Firefox\Profiles\osk7tq1y.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.460:C:\Documents and Settings\P4\Application Data\Mozilla\Firefox\Profiles\osk7tq1y.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned with backup
:mozilla.461:C:\Documents and Settings\P4\Application Data\Mozilla\Firefox\Profiles\osk7tq1y.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned with backup
:mozilla.462:C:\Documents and Settings\P4\Application Data\Mozilla\Firefox\Profiles\osk7tq1y.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned with backup
:mozilla.463:C:\Documents and Settings\P4\Application Data\Mozilla\Firefox\Profiles\osk7tq1y.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned with backup
:mozilla.464:C:\Documents and Settings\P4\Application Data\Mozilla\Firefox\Profiles\osk7tq1y.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned with backup
:mozilla.468:C:\Documents and Settings\P4\Application Data\Mozilla\Firefox\Profiles\osk7tq1y.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup
:mozilla.469:C:\Documents and Settings\P4\Application Data\Mozilla\Firefox\Profiles\osk7tq1y.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup
:mozilla.480:C:\Documents and Settings\P4\Application Data\Mozilla\Firefox\Profiles\osk7tq1y.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.481:C:\Documents and Settings\P4\Application Data\Mozilla\Firefox\Profiles\osk7tq1y.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.482:C:\Documents and Settings\P4\Application Data\Mozilla\Firefox\Profiles\osk7tq1y.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.486:C:\Documents and Settings\P4\Application Data\Mozilla\Firefox\Profiles\osk7tq1y.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.487:C:\Documents and Settings\P4\Application Data\Mozilla\Firefox\Profiles\osk7tq1y.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.499:C:\Documents and Settings\P4\Application Data\Mozilla\Firefox\Profiles\osk7tq1y.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned with backup
:mozilla.501:C:\Documents and Settings\P4\Application Data\Mozilla\Firefox\Profiles\osk7tq1y.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.502:C:\Documents and Settings\P4\Application Data\Mozilla\Firefox\Profiles\osk7tq1y.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.503:C:\Documents and Settings\P4\Application Data\Mozilla\Firefox\Profiles\osk7tq1y.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.504:C:\Documents and Settings\P4\Application Data\Mozilla\Firefox\Profiles\osk7tq1y.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.524:C:\Documents and Settings\P4\Application Data\Mozilla\Firefox\Profiles\osk7tq1y.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned with backup
:mozilla.541:C:\Documents and Settings\P4\Application Data\Mozilla\Firefox\Profiles\osk7tq1y.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.542:C:\Documents and Settings\P4\Application Data\Mozilla\Firefox\Profiles\osk7tq1y.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.543:C:\Documents and Settings\P4\Application Data\Mozilla\Firefox\Profiles\osk7tq1y.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
C:\phptriad\tools\backup\backup.exe -> Not-A-Virus.Exploit.Win32.RealServer.b : Cleaned with backup
D:\أسامة\المجاهدون والعلماء\أبو مصعب السوري\2001\mag1.zip/é㧧 éíé/FOLDER.HTT -> Worm.Holar.f : Cleaned with backup
D:\أسامة\المجاهدون والعلماء\أبو مصعب السوري\2001\mag1.zip/é㧧 éíé/é㧧 éíé/FOLDER.HTT -> Worm.Holar.f : Cleaned with backup
D:\أسامة\المجاهدون والعلماء\أبو مصعب السوري\2001\mag2.zip/é㧧 é£ëï/FOLDER.HTT -> Worm.Holar.f : Cleaned with backup
D:\أسامة\المجاهدون والعلماء\أبو مصعب السوري\2001\mag2.zip/é㧧 é£ëï/é㧧 é£ëï/FOLDER.HTT -> Worm.Holar.f : Cleaned with backup
D:\أسامة\المجاهدون والعلماء\أبو مصعب السوري\2001\ںéم§§ ںéڑيé\FOLDER.HTT -> Worm.Holar.f : Cleaned with backup
D:\أسامة\المجاهدون والعلماء\أبو مصعب السوري\2001\ںéم§§ ںéڑيé\ںéم§§ ںéڑيé\FOLDER.HTT -> Worm.Holar.f : Cleaned with backup
D:\أسامة\المجاهدون والعلماء\أبو مصعب السوري\books.rar/2001\mag1.zip/é㧧 éíé/FOLDER.HTT -> Worm.Holar.f : Cleaned with backup
D:\أسامة\المجاهدون والعلماء\أبو مصعب السوري\books.rar/2001\mag1.zip/é㧧 éíé/é㧧 éíé/FOLDER.HTT -> Worm.Holar.f : Cleaned with backup
D:\أسامة\المجاهدون والعلماء\أبو مصعب السوري\books.rar/2001\mag2.zip/é㧧 é£ëï/FOLDER.HTT -> Worm.Holar.f : Cleaned with backup
D:\أسامة\المجاهدون والعلماء\أبو مصعب السوري\books.rar/2001\mag2.zip/é㧧 é£ëï/é㧧 é£ëï/FOLDER.HTT -> Worm.Holar.f : Cleaned with backup
D:\أسامة\المجاهدون والعلماء\أبو مصعب السوري\books.rar/2001\_ê__ __ï\FOLDER.HTT -> Worm.Holar.f : Cleaned with backup
D:\أسامة\المجاهدون والعلماء\أبو مصعب السوري\books.rar/2001\_ê__ __ï\_ê__ __ï\FOLDER.HTT -> Worm.Holar.f : Cleaned with backup
D:\أسامة\المجاهدون والعلماء\أبو مصعب السوري\books.rar/ê©èª ä© \FOLDER.HTT -> Worm.Holar.f : Cleaned with backup
D:\أسامة\المجاهدون والعلماء\أبو مصعب السوري\books.rar/ê©èª ä© \____ ____\FOLDER.HTT -> Worm.Holar.f : Cleaned with backup
D:\أسامة\المجاهدون والعلماء\أبو مصعب السوري\mag1.zip/é㧧 éíé/FOLDER.HTT -> Worm.Holar.f : Cleaned with backup
D:\أسامة\المجاهدون والعلماء\أبو مصعب السوري\mag1.zip/é㧧 éíé/é㧧 éíé/FOLDER.HTT -> Worm.Holar.f : Cleaned with backup
D:\أسامة\المجاهدون والعلماء\أبو مصعب السوري\ںéم§§ ںéڑيé\FOLDER.HTT -> Worm.Holar.f : Cleaned with backup
D:\أسامة\المجاهدون والعلماء\أبو مصعب السوري\ںéم§§ ںéڑيé\ںéم§§ ںéڑيé\FOLDER.HTT -> Worm.Holar.f : Cleaned with backup


::Report End

0

Go to the start menu and go to run.
Type "ccleaner.exe"(without the quotes) in and click run if this does not work then let me know

0

OK.. CCleaner worked just when I ran it after reboot or fresh startup!

Here's HJT's new log file:

Logfile of HijackThis v1.99.1
Scan saved at 08:37:13 م, on 12/06/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\xampp\apache\bin\apache.exe
C:\WINDOWS\system32\crypserv.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\xampp\apache\bin\apache.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PDFCreatorMessages.exe
C:\WINDOWS\System32\PAStiSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\JawsSystems\Jaws PDF Creator\PDFClient.exe
C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-xa\msnappau.exe
C:\Program Files\Common Files\Mdn.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\msregstr.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\MSI\Core Center\CoreCenter.exe
C:\Program Files\TechniSat DVB\bin\Server4PC.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Real\RealOne Player\RealPlay.exe
C:\Program Files\Real\RealOne Player\RealPlay.exe
D:\hijackthis\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O2 - BHO: Khlp894uObj Class - {C09A9316-CE14-4D19-B07C-E3C981B5941B} - C:\WINDOWS\system32\khlp894u.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O3 - Toolbar: Systran50premi.IEPlugIn - {9A0844DB-84CF-4440-BDB1-1F4F7C4F7FB0} - C:\Program Files\SYSTRAN\5.0\Premium\IEPlugIn.dll
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [PDFCreatorClient] C:\Program Files\JawsSystems\Jaws PDF Creator\PDFClient.exe
O4 - HKLM\..\Run: [msnappau] "C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-xa\msnappau.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Wah] C:\Program Files\Common Files\Mdn.exe
O4 - HKLM\..\Run: [PDF Converter Registry Controller] "C:\Program Files\SYSTRAN\5.0\Premium\RegistryController.exe"
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [QuickTime Task] "D:\program files\qttask.exe" -atboottime
O4 - HKLM\..\Run: [mlan] C:\WINDOWS\mlan.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [MSRegstr] C:\WINDOWS\system32\msregstr.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: CoreCenter.lnk = C:\Program Files\MSI\Core Center\CoreCenter.exe
O4 - Global Startup: Server4PC.lnk = C:\Program Files\TechniSat DVB\bin\Server4PC.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Open and Translate in Word - res://C:\Program Files\SYSTRAN\5.0\Premium\IEShellExt.dll /10
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by13fd.bay13.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {99B6E512-3893-4155-9964-8EB8E06099CB} (WebSpyWareKiller Class) - http://download.zonelabs.com/bin/promotions/spywaredetector/WebSWK.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{4B914F7E-217C-4225-8F59-D8D981B213D2}: NameServer = 212.0.138.12 212.0.138.13
O23 - Service: Apache2 - Unknown owner - C:\Program Files\xampp\apache\bin\apache.exe" -k runservice (file missing)
O23 - Service: Crypkey License - Kenonic Controls Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: FileZilla Server FTP server (FileZilla Server) - Unknown owner - C:\Program Files\xampp\FileZillaFTP\FileZillaServer.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: MySql - Unknown owner - C:/apache/mysql/bin/mysqld-nt.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PDFCreatorMessages - Global Graphics Software Ltd - C:\WINDOWS\system32\PDFCreatorMessages.exe
O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe
O23 - Service: XAMPP Service (XAMPP) - Unknown owner - C:\Program Files\xampp\service.exe

========== end of log file

However the problem still there, cannot use IE6, OE6, MSN messenger, Yahoo! messenger, Trillian, Acrobat Reader, & many other applications.

0

Ok I want you to do two things
First go to Jotti's and upload service.exe from C:\Program Files\xampp\ and see whether or not its infected. If it is remember that for the next step.

run HJT check the following
C:\Program Files\Common Files\Mdn.exe
O23 - Service: XAMPP Service (XAMPP) - Unknown owner - C:\Program Files\xampp\service.exe(Only check this one if service.exe was infected)
After checking those close all other windows besides HJT and click fix checked if a message pops up click yes.

Post back with the problems that are remaining

Also you might want to switch to the mozilla firefox browser, it has better security you can download it here.

0

OK. Jotti's scan on service.exe passed all the tests except the VBA32 which showed that it is infected by the following:

VBA32: Found Backdoor.Agent.78 (paranoid heuristics) (probable variant)

I did as instructed in the 2nd paragraph & checked the two files (mdn.exe & service.exe) on HJT then performed the fix.

Then I rebooted. Sadly no progress is being made!! I still can't use important apps that depend on Internet Explorer (not the browser I mean). Despite that, when I switch to Safe Mode, every single application works just fine without any problems. Internet cannot be accesssed while in safe mode so I couldn't test IE6, OE6, MSN messsenger, Trillian, Yahoo! messenger & other Internet apps.

About using Firefox: I'm already using it since I cannot use IE at the moment, but I need other apps like Outlook, messenger which are important to me.

0

ill need a new log to see whether or not the steps worked

Sorry, I've missed that. Hers's the new log:

Logfile of HijackThis v1.99.1
Scan saved at 09:39:41 م, on 14/06/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\xampp\apache\bin\apache.exe
C:\WINDOWS\system32\crypserv.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PDFCreatorMessages.exe
C:\WINDOWS\System32\PAStiSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\xampp\apache\bin\apache.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\JawsSystems\Jaws PDF Creator\PDFClient.exe
C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-xa\msnappau.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\msregstr.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\MSI\Core Center\CoreCenter.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\WINDOWS\system32\dwwin.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Real\RealOne Player\RealPlay.exe
C:\Program Files\Real\RealOne Player\RealPlay.exe
D:\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = localhost:4001
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O2 - BHO: Khlp894uObj Class - {C09A9316-CE14-4D19-B07C-E3C981B5941B} - C:\WINDOWS\system32\khlp894u.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O3 - Toolbar: Systran50premi.IEPlugIn - {9A0844DB-84CF-4440-BDB1-1F4F7C4F7FB0} - C:\Program Files\SYSTRAN\5.0\Premium\IEPlugIn.dll
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [PDFCreatorClient] C:\Program Files\JawsSystems\Jaws PDF Creator\PDFClient.exe
O4 - HKLM\..\Run: [msnappau] "C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-xa\msnappau.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [PDF Converter Registry Controller] "C:\Program Files\SYSTRAN\5.0\Premium\RegistryController.exe"
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [QuickTime Task] "D:\program files\qttask.exe" -atboottime
O4 - HKLM\..\Run: [mlan] C:\WINDOWS\mlan.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [MSRegstr] C:\WINDOWS\system32\msregstr.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: CoreCenter.lnk = C:\Program Files\MSI\Core Center\CoreCenter.exe
O4 - Global Startup: Server4PC.lnk = C:\Program Files\TechniSat DVB\bin\Server4PC.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Open and Translate in Word - res://C:\Program Files\SYSTRAN\5.0\Premium\IEShellExt.dll /10
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by13fd.bay13.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {99B6E512-3893-4155-9964-8EB8E06099CB} (WebSpyWareKiller Class) - http://download.zonelabs.com/bin/promotions/spywaredetector/WebSWK.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{4B914F7E-217C-4225-8F59-D8D981B213D2}: NameServer = 212.0.138.12 212.0.138.13
O23 - Service: Apache2 - Unknown owner - C:\Program Files\xampp\apache\bin\apache.exe" -k runservice (file missing)
O23 - Service: Crypkey License - Kenonic Controls Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: FileZilla Server FTP server (FileZilla Server) - Unknown owner - C:\Program Files\xampp\FileZillaFTP\FileZillaServer.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: MySql - Unknown owner - C:/apache/mysql/bin/mysqld-nt.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PDFCreatorMessages - Global Graphics Software Ltd - C:\WINDOWS\system32\PDFCreatorMessages.exe
O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe
O23 - Service: XAMPP Service (XAMPP) - Unknown owner - C:\Program Files\xampp\service.exe

0

Symantec W32.Mytob Removal Tool 1.20.0

W32.Mytob has not been found on your computer.

==============

The new HJT log:

Logfile of HijackThis v1.99.1
Scan saved at 12:20:59 ص, on 17/06/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\xampp\apache\bin\apache.exe
C:\WINDOWS\system32\crypserv.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PDFCreatorMessages.exe
C:\WINDOWS\System32\PAStiSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\xampp\apache\bin\apache.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\JawsSystems\Jaws PDF Creator\PDFClient.exe
C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-xa\msnappau.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\msregstr.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\MSI\Core Center\CoreCenter.exe
C:\Program Files\TechniSat DVB\bin\Server4PC.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\WINDOWS\system32\wuauclt.exe
D:\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = localhost:4001
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O2 - BHO: Khlp894uObj Class - {C09A9316-CE14-4D19-B07C-E3C981B5941B} - C:\WINDOWS\system32\khlp894u.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O3 - Toolbar: Systran50premi.IEPlugIn - {9A0844DB-84CF-4440-BDB1-1F4F7C4F7FB0} - C:\Program Files\SYSTRAN\5.0\Premium\IEPlugIn.dll
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [PDFCreatorClient] C:\Program Files\JawsSystems\Jaws PDF Creator\PDFClient.exe
O4 - HKLM\..\Run: [msnappau] "C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-xa\msnappau.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [PDF Converter Registry Controller] "C:\Program Files\SYSTRAN\5.0\Premium\RegistryController.exe"
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [QuickTime Task] "D:\program files\qttask.exe" -atboottime
O4 - HKLM\..\Run: [mlan] C:\WINDOWS\mlan.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [MSRegstr] C:\WINDOWS\system32\msregstr.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: CoreCenter.lnk = C:\Program Files\MSI\Core Center\CoreCenter.exe
O4 - Global Startup: Server4PC.lnk = C:\Program Files\TechniSat DVB\bin\Server4PC.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Open and Translate in Word - res://C:\Program Files\SYSTRAN\5.0\Premium\IEShellExt.dll /10
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by13fd.bay13.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {99B6E512-3893-4155-9964-8EB8E06099CB} (WebSpyWareKiller Class) - http://download.zonelabs.com/bin/promotions/spywaredetector/WebSWK.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
O23 - Service: Apache2 - Unknown owner - C:\Program Files\xampp\apache\bin\apache.exe" -k runservice (file missing)
O23 - Service: Crypkey License - Kenonic Controls Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: FileZilla Server FTP server (FileZilla Server) - Unknown owner - C:\Program Files\xampp\FileZillaFTP\FileZillaServer.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: MySql - Unknown owner - C:/apache/mysql/bin/mysqld-nt.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PDFCreatorMessages - Global Graphics Software Ltd - C:\WINDOWS\system32\PDFCreatorMessages.exe
O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe
O23 - Service: XAMPP Service (XAMPP) - Unknown owner - C:\Program Files\xampp\service.exe

===========

0

Ok.
Open HJT.
Go to Config
Click Misc Tools
Open HOSTS file manager
List the info from that(should say open in notepad. Then just copy and paste.)

0

Thanks for the response.

Here's HOSTS file contents:

# Copyright (c) 1993-1999 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host

127.0.0.1 localhost

0

Just an update to the current state of my problems:

  • Interent connection is OK. However, the problem of loggin in twice still persists.
  • I'm using Firefox without a single problem.
  • When I start the PC, then eventually connect to the Internet & use IE6, it works fine literally for less than 2 minutes. Every website I open wether from the address bar of favourites loads normally. It is just about 2 minutes then everything stops responding. If I hit the 'X' button to close the browser, I got 'The program is not responding' error message.
  • The above behaviour happens exactly when trying to start any of: IE6, OE6, Yahoo! Messenger, MSN Messenger 7.5, Windows Messenger, Trillian Messenger, Windows Media Player 10 & Adobe Acrobat Reader 6.
  • When I switch to Safe Mode, all these problems disaapear. But since I cannot connect to the Internet while in Safe Mode, I haven't the chance to test IE6 & other Internet programs behaviours.
0

Ok Lets try smitfraudfix.

download SmitfraudFix (by S!Ri) to your Desktop.
Extract all the files to your Destop. A folder named SmitfraudFix will be created on your Desktop.

Open the SmitfraudFix folder and double-click smitfraudfix.cmd
Select option #1 - Search by typing 1 and press Enter
This program will scan large amounts of files on your computer for known patterns so please be patient while it works. When it is done, the results of the scan will be displayed and it will create a log named rapport.txt in the root of your drive, eg: Local Disk C: or partition where your operating system is installed. Post that log.

0

OK.. It didn't take much time. Here're the results:

SmitFraudFix v2.64

Scan done at 6:18:10.18, Fri 06/23/2006
Run from C:\Documents and Settings\P4\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
Fix ran in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\P4\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Start Menu


»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\P4\FAVORI~1


»»»»»»»»»»»»»»»»»»»»»»»» Desktop


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files


»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys


»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"


»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Scanning wininet.dll infection


»»»»»»»»»»»»»»»»»»»»»»»» End

0

I just did. Ccleaner found about 800 issues. I backed up the registry then clicked 'fix all', then rebooted.

No progress so far.

0

Lets scan for hidden processes called RootKits.
Use BlackLight to scan for these.
Download it to your desktop.
Run the program, accept statement > click next then scan
When its finished scanning exit the program and post back the log if it detects hidden files, The log is called 'fsbl-<date/time>.log' which will save to the same location as the blbeta.exe file.

0

OK.. It found 5 hidden items! Here's the log file details:

06/23/06 19:13:13 [Info]: BlackLight Engine 1.0.41 initialized
06/23/06 19:13:13 [Info]: OS: 5.1 build 2600 (Service Pack 2)
06/23/06 19:13:13 [Note]: 7019 4
06/23/06 19:13:13 [Note]: 7005 0
06/23/06 19:13:18 [Note]: 7006 0
06/23/06 19:13:18 [Note]: 7011 2724
06/23/06 19:13:18 [Note]: 7026 0
06/23/06 19:13:18 [Note]: 7026 0
06/23/06 19:13:18 [Note]: 7024 3
06/23/06 19:13:18 [Note]: 7015 1340
06/23/06 19:13:18 [Note]: 7015 87
06/23/06 19:13:18 [Info]: Hidden process: C:\WINDOWS\system32\MSCFG32.EXE
06/23/06 19:13:18 [Note]: 7024 3
06/23/06 19:13:18 [Note]: 7015 3500
06/23/06 19:13:18 [Note]: 7015 87
06/23/06 19:13:18 [Info]: Hidden process: C:\Program Files\Internet Explorer\iexplore.exe
06/23/06 19:13:18 [Note]: FSRAW library version 1.7.1018
06/23/06 19:16:58 [Info]: Hidden file: c:\WINDOWS\system32\unilay.dll
06/23/06 19:16:58 [Note]: 7002 0
06/23/06 19:16:58 [Note]: 7003 1
06/23/06 19:16:58 [Note]: 10002 1
06/23/06 19:17:03 [Info]: Hidden file: c:\WINDOWS\system32\drivers\MSNDSRV.SYS
06/23/06 19:17:03 [Note]: 7002 0
06/23/06 19:17:03 [Note]: 7003 1
06/23/06 19:17:03 [Note]: 10002 1
06/23/06 19:17:05 [Info]: Hidden file: c:\WINDOWS\system32\MSCFG32.DLL
06/23/06 19:17:05 [Note]: 7002 0
06/23/06 19:17:05 [Note]: 7003 1
06/23/06 19:17:05 [Note]: 10002 1
06/23/06 19:17:05 [Info]: Hidden file: C:\WINDOWS\system32\MSCFG32.EXE
06/23/06 19:17:05 [Note]: 10002 1

0

There are some things that aren't good. Please check these items in HJT.

O4 - HKLM\..\Run: [MSRegstr] C:\WINDOWS\system32\msregstr.exe

O2 - BHO: Khlp894uObj Class - {C09A9316-CE14-4D19-B07C-E3C981B5941B} - C:\WINDOWS\system32\khlp894u.dll

O4 - HKLM\..\Run: [mlan] C:\WINDOWS\mlan.exe

Click Fix Checked.
____________________________________________________

Please download Pocket Killbox by O^E.

  • Save it to your desktop.
  • Please double-click Killbox.exe to run it.
  • Select:
    • Delete on Reboot
    • then Click on the All Files button.
  • Please copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):

    C:\WINDOWS\system32\khlp894u.dll

    C:\WINDOWS\system32\msregstr.exe

    C:\WINDOWS\mlan.exe


  • Return to Killbox, go to the File menu, and choose Paste from Clipboard.
  • Click the red-and-white Delete File button. Click Yes at the Delete on Reboot prompt. Click OK at any PendingFileRenameOperations prompt (and please let me know if you receive this message!).

If your computer does not restart automatically, please restart it manually.

0

Hi tayspen,

Thanks for your prompt. I did as instructed. It seems that the mlan.exe file has been removed since last HJT log I've submitted by one of the tools kylethedarkn adviced.

When I did a new scan, only msregstr.exe & khlp894u.dll appeared on the log. So I checked on them then clicked Fix checked.

The I ran KillBox & performed the instructions on your post.

It went OK with msregstr.exe & the system rebooted automatically without a pending error prompt.

With khlp894u.dll, it prompted for a 'PendingFileRenameOperations' message, then I had to reboot manually.

Here's the new HJT logfile:

Logfile of HijackThis v1.99.1
Scan saved at 09:14:28 م, on 23/06/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\xampp\apache\bin\apache.exe
C:\WINDOWS\system32\crypserv.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PDFCreatorMessages.exe
C:\WINDOWS\System32\PAStiSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\xampp\apache\bin\apache.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\JawsSystems\Jaws PDF Creator\PDFClient.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\MSI\Core Center\CoreCenter.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Real\RealOne Player\RealPlay.exe
D:\HJT\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = localhost:4001
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: Systran50premi.IEPlugIn - {9A0844DB-84CF-4440-BDB1-1F4F7C4F7FB0} - C:\Program Files\SYSTRAN\5.0\Premium\IEPlugIn.dll
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [PDFCreatorClient] C:\Program Files\JawsSystems\Jaws PDF Creator\PDFClient.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [QuickTime Task] "D:\program files\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: CoreCenter.lnk = C:\Program Files\MSI\Core Center\CoreCenter.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Open and Translate in Word - res://C:\Program Files\SYSTRAN\5.0\Premium\IEShellExt.dll /10
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by13fd.bay13.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {99B6E512-3893-4155-9964-8EB8E06099CB} (WebSpyWareKiller Class) - http://download.zonelabs.com/bin/promotions/spywaredetector/WebSWK.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{4B914F7E-217C-4225-8F59-D8D981B213D2}: NameServer = 212.0.138.12 212.0.138.13
O23 - Service: Apache2 - Unknown owner - C:\Program Files\xampp\apache\bin\apache.exe" -k runservice (file missing)
O23 - Service: Crypkey License - Kenonic Controls Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: FileZilla Server FTP server (FileZilla Server) - Unknown owner - C:\Program Files\xampp\FileZillaFTP\FileZillaServer.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: MySql - Unknown owner - C:/apache/mysql/bin/mysqld-nt.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PDFCreatorMessages - Global Graphics Software Ltd - C:\WINDOWS\system32\PDFCreatorMessages.exe
O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe
O23 - Service: XAMPP Service (XAMPP) - Unknown owner - C:\Program Files\xampp\service.exe

0

Are you still having problems?

Yes, unfortunately! All problems still exist.

0

Isn't that the online free scan plug-in from Trend? If so, I've done an online scan about a year ago with it & hadn't had any problems.

The problem with online free scan utilities is that they all require ActiveX 7 hence Internet Explorer to work. Since IE doesn't work, all those online scan services fail to work with Firefox.

This topic has been dead for over six months. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.