Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Help requested on HiJackThis Logfile--thanks!

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Help requested on HiJackThis Logfile--thanks!

Unread postby kjeli » August 7th, 2007, 8:13 pm

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 5:08:43 PM, on 8/7/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Java\jre1.5.0_12\bin\jusched.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\Krista\Desktop\FxVMonde.exe
C:\WINDOWS\system32\taskmgr.exe
C:\HiJackThis\HiJackThis_v2.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\iexplore.exe

O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll
O2 - BHO: (no name) - {3964D8D6-86D0-493A-B460-A805B5401114} - C:\WINDOWS\system32\ssqnkli.dll
O2 - BHO: (no name) - {64FD207E-C311-40FE-AB37-D0400D04E0A4} - C:\WINDOWS\system32\ddaby.dll
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O20 - Winlogon Notify: ddaby - C:\WINDOWS\system32\ddaby.dll
O20 - Winlogon Notify: ssqnkli - C:\WINDOWS\SYSTEM32\ssqnkli.dll
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe

--
End of file - 2359 bytes
[/quote]
kjeli
Active Member
 
Posts: 13
Joined: August 6th, 2007, 2:42 pm
Advertisement
Register to Remove

Unread postby ndmmxiaomayi » August 9th, 2007, 11:48 am

Hi kjeli. :)

Welcome to Malware Removal Forum. My name is mayi and I will be helping you. As I am still an undergraduate, I will need my fixes checked before posting back to you. Thank you for your patience.
ndmmxiaomayi
MRU Emeritus
MRU Emeritus
 
Posts: 9708
Joined: July 17th, 2006, 9:22 am

Unread postby ndmmxiaomayi » August 11th, 2007, 1:37 pm

Hello kjeli. :)

I see that you are using HijackThis version 2 Beta. As it is a beta software, it might not be stable and may cause problems for your PC.

Step 1

  1. Please download the latest copy of HijackThis from Trend Micro and save it to your desktop.
  2. Double click on HJTInstall.exe to install it. Once installed, it will start automatically
  3. Close HijackThis.
  4. Please go to C:\Program Files\Trend Micro\HijackThis and right click on HijackThis.exe. Select Rename.
  5. Type in dumb and press Enter.
  6. Double click on dumb to run it.
  7. Select Do a system scan and save a logfile. Please post back this log in your next reply.
Don't exit HijackThis yet.

Note: Do not click on the AnalyzeThis button.

Do not fix anything you see in HijackThis as most entries are harmless and needed for normal functioning of Windows.


Step 2

  1. Click on the Config... button at the bottom right hand corner.
  2. At the top, click on the Misc Tools button.
  3. Look under System tools.
  4. Click on the Open Uninstall Manager... button.
  5. Click on the Save list... button.
  6. It will prompt you to save. Save this log in a convenient location. By default it's named uninstall_list.txt.
  7. Notepad will open. Please post this list in your next reply.
Still, do not close HijackThis yet.

Step 3

  1. At the top, click on the Backups button.
  2. Please count the number of lines in the Backups section (a big white box next to the Restore, Delete and Delete All buttons)
Close HijackThis.

Step 4

Note: If you already have a copy of Combofix, please delete your current copy as Combofix is updated regularly.

Please download Combofix from Tech Support Forum or Bleeping Computer. Save it to your desktop.

Double click to run it. Follow the prompts. Once done, it will reboot and a log will be produced. Please post that log and a new HijackThis log in your next reply.

Do not mouse click on Combofix while it's running as this may cause it to stall.

In your next reply, please post:

  1. The Combofix log (C:\Combofix.txt)
  2. The uninstall list
  3. Number of lines from Step 3
  4. A new HijackThis log
ndmmxiaomayi
MRU Emeritus
MRU Emeritus
 
Posts: 9708
Joined: July 17th, 2006, 9:22 am

Reply

Unread postby kjeli » August 12th, 2007, 5:54 pm

Hi there! Thanks for your help.

On #3 there was nothing in the box in the Backups section, so there were no lines.. hope that makes sense.

Here are the logs:

1 - HiJackThis Log file pre ComboFix

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:19:50 PM, on 8/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Java\jre1.5.0_12\bin\jusched.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\dumb.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.oan.org/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/mywaybiz
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/av ... _homepage/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll
O2 - BHO: (no name) - {3964D8D6-86D0-493A-B460-A805B5401114} - C:\WINDOWS\system32\ssqnkli.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_12\bin\jusched.exe"
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [DellSupport-] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe

--
End of file - 7623 bytes


2: Unistall List

Ad-Aware 2007
Adobe Reader 7.0
AppCore
AV
ccCommon
Chaos Pack 1.00 for Pocket Tanks Deluxe
Command & Conquer Generals
Conexant D850 56K V.9x DFVc Modem
Dell Driver Reset Tool
Digital Line Detect
Fireworks Pack v1.0 for Pocket Tanks Deluxe
Flamethrower Pack 1.00a for Pocket Tanks Deluxe
Fuzz Pack v1.0 for Pocket Tanks Deluxe
Google Toolbar for Internet Explorer
Google Updater
Gravity Pack v1.0 for Pocket Tanks Deluxe
HijackThis 2.0.2
IExplorer Security Plug-in
Intel(R) Extreme Graphics 2 Driver
Intel(R) PRO Network Adapters and Drivers
Intel(R) PROSet for Wired Connections
Internet Explorer Default Page
iTunes
J2SE Runtime Environment 5.0 Update 12
J2SE Runtime Environment 5.0 Update 6
Java 2 Runtime Environment, SE v1.4.2_03
Learn2 Player (Uninstall Only)
Lexmark Supplies Monitor
Lexmark Z23-Z33
LiveUpdate 3.2 (Symantec Corporation)
LiveUpdate Notice (Symantec Corporation)
Macromedia Flash Player
Macromedia Flash Player 8
Macromedia Shockwave Player
Madden NFL 2004
Messenger Service
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft ActiveSync 3.8
Microsoft Age of Empires
Microsoft Age of Empires II
Microsoft Age of Empires II: The Conquerors Expansion
Microsoft Office Basic Edition 2003
Microsoft Office Professional Edition 2003
Microsoft Office Standard Edition 2003
Microsoft Plus! Digital Media Edition Installer
Microsoft Plus! Photo Story 2 LE
Microsoft User-Mode Driver Framework Feature Pack 1.0.0 (Pre-Release 5348)
Modem Helper
MSRedist
NetWaiting
Network Play System (Patching)
Norton AntiVirus
Norton Confidential Browser Component
Norton Confidential Web Protection Component
Norton Internet Security
Norton Internet Security
Norton Internet Security
Norton Internet Security
Norton Internet Security (Symantec Corporation)
Norton Protection Center
Nuke Pack 1.00 for Pocket Tanks Deluxe
Pocket Tanks Deluxe v1.1
Power Pack 1.00 for Pocket Tanks Deluxe
PrimoPDF
PrimoPDF Redistribution Package
QuickBooks Simple Start Special Edition
Quicken 2006
QuickTime
RealPlayer Basic
Security Update for CAPICOM (KB931906)
Security Update for CAPICOM (KB931906)
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893066)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB896688)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB905915)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB908531)
Security Update for Windows XP (KB911280)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912812)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB916281)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922760)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925454)
Security Update for Windows XP (KB925486)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928090)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB929969)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931768)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933566)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Skype (BETA)
Snowball Pack v1.0 for Pocket Tanks Deluxe
Sonic DLA
Sonic RecordNow Audio
Sonic RecordNow Copy
Sonic RecordNow Data
Sonic Update Manager
SPBBC 32bit
Spybot - Search & Destroy 1.4
Super Pack v1.1 for Pocket Tanks Deluxe
SymNet
The Sims Superstar
Tiger Woods PGA TOUR 2003
TurboTax Deluxe Deduction Maximizer 2006
TurboTax ItsDeductible 2006
Ultimate Pinball Extreme
Update for Windows XP (KB894391)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB910437)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB927891)
Update for Windows XP (KB929338)
Update for Windows XP (KB930916)
Update for Windows XP (KB931836)
Update for Windows XP (KB936357)
Viewpoint Media Player
WebCyberCoach 3.2 Dell
Windows Genuine Advantage v1.3.0254.0
Windows Installer 3.1 (KB893803)
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 10
Windows Media Player 11
Windows Media Player 11
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
WinPcap 3.1
WinZip
WordBiz version 1.8



3: ComboFix Log

ComboFix 07-08-09.3 - "Krista" 2007-08-12 14:23:52.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.235 [GMT -7:00]
* Created a new restore point


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\DOCUME~1\Alex\APPLIC~1\Starware317
C:\DOCUME~1\Alex\APPLIC~1\Starware317\BrowserSearch\BrowserSearch.xml
C:\DOCUME~1\Alex\APPLIC~1\Starware317\BrowserSearch\BrowserSearch.xml.backup
C:\DOCUME~1\Alex\APPLIC~1\Starware317\Configurator\Configurator.xml
C:\DOCUME~1\Alex\APPLIC~1\Starware317\Configurator\Configurator.xml.backup
C:\DOCUME~1\Alex\APPLIC~1\Starware317\ErrorSearch\ErrorSearchOptions.xml
C:\DOCUME~1\Alex\APPLIC~1\Starware317\ErrorSearch\ErrorSearchOptions.xml.backup
C:\DOCUME~1\Alex\APPLIC~1\Starware317\Games\GamesOptions.xml
C:\DOCUME~1\Alex\APPLIC~1\Starware317\Games\GamesOptions.xml.backup
C:\DOCUME~1\Alex\APPLIC~1\Starware317\Games\images\active\Games0.bmp
C:\DOCUME~1\Alex\APPLIC~1\Starware317\Layouts\ToolbarLayout.xml
C:\DOCUME~1\Alex\APPLIC~1\Starware317\Layouts\ToolbarLayout.xml.backup
C:\DOCUME~1\Alex\APPLIC~1\Starware317\Manager\ManagerOptions.xml
C:\DOCUME~1\Alex\APPLIC~1\Starware317\Manager\ManagerOptions.xml.backup
C:\DOCUME~1\Alex\APPLIC~1\Starware317\Movies\images\active\Movies0.bmp
C:\DOCUME~1\Alex\APPLIC~1\Starware317\Movies\MoviesOptions.xml
C:\DOCUME~1\Alex\APPLIC~1\Starware317\Movies\MoviesOptions.xml.backup
C:\DOCUME~1\Alex\APPLIC~1\Starware317\Reference\ReferenceOptions.xml
C:\DOCUME~1\Alex\APPLIC~1\Starware317\Reference\ReferenceOptions.xml.backup
C:\DOCUME~1\Alex\APPLIC~1\Starware317\RelatedSearch\RelatedSearchOptions.xml
C:\DOCUME~1\Alex\APPLIC~1\Starware317\RelatedSearch\RelatedSearchOptions.xml.backup
C:\DOCUME~1\Alex\APPLIC~1\Starware317\ScreensaversMarketingSitePager\images\active\ScreensaversMarketingSitePager0.bmp
C:\DOCUME~1\Alex\APPLIC~1\Starware317\ScreensaversMarketingSitePager\ScreensaversMarketingSitePagerOptions.xml
C:\DOCUME~1\Alex\APPLIC~1\Starware317\ScreensaversMarketingSitePager\ScreensaversMarketingSitePagerOptions.xml.backup
C:\DOCUME~1\Alex\APPLIC~1\Starware317\SmileyTown\SmileyTownOptions.xml
C:\DOCUME~1\Alex\APPLIC~1\Starware317\SmileyTown\SmileyTownOptions.xml.backup
C:\DOCUME~1\Alex\APPLIC~1\Starware317\Toolbar\TBProductsOptions.xml
C:\DOCUME~1\Alex\APPLIC~1\Starware317\Toolbar\TBProductsOptions.xml.backup
C:\DOCUME~1\Alex\APPLIC~1\Starware317\ToolbarLogo\ToolbarLogoOptions.xml
C:\DOCUME~1\Alex\APPLIC~1\Starware317\ToolbarLogo\ToolbarLogoOptions.xml.backup
C:\DOCUME~1\Alex\APPLIC~1\Starware317\ToolbarSearch\ToolbarSearchOptions.xml
C:\DOCUME~1\Alex\APPLIC~1\Starware317\ToolbarSearch\ToolbarSearchOptions.xml.backup
C:\DOCUME~1\Alex\APPLIC~1\Starware317\TravelSearch\TravelSearchOptions.xml
C:\DOCUME~1\Alex\APPLIC~1\Starware317\TravelSearch\TravelSearchOptions.xml.backup
C:\DOCUME~1\Alex\APPLIC~1\Starware317\Weather\AlertArchive.xml
C:\DOCUME~1\Alex\APPLIC~1\Starware317\Weather\WeatherOptions.xml
C:\DOCUME~1\Alex\APPLIC~1\Starware317\Weather\WeatherOptions.xml.backup
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Starware317
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Starware317\buttons\FindIt.bmp
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Starware317\buttons\FindItHot.bmp
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Starware317\buttons\findithotxp.png
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Starware317\buttons\finditxp.png
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Starware317\buttons\Highlight.bmp
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Starware317\buttons\HighlightHot.bmp
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Starware317\buttons\highlighthotxp.png
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Starware317\buttons\highlightxp.png
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Starware317\buttons\Reference.bmp
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Starware317\buttons\ReferenceHot.bmp
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Starware317\buttons\referencehotxp.png
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Starware317\buttons\referencexp.png
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Starware317\buttons\smiley.bmp
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Starware317\buttons\smileyxp.png
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Starware317\buttons\starware_toolbar_icon.bmp
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Starware317\buttons\Weather.bmp
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Starware317\buttons\weatherhotxp.png
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Starware317\buttons\weatherxp.png
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Starware317\contexts\error.xml
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Starware317\contexts\Related.xml
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Starware317\contexts\Travel.xml
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Starware317\images\walertXP.bmp
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Starware317\SimpleUpdate\ProductMessagingConfig.xml
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Starware317\SimpleUpdate\ProductMessagingConfig.xml.backup
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Starware317\SimpleUpdate\SimpleUpdateConfig.xml
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Starware317\SimpleUpdate\SimpleUpdateConfig.xml.backup
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Starware317\SimpleUpdate\TimerManagerConfig.xml
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Starware317\SimpleUpdate\TimerManagerConfig.xml.backup
C:\DOCUME~1\Krista\APPLIC~1\Starware317
C:\DOCUME~1\Krista\APPLIC~1\Starware317\BrowserSearch\BrowserSearch.xml
C:\DOCUME~1\Krista\APPLIC~1\Starware317\BrowserSearch\BrowserSearch.xml.backup
C:\DOCUME~1\Krista\APPLIC~1\Starware317\Configurator\Configurator.xml
C:\DOCUME~1\Krista\APPLIC~1\Starware317\Configurator\Configurator.xml.backup
C:\DOCUME~1\Krista\APPLIC~1\Starware317\ErrorSearch\ErrorSearchOptions.xml
C:\DOCUME~1\Krista\APPLIC~1\Starware317\ErrorSearch\ErrorSearchOptions.xml.backup
C:\DOCUME~1\Krista\APPLIC~1\Starware317\Games\GamesOptions.xml
C:\DOCUME~1\Krista\APPLIC~1\Starware317\Games\GamesOptions.xml.backup
C:\DOCUME~1\Krista\APPLIC~1\Starware317\Games\images\active\Games0.bmp
C:\DOCUME~1\Krista\APPLIC~1\Starware317\Layouts\ToolbarLayout.xml
C:\DOCUME~1\Krista\APPLIC~1\Starware317\Layouts\ToolbarLayout.xml.backup
C:\DOCUME~1\Krista\APPLIC~1\Starware317\Manager\ManagerOptions.xml
C:\DOCUME~1\Krista\APPLIC~1\Starware317\Manager\ManagerOptions.xml.backup
C:\DOCUME~1\Krista\APPLIC~1\Starware317\Movies\images\active\Movies0.bmp
C:\DOCUME~1\Krista\APPLIC~1\Starware317\Movies\MoviesOptions.xml
C:\DOCUME~1\Krista\APPLIC~1\Starware317\Movies\MoviesOptions.xml.backup
C:\DOCUME~1\Krista\APPLIC~1\Starware317\Reference\ReferenceOptions.xml
C:\DOCUME~1\Krista\APPLIC~1\Starware317\Reference\ReferenceOptions.xml.backup
C:\DOCUME~1\Krista\APPLIC~1\Starware317\RelatedSearch\RelatedSearchOptions.xml
C:\DOCUME~1\Krista\APPLIC~1\Starware317\RelatedSearch\RelatedSearchOptions.xml.backup
C:\DOCUME~1\Krista\APPLIC~1\Starware317\ScreensaversMarketingSitePager\images\active\ScreensaversMarketingSitePager0.bmp
C:\DOCUME~1\Krista\APPLIC~1\Starware317\ScreensaversMarketingSitePager\ScreensaversMarketingSitePagerOptions.xml
C:\DOCUME~1\Krista\APPLIC~1\Starware317\ScreensaversMarketingSitePager\ScreensaversMarketingSitePagerOptions.xml.backup
C:\DOCUME~1\Krista\APPLIC~1\Starware317\SmileyTown\SmileyTownOptions.xml
C:\DOCUME~1\Krista\APPLIC~1\Starware317\SmileyTown\SmileyTownOptions.xml.backup
C:\DOCUME~1\Krista\APPLIC~1\Starware317\Toolbar\TBProductsOptions.xml
C:\DOCUME~1\Krista\APPLIC~1\Starware317\Toolbar\TBProductsOptions.xml.backup
C:\DOCUME~1\Krista\APPLIC~1\Starware317\ToolbarLogo\ToolbarLogoOptions.xml
C:\DOCUME~1\Krista\APPLIC~1\Starware317\ToolbarLogo\ToolbarLogoOptions.xml.backup
C:\DOCUME~1\Krista\APPLIC~1\Starware317\ToolbarSearch\ToolbarSearchOptions.xml
C:\DOCUME~1\Krista\APPLIC~1\Starware317\ToolbarSearch\ToolbarSearchOptions.xml.backup
C:\DOCUME~1\Krista\APPLIC~1\Starware317\TravelSearch\TravelSearchOptions.xml
C:\DOCUME~1\Krista\APPLIC~1\Starware317\TravelSearch\TravelSearchOptions.xml.backup
C:\DOCUME~1\Krista\APPLIC~1\Starware317\Weather\AlertArchive.xml
C:\DOCUME~1\Krista\APPLIC~1\Starware317\Weather\WeatherOptions.xml
C:\DOCUME~1\Krista\APPLIC~1\Starware317\Weather\WeatherOptions.xml.backup
C:\WINDOWS\system32\bszip.dll
C:\WINDOWS\system32\cxxvfrxi.ini
C:\WINDOWS\system32\drivers\npf.sys
C:\WINDOWS\system32\fdsbskgw.dll
C:\WINDOWS\system32\ixrfvxxc.dll
C:\WINDOWS\system32\packet.dll
C:\WINDOWS\system32\pthreadVC.dll
C:\WINDOWS\system32\wanpacket.dll
C:\WINDOWS\system32\wgksbsdf.ini
C:\WINDOWS\system32\wpcap.dll
C:\WINDOWS\system32\ybadd.bak2
C:\WINDOWS\system32\ybadd.ini
C:\WINDOWS\system32\ybadd.ini2
C:\WINDOWS\system32\ybadd.tmp
C:\WINDOWS\wr.txt


((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))


-------\NPF


((((((((((((((((((((((((( Files Created from 2007-07-12 to 2007-08-12 )))))))))))))))))))))))))))))))


2007-08-12 14:23 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-08-12 14:17 <DIR> d-------- C:\Program Files\Trend Micro
2007-08-09 12:23 208,248 --a------ C:\WINDOWS\system32\muweb.dll
2007-08-06 13:06 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google Updater
2007-08-06 11:47 <DIR> d-------- C:\HiJackThis
2007-08-06 11:19 <DIR> d--hs---- C:\found.000
2007-08-06 11:11 <DIR> d-------- C:\VundoFix Backups
2007-08-01 18:02 <DIR> d-a------ C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
2007-07-29 21:38 126,016 --a------ C:\WINDOWS\system32\hsdabhon.dll
2007-07-29 15:03 126,016 --a------ C:\WINDOWS\system32\xkxwauia.dll
2007-07-28 12:50 22,112 -ra------ C:\WINDOWS\system32\drivers\COH_Mon.sys
2007-07-28 12:12 126,016 --a------ C:\WINDOWS\system32\tegidqse.dll
2007-07-28 11:57 <DIR> d-------- C:\Program Files\Lavasoft
2007-07-28 11:33 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lavasoft
2007-07-28 11:32 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-07-27 19:28 126,016 --a------ C:\WINDOWS\system32\drgwixpt.dll
2007-07-25 01:10 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
2007-07-25 00:20 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE
2007-07-19 17:37 76,800 --a------ C:\WINDOWS\system32\DWSPY36.dll


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-08-12 13:46 --------- d-------- C:\Program Files\Common Files\Symantec Shared
2007-08-07 14:44 --------- d-------- C:\Program Files\Google
2007-08-03 23:05 --------- d-------- C:\Program Files\Norton Internet Security
2007-07-25 01:37 --------- d-------- C:\Program Files\MUSICMATCH
2007-07-11 12:05 --------- d-------- C:\Program Files\activePDF
2007-07-03 20:09 1194 --a------ C:\WINDOWS\eReg.dat
2007-07-03 20:03 --------- d--h----- C:\Program Files\InstallShield Installation Information
2007-07-03 19:59 --------- d-------- C:\Program Files\Electronic Arts
2007-07-03 19:57 --------- d-------- C:\Program Files\Maxis
2007-05-16 08:12 86528 --------- C:\WINDOWS\system32\dllcache\directdb.dll
2007-05-16 08:12 85504 --------- C:\WINDOWS\system32\dllcache\wabimp.dll
2007-05-16 08:12 683520 --a------ C:\WINDOWS\system32\inetcomm.dll
2007-05-16 08:12 683520 --------- C:\WINDOWS\system32\dllcache\inetcomm.dll
2007-05-16 08:12 510976 --------- C:\WINDOWS\system32\dllcache\wab32.dll
2007-05-16 08:12 1314816 --------- C:\WINDOWS\system32\dllcache\msoe.dll


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 18:42]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_12\bin\jusched.exe" [2007-05-02 04:15]
"RealTray"="C:\Program Files\Real\RealPlayer\RealPlay.exe" [2005-11-26 13:50]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2006-06-14 16:24]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-07-08 14:47]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-09 22:59]
"osCheck"="C:\Program Files\Norton Internet Security\osCheck.exe" [2007-01-14 00:11]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 18:30]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 09:24]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-08-06 13:06]
"DellSupport-"="C:\Program Files\Dell Support\DSAgnt.exe" []
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 04:00]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 04:44:06]
Google Updater.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2007-08-06 13:06:20]
QuickBooks Update Agent.lnk - C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2004-11-11 10:59:36]

R0 ppa;Iomega Parallel Port Filter Driver;C:\WINDOWS\system32\DRIVERS\ppa.sys
R1 SRTSP;SRTSP;C:\WINDOWS\system32\Drivers\SRTSP.SYS
R3 senfilt;senfilt;C:\WINDOWS\system32\drivers\senfilt.sys
S3 nm;Network Monitor Driver;C:\WINDOWS\system32\DRIVERS\NMnt.sys
S3 SDDMI2;SDDMI2;\??\C:\WINDOWS\system32\DDMI2.sys
S3 SRTSPL;SRTSPL;C:\WINDOWS\system32\Drivers\SRTSPL.SYS
S3 wceusbsh;Windows CE USB Serial Host Driver;C:\WINDOWS\system32\DRIVERS\wceusbsh.sys

*Newly Created Service* - COMHOST

Contents of the 'Scheduled Tasks' folder
2007-08-07 03:00:00 C:\WINDOWS\Tasks\Norton Internet Security - Run Full System Scan - Krista.job - C:\Program Files\Norton Internet Security\Norton AntiVirus\Navw32.exe
2007-08-12 21:24:00 C:\WINDOWS\Tasks\Symantec NetDetect.job - C:\Program Files\Symantec\LiveUpdate\NDetect.exe

**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-08-12 14:29:43
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-08-12 14:32:04 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-08-12 14:31

--- E O F ---



4: HiJackThis logfile post ComboFix

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:45:41 PM, on 8/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Java\jre1.5.0_12\bin\jusched.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\dumb.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.oan.org/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/mywaybiz
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_12\bin\jusched.exe"
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [DellSupport-] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe

--
End of file - 7396 bytes
kjeli
Active Member
 
Posts: 13
Joined: August 6th, 2007, 2:42 pm

Unread postby ndmmxiaomayi » August 13th, 2007, 8:31 pm

Hello kjeli,

Step 1

Please go to Virus Total or Jotti and upload these files for scanning.

For Virus Total

  1. Copy and paste C:\WINDOWS\system32\hsdabhon.dll into the text box next to the Browse button.
  2. Click on Send File.

For Jotti

  1. Copy and paste C:\WINDOWS\system32\hsdabhon.dll into the text box next to the Browse button.
  2. Click on Submit.

Repeat for these 3 files:

  1. C:\WINDOWS\system32\xkxwauia.dll
  2. C:\WINDOWS\system32\tegidqse.dll
  3. C:\WINDOWS\system32\drgwixpt.dll


Step 2

  1. Please download AVG Anti-Spyware and save it to your desktop.
  2. Double click on avgas-setup-7.5.0.50.exe to install AVG Anti-Spyware. Install it in the default location.
  3. Once installed, start AVG Anti-Spyware by going to Start > All Programs > AVG Anti-Spyware 7.5 > AVG Anti-Spyware.
  4. In the main screen, you should see Your Computer's Security.
    • Next to Resident Shield, click on Change state. It should now be Inactive.
    • Next to Automatic Updates, click on Change state. It should now be Inactive.
    • Next to Last Update, click on Update now. If your firewall prompts you, tell your firewall to allow it. Should you be unable to update it, download the updates from here. Save it to your desktop. Double click to run the installation and the updates will be installed. Make sure AVG Anti-Spyware is closed during the installation.
    • Right-click the AVG Anti-Spyware icon near the clock and uncheck (untick) Start with Windows. Confirm by clicking Yes.
  5. Now click on the Scanner button at the top.
  6. Select the Settings tab.
  7. Under How to act?, click on Recommended actions and select Quarantine.
  8. Under How to scan?, check (tick) all the boxes.
  9. Under Possibly unwanted software:, check (tick) all the boxes.
  10. Under Reports:, uncheck (untick) the Only if threats were found box and select Do not automatically generate report.
  11. Under What to scan?, select Scan every file.
Do not run a scan yet. You will run a scan later.

Step 3

Please download ATF Cleaner by Atribune.

  • Double-click ATF-Cleaner.exe to run the program.
  • Under Main choose: Select All, uncheck (untick) the Cookies box.
  • Click the Empty Selected button.

If you use Firefox browser

  • Click Firefox at the top and choose: Select All. Uncheck (untick) the Firefox Cookies box.
  • Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click No at the prompt.

If you use Opera browser

  • Click Opera at the top and choose: Select All. Uncheck (untick) the Opera Cookies box.
  • Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click No at the prompt.

Step 4

Reboot into Safe Mode by following the instructions below:

Restart your computer in Safe Mode.

  • When you see BIOS screen, start pressing F8.
  • A boot menu will appear shortly.
  • Using the up down arrows, select Safe Mode and press the Enter key.
  • Windows will now load.
  • Log in to your usual account.

Step 5

  1. Start AVG Anti-Spyware by going to Start > All Programs > AVG Anti-Spyware 7.5 > AVG Anti-Spyware.
  2. Click on the Scanner button at the top.
  3. Select the Scan tab.
  4. Click on Complete System Scan to start the scan.
  5. When the scan has finished, follow the instructions below.
    IMPORTANT: Don't click on the Save Scan Report button before you did hit the Apply all Actions button.
    • Make sure that Set all elements to: shows Quarantine (1), if not click on the link and choose Quarantine from the popup menu. (2)
    • At the bottom of the window click on the Apply all Actions button. (3)
      Image
  6. When done, click the Save Scan Report button. (4)
    • Click the Save Report as button.
    • Save the report to your Desktop.
  7. Right-click the AVG Anti-Spyware Tray Icon and select Exit. Confirm by clicking Yes.
Restart your computer back to Normal Mode.

In your next reply, please post:

  1. Virus Total or Jotti's scan results of the 4 files
  2. AVG Antispyware scan report
  3. A new HijackThis log
ndmmxiaomayi
MRU Emeritus
MRU Emeritus
 
Posts: 9708
Joined: July 17th, 2006, 9:22 am

Reply

Unread postby kjeli » August 14th, 2007, 3:22 am

Hi--

1. Jotti's response to all 4 files was:

The file you uploaded is 0 bytes. It is very likely a firewall or a piece of malware is prohibiting you from uploading this file.

2. AVG log:

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 12:03:09 AM 8/14/2007

+ Scan result:



C:\Downloads\DinerDashSetup-dm[1].exe -> Adware.Trymedia : Cleaned with backup (quarantined).
C:\Downloads\MLBPlayballSetup-dm[1].exe -> Adware.Trymedia : Cleaned with backup (quarantined).
C:\Downloads\RiskIISetup-dm[1].exe -> Adware.Trymedia : Cleaned with backup (quarantined).
C:\Downloads\jewelminerSetup-dm[1].exe -> Adware.Trymedia : Cleaned with backup (quarantined).
C:\HiJackThis\backups\backup-20070806-125125-310.dll -> Not-A-Virus.Downloader.Win32.PopCap.b : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-2756475209-3754210056-4013224527-1009\Dc179.txt -> TrackingCookie.2o7 : Cleaned.
C:\RECYCLER\S-1-5-21-2756475209-3754210056-4013224527-1009\Dc186.txt -> TrackingCookie.2o7 : Cleaned.
C:\RECYCLER\S-1-5-21-2756475209-3754210056-4013224527-1009\Dc202.txt -> TrackingCookie.2o7 : Cleaned.
C:\RECYCLER\S-1-5-21-2756475209-3754210056-4013224527-1009\Dc226.txt -> TrackingCookie.2o7 : Cleaned.
C:\RECYCLER\S-1-5-21-2756475209-3754210056-4013224527-1009\Dc237.txt -> TrackingCookie.2o7 : Cleaned.
C:\RECYCLER\S-1-5-21-2756475209-3754210056-4013224527-1009\Dc285.txt -> TrackingCookie.2o7 : Cleaned.
C:\RECYCLER\S-1-5-21-2756475209-3754210056-4013224527-1009\Dc32.txt -> TrackingCookie.2o7 : Cleaned.
C:\RECYCLER\S-1-5-21-2756475209-3754210056-4013224527-1009\Dc452.txt -> TrackingCookie.2o7 : Cleaned.
C:\RECYCLER\S-1-5-21-2756475209-3754210056-4013224527-1009\Dc75.txt -> TrackingCookie.2o7 : Cleaned.
E:\Documents and Settings\Alex\Cookies\alex@2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
E:\Documents and Settings\Alex\Cookies\alex@2o7[3].txt -> TrackingCookie.2o7 : Cleaned.
E:\Documents and Settings\Alex\Cookies\alex@2o7[4].txt -> TrackingCookie.2o7 : Cleaned.
E:\Documents and Settings\Default\Cookies\default@2o7[2].txt -> TrackingCookie.2o7 : Cleaned.
E:\Documents and Settings\Default\Cookies\default@2o7[3].txt -> TrackingCookie.2o7 : Cleaned.
E:\Documents and Settings\Default\Cookies\default@2o7[4].txt -> TrackingCookie.2o7 : Cleaned.
E:\Documents and Settings\Default\Cookies\default@microsofteup.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
E:\Documents and Settings\Default\Cookies\default@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
E:\Documents and Settings\Nick\Cookies\nick@aavalue[1].txt -> TrackingCookie.Aavalue : Cleaned.
E:\Documents and Settings\Nick\Cookies\nick@grouplotto.aavalue[2].txt -> TrackingCookie.Aavalue : Cleaned.
E:\Documents and Settings\Nick\Cookies\nick@ad-logics[2].txt -> TrackingCookie.Ad-logics : Cleaned.
C:\RECYCLER\S-1-5-21-2756475209-3754210056-4013224527-1009\Dc471.txt -> TrackingCookie.Adbrite : Cleaned.
C:\RECYCLER\S-1-5-21-2756475209-3754210056-4013224527-1009\Dc482.txt -> TrackingCookie.Addynamix : Cleaned.
E:\Documents and Settings\Alex\Cookies\alex@ads.addynamix[1].txt -> TrackingCookie.Addynamix : Cleaned.
E:\Documents and Settings\Default\Cookies\default@addynamix[2].txt -> TrackingCookie.Addynamix : Cleaned.
E:\Documents and Settings\Default\Cookies\default@addynamix[3].txt -> TrackingCookie.Addynamix : Cleaned.
E:\Documents and Settings\Nick\Cookies\nick@ads.addynamix[2].txt -> TrackingCookie.Addynamix : Cleaned.
E:\Documents and Settings\Nick\Cookies\nick@ads.addynamix[4].txt -> TrackingCookie.Addynamix : Cleaned.
C:\RECYCLER\S-1-5-21-2756475209-3754210056-4013224527-1009\Dc258.txt -> TrackingCookie.Adjuggler : Cleaned.
E:\Documents and Settings\Nick\Cookies\nick@rotator.adjuggler[1].txt -> TrackingCookie.Adjuggler : Cleaned.
C:\RECYCLER\S-1-5-21-2756475209-3754210056-4013224527-1009\Dc475.txt -> TrackingCookie.Admarketplace : Cleaned.
E:\Documents and Settings\Nick\Cookies\nick@ad.admarketplace[2].txt -> TrackingCookie.Admarketplace : Cleaned.
E:\Documents and Settings\Default\Cookies\default@adorigin[3].txt -> TrackingCookie.Adorigin : Cleaned.
E:\Documents and Settings\Default\Cookies\default@adrenaline.txt -> TrackingCookie.Adrenaline : Cleaned.
C:\RECYCLER\S-1-5-21-2756475209-3754210056-4013224527-1009\Dc480.txt -> TrackingCookie.Adrevolver : Cleaned.
C:\RECYCLER\S-1-5-21-2756475209-3754210056-4013224527-1009\Dc446.txt -> TrackingCookie.Adserver : Cleaned.
E:\Documents and Settings\Default\Cookies\default@z1.adserver[3].txt -> TrackingCookie.Adserver : Cleaned.
E:\Documents and Settings\Default\Cookies\default@z1.adserver[4].txt -> TrackingCookie.Adserver : Cleaned.
E:\Documents and Settings\Default\Cookies\default@z1.adserver[5].txt -> TrackingCookie.Adserver : Cleaned.
E:\Documents and Settings\Default\Cookies\default@z1.adserver[6].txt -> TrackingCookie.Adserver : Cleaned.
E:\Documents and Settings\Nick\Cookies\nick@z1.adserver[1].txt -> TrackingCookie.Adserver : Cleaned.
E:\Documents and Settings\Nick\Cookies\nick@z1.adserver[3].txt -> TrackingCookie.Adserver : Cleaned.
E:\Documents and Settings\Nick\Cookies\nick@z1.adserver[4].txt -> TrackingCookie.Adserver : Cleaned.
E:\Documents and Settings\Alex\Cookies\alex@adtech[1].txt -> TrackingCookie.Adtech : Cleaned.
C:\RECYCLER\S-1-5-21-2756475209-3754210056-4013224527-1009\Dc268.txt -> TrackingCookie.Advertising : Cleaned.
C:\RECYCLER\S-1-5-21-2756475209-3754210056-4013224527-1009\Dc495.txt -> TrackingCookie.Advertising : Cleaned.
E:\Documents and Settings\Alex\Cookies\alex@advertising[1].txt -> TrackingCookie.Advertising : Cleaned.
E:\Documents and Settings\Alex\Cookies\alex@advertising[2].txt -> TrackingCookie.Advertising : Cleaned.
E:\Documents and Settings\Alex\Cookies\alex@advertising[3].txt -> TrackingCookie.Advertising : Cleaned.
E:\Documents and Settings\Alex\Cookies\alex@servedby.advertising[1].txt -> TrackingCookie.Advertising : Cleaned.
E:\Documents and Settings\Alex\Cookies\alex@servedby.advertising[2].txt -> TrackingCookie.Advertising : Cleaned.
E:\Documents and Settings\Alex\Cookies\alex@servedby.advertising[3].txt -> TrackingCookie.Advertising : Cleaned.
E:\Documents and Settings\Default\Cookies\default@advertising[2].txt -> TrackingCookie.Advertising : Cleaned.
E:\Documents and Settings\Default\Cookies\default@advertising[3].txt -> TrackingCookie.Advertising : Cleaned.
E:\Documents and Settings\Default\Cookies\default@advertising[4].txt -> TrackingCookie.Advertising : Cleaned.
E:\Documents and Settings\Default\Cookies\default@advertising[5].txt -> TrackingCookie.Advertising : Cleaned.
E:\Documents and Settings\Default\Cookies\default@advertising[6].txt -> TrackingCookie.Advertising : Cleaned.
E:\Documents and Settings\Default\Cookies\default@advertising[7].txt -> TrackingCookie.Advertising : Cleaned.
E:\Documents and Settings\Default\Cookies\default@advertising[8].txt -> TrackingCookie.Advertising : Cleaned.
E:\Documents and Settings\Default\Cookies\default@advertising[9].txt -> TrackingCookie.Advertising : Cleaned.
E:\Documents and Settings\Default\Cookies\default@servedby.advertising[1].txt -> TrackingCookie.Advertising : Cleaned.
E:\Documents and Settings\Default\Cookies\default@servedby.advertising[3].txt -> TrackingCookie.Advertising : Cleaned.
E:\Documents and Settings\Default\Cookies\default@servedby.advertising[4].txt -> TrackingCookie.Advertising : Cleaned.
E:\Documents and Settings\Default\Cookies\default@servedby.advertising[5].txt -> TrackingCookie.Advertising : Cleaned.
E:\Documents and Settings\Default\Cookies\default@servedby.advertising[6].txt -> TrackingCookie.Advertising : Cleaned.
E:\Documents and Settings\Default\Cookies\default@servedby.advertising[7].txt -> TrackingCookie.Advertising : Cleaned.
E:\Documents and Settings\Default\Cookies\default@servedby.advertising[8].txt -> TrackingCookie.Advertising : Cleaned.
E:\Documents and Settings\Nick\Cookies\nick@advertising[1].txt -> TrackingCookie.Advertising : Cleaned.
E:\Documents and Settings\Nick\Cookies\nick@advertising[3].txt -> TrackingCookie.Advertising : Cleaned.
E:\Documents and Settings\Nick\Cookies\nick@advertising[4].txt -> TrackingCookie.Advertising : Cleaned.
E:\Documents and Settings\Nick\Cookies\nick@servedby.advertising[3].txt -> TrackingCookie.Advertising : Cleaned.
E:\Documents and Settings\Nick\Cookies\nick@servedby.advertising[4].txt -> TrackingCookie.Advertising : Cleaned.
C:\RECYCLER\S-1-5-21-2756475209-3754210056-4013224527-1009\Dc9.txt -> TrackingCookie.Atdmt : Cleaned.
E:\Documents and Settings\Alex\Cookies\alex@atdmt[1].txt -> TrackingCookie.Atdmt : Cleaned.
E:\Documents and Settings\Alex\Cookies\alex@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned.
E:\Documents and Settings\Alex\Cookies\alex@atdmt[3].txt -> TrackingCookie.Atdmt : Cleaned.
E:\Documents and Settings\Alex\Cookies\alex@atdmt[4].txt -> TrackingCookie.Atdmt : Cleaned.
E:\Documents and Settings\Default\Cookies\default@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned.
E:\Documents and Settings\Default\Cookies\default@atdmt[3].txt -> TrackingCookie.Atdmt : Cleaned.
E:\Documents and Settings\Nick\Cookies\nick@atdmt[1].txt -> TrackingCookie.Atdmt : Cleaned.
E:\Documents and Settings\Nick\Cookies\nick@atdmt[3].txt -> TrackingCookie.Atdmt : Cleaned.
C:\RECYCLER\S-1-5-21-2756475209-3754210056-4013224527-1009\Dc364.txt -> TrackingCookie.Belstat : Cleaned.
C:\RECYCLER\S-1-5-21-2756475209-3754210056-4013224527-1009\Dc19.txt -> TrackingCookie.Bfast : Cleaned.
E:\Documents and Settings\Alex\Cookies\alex@bfast[2].txt -> TrackingCookie.Bfast : Cleaned.
E:\Documents and Settings\Nick\Cookies\nick@bfast[1].txt -> TrackingCookie.Bfast : Cleaned.
C:\RECYCLER\S-1-5-21-2756475209-3754210056-4013224527-1009\Dc22.txt -> TrackingCookie.Bluestreak : Cleaned.
E:\Documents and Settings\Default\Cookies\default@bluestreak[1].txt -> TrackingCookie.Bluestreak : Cleaned.
E:\Documents and Settings\Default\Cookies\default@bluestreak[3].txt -> TrackingCookie.Bluestreak : Cleaned.
E:\Documents and Settings\Default\Cookies\default@bluestreak[5].txt -> TrackingCookie.Bluestreak : Cleaned.
E:\Documents and Settings\Nick\Cookies\nick@bluestreak[2].txt -> TrackingCookie.Bluestreak : Cleaned.
C:\RECYCLER\S-1-5-21-2756475209-3754210056-4013224527-1009\Dc42.txt -> TrackingCookie.Bridgetrack : Cleaned.
C:\RECYCLER\S-1-5-21-2756475209-3754210056-4013224527-1009\Dc484.txt -> TrackingCookie.Bridgetrack : Cleaned.
E:\Documents and Settings\Default\Cookies\default@citi.bridgetrack[2].txt -> TrackingCookie.Bridgetrack : Cleaned.
E:\Documents and Settings\Nick\Cookies\nick@citi.bridgetrack[2].txt -> TrackingCookie.Bridgetrack : Cleaned.
C:\RECYCLER\S-1-5-21-2756475209-3754210056-4013224527-1009\Dc368.txt -> TrackingCookie.Burstbeacon : Cleaned.
E:\Documents and Settings\Default\Cookies\default@www.burstbeacon[3].txt -> TrackingCookie.Burstbeacon : Cleaned.
E:\Documents and Settings\Nick\Cookies\nick@www.burstbeacon[2].txt -> TrackingCookie.Burstbeacon : Cleaned.
E:\Documents and Settings\Nick\Cookies\nick@www.burstbeacon[3].txt -> TrackingCookie.Burstbeacon : Cleaned.
C:\RECYCLER\S-1-5-21-2756475209-3754210056-4013224527-1009\Dc27.txt -> TrackingCookie.Burstnet : Cleaned.
C:\RECYCLER\S-1-5-21-2756475209-3754210056-4013224527-1009\Dc369.txt -> TrackingCookie.Burstnet : Cleaned.
E:\Documents and Settings\Nick\Cookies\nick@burstnet[2].txt -> TrackingCookie.Burstnet : Cleaned.
C:\RECYCLER\S-1-5-21-2756475209-3754210056-4013224527-1009\Dc31.txt -> TrackingCookie.Casalemedia : Cleaned.
E:\Documents and Settings\Nick\Cookies\nick@casalemedia[2].txt -> TrackingCookie.Casalemedia : Cleaned.
E:\Documents and Settings\Nick\Cookies\nick@casalemedia[3].txt -> TrackingCookie.Casalemedia : Cleaned.
C:\RECYCLER\S-1-5-21-2756475209-3754210056-4013224527-1009\Dc36.txt -> TrackingCookie.Centrport : Cleaned.
E:\Documents and Settings\Alex\Cookies\alex@centrport[1].txt -> TrackingCookie.Centrport : Cleaned.
E:\Documents and Settings\Alex\Cookies\alex@centrport[2].txt -> TrackingCookie.Centrport : Cleaned.
E:\Documents and Settings\Default\Cookies\default@centrport[1].txt -> TrackingCookie.Centrport : Cleaned.
E:\Documents and Settings\Default\Cookies\default@centrport[3].txt -> TrackingCookie.Centrport : Cleaned.
E:\Documents and Settings\Default\Cookies\default@centrport[4].txt -> TrackingCookie.Centrport : Cleaned.
E:\Documents and Settings\Nick\Cookies\nick@centrport[1].txt -> TrackingCookie.Centrport : Cleaned.
E:\Documents and Settings\Nick\Cookies\nick@centrport[2].txt -> TrackingCookie.Centrport : Cleaned.
C:\RECYCLER\S-1-5-21-2756475209-3754210056-4013224527-1009\Dc46.txt -> TrackingCookie.Clickagents : Cleaned.
C:\RECYCLER\S-1-5-21-2756475209-3754210056-4013224527-1009\Dc62.txt -> TrackingCookie.Clickzs : Cleaned.
C:\RECYCLER\S-1-5-21-2756475209-3754210056-4013224527-1009\Dc63.txt -> TrackingCookie.Clickzs : Cleaned.
C:\RECYCLER\S-1-5-21-2756475209-3754210056-4013224527-1009\Dc64.txt -> TrackingCookie.Clickzs : Cleaned.
E:\Documents and Settings\Alex\Cookies\alex@cz5.clickzs[1].txt -> TrackingCookie.Clickzs : Cleaned.
E:\Documents and Settings\Alex\Cookies\alex@cz5.clickzs[3].txt -> TrackingCookie.Clickzs : Cleaned.
E:\Documents and Settings\Alex\Cookies\alex@cz8.clickzs[2].txt -> TrackingCookie.Clickzs : Cleaned.
E:\Documents and Settings\Alex\Cookies\alex@vip.clickzs[1].txt -> TrackingCookie.Clickzs : Cleaned.
E:\Documents and Settings\Default\Cookies\default@cz3.clickzs[3].txt -> TrackingCookie.Clickzs : Cleaned.
E:\Documents and Settings\Nick\Cookies\nick@cz5.clickzs[2].txt -> TrackingCookie.Clickzs : Cleaned.
E:\Documents and Settings\Nick\Cookies\nick@cz7.clickzs[1].txt -> TrackingCookie.Clickzs : Cleaned.
C:\RECYCLER\S-1-5-21-2756475209-3754210056-4013224527-1009\Dc48.txt -> TrackingCookie.Com : Cleaned.
C:\RECYCLER\S-1-5-21-2756475209-3754210056-4013224527-1009\Dc105.txt -> TrackingCookie.Comclick : Cleaned.
E:\Documents and Settings\Default\Cookies\default@commission-junction[3].txt -> TrackingCookie.Commission-junction : Cleaned.
E:\Documents and Settings\Default\Cookies\default@www.commission-junction[2].txt -> TrackingCookie.Commission-junction : Cleaned.
C:\RECYCLER\S-1-5-21-2756475209-3754210056-4013224527-1009\Dc326.txt -> TrackingCookie.Coremetrics : Cleaned.
C:\RECYCLER\S-1-5-21-2756475209-3754210056-4013224527-1009\Dc67.txt -> TrackingCookie.Coremetrics : Cleaned.
E:\Documents and Settings\Nick\Cookies\nick@data.coremetrics[2].txt -> TrackingCookie.Coremetrics : Cleaned.
E:\Documents and Settings\Default\Cookies\default@bilbo.counted[1].txt -> TrackingCookie.Counted : Cleaned.
E:\Documents and Settings\Nick\Cookies\nick@chatrooms.com.19522.fb.dbbsrv[2].txt -> TrackingCookie.Dbbsrv : Cleaned.
E:\Documents and Settings\Nick\Cookies\nick@dbbsrv[1].txt -> TrackingCookie.Dbbsrv : Cleaned.
E:\Documents and Settings\Nick\Cookies\nick@dealtime[1].txt -> TrackingCookie.Dealtime : Cleaned.
E:\Documents and Settings\Nick\Cookies\nick@stat.dealtime[1].txt -> TrackingCookie.Dealtime : Cleaned.
C:\RECYCLER\S-1-5-21-2756475209-3754210056-4013224527-1009\Dc79.txt -> TrackingCookie.Doubleclick : Cleaned.
E:\Documents and Settings\Alex\Cookies\alex@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned.
E:\Documents and Settings\Default\Cookies\default@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned.
E:\Documents and Settings\Nick\Cookies\nick@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned.
C:\RECYCLER\S-1-5-21-2756475209-3754210056-4013224527-1009\Dc83.txt -> TrackingCookie.Esomniture : Cleaned.
C:\RECYCLER\S-1-5-21-2756475209-3754210056-4013224527-1009\Dc100.txt -> TrackingCookie.Estat : Cleaned.
C:\RECYCLER\S-1-5-21-2756475209-3754210056-4013224527-1009\Dc476.txt -> TrackingCookie.Euroclick : Cleaned.
E:\Documents and Settings\Nick\Cookies\nick@adopt.euroclick[1].txt -> TrackingCookie.Euroclick : Cleaned.
C:\RECYCLER\S-1-5-21-2756475209-3754210056-4013224527-1009\Dc507.txt -> TrackingCookie.Falkag : Cleaned.
C:\RECYCLER\S-1-5-21-2756475209-3754210056-4013224527-1009\Dc8.txt -> TrackingCookie.Falkag : Cleaned.
E:\Documents and Settings\Default\Cookies\default@a.as-us.falkag[2].txt -> TrackingCookie.Falkag : Cleaned.
E:\Documents and Settings\Default\Cookies\default@as-us.falkag[1].txt -> TrackingCookie.Falkag : Cleaned.
E:\Documents and Settings\Default\Cookies\default@as-us.falkag[2].txt -> TrackingCookie.Falkag : Cleaned.
E:\Documents and Settings\Default\Cookies\default@as-us.falkag[5].txt -> TrackingCookie.Falkag : Cleaned.
E:\Documents and Settings\Nick\Cookies\nick@as-us.falkag[1].txt -> TrackingCookie.Falkag : Cleaned.
E:\Documents and Settings\Nick\Cookies\nick@s.as-us.falkag[1].txt -> TrackingCookie.Falkag : Cleaned.
C:\RECYCLER\S-1-5-21-2756475209-3754210056-4013224527-1009\Dc104.txt -> TrackingCookie.Fastclick : Cleaned.
E:\Documents and Settings\Alex\Cookies\alex@fastclick[1].txt -> TrackingCookie.Fastclick : Cleaned.
E:\Documents and Settings\Alex\Cookies\alex@fastclick[3].txt -> TrackingCookie.Fastclick : Cleaned.
E:\Documents and Settings\Default\Cookies\default@fastclick[2].txt -> TrackingCookie.Fastclick : Cleaned.
E:\Documents and Settings\Default\Cookies\default@fastclick[4].txt -> TrackingCookie.Fastclick : Cleaned.
E:\Documents and Settings\Default\Cookies\default@fastclick[5].txt -> TrackingCookie.Fastclick : Cleaned.
E:\Documents and Settings\Default\Cookies\default@fastclick[6].txt -> TrackingCookie.Fastclick : Cleaned.
E:\Documents and Settings\Default\Cookies\default@fastclick[7].txt -> TrackingCookie.Fastclick : Cleaned.
E:\Documents and Settings\Default\Cookies\default@fastclick[9].txt -> TrackingCookie.Fastclick : Cleaned.
E:\Documents and Settings\Nick\Cookies\nick@fastclick[1].txt -> TrackingCookie.Fastclick : Cleaned.
E:\Documents and Settings\Nick\Cookies\nick@fastclick[3].txt -> TrackingCookie.Fastclick : Cleaned.
E:\Documents and Settings\Nick\Cookies\nick@fastclick[4].txt -> TrackingCookie.Fastclick : Cleaned.
C:\RECYCLER\S-1-5-21-2756475209-3754210056-4013224527-1009\Dc108.txt -> TrackingCookie.Fortunecity : Cleaned.
E:\Documents and Settings\Default\Cookies\default@gator[2].txt -> TrackingCookie.Gator : Cleaned.
E:\Documents and Settings\Default\Cookies\default@gator[4].txt -> TrackingCookie.Gator : Cleaned.
E:\Documents and Settings\Default\Cookies\default@gator[5].txt -> TrackingCookie.Gator : Cleaned.
E:\Documents and Settings\Default\Cookies\default@gator[6].txt -> TrackingCookie.Gator : Cleaned.
E:\Documents and Settings\Default\Cookies\default@webpdp.gator[3].txt -> TrackingCookie.Gator : Cleaned.
E:\Documents and Settings\Nick\Cookies\nick@gator[1].txt -> TrackingCookie.Gator : Cleaned.
C:\RECYCLER\S-1-5-21-2756475209-3754210056-4013224527-1009\Dc132.txt -> TrackingCookie.Hitbox : Cleaned.
C:\RECYCLER\S-1-5-21-2756475209-3754210056-4013224527-1009\Dc133.txt -> TrackingCookie.Hitbox : Cleaned.
C:\RECYCLER\S-1-5-21-2756475209-3754210056-4013224527-1009\Dc88.txt -> TrackingCookie.Hitbox : Cleaned.
C:\RECYCLER\S-1-5-21-2756475209-3754210056-4013224527-1009\Dc89.txt -> TrackingCookie.Hitbox : Cleaned.
C:\RECYCLER\S-1-5-21-2756475209-3754210056-4013224527-1009\Dc90.txt -> TrackingCookie.Hitbox : Cleaned.
C:\RECYCLER\S-1-5-21-2756475209-3754210056-4013224527-1009\Dc91.txt -> TrackingCookie.Hitbox : Cleaned.
C:\RECYCLER\S-1-5-21-2756475209-3754210056-4013224527-1009\Dc92.txt -> TrackingCookie.Hitbox : Cleaned.
C:\RECYCLER\S-1-5-21-2756475209-3754210056-4013224527-1009\Dc93.txt -> TrackingCookie.Hitbox : Cleaned.
C:\RECYCLER\S-1-5-21-2756475209-3754210056-4013224527-1009\Dc94.txt -> TrackingCookie.Hitbox : Cleaned.
C:\RECYCLER\S-1-5-21-2756475209-3754210056-4013224527-1009\Dc95.txt -> TrackingCookie.Hitbox : Cleaned.
C:\RECYCLER\S-1-5-21-2756475209-3754210056-4013224527-1009\Dc96.txt -> TrackingCookie.Hitbox : Cleaned.
E:\Documents and Settings\Alex\Cookies\alex@ehg-dig.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned.
E:\Documents and Settings\Alex\Cookies\alex@ehg-dig.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned.
E:\Documents and Settings\Alex\Cookies\alex@ehg-dig.hitbox[3].txt -> TrackingCookie.Hitbox : Cleaned.
E:\Documents and Settings\Alex\Cookies\alex@ehg-dig.hitbox[4].txt -> TrackingCookie.Hitbox : Cleaned.
E:\Documents and Settings\Alex\Cookies\alex@hg1.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned.
E:\Documents and Settings\Alex\Cookies\alex@hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned.
E:\Documents and Settings\Alex\Cookies\alex@hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned.
E:\Documents and Settings\Alex\Cookies\alex@hitbox[4].txt -> TrackingCookie.Hitbox : Cleaned.
E:\Documents and Settings\Alex\Cookies\alex@hitbox[5].txt -> TrackingCookie.Hitbox : Cleaned.
E:\Documents and Settings\Default\Cookies\default@ehg.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned.
E:\Documents and Settings\Default\Cookies\default@ehg.hitbox[3].txt -> TrackingCookie.Hitbox : Cleaned.
E:\Documents and Settings\Default\Cookies\default@hg1.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned.
E:\Documents and Settings\Default\Cookies\default@hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned.
E:\Documents and Settings\Default\Cookies\default@hitbox[3].txt -> TrackingCookie.Hitbox : Cleaned.
E:\Documents and Settings\Default\Cookies\default@hitbox[4].txt -> TrackingCookie.Hitbox : Cleaned.
E:\Documents and Settings\Default\Cookies\default@hitbox[5].txt -> TrackingCookie.Hitbox : Cleaned.
E:\Documents and Settings\Default\Cookies\default@hitbox[7].txt -> TrackingCookie.Hitbox : Cleaned.
E:\Documents and Settings\Nick\Cookies\nick@ehg-dig.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned.
E:\Documents and Settings\Nick\Cookies\nick@ehg-futurenetworkusa.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned.
E:\Documents and Settings\Nick\Cookies\nick@ehg-hasbro.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned.
E:\Documents and Settings\Nick\Cookies\nick@ehg-playboy.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned.
E:\Documents and Settings\Nick\Cookies\nick@hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned.
E:\Documents and Settings\Nick\Cookies\nick@hitbox[3].txt -> TrackingCookie.Hitbox : Cleaned.
E:\Documents and Settings\Nick\Cookies\nick@hitbox[4].txt -> TrackingCookie.Hitbox : Cleaned.
E:\Documents and Settings\Nick\Cookies\nick@phg.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned.
C:\RECYCLER\S-1-5-21-2756475209-3754210056-4013224527-1009\Dc135.txt -> TrackingCookie.Hotlog : Cleaned.
E:\Documents and Settings\Nick\Cookies\nick@idot[2].txt -> TrackingCookie.Idot : Cleaned.
C:\RECYCLER\S-1-5-21-2756475209-3754210056-4013224527-1009\Dc266.txt -> TrackingCookie.Information : Cleaned.
C:\RECYCLER\S-1-5-21-2756475209-3754210056-4013224527-1009\Dc141.txt -> TrackingCookie.Itrack : Cleaned.
E:\Documents and Settings\Nick\Cookies\nick@ivwbox[1].txt -> TrackingCookie.Ivwbox : Cleaned.
E:\Documents and Settings\Nick\Cookies\nick@ivwbox[2].txt -> TrackingCookie.Ivwbox : Cleaned.
E:\Documents and Settings\Default\Cookies\default@linksynergy[1].txt -> TrackingCookie.Linksynergy : Cleaned.
E:\Documents and Settings\Default\Cookies\default@linksynergy[2].txt -> TrackingCookie.Linksynergy : Cleaned.
E:\Documents and Settings\Alex\Cookies\alex@server.iad.liveperson[2].txt -> TrackingCookie.Liveperson : Cleaned.
E:\Documents and Settings\Default\Cookies\default@server.iad.liveperson[2].txt -> TrackingCookie.Liveperson : Cleaned.
E:\Documents and Settings\Default\Cookies\default@server.iad.liveperson[3].txt -> TrackingCookie.Liveperson : Cleaned.
E:\Documents and Settings\Nick\Cookies\nick@server.iad.liveperson[1].txt -> TrackingCookie.Liveperson : Cleaned.
E:\Documents and Settings\Nick\Cookies\nick@server.iad.liveperson[3].txt -> TrackingCookie.Liveperson : Cleaned.
C:\RECYCLER\S-1-5-21-2756475209-3754210056-4013224527-1009\Dc142.txt -> TrackingCookie.Masterstats : Cleaned.
E:\Documents and Settings\Nick\Cookies\nick@image.masterstats[1].txt -> TrackingCookie.Masterstats : Cleaned.
C:\RECYCLER\S-1-5-21-2756475209-3754210056-4013224527-1009\Dc185.txt -> TrackingCookie.Mediaplex : Cleaned.
E:\Documents and Settings\Alex\Cookies\alex@mediaplex[2].txt -> TrackingCookie.Mediaplex : Cleaned.
E:\Documents and Settings\Default\Cookies\default@mediaplex[1].txt -> TrackingCookie.Mediaplex : Cleaned.
E:\Documents and Settings\Default\Cookies\default@mediaplex[3].txt -> TrackingCookie.Mediaplex : Cleaned.
E:\Documents and Settings\Default\Cookies\default@mediaplex[4].txt -> TrackingCookie.Mediaplex : Cleaned.
E:\Documents and Settings\Default\Cookies\default@mediaplex[5].txt -> TrackingCookie.Mediaplex : Cleaned.
E:\Documents and Settings\Nick\Cookies\nick@mediaplex[1].txt -> TrackingCookie.Mediaplex : Cleaned.
E:\Documents and Settings\Nick\Cookies\nick@mediaplex[2].txt -> TrackingCookie.Mediaplex : Cleaned.
C:\RECYCLER\S-1-5-21-2756475209-3754210056-4013224527-1009\Dc265.txt -> TrackingCookie.Msn : Cleaned.
E:\Documents and Settings\Alex\Cookies\alex@search.msn[1].txt -> TrackingCookie.Msn : Cleaned.
E:\Documents and Settings\Default\Cookies\default@search.msn[1].txt -> TrackingCookie.Msn : Cleaned.
E:\Documents and Settings\Default\Cookies\default@search.msn[2].txt -> TrackingCookie.Msn : Cleaned.
E:\Documents and Settings\Nick\Cookies\nick@search.msn[1].txt -> TrackingCookie.Msn : Cleaned.
E:\Documents and Settings\Nick\Cookies\nick@search.msn[2].txt -> TrackingCookie.Msn : Cleaned.
E:\Documents and Settings\Nick\Cookies\nick@www.myaffiliateprogram[1].txt -> TrackingCookie.Myaffiliateprogram : Cleaned.
E:\Documents and Settings\Nick\Cookies\nick@navrcholu[1].txt -> TrackingCookie.Navrcholu : Cleaned.
E:\Documents and Settings\Nick\Cookies\nick@ssl-hints.netflame[2].txt -> TrackingCookie.Netflame : Cleaned.
E:\Documents and Settings\Default\Cookies\default@php.offshoreclicks[1].txt -> TrackingCookie.Offshoreclicks : Cleaned.
C:\RECYCLER\S-1-5-21-2756475209-3754210056-4013224527-1009\Dc292.txt -> TrackingCookie.Onestat : Cleaned.
C:\RECYCLER\S-1-5-21-2756475209-3754210056-4013224527-1009\Dc222.txt -> TrackingCookie.Overture : Cleaned.
C:\RECYCLER\S-1-5-21-2756475209-3754210056-4013224527-1009\Dc229.txt -> TrackingCookie.Overture : Cleaned.
C:\RECYCLER\S-1-5-21-2756475209-3754210056-4013224527-1009\Dc66.txt -> TrackingCookie.Overture : Cleaned.
E:\Documents and Settings\Alex\Cookies\alex@overture[1].txt -> TrackingCookie.Overture : Cleaned.
E:\Documents and Settings\Alex\Cookies\alex@overture[2].txt -> TrackingCookie.Overture : Cleaned.
E:\Documents and Settings\Default\Cookies\default@overture[1].txt -> TrackingCookie.Overture : Cleaned.
E:\Documents and Settings\Default\Cookies\default@overture[2].txt -> TrackingCookie.Overture : Cleaned.
E:\Documents and Settings\Default\Cookies\default@overture[3].txt -> TrackingCookie.Overture : Cleaned.
E:\Documents and Settings\Default\Cookies\default@overture[4].txt -> TrackingCookie.Overture : Cleaned.
E:\Documents and Settings\Default\Cookies\default@perf.overture[1].txt -> TrackingCookie.Overture : Cleaned.
E:\Documents and Settings\Nick\Cookies\nick@overture[2].txt -> TrackingCookie.Overture : Cleaned.
E:\Documents and Settings\Nick\Cookies\nick@overture[3].txt -> TrackingCookie.Overture : Cleaned.
E:\Documents and Settings\Nick\Cookies\nick@overture[4].txt -> TrackingCookie.Overture : Cleaned.
C:\RECYCLER\S-1-5-21-2756475209-3754210056-4013224527-1009\Dc227.txt -> TrackingCookie.Paycounter : Cleaned.
E:\Documents and Settings\Alex\Cookies\alex@paycounter[1].txt -> TrackingCookie.Paycounter : Cleaned.
E:\Documents and Settings\Alex\Cookies\alex@paycounter[2].txt -> TrackingCookie.Paycounter : Cleaned.
E:\Documents and Settings\Default\Cookies\default@paycounter[3].txt -> TrackingCookie.Paycounter : Cleaned.
E:\Documents and Settings\Nick\Cookies\nick@paycounter[1].txt -> TrackingCookie.Paycounter : Cleaned.
E:\Documents and Settings\Default\Cookies\default@www.paypal[1].txt -> TrackingCookie.Paypal : Cleaned.
C:\RECYCLER\S-1-5-21-2756475209-3754210056-4013224527-1009\Dc228.txt -> TrackingCookie.Paypopup : Cleaned.
E:\Documents and Settings\Nick\Cookies\nick@www3.paypopup[1].txt -> TrackingCookie.Paypopup : Cleaned.
C:\RECYCLER\S-1-5-21-2756475209-3754210056-4013224527-1009\Dc234.txt -> TrackingCookie.Pocitadlo : Cleaned.
E:\Documents and Settings\Alex\Cookies\alex@pocitadlo[1].txt -> TrackingCookie.Pocitadlo : Cleaned.
C:\RECYCLER\S-1-5-21-2756475209-3754210056-4013224527-1009\Dc489.txt -> TrackingCookie.Pointroll : Cleaned.
E:\Documents and Settings\Alex\Cookies\alex@ads.pointroll[2].txt -> TrackingCookie.Pointroll : Cleaned.
E:\Documents and Settings\Default\Cookies\default@ads.pointroll[2].txt -> TrackingCookie.Pointroll : Cleaned.
E:\Documents and Settings\Default\Cookies\default@pointroll[1].txt -> TrackingCookie.Pointroll : Cleaned.
E:\Documents and Settings\Default\Cookies\default@pointroll[3].txt -> TrackingCookie.Pointroll : Cleaned.
E:\Documents and Settings\Nick\Cookies\nick@ads.pointroll[1].txt -> TrackingCookie.Pointroll : Cleaned.
E:\Documents and Settings\Nick\Cookies\nick@ads.pointroll[2].txt -> TrackingCookie.Pointroll : Cleaned.
E:\Documents and Settings\Nick\Cookies\nick@ads.pointroll[3].txt -> TrackingCookie.Pointroll : Cleaned.
E:\Documents and Settings\Nick\Cookies\nick@ads.pointroll[4].txt -> TrackingCookie.Pointroll : Cleaned.
E:\Documents and Settings\Default\Cookies\default@popupsponsor[2].txt -> TrackingCookie.Popupsponsor : Cleaned.
E:\Documents and Settings\Default\Cookies\default@popupsponsor[3].txt -> TrackingCookie.Popupsponsor : Cleaned.
E:\Documents and Settings\Default\Cookies\default@popupsponsor[4].txt -> TrackingCookie.Popupsponsor : Cleaned.
E:\Documents and Settings\Default\Cookies\default@www.popuptraffic[1].txt -> TrackingCookie.Popuptraffic : Cleaned.
E:\Documents and Settings\Nick\Cookies\nick@pro-market[2].txt -> TrackingCookie.Pro-market : Cleaned.
E:\Documents and Settings\Alex\Cookies\alex@qksrv[2].txt -> TrackingCookie.Qksrv : Cleaned.
E:\Documents and Settings\Default\Cookies\default@qksrv[2].txt -> TrackingCookie.Qksrv : Cleaned.
E:\Documents and Settings\Default\Cookies\default@qksrv[3].txt -> TrackingCookie.Qksrv : Cleaned.
E:\Documents and Settings\Default\Cookies\default@qksrv[4].txt -> TrackingCookie.Qksrv : Cleaned.
E:\Documents and Settings\Default\Cookies\default@www.qksrv[2].txt -> TrackingCookie.Qksrv : Cleaned.
C:\RECYCLER\S-1-5-21-2756475209-3754210056-4013224527-1009\Dc244.txt -> TrackingCookie.Questionmarket : Cleaned.
E:\Documents and Settings\Alex\Cookies\alex@questionmarket[1].txt -> TrackingCookie.Questionmarket : Cleaned.
E:\Documents and Settings\Default\Cookies\default@questionmarket[1].txt -> TrackingCookie.Questionmarket : Cleaned.
E:\Documents and Settings\Default\Cookies\default@questionmarket[3].txt -> TrackingCookie.Questionmarket : Cleaned.
E:\Documents and Settings\Default\Cookies\default@questionmarket[4].txt -> TrackingCookie.Questionmarket : Cleaned.
E:\Documents and Settings\Nick\Cookies\nick@questionmarket[1].txt -> TrackingCookie.Questionmarket : Cleaned.
E:\Documents and Settings\Nick\Cookies\nick@questionmarket[2].txt -> TrackingCookie.Questionmarket : Cleaned.
E:\Documents and Settings\Nick\Cookies\nick@questionmarket[3].txt -> TrackingCookie.Questionmarket : Cleaned.
C:\RECYCLER\S-1-5-21-2756475209-3754210056-4013224527-1009\Dc247.txt -> TrackingCookie.Real : Cleaned.
C:\RECYCLER\S-1-5-21-2756475209-3754210056-4013224527-1009\Dc248.txt -> TrackingCookie.Real : Cleaned.
E:\Documents and Settings\Alex\Cookies\alex@real[1].txt -> TrackingCookie.Real : Cleaned.
E:\Documents and Settings\Default\Cookies\default@realguide.real[1].txt -> TrackingCookie.Real : Cleaned.
E:\Documents and Settings\Default\Cookies\default@www.real[1].txt -> TrackingCookie.Real : Cleaned.
C:\RECYCLER\S-1-5-21-2756475209-3754210056-4013224527-1009\Dc490.txt -> TrackingCookie.Realcastmedia : Cleaned.
C:\RECYCLER\S-1-5-21-2756475209-3754210056-4013224527-1009\Dc249.txt -> TrackingCookie.Realmedia : Cleaned.
E:\Documents and Settings\Alex\Cookies\alex@realmedia[2].txt -> TrackingCookie.Realmedia : Cleaned.
E:\Documents and Settings\Default\Cookies\default@realmedia[2].txt -> TrackingCookie.Realmedia : Cleaned.
E:\Documents and Settings\Default\Cookies\default@realmedia[3].txt -> TrackingCookie.Realmedia : Cleaned.
E:\Documents and Settings\Default\Cookies\default@realmedia[4].txt -> TrackingCookie.Realmedia : Cleaned.
E:\Documents and Settings\Nick\Cookies\nick@realmedia[1].txt -> TrackingCookie.Realmedia : Cleaned.
E:\Documents and Settings\Nick\Cookies\nick@realmedia[2].txt -> TrackingCookie.Realmedia : Cleaned.
E:\Documents and Settings\Alex\Cookies\alex@talkcity.realtracker[2].txt -> TrackingCookie.Realtracker : Cleaned.
C:\RECYCLER\S-1-5-21-2756475209-3754210056-4013224527-1009\Dc255.txt -> TrackingCookie.Revenue : Cleaned.
E:\Documents and Settings\Alex\Cookies\alex@revenue[2].txt -> TrackingCookie.Revenue : Cleaned.
E:\Documents and Settings\Alex\Cookies\alex@revenue[3].txt -> TrackingCookie.Revenue : Cleaned.
E:\Documents and Settings\Default\Cookies\default@revenue[1].txt -> TrackingCookie.Revenue : Cleaned.
E:\Documents and Settings\Default\Cookies\default@revenue[3].txt -> TrackingCookie.Revenue : Cleaned.
E:\Documents and Settings\Nick\Cookies\nick@revenue[2].txt -> TrackingCookie.Revenue : Cleaned.
E:\Documents and Settings\Nick\Cookies\nick@revenue[3].txt -> TrackingCookie.Revenue : Cleaned.
C:\RECYCLER\S-1-5-21-2756475209-3754210056-4013224527-1009\Dc256.txt -> TrackingCookie.Revsci : Cleaned.
E:\Documents and Settings\Nick\Cookies\nick@revsci[1].txt -> TrackingCookie.Revsci : Cleaned.
C:\RECYCLER\S-1-5-21-2756475209-3754210056-4013224527-1009\Dc86.txt -> TrackingCookie.Ru4 : Cleaned.
E:\Documents and Settings\Default\Cookies\default@edge.ru4[2].txt -> TrackingCookie.Ru4 : Cleaned.
E:\Documents and Settings\Default\Cookies\default@edge.ru4[3].txt -> TrackingCookie.Ru4 : Cleaned.
E:\Documents and Settings\Default\Cookies\default@edge.ru4[4].txt -> TrackingCookie.Ru4 : Cleaned.
E:\Documents and Settings\Nick\Cookies\nick@edge.ru4[2].txt -> TrackingCookie.Ru4 : Cleaned.
C:\RECYCLER\S-1-5-21-2756475209-3754210056-4013224527-1009\Dc25.txt -> TrackingCookie.Serving-sys : Cleaned.
C:\RECYCLER\S-1-5-21-2756475209-3754210056-4013224527-1009\Dc272.txt -> TrackingCookie.Serving-sys : Cleaned.
E:\Documents and Settings\Alex\Cookies\alex@bs.serving-sys[1].txt -> TrackingCookie.Serving-sys : Cleaned.
E:\Documents and Settings\Alex\Cookies\alex@serving-sys[2].txt -> TrackingCookie.Serving-sys : Cleaned.
E:\Documents and Settings\Nick\Cookies\nick@serving-sys[3].txt -> TrackingCookie.Serving-sys : Cleaned.
C:\RECYCLER\S-1-5-21-2756475209-3754210056-4013224527-1009\Dc60.txt -> TrackingCookie.Sexcounter : Cleaned.
E:\Documents and Settings\Default\Cookies\default@sexlist[1].txt -> TrackingCookie.Sexlist : Cleaned.
C:\RECYCLER\S-1-5-21-2756475209-3754210056-4013224527-1009\Dc55.txt -> TrackingCookie.Sextracker : Cleaned.
C:\RECYCLER\S-1-5-21-2756475209-3754210056-4013224527-1009\Dc56.txt -> TrackingCookie.Sextracker : Cleaned.
C:\RECYCLER\S-1-5-21-2756475209-3754210056-4013224527-1009\Dc57.txt -> TrackingCookie.Sextracker : Cleaned.
E:\Documents and Settings\Alex\Cookies\alex@counter1.sextracker[1].txt -> TrackingCookie.Sextracker : Cleaned.
E:\Documents and Settings\Alex\Cookies\alex@counter1.sextracker[2].txt -> TrackingCookie.Sextracker : Cleaned.
E:\Documents and Settings\Alex\Cookies\alex@counter1.sextracker[3].txt -> TrackingCookie.Sextracker : Cleaned.
E:\Documents and Settings\Alex\Cookies\alex@counter15.sextracker[1].txt -> TrackingCookie.Sextracker : Cleaned.
E:\Documents and Settings\Alex\Cookies\alex@counter2.sextracker[1].txt -> TrackingCookie.Sextracker : Cleaned.
E:\Documents and Settings\Alex\Cookies\alex@sextracker[1].txt -> TrackingCookie.Sextracker : Cleaned.
E:\Documents and Settings\Alex\Cookies\alex@sextracker[2].txt -> TrackingCookie.Sextracker : Cleaned.
E:\Documents and Settings\Alex\Cookies\alex@sextracker[4].txt -> TrackingCookie.Sextracker : Cleaned.
E:\Documents and Settings\Default\Cookies\default@counter1.sextracker[3].txt -> TrackingCookie.Sextracker : Cleaned.
E:\Documents and Settings\Default\Cookies\default@counter15.sextracker[1].txt -> TrackingCookie.Sextracker : Cleaned.
E:\Documents and Settings\Default\Cookies\default@sextracker[3].txt -> TrackingCookie.Sextracker : Cleaned.
E:\Documents and Settings\Nick\Cookies\nick@counter1.sextracker[2].txt -> TrackingCookie.Sextracker : Cleaned.
E:\Documents and Settings\Nick\Cookies\nick@counter1.sextracker[3].txt -> TrackingCookie.Sextracker : Cleaned.
E:\Documents and Settings\Nick\Cookies\nick@counter2.sextracker[2].txt -> TrackingCookie.Sextracker : Cleaned.
E:\Documents and Settings\Nick\Cookies\nick@counter3.sextracker[1].txt -> TrackingCookie.Sextracker : Cleaned.
E:\Documents and Settings\Nick\Cookies\nick@sextracker[2].txt -> TrackingCookie.Sextracker : Cleaned.
E:\Documents and Settings\Nick\Cookies\nick@sextracker[3].txt -> TrackingCookie.Sextracker : Cleaned.
E:\Documents and Settings\Nick\Cookies\nick@www.shopathomeselect[1].txt -> TrackingCookie.Shopathomeselect : Cleaned.
C:\RECYCLER\S-1-5-21-2756475209-3754210056-4013224527-1009\Dc417.txt -> TrackingCookie.Smartadserver : Cleaned.
C:\RECYCLER\S-1-5-21-2756475209-3754210056-4013224527-1009\Dc478.txt -> TrackingCookie.Specificclick : Cleaned.
E:\Documents and Settings\Default\Cookies\default@adopt.specificclick[2].txt -> TrackingCookie.Specificclick : Cleaned.
E:\Documents and Settings\Default\Cookies\default@adopt.specificclick[3].txt -> TrackingCookie.Specificclick : Cleaned.
E:\Documents and Settings\Nick\Cookies\nick@adopt.specificclick[1].txt -> TrackingCookie.Specificclick : Cleaned.
E:\Documents and Settings\Nick\Cookies\nick@adopt.specificclick[3].txt -> TrackingCookie.Specificclick : Cleaned.
E:\Documents and Settings\Alex\Cookies\alex@ads.specificpop[1].txt -> TrackingCookie.Specificpop : Cleaned.
E:\Documents and Settings\Default\Cookies\default@ads.specificpop[1].txt -> TrackingCookie.Specificpop : Cleaned.
E:\Documents and Settings\Default\Cookies\default@ads.specificpop[3].txt -> TrackingCookie.Specificpop : Cleaned.
E:\Documents and Settings\Default\Cookies\default@ads.specificpop[4].txt -> TrackingCookie.Specificpop : Cleaned.
E:\Documents and Settings\Default\Cookies\default@specificpop[2].txt -> TrackingCookie.Specificpop : Cleaned.
C:\RECYCLER\S-1-5-21-2756475209-3754210056-4013224527-1009\Dc291.txt -> TrackingCookie.Spylog : Cleaned.
C:\RECYCLER\S-1-5-21-2756475209-3754210056-4013224527-1009\Dc128.txt -> TrackingCookie.Starware : Cleaned.
C:\RECYCLER\S-1-5-21-2756475209-3754210056-4013224527-1009\Dc322.txt -> TrackingCookie.Starware : Cleaned.
C:\RECYCLER\S-1-5-21-2756475209-3754210056-4013224527-1009\Dc293.txt -> TrackingCookie.Statcounter : Cleaned.
E:\Documents and Settings\Alex\Cookies\alex@statcounter[1].txt -> TrackingCookie.Statcounter : Cleaned.
E:\Documents and Settings\Nick\Cookies\nick@statcounter[3].txt -> TrackingCookie.Statcounter : Cleaned.
C:\RECYCLER\S-1-5-21-2756475209-3754210056-4013224527-1009\Dc309.txt -> TrackingCookie.Tacoda : Cleaned.
C:\RECYCLER\S-1-5-21-2756475209-3754210056-4013224527-1009\Dc500.txt -> TrackingCookie.Tacoda : Cleaned.
C:\RECYCLER\S-1-5-21-2756475209-3754210056-4013224527-1009\Dc501.txt -> TrackingCookie.Tacoda : Cleaned.
E:\Documents and Settings\Nick\Cookies\nick@tacoda[1].txt -> TrackingCookie.Tacoda : Cleaned.
C:\RECYCLER\S-1-5-21-2756475209-3754210056-4013224527-1009\Dc311.txt -> TrackingCookie.Targetnet : Cleaned.
E:\Documents and Settings\Default\Cookies\default@targetnet[1].txt -> TrackingCookie.Targetnet : Cleaned.
E:\Documents and Settings\Nick\Cookies\nick@targetnet[1].txt -> TrackingCookie.Targetnet : Cleaned.
E:\Documents and Settings\Nick\Cookies\nick@tradedoubler[1].txt -> TrackingCookie.Tradedoubler : Cleaned.
C:\RECYCLER\S-1-5-21-2756475209-3754210056-4013224527-1009\Dc317.txt -> TrackingCookie.Trafficmp : Cleaned.
E:\Documents and Settings\Alex\Cookies\alex@trafficmp[1].txt -> TrackingCookie.Trafficmp : Cleaned.
E:\Documents and Settings\Alex\Cookies\alex@trafficmp[2].txt -> TrackingCookie.Trafficmp : Cleaned.
E:\Documents and Settings\Default\Cookies\default@trafficmp[2].txt -> TrackingCookie.Trafficmp : Cleaned.
E:\Documents and Settings\Default\Cookies\default@trafficmp[3].txt -> TrackingCookie.Trafficmp : Cleaned.
E:\Documents and Settings\Default\Cookies\default@trafficmp[4].txt -> TrackingCookie.Trafficmp : Cleaned.
E:\Documents and Settings\Default\Cookies\default@trafficmp[5].txt -> TrackingCookie.Trafficmp : Cleaned.
E:\Documents and Settings\Default\Cookies\default@trafficmp[6].txt -> TrackingCookie.Trafficmp : Cleaned.
E:\Documents and Settings\Nick\Cookies\nick@trafficmp[1].txt -> TrackingCookie.Trafficmp : Cleaned.
E:\Documents and Settings\Nick\Cookies\nick@trafficmp[2].txt -> TrackingCookie.Trafficmp : Cleaned.
E:\Documents and Settings\Default\Cookies\default@hestia.sextrail.trakkerd[2].txt -> TrackingCookie.Trakkerd : Cleaned.
C:\RECYCLER\S-1-5-21-2756475209-3754210056-4013224527-1009\Dc319.txt -> TrackingCookie.Tribalfusion : Cleaned.
E:\Documents and Settings\Alex\Cookies\alex@tribalfusion[1].txt -> TrackingCookie.Tribalfusion : Cleaned.
E:\Documents and Settings\Default\Cookies\default@tribalfusion[2].txt -> TrackingCookie.Tribalfusion : Cleaned.
E:\Documents and Settings\Default\Cookies\default@tribalfusion[3].txt -> TrackingCookie.Tribalfusion : Cleaned.
E:\Documents and Settings\Nick\Cookies\nick@tribalfusion[1].txt -> TrackingCookie.Tribalfusion : Cleaned.
E:\Documents and Settings\Nick\Cookies\nick@tribalfusion[3].txt -> TrackingCookie.Tribalfusion : Cleaned.
E:\Documents and Settings\Nick\Cookies\nick@tribalfusion[4].txt -> TrackingCookie.Tribalfusion : Cleaned.
C:\RECYCLER\S-1-5-21-2756475209-3754210056-4013224527-1009\Dc250.txt -> TrackingCookie.Valuead : Cleaned.
C:\RECYCLER\S-1-5-21-2756475209-3754210056-4013224527-1009\Dc332.txt -> TrackingCookie.Valuead : Cleaned.
C:\RECYCLER\S-1-5-21-2756475209-3754210056-4013224527-1009\Dc335.txt -> TrackingCookie.Valuead : Cleaned.
C:\RECYCLER\S-1-5-21-2756475209-3754210056-4013224527-1009\Dc333.txt -> TrackingCookie.Valueclick : Cleaned.
C:\RECYCLER\S-1-5-21-2756475209-3754210056-4013224527-1009\Dc334.txt -> TrackingCookie.Valueclick : Cleaned.
E:\Documents and Settings\Default\Cookies\default@valueclick[2].txt -> TrackingCookie.Valueclick : Cleaned.
E:\Documents and Settings\Default\Cookies\default@valueclick[3].txt -> TrackingCookie.Valueclick : Cleaned.
E:\Documents and Settings\Nick\Cookies\nick@webstat[2].txt -> TrackingCookie.Web-stat : Cleaned.
C:\RECYCLER\S-1-5-21-2756475209-3754210056-4013224527-1009\Dc348.txt -> TrackingCookie.Weborama : Cleaned.
E:\Documents and Settings\Default\Cookies\default@weborama.txt -> TrackingCookie.Weborama : Cleaned.
C:\RECYCLER\S-1-5-21-2756475209-3754210056-4013224527-1009\Dc175.txt -> TrackingCookie.Webtrends : Cleaned.
C:\RECYCLER\S-1-5-21-2756475209-3754210056-4013224527-1009\Dc298.txt -> TrackingCookie.Webtrendslive : Cleaned.
E:\Documents and Settings\Default\Cookies\default@statse.webtrendslive[1].txt -> TrackingCookie.Webtrendslive : Cleaned.
E:\Documents and Settings\Default\Cookies\default@x10[1].txt -> TrackingCookie.X10 : Cleaned.
E:\Documents and Settings\Default\Cookies\default@x10[4].txt -> TrackingCookie.X10 : Cleaned.
E:\Documents and Settings\Nick\Cookies\nick@ads.x10[1].txt -> TrackingCookie.X10 : Cleaned.
C:\RECYCLER\S-1-5-21-2756475209-3754210056-4013224527-1009\Dc438.txt -> TrackingCookie.Yadro : Cleaned.
C:\RECYCLER\S-1-5-21-2756475209-3754210056-4013224527-1009\Dc441.txt -> TrackingCookie.Yieldmanager : Cleaned.
C:\RECYCLER\S-1-5-21-2756475209-3754210056-4013224527-1009\Dc467.txt -> TrackingCookie.Yieldmanager : Cleaned.
E:\Documents and Settings\Alex\Cookies\alex@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Cleaned.
E:\Documents and Settings\Default\Cookies\default@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Cleaned.
E:\Documents and Settings\Nick\Cookies\nick@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Cleaned.
E:\Documents and Settings\Nick\Cookies\nick@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Cleaned.
C:\RECYCLER\S-1-5-21-2756475209-3754210056-4013224527-1009\Dc447.txt -> TrackingCookie.Zedo : Cleaned.
E:\Documents and Settings\Alex\Cookies\alex@zedo[1].txt -> TrackingCookie.Zedo : Cleaned.
E:\Documents and Settings\Default\Cookies\default@zedo[1].txt -> TrackingCookie.Zedo : Cleaned.
E:\Documents and Settings\Default\Cookies\default@zedo[2].txt -> TrackingCookie.Zedo : Cleaned.
E:\Documents and Settings\Default\Cookies\default@zedo[3].txt -> TrackingCookie.Zedo : Cleaned.
E:\Documents and Settings\Default\Cookies\default@zedo[4].txt -> TrackingCookie.Zedo : Cleaned.
E:\Documents and Settings\Default\Cookies\default@zedo[5].txt -> TrackingCookie.Zedo : Cleaned.
E:\Documents and Settings\Nick\Cookies\nick@zedo[2].txt -> TrackingCookie.Zedo : Cleaned.
E:\Documents and Settings\Nick\Cookies\nick@zedo[3].txt -> TrackingCookie.Zedo : Cleaned.
E:\Documents and Settings\Nick\Cookies\nick@zedo[4].txt -> TrackingCookie.Zedo : Cleaned.


::Report end




3. New HJT logfile:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:14:01 AM, on 8/14/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\Ad-Watch2007.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
C:\Program Files\Symantec\LiveUpdate\AUPDATE.EXE
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\Program Files\Trend Micro\HijackThis\dumb.exe
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.oan.org/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/mywaybiz
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware 2007\Ad-Watch2007.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [DellSupport-] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe

--
End of file - 8607 bytes
[/b]
kjeli
Active Member
 
Posts: 13
Joined: August 6th, 2007, 2:42 pm

Unread postby ndmmxiaomayi » August 15th, 2007, 12:21 am

Hello kjeli,

Step 1

  1. Please download the latest version of Icesword from here.
  2. Right click on IceSword122en.zip and select Extract All....
  3. Click Next on seeing the Welcome to the Compressed (zipped) Folders Extraction Wizard.
  4. Click on the Browse button. Click on Desktop. Then click OK.
  5. Check (tick) the Show extracted files box.
  6. Create a new folder on your desktop (right click on desktop, select New > Folder), name it Bad.
  7. Double click on Icesword.exe to run it.
  8. Click on File on the left hand side.
  9. Click on the + sign next to C drive to expand it.
  10. Click on the + sign next to WINDOWS to expand it.
  11. Click on the + sign next to System32 to expand it.
  12. On your right hand side, right click on hsdabhon.dll and select Copy to....
  13. Navigate to the Bad folder created in Step 6. In the File Name field, copy and paste in hsdabhon.dll.
  14. Click Save.
Repeat Steps 9 to 14 for these 3 files as well:
  1. C:\WINDOWS\system32\xkxwauia.dll
  2. C:\WINDOWS\system32\tegidqse.dll
  3. C:\WINDOWS\system32\drgwixpt.dll
Note: Do not use the same file name as used in Step 13 when copying the files. This will overwrite the previous file. Use the bolded file name for each of the file.

Step 2

Please go to Virus Total or Jotti and upload these files for scanning.

For Virus Total

  1. Copy and paste C:\Documents and Settings\Krista\Desktop\Bad\hsdabhon.dll into the text box next to the Browse button.
  2. Click on Send File.

For Jotti

  1. Copy and paste C:\Documents and Settings\Krista\Desktop\Bad\hsdabhon.dll into the text box next to the Browse button.
  2. Click on Submit.

Repeat for these 3 files:

  1. C:\Documents and Settings\Krista\Desktop\Bad\xkxwauia.dll
  2. C:\Documents and Settings\Krista\Desktop\Bad\tegidqse.dll
  3. C:\Documents and Settings\Krista\Desktop\Bad\drgwixpt.dll


Please post a new HijackThis log as well as the scan results of the 4 files in your next reply.
ndmmxiaomayi
MRU Emeritus
MRU Emeritus
 
Posts: 9708
Joined: July 17th, 2006, 9:22 am

Reply

Unread postby kjeli » August 15th, 2007, 2:44 am

Hi--

I'm not getting what you say I should see in IceSword, even though I've expanded the file list to C:/Windows/System32--the list of files that shows up is:

AILog.txt
AUTOEXEC.BAT
boot.ini
boot.ini.cf
ComboFix-quarantined-files.txt
ComboFix.txt
CONFIG.SYS
dell.sdr
hiberfil.sys
INFCACHE.1
IO.SYS
IPH.PH
MSDOS.SYS
NTDETECT.COM
ntldr
pagefil.sys
SystemInfo.ini
VundoFix.txt

I tried it a few times, and either this list showed, or nothing showed at all on the right hand pane. :(
kjeli
Active Member
 
Posts: 13
Joined: August 6th, 2007, 2:42 pm

Reply 2

Unread postby kjeli » August 15th, 2007, 3:01 am

OK, I tried it again, and must have been doing something wrong--I got the file list to expand correctly, but none of those 4 files are showing up in the C:\Windows\System32 path..

:( :(
kjeli
Active Member
 
Posts: 13
Joined: August 6th, 2007, 2:42 pm

Unread postby ndmmxiaomayi » August 15th, 2007, 4:13 am

Hello kjeli,

Step 1

  1. Please download the latest version of Icesword from here.
  2. Right click on IceSword122en.zip and select Extract All....
  3. Click Next on seeing the Welcome to the Compressed (zipped) Folders Extraction Wizard.
  4. Click on the Browse button. Click on Desktop. Then click OK.
  5. Check (tick) the Show extracted files box.
  6. Create a new folder on your desktop (right click on desktop, select New > Folder), name it Bad.
  7. Double click on Icesword.exe to run it.
  8. Click on File on the left hand side.
  9. Click on the + sign next to C drive to expand it.
  10. Click on the + sign next to WINDOWS to expand it.
  11. Click on the + sign next to System32 to expand it.
  12. Click on System32 to select it. Make sure the System32 folder is highlighted. An image is below for your reference.

    Image
  13. On your right hand side, right click on hsdabhon.dll and select Copy to....
  14. Navigate to the Bad folder created in Step 6. In the File Name field, copy and paste in hsdabhon.dll.
  15. Click Save.
Repeat Steps 9 to 14 for these 3 files as well:
  1. C:\WINDOWS\system32\xkxwauia.dll
  2. C:\WINDOWS\system32\tegidqse.dll
  3. C:\WINDOWS\system32\drgwixpt.dll
Note: Do not use the same file name as used in Step 13 when copying the files. This will overwrite the previous file. Use the bolded file name for each of the file.

Step 2

Please go to Virus Total or Jotti and upload these files for scanning.

For Virus Total

  1. Copy and paste C:\Documents and Settings\Krista\Desktop\Bad\hsdabhon.dll into the text box next to the Browse button.
  2. Click on Send File.

For Jotti

  1. Copy and paste C:\Documents and Settings\Krista\Desktop\Bad\hsdabhon.dll into the text box next to the Browse button.
  2. Click on Submit.

Repeat for these 3 files:

  1. C:\Documents and Settings\Krista\Desktop\Bad\xkxwauia.dll
  2. C:\Documents and Settings\Krista\Desktop\Bad\tegidqse.dll
  3. C:\Documents and Settings\Krista\Desktop\Bad\drgwixpt.dll


Please post a new HijackThis log as well as the scan results of the 4 files in your next reply.
ndmmxiaomayi
MRU Emeritus
MRU Emeritus
 
Posts: 9708
Joined: July 17th, 2006, 9:22 am

Reply

Unread postby kjeli » August 16th, 2007, 1:15 am

Good evening!

Ok, I see what I was doing wrong in IceSword, by not having System32 highlighted so the file list didn't display. So I am doing it correctly now.

However, none of those 4 files you want me to find are listed. For example, I've got the list sorted in alphabetical order, and there's a file called hotplug.dll, and next is a file called HSFCI008.dll. If the hsdabhon.dll file was to be found, it would be listed between these two, and it is not there.

What to do? Again I so much appreciate all your help with this :)

Krista
kjeli
Active Member
 
Posts: 13
Joined: August 6th, 2007, 2:42 pm

Unread postby ndmmxiaomayi » August 16th, 2007, 9:37 pm

Hello kjeli,

Please open Notepad and copy and paste the following in the Code box into Notepad:

Code: Select all
http://forum.malwareremoval.com/viewtopic.php?t=22354

Suspect::
C:\WINDOWS\system32\hsdabhon.dll
C:\WINDOWS\system32\xkxwauia.dll
C:\WINDOWS\system32\tegidqse.dll
C:\WINDOWS\system32\drgwixpt.dll

FileLook::
C:\WINDOWS\system32\hsdabhon.dll
C:\WINDOWS\system32\xkxwauia.dll
C:\WINDOWS\system32\tegidqse.dll
C:\WINDOWS\system32\drgwixpt.dll


Click on File > Save As....

In the File Name field, copy and paste in CFScript.txt

Click Save.

Note: Do not change the file name.

Referring to the picture below, drag CFScript.txt into Combofix.

Image

Do not mouse click on Combofix while it's running. That may cause it to stall.

Once done, a file name [4]-Submit_Date_Time.zip will be created on your desktop. Your browser will open as well, asking you to submit a file. Please upload the file and submit it.

After uploading the file, please post back the Combofix log as well as a new HijackThis log.
ndmmxiaomayi
MRU Emeritus
MRU Emeritus
 
Posts: 9708
Joined: July 17th, 2006, 9:22 am

Unread postby ndmmxiaomayi » August 26th, 2007, 10:35 am

Hello kjeli,

Are you still there? If you have problems with the instructions, please let me know.
ndmmxiaomayi
MRU Emeritus
MRU Emeritus
 
Posts: 9708
Joined: July 17th, 2006, 9:22 am

Unread postby Elrond » September 5th, 2007, 12:36 am

This topic is now closed due to inactivity. If you wish it to be reopened, please send us an email to 'admin at malwareremoval.com' with a link to your thread.

If it has been 10 days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, this topic will not be reopened. If you still require help, please start a new topic and include a fresh HijackThis log and a link to this thread in your new topic.

You can help support this site from this link :
Donations For Malware Removal

Please do not contact us if you are not the topic starter. A valid, working link to the closed topic is required along with the user name used. If the user name does not match the one in the thread linked, the email will be deleted.
User avatar
Elrond
Admin/Teacher Emeritus
 
Posts: 8818
Joined: February 17th, 2005, 9:14 pm
Location: Jerusalem
Advertisement
Register to Remove


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: Wreck17 and 19 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware