Content Top
DAL Computer Help » Internet Security Help » Spyware, Adware, Viruses and HijackThis Logs » Symantec found virus: kernels1118.exe & Infostealer

Recommended Fix

Click here to fix Windows Errors and Optimize Windows Performance

Need Computer Help?
Register Now for FREE

Symantec found virus: kernels1118.exe & Infostealer

Reply
Page 1 of 2 1 2
Thread Tools
Spyware, Adware, Viruses and HijackThis Logs
  #1 (permalink)  
Old 20-01-2007, 04:04 AM
Newbie
D-A-L Newbie
  
Join Date: Jan 2007
Posts: 9
Tj_El Is a beginner here at D-A-L
Symantec found virus: kernels1118.exe & Infostealer
Hi,

I have read and followed the instructions within the 'sticky' and here post my HJT log.

Could someone please advise what I can do to resolve the issue re an infection of 'kernels1118.exe' and something else called 'Infostealer'?

I have run both SpyBot and Ad-Aware and followed the prompts through.
Symantec Anti-Virus reports the viruses as quarantined. How can I get them off the pc?

Your help and assistance appreciated.

With regards,
TJ
================================================== =
Logfile of HijackThis v1.99.1
Scan saved at 02:04:51, on 20/01/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
D:\WINDOWS\System32\cisvc.exe
D:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
D:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
D:\WINDOWS\system32\nvsvc32.exe
D:\WINDOWS\System32\svchost.exe
D:\Program Files\TightVNC\WinVNC.exe
D:\WINDOWS\Explorer.EXE
D:\WINDOWS\system32\rundll32.exe
D:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
D:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
D:\Program Files\HP\HP Software Update\HPWuSchd2.exe
D:\Program Files\iTunes\iTunesHelper.exe
D:\WINDOWS\System32\svchost.exe
D:\Program Files\QuickTime\qttask.exe
D:\WINDOWS\system32\RUNDLL32.EXE
D:\Program Files\iPod\bin\iPodService.exe
D:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
D:\Program Files\lycos\Lyc_SysTray.exe
D:\PROGRA~1\MICROS~3\wcescomm.exe
D:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\Go ogleToolbarNotifier.exe
D:\PROGRA~1\MICROS~3\rapimgr.exe
D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
D:\WINDOWS\system32\ctfmon.exe
D:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
D:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
D:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
D:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
D:\WINDOWS\system32\cidaemon.exe
D:\Program Files\Mozilla Firefox\firefox.exe
D:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://actionchapel.org.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - d:\program files\google\googletoolbar2.dll
O2 - BHO: NTIECatcher Class - {C56CB6B0-0D96-11D6-8C65-B2868B609932} - D:\Program Files\Xi\NetTransport 2\NTIEHelper.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - d:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [vptray] D:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [NeroFilterCheck] D:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [HP Software Update] D:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [iTunesHelper] "D:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE D:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [WinVNC] "D:\Program Files\TightVNC\WinVNC.exe" -servicehelper
O4 - HKLM\..\Run: [Adobe Photo Downloader] "D:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKCU\..\Run: [lycosInside] D:\Program Files\lycos\Lyc_SysTray.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "D:\PROGRA~1\MICROS~3\wcescomm.exe"
O4 - HKCU\..\Run: [swg] D:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\Go ogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = D:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = D:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = D:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: SpywareBlaster.lnk = D:\Program Files\SpywareBlaster\spywareblaster.exe
O8 - Extra context menu item: &ieSpell Options - res://D:\Program Files\ieSpell\iespell.dll/SPELLOPTION.HTM
O8 - Extra context menu item: Check &Spelling - res://D:\Program Files\ieSpell\iespell.dll/SPELLCHECK.HTM
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - D:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - D:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - D:\Program Files\ieSpell\iespell.dll
O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - D:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - D:\Program Files\ieSpell\iespell.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - D:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - D:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - D:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - D:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - D:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - D:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - D:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: ppctlcab - http://ppupdates.ca.com/downloads/scanner/ppctlcab.cab
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - D:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {7D731A83-6C80-4EA4-9646-5E06A0513274} (Sandlot Loader Control) - http://www.shockwave.com/content/bal...webinstall.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game06.zylom.com/activex/zylomgamesplayer.cab
O16 - DPF: {C432C4BD-3566-411C-8F3C-E5E0D3AE5D33} (CBrowser Class) - http://www.streamingfaith.com/common...INIBrowser.CAB
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://www.popcap.com/games/popcaploader_v6.cab
O16 - DPF: {FA9740A2-5802-42E2-B509-81186EEB3C42} (WABControl Class) - http://www.linkedin.com/cab/wabctrl.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - D:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - D:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: NavLogon - D:\WINDOWS\system32\NavLogon.dll
O20 - Winlogon Notify: WgaLogon - D:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - D:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - D:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: DefWatch - Symantec Corporation - D:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
O23 - Service: Contivity VPN Service (ExtranetAccess) - Nortel Networks NA, Inc. - D:\Program Files\BMG VPN Client\Extranet_serv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - D:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - D:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Microsoft authenticate service (MsaSvc) - Unknown owner - D:\WINDOWS\system32\msasvc.exe (file missing)
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - D:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - D:\WINDOWS\system32\HPZipm12.exe
O23 - Service: VNC Server (winvnc) - Unknown owner - D:\Program Files\TightVNC\WinVNC.exe" -service (file missing)
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
  #2 (permalink)  
Old 21-01-2007, 02:27 PM
VopThis's Avatar
Senior Member (Canada)
  
Join Date: Nov 2005
Posts: 3,439
VopThis is a D-A-L Rockstar!VopThis is a D-A-L Rockstar!VopThis is a D-A-L Rockstar!VopThis is a D-A-L Rockstar!VopThis is a D-A-L Rockstar!VopThis is a D-A-L Rockstar!VopThis is a D-A-L Rockstar!VopThis is a D-A-L Rockstar!VopThis is a D-A-L Rockstar!VopThis is a D-A-L Rockstar!VopThis is a D-A-L Rockstar!
Re: Symantec found virus: kernels1118.exe & Infostealer
Please disable the ‘active protection’ components of the following application(s), as it/they may hinder the removal of some entries. Otherwise, certain cleaning attempts may be wrongly recognized and blocked as hijacking attempts or other potentially inappropriate behavior. You can re-enable such tools after your computer is clean.


Disable Spybot Search & Destroy (Teatimer)

1) Run Spybot-S&D
2) Go to the Mode menu, and make sure "Advanced Mode" is selected
3) On the left hand side, choose Tools -> Resident
4) Uncheck "Resident TeaTimer" and OK any prompts
5) Restart your computer.




Quote:
O23 - Service: Microsoft authenticate service (MsaSvc) - Unknown owner - D:\WINDOWS\system32\msasvc.exe (file missing)
Stop and Disable a Service
  • Go to Start » Run » type: Services.msc » OK.
  • Scroll down and find this service: (bracketed service name{s})
  • Double-click on it.
  • Under the General tab, click the Stop button.
  • Then change the Startup Type to Disabled.
  • Click Apply and then OK.
Next:
  • Run HijackThis.
  • Click on ’Open the Misc Tools section’.
  • Click on ’Delete an NT Service’.
  • Enter the (service name identified in brackets) into that field (make sure there are NO spaces before or after the name):
    service name(s)
  • Click OK and select NO when asked to reboot.




We will be restarting into Safe Mode later on in the fix and you might not be able to access the Internet. Accordingly, it is probably a good idea to print out the following directions or copy them to a text file on your desktop using NOTEPAD. Read these instructions carefully and feel free to ask if you're unsure about anything.




Download and install AVG Anti-Spyware 7.5 (AVG AS - formally known as Ewido anti-spyware 4.0 - uninstall any previous version first).
  • Click the Download BUTTON. On the next page click the Download now BUTTON.
  • Save and then install (Run) from the save location.
  • Open/Run AVG Anti-Spyware
  • Wait a few moments and AVG Anti-Spyware should Auto update itself (note date of last update). If it doesn't update, click the update ICON at top of screen:

    Quote:
  • Click on the Update now LINK at the top of the window
    • Click on the Start update button
    • Wait for the update to download and install
    		•
  • This is very important to get the LATEST updates.
  • Click on the Status ICON
    • Under "Your computers Security"
      Click change status on Resident shield to inactive (ONLY consider activation of that feature once you are clean)
  • Click on the Scanner ICON at the top of the window
  • Click on the Settings tab then select Recommended Actions and choose Quarantine
  • When updating has finished. Close AVG Anti-Spyware.



We will be using this tool in a later step.




Reboot your computer in Safe Mode.
  • If the computer is running, shut down Windows, and then turn off the power.
  • Wait 30 seconds, and then turn the computer on.
  • Start tapping the F8 key. The Windows Advanced Options Menu appears. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, restart the computer and try again.
  • Ensure that the Safe Mode option is selected.
  • Press Enter. The computer then begins to start in Safe mode.
  • Login on your usual account.
______________________________


Close ALL open Windows / Programs / Folders. Please start AVG Anti-Spyware , and run a full scan:
  • Click on the default Status ICON and select the Scan now LINK.

    OR

  • Click on the Scanner ICON . Select the Scan TAB.

    • Select Complete System Scan. AVG Anti-Spyware will now begin to scan your system.

  • If AVG Anti-Spyware finds anything it will list them in the Preview WINDOW:
    • Make sure that Set all elements to: shows Quarantine, if not click on the link and choose Quarantine from the popup menu.
    • Select Apply all actions at the bottom of the window (and the items found will be quarantined – and recoverable, if any items are needed back).

  • When the scan has completed, click on the Save Scan Report button and save the scan to your Desktop where it can be easily found.
  • Copy and paste the AVG Anti-Spyware scan results into your next post.
  • Close AVG Anti-Spyware.


REBOOT and Post your latest HijackThis log. And, let us know how your PC is now behaving – any changes in behavior.
__________________
Vincent P

MALWARE: READ FIRST Procedures:
|_ SpyBot V1.5 _|_ HijackThis LOG __V2.0.2 _|

__
ASAP: promoting a high standard and quality of security support no matter where you seek help.

Quote:
SAFER SURFING TOOLS (IE/FF **FREE** browser addons):
Linkscanner + WOT (Web of Trust) + SiteAdvisor (suggest at least two but not necessarily all)
Quote:
Tell me and I forget; show me and I remember; involve me and I understand.
There are no foolish questions, the only thing foolish is not asking if you're unsure of something.
Never ASSUME any detail because it can make an ASS out of U and ME... (ASS/U/ME ).
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
  #3 (permalink)  
Old 21-01-2007, 11:23 PM
Newbie
D-A-L Newbie
  
Join Date: Jan 2007
Posts: 9
Tj_El Is a beginner here at D-A-L
Re: Symantec found virus: kernels1118.exe & Infostealer
Hi Vincent P

Many thanks for your detailed response.
Please see scan results below followed by HJT log.
One thing I should say though - I followed all your instructions to the letter in setting up AVG AntiSpyware in regards to Quarantine yet quite a lot of the logged info has a result of "Cleaned" - I was expecting it to state "Quarantined". Is this normal?
I'm not certain what happened here.

Regards,
TJ
============================================

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 22:08:18 21/01/2007

+ Scan result:



O:\SOFTWARE\SOFTWARE\Download manager\gozilla.exe -> Adware.Aureate : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{0A125C50-0699-42F6-984E-DA2C4239F114}\RP568\A0132128.dll -> Adware.SpyMarshal : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{0A125C50-0699-42F6-984E-DA2C4239F114}\RP568\A0132129.dll -> Adware.SpyMarshal : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{0A125C50-0699-42F6-984E-DA2C4239F114}\RP568\A0132130.dll -> Adware.SpyMarshal : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{0A125C50-0699-42F6-984E-DA2C4239F114}\RP568\A0132131.dll -> Adware.SpyMarshal : Cleaned with backup (quarantined).
C:\Downloads\DropExtremeSetup-dm[1].exe -> Adware.Trymedia : Cleaned with backup (quarantined).
D:\Program Files\Mozilla Firefox\plugins\npzango.dll -> Adware.WinAD : Cleaned with backup (quarantined).
O:\SOFTWARE\The_Games\Combo Chaos\Combo_Chaos_v1.1.1.8_by_LUCiD.zip/crack.exe/ist1.exe -> Downloader.IstBar.is : Cleaned with backup (quarantined).
D:\WINDOWS\system32\maxd641.exe -> Heuristic.Win32.Dialer : Cleaned with backup (quarantined).
D:\Program Files\SnadBoy's Revelation v2\Revelation.exe -> Not-A-Virus.PSWTool.Win32.SnadBoy.2011 : Cleaned with backup (quarantined).
D:\Program Files\SnadBoy's Revelation v2\RevelationHelper.dll -> Not-A-Virus.PSWTool.Win32.SnadBoy.2011 : Cleaned with backup (quarantined).
:mozilla.396:\Documents and Settings\Aba\Application Data\Mozilla\Firefox\Profiles\kcza2p2c.default\coo kies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.397:\Documents and Settings\Aba\Application Data\Mozilla\Firefox\Profiles\kcza2p2c.default\coo kies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.75:H:\Docs and Sets\TeeJay\Application Data\Mozilla\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.76:H:\Docs and Sets\TeeJay\Application Data\Mozilla\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.481:\Documents and Settings\Aba\Application Data\Mozilla\Firefox\Profiles\kcza2p2c.default\coo kies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.482:\Documents and Settings\Aba\Application Data\Mozilla\Firefox\Profiles\kcza2p2c.default\coo kies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.483:\Documents and Settings\Aba\Application Data\Mozilla\Firefox\Profiles\kcza2p2c.default\coo kies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.484:\Documents and Settings\Aba\Application Data\Mozilla\Firefox\Profiles\kcza2p2c.default\coo kies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.485:\Documents and Settings\Aba\Application Data\Mozilla\Firefox\Profiles\kcza2p2c.default\coo kies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.798:\Documents and Settings\Aba\Application Data\Mozilla\Firefox\Profiles\kcza2p2c.default\coo kies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.799:\Documents and Settings\Aba\Application Data\Mozilla\Firefox\Profiles\kcza2p2c.default\coo kies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.800:\Documents and Settings\Aba\Application Data\Mozilla\Firefox\Profiles\kcza2p2c.default\coo kies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.21:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\8rfunxbw.default\coo kies.txt -> TrackingCookie.Adtech : Cleaned.
:mozilla.22:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\8rfunxbw.default\coo kies.txt -> TrackingCookie.Adtech : Cleaned.
:mozilla.24:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\8rfunxbw.default\coo kies.txt -> TrackingCookie.Atdmt : Cleaned.
C:\WINDOWS\Cookies\sleuth@www.burstbeacon[2].txt -> TrackingCookie.Burstbeacon : Cleaned.
D:\Documents and Settings\Aba\Cookies\aba@www.burstbeacon[2].txt -> TrackingCookie.Burstbeacon : Cleaned.
:mozilla.288:H:\Docs and Sets\TeeJay\Application Data\Mozilla\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.289:H:\Docs and Sets\TeeJay\Application Data\Mozilla\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.746:\Documents and Settings\Aba\Application Data\Mozilla\Firefox\Profiles\kcza2p2c.default\coo kies.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.747:\Documents and Settings\Aba\Application Data\Mozilla\Firefox\Profiles\kcza2p2c.default\coo kies.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.748:\Documents and Settings\Aba\Application Data\Mozilla\Firefox\Profiles\kcza2p2c.default\coo kies.txt -> TrackingCookie.Burstnet : Cleaned.
D:\Documents and Settings\Aba\Cookies\aba@burstnet[1].txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.16:H:\Docs and Sets\TeeJay\Application Data\Mozilla\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.17:H:\Docs and Sets\TeeJay\Application Data\Mozilla\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.18:H:\Docs and Sets\TeeJay\Application Data\Mozilla\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.22:\Documents and Settings\Aba\Application Data\Mozilla\Firefox\Profiles\kcza2p2c.default\coo kies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.23:\Documents and Settings\Aba\Application Data\Mozilla\Firefox\Profiles\kcza2p2c.default\coo kies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.24:\Documents and Settings\Aba\Application Data\Mozilla\Firefox\Profiles\kcza2p2c.default\coo kies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.25:\Documents and Settings\Aba\Application Data\Mozilla\Firefox\Profiles\kcza2p2c.default\coo kies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.26:\Documents and Settings\Aba\Application Data\Mozilla\Firefox\Profiles\kcza2p2c.default\coo kies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.27:\Documents and Settings\Aba\Application Data\Mozilla\Firefox\Profiles\kcza2p2c.default\coo kies.txt -> TrackingCookie.Casalemedia : Cleaned.
C:\WINDOWS\Cookies\sleuth@cz6.clickzs[1].txt -> TrackingCookie.Clickzs : Cleaned.
:mozilla.184:H:\Docs and Sets\TeeJay\Application Data\Mozilla\cookies.txt -> TrackingCookie.Com : Cleaned.
:mozilla.185:H:\Docs and Sets\TeeJay\Application Data\Mozilla\cookies.txt -> TrackingCookie.Com : Cleaned.
:mozilla.267:\Documents and Settings\Aba\Application Data\Mozilla\Firefox\Profiles\kcza2p2c.default\coo kies.txt -> TrackingCookie.Com : Cleaned.
:mozilla.925:H:\Docs and Sets\TeeJay\Application Data\Mozilla\cookies.txt -> TrackingCookie.Com : Cleaned.
C:\WINDOWS\Cookies\sleuth@com[1].txt -> TrackingCookie.Com : Cleaned.
C:\WINDOWS\Cookies\sleuth@com[2].txt -> TrackingCookie.Com : Cleaned.
C:\WINDOWS\Cookies\sleuth@com[3].txt -> TrackingCookie.Com : Cleaned.
C:\WINDOWS\Cookies\sleuth@download.com[1].txt -> TrackingCookie.Com : Cleaned.
D:\Documents and Settings\Aba\Cookies\aba@com[1].txt -> TrackingCookie.Com : Cleaned.
:mozilla.25:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\8rfunxbw.default\coo kies.txt -> TrackingCookie.Doubleclick : Cleaned.
D:\Documents and Settings\Aba\Cookies\aba@c.enhance[1].txt -> TrackingCookie.Enhance : Cleaned.
:mozilla.262:\Documents and Settings\Aba\Application Data\Mozilla\Firefox\Profiles\kcza2p2c.default\coo kies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.178:\Documents and Settings\Aba\Application Data\Mozilla\Firefox\Profiles\kcza2p2c.default\coo kies.txt -> TrackingCookie.Etracker : Cleaned.
:mozilla.179:\Documents and Settings\Aba\Application Data\Mozilla\Firefox\Profiles\kcza2p2c.default\coo kies.txt -> TrackingCookie.Etracker : Cleaned.
:mozilla.113:\Documents and Settings\Aba\Application Data\Mozilla\Firefox\Profiles\kcza2p2c.default\coo kies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.114:\Documents and Settings\Aba\Application Data\Mozilla\Firefox\Profiles\kcza2p2c.default\coo kies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.115:\Documents and Settings\Aba\Application Data\Mozilla\Firefox\Profiles\kcza2p2c.default\coo kies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.116:\Documents and Settings\Aba\Application Data\Mozilla\Firefox\Profiles\kcza2p2c.default\coo kies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.117:\Documents and Settings\Aba\Application Data\Mozilla\Firefox\Profiles\kcza2p2c.default\coo kies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.118:\Documents and Settings\Aba\Application Data\Mozilla\Firefox\Profiles\kcza2p2c.default\coo kies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.125:H:\Docs and Sets\TeeJay\Application Data\Mozilla\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.126:H:\Docs and Sets\TeeJay\Application Data\Mozilla\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.127:H:\Docs and Sets\TeeJay\Application Data\Mozilla\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.129:H:\Docs and Sets\TeeJay\Application Data\Mozilla\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.27:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\8rfunxbw.default\coo kies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.28:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\8rfunxbw.default\coo kies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.29:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\8rfunxbw.default\coo kies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.30:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\8rfunxbw.default\coo kies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.31:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\8rfunxbw.default\coo kies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.135:\Documents and Settings\Aba\Application Data\Mozilla\Firefox\Profiles\kcza2p2c.default\coo kies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.136:\Documents and Settings\Aba\Application Data\Mozilla\Firefox\Profiles\kcza2p2c.default\coo kies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.137:\Documents and Settings\Aba\Application Data\Mozilla\Firefox\Profiles\kcza2p2c.default\coo kies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.41:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\8rfunxbw.default\coo kies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.42:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\8rfunxbw.default\coo kies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.43:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\8rfunxbw.default\coo kies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.44:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\8rfunxbw.default\coo kies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.69:H:\Docs and Sets\TeeJay\Application Data\Mozilla\cookies.txt -> TrackingCookie.Falkag : Cleaned.
D:\Documents and Settings\Aba\Cookies\aba@c.goclick[2].txt -> TrackingCookie.Goclick : Cleaned.
:mozilla.130:\Documents and Settings\Aba\Application Data\Mozilla\Firefox\Profiles\kcza2p2c.default\coo kies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.223:\Documents and Settings\Aba\Application Data\Mozilla\Firefox\Profiles\kcza2p2c.default\coo kies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.462:H:\Docs and Sets\TeeJay\Application Data\Mozilla\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.463:H:\Docs and Sets\TeeJay\Application Data\Mozilla\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.499:\Documents and Settings\Aba\Application Data\Mozilla\Firefox\Profiles\kcza2p2c.default\coo kies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.554:\Documents and Settings\Aba\Application Data\Mozilla\Firefox\Profiles\kcza2p2c.default\coo kies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.64:H:\Docs and Sets\TeeJay\Application Data\Mozilla\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
D:\Documents and Settings\Aba\Cookies\aba@hypertracker[2].txt -> TrackingCookie.Hypertracker : Cleaned.
:mozilla.727:H:\Docs and Sets\TeeJay\Application Data\Mozilla\cookies.txt -> TrackingCookie.Information : Cleaned.
D:\Documents and Settings\Aba\Cookies\aba@searchportal.information[2].txt -> TrackingCookie.Information : Cleaned.
C:\WINDOWS\Cookies\sleuth@ilead.itrack[2].txt -> TrackingCookie.Itrack : Cleaned.
D:\Documents and Settings\Aba\Cookies\aba@komtrack[2].txt -> TrackingCookie.Komtrack : Cleaned.
:mozilla.156:\Documents and Settings\Aba\Application Data\Mozilla\Firefox\Profiles\kcza2p2c.default\coo kies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.157:\Documents and Settings\Aba\Application Data\Mozilla\Firefox\Profiles\kcza2p2c.default\coo kies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.158:\Documents and Settings\Aba\Application Data\Mozilla\Firefox\Profiles\kcza2p2c.default\coo kies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.238:H:\Docs and Sets\TeeJay\Application Data\Mozilla\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.501:\Documents and Settings\Aba\Application Data\Mozilla\Firefox\Profiles\kcza2p2c.default\coo kies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.502:\Documents and Settings\Aba\Application Data\Mozilla\Firefox\Profiles\kcza2p2c.default\coo kies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.711:H:\Docs and Sets\TeeJay\Application Data\Mozilla\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.82:\Documents and Settings\Aba\Application Data\Mozilla\Firefox\Profiles\kcza2p2c.default\coo kies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.83:\Documents and Settings\Aba\Application Data\Mozilla\Firefox\Profiles\kcza2p2c.default\coo kies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.84:\Documents and Settings\Aba\Application Data\Mozilla\Firefox\Profiles\kcza2p2c.default\coo kies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.129:\Documents and Settings\Aba\Application Data\Mozilla\Firefox\Profiles\kcza2p2c.default\coo kies.txt -> TrackingCookie.Masterstats : Cleaned.
D:\Documents and Settings\Aba\Cookies\aba@image.masterstats[1].txt -> TrackingCookie.Masterstats : Cleaned.
D:\Documents and Settings\Aba\Cookies\aba@www.myaffiliateprogram[2].txt -> TrackingCookie.Myaffiliateprogram : Cleaned.
:mozilla.667:\Documents and Settings\Aba\Application Data\Mozilla\Firefox\Profiles\kcza2p2c.default\coo kies.txt -> TrackingCookie.Onestat : Cleaned.
:mozilla.668:\Documents and Settings\Aba\Application Data\Mozilla\Firefox\Profiles\kcza2p2c.default\coo kies.txt -> TrackingCookie.Onestat : Cleaned.
:mozilla.669:\Documents and Settings\Aba\Application Data\Mozilla\Firefox\Profiles\kcza2p2c.default\coo kies.txt -> TrackingCookie.Onestat : Cleaned.
D:\Documents and Settings\Aba\Cookies\aba@paypopup[1].txt -> TrackingCookie.Paypopup : Cleaned.
D:\Documents and Settings\Aba\Cookies\aba@popunder.paypopup[2].txt -> TrackingCookie.Paypopup : Cleaned.
D:\Documents and Settings\Aba\Cookies\aba@ads.realcastmedia[2].txt -> TrackingCookie.Realcastmedia : Cleaned.
:mozilla.693:H:\Docs and Sets\TeeJay\Application Data\Mozilla\cookies.txt -> TrackingCookie.Revenue : Cleaned.
:mozilla.694:H:\Docs and Sets\TeeJay\Application Data\Mozilla\cookies.txt -> TrackingCookie.Revenue : Cleaned.
:mozilla.695:H:\Docs and Sets\TeeJay\Application Data\Mozilla\cookies.txt -> TrackingCookie.Revenue : Cleaned.
:mozilla.696:H:\Docs and Sets\TeeJay\Application Data\Mozilla\cookies.txt -> TrackingCookie.Revenue : Cleaned.
:mozilla.697:H:\Docs and Sets\TeeJay\Application Data\Mozilla\cookies.txt -> TrackingCookie.Revenue : Cleaned.
:mozilla.698:H:\Docs and Sets\TeeJay\Application Data\Mozilla\cookies.txt -> TrackingCookie.Revenue : Cleaned.
:mozilla.699:H:\Docs and Sets\TeeJay\Application Data\Mozilla\cookies.txt -> TrackingCookie.Revenue : Cleaned.
:mozilla.700:H:\Docs and Sets\TeeJay\Application Data\Mozilla\cookies.txt -> TrackingCookie.Revenue : Cleaned.
:mozilla.313:\Documents and Settings\Aba\Application Data\Mozilla\Firefox\Profiles\kcza2p2c.default\coo kies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.314:\Documents and Settings\Aba\Application Data\Mozilla\Firefox\Profiles\kcza2p2c.default\coo kies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.315:\Documents and Settings\Aba\Application Data\Mozilla\Firefox\Profiles\kcza2p2c.default\coo kies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.316:\Documents and Settings\Aba\Application Data\Mozilla\Firefox\Profiles\kcza2p2c.default\coo kies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.317:\Documents and Settings\Aba\Application Data\Mozilla\Firefox\Profiles\kcza2p2c.default\coo kies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.318:\Documents and Settings\Aba\Application Data\Mozilla\Firefox\Profiles\kcza2p2c.default\coo kies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.319:\Documents and Settings\Aba\Application Data\Mozilla\Firefox\Profiles\kcza2p2c.default\coo kies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.320:\Documents and Settings\Aba\Application Data\Mozilla\Firefox\Profiles\kcza2p2c.default\coo kies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.332:H:\Docs and Sets\TeeJay\Application Data\Mozilla\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.333:H:\Docs and Sets\TeeJay\Application Data\Mozilla\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.334:H:\Docs and Sets\TeeJay\Application Data\Mozilla\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.335:H:\Docs and Sets\TeeJay\Application Data\Mozilla\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.336:H:\Docs and Sets\TeeJay\Application Data\Mozilla\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.337:H:\Docs and Sets\TeeJay\Application Data\Mozilla\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.36:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\8rfunxbw.default\coo kies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.37:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\8rfunxbw.default\coo kies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.38:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\8rfunxbw.default\coo kies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.39:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\8rfunxbw.default\coo kies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.40:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\8rfunxbw.default\coo kies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.122:\Documents and Settings\Aba\Application Data\Mozilla\Firefox\Profiles\kcza2p2c.default\coo kies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.123:\Documents and Settings\Aba\Application Data\Mozilla\Firefox\Profiles\kcza2p2c.default\coo kies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.125:\Documents and Settings\Aba\Application Data\Mozilla\Firefox\Profiles\kcza2p2c.default\coo kies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.127:\Documents and Settings\Aba\Application Data\Mozilla\Firefox\Profiles\kcza2p2c.default\coo kies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.540:H:\Docs and Sets\TeeJay\Application Data\Mozilla\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.541:H:\Docs and Sets\TeeJay\Application Data\Mozilla\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.542:H:\Docs and Sets\TeeJay\Application Data\Mozilla\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.543:H:\Docs and Sets\TeeJay\Application Data\Mozilla\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.544:H:\Docs and Sets\TeeJay\Application Data\Mozilla\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.545:H:\Docs and Sets\TeeJay\Application Data\Mozilla\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.546:H:\Docs and Sets\TeeJay\Application Data\Mozilla\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.547:H:\Docs and Sets\TeeJay\Application Data\Mozilla\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.548:H:\Docs and Sets\TeeJay\Application Data\Mozilla\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.549:H:\Docs and Sets\TeeJay\Application Data\Mozilla\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.23:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\8rfunxbw.default\coo kies.txt -> TrackingCookie.Sitestat : Cleaned.
:mozilla.451:H:\Docs and Sets\TeeJay\Application Data\Mozilla\cookies.txt -> TrackingCookie.Sitestat : Cleaned.
:mozilla.470:\Documents and Settings\Aba\Application Data\Mozilla\Firefox\Profiles\kcza2p2c.default\coo kies.txt -> TrackingCookie.Sitestat : Cleaned.
:mozilla.523:H:\Docs and Sets\TeeJay\Application Data\Mozilla\cookies.txt -> TrackingCookie.Sitestat : Cleaned.
:mozilla.725:\Documents and Settings\Aba\Application Data\Mozilla\Firefox\Profiles\kcza2p2c.default\coo kies.txt -> TrackingCookie.Sitestat : Cleaned.
:mozilla.769:H:\Docs and Sets\TeeJay\Application Data\Mozilla\cookies.txt -> TrackingCookie.Sitestat : Cleaned.
:mozilla.770:H:\Docs and Sets\TeeJay\Application Data\Mozilla\cookies.txt -> TrackingCookie.Sitestat : Cleaned.
:mozilla.97:H:\Docs and Sets\TeeJay\Application Data\Mozilla\cookies.txt -> TrackingCookie.Sitestat : Cleaned.
D:\Documents and Settings\Aba\Cookies\aba@starware[2].txt -> TrackingCookie.Starware : Cleaned.
:mozilla.100:\Documents and Settings\Aba\Application Data\Mozilla\Firefox\Profiles\kcza2p2c.default\coo kies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.101:\Documents and Settings\Aba\Application Data\Mozilla\Firefox\Profiles\kcza2p2c.default\coo kies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.102:\Documents and Settings\Aba\Application Data\Mozilla\Firefox\Profiles\kcza2p2c.default\coo kies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.103:\Documents and Settings\Aba\Application Data\Mozilla\Firefox\Profiles\kcza2p2c.default\coo kies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.104:\Documents and Settings\Aba\Application Data\Mozilla\Firefox\Profiles\kcza2p2c.default\coo kies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.105:\Documents and Settings\Aba\Application Data\Mozilla\Firefox\Profiles\kcza2p2c.default\coo kies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.106:\Documents and Settings\Aba\Application Data\Mozilla\Firefox\Profiles\kcza2p2c.default\coo kies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.107:\Documents and Settings\Aba\Application Data\Mozilla\Firefox\Profiles\kcza2p2c.default\coo kies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.108:\Documents and Settings\Aba\Application Data\Mozilla\Firefox\Profiles\kcza2p2c.default\coo kies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.109:\Documents and Settings\Aba\Application Data\Mozilla\Firefox\Profiles\kcza2p2c.default\coo kies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.78:H:\Docs and Sets\TeeJay\Application Data\Mozilla\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.79:H:\Docs and Sets\TeeJay\Application Data\Mozilla\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.80:H:\Docs and Sets\TeeJay\Application Data\Mozilla\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.81:H:\Docs and Sets\TeeJay\Application Data\Mozilla\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.82:H:\Docs and Sets\TeeJay\Application Data\Mozilla\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.83:H:\Docs and Sets\TeeJay\Application Data\Mozilla\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.88:\Documents and Settings\Aba\Application Data\Mozilla\Firefox\Profiles\kcza2p2c.default\coo kies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.89:\Documents and Settings\Aba\Application Data\Mozilla\Firefox\Profiles\kcza2p2c.default\coo kies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.90:\Documents and Settings\Aba\Application Data\Mozilla\Firefox\Profiles\kcza2p2c.default\coo kies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.91:\Documents and Settings\Aba\Application Data\Mozilla\Firefox\Profiles\kcza2p2c.default\coo kies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.92:\Documents and Settings\Aba\Application Data\Mozilla\Firefox\Profiles\kcza2p2c.default\coo kies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.93:\Documents and Settings\Aba\Application Data\Mozilla\Firefox\Profiles\kcza2p2c.default\coo kies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.94:\Documents and Settings\Aba\Application Data\Mozilla\Firefox\Profiles\kcza2p2c.default\coo kies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.95:\Documents and Settings\Aba\Application Data\Mozilla\Firefox\Profiles\kcza2p2c.default\coo kies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.96:\Documents and Settings\Aba\Application Data\Mozilla\Firefox\Profiles\kcza2p2c.default\coo kies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.97:\Documents and Settings\Aba\Application Data\Mozilla\Firefox\Profiles\kcza2p2c.default\coo kies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.98:\Documents and Settings\Aba\Application Data\Mozilla\Firefox\Profiles\kcza2p2c.default\coo kies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.99:\Documents and Settings\Aba\Application Data\Mozilla\Firefox\Profiles\kcza2p2c.default\coo kies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.394:\Documents and Settings\Aba\Application Data\Mozilla\Firefox\Profiles\kcza2p2c.default\coo kies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.395:\Documents and Settings\Aba\Application Data\Mozilla\Firefox\Profiles\kcza2p2c.default\coo kies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.752:H:\Docs and Sets\TeeJay\Application Data\Mozilla\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
D:\Documents and Settings\Aba\Cookies\aba@tacoda[1].txt -> TrackingCookie.Tacoda : Cleaned.
D:\Documents and Settings\Aba\Cookies\aba@login.tracking101[2].txt -> TrackingCookie.Tracking101 : Cleaned.
:mozilla.479:\Documents and Settings\Aba\Application Data\Mozilla\Firefox\Profiles\kcza2p2c.default\coo kies.txt -> TrackingCookie.Web-stat : Cleaned.
:mozilla.480:\Documents and Settings\Aba\Application Data\Mozilla\Firefox\Profiles\kcza2p2c.default\coo kies.txt -> TrackingCookie.Web-stat : Cleaned.
:mozilla.781:H:\Docs and Sets\TeeJay\Application Data\Mozilla\cookies.txt -> TrackingCookie.Web-stat : Cleaned.
:mozilla.782:H:\Docs and Sets\TeeJay\Application Data\Mozilla\cookies.txt -> TrackingCookie.Web-stat : Cleaned.
:mozilla.783:H:\Docs and Sets\TeeJay\Application Data\Mozilla\cookies.txt -> TrackingCookie.Web-stat : Cleaned.
:mozilla.784:H:\Docs and Sets\TeeJay\Application Data\Mozilla\cookies.txt -> TrackingCookie.Web-stat : Cleaned.
D:\Documents and Settings\Aba\Cookies\aba@server3.web-stat[1].txt -> TrackingCookie.Web-stat : Cleaned.
D:\Documents and Settings\Aba\Cookies\aba@webstat[1].txt -> TrackingCookie.Web-stat : Cleaned.
:mozilla.77:H:\Docs and Sets\TeeJay\Application Data\Mozilla\cookies.txt -> TrackingCookie.Yadro : Cleaned.
D:\Documents and Settings\Aba\Cookies\aba@yadro[1].txt -> TrackingCookie.Yadro : Cleaned.
:mozilla.232:\Documents and Settings\Aba\Application Data\Mozilla\Firefox\Profiles\kcza2p2c.default\coo kies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.233:\Documents and Settings\Aba\Application Data\Mozilla\Firefox\Profiles\kcza2p2c.default\coo kies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.234:\Documents and Settings\Aba\Application Data\Mozilla\Firefox\Profiles\kcza2p2c.default\coo kies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.235:\Documents and Settings\Aba\Application Data\Mozilla\Firefox\Profiles\kcza2p2c.default\coo kies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.236:\Documents and Settings\Aba\Application Data\Mozilla\Firefox\Profiles\kcza2p2c.default\coo kies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.41:H:\Docs and Sets\TeeJay\Application Data\Mozilla\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.44:H:\Docs and Sets\TeeJay\Application Data\Mozilla\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.47:H:\Docs and Sets\TeeJay\Application Data\Mozilla\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.50:H:\Docs and Sets\TeeJay\Application Data\Mozilla\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.51:H:\Docs and Sets\TeeJay\Application Data\Mozilla\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.55:H:\Docs and Sets\TeeJay\Application Data\Mozilla\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.56:H:\Docs and Sets\TeeJay\Application Data\Mozilla\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.57:H:\Docs and Sets\TeeJay\Application Data\Mozilla\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.58:H:\Docs and Sets\TeeJay\Application Data\Mozilla\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
D:\Documents and Settings\Aba\Cookies\aba@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.171:H:\Docs and Sets\TeeJay\Application Data\Mozilla\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.172:H:\Docs and Sets\TeeJay\Application Data\Mozilla\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.173:H:\Docs and Sets\TeeJay\Application Data\Mozilla\cookies.txt -> TrackingCookie.Zedo : Cleaned.


::Report end
__________________________________________________ ___

Logfile of HijackThis v1.99.1
Scan saved at 22:14:49, on 21/01/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
D:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
D:\WINDOWS\System32\cisvc.exe
D:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
D:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
D:\WINDOWS\system32\nvsvc32.exe
D:\WINDOWS\System32\svchost.exe
D:\Program Files\TightVNC\WinVNC.exe
D:\WINDOWS\Explorer.EXE
D:\WINDOWS\system32\rundll32.exe
D:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
D:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
D:\Program Files\HP\HP Software Update\HPWuSchd2.exe
D:\Program Files\iTunes\iTunesHelper.exe
D:\Program Files\QuickTime\qttask.exe
D:\Program Files\iPod\bin\iPodService.exe
D:\WINDOWS\system32\RUNDLL32.EXE
D:\WINDOWS\System32\svchost.exe
D:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
D:\Program Files\lycos\Lyc_SysTray.exe
D:\PROGRA~1\MICROS~3\wcescomm.exe
D:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\Go ogleToolbarNotifier.exe
D:\WINDOWS\system32\ctfmon.exe
D:\PROGRA~1\MICROS~3\rapimgr.exe
D:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
D:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
D:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
D:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
D:\WINDOWS\system32\wuauclt.exe
D:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
D:\Program Files\Mozilla Firefox\firefox.exe
D:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://actionchapel.org.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - d:\program files\google\googletoolbar2.dll
O2 - BHO: NTIECatcher Class - {C56CB6B0-0D96-11D6-8C65-B2868B609932} - D:\Program Files\Xi\NetTransport 2\NTIEHelper.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - d:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [vptray] D:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [NeroFilterCheck] D:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [HP Software Update] D:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [iTunesHelper] "D:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE D:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [WinVNC] "D:\Program Files\TightVNC\WinVNC.exe" -servicehelper
O4 - HKLM\..\Run: [Adobe Photo Downloader] "D:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [lycosInside] D:\Program Files\lycos\Lyc_SysTray.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "D:\PROGRA~1\MICROS~3\wcescomm.exe"
O4 - HKCU\..\Run: [swg] D:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\Go ogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = D:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = D:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = D:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: SpywareBlaster.lnk = D:\Program Files\SpywareBlaster\spywareblaster.exe
O8 - Extra context menu item: &ieSpell Options - res://D:\Program Files\ieSpell\iespell.dll/SPELLOPTION.HTM
O8 - Extra context menu item: Check &Spelling - res://D:\Program Files\ieSpell\iespell.dll/SPELLCHECK.HTM
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - D:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - D:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - D:\Program Files\ieSpell\iespell.dll
O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - D:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - D:\Program Files\ieSpell\iespell.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - D:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - D:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - D:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - D:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - D:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - D:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - D:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: ppctlcab - http://ppupdates.ca.com/downloads/scanner/ppctlcab.cab
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - D:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {7D731A83-6C80-4EA4-9646-5E06A0513274} (Sandlot Loader Control) - http://www.shockwave.com/content/bal...webinstall.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game06.zylom.com/activex/zylomgamesplayer.cab
O16 - DPF: {C432C4BD-3566-411C-8F3C-E5E0D3AE5D33} (CBrowser Class) - http://www.streamingfaith.com/common...INIBrowser.CAB
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://www.popcap.com/games/popcaploader_v6.cab
O16 - DPF: {FA9740A2-5802-42E2-B509-81186EEB3C42} (WABControl Class) - http://www.linkedin.com/cab/wabctrl.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - D:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - D:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: NavLogon - D:\WINDOWS\system32\NavLogon.dll
O20 - Winlogon Notify: WgaLogon - D:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - D:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - D:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: DefWatch - Symantec Corporation - D:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
O23 - Service: Contivity VPN Service (ExtranetAccess) - Nortel Networks NA, Inc. - D:\Program Files\BMG VPN Client\Extranet_serv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - D:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - D:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - D:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - D:\WINDOWS\system32\HPZipm12.exe
O23 - Service: VNC Server (winvnc) - Unknown owner - D:\Program Files\TightVNC\WinVNC.exe" -service (file missing)
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
  #4 (permalink)  
Old 24-01-2007, 05:43 PM
VopThis's Avatar
Senior Member (Canada)
  
Join Date: Nov 2005
Posts: 3,439
VopThis is a D-A-L Rockstar!VopThis is a D-A-L Rockstar!VopThis is a D-A-L Rockstar!VopThis is a D-A-L Rockstar!VopThis is a D-A-L Rockstar!VopThis is a D-A-L Rockstar!VopThis is a D-A-L Rockstar!VopThis is a D-A-L Rockstar!VopThis is a D-A-L Rockstar!VopThis is a D-A-L Rockstar!VopThis is a D-A-L Rockstar!
Re: Symantec found virus: kernels1118.exe & Infostealer
Quote:
a lot of the logged info has a result of "Cleaned" - I was expecting it to state "Quarantined". Is this normal?
Can't say I've paid much attention to that. The cleaned items are only 'COOKIES' - the rest were quarantined as per expectation.


There is no point to having 'SpywareBlaster' load at every startup - it is not a running application but is only used to update ActiveX prevention entries. We will deal with this below.


SELECT HijackThis FIX ITEMS: Scan with HijackThis and place a check next to these items:

O4 - Global Startup: SpywareBlaster.lnk = D:\Program Files\SpywareBlaster\spywareblaster.exe

O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://www.popcap.com/games/popcaploader_v6.cab

Make sure that all browser windows and internet links are closed, even this one!
CLICK ’FIX CHECKED’ with HijackThis.



Let us know how your PC is now behaving.
__________________
Vincent P

MALWARE: READ FIRST Procedures:
|_ SpyBot V1.5 _|_ HijackThis LOG __V2.0.2 _|

__
ASAP: promoting a high standard and quality of security support no matter where you seek help.

Quote:
SAFER SURFING TOOLS (IE/FF **FREE** browser addons):
Linkscanner + WOT (Web of Trust) + SiteAdvisor (suggest at least two but not necessarily all)
Quote:
Tell me and I forget; show me and I remember; involve me and I understand.
There are no foolish questions, the only thing foolish is not asking if you're unsure of something.
Never ASSUME any detail because it can make an ASS out of U and ME... (ASS/U/ME ).
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
  #5 (permalink)  
Old 25-01-2007, 11:18 PM
Newbie
D-A-L Newbie
  
Join Date: Jan 2007
Posts: 9
Tj_El Is a beginner here at D-A-L
Re: Symantec found virus: kernels1118.exe & Infostealer
Hi Vincent P,

Thanks once again.
Should I enable these now?

Quote:
Originally Posted by VopThis View Post
Please disable the ‘active protection’ components of the following application(s), as it/they may hinder the removal of some entries. Otherwise, certain cleaning attempts may be wrongly recognized and blocked as hijacking attempts or other potentially inappropriate behavior. You can re-enable such tools after your computer is clean.


Disable Spybot Search & Destroy (Teatimer)

1) Run Spybot-S&D
2) Go to the Mode menu, and make sure "Advanced Mode" is selected
3) On the left hand side, choose Tools -> Resident
4) Uncheck "Resident TeaTimer" and OK any prompts
5) Restart your computer.

Quote:
[*]Open/Run AVG Anti-Spyware
[*]This is very important to get the LATEST updates.
[*]Click on the Status ICON
  • Under "Your computers Security"
    Click change status on Resident shield to inactive (ONLY consider activation of that feature once you are clean)
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
  #6 (permalink)  
Old 26-01-2007, 06:56 PM
VopThis's Avatar
Senior Member (Canada)
  
Join Date: Nov 2005
Posts: 3,439
VopThis is a D-A-L Rockstar!VopThis is a D-A-L Rockstar!VopThis is a D-A-L Rockstar!VopThis is a D-A-L Rockstar!VopThis is a D-A-L Rockstar!VopThis is a D-A-L Rockstar!VopThis is a D-A-L Rockstar!VopThis is a D-A-L Rockstar!VopThis is a D-A-L Rockstar!VopThis is a D-A-L Rockstar!VopThis is a D-A-L Rockstar!
Re: Symantec found virus: kernels1118.exe & Infostealer
Quote:
Should I enable these now?
If you are happy that your probelms are resolved, consider doing the following additional steps. Then you can re-enable any 'active' protection processes. The AVG active protection portion will only last for the remainder of the 'trail' period. Always consider re-disabling them if you need to run most cleaning tools.




To help avoid serious infection again, please look carefully at this post for some excellent preventative measures. Prevention must be made the first line of defense to improve upon.



ONLY ONCE you are as clean as possible from any needed cleanup steps - As a final cleanup step (after serious infection), it may be advisable to Reset and Re-enable your System Restore to remove any bad files that MAY have been backed up by Windows . The files in System Restore are protected to prevent any programs changing them. And, this is the only complete way to clean these files: (You will lose all previous restore points which could likely be infected, anyway.)

PLEASE NOTE: you will need to log into your computer with an account that has full administrator access. You will know if the account has administrator access because you will be able to see the System Restore tab. If the tab is missing, you are logged in under a limited account. Accordingly and of further note; it can be very unsafe to run with admin rights on any PC that you browse the Internet with.


(Windows XP)
Quote:
FOLDER LOCATION: c:\System Volume Information\_restore….
To Turn OFF System Restore.
  1. Click the Start button.
  2. Right-click My Computer, and then click Properties.
  3. On the System Restore tab, check Turn off System Restore or Turn off System Restore on all drives.
  4. Click Apply.

REBOOT.

To Turn ON System Restore.
  1. Follow the steps in the previous section, but in step 3, uncheck Turn off System Restore or Turn off System Restore on all drives. Then click OK.
  2. Create new System Restore points.


(Windows ME)
Quote:
FOLDER LOCATION: c:\_RESTORE\TEMP\….
See the following link for instructions:
http://service1.symantec.com/SUPPORT...rc=sec_doc_nam




To reduce the re-infection potential for malware and protect your PC against spyware, here are a few helpful suggestions:
  1. Keep Windows and Internet Explorer current with the latest critical security updates from Microsoft . This will patch many of the security holes through which attackers can gain access to your computer . You CANNOT complete this update using an alternate browser – you must use Internet Explorer.
    http://v5.windowsupdate.microsoft.com/v5co...t.aspx?ln=en-us
    http://www.microsoft.com/windows/ie/default.asp
    • http://www.securityfocus.com/news/11273
      If you surf to questionable (blockable) parts of the Web, you could encounter sites that compromise your PC without any user interaction. In experiments [reported Aug 2005], Microsoft identified 752 specific addresses owned by 287 Web sites that contain programs able to install themselves on a completely unpatched Windows XP system. Also, be aware that the WinXP Service Pack 2 was an update that focused almost exclusively on security. Also reported was that a fully patched Windows XP SP2 system cannot be compromised by any such discovered rogue Web sites.

  2. Run your antivirus software regularly, and to keep its definitions up-to-date. If you are thinking about switching (using a real-time AV tool only one at a time), there are some good free Antivirus programs that are decent, including AVG and Avast!.
    AVG: http://free.grisoft.com/doc/1
    Avast: http://www.avast.com/eng/avast_4_home.html

  3. In addition to using Ad-aware, consider using another free malware scanning/removal program :
    Adaware SE: http://www.download.com/Ad-Aware-SE-Person...ubj=dl&tag=top5
    Spybot S&D: http://www.download.com/Spybot-Search-Dest...tml?tag=lst-0-1


    AVG Anti-Spyware : http://free.grisoft.com/doc/20/lng/us/tpl/v5


    Microsoft Windows Defender beta 2 : http://www.download.com/Microsoft-Wi...ml?tag=lst-0-1

  4. Consider using a free firewall if you are not already using one (use only one firewall at a time – normally you will need to disable the MS firewall). Some good free ones (for incoming and added outgoing traffic protection) are:
    Kerio Personal Firewall: http://www.sunbelt-software.com/Kerio.cfm
    *** After 30 days, Kerio shuts down selected features, but will continue to run in 'free' mode.
    Zone Alarm: http://www.zonelabs.com/store/content/company/products/znalm/comparison.jsp?lid=ho_za

    It is not a bad idea to also consider using a Router/Hardware firewall device where you have a High-Speed Internet access connection. A software firewall may occasionally need to be disabled or it gets/remains disabled by someone or something. Such an added layer of security consistency has a lot of merit to it.

  5. Consider using an alternate free browser for general web surfing but you must use IE for windows updates. The use of Firefox (or similar alternate) mitigates the many types of malware that are now possible when using IE ActiveX based components.
    Mozilla Firefox: http://www.mozilla.org/products/firefox/

  6. Consider increasing your browser security by using these programs:
    SpywareGuard will help protect your homepage from being hijacked: http://www.javacoolsoftware.com/spywareguard.html
    SpywareBlaster will increase browser protection by blocking access to thousands of known malware sites by adding them to IE's restricted sites zone. It essentially blocks known- bad ActiveX program items from being installed or running on your computer. Download it here: http://www.javacoolsoftware.com/spywareblaster.html
  7. A HOSTS file can block Internet access to thousands of known-bad sites by not allowing you any easy browser access to such sites knowingly or unknowingly. Use HJT to determine if a current HOSTS file exists and any contents therein:
    • Run the HiJackThis tool and select ‘Open the Misc Tools section’.
    • Next select ‘Open host file manager’ button.
    • Use the ‘Open in Notepad’ button in XP/W2K or use WORDPAD if necessary [type wordpad.exe in the RUN box (Start>Run)] and load the FILE PATH identified in HJT.
    • Go to http://www.mvps.org/winhelp2002/hosts.txt . # Read the initial instructions #. Copy and paste (append or replace) the RELEVANT host address entry contents of that file into Notepad or Wordpad and save the updated file contents.

      EXCERPT:
      Quote:
      #start of lines added by WinHelp2002
      # [Misc A - Z]
      127.0.0.1 phpadsnew.abac.com
      127.0.0.1 a.abnad.net
      127.0.0.1 e.abnad.net
      127.0.0.1 www.accoona.com #[Adware-Accoona][Adware.Atoolb][Panda.Accoona]
      .
      .
      .
      #end of lines added by WinHelp2002




*Remember just like your primary anti-virus software, it is important to:
  • Keep all of these programs up-to-date (using auto-updates where possible), and
  • Use them on a regular (minimum weekly) basis.




REALITY CHECK:
  • Who else uses your PC? What are the potential risks created by multiple (potentially loose cannon) users and why?
  • What about bad luck, simple mistakes, and bad browsing choices (SEE: www.siteadvisor.com and their BLOG)?
  • SEE: The Dangers of Popularity (for Popular SEARCH TERMS):
    http://blog.siteadvisor.com/2006/08/...pularity.shtml
    Quote:
    The correlation of search term popularity and search term riskiness illustrates how malicious activity tends to follow and exploit consumer behavior. Users demand "free," and bad actors flock to fill corresponding search results with their deceptive offerings. All too often, users don't realize the detrimental consequences of these sites until their systems crash from spyware or their inboxes become choked with spam.


ABOVE ALL, it is most imperative that users exercise "safe surfing" habits such as banning or at least verifying email attachments (with scanning tools) before opening, and by not executing programs unless obtained from a trusted (or researched) source, etc.



In general, always research any unfamiliar links or products that you might want to access or download. In particular, the SiteAdvisor site and other links listed in my signature have continued to make a significant difference to my clients’ PC health due to better-informed browsing habits and choices. Peer-to-Peer and FREE download sites add a level of risk that many should seriously take into account and adjust their behavior accordingly.

Additionally, TEMPORARY files are both a significant source of clutter and potential hiding places for MALWARE content. Clean out those areas periodically - at least weekly.




Those that continue to want to use ‘Limewire’, 'BitTorrent', 'Bearshare', ‘Morpheus’ or other P2P applications, can expect to see the possibility of more malware issues (such as bad executables):

http://www.siteadvisor.com/sites/bearshare.com


You would be well-advised to at least consider strengthening your real-time prevention tools and use either Spy Sweeper or Spyware Doctor, and possibly also run AVG Anti-Spyware - formally known as EWIDO (mainly for anti-trojan defensive purposes) in real-time, as well (paid version=realtime). No combination of tools, however, can ever be completely fail-safe for all possible issues.
__________________
Vincent P

MALWARE: READ FIRST Procedures:
|_ SpyBot V1.5 _|_ HijackThis LOG __V2.0.2 _|

__
ASAP: promoting a high standard and quality of security support no matter where you seek help.

Quote:
SAFER SURFING TOOLS (IE/FF **FREE** browser addons):
Linkscanner + WOT (Web of Trust) + SiteAdvisor (suggest at least two but not necessarily all)
Quote:
Tell me and I forget; show me and I remember; involve me and I understand.
There are no foolish questions, the only thing foolish is not asking if you're unsure of something.
Never ASSUME any detail because it can make an ASS out of U and ME... (ASS/U/ME ).
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
  #7 (permalink)  
Old 27-01-2007, 12:28 AM
Newbie
D-A-L Newbie
  
Join Date: Jan 2007
Posts: 9
Tj_El Is a beginner here at D-A-L
Thumbs up Re: Symantec found virus: kernels1118.exe & Infostealer
Hi Vincent,

Huge thanks for all your time and detailed step by step procedures and for the lengthy check list in your last post. Much appreciated.

Quote:
To reduce the re-infection potential for malware and protect your PC against spyware, here are a few helpful suggestions:
  1. Keep Windows and Internet Explorer current with the latest critical security updates from Microsoft . This will patch many of the security holes through which attackers can gain access to your computer . You CANNOT complete this update using an alternate browser – you must use Internet Explorer.
This is already active and automated on my PC.

Quote:
[*]Run your antivirus software regularly, and to keep its definitions up-to-date. If you are thinking about switching (using a real-time AV tool only one at a time), there are some good free Antivirus programs that are decent, including AVG and Avast!.
AVG: http://free.grisoft.com/doc/1
Avast: http://www.avast.com/eng/avast_4_home.html

I am using Symantec AntiVirus which updates itself regularly.

Quote:
[*] In addition to using Ad-aware, consider using another free malware scanning/removal program :
Adaware SE:
Check.

Quote:
Spybot S&D:
Check.

Quote:
AVG Anti-Spyware :
Check. (for the next few days at most)

Quote:
Microsoft Windows Defender beta 2 : http://www.download.com/Microsoft-Wi...ml?tag=lst-0-1
Not used... yet.


Quote:
[*]Consider using a free firewall if you are not already using one (use only one firewall at a time – normally you will need to disable the MS firewall). Some good free ones (for incoming and added outgoing traffic protection) are:
Kerio Personal Firewall: http://www.sunbelt-software.com/Kerio.cfm
*** After 30 days, Kerio shuts down selected features, but will continue to run in 'free' mode.
Zone Alarm: http://www.zonelabs.com/store/content/company/products/znalm/comparison.jsp?lid=ho_za
It is not a bad idea to also consider using a Router/Hardware firewall device where you have a High-Speed Internet access connection. A software firewall may occasionally need to be disabled or it gets/remains disabled by someone or something. Such an added layer of security consistency has a lot of merit to it.
My router has an built-in firewall plus MS Firewall is active on my PC. I used to use the ZoneLabs product but the logs showed no sign of adverse activity. I figured the firewall in the router was therefore doing an excellent job.


Quote:
[*]Consider using an alternate free browser for general web surfing but you must use IE for windows updates. The use of Firefox (or similar alternate) mitigates the many types of malware that are now possible when using IE ActiveX based components.
Mozilla Firefox: http://www.mozilla.org/products/firefox/
I use FF for all my browing except where as stated above, I need to check on the MS website for other updates.


Quote:
[*]Consider increasing your browser security by using these programs:
SpywareGuard will help protect your homepage from being hijacked: http://www.javacoolsoftware.com/spywareguard.html
Not used.

Quote:
SpywareBlaster will increase browser protection by blocking access to thousands of known malware sites by adding them to IE's restricted sites zone. It essentially blocks known- bad ActiveX program items from being installed or running on your computer. Download it here: http://www.javacoolsoftware.com/spywareblaster.html
I use SpywareBlaster as you noticed earlier and have updated the custom block list. Thanks for the link!

Quote:
[*] A HOSTS file can block Internet access to thousands of known-bad sites by not allowing you any easy browser access to such sites knowingly or unknowingly. Use HJT to determine if a current HOSTS file exists and any contents therein:[list][*]Run the HiJackThis tool and select ‘Open the Misc Tools section’.[*]Next select ‘Open host file manager’ button.[*]Use the ‘Open in Notepad’ button in XP/W2K or use WORDPAD if necessary [type wordpad.exe in the RUN box (Start>Run)] and load the FILE PATH identified in HJT.[*]Go to http://www.mvps.org/winhelp2002/hosts.txt . # Read the initial instructions #. Copy and paste (append or replace) the RELEVANT host address entry contents of that file into Notepad or Wordpad and save the updated file contents.
Once again, thanks for the link. I have updated the HOSTS file on my PC via HJT.

*Remember just like your primary anti-virus software, it is important to:
  • Keep all of these programs up-to-date (using auto-updates where possible), and
  • Use them on a regular (minimum weekly) basis.

I try to do all the above on a weekly basis. I believe, as you stated later on in your post, that the infection came as a result of something downloaded by one user who still remains "at large".


Quote:
Additionally, TEMPORARY files are both a significant source of clutter and potential hiding places for MALWARE content. Clean out those areas periodically - at least weekly.
Duly noted.


Those that continue to want to use ‘Limewire’, 'BitTorrent', 'Bearshare', ‘Morpheus’ or other P2P applications, can expect to see the possibility of more malware issues (such as bad executables):

None of those applications on my PC.

You would be well-advised to at least consider strengthening your real-time prevention tools and use either Spy Sweeper or Spyware Doctor, and possibly also run AVG Anti-Spyware - formally known as EWIDO (mainly for anti-trojan defensive purposes) in real-time, as well (paid version=realtime).

Duly noted.

No combination of tools, however, can ever be completely fail-safe for all possible issues.[/QUOTE]
Last edited by Tj_El; 27-01-2007 at 12:35 AM.
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
  #8 (permalink)  
Old 27-01-2007, 12:36 AM
Newbie
D-A-L Newbie
  
Join Date: Jan 2007
Posts: 9
Tj_El Is a beginner here at D-A-L
Re: Symantec found virus: kernels1118.exe & Infostealer
Latest HJT Log:

Logfile of HijackThis v1.99.1
Scan saved at 23:34:06, on 26/01/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
D:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
D:\WINDOWS\System32\cisvc.exe
D:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
D:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
D:\WINDOWS\system32\nvsvc32.exe
D:\WINDOWS\System32\svchost.exe
D:\Program Files\TightVNC\WinVNC.exe
D:\WINDOWS\Explorer.EXE
D:\WINDOWS\system32\rundll32.exe
D:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
D:\Program Files\HP\HP Software Update\HPWuSchd2.exe
D:\Program Files\iTunes\iTunesHelper.exe
D:\Program Files\QuickTime\qttask.exe
D:\WINDOWS\system32\RUNDLL32.EXE
D:\Program Files\iPod\bin\iPodService.exe
D:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
D:\Program Files\ZyXEL\ZyXEL USB ADSL\CnxDslTb.exe
D:\WINDOWS\System32\svchost.exe
D:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
D:\Program Files\lycos\Lyc_SysTray.exe
D:\PROGRA~1\MICROS~3\wcescomm.exe
D:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\G oogleToolbarNotifier.exe
D:\WINDOWS\system32\ctfmon.exe
D:\PROGRA~1\MICROS~3\rapimgr.exe
D:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
D:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
D:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
D:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
D:\Program Files\Mozilla Firefox\firefox.exe
D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
D:\WINDOWS\system32\cidaemon.exe
D:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://actionchapel.org.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - d:\program files\google\googletoolbar3.dll
O2 - BHO: NTIECatcher Class - {C56CB6B0-0D96-11D6-8C65-B2868B609932} - D:\Program Files\Xi\NetTransport 2\NTIEHelper.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - d:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [vptray] D:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [NeroFilterCheck] D:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [HP Software Update] D:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [iTunesHelper] "D:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE D:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [WinVNC] "D:\Program Files\TightVNC\WinVNC.exe" -servicehelper
O4 - HKLM\..\Run: [Adobe Photo Downloader] "D:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [CnxDslTaskBar] "D:\Program Files\ZyXEL\ZyXEL USB ADSL\CnxDslTb.exe" "ZyXEL\ZyXEL USB ADSL"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKCU\..\Run: [lycosInside] D:\Program Files\lycos\Lyc_SysTray.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "D:\PROGRA~1\MICROS~3\wcescomm.exe"
O4 - HKCU\..\Run: [swg] D:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\G oogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = D:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = D:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = D:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O8 - Extra context menu item: &ieSpell Options - res://D:\Program Files\ieSpell\iespell.dll/SPELLOPTION.HTM
O8 - Extra context menu item: Check &Spelling - res://D:\Program Files\ieSpell\iespell.dll/SPELLCHECK.HTM
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - D:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - D:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - D:\Program Files\ieSpell\iespell.dll
O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - D:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - D:\Program Files\ieSpell\iespell.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - D:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - D:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - D:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - D:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - D:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - D:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - D:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: ppctlcab - http://ppupdates.ca.com/downloads/scanner/ppctlcab.cab
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - D:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {7D731A83-6C80-4EA4-9646-5E06A0513274} (Sandlot Loader Control) - http://www.shockwave.com/content/bal...webinstall.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game06.zylom.com/activex/zylomgamesplayer.cab
O16 - DPF: {C432C4BD-3566-411C-8F3C-E5E0D3AE5D33} (CBrowser Class) - http://www.streamingfaith.com/common...INIBrowser.CAB
O16 - DPF: {CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA} (Java Plug-in 1.5.0_02) -
O16 - DPF: {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} (Java Plug-in 1.5.0_04) -
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} (Java Plug-in 1.5.0_06) -
O16 - DPF: {CAFEEFAC-0015-0000-0008-ABCDEFFEDCBA} (Java Plug-in 1.5.0_08) -
O16 - DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} (Java Plug-in 1.5.0_09) -
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} -
O16 - DPF: {FA9740A2-5802-42E2-B509-81186EEB3C42} (WABControl Class) - http://www.linkedin.com/cab/wabctrl.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - D:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - D:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: NavLogon - D:\WINDOWS\system32\NavLogon.dll
O20 - Winlogon Notify: WgaLogon - D:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - D:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - D:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: DefWatch - Symantec Corporation - D:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
O23 - Service: Contivity VPN Service (ExtranetAccess) - Nortel Networks NA, Inc. - D:\Program Files\BMG VPN Client\Extranet_serv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - D:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - D:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - D:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - D:\WINDOWS\system32\HPZipm12.exe
O23 - Service: VNC Server (winvnc) - Unknown owner - D:\Program Files\TightVNC\WinVNC.exe" -service (file missing)
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
  #9 (permalink)  
Old 27-01-2007, 04:35 AM
VopThis's Avatar
Senior Member (Canada)
  
Join Date: Nov 2005
Posts: 3,439
VopThis is a D-A-L Rockstar!VopThis is a D-A-L Rockstar!VopThis is a D-A-L Rockstar!VopThis is a D-A-L Rockstar!VopThis is a D-A-L Rockstar!VopThis is a D-A-L Rockstar!VopThis is a D-A-L Rockstar!VopThis is a D-A-L Rockstar!VopThis is a D-A-L Rockstar!VopThis is a D-A-L Rockstar!VopThis is a D-A-L Rockstar!
Re: Symantec found virus: kernels1118.exe & Infostealer
Should fix the following (mostly new items - JAVA) in HijackThis:

O16 - DPF: {CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA} (Java Plug-in 1.5.0_02) -
O16 - DPF: {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} (Java Plug-in 1.5.0_04) -
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} (Java Plug-in 1.5.0_06) -
O16 - DPF: {CAFEEFAC-0015-0000-0008-ABCDEFFEDCBA} (Java Plug-in 1.5.0_08) -
O16 - DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} (Java Plug-in 1.5.0_09) -
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A}
__________________
Vincent P

MALWARE: READ FIRST Procedures:
|_ SpyBot V1.5 _|_ HijackThis LOG __V2.0.2 _|

__
ASAP: promoting a high standard and quality of security support no matter where you seek help.

Quote:
SAFER SURFING TOOLS (IE/FF **FREE** browser addons):
Linkscanner + WOT (Web of Trust) + SiteAdvisor (suggest at least two but not necessarily all)
Quote:
Tell me and I forget; show me and I remember; involve me and I understand.
There are no foolish questions, the only thing foolish is not asking if you're unsure of something.
Never ASSUME any detail because it can make an ASS out of U and ME... (ASS/U/ME ).
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
  #10 (permalink)  
Old 27-01-2007, 12:34 PM
Newbie
D-A-L Newbie
  
Join Date: Jan 2007
Posts: 9
Tj_El Is a beginner here at D-A-L
Re: Symantec found virus: kernels1118.exe & Infostealer
Hi Vincent,

Done.

Did they occur because I had uninstalled all previous versions of the JSEE updates leaving only Update 10?

Regards,
Tj_El
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
Reply
Page 1 of 2 1 2

« Previous Thread | Next Thread »

Thread Tools

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
HiJackThis Log / Virus Found Lop mhiphopsummit Spyware, Adware, Viruses and HijackThis Logs 3 19-03-2008 06:38 AM
Virus found LOP Palmer89 Spyware, Adware, Viruses and HijackThis Logs 1 14-12-2007 06:01 AM
Virus Found LOP bshobson@verizon.net Windows XP Help 6 23-10-2007 07:31 AM
found a virus! Troubled Kid Windows XP Help 1 24-08-2007 12:10 AM
Computer Lagging and found virus HELP! nazuk Spyware, Adware, Viruses and HijackThis Logs 2 29-09-2006 05:20 PM


All times are GMT +1. The time now is 11:00 PM.
Member Login
Remember me ?
Forgot password?
Ads

Want to Advertise? Click Here
Help Categories
Desktop / Server Apps
Drivers
Firewalls and Networks
Games
General Internet Issues
Hardware
Linux
MAC OS
Modding / Overclocking
Search Engines
Spyware and Security
Web Development
Windows 2000
Windows 7
Windows 98
Windows ME
Windows Vista
Windows XP

Computer Repair Companies
Bottom Corner Bottom Nav