2
Report file date: 19 February 2008 20:56
Scanning for 1117323 virus strains and unwanted programs.
Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 1) [5.1.2600]
Username: Thandi family
Computer name: THANDI
Version information:
BUILD.DAT : 270 15603 Bytes 9/19/2007 13:32:00
AVSCAN.EXE : 7.0.6.1 290856 Bytes 8/23/2007 14:16:29
AVSCAN.DLL : 7.0.6.0 49192 Bytes 8/16/2007 13:23:51
LUKE.DLL : 7.0.5.3 147496 Bytes 8/14/2007 16:32:47
LUKERES.DLL : 7.0.6.1 10280 Bytes 8/21/2007 13:35:20
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 7/18/2007 15:27:15
ANTIVIR1.VDF : 7.0.1.95 3367424 Bytes 12/14/2007 20:49:11
ANTIVIR2.VDF : 7.0.2.113 1673728 Bytes 2/8/2008 20:49:11
ANTIVIR3.VDF : 7.0.2.162 292864 Bytes 2/19/2008 20:49:11
AVEWIN32.DLL : 7.6.0.67 3293696 Bytes 2/19/2008 20:49:12
AVWINLL.DLL : 1.0.0.7 14376 Bytes 2/26/2007 11:36:26
AVPREF.DLL : 7.0.2.2 25640 Bytes 7/18/2007 08:39:17
AVREP.DLL : 7.0.0.1 155688 Bytes 4/16/2007 14:16:24
AVPACK32.DLL : 7.6.0.3 360488 Bytes 2/19/2008 20:49:12
AVREG.DLL : 7.0.1.6 30760 Bytes 7/18/2007 08:17:06
AVARKT.DLL : 1.0.0.20 278568 Bytes 8/28/2007 13:26:33
AVEVTLOG.DLL : 7.0.0.20 86056 Bytes 7/18/2007 08:10:18
NETNT.DLL : 7.0.0.0 7720 Bytes 3/8/2007 12:09:42
RCIMAGE.DLL : 7.0.1.30 2342952 Bytes 8/7/2007 13:38:13
RCTEXT.DLL : 7.0.62.0 86056 Bytes 8/21/2007 13:50:37
SQLITE3.DLL : 3.3.17.1 339968 Bytes 7/23/2007 10:37:21
Configuration settings for the scan:
Jobname..........................: Local Hard Disks
Configuration file...............: d:\program files\avira\antivir personaledition classic\alldiscs.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: off
Scan boot sector.................: on
Boot sectors.....................: D:,
Scan memory......................: on
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium
Start of the scan: 19 February 2008 20:56
The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'firefox.exe' - '1' Module(s) have been scanned
Scan process 'iPodService.exe' - '1' Module(s) have been scanned
Scan process 'mpbtn.exe' - '1' Module(s) have been scanned
Scan process 'Ymsgr_tray.exe' - '1' Module(s) have been scanned
Scan process 'wdfmgr.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'PAStiSvc.exe' - '1' Module(s) have been scanned
Scan process 'nvsvc32.exe' - '1' Module(s) have been scanned
Scan process 'nod32krn.exe' - '1' Module(s) have been scanned
Scan process 'gcasDtServ.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'jusched.exe' - '1' Module(s) have been scanned
Scan process 'realsched.exe' - '1' Module(s) have been scanned
Scan process 'iTunesHelper.exe' - '1' Module(s) have been scanned
Scan process 'nod32kui.exe' - '1' Module(s) have been scanned
Scan process 'BTHelpNotifier.exe' - '1' Module(s) have been scanned
Scan process 'McciTrayApp.exe' - '1' Module(s) have been scanned
Scan process 'gcasServ.exe' - '1' Module(s) have been scanned
Scan process 'rundll32.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
34 processes with 34 modules were scanned
Start scanning boot sectors:
Boot sector 'C:\'
[NOTE] No virus was found!
Boot sector 'D:\'
[NOTE] No virus was found!
Starting to scan the registry.
D:\WINDOWS\system32\nnnliij.dll
[WARNING] The file could not be opened!
The registry was scanned ( '36' files ).
Starting the file scan:
Begin scan in 'C:\' <Secondary C>
Begin scan in 'D:\' <Primary D>
D:\pagefile.sys
[WARNING] The file could not be opened!
D:\Documents and Settings\Thandi family\Application Data\Sun\Java\Deployment\cache\6.0\13\6ca4634d-325cb8bb
[0] Archive type: ZIP
--> Dix.class
[DETECTION] Contains detection pattern of the Java virus JAVA/ClassLoader.GD
--> Dux.class
[DETECTION] Contains detection pattern of the Java virus JAVA/ClassLoader.GE
--> VaaaaaaaBaa.class
[DETECTION] Contains detection pattern of the Java virus JAVA/ClassLoader.FA
[INFO] The file was moved to '481c440c.qua'!
D:\Documents and Settings\Thandi family\Local Settings\Temp\aahmfxtv.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '482344b4.qua'!
D:\Documents and Settings\Thandi family\Local Settings\Temp\bcjbfpuw.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '482544b8.qua'!
D:\Documents and Settings\Thandi family\Local Settings\Temp\chmsdeop.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '482844d2.qua'!
D:\Documents and Settings\Thandi family\Local Settings\Temp\cjeyapqx.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '482044d4.qua'!
D:\Documents and Settings\Thandi family\Local Settings\Temp\clpxoonx.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '482b44d6.qua'!
D:\Documents and Settings\Thandi family\Local Settings\Temp\D2D0.tmp
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[INFO] The file was moved to '47ff449d.qua'!
D:\Documents and Settings\Thandi family\Local Settings\Temp\defmkxwy.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '482144d1.qua'!
D:\Documents and Settings\Thandi family\Local Settings\Temp\dppnhkyv.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '482b44dc.qua'!
D:\Documents and Settings\Thandi family\Local Settings\Temp\fhxquvxc.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '483344d5.qua'!
D:\Documents and Settings\Thandi family\Local Settings\Temp\fievtoho.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '482044d6.qua'!
D:\Documents and Settings\Thandi family\Local Settings\Temp\ftwtvern.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '483244e2.qua'!
D:\Documents and Settings\Thandi family\Local Settings\Temp\guerdwxf.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '482044e5.qua'!
D:\Documents and Settings\Thandi family\Local Settings\Temp\jbqogqdt.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '482c451c.qua'!
D:\Documents and Settings\Thandi family\Local Settings\Temp\lbyigyvr.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '4834451d.qua'!
D:\Documents and Settings\Thandi family\Local Settings\Temp\mkymjwnj.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '48344528.qua'!
D:\Documents and Settings\Thandi family\Local Settings\Temp\wfyctpig.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '48344552.qua'!
D:\Documents and Settings\Thandi family\Local Settings\Temporary Internet Files\Content.IE5\MR5V0JDL\CAOL81O7
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '480a4790.qua'!
D:\Program Files\ESET\infected\G1USH3DA.NQF
[DETECTION] Is the Trojan horse TR/Spy.Agent.42496
[INFO] The file was moved to '481048ef.qua'!
D:\Program Files\ESET\infected\IVYFB0CA.NQF
[DETECTION] Is the Trojan horse TR/Dldr.Alphabet.LH1
[INFO] The file was moved to '48144933.qua'!
D:\Program Files\ESET\infected\MESA05BA.NQF
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was moved to '480e4937.qua'!
D:\Program Files\ESET\infected\XY32QQAA.NQF
[DETECTION] Is the Trojan horse TR/Dldr.ConHook.Gen
[INFO] The file was moved to '47ee4965.qua'!
D:\Program Files\ESET\infected\ZUR3S1BA.NQF
[DETECTION] Is the Trojan horse TR/Spy.Banker.feb
[INFO] The file was moved to '480d496d.qua'!
D:\Program Files\ShoppingReport\Uninst.exe
[DETECTION] Contains detection pattern of the dropper DR/MartShop.2
[INFO] The file was moved to '48244ba7.qua'!
D:\VundoFix Backups\fpchcatg.dll.bad
[DETECTION] Is the Trojan horse TR/Dldr.ConHook.Gen
[INFO] The file was moved to '481e4bd3.qua'!
D:\VundoFix Backups\lpadgeuh.dll.bad
[DETECTION] Is the Trojan horse TR/Dldr.ConHook.Gen
[INFO] The file was moved to '481c4bd3.qua'!
D:\VundoFix Backups\mydcrnev.dll.bad
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '481f4bdd.qua'!
D:\VundoFix Backups\niclpaom.dll.bad
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '481e4bcd.qua'!
D:\VundoFix Backups\ohhroqil.dll.bad
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '48234bcd.qua'!
D:\VundoFix Backups\ohjuvser.dll.bad
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '48254bcd.qua'!
D:\VundoFix Backups\pmkhe.dll.bad
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '48264bd2.qua'!
D:\VundoFix Backups\psoylrxj.dll.bad
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '482a4bd9.qua'!
D:\VundoFix Backups\wfavrpno.dll.bad
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '481c4bcc.qua'!
D:\VundoFix Backups\xsykbeki.dll.bad
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '48344bd9.qua'!
D:\VundoFix Backups\yxwgsltk.dll.bad
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '48324bdf.qua'!
D:\WINDOWS\system32\jkhhe.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[WARNING] An error has occurred and the file was not deleted. ErrorID: 16003
[WARNING] The file could not be deleted!
D:\WINDOWS\system32\mrcmgr.exe
[DETECTION] Is the Trojan horse TR/Dropper.Gen
[INFO] The file was moved to '481e4da3.qua'!
D:\WINDOWS\system32\nnnliij.dll
[WARNING] The file could not be opened!
D:\WINDOWS\system32\scacr.dll
[DETECTION] Is the Trojan horse TR/Agent.AFRN
[INFO] The file was moved to '481c4da9.qua'!
D:\WINDOWS\Temp\2.tmp
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[INFO] The file was moved to '482f4dee.qua'!
End of the scan: 19 February 2008 21:44
Used time: 48:09 min
The scan has been done completely.
5289 Scanning directories
189945 Files were scanned
41 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
0 files were deleted
0 files were repaired
38 files were moved to quarantine
0 files were renamed
3 Files cannot be scanned
189904 Files not concerned
2341 Archives were scanned
4 Warnings
0 Notes
SUPER Anti Spyware Log
Generated 02/19/2008 at 10:29 PM
Application Version : 4.0.1106
Core Rules Database Version : 3405
Trace Rules Database Version: 1397
Scan type : Complete Scan
Total Scan Time : 00:37:15
Memory items scanned : 393
Memory threats detected : 2
Registry items scanned : 5187
Registry threats detected : 41
File items scanned : 30540
File threats detected : 93
Trojan.Unclassifed/AffiliateBundle
D:\WINDOWS\SYSTEM32\NNNLIIJ.DLL
D:\WINDOWS\SYSTEM32\NNNLIIJ.DLL
Software\Microsoft\Windows NT\CurrentVersion\WinLogon\Notify\nnnliij
Adware.Vundo Variant/Resident
D:\WINDOWS\SYSTEM32\JKHHE.DLL
D:\WINDOWS\SYSTEM32\JKHHE.DLL
Adware.Vundo Variant
HKLM\Software\Classes\CLSID\{16C4CC4D-559A-40CA-927A-F59BD019E904}
HKCR\CLSID\{16C4CC4D-559A-40CA-927A-F59BD019E904}
HKCR\CLSID\{16C4CC4D-559A-40CA-927A-F59BD019E904}\InprocServer32
HKCR\CLSID\{16C4CC4D-559A-40CA-927A-F59BD019E904}\InprocServer32#ThreadingModel
D:\WINDOWS\SYSTEM32\LERQYDPI.DLL
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{16C4CC4D-559A-40CA-927A-F59BD019E904}
HKCR\CLSID\{16C4CC4D-559A-40CA-927A-F59BD019E904}
Trojan.WinFixer
HKLM\Software\Classes\CLSID\{3EC1CB3A-4C2E-4A2B-AB65-1F74AC325A67}
HKCR\CLSID\{3EC1CB3A-4C2E-4A2B-AB65-1F74AC325A67}
HKCR\CLSID\{3EC1CB3A-4C2E-4A2B-AB65-1F74AC325A67}\InprocServer32
HKCR\CLSID\{3EC1CB3A-4C2E-4A2B-AB65-1F74AC325A67}\InprocServer32#ThreadingModel
HKLM\Software\Classes\CLSID\{AC500F54-7EBF-4E98-A426-F4CB121648F0}
HKCR\CLSID\{AC500F54-7EBF-4E98-A426-F4CB121648F0}
HKCR\CLSID\{AC500F54-7EBF-4E98-A426-F4CB121648F0}\InprocServer32
HKCR\CLSID\{AC500F54-7EBF-4E98-A426-F4CB121648F0}\InprocServer32#ThreadingModel
D:\WINDOWS\SYSTEM32\PMKHE.DLL
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3EC1CB3A-4C2E-4A2B-AB65-1F74AC325A67}
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AC500F54-7EBF-4E98-A426-F4CB121648F0}
Adware.Agent-XMLHelp
HKLM\Software\Classes\CLSID\{85589B5D-D53D-4237-A677-46B82EA275F3}
HKCR\CLSID\{85589B5D-D53D-4237-A677-46B82EA275F3}
HKCR\CLSID\{85589B5D-D53D-4237-A677-46B82EA275F3}
HKCR\CLSID\{85589B5D-D53D-4237-A677-46B82EA275F3}#AppID
HKCR\CLSID\{85589B5D-D53D-4237-A677-46B82EA275F3}#LU
HKCR\CLSID\{85589B5D-D53D-4237-A677-46B82EA275F3}\InprocServer32
HKCR\CLSID\{85589B5D-D53D-4237-A677-46B82EA275F3}\InprocServer32#ThreadingModel
HKCR\CLSID\{85589B5D-D53D-4237-A677-46B82EA275F3}\ProgID
HKCR\CLSID\{85589B5D-D53D-4237-A677-46B82EA275F3}\Programmable
HKCR\CLSID\{85589B5D-D53D-4237-A677-46B82EA275F3}\TypeLib
HKCR\CLSID\{85589B5D-D53D-4237-A677-46B82EA275F3}\VersionIndependentProgID
D:\WINDOWS\SYSTEM32\VN47SMM4.DLL
Unclassified.Unknown Origin
HKLM\Software\Classes\CLSID\{E1759A31-E627-4758-9562-6899DF36C9C2}
HKCR\CLSID\{E1759A31-E627-4758-9562-6899DF36C9C2}
HKCR\CLSID\{E1759A31-E627-4758-9562-6899DF36C9C2}\InprocServer32
HKCR\CLSID\{E1759A31-E627-4758-9562-6899DF36C9C2}\InprocServer32#ThreadingModel
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E1759A31-E627-4758-9562-6899DF36C9C2}
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks#{E1759A31-E627-4758-9562-6899DF36C9C2}
HKCR\CLSID\{E1759A31-E627-4758-9562-6899DF36C9C2}
Trojan.Unknown Origin
HKLM\Software\xpre
HKLM\Software\xpre#execount
Adware.WsnPoem
D:\WINDOWS\system32\wsnpoem\audio.dll
D:\WINDOWS\system32\wsnpoem\video.dll
D:\WINDOWS\system32\wsnpoem
Malware.LocusSoftware Inc/BestSellerAntivirus
HKLM\Software\AVSystemCare
HKLM\Software\AVSystemCare#EulaUGA6P_0001_N122M2210
D:\DOCUMENTS AND SETTINGS\THANDI FAMILY\LOCAL SETTINGS\TEMP\WINVSNET.EXE
D:\SYSTEM VOLUME INFORMATION\_RESTORE{F5D9EF5B-808F-4B28-B361-3938CA68C8BC}\RP139\A0294530.LNK
D:\SYSTEM VOLUME INFORMATION\_RESTORE{F5D9EF5B-808F-4B28-B361-3938CA68C8BC}\RP139\A0294532.LNK
D:\SYSTEM VOLUME INFORMATION\_RESTORE{F5D9EF5B-808F-4B28-B361-3938CA68C8BC}\RP139\A0294533.LNK
D:\SYSTEM VOLUME INFORMATION\_RESTORE{F5D9EF5B-808F-4B28-B361-3938CA68C8BC}\RP139\A0294586.LNK
D:\SYSTEM VOLUME INFORMATION\_RESTORE{F5D9EF5B-808F-4B28-B361-3938CA68C8BC}\RP139\A0294589.LNK
Malware.LocusSoftware Inc/SpyGuardPro
HKLM\Software\SpyGuardPro
HKLM\Software\SpyGuardPro#EulaUGA6P_0001_N122M2210
Adware.180solutions/ZangoSearch
C:\SYSTEM VOLUME INFORMATION\_RESTORE{F5D9EF5B-808F-4B28-B361-3938CA68C8BC}\RP144\A0305690.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{F5D9EF5B-808F-4B28-B361-3938CA68C8BC}\RP149\A0310033.EXE
Adware.Tracking Cookie
D:\Documents and Settings\Thandi family\Cookies\thandi family@2o7[2].txt
D:\Documents and Settings\Thandi family\Cookies\thandi family@ad.yieldmanager[1].txt
D:\Documents and Settings\Thandi family\Cookies\thandi family@www.clash-media[2].txt
D:\Documents and Settings\Thandi family\Cookies\thandi family@ad.yieldmanager[5].txt
D:\Documents and Settings\Thandi family\Cookies\thandi family@ad.yieldmanager[2].txt
D:\Documents and Settings\Thandi family\Cookies\thandi family@ad.yieldmanager[3].txt
D:\Documents and Settings\Thandi family\Cookies\thandi family@tradedoubler[1].txt
D:\Documents and Settings\Thandi family\Local Settings\Temp\Cookies\thandi family@tracking.foxnews[1].txt
D:\Documents and Settings\Thandi family\Local Settings\Temp\Cookies\thandi family@server.cpmstar[1].txt
D:\Documents and Settings\Thandi family\Local Settings\Temp\Cookies\thandi family@ads.digital5media[1].txt
D:\Documents and Settings\Thandi family\Local Settings\Temp\Cookies\thandi family@adopt.euroclick[2].txt
D:\Documents and Settings\Thandi family\Local Settings\Temp\Cookies\thandi family@statcounter[2].txt
D:\Documents and Settings\Thandi family\Local Settings\Temp\Cookies\thandi family@bs.serving-sys[1].txt
D:\Documents and Settings\Thandi family\Local Settings\Temp\Cookies\thandi family@fastclick[2].txt
D:\Documents and Settings\Thandi family\Local Settings\Temp\Cookies\thandi family@server.iad.liveperson[2].txt
D:\Documents and Settings\Thandi family\Local Settings\Temp\Cookies\thandi family@ads.maxecpm[2].txt
D:\Documents and Settings\Thandi family\Local Settings\Temp\Cookies\thandi family@cpvfeed[2].txt
D:\Documents and Settings\Thandi family\Local Settings\Temp\Cookies\thandi family@partygaming.122.2o7[1].txt
D:\Documents and Settings\Thandi family\Local Settings\Temp\Cookies\thandi family@ehg-autotrader.hitbox[1].txt
D:\Documents and Settings\Thandi family\Local Settings\Temp\Cookies\thandi family@ehg-debenhams.hitbox[1].txt
D:\Documents and Settings\Thandi family\Local Settings\Temp\Cookies\thandi family@mediaplex[1].txt
D:\Documents and Settings\Thandi family\Local Settings\Temp\Cookies\thandi family@hitbox[2].txt
D:\Documents and Settings\Thandi family\Local Settings\Temp\Cookies\thandi family@advertising[1].txt
D:\Documents and Settings\Thandi family\Local Settings\Temp\Cookies\thandi family@tooth14.bigmouthmedia[1].txt
D:\Documents and Settings\Thandi family\Local Settings\Temp\Cookies\thandi family@partypoker[1].txt
D:\Documents and Settings\Thandi family\Local Settings\Temp\Cookies\thandi family@ad.yieldmanager[1].txt
D:\Documents and Settings\Thandi family\Local Settings\Temp\Cookies\thandi family@a.websponsors[2].txt
D:\Documents and Settings\Thandi family\Local Settings\Temp\Cookies\thandi family@adtech[2].txt
D:\Documents and Settings\Thandi family\Local Settings\Temp\Cookies\thandi family@casalemedia[2].txt
D:\Documents and Settings\Thandi family\Local Settings\Temp\Cookies\thandi family@tradedoubler[1].txt
D:\Documents and Settings\Thandi family\Local Settings\Temp\Cookies\thandi family@adlegend[2].txt
D:\Documents and Settings\Thandi family\Local Settings\Temp\Cookies\thandi family@247realmedia[1].txt
D:\Documents and Settings\Thandi family\Local Settings\Temp\Cookies\thandi family@atdmt[2].txt
D:\Documents and Settings\Thandi family\Local Settings\Temp\Cookies\thandi family@eas.apm.emediate[1].txt
D:\Documents and Settings\Thandi family\Local Settings\Temp\Cookies\thandi family@serving-sys[2].txt
D:\Documents and Settings\Thandi family\Local Settings\Temp\Cookies\thandi family@videoegg.adbureau[2].txt
D:\Documents and Settings\Thandi family\Local Settings\Temp\Cookies\thandi family@adbrite[2].txt
D:\Documents and Settings\Thandi family\Local Settings\Temp\Cookies\thandi family@doubleclick[2].txt
D:\Documents and Settings\Thandi family\Local Settings\Temp\Cookies\thandi family@ehg-worldwildlifefund.hitbox[2].txt
D:\Documents and Settings\Thandi family\Local Settings\Temp\Cookies\thandi family@indextools[2].txt
D:\Documents and Settings\Thandi family\Local Settings\Temp\Cookies\thandi family@interclick[2].txt
D:\Documents and Settings\Thandi family\Local Settings\Temp\Cookies\thandi family@revsci[2].txt
D:\Documents and Settings\Thandi family\Local Settings\Temp\Cookies\thandi family@statse.webtrendslive[1].txt
D:\Documents and Settings\Thandi family\Local Settings\Temp\Cookies\thandi family@trafficmp[1].txt
D:\Documents and Settings\Thandi family\Local Settings\Temp\Cookies\thandi family@tribalfusion[1].txt
D:\Documents and Settings\Thandi family\Local Settings\Temp\Cookies\thandi family@zedo[2].txt
Adware.Vundo-Variant/Small-A
D:\SYSTEM VOLUME INFORMATION\_RESTORE{F5D9EF5B-808F-4B28-B361-3938CA68C8BC}\RP153\A0314537.DLL
D:\SYSTEM VOLUME INFORMATION\_RESTORE{F5D9EF5B-808F-4B28-B361-3938CA68C8BC}\RP153\A0315566.DLL
D:\SYSTEM VOLUME INFORMATION\_RESTORE{F5D9EF5B-808F-4B28-B361-3938CA68C8BC}\RP153\A0315720.DLL
D:\SYSTEM VOLUME INFORMATION\_RESTORE{F5D9EF5B-808F-4B28-B361-3938CA68C8BC}\RP154\A0315795.DLL
D:\SYSTEM VOLUME INFORMATION\_RESTORE{F5D9EF5B-808F-4B28-B361-3938CA68C8BC}\RP154\A0316885.DLL
D:\SYSTEM VOLUME INFORMATION\_RESTORE{F5D9EF5B-808F-4B28-B361-3938CA68C8BC}\RP154\A0318922.DLL
D:\SYSTEM VOLUME INFORMATION\_RESTORE{F5D9EF5B-808F-4B28-B361-3938CA68C8BC}\RP155\A0327962.DLL
D:\SYSTEM VOLUME INFORMATION\_RESTORE{F5D9EF5B-808F-4B28-B361-3938CA68C8BC}\RP155\A0327959.DLL
D:\SYSTEM VOLUME INFORMATION\_RESTORE{F5D9EF5B-808F-4B28-B361-3938CA68C8BC}\RP155\A0327960.DLL
D:\SYSTEM VOLUME INFORMATION\_RESTORE{F5D9EF5B-808F-4B28-B361-3938CA68C8BC}\RP155\A0327961.DLL
D:\SYSTEM VOLUME INFORMATION\_RESTORE{F5D9EF5B-808F-4B28-B361-3938CA68C8BC}\RP155\A0327980.DLL
D:\SYSTEM VOLUME INFORMATION\_RESTORE{F5D9EF5B-808F-4B28-B361-3938CA68C8BC}\RP155\A0327963.DLL
D:\SYSTEM VOLUME INFORMATION\_RESTORE{F5D9EF5B-808F-4B28-B361-3938CA68C8BC}\RP155\A0327965.DLL
D:\SYSTEM VOLUME INFORMATION\_RESTORE{F5D9EF5B-808F-4B28-B361-3938CA68C8BC}\RP155\A0327967.DLL
D:\SYSTEM VOLUME INFORMATION\_RESTORE{F5D9EF5B-808F-4B28-B361-3938CA68C8BC}\RP155\A0327968.DLL
D:\SYSTEM VOLUME INFORMATION\_RESTORE{F5D9EF5B-808F-4B28-B361-3938CA68C8BC}\RP155\A0327969.DLL
D:\SYSTEM VOLUME INFORMATION\_RESTORE{F5D9EF5B-808F-4B28-B361-3938CA68C8BC}\RP155\A0327970.DLL
D:\SYSTEM VOLUME INFORMATION\_RESTORE{F5D9EF5B-808F-4B28-B361-3938CA68C8BC}\RP155\A0327971.DLL
D:\SYSTEM VOLUME INFORMATION\_RESTORE{F5D9EF5B-808F-4B28-B361-3938CA68C8BC}\RP155\A0327972.DLL
D:\SYSTEM VOLUME INFORMATION\_RESTORE{F5D9EF5B-808F-4B28-B361-3938CA68C8BC}\RP155\A0327973.DLL
D:\SYSTEM VOLUME INFORMATION\_RESTORE{F5D9EF5B-808F-4B28-B361-3938CA68C8BC}\RP155\A0327974.DLL
D:\SYSTEM VOLUME INFORMATION\_RESTORE{F5D9EF5B-808F-4B28-B361-3938CA68C8BC}\RP155\A0327976.DLL
D:\SYSTEM VOLUME INFORMATION\_RESTORE{F5D9EF5B-808F-4B28-B361-3938CA68C8BC}\RP155\A0327977.DLL
D:\SYSTEM VOLUME INFORMATION\_RESTORE{F5D9EF5B-808F-4B28-B361-3938CA68C8BC}\RP155\A0327979.DLL
D:\SYSTEM VOLUME INFORMATION\_RESTORE{F5D9EF5B-808F-4B28-B361-3938CA68C8BC}\RP155\A0327981.DLL
D:\SYSTEM VOLUME INFORMATION\_RESTORE{F5D9EF5B-808F-4B28-B361-3938CA68C8BC}\RP155\A0327982.DLL
Adware.Vundo-Variant
D:\SYSTEM VOLUME INFORMATION\_RESTORE{F5D9EF5B-808F-4B28-B361-3938CA68C8BC}\RP155\A0327975.DLL
Trojan.Downloader-Gen/Suspicious
D:\SYSTEM VOLUME INFORMATION\_RESTORE{F5D9EF5B-808F-4B28-B361-3938CA68C8BC}\RP157\A0328015.EXE
Adware.Vundo Variant/Rel
D:\WINDOWS\SYSTEM32\EHHKJ.INI
Trojan.Downloader-Gen
D:\WINDOWS\SYSTEM32\NTOS.EXE
Trace.Known Threat Sources
D:\Documents and Settings\Thandi family\Local Settings\Temporary Internet Files\Content.IE5\496QHQMT\14_swp[1]
Hijack This Log
Scan saved at 23:19:04, on 19/02/2008
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal
Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
D:\WINDOWS\Explorer.EXE
D:\WINDOWS\System32\RUNDLL32.EXE
D:\Program Files\GIANT Company Software\GIANT AntiSpyware\gcasServ.exe
D:\Program Files\btbb_wcm\McciTrayApp.exe
D:\PROGRA~1\BTBROA~2\SMARTB~1\BTHelpNotifier.exe
D:\Program Files\Eset\nod32kui.exe
D:\Program Files\iTunes\iTunesHelper.exe
D:\Program Files\Common Files\Real\Update_OB\realsched.exe
D:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
D:\Program Files\GIANT Company Software\GIANT AntiSpyware\gcasDtServ.exe
D:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
D:\Program Files\Eset\nod32krn.exe
D:\WINDOWS\System32\nvsvc32.exe
D:\WINDOWS\System32\PAStiSvc.exe
D:\WINDOWS\System32\svchost.exe
D:\Program Files\GIANT Company Software\GIANT AntiSpyware\gcasNotice.exe
D:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
D:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
D:\Program Files\iPod\bin\iPodService.exe
D:\Program Files\BT Broadband Desktop Help\bin\mpbtn.exe
D:\Program Files\Mozilla Firefox\firefox.exe
D:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
D:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
D:\Program Files\Grisoft\AVG7\avgcc.exe
D:\Program Files\Grisoft\AVG7\avgwb.dat
D:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - D:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
F2 - REG:system.ini: UserInit=D:\WINDOWS\system32\userinit.exe,D:\WINDOWS\System32\ntos.exe,
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - D:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - D:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: {83171400-1cfe-675a-5a64-04198957be52} - {25eb7598-9140-46a5-a576-efc100417138} - D:\WINDOWS\System32\niclpaom.dll (file missing)
O2 - BHO: H - {2F1890C8-8727-4d35-9312-AFDB3A403E83} - mcacr.dll (file missing)
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - D:\Program Files\rpbrowserrecordplugin.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - D:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - D:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - d:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - D:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - D:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: Flash Module - {E8CD09B0-BA55-4157-9E84-6B4B1C89B9A0} - sockver1.dll (file missing)
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - D:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - d:\program files\google\googletoolbar3.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - D:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - D:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE D:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [gcasServ] "D:\Program Files\GIANT Company Software\GIANT AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [btbb_wcm_McciTrayApp] D:\Program Files\btbb_wcm\McciTrayApp.exe
O4 - HKLM\..\Run: [Motive SmartBridge] D:\PROGRA~1\BTBROA~2\SMARTB~1\BTHelpNotifier.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [nod32kui] "D:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "D:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [TkBellExe] "D:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [4oD] "D:\Program Files\Kontiki\KHost.exe" -all
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "D:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [0024c6ee] rundll32.exe "D:\WINDOWS\System32\mydcrnev.dll",b
O4 - HKLM\..\Run: [avgnt] "D:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [AVG7_CC] D:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [Yahoo! Pager] "D:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [SUPERAntiSpyware] D:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] D:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: BT Broadband Desktop Help.lnk = D:\Program Files\BT Broadband Desktop Help\bin\matcli.exe
O8 - Extra context menu item: &Windows Live Search - res://D:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Open in new background tab - res://D:\Program Files\Windows Live Toolbar\Components\en-gb\msntabres.dll.mui/229?0c8a0066effa4c10a083f47498883598
O8 - Extra context menu item: Open in new foreground tab - res://D:\Program Files\Windows Live Toolbar\Components\en-gb\msntabres.dll.mui/230?0c8a0066effa4c10a083f47498883598
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - D:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - D:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - D:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - D:\WINDOWS\web\related.htm
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - D:\Documents and Settings\Thandi family\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zon...kr.cab56986.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - D:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace....aceUploader.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zon...1/GAME_UNO1.cab
O16 - DPF: {5F5F9FB8-878E-4455-95E0-F64B2314288A} (ijjiPlugin2 Class) - http://gamedownload.ijjimax.com/gamedownlo...Plugin11USA.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zon...ro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload.ijjimax.com/gamedownlo...GPlugin9USA.cab
O16 - DPF: {DD583921-A9E9-4FBF-9266-8DC2AB5EA0AF} (HGPlugin10USA Class) - http://gamedownload.ijjimax.com/gamedownlo...Plugin10USA.cab
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zon...ss.cab57176.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - D:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - D:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - D:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - D:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - D:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - D:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - D:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - D:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - D:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\System32\nvsvc32.exe
O23 - Service: STI Simulator - Unknown owner - D:\WINDOWS\System32\PAStiSvc.exe
--
End of file - 11411 bytes
!IMPORTANT!
I followed all of your steps on the "How to remove spyware" topic, however, upon completion, my IE and Mozilla are not functioning accordingly e.g no pictures/backgrounds, fonts are also bolder.
Below are links to printscreens, of what my IE/Mozilla look like;
-Google IE:
Mozilla:
-Bebo IE:
Mozilla:
Could you please help me fix this problem aswell.
Thanks for your time.
