Morning Thunderbird1988,
Thanks for that. The first time I ran SDFix my computer crashed so I don't know which version this log belongs to. I'm sorry! But here it is. I also managed to fix my AVG and ran a scan with that, which I've posted afterwards. It found LOADS of things
Lastly, I've posted an up to date Highjack This log. Thank you again- you've been so helpful!
SDFix: Version 1.209 Run by Owner on 28/07/2008 at 22:00
Microsoft Windows XP [Version 5.1.2600]
Running From: C:\sdfix
Checking Services :
Restoring Default Security Values
Restoring Default Hosts File
Rebooting
Checking Files :
Trojan Files Found:
C:\WINDOWS\SYSTEM32\IALMCOIN.DLL - Deleted
C:\Documents and Settings\Owner\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.redtube.com\settings.sol - Deleted
C:\DOCUME~1\Owner\LOCALS~1\Temp\tmp24.tmp - Deleted
C:\DOCUME~1\Owner\LOCALS~1\Temp\tmp25.tmp - Deleted
C:\DOCUME~1\Owner\LOCALS~1\Temp\tmp26.tmp - Deleted
C:\DOCUME~1\Owner\LOCALS~1\Temp\tmp27.tmp - Deleted
C:\DOCUME~1\Owner\LOCALS~1\Temp\tmp28.tmp - Deleted
C:\DOCUME~1\Owner\LOCALS~1\Temp\tmp29.tmp - Deleted
C:\DOCUME~1\Owner\LOCALS~1\Temp\tmp2A.tmp - Deleted
C:\DOCUME~1\Owner\LOCALS~1\Temp\tmp2B.tmp - Deleted
C:\DOCUME~1\Owner\LOCALS~1\Temp\tmp2D.tmp - Deleted
C:\DOCUME~1\Owner\LOCALS~1\Temp\tmp2E.tmp - Deleted
C:\DOCUME~1\Owner\LOCALS~1\Temp\tmpCA.tmp - Deleted
C:\DOCUME~1\Owner\LOCALS~1\Temp\tmpCB.tmp - Deleted
C:\DOCUME~1\Owner\LOCALS~1\Temp\tmpD1.tmp - Deleted
C:\DOCUME~1\Owner\LOCALS~1\Temp\tmpD2.tmp - Deleted
C:\DOCUME~1\Owner\LOCALS~1\Temp\tmpD3.tmp - Deleted
C:\DOCUME~1\Owner\LOCALS~1\Temp\tmpD4.tmp - Deleted
C:\DOCUME~1\Owner\LOCALS~1\Temp\tmpD7.tmp - Deleted
C:\DOCUME~1\Owner\LOCALS~1\Temp\tmpD8.tmp - Deleted
C:\WINDOWS\system32\TFTP1304 - Deleted
C:\WINDOWS\system32\TFTP1372 - Deleted
C:\WINDOWS\system32\TFTP144 - Deleted
C:\WINDOWS\system32\TFTP1488 - Deleted
C:\WINDOWS\system32\TFTP1588 - Deleted
C:\WINDOWS\system32\TFTP1684 - Deleted
C:\WINDOWS\system32\TFTP1740 - Deleted
C:\WINDOWS\system32\TFTP1952 - Deleted
C:\WINDOWS\system32\TFTP2100 - Deleted
C:\WINDOWS\system32\TFTP2208 - Deleted
C:\WINDOWS\system32\TFTP2372 - Deleted
C:\WINDOWS\system32\TFTP2412 - Deleted
C:\WINDOWS\system32\TFTP2524 - Deleted
C:\WINDOWS\system32\TFTP2768 - Deleted
C:\WINDOWS\system32\TFTP2796 - Deleted
C:\WINDOWS\system32\TFTP3428 - Deleted
C:\WINDOWS\system32\TFTP3444 - Deleted
C:\WINDOWS\system32\TFTP3816 - Deleted
C:\WINDOWS\system32\TFTP3992 - Deleted
C:\WINDOWS\system32\TFTP4032 - Deleted
C:\WINDOWS\system32\TFTP4044 - Deleted
C:\WINDOWS\system32\TFTP496 - Deleted
C:\WINDOWS\system32\TFTP840 - Deleted
C:\WINDOWS\system32\TFTP932 - Deleted
C:\WINDOWS\system\svchost.exe - Deleted
C:\WINDOWS\system32\bot.exe - Deleted
C:\WINDOWS\system32\WinGuard.exe - Deleted
Folder C:\Documents and Settings\Owner\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.redtube.com - Removed
Removing Temp Files
ADS Check :
Final Check :
catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2008-07-28 22:24:59
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden services & system hive ...
scanning hidden registry entries ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0
Remaining Services :
Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\eDonkey2000\\edonkey2000.exe"="C:\\Program Files\\eDonkey2000\\edonkey2000.exe:*:Enabled:edonkey2000"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Program Files\\WinMX\\WinMX.exe"="C:\\Program Files\\WinMX\\WinMX.exe:*:Enabled:WinMX Application"
"C:\\Program Files\\Internet Explorer\\iexplore.exe"="C:\\Program Files\\Internet Explorer\\iexplore.exe:*:Enabled:Internet Explorer"
"C:\\Program Files\\eMule\\emule.exe"="C:\\Program Files\\eMule\\emule.exe:*:Enabled:eMule"
"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"="C:\\Program Files\\Real\\RealPlayer\\realplay.exe:*:Enabled:RealPlayer"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:MSN Messenger 7.0"
"C:\\Program Files\\Java\\jre1.5.0_02\\bin\\javaw.exe"="C:\\Program Files\\Java\\jre1.5.0_02\\bin\\javaw.exe:*:Enabled:Java 2 Platform Standard Edition binary"
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"="C:\\Program Files\\Mozilla Firefox\\firefox.exe:*:Enabled:Firefox"
"C:\\Program Files\\Java\\jre1.5.0_06\\bin\\javaw.exe"="C:\\Program Files\\Java\\jre1.5.0_06\\bin\\javaw.exe:*:Enabled:Java 2 Platform Standard Edition binary"
"C:\\Program Files\\GameSpy Arcade\\Aphex.exe"="C:\\Program Files\\GameSpy Arcade\\Aphex.exe:*:Enabled:GameSpy Arcade"
"C:\\Program Files\\Azureus\\Azureus.exe"="C:\\Program Files\\Azureus\\Azureus.exe:*:Enabled:Azureus"
"C:\\Program Files\\iTunes\\alex\\iTunes.exe"="C:\\Program Files\\iTunes\\alex\\iTunes.exe:*:Enabled:iTunes"
"C:\\Program Files\\BitComet\\BitComet.exe"="C:\\Program Files\\BitComet\\BitComet.exe:*:Enabled:BitComet - a BitTorrent Client"
"C:\\Documents and Settings\\Owner\\Local Settings\\Temporary Internet Files\\Content.IE5\\SDYFWXUZ\\StarCraft2CinematicTrailer_EnglishUS-avi-downloader[1].exe"="C:\\Documents and Settings\\Owner\\Local Settings\\Temporary Internet Files\\Content.IE5\\SDYFWXUZ\\StarCraft2CinematicTrailer_EnglishUS-avi-downloader[1].exe:*:Enabled:Blizzard Downloader"
"C:\\Program Files\\Neoteris\\Secure Application Manager\\dsSamProxy.exe"="C:\\Program Files\\Neoteris\\Secure Application Manager\\dsSamProxy.exe:*:Enabled:Secure Application Manager Proxy"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Program Files\\BitComet101\\BitComet.exe"="C:\\Program Files\\BitComet101\\BitComet.exe:*:Enabled:BitComet - a BitTorrent Client"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:MSN Messenger 7.0"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
Remaining Files :
File Backups: - C:\SDFix\backups\backups.zip
Files with Hidden Attributes :
Sun 11 Jul 2004 84,992 ..SHR --- "C:\WINDOWS\system32\lsac.exe"
Sat 7 Jun 2003 4,348 ..SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Sat 27 Jan 2007 128,512 ...H. --- "C:\Documents and Settings\Owner\Desktop\~WRL0038.tmp"
Fri 9 Mar 2007 106,496 A.SHR --- "C:\WINDOWS\system\_sv_CMD_\_U_.exe"
Sun 17 Sep 2006 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
Sun 9 Jul 2006 34,816 ...H. --- "C:\Documents and Settings\Owner\My Documents\Em's folder\paypal\~WRL0004.tmp"
Sun 9 Jul 2006 34,816 ...H. --- "C:\Documents and Settings\Owner\My Documents\Em's folder\paypal\~WRL3172.tmp"
Sun 9 Jul 2006 34,816 ...H. --- "C:\Documents and Settings\Owner\My Documents\Em's folder\paypal\~WRL3949.tmp"
Thu 13 Sep 2007 114,176 ...H. --- "C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\09CVKN0F\~WRL0416.tmp"
Thu 13 Sep 2007 118,272 ...H. --- "C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\09CVKN0F\~WRL0421.tmp"
Thu 13 Sep 2007 108,032 ...H. --- "C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\09CVKN0F\~WRL0689.tmp"
Thu 13 Sep 2007 119,296 ...H. --- "C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\09CVKN0F\~WRL3787.tmp"
Thu 13 Sep 2007 108,032 ...H. --- "C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\09CVKN0F\~WRL3828.tmp"
Thu 13 Sep 2007 113,152 ...H. --- "C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\09CVKN0F\~WRL3932.tmp"
Finished!
AVG results"Scan ""Scan whole computer"" was finished."
"Infections found:";"20"
"Infected objects removed or healed:";"20"
"Not removed or healed:";"0"
"Spyware found:";"8"
"Spyware removed:";"8"
"Not removed:";"0"
"Warnings count:";"74"
"Information count:";"0"
"Scan started:";"29 July 2008, 21:03:37"
"Scan finished:";"29 July 2008, 23:15:20 (2 hour(s) 11 minute(s) 43 second(s))"
"Total object scanned:";"635874"
"User who launched the scan:";"Owner"
"Infections"
"File";"Infection";"Result"
"C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\dfgdfgdfg.jar-47ca32a3-51dfced9.zip";"Trojan horse Java/ClassLoader";"Moved to Virus Vault"
"C:\SDFix\backups\backups.zip";"Virus identified Worm/Agobot.25.M";"Moved to Virus Vault"
"C:\SDFix\backups\backups.zip:\backups\bot.exe";"Virus identified Worm/Agobot.25.M";"Moved to Virus Vault"
"C:\SDFix\backups\backups.zip:\backups\movedfile.vir";"Virus identified Worm/Generic.BVE";"Moved to Virus Vault"
"C:\SDFix\backups\backups.zip:\backups\svchost.exe";"Virus identified Worm/Generic.BVE";"Moved to Virus Vault"
"C:\SDFix\backups\backups.zip:\backups\winguard.exe";"Virus identified Exploit.MS04-011";"Moved to Virus Vault"
"C:\WINDOWS\system32\ftpupd.exe";"Virus identified Worm/Korgo.B";"Moved to Virus Vault"
"C:\WINDOWS\system32\lsac.exe";"Virus identified Exploit.MS04-011";"Moved to Virus Vault"
"H:\RECYCLER\INFO.exe";"Virus identified Worm/Generic.BVE";"Moved to Virus Vault"
"H:\System Volume Information\_restore{6A1F147C-1AD2-4516-B4BD-5F418FB8D321}\RP932\A0238280.exe";"Virus identified Worm/Generic.BVE";"Moved to Virus Vault"
"H:\System Volume Information\_restore{6A1F147C-1AD2-4516-B4BD-5F418FB8D321}\RP1001\A0258806.exe";"Virus identified Worm/Generic.BVE";"Moved to Virus Vault"
"H:\System Volume Information\_restore{6A1F147C-1AD2-4516-B4BD-5F418FB8D321}\RP944\A0240151.exe";"Virus identified Worm/Generic.BVE";"Moved to Virus Vault"
"H:\System Volume Information\_restore{6A1F147C-1AD2-4516-B4BD-5F418FB8D321}\RP945\A0240166.exe";"Virus identified Worm/Generic.BVE";"Moved to Virus Vault"
"H:\System Volume Information\_restore{6A1F147C-1AD2-4516-B4BD-5F418FB8D321}\RP946\A0240177.exe";"Virus identified Worm/Generic.BVE";"Moved to Virus Vault"
"H:\System Volume Information\_restore{6A1F147C-1AD2-4516-B4BD-5F418FB8D321}\RP1002\A0261880.exe";"Virus identified Worm/Generic.BVE";"Moved to Virus Vault"
"H:\System Volume Information\_restore{6A1F147C-1AD2-4516-B4BD-5F418FB8D321}\RP932\A0238285.exe";"Virus identified Worm/Generic.BVE";"Moved to Virus Vault"
"H:\System Volume Information\_restore{6A1F147C-1AD2-4516-B4BD-5F418FB8D321}\RP977\A0248022.exe";"Virus identified Worm/Generic.BVE";"Moved to Virus Vault"
"H:\System Volume Information\_restore{6A1F147C-1AD2-4516-B4BD-5F418FB8D321}\RP977\A0248053.exe";"Virus identified Worm/Generic.BVE";"Moved to Virus Vault"
"H:\System Volume Information\_restore{6A1F147C-1AD2-4516-B4BD-5F418FB8D321}\RP978\A0248085.exe";"Virus identified Worm/Generic.BVE";"Moved to Virus Vault"
"H:\System Volume Information\_restore{6A1F147C-1AD2-4516-B4BD-5F418FB8D321}\RP981\A0249144.exe";"Virus identified Worm/Generic.BVE";"Moved to Virus Vault"
"Spyware"
"File";"Infection";"Result"
"C:\hp\bin\Terminator.exe";"Potentially harmful program HackTool.BVU";"Moved to Virus Vault"
"C:\Program Files\GameSpy Arcade\GSAPak.exe";"Adware Generic2.ZHX";"Moved to Virus Vault"
"C:\Program Files\Mozilla Firefox\plugins\NPMyWebS.dll";"Adware Generic.DOI";"Moved to Virus Vault"
"C:\Program Files\Nostra DivX Player\SaveInstWm.exe";"Adware Generic.LMK";"Moved to Virus Vault"
"C:\Program Files\Nostra DivX Player\SaveInstWm.exe:\Save.exe";"Adware Generic.LMK";"Moved to Virus Vault"
"C:\Program Files\Nostra DivX Player\SaveInstWm.exe:\SaveUninst.exe";"Adware Generic.SAT";"Moved to Virus Vault"
"C:\Program Files\Nostra DivX Player\SaveInstWm.exe:\Weather\Uninst.exe";"Adware Generic2.QXV";"Moved to Virus Vault"
"C:\Program Files\Nostra DivX Player\SaveInstWm.exe:\Weather\Weather.exe";"Adware Generic2.BBI";"Moved to Virus Vault"
"Warnings"
"File";"Infection";"Result"
"C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ol8ibfs6.default\cookies.txt";"Found Tracking cookie.2o7";"Potentially dangerous object"
"C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ol8ibfs6.default\cookies.txt:\2o7.net.1a6a6c0d";"Found Tracking cookie.2o7";"Potentially dangerous object"
"C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ol8ibfs6.default\cookies.txt:\2o7.net.23a940be";"Found Tracking cookie.2o7";"Potentially dangerous object"
"C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ol8ibfs6.default\cookies.txt:\2o7.net.1ba0e966";"Found Tracking cookie.2o7";"Potentially dangerous object"
"C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ol8ibfs6.default\cookies.txt:\2o7.net.2623214a";"Found Tracking cookie.2o7";"Potentially dangerous object"
"C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ol8ibfs6.default\cookies.txt:\2o7.net.484dbb69";"Found Tracking cookie.2o7";"Potentially dangerous object"
"C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ol8ibfs6.default\cookies.txt:\2o7.net.4d4e0536";"Found Tracking cookie.2o7";"Potentially dangerous object"
"C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ol8ibfs6.default\cookies.txt:\2o7.net.686f76b4";"Found Tracking cookie.2o7";"Potentially dangerous object"
"C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ol8ibfs6.default\cookies.txt:\2o7.net.697706d6";"Found Tracking cookie.2o7";"Potentially dangerous object"
"C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ol8ibfs6.default\cookies.txt:\2o7.net.6dc9f747";"Found Tracking cookie.2o7";"Potentially dangerous object"
"C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ol8ibfs6.default\cookies.txt:\2o7.net.8777f6c6";"Found Tracking cookie.2o7";"Potentially dangerous object"
"C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ol8ibfs6.default\cookies.txt:\2o7.net.93af4fad";"Found Tracking cookie.2o7";"Potentially dangerous object"
"C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ol8ibfs6.default\cookies.txt:\2o7.net.9bbee8a7";"Found Tracking cookie.2o7";"Potentially dangerous object"
"C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ol8ibfs6.default\cookies.txt:\2o7.net.7919062b";"Found Tracking cookie.2o7";"Potentially dangerous object"
"C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ol8ibfs6.default\cookies.txt:\2o7.net.7ae9c250";"Found Tracking cookie.2o7";"Potentially dangerous object"
"C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ol8ibfs6.default\cookies.txt:\2o7.net.ba00a41a";"Found Tracking cookie.2o7";"Potentially dangerous object"
"C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ol8ibfs6.default\cookies.txt:\2o7.net.7ea8995a";"Found Tracking cookie.2o7";"Potentially dangerous object"
"C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ol8ibfs6.default\cookies.txt:\2o7.net.c7b585e6";"Found Tracking cookie.2o7";"Potentially dangerous object"
"C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ol8ibfs6.default\cookies.txt:\2o7.net.cb19198d";"Found Tracking cookie.2o7";"Potentially dangerous object"
"C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ol8ibfs6.default\cookies.txt:\2o7.net.d2aa96c8";"Found Tracking cookie.2o7";"Potentially dangerous object"
"C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ol8ibfs6.default\cookies.txt:\2o7.net.d456db17";"Found Tracking cookie.2o7";"Potentially dangerous object"
"C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ol8ibfs6.default\cookies.txt:\2o7.net.e26bad26";"Found Tracking cookie.2o7";"Potentially dangerous object"
"C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ol8ibfs6.default\cookies.txt:\2o7.net.ec4774bb";"Found Tracking cookie.2o7";"Potentially dangerous object"
"C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ol8ibfs6.default\cookies.txt:\2o7.net.f1d32757";"Found Tracking cookie.2o7";"Potentially dangerous object"
"C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ol8ibfs6.default\cookies.txt:\atdmt.com.b3e33b5f";"Found Tracking cookie.Atdmt";"Potentially dangerous object"
"C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ol8ibfs6.default\cookies.txt:\msnportal.112.2o7.net.7225be6f";"Found Tracking cookie.2o7";"Potentially dangerous object"
"C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ol8ibfs6.default\cookies.txt:\statcounter.com.1ba48dcc";"Found Tracking cookie.Statcounter";"Potentially dangerous object"
"C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ol8ibfs6.default\cookies.txt:\statcounter.com.2f109f47";"Found Tracking cookie.Statcounter";"Potentially dangerous object"
"C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ol8ibfs6.default\cookies.txt:\statcounter.com.3008dc36";"Found Tracking cookie.Statcounter";"Potentially dangerous object"
"C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ol8ibfs6.default\cookies.txt:\statcounter.com.4ef8a2b6";"Found Tracking cookie.Statcounter";"Potentially dangerous object"
"C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ol8ibfs6.default\cookies.txt:\statcounter.com.61ace4ce";"Found Tracking cookie.Statcounter";"Potentially dangerous object"
"C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ol8ibfs6.default\cookies.txt:\statcounter.com.803af41e";"Found Tracking cookie.Statcounter";"Potentially dangerous object"
"C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ol8ibfs6.default\cookies.txt:\statcounter.com.8e3ce386";"Found Tracking cookie.Statcounter";"Potentially dangerous object"
"C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ol8ibfs6.default\cookies.txt:\statcounter.com.a5a0685f";"Found Tracking cookie.Statcounter";"Potentially dangerous object"
"C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ol8ibfs6.default\cookies.txt:\statcounter.com.ad2991f2";"Found Tracking cookie.Statcounter";"Potentially dangerous object"
"C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ol8ibfs6.default\cookies.txt:\statcounter.com.e54e374";"Found Tracking cookie.Statcounter";"Potentially dangerous object"
"C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ol8ibfs6.default\cookies.txt:\statcounter.com.319f5b3a";"Found Tracking cookie.Statcounter";"Potentially dangerous object"
"C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ol8ibfs6.default\cookies.txt:\statcounter.com.3aef2dd9";"Found Tracking cookie.Statcounter";"Potentially dangerous object"
"C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ol8ibfs6.default\cookies.txt:\statcounter.com.3b29cc9e";"Found Tracking cookie.Statcounter";"Potentially dangerous object"
"C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ol8ibfs6.default\cookies.txt:\statcounter.com.452ef943";"Found Tracking cookie.Statcounter";"Potentially dangerous object"
"C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ol8ibfs6.default\cookies.txt:\statcounter.com.4d861cea";"Found Tracking cookie.Statcounter";"Potentially dangerous object"
"C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ol8ibfs6.default\cookies.txt:\statcounter.com.4e188af9";"Found Tracking cookie.Statcounter";"Potentially dangerous object"
"C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ol8ibfs6.default\cookies.txt:\statcounter.com.54524c13";"Found Tracking cookie.Statcounter";"Potentially dangerous object"
"C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ol8ibfs6.default\cookies.txt:\statcounter.com.5962555d";"Found Tracking cookie.Statcounter";"Potentially dangerous object"
"C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ol8ibfs6.default\cookies.txt:\statcounter.com.5a6bde8c";"Found Tracking cookie.Statcounter";"Potentially dangerous object"
"C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ol8ibfs6.default\cookies.txt:\statcounter.com.5c24f3bf";"Found Tracking cookie.Statcounter";"Potentially dangerous object"
"C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ol8ibfs6.default\cookies.txt:\statcounter.com.5ca26386";"Found Tracking cookie.Statcounter";"Potentially dangerous object"
"C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ol8ibfs6.default\cookies.txt:\statcounter.com.5d0b7b4d";"Found Tracking cookie.Statcounter";"Potentially dangerous object"
"C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ol8ibfs6.default\cookies.txt:\statcounter.com.5f8a688c";"Found Tracking cookie.Statcounter";"Potentially dangerous object"
"C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ol8ibfs6.default\cookies.txt:\statcounter.com.89c8049d";"Found Tracking cookie.Statcounter";"Potentially dangerous object"
"C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ol8ibfs6.default\cookies.txt:\statcounter.com.91670ceb";"Found Tracking cookie.Statcounter";"Potentially dangerous object"
"C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ol8ibfs6.default\cookies.txt:\statcounter.com.99064bff";"Found Tracking cookie.Statcounter";"Potentially dangerous object"
"C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ol8ibfs6.default\cookies.txt:\statcounter.com.99e8d8b4";"Found Tracking cookie.Statcounter";"Potentially dangerous object"
"C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ol8ibfs6.default\cookies.txt:\statcounter.com.6825e6f1";"Found Tracking cookie.Statcounter";"Potentially dangerous object"
"C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ol8ibfs6.default\cookies.txt:\statcounter.com.71c65560";"Found Tracking cookie.Statcounter";"Potentially dangerous object"
"C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ol8ibfs6.default\cookies.txt:\statcounter.com.7374b1b7";"Found Tracking cookie.Statcounter";"Potentially dangerous object"
"C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ol8ibfs6.default\cookies.txt:\statcounter.com.73eebe98";"Found Tracking cookie.Statcounter";"Potentially dangerous object"
"C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ol8ibfs6.default\cookies.txt:\statcounter.com.9bd9c5c9";"Found Tracking cookie.Statcounter";"Potentially dangerous object"
"C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ol8ibfs6.default\cookies.txt:\statcounter.com.ab16e10d";"Found Tracking cookie.Statcounter";"Potentially dangerous object"
"C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ol8ibfs6.default\cookies.txt:\statcounter.com.bd53eecb";"Found Tracking cookie.Statcounter";"Potentially dangerous object"
"C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ol8ibfs6.default\cookies.txt:\statcounter.com.d6e2c7d1";"Found Tracking cookie.Statcounter";"Potentially dangerous object"
"C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ol8ibfs6.default\cookies.txt:\statcounter.com.8f654926";"Found Tracking cookie.Statcounter";"Potentially dangerous object"
"C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ol8ibfs6.default\cookies.txt:\statcounter.com.94018c22";"Found Tracking cookie.Statcounter";"Potentially dangerous object"
"C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ol8ibfs6.default\cookies.txt:\statcounter.com.9552d625";"Found Tracking cookie.Statcounter";"Potentially dangerous object"
"C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ol8ibfs6.default\cookies.txt:\statcounter.com.98bf7c29";"Found Tracking cookie.Statcounter";"Potentially dangerous object"
"C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ol8ibfs6.default\cookies.txt:\statcounter.com.a4081563";"Found Tracking cookie.Statcounter";"Potentially dangerous object"
"C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ol8ibfs6.default\cookies.txt:\statcounter.com.ce90c9dc";"Found Tracking cookie.Statcounter";"Potentially dangerous object"
"C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ol8ibfs6.default\cookies.txt:\statcounter.com.b4417ab7";"Found Tracking cookie.Statcounter";"Potentially dangerous object"
"C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ol8ibfs6.default\cookies.txt:\statcounter.com.bbd0f785";"Found Tracking cookie.Statcounter";"Potentially dangerous object"
"C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ol8ibfs6.default\cookies.txt:\statcounter.com.f3a079f";"Found Tracking cookie.Statcounter";"Potentially dangerous object"
"C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ol8ibfs6.default\cookies.txt:\statcounter.com.f540b973";"Found Tracking cookie.Statcounter";"Potentially dangerous object"
"C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ol8ibfs6.default\cookies.txt:\statcounter.com.f5ad42b1";"Found Tracking cookie.Statcounter";"Potentially dangerous object"
"C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ol8ibfs6.default\cookies.txt:\statcounter.com.ff6b688";"Found Tracking cookie.Statcounter";"Potentially dangerous object"
"C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ol8ibfs6.default\cookies.txt:\yadro.ru.c77afad5";"Found Tracking cookie.Yadro";"Potentially dangerous object"
Highjack ThisLogfile of Trend Micro HijackThis v2.0.2
Scan saved at 08:23:33, on 30/07/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\PROGRA~1\Grisoft\AVG6\avgserv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\Citrix\ICA Client\ssonsvr.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\S3tray2.exe
C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Citrix\ICA Client\pnagent.exe
C:\Program Files\NETGEAR\WG111v2 Configuration Utility\RtlWake.exe
C:\Program Files\NETGEAR\WG111v2 Configuration Utility\RtWLan.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.ebay.co.uk/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft....k/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft....k/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft....k/?LinkId=54896O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [S3TRAY2] S3tray2.exe
O4 - HKLM\..\Run: [83CB3A8E] C:\WINDOWS\System32\dbyanyzghffd.exe
O4 - HKLM\..\Run: [AVG_CC] C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe /STARTUP
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\RunServices: [DE994F20] C:\WINDOWS\System32\dbyanyzghffd.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [BitComet] "C:\Program Files\BitComet101\BitComet.exe" /tray
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [Microsoft Services] lsrv.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Microsoft Services] lsrv.exe (User 'Default user')
O4 - Startup: MyWebSearch Email Plugin.lnk = C:\QooBox\Quarantine\C\Program Files\MyWebSearch\bar\4.bin\MWSOEMON.EXE.vir
O4 - Global Startup: MA111 Configuration Utility.lnk = ?
O4 - Global Startup: MyWebSearch Email Plugin.lnk = C:\QooBox\Quarantine\C\Program Files\MyWebSearch\bar\4.bin\MWSOEMON.EXE.vir
O4 - Global Startup: Program Neighborhood Agent.lnk = C:\Program Files\Citrix\ICA Client\pnagent.exe
O4 - Global Startup: WG111v2 Smart Wizard Wireless Setting.lnk = ?
O8 - Extra context menu item: &Search -
http://bar.mywebsear...html?p=ZNxdm205O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: *.line6.net
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) -
http://go.microsoft....k/?linkid=39204O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} -
http://us.dl1.yimg.c...ebio5_1_6_0.cabO18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: schmap-help - {2CF664A0-5EA6-47B5-884C-433A60145F78} - C:\Program Files\Schmap\Schmap Player\SchmapDocLib.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: AVG6 Service (AvgServ) - GRISOFT s.r.o - C:\PROGRA~1\Grisoft\AVG6\avgserv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
--
End of file - 7115 bytes