Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

My hijack log

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

My hijack log

Unread postby beangod » January 13th, 2008, 12:33 pm

I've been getting Internet speed monitor ads lately and I ran spybot and found that I had virtumonde along with some others. So I took care of them besides the virtumonde. I've tried the vundofix but I'm not sure if its working right.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:27:44 AM, on 1/13/2008
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\cisvc.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\SYSTEM32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\Mixer.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QdrModule\QdrModule11.exe
C:\Program Files\QdrPack\QdrPack11.exe
C:\Program Files\iTunes\iTunesHelper .exe
C:\Program Files\QdrPack\QdrPack11 .exe
C:\Program Files\QdrModule\QdrModule11 .exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\cidaemon.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F3 - REG:win.ini: load=C:\WINDOWS\System32\pmkhh.exe
O1 - Hosts: BF2
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [KernelFaultCheck] C:\WINDOWS\system32\dumprep 0 -k
O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe"
O4 - HKLM\..\Run: [MSConfig] C:\Documents and Settings\Haze\Desktop\msconfig.exe /auto
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - http://www.comcastsupport.com/sdcxuser/asp/tgctlsr.cab
O16 - DPF: {02AA9E0F-B4EB-4BE9-A769-FD09543FEEC2} (UniInstaller Class) - http://www.sexyads.net/members/voice-installer.cab
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {0835BC90-6ABC-4F52-A103-4FC3A61F2C33} (A18X Control) - http://www.albatross18.com/cabs/A18X.ocx
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {1842B0EE-B597-11D4-8997-00104BD12D94} (iCC Class) - http://pcpitstop.com/internet/pcpConnCheck.cab
O16 - DPF: {2931566C-B8A6-46C5-BF4D-E6AB9251E953} (Nexon Package Manager Control) - http://www.nexon.co.jp/JP/f/ActiveX/Public/nxpm.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - http://www.fileplanet.com/fpdlmgr/cabs/ ... 1.2.76.cab
O16 - DPF: {48884C41-EFAC-433D-958A-9FADAC41408E} (EGamesPlugin Class) - https://www.e-games.com.my/com/EGamesPlugin.cab
O16 - DPF: {56393399-041A-4650-94C7-13DFCB1F4665} (PSFormX Control) - http://pcpitstop.com/pestscan/pestscan.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windows ... 0231545154
O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Housecall ActiveX 6.5) - http://housecall65.trendmicro.com/house ... hcImpl.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004 ... scan53.cab
O16 - DPF: {77B4BB82-C2AD-4BF8-A1A2-795605604CA8} (CNeoInstallShieldX Object) - http://d-fighter.nefficient.co.kr/samsu ... er/dis.cab
O16 - DPF: {ADCC68D4-AAEA-4338-817D-1F261D9FB759} (ENetLauncher Control) - http://www.dragongemworld.com/Active_X/ENetLauncher.cab
O16 - DPF: {B45E969D-924F-4C83-ACF3-38CDD115AA2C} (MpiPlugin Class) - https://www.isaackorea.net/update/ilkactx.cab
O16 - DPF: {CEA3052D-65B9-44E2-A501-5E14024BC66F} (TricksterActiveX Control) - http://www.tricksteronline.com/control/ ... ctiveX.cab
O16 - DPF: {D6FCA8ED-4715-43DE-9BD2-2789778A5B09} - https://my.levelupgames.ph/KeyCrypt/npkcx.cab
O16 - DPF: {D88C7675-7CEE-4C9A-BDD4-7A43EED7794D} (Logout Class) - http://www.gamengame.com/KALogoutComponent.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{7EBB828C-B2CD-408D-84C5-04E387CD4CB8}: NameServer = 68.87.74.162,68.87.68.162
O22 - SharedTaskScheduler: disgorging - {0123eb75-964c-4cb3-b796-431cc9099570} - C:\WINDOWS\System32\cjuvwa.dll (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Auto Logon Service (AutoLogon) - Unknown owner - C:\Program Files\Macro Scheduler\autologonsvc.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Macro Scheduler Service (mschedsvc) - Unknown owner - C:\Program Files\Macro Scheduler\msschedsvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: RadClock - Unknown owner - C:\WINDOWS\SYSTEM32\RadClock.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\System32\UAService7.exe

--
End of file - 6237 bytes

Please point me in the right direction.
Thank you for reading.
beangod
Regular Member
 
Posts: 17
Joined: January 13th, 2008, 12:26 pm
Advertisement
Register to Remove

Re: My hijack log

Unread postby IndiGenus » January 14th, 2008, 5:19 pm

Hi beangod and welcome to the forums.

My name is Dave. I would be glad to take a look at your log and help you with solving any malware problems. HijackThis logs can sometimes take a while to research so please be patient and I'd be grateful if you would note the following:
  • I will working be on your Malware issues, this may or may not, solve other issues you have with your machine.
  • The fixes are specific to your problem and should only be used for this issue on this machine.
  • Please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear.
  • It's often worth reading through these instructions and printing them for ease of reference.
  • If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
  • Please reply to this thread. Do not start a new topic.
I need to check any posts to you with a teacher/expert first so please be patient as we go through this.
User avatar
IndiGenus
Regular Member
 
Posts: 657
Joined: February 2nd, 2005, 1:49 pm
Location: New England, USA

Re: My hijack log

Unread postby beangod » January 14th, 2008, 7:20 pm

Thank you Dave, I run Nod32 and what it detects is Win32/TrojanDropper.Agent.DGO virus. I've deleted the infected files but they come right back. Seems like it is spreading to various other files.

Here is my lastest Hijack log to help,


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:13:51 PM, on 1/14/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ESET\nod32kui.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe"
O4 - HKCU\..\Run: [ExtremeTWRF] "C:\WINDOWS\system32\\extwrf.exe"
O4 - HKUS\S-1-5-20\..\RunOnce: [NeroHomeFirstStart] C:\Program Files\Common Files\Ahead\Lib\NMFirstStart.exe (User 'NETWORK SERVICE')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - http://www.comcastsupport.com/sdcxuser/asp/tgctlsr.cab
O16 - DPF: {02AA9E0F-B4EB-4BE9-A769-FD09543FEEC2} (UniInstaller Class) - http://www.sexyads.net/members/voice-installer.cab
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {0835BC90-6ABC-4F52-A103-4FC3A61F2C33} (A18X Control) - http://www.albatross18.com/cabs/A18X.ocx
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {1842B0EE-B597-11D4-8997-00104BD12D94} (iCC Class) - http://pcpitstop.com/internet/pcpConnCheck.cab
O16 - DPF: {2931566C-B8A6-46C5-BF4D-E6AB9251E953} (Nexon Package Manager Control) - http://www.nexon.co.jp/JP/f/ActiveX/Public/nxpm.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - http://www.fileplanet.com/fpdlmgr/cabs/ ... 1.2.76.cab
O16 - DPF: {48884C41-EFAC-433D-958A-9FADAC41408E} (EGamesPlugin Class) - https://www.e-games.com.my/com/EGamesPlugin.cab
O16 - DPF: {56393399-041A-4650-94C7-13DFCB1F4665} (PSFormX Control) - http://pcpitstop.com/pestscan/pestscan.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windows ... 0231545154
O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Housecall ActiveX 6.5) - http://housecall65.trendmicro.com/house ... hcImpl.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004 ... scan53.cab
O16 - DPF: {77B4BB82-C2AD-4BF8-A1A2-795605604CA8} (CNeoInstallShieldX Object) - http://d-fighter.nefficient.co.kr/samsu ... er/dis.cab
O16 - DPF: {ADCC68D4-AAEA-4338-817D-1F261D9FB759} (ENetLauncher Control) - http://www.dragongemworld.com/Active_X/ENetLauncher.cab
O16 - DPF: {B45E969D-924F-4C83-ACF3-38CDD115AA2C} (MpiPlugin Class) - https://www.isaackorea.net/update/ilkactx.cab
O16 - DPF: {CEA3052D-65B9-44E2-A501-5E14024BC66F} (TricksterActiveX Control) - http://www.tricksteronline.com/control/ ... ctiveX.cab
O16 - DPF: {D6FCA8ED-4715-43DE-9BD2-2789778A5B09} - https://my.levelupgames.ph/KeyCrypt/npkcx.cab
O16 - DPF: {D88C7675-7CEE-4C9A-BDD4-7A43EED7794D} (Logout Class) - http://www.gamengame.com/KALogoutComponent.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{7EBB828C-B2CD-408D-84C5-04E387CD4CB8}: NameServer = 68.87.74.162,68.87.68.162
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\System32\UAService7.exe

--
End of file - 6045 bytes


Thank you
Shaun
beangod
Regular Member
 
Posts: 17
Joined: January 13th, 2008, 12:26 pm

Re: My hijack log

Unread postby IndiGenus » January 15th, 2008, 11:36 am

Hi,

Did you just install all service packs on this machine? SP1 and 2? Your first log showed no service packs.

I need you to rename HijackThis as the infection may be hiding.

  • Please go to the folder where you saved Hijackthis.exe: In your case C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
  • Right-click on it, then select Rename.
  • Name it something like: FindVundo.exe (or whatever you want) - Just make sure to keep the .exe part.
  • Then double-click the renamed HJT to scan and then post the new logfile.
User avatar
IndiGenus
Regular Member
 
Posts: 657
Joined: February 2nd, 2005, 1:49 pm
Location: New England, USA

Re: My hijack log

Unread postby beangod » January 15th, 2008, 7:51 pm

Yes I had noticed that I hadn't installed any service packs on this machine, so I updated to sp2. I didn't have a valid key before so I could never update it but now I do. I hope that didn't cause a problem.
Here is my new HJT after I renamed it. Thanks

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:42:56 PM, on 1/15/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\ESET\nod32kui.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\Findme.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {265C896C-9999-4ACE-9454-1F668ED49F55} - C:\WINDOWS\System32\pmkhh.dll
O2 - BHO: {521b79a0-ad0f-1e79-5384-b190230f1f03} - {30f1f032-091b-4835-97e1-f0da0a97b125} - C:\WINDOWS\system32\hvmbarji.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe"
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [6c0a9762] rundll32.exe "C:\WINDOWS\system32\wwcbadoc.dll",b
O4 - HKLM\..\RunOnce: [Spybot - Search & Destroy] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - HKLM\..\RunOnce: [SpybotDeletingA3090] command /c del "C:\WINDOWS\system32\pmkhh.dll_tobedeleted"
O4 - HKLM\..\RunOnce: [SpybotDeletingC5345] cmd /c del "C:\WINDOWS\system32\pmkhh.dll_tobedeleted"
O4 - HKCU\..\Run: [ExtremeTWRF] "C:\WINDOWS\system32\\extwrf.exe"
O4 - HKCU\..\RunOnce: [SpybotDeletingB5445] command /c del "C:\WINDOWS\system32\pmkhh.dll_tobedeleted"
O4 - HKCU\..\RunOnce: [SpybotDeletingD1990] cmd /c del "C:\WINDOWS\system32\pmkhh.dll_tobedeleted"
O4 - HKUS\S-1-5-20\..\RunOnce: [NeroHomeFirstStart] C:\Program Files\Common Files\Ahead\Lib\NMFirstStart.exe (User 'NETWORK SERVICE')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - http://www.comcastsupport.com/sdcxuser/asp/tgctlsr.cab
O16 - DPF: {02AA9E0F-B4EB-4BE9-A769-FD09543FEEC2} (UniInstaller Class) - http://www.sexyads.net/members/voice-installer.cab
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {0835BC90-6ABC-4F52-A103-4FC3A61F2C33} (A18X Control) - http://www.albatross18.com/cabs/A18X.ocx
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {1842B0EE-B597-11D4-8997-00104BD12D94} (iCC Class) - http://pcpitstop.com/internet/pcpConnCheck.cab
O16 - DPF: {2931566C-B8A6-46C5-BF4D-E6AB9251E953} (Nexon Package Manager Control) - http://www.nexon.co.jp/JP/f/ActiveX/Public/nxpm.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - http://www.fileplanet.com/fpdlmgr/cabs/ ... 1.2.76.cab
O16 - DPF: {48884C41-EFAC-433D-958A-9FADAC41408E} (EGamesPlugin Class) - https://www.e-games.com.my/com/EGamesPlugin.cab
O16 - DPF: {56393399-041A-4650-94C7-13DFCB1F4665} (PSFormX Control) - http://pcpitstop.com/pestscan/pestscan.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windows ... 0231545154
O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Housecall ActiveX 6.5) - http://housecall65.trendmicro.com/house ... hcImpl.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004 ... scan53.cab
O16 - DPF: {77B4BB82-C2AD-4BF8-A1A2-795605604CA8} (CNeoInstallShieldX Object) - http://d-fighter.nefficient.co.kr/samsu ... er/dis.cab
O16 - DPF: {ADCC68D4-AAEA-4338-817D-1F261D9FB759} (ENetLauncher Control) - http://www.dragongemworld.com/Active_X/ENetLauncher.cab
O16 - DPF: {B45E969D-924F-4C83-ACF3-38CDD115AA2C} (MpiPlugin Class) - https://www.isaackorea.net/update/ilkactx.cab
O16 - DPF: {CEA3052D-65B9-44E2-A501-5E14024BC66F} (TricksterActiveX Control) - http://www.tricksteronline.com/control/ ... ctiveX.cab
O16 - DPF: {D6FCA8ED-4715-43DE-9BD2-2789778A5B09} - https://my.levelupgames.ph/KeyCrypt/npkcx.cab
O16 - DPF: {D88C7675-7CEE-4C9A-BDD4-7A43EED7794D} (Logout Class) - http://www.gamengame.com/KALogoutComponent.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{7EBB828C-B2CD-408D-84C5-04E387CD4CB8}: NameServer = 68.87.74.162,68.87.68.162
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\System32\UAService7.exe

--
End of file - 7592 bytes
beangod
Regular Member
 
Posts: 17
Joined: January 13th, 2008, 12:26 pm

Re: My hijack log

Unread postby IndiGenus » January 15th, 2008, 9:05 pm

Hi,

Updating is good. I was going to ask you tp update to SP1a before we started the fix any way. Sometimes installing SP2 on an infected machine can cause issues. But you've already got through it so let's get on with the fix.

Please download ComboFix by sUBs from HERE or HERE
  • You must download it to and run it from your Desktop
  • Now STOP all your monitoring programs (Antivirus/Antispyware, Guards and Shields) as they could easily interfere with ComboFix.
  • Double click combofix.exe & follow the prompts.
  • When finished, it will produce a log. Please save that log to post in your next reply along with a fresh HJT log
  • Re-enable all the programs that were disabled during the running of ComboFix..

Note:
Do not mouse-click combofix's window while it is running. That may cause it to stall.

CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
User avatar
IndiGenus
Regular Member
 
Posts: 657
Joined: February 2nd, 2005, 1:49 pm
Location: New England, USA

Re: My hijack log

Unread postby beangod » January 15th, 2008, 10:32 pm

Ok, here are the new HJT and combofix logs. Thank you

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:22:24 PM, on 1/15/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\Findme.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe"
O4 - HKUS\S-1-5-20\..\RunOnce: [NeroHomeFirstStart] C:\Program Files\Common Files\Ahead\Lib\NMFirstStart.exe (User 'NETWORK SERVICE')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - http://www.comcastsupport.com/sdcxuser/asp/tgctlsr.cab
O16 - DPF: {02AA9E0F-B4EB-4BE9-A769-FD09543FEEC2} (UniInstaller Class) - http://www.sexyads.net/members/voice-installer.cab
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {0835BC90-6ABC-4F52-A103-4FC3A61F2C33} (A18X Control) - http://www.albatross18.com/cabs/A18X.ocx
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {1842B0EE-B597-11D4-8997-00104BD12D94} (iCC Class) - http://pcpitstop.com/internet/pcpConnCheck.cab
O16 - DPF: {2931566C-B8A6-46C5-BF4D-E6AB9251E953} (Nexon Package Manager Control) - http://www.nexon.co.jp/JP/f/ActiveX/Public/nxpm.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - http://www.fileplanet.com/fpdlmgr/cabs/ ... 1.2.76.cab
O16 - DPF: {48884C41-EFAC-433D-958A-9FADAC41408E} (EGamesPlugin Class) - https://www.e-games.com.my/com/EGamesPlugin.cab
O16 - DPF: {56393399-041A-4650-94C7-13DFCB1F4665} (PSFormX Control) - http://pcpitstop.com/pestscan/pestscan.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windows ... 0231545154
O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Housecall ActiveX 6.5) - http://housecall65.trendmicro.com/house ... hcImpl.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004 ... scan53.cab
O16 - DPF: {77B4BB82-C2AD-4BF8-A1A2-795605604CA8} (CNeoInstallShieldX Object) - http://d-fighter.nefficient.co.kr/samsu ... er/dis.cab
O16 - DPF: {ADCC68D4-AAEA-4338-817D-1F261D9FB759} (ENetLauncher Control) - http://www.dragongemworld.com/Active_X/ENetLauncher.cab
O16 - DPF: {B45E969D-924F-4C83-ACF3-38CDD115AA2C} (MpiPlugin Class) - https://www.isaackorea.net/update/ilkactx.cab
O16 - DPF: {CEA3052D-65B9-44E2-A501-5E14024BC66F} (TricksterActiveX Control) - http://www.tricksteronline.com/control/ ... ctiveX.cab
O16 - DPF: {D6FCA8ED-4715-43DE-9BD2-2789778A5B09} - https://my.levelupgames.ph/KeyCrypt/npkcx.cab
O16 - DPF: {D88C7675-7CEE-4C9A-BDD4-7A43EED7794D} (Logout Class) - http://www.gamengame.com/KALogoutComponent.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{7EBB828C-B2CD-408D-84C5-04E387CD4CB8}: NameServer = 68.87.74.162,68.87.68.162
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\System32\UAService7.exe

--
End of file - 6412 bytes






ComboFix 08-01-16.3 - Haze 2008-01-15 20:57:43.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.453 [GMT -5:00]
Running from: C:\Documents and Settings\Haze\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\codabcww.ini
C:\WINDOWS\system32\hhkmp.ini
C:\WINDOWS\system32\hhkmp.ini2
C:\WINDOWS\system32\hvmbarji.dll
C:\WINDOWS\system32\pmkhh.dll
C:\WINDOWS\system32\pmkhh.exe
C:\WINDOWS\system32\qcbfxiji.dll
C:\WINDOWS\system32\wwcbadoc.dll

.
((((((((((((((((((((((((( Files Created from 2007-12-16 to 2008-01-16 )))))))))))))))))))))))))))))))
.

2008-01-15 20:56 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2008-01-14 23:45 . 2008-01-14 23:45 23,392 --a------ C:\WINDOWS\system32\nscompat.tlb
2008-01-14 23:45 . 2008-01-14 23:45 16,832 --a------ C:\WINDOWS\system32\amcompat.tlb
2008-01-14 21:33 . 2008-01-14 21:33 <DIR> d-------- C:\Program Files\id Software
2008-01-14 10:11 . 2008-01-14 10:11 389,632 --a------ C:\WINDOWS\system32\extwrf.V00exe
2008-01-14 10:07 . 2008-01-14 10:07 389,632 --a------ C:\WINDOWS\system32\extwrf.Vexe
2008-01-14 08:44 . 2008-01-14 08:44 45,056 --a------ C:\WINDOWS\system32\extwrf .exe
2008-01-13 22:35 . 2008-01-13 22:35 <DIR> d-------- C:\Program Files\ExtremeATi
2008-01-13 22:29 . 2008-01-13 22:29 <DIR> d-------- C:\Program Files\Windows Media Connect 2
2008-01-13 22:29 . 2006-10-04 09:06 1,197,294 -----c--- C:\WINDOWS\system32\dllcache\sysmain.sdb
2008-01-13 22:29 . 2006-10-04 09:06 764,868 -----c--- C:\WINDOWS\system32\dllcache\apph_sp.sdb
2008-01-13 22:29 . 2006-10-04 09:06 217,118 -----c--- C:\WINDOWS\system32\dllcache\apphelp.sdb
2008-01-13 22:28 . 2008-01-13 22:28 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF
2008-01-13 21:58 . 2007-08-13 18:54 33,792 --a--c--- C:\WINDOWS\system32\dllcache\custsat.dll
2008-01-13 21:45 . 2008-01-13 21:45 <DIR> d-------- C:\Program Files\MSXML 4.0
2008-01-13 21:36 . 2007-07-09 08:09 584,192 -----c--- C:\WINDOWS\system32\dllcache\rpcrt4.dll
2008-01-13 21:24 . 2008-01-13 22:26 <DIR> d--h----- C:\WINDOWS\$hf_mig$
2008-01-13 21:10 . 2008-01-13 21:10 <DIR> d-------- C:\WINDOWS\provisioning
2008-01-13 21:10 . 2008-01-13 21:10 <DIR> d-------- C:\WINDOWS\peernet
2008-01-13 21:08 . 2008-01-13 21:08 <DIR> d-------- C:\WINDOWS\ServicePackFiles
2008-01-13 21:05 . 2006-09-25 17:58 23,856 --a------ C:\WINDOWS\system32\spupdsvc.exe
2008-01-13 21:04 . 2008-01-13 21:04 <DIR> d-------- C:\WINDOWS\EHome
2008-01-13 21:00 . 2004-08-04 00:56 11,776 --a------ C:\WINDOWS\system32\spnpinst.exe
2008-01-13 21:00 . 2004-08-02 14:20 7,208 --a------ C:\WINDOWS\system32\secupd.sig
2008-01-13 21:00 . 2004-08-02 14:20 4,569 --a------ C:\WINDOWS\system32\secupd.dat
2008-01-13 20:46 . 2007-04-10 14:01 336,768 --a------ C:\WINDOWS\system32\wgatray.exe.bak
2008-01-13 20:46 . 2007-04-10 14:00 236,928 --a------ C:\WINDOWS\system32\wgalogon.dll.bak
2008-01-13 16:54 . 2008-01-13 22:42 <DIR> d-------- C:\Documents and Settings\Haze\Application Data\SUPERAntiSpyware.com
2008-01-13 16:54 . 2008-01-13 16:54 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-01-13 16:54 . 2007-12-14 01:59 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-01-13 15:30 . 2008-01-13 15:30 1,818,624 --a------ C:\WINDOWS\Mixer .exe
2008-01-13 13:52 . 2008-01-13 13:52 <DIR> d-------- C:\WINDOWS\ERUNT
2008-01-13 11:14 . 2008-01-13 11:14 <DIR> d-------- C:\Program Files\Trend Micro
2008-01-13 11:10 . 2004-08-04 02:56 158,208 --a--c--- C:\WINDOWS\system32\dllcache\msconfig.exe
2008-01-13 08:40 . 2007-07-30 19:19 25,944 --a------ C:\WINDOWS\system32\wuapi.dll.mui
2008-01-10 18:35 . 2008-01-13 14:00 <DIR> d-------- C:\Program Files\iTunes
2008-01-10 18:35 . 2008-01-10 18:35 <DIR> d-------- C:\Program Files\iPod
2007-12-30 00:19 . 2007-12-30 00:19 80 --a------ C:\WINDOWS\Numerical
2007-12-30 00:19 . 2007-12-30 00:19 78 --a------ C:\WINDOWS\Spatial
2007-12-30 00:19 . 2007-12-30 00:19 77 --a------ C:\WINDOWS\Memory
2007-12-30 00:17 . 2007-12-30 00:17 76 --a------ C:\WINDOWS\Logic
2007-12-30 00:15 . 2007-12-30 00:15 466 --a------ C:\WINDOWS\0
2007-12-30 00:15 . 2007-12-30 00:15 77 --a------ C:\WINDOWS\Verbal
2007-12-30 00:15 . 2007-12-30 00:15 75 --a------ C:\WINDOWS\Times New Roman
2007-12-27 22:15 . 2007-12-27 22:15 <DIR> d-------- C:\Program Files\uTorrent
2007-12-23 20:36 . 2007-12-23 20:36 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Pro
2007-12-23 20:33 . 2007-12-23 20:33 278,984 --a------ C:\WINDOWS\system32\drivers\atksgt.sys
2007-12-23 20:33 . 2007-12-23 20:33 25,416 --a------ C:\WINDOWS\system32\drivers\lirsgt.sys
2007-12-23 20:30 . 2007-07-20 00:57 267,112 --a------ C:\WINDOWS\system32\xactengine2_9.dll
2007-12-23 20:30 . 2007-07-20 00:54 18,280 --a------ C:\WINDOWS\system32\x3daudio1_2.dll
2007-12-23 19:55 . 2007-12-23 19:55 <DIR> d-------- C:\Documents and Settings\Haze\Application Data\DAEMON Tools Pro
2007-12-23 19:52 . 2007-12-23 20:36 <DIR> d-------- C:\Program Files\DAEMON Tools Pro
2007-12-17 09:37 . 2007-12-17 20:25 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE
2007-12-17 09:37 . 2007-12-17 09:37 <DIR> d-------- C:\Program Files\DIFX
2007-12-17 09:37 . 2007-07-19 18:14 3,727,720 --a------ C:\WINDOWS\system32\d3dx9_35.dll
2007-12-17 09:37 . 2007-07-19 18:14 1,358,192 --a------ C:\WINDOWS\system32\D3DCompiler_35.dll
2007-12-17 09:37 . 2007-07-19 18:14 444,776 --a------ C:\WINDOWS\system32\d3dx10_35.dll
2007-12-17 09:37 . 2006-07-01 22:39 36,864 --a------ C:\WINDOWS\system32\drivers\AmdK8.sys
2007-12-16 13:03 . 2007-12-16 13:03 <DIR> d-------- C:\Program Files\Apple Software Update
2007-12-16 13:03 . 2007-12-16 13:03 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-16 01:51 --------- d-----w C:\Documents and Settings\Haze\Application Data\uTorrent
2008-01-16 01:47 --------- d-----w C:\Program Files\Mozilla Thunderbird
2008-01-15 12:42 --------- d-----w C:\Program Files\SpywareBlaster
2008-01-15 02:35 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-01-15 02:35 22,328 ----a-w C:\Documents and Settings\Haze\Application Data\PnkBstrK.sys
2008-01-15 02:34 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-14 13:33 --------- d-----w C:\Documents and Settings\Haze\Application Data\Vso
2008-01-14 03:42 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-01-13 22:25 --------- d-----w C:\Program Files\Java
2008-01-13 18:59 --------- d-----w C:\Program Files\QuickTime
2008-01-12 01:51 --------- d-----w C:\Program Files\Winamp
2008-01-10 23:35 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-01-07 13:12 --------- d-----w C:\Program Files\BitLord
2007-12-24 00:51 685,816 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
2007-12-20 14:48 --------- d-----w C:\Program Files\VUGames
2007-12-19 13:51 --------- d-----w C:\Program Files\Xfire
2007-12-17 17:16 737,280 ----a-w C:\WINDOWS\iun6002.exe
2007-12-17 17:16 --------- d-----w C:\Program Files\Codec Pack - All In 1
2007-12-17 15:47 --------- d-----w C:\Documents and Settings\Haze\Application Data\Xfire
2007-12-17 15:21 --------- d-----w C:\Documents and Settings\Haze\Application Data\InstallShield Installation Information
2007-12-12 03:29 --------- d-----w C:\Program Files\steam
2007-12-05 15:17 --------- d-----w C:\Documents and Settings\Haze\Application Data\LimeWire
2007-11-27 12:18 --------- d-----w C:\Program Files\Common Files\Blizzard Entertainment
2007-11-26 03:34 --------- d-----w C:\Program Files\Activision
2007-11-26 03:19 --------- d-----w C:\Program Files\Planet Poker
2007-11-16 01:35 --------- d-----w C:\Program Files\Ventrilo
2007-10-25 22:40 65,536 ----a-w C:\WINDOWS\IFinst27.exe
2007-08-22 02:04 47,360 ----a-w C:\Documents and Settings\Haze\Application Data\pcouffin.sys
2006-12-26 00:23 81,920 ----a-w C:\Documents and Settings\Haze\Application Data\ezpinst.exe
2003-07-31 09:53 147,456 ----a-w C:\WINDOWS\inf\EL2K_XP.sys
2003-07-31 09:50 448,768 ----a-w C:\WINDOWS\inf\EL2K_N64.sys
2003-07-31 09:43 147,456 ----a-w C:\WINDOWS\inf\EL2K_2K.sys
.
Code: Select all
<pre>
----a-w           319,488 2008-01-14 22:28:58  C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon .exe
----a-w         1,818,624 2008-01-13 20:30:58  C:\WINDOWS\Mixer .exe
----a-w           158,208 2008-01-14 13:44:52  C:\WINDOWS\PCHEALTH\HELPCTR\Binaries\MSConfig .exe
----a-w            45,056 2008-01-14 13:44:52  C:\WINDOWS\system32\extwrf .exe
</pre>



((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AtiPTA"="atiptaxx.exe" [2005-06-28 21:05 344064 C:\WINDOWS\system32\atiptaxx.exe]
"DiskeeperSystray"="C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe" [ ]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^VIA RAID TOOL.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\VIA\RAID\via raid tool.lnk

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\6c0a9762]
C:\WINDOWS\system32\wwcbadoc.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AIM]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Anti-Blaxx Manager]
--a------ 2005-10-17 10:55 208896 C:\Program Files\Anti-Blaxx\Anti-Blaxx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ASUS SmartDoctor]
--a------ 2004-02-02 17:13 954368 C:\Program Files\ASUS\SmartDoctor\\SmartDoctor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICCC]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
--a------ 2005-06-28 21:05 344064 C:\WINDOWS\system32\atiptaxx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C-Media Mixer]


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools-1033]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DiskeeperSystray]
C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eTrust PestPatrol Active Protection]


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ExtremeTWRF]
C:\WINDOWS\system32\\extwrf.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\gcasDtServ]


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\gcasServ]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GLSetIT32]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igndlm.exe]
--a------ 2007-03-05 12:57 1103480 C:\Program Files\IGN\Download Manager\DLM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]
--a------ 2004-08-04 00:31 208952 C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-01-13 11:13 267048 C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
C:\WINDOWS\system32\dumprep 0 -k

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Load]
C:\WINDOWS\System32\pmkhh.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSPY2002]
--a------ 2004-08-04 00:31 59392 C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2006-01-12 14:40 155648 C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nod32kui]
C:\Program Files\Eset\nod32kui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NWEReboot]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A]
--a------ 2004-08-04 00:32 455168 C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync]
--a------ 2004-08-04 00:32 455168 C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PtiuPbmd]
--a------ 2003-01-15 14:41 24576 C:\WINDOWS\system32\ptipbm.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QdrModule11]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QdrPack11]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Run]


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TBPS]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TCASUTIEXE]
--a------ 2003-07-16 02:34 1323008 C:\WINDOWS\system32\TCAUDIAG.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ViewMgr]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
--a------ 2007-06-07 13:08 4670968 C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.exe

R0 viasraid;viasraid;C:\WINDOWS\system32\DRIVERS\viasraid.sys [2003-09-04 21:25]
R1 oreans32;oreans32;C:\WINDOWS\system32\drivers\oreans32.sys [2006-06-23 17:34]
R2 tcaicchg;tcaicchg;C:\WINDOWS\System32\tcaicchg.sys [2000-06-06 05:08]
R2 TCAITDI;TCAITDI Protocol;C:\WINDOWS\system32\DRIVERS\TCAITDI.sys [2001-09-03 22:22]
S3 ATIXPGAA;ATIXPGAA;C:\Program Files\ASUS\SmartDoctor\ATIXPGAA.SYS [2003-10-29 18:29]
S3 AvFlt;Antivirus Filter Driver;C:\WINDOWS\system32\drivers\av5flt.sys []
S3 dump_wmimmc;dump_wmimmc;C:\Program Files\9Dragons\GameGuard\dump_wmimmc.sys []
S3 NTProcDrv;Process creation detector for NT.;D:\Downloaded Shit\1.19\NtProcDrv.sys []
S3 SaiH0109;SaiH0109;C:\WINDOWS\system32\DRIVERS\SaiH0109.sys [2004-01-30 08:19]
S3 SaiU0109;SaiU0109;C:\WINDOWS\system32\DRIVERS\SaiU0109.sys [2004-01-30 08:19]
S3 Video3D;ASUS Video3D Service;C:\WINDOWS\system32\Drivers\Video3D.sys []
S3 XDva028;XDva028;C:\WINDOWS\System32\XDva028.sys []
S3 XDva031;XDva031;C:\WINDOWS\System32\XDva031.sys []

.
Contents of the 'Scheduled Tasks' folder
"2007-12-16 18:03:41 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-15 21:20:06
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-01-15 21:21:08 - machine was rebooted
ComboFix-quarantined-files.txt 2008-01-16 02:21:06
.
2008-01-14 15:14:27 --- E O F ---
beangod
Regular Member
 
Posts: 17
Joined: January 13th, 2008, 12:26 pm

Re: My hijack log

Unread postby IndiGenus » January 17th, 2008, 10:15 am

1. Please open Notepad
  • Click Start , then Run
  • Type notepad .exe in the Run Box.

2. Now copy/paste the entire content of the codebox below into the Notepad window:

Code: Select all
RenV::
C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon .exe
C:\WINDOWS\Mixer .exe
C:\WINDOWS\PCHEALTH\HELPCTR\Binaries\MSConfig .exe
C:\WINDOWS\system32\extwrf .exe

Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Load]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QdrModule11]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QdrPack11]




3. Save the above as CFScript.txt

4. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

Image


5. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
  • Combofix.txt
  • A new HijackThis log.

NOTE: Before posting your logs please update Java:
Update Java Runtime:

You are using an old version of Java. Sun's Java is sometimes updated in order to eliminate the exploitation of vulnerabilities in an existing version. For this reason, it's extremely important that you keep the program up to date, and also remove the older more vulnerable versions from your system. The most current version of Sun Java is: Java Runtime Environment Version 6 Update 3.
  • Go to http://java.sun.com/javase/downloads/index.jsp
  • Click on the link named Java Runtime Environment (JRE) 6 Update 3
  • Click on the radio button to Accept License Agreement
  • Click on Windows Offline Installation, Multi-language and save the downloaded file to your hard disk
  • Go to Start => Control Panel => Add or Remove Programs
  • Uninstall all old versions of Java (Java 2 Runtime Environment, JRE or JSE)
  • Reboot your computer
  • Delete the folder C:\Program Files\Java if present
  • Install the new version by running the newly-downloaded file, and follow the on-screen instructions.
  • Reboot your computer
User avatar
IndiGenus
Regular Member
 
Posts: 657
Joined: February 2nd, 2005, 1:49 pm
Location: New England, USA

Re: My hijack log

Unread postby beangod » January 17th, 2008, 11:59 am

Ok, here are the new logs. Thank you very much so far :) Java runtime is now updated after I ran the combofix/script and before I ran HJT.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:51:54 AM, on 1/17/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Trend Micro\HijackThis\Findme.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe"
O4 - HKUS\S-1-5-20\..\RunOnce: [NeroHomeFirstStart] C:\Program Files\Common Files\Ahead\Lib\NMFirstStart.exe (User 'NETWORK SERVICE')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - http://www.comcastsupport.com/sdcxuser/asp/tgctlsr.cab
O16 - DPF: {02AA9E0F-B4EB-4BE9-A769-FD09543FEEC2} (UniInstaller Class) - http://www.sexyads.net/members/voice-installer.cab
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {0835BC90-6ABC-4F52-A103-4FC3A61F2C33} (A18X Control) - http://www.albatross18.com/cabs/A18X.ocx
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {1842B0EE-B597-11D4-8997-00104BD12D94} (iCC Class) - http://pcpitstop.com/internet/pcpConnCheck.cab
O16 - DPF: {2931566C-B8A6-46C5-BF4D-E6AB9251E953} (Nexon Package Manager Control) - http://www.nexon.co.jp/JP/f/ActiveX/Public/nxpm.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - http://www.fileplanet.com/fpdlmgr/cabs/ ... 1.2.76.cab
O16 - DPF: {48884C41-EFAC-433D-958A-9FADAC41408E} (EGamesPlugin Class) - https://www.e-games.com.my/com/EGamesPlugin.cab
O16 - DPF: {56393399-041A-4650-94C7-13DFCB1F4665} (PSFormX Control) - http://pcpitstop.com/pestscan/pestscan.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windows ... 0231545154
O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Housecall ActiveX 6.5) - http://housecall65.trendmicro.com/house ... hcImpl.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004 ... scan53.cab
O16 - DPF: {77B4BB82-C2AD-4BF8-A1A2-795605604CA8} (CNeoInstallShieldX Object) - http://d-fighter.nefficient.co.kr/samsu ... er/dis.cab
O16 - DPF: {ADCC68D4-AAEA-4338-817D-1F261D9FB759} (ENetLauncher Control) - http://www.dragongemworld.com/Active_X/ENetLauncher.cab
O16 - DPF: {B45E969D-924F-4C83-ACF3-38CDD115AA2C} (MpiPlugin Class) - https://www.isaackorea.net/update/ilkactx.cab
O16 - DPF: {CEA3052D-65B9-44E2-A501-5E14024BC66F} (TricksterActiveX Control) - http://www.tricksteronline.com/control/ ... ctiveX.cab
O16 - DPF: {D6FCA8ED-4715-43DE-9BD2-2789778A5B09} - https://my.levelupgames.ph/KeyCrypt/npkcx.cab
O16 - DPF: {D88C7675-7CEE-4C9A-BDD4-7A43EED7794D} (Logout Class) - http://www.gamengame.com/KALogoutComponent.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{7EBB828C-B2CD-408D-84C5-04E387CD4CB8}: NameServer = 68.87.74.162,68.87.68.162
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\System32\UAService7.exe

--
End of file - 6571 bytes






ComboFix 08-01-16.3 - Haze 2008-01-17 10:42:23.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.456 [GMT -5:00]
Running from: C:\Documents and Settings\Haze\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Haze\Desktop\CFScript.txt
* Created a new restore point
.

((((((((((((((((((((((((( Files Created from 2007-12-17 to 2008-01-17 )))))))))))))))))))))))))))))))
.

2008-01-15 20:56 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2008-01-14 23:45 . 2008-01-14 23:45 23,392 --a------ C:\WINDOWS\system32\nscompat.tlb
2008-01-14 23:45 . 2008-01-14 23:45 16,832 --a------ C:\WINDOWS\system32\amcompat.tlb
2008-01-14 21:33 . 2008-01-14 21:33 <DIR> d-------- C:\Program Files\id Software
2008-01-14 10:11 . 2008-01-14 10:11 389,632 --a------ C:\WINDOWS\system32\extwrf.V00exe
2008-01-14 10:07 . 2008-01-14 10:07 389,632 --a------ C:\WINDOWS\system32\extwrf.Vexe
2008-01-14 08:44 . 2008-01-14 08:44 158,208 --a--c--- C:\WINDOWS\system32\dllcache\msconfig.exe
2008-01-14 08:44 . 2008-01-14 08:44 45,056 --a------ C:\WINDOWS\system32\extwrf.exe
2008-01-13 22:35 . 2008-01-13 22:35 <DIR> d-------- C:\Program Files\ExtremeATi
2008-01-13 22:29 . 2008-01-13 22:29 <DIR> d-------- C:\Program Files\Windows Media Connect 2
2008-01-13 22:29 . 2006-10-04 09:06 1,197,294 -----c--- C:\WINDOWS\system32\dllcache\sysmain.sdb
2008-01-13 22:29 . 2006-10-04 09:06 764,868 -----c--- C:\WINDOWS\system32\dllcache\apph_sp.sdb
2008-01-13 22:29 . 2006-10-04 09:06 217,118 -----c--- C:\WINDOWS\system32\dllcache\apphelp.sdb
2008-01-13 22:28 . 2008-01-13 22:28 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF
2008-01-13 21:58 . 2007-08-13 18:54 33,792 --a--c--- C:\WINDOWS\system32\dllcache\custsat.dll
2008-01-13 21:45 . 2008-01-13 21:45 <DIR> d-------- C:\Program Files\MSXML 4.0
2008-01-13 21:36 . 2007-07-09 08:09 584,192 -----c--- C:\WINDOWS\system32\dllcache\rpcrt4.dll
2008-01-13 21:24 . 2008-01-13 22:26 <DIR> d--h----- C:\WINDOWS\$hf_mig$
2008-01-13 21:10 . 2008-01-13 21:10 <DIR> d-------- C:\WINDOWS\provisioning
2008-01-13 21:10 . 2008-01-13 21:10 <DIR> d-------- C:\WINDOWS\peernet
2008-01-13 21:08 . 2008-01-13 21:08 <DIR> d-------- C:\WINDOWS\ServicePackFiles
2008-01-13 21:05 . 2006-09-25 17:58 23,856 --a------ C:\WINDOWS\system32\spupdsvc.exe
2008-01-13 21:04 . 2008-01-13 21:04 <DIR> d-------- C:\WINDOWS\EHome
2008-01-13 21:00 . 2004-08-04 00:56 11,776 --a------ C:\WINDOWS\system32\spnpinst.exe
2008-01-13 21:00 . 2004-08-02 14:20 7,208 --a------ C:\WINDOWS\system32\secupd.sig
2008-01-13 21:00 . 2004-08-02 14:20 4,569 --a------ C:\WINDOWS\system32\secupd.dat
2008-01-13 20:46 . 2007-04-10 14:01 336,768 --a------ C:\WINDOWS\system32\wgatray.exe.bak
2008-01-13 20:46 . 2007-04-10 14:00 236,928 --a------ C:\WINDOWS\system32\wgalogon.dll.bak
2008-01-13 16:54 . 2008-01-13 22:42 <DIR> d-------- C:\Documents and Settings\Haze\Application Data\SUPERAntiSpyware.com
2008-01-13 16:54 . 2008-01-13 16:54 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-01-13 15:30 . 2008-01-13 15:30 1,818,624 --a------ C:\WINDOWS\Mixer.exe
2008-01-13 13:52 . 2008-01-13 13:52 <DIR> d-------- C:\WINDOWS\ERUNT
2008-01-13 11:14 . 2008-01-13 11:14 <DIR> d-------- C:\Program Files\Trend Micro
2008-01-13 08:40 . 2007-07-30 19:19 25,944 --a------ C:\WINDOWS\system32\wuapi.dll.mui
2008-01-10 18:35 . 2008-01-13 14:00 <DIR> d-------- C:\Program Files\iTunes
2008-01-10 18:35 . 2008-01-10 18:35 <DIR> d-------- C:\Program Files\iPod
2007-12-30 00:19 . 2007-12-30 00:19 80 --a------ C:\WINDOWS\Numerical
2007-12-30 00:19 . 2007-12-30 00:19 78 --a------ C:\WINDOWS\Spatial
2007-12-30 00:19 . 2007-12-30 00:19 77 --a------ C:\WINDOWS\Memory
2007-12-30 00:17 . 2007-12-30 00:17 76 --a------ C:\WINDOWS\Logic
2007-12-30 00:15 . 2007-12-30 00:15 466 --a------ C:\WINDOWS\0
2007-12-30 00:15 . 2007-12-30 00:15 77 --a------ C:\WINDOWS\Verbal
2007-12-30 00:15 . 2007-12-30 00:15 75 --a------ C:\WINDOWS\Times New Roman
2007-12-27 22:15 . 2007-12-27 22:15 <DIR> d-------- C:\Program Files\uTorrent
2007-12-23 20:36 . 2007-12-23 20:36 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Pro
2007-12-23 20:33 . 2007-12-23 20:33 278,984 --a------ C:\WINDOWS\system32\drivers\atksgt.sys
2007-12-23 20:33 . 2007-12-23 20:33 25,416 --a------ C:\WINDOWS\system32\drivers\lirsgt.sys
2007-12-23 20:30 . 2007-07-20 00:57 267,112 --a------ C:\WINDOWS\system32\xactengine2_9.dll
2007-12-23 20:30 . 2007-07-20 00:54 18,280 --a------ C:\WINDOWS\system32\x3daudio1_2.dll
2007-12-23 19:55 . 2007-12-23 19:55 <DIR> d-------- C:\Documents and Settings\Haze\Application Data\DAEMON Tools Pro
2007-12-23 19:52 . 2007-12-23 20:36 <DIR> d-------- C:\Program Files\DAEMON Tools Pro
2007-12-17 09:37 . 2007-12-17 20:25 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE
2007-12-17 09:37 . 2007-12-17 09:37 <DIR> d-------- C:\Program Files\DIFX
2007-12-17 09:37 . 2007-07-19 18:14 3,727,720 --a------ C:\WINDOWS\system32\d3dx9_35.dll
2007-12-17 09:37 . 2007-07-19 18:14 1,358,192 --a------ C:\WINDOWS\system32\D3DCompiler_35.dll
2007-12-17 09:37 . 2007-07-19 18:14 444,776 --a------ C:\WINDOWS\system32\d3dx10_35.dll
2007-12-17 09:37 . 2006-07-01 22:39 36,864 --a------ C:\WINDOWS\system32\drivers\AmdK8.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-17 07:23 --------- d-----w C:\Program Files\Mozilla Thunderbird
2008-01-17 00:50 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-16 12:49 --------- d-----w C:\Documents and Settings\Haze\Application Data\uTorrent
2008-01-15 12:42 --------- d-----w C:\Program Files\SpywareBlaster
2008-01-15 02:35 66,872 ----a-w C:\WINDOWS\system32\PnkBstrA.exe
2008-01-15 02:35 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-01-15 02:35 22,328 ----a-w C:\Documents and Settings\Haze\Application Data\PnkBstrK.sys
2008-01-15 02:35 103,736 ----a-w C:\WINDOWS\system32\PnkBstrB.exe
2008-01-14 13:44 158,208 ----a-w C:\WINDOWS\PCHEALTH\HELPCTR\Binaries\MSConfig.exe
2008-01-14 13:33 --------- d-----w C:\Documents and Settings\Haze\Application Data\Vso
2008-01-14 03:42 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-01-13 18:59 --------- d-----w C:\Program Files\QuickTime
2008-01-13 16:10 145,408 ----a-w C:\WINDOWS\PCHEALTH\HELPCTR\Binaries\msconfig.exe.tmp
2008-01-12 01:51 --------- d-----w C:\Program Files\Winamp
2008-01-10 23:35 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-01-07 13:12 --------- d-----w C:\Program Files\BitLord
2007-12-24 00:51 685,816 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
2007-12-20 14:48 --------- d-----w C:\Program Files\VUGames
2007-12-19 13:51 --------- d-----w C:\Program Files\Xfire
2007-12-17 17:16 737,280 ----a-w C:\WINDOWS\iun6002.exe
2007-12-17 17:16 --------- d-----w C:\Program Files\Codec Pack - All In 1
2007-12-17 15:47 --------- d-----w C:\Documents and Settings\Haze\Application Data\Xfire
2007-12-17 15:21 --------- d-----w C:\Documents and Settings\Haze\Application Data\InstallShield Installation Information
2007-12-16 18:03 --------- d-----w C:\Program Files\Apple Software Update
2007-12-16 18:03 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple
2007-12-12 03:29 --------- d-----w C:\Program Files\steam
2007-12-05 15:17 --------- d-----w C:\Documents and Settings\Haze\Application Data\LimeWire
2007-11-27 12:18 --------- d-----w C:\Program Files\Common Files\Blizzard Entertainment
2007-11-26 03:34 --------- d-----w C:\Program Files\Activision
2007-11-26 03:19 --------- d-----w C:\Program Files\Planet Poker
2007-11-07 09:26 721,920 ----a-w C:\WINDOWS\system32\lsasrv.dll
2007-10-29 22:43 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll
2007-10-27 22:40 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll
2007-10-25 22:40 65,536 ----a-w C:\WINDOWS\IFinst27.exe
2007-08-22 02:04 47,360 ----a-w C:\Documents and Settings\Haze\Application Data\pcouffin.sys
2006-12-26 00:23 81,920 ----a-w C:\Documents and Settings\Haze\Application Data\ezpinst.exe
2003-07-31 09:53 147,456 ----a-w C:\WINDOWS\inf\EL2K_XP.sys
2003-07-31 09:50 448,768 ----a-w C:\WINDOWS\inf\EL2K_N64.sys
2003-07-31 09:43 147,456 ----a-w C:\WINDOWS\inf\EL2K_2K.sys
.

((((((((((((((((((((((((((((( snapshot@2008-01-15_21.20.53.48 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-01-16 01:57:23 1,404,928 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000001\NTUSER.DAT
+ 2008-01-17 15:42:11 1,404,928 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000001\NTUSER.DAT
- 2008-01-16 01:57:23 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000002\UsrClass.dat
+ 2008-01-17 15:42:11 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000002\UsrClass.dat
- 2008-01-16 01:57:23 6,819,840 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000003\NTUSER.DAT
+ 2008-01-17 15:42:11 1,421,312 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000003\NTUSER.DAT
- 2008-01-16 01:57:23 1,318,912 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000004\UsrClass.dat
+ 2008-01-17 15:42:11 1,179,648 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000004\UsrClass.dat
- 2008-01-16 01:57:23 1,421,312 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000005\NTUSER.DAT
+ 2008-01-17 15:42:11 6,819,840 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000005\NTUSER.DAT
- 2008-01-16 01:57:24 1,179,648 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000006\UsrClass.dat
+ 2008-01-17 15:42:11 1,318,912 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000006\UsrClass.dat
+ 2008-01-17 15:09:42 16,384 ----atw C:\WINDOWS\TEMP\Perflib_Perfdata_4e4.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AtiPTA"="atiptaxx.exe" [2005-06-28 21:05 344064 C:\WINDOWS\system32\atiptaxx.exe]
"DiskeeperSystray"="C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe" [2008-01-14 17:28 319488]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^VIA RAID TOOL.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\VIA\RAID\via raid tool.lnk

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\6c0a9762]
C:\WINDOWS\system32\wwcbadoc.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AIM]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Anti-Blaxx Manager]
--a------ 2005-10-17 10:55 208896 C:\Program Files\Anti-Blaxx\Anti-Blaxx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ASUS SmartDoctor]
--a------ 2004-02-02 17:13 954368 C:\Program Files\ASUS\SmartDoctor\\SmartDoctor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICCC]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
--a------ 2005-06-28 21:05 344064 C:\WINDOWS\system32\atiptaxx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C-Media Mixer]
--a------ 2008-01-13 15:30 1818624 C:\WINDOWS\Mixer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools-1033]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DiskeeperSystray]
--a------ 2008-01-14 17:28 319488 C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eTrust PestPatrol Active Protection]


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ExtremeTWRF]
--a------ 2008-01-14 08:44 45056 C:\WINDOWS\system32\\extwrf.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\gcasDtServ]


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\gcasServ]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GLSetIT32]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igndlm.exe]
--a------ 2007-03-05 12:57 1103480 C:\Program Files\IGN\Download Manager\DLM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]
--a------ 2004-08-04 00:31 208952 C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-01-13 11:13 267048 C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
C:\WINDOWS\system32\dumprep 0 -k

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSPY2002]
--a------ 2004-08-04 00:31 59392 C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2006-01-12 14:40 155648 C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nod32kui]
C:\Program Files\Eset\nod32kui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NWEReboot]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A]
--a------ 2004-08-04 00:32 455168 C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync]
--a------ 2004-08-04 00:32 455168 C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PtiuPbmd]
--a------ 2003-01-15 14:41 24576 C:\WINDOWS\system32\ptipbm.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Run]


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TBPS]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TCASUTIEXE]
--a------ 2003-07-16 02:34 1323008 C:\WINDOWS\system32\TCAUDIAG.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ViewMgr]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
--a------ 2007-06-07 13:08 4670968 C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.exe

R0 viasraid;viasraid;C:\WINDOWS\system32\DRIVERS\viasraid.sys [2003-09-04 21:25]
R1 oreans32;oreans32;C:\WINDOWS\system32\drivers\oreans32.sys [2006-06-23 17:34]
R2 tcaicchg;tcaicchg;C:\WINDOWS\System32\tcaicchg.sys [2000-06-06 05:08]
R2 TCAITDI;TCAITDI Protocol;C:\WINDOWS\system32\DRIVERS\TCAITDI.sys [2001-09-03 22:22]
S3 ATIXPGAA;ATIXPGAA;C:\Program Files\ASUS\SmartDoctor\ATIXPGAA.SYS [2003-10-29 18:29]
S3 AvFlt;Antivirus Filter Driver;C:\WINDOWS\system32\drivers\av5flt.sys []
S3 dump_wmimmc;dump_wmimmc;C:\Program Files\9Dragons\GameGuard\dump_wmimmc.sys []
S3 NTProcDrv;Process creation detector for NT.;D:\Downloaded Shit\1.19\NtProcDrv.sys []
S3 SaiH0109;SaiH0109;C:\WINDOWS\system32\DRIVERS\SaiH0109.sys [2004-01-30 08:19]
S3 SaiU0109;SaiU0109;C:\WINDOWS\system32\DRIVERS\SaiU0109.sys [2004-01-30 08:19]
S3 Video3D;ASUS Video3D Service;C:\WINDOWS\system32\Drivers\Video3D.sys []
S3 XDva028;XDva028;C:\WINDOWS\System32\XDva028.sys []
S3 XDva031;XDva031;C:\WINDOWS\System32\XDva031.sys []

.
Contents of the 'Scheduled Tasks' folder
"2007-12-16 18:03:41 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-17 10:43:43
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-01-17 10:44:13
ComboFix-quarantined-files.txt 2008-01-17 15:44:05
ComboFix2.txt 2008-01-16 02:21:08
.
2008-01-14 15:14:27 --- E O F ---
beangod
Regular Member
 
Posts: 17
Joined: January 13th, 2008, 12:26 pm

Re: My hijack log

Unread postby IndiGenus » January 17th, 2008, 7:42 pm

Download the trial version of AVG Anti-Spyware from here and install it. When the program has been installed, and you click the Finish button, AVG Anti-Spyware will open.

If the program does not automatically update itself during installation, or you are unsure whether it has done so, please do the following:
  • Click the Update icon at the top and under Manual Update click the Start update button.
  • The program will either update or inform you that no update was available.
  • It is essential that you get the update - keep trying until successful. (Note: If you have problems getting the update, you can download an installer for the full database from here (save it on your desktop). Once you have downloaded the installer, make sure that AVG Anti-Spyware is closed and then double-click on avgas-signatures-full-current.exe to install the database).
Please set up the program as follows:
  • Click the Shield icon at the top and under Resident shield is... click active. This should now
    change to inactive.
  • Click the Update icon and untick the automatic update option.
  • Click on Scanner on the toolbar.
  • Click on the Settings tab.
    • Under How to act? - make sure that Quarantine is selected.
    • Under How to scan? - All checkboxes should be ticked.
    • Under Possibly unwanted software - All checkboxes should be ticked.
    • Under Reports - Select Do not automatically generate reports.
    • Under What to scan? - Select Scan every file.
Close all open windows.



Please download ATF Cleaner here by Atribune. This program is for XP and Windows 2000 only.
It does not require any installation and uses minimal system resources. It is set up to clean IE, FireFox and Opera, and detects the browsers you have and grays out the other(s).

  • Double-click ATF-Cleaner.exe to run the program.
  • Under Main choose: Select All
  • Recommend UNCHECKING COOKIES if you rely on system remembered passwords.
  • Click the Empty Selected button.

    If you use Firefox browser
  • Click Firefox at the top and choose: Select All EXCEPT FIREFOX SAVED PASSWORDS
  • Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click No at the prompt.

    If you use Opera browser
  • Click Opera at the top and choose: Select All EXCEPT COOKIES AND SAVED PASSWORDS
  • Click the Empty Selected button.
  • NOTE: If you would like to keep your cookies and saved passwords, please click No at the prompt.

Click Exit on the Main menu to close the program.


We Now Need To Boot Into Safemode Now

Restart your computer.
When the machine first starts again it will generally list some equipment that is installed in your machine,
amount of memory, hard drives installed etc (BOOT SCREEEN).
At this point you should gently tap the F8 key repeatedly until you are presented with a Options menu.
Select the option for Safe Mode using the arrow keys.
Then press enter on your keyboard to boot into Safe Mode.


Run AVG


  • Click on Scanner on the toolbar.
  • Click on Complete System Scan to start the scan process.
  • Let the program scan your computer.
  • When the scan has finished, follow the instructions below:
    • Make sure that Set all elements to: shows Quarantine
    • Important: Click on the Apply all Actions button This must done before saving the report
    • When the program has finished, it will display the message All actions have been applied.
    • Then click the Save Scan Report button.
    • Click the Save Report as button.
    • Save the report to your Desktop.
      Image
  • Right-click the AVG Tray Icon and select Exit.
  • Now copy the report back to this topic.


Restart into normal mode and post the AVG Log and a new HJT Log. Also how are things now
User avatar
IndiGenus
Regular Member
 
Posts: 657
Joined: February 2nd, 2005, 1:49 pm
Location: New England, USA

Re: My hijack log

Unread postby beangod » January 17th, 2008, 10:21 pm

Well I haven't noticed anything getting worse. But here are the logs as you request. Thanks

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:11:42 PM, on 1/17/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Trend Micro\HijackThis\Findme.exe
C:\WINDOWS\system32\wuauclt.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKUS\S-1-5-20\..\RunOnce: [NeroHomeFirstStart] C:\Program Files\Common Files\Ahead\Lib\NMFirstStart.exe (User 'NETWORK SERVICE')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - http://www.comcastsupport.com/sdcxuser/asp/tgctlsr.cab
O16 - DPF: {02AA9E0F-B4EB-4BE9-A769-FD09543FEEC2} (UniInstaller Class) - http://www.sexyads.net/members/voice-installer.cab
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {0835BC90-6ABC-4F52-A103-4FC3A61F2C33} (A18X Control) - http://www.albatross18.com/cabs/A18X.ocx
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {1842B0EE-B597-11D4-8997-00104BD12D94} (iCC Class) - http://pcpitstop.com/internet/pcpConnCheck.cab
O16 - DPF: {2931566C-B8A6-46C5-BF4D-E6AB9251E953} (Nexon Package Manager Control) - http://www.nexon.co.jp/JP/f/ActiveX/Public/nxpm.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - http://www.fileplanet.com/fpdlmgr/cabs/ ... 1.2.76.cab
O16 - DPF: {48884C41-EFAC-433D-958A-9FADAC41408E} (EGamesPlugin Class) - https://www.e-games.com.my/com/EGamesPlugin.cab
O16 - DPF: {56393399-041A-4650-94C7-13DFCB1F4665} (PSFormX Control) - http://pcpitstop.com/pestscan/pestscan.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windows ... 0231545154
O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Housecall ActiveX 6.5) - http://housecall65.trendmicro.com/house ... hcImpl.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004 ... scan53.cab
O16 - DPF: {77B4BB82-C2AD-4BF8-A1A2-795605604CA8} (CNeoInstallShieldX Object) - http://d-fighter.nefficient.co.kr/samsu ... er/dis.cab
O16 - DPF: {ADCC68D4-AAEA-4338-817D-1F261D9FB759} (ENetLauncher Control) - http://www.dragongemworld.com/Active_X/ENetLauncher.cab
O16 - DPF: {B45E969D-924F-4C83-ACF3-38CDD115AA2C} (MpiPlugin Class) - https://www.isaackorea.net/update/ilkactx.cab
O16 - DPF: {CEA3052D-65B9-44E2-A501-5E14024BC66F} (TricksterActiveX Control) - http://www.tricksteronline.com/control/ ... ctiveX.cab
O16 - DPF: {D6FCA8ED-4715-43DE-9BD2-2789778A5B09} - https://my.levelupgames.ph/KeyCrypt/npkcx.cab
O16 - DPF: {D88C7675-7CEE-4C9A-BDD4-7A43EED7794D} (Logout Class) - http://www.gamengame.com/KALogoutComponent.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{7EBB828C-B2CD-408D-84C5-04E387CD4CB8}: NameServer = 68.87.74.162,68.87.68.162
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\System32\UAService7.exe

--
End of file - 6845 bytes



---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 9:08:16 PM 1/17/2008

+ Scan result:



C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.V00exe -> Dropper.Agent.dgo : Cleaned with backup (quarantined).
C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.Vexe -> Dropper.Agent.dgo : Cleaned with backup (quarantined).
C:\WINDOWS\PCHEALTH\HELPCTR\Binaries\OLDB.Vtmp -> Dropper.Agent.dgo : Cleaned with backup (quarantined).
C:\WINDOWS\system32\extwrf.V00exe -> Dropper.Agent.dgo : Cleaned with backup (quarantined).
C:\WINDOWS\system32\extwrf.Vexe -> Dropper.Agent.dgo : Cleaned with backup (quarantined).
:mozilla.146:C:\Documents and Settings\Haze\Application Data\Mozilla\Firefox\Profiles\8aaml5t5.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.58:C:\Documents and Settings\Haze\Application Data\Mozilla\Firefox\Profiles\8aaml5t5.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.59:C:\Documents and Settings\Haze\Application Data\Mozilla\Firefox\Profiles\8aaml5t5.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.60:C:\Documents and Settings\Haze\Application Data\Mozilla\Firefox\Profiles\8aaml5t5.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.61:C:\Documents and Settings\Haze\Application Data\Mozilla\Firefox\Profiles\8aaml5t5.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.62:C:\Documents and Settings\Haze\Application Data\Mozilla\Firefox\Profiles\8aaml5t5.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.63:C:\Documents and Settings\Haze\Application Data\Mozilla\Firefox\Profiles\8aaml5t5.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.64:C:\Documents and Settings\Haze\Application Data\Mozilla\Firefox\Profiles\8aaml5t5.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.65:C:\Documents and Settings\Haze\Application Data\Mozilla\Firefox\Profiles\8aaml5t5.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.66:C:\Documents and Settings\Haze\Application Data\Mozilla\Firefox\Profiles\8aaml5t5.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.150:C:\Documents and Settings\Haze\Application Data\Mozilla\Firefox\Profiles\8aaml5t5.default\cookies.txt -> TrackingCookie.Adengage : Cleaned.
:mozilla.151:C:\Documents and Settings\Haze\Application Data\Mozilla\Firefox\Profiles\8aaml5t5.default\cookies.txt -> TrackingCookie.Adengage : Cleaned.
:mozilla.152:C:\Documents and Settings\Haze\Application Data\Mozilla\Firefox\Profiles\8aaml5t5.default\cookies.txt -> TrackingCookie.Adengage : Cleaned.
:mozilla.154:C:\Documents and Settings\Haze\Application Data\Mozilla\Firefox\Profiles\8aaml5t5.default\cookies-3.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.155:C:\Documents and Settings\Haze\Application Data\Mozilla\Firefox\Profiles\8aaml5t5.default\cookies-3.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.156:C:\Documents and Settings\Haze\Application Data\Mozilla\Firefox\Profiles\8aaml5t5.default\cookies-3.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.157:C:\Documents and Settings\Haze\Application Data\Mozilla\Firefox\Profiles\8aaml5t5.default\cookies-3.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.255:C:\Documents and Settings\Haze\Application Data\Mozilla\Firefox\Profiles\8aaml5t5.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.52:C:\Documents and Settings\Haze\Application Data\Mozilla\Firefox\Profiles\8aaml5t5.default\cookies-1.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.55:C:\Documents and Settings\Haze\Application Data\Mozilla\Firefox\Profiles\8aaml5t5.default\cookies-1.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.56:C:\Documents and Settings\Haze\Application Data\Mozilla\Firefox\Profiles\8aaml5t5.default\cookies-1.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.57:C:\Documents and Settings\Haze\Application Data\Mozilla\Firefox\Profiles\8aaml5t5.default\cookies-1.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.70:C:\Documents and Settings\Haze\Application Data\Mozilla\Firefox\Profiles\8aaml5t5.default\cookies-2.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.73:C:\Documents and Settings\Haze\Application Data\Mozilla\Firefox\Profiles\8aaml5t5.default\cookies-2.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.74:C:\Documents and Settings\Haze\Application Data\Mozilla\Firefox\Profiles\8aaml5t5.default\cookies-2.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.75:C:\Documents and Settings\Haze\Application Data\Mozilla\Firefox\Profiles\8aaml5t5.default\cookies-2.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.412:C:\Documents and Settings\Haze\Application Data\Mozilla\Firefox\Profiles\8aaml5t5.default\cookies-1.txt -> TrackingCookie.Belstat : Cleaned.
:mozilla.413:C:\Documents and Settings\Haze\Application Data\Mozilla\Firefox\Profiles\8aaml5t5.default\cookies-1.txt -> TrackingCookie.Belstat : Cleaned.
:mozilla.413:C:\Documents and Settings\Haze\Application Data\Mozilla\Firefox\Profiles\8aaml5t5.default\cookies-2.txt -> TrackingCookie.Belstat : Cleaned.
:mozilla.414:C:\Documents and Settings\Haze\Application Data\Mozilla\Firefox\Profiles\8aaml5t5.default\cookies-2.txt -> TrackingCookie.Belstat : Cleaned.
:mozilla.451:C:\Documents and Settings\Haze\Application Data\Mozilla\Firefox\Profiles\8aaml5t5.default\cookies-3.txt -> TrackingCookie.Belstat : Cleaned.
:mozilla.452:C:\Documents and Settings\Haze\Application Data\Mozilla\Firefox\Profiles\8aaml5t5.default\cookies-3.txt -> TrackingCookie.Belstat : Cleaned.
:mozilla.317:C:\Documents and Settings\Haze\Application Data\Mozilla\Firefox\Profiles\8aaml5t5.default\cookies-1.txt -> TrackingCookie.Cqcounter : Cleaned.
:mozilla.318:C:\Documents and Settings\Haze\Application Data\Mozilla\Firefox\Profiles\8aaml5t5.default\cookies-2.txt -> TrackingCookie.Cqcounter : Cleaned.
:mozilla.357:C:\Documents and Settings\Haze\Application Data\Mozilla\Firefox\Profiles\8aaml5t5.default\cookies-3.txt -> TrackingCookie.Cqcounter : Cleaned.
:mozilla.447:C:\Documents and Settings\Haze\Application Data\Mozilla\Firefox\Profiles\8aaml5t5.default\cookies.txt -> TrackingCookie.Dealtime : Cleaned.
:mozilla.448:C:\Documents and Settings\Haze\Application Data\Mozilla\Firefox\Profiles\8aaml5t5.default\cookies.txt -> TrackingCookie.Dealtime : Cleaned.
:mozilla.449:C:\Documents and Settings\Haze\Application Data\Mozilla\Firefox\Profiles\8aaml5t5.default\cookies.txt -> TrackingCookie.Dealtime : Cleaned.
:mozilla.477:C:\Documents and Settings\Haze\Application Data\Mozilla\Firefox\Profiles\8aaml5t5.default\cookies.txt -> TrackingCookie.Enhance : Cleaned.
:mozilla.466:C:\Documents and Settings\Haze\Application Data\Mozilla\Firefox\Profiles\8aaml5t5.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.467:C:\Documents and Settings\Haze\Application Data\Mozilla\Firefox\Profiles\8aaml5t5.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.468:C:\Documents and Settings\Haze\Application Data\Mozilla\Firefox\Profiles\8aaml5t5.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.469:C:\Documents and Settings\Haze\Application Data\Mozilla\Firefox\Profiles\8aaml5t5.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.283:C:\Documents and Settings\Haze\Application Data\Mozilla\Firefox\Profiles\8aaml5t5.default\cookies-1.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.284:C:\Documents and Settings\Haze\Application Data\Mozilla\Firefox\Profiles\8aaml5t5.default\cookies-1.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.284:C:\Documents and Settings\Haze\Application Data\Mozilla\Firefox\Profiles\8aaml5t5.default\cookies-2.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.285:C:\Documents and Settings\Haze\Application Data\Mozilla\Firefox\Profiles\8aaml5t5.default\cookies-2.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.323:C:\Documents and Settings\Haze\Application Data\Mozilla\Firefox\Profiles\8aaml5t5.default\cookies-3.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.324:C:\Documents and Settings\Haze\Application Data\Mozilla\Firefox\Profiles\8aaml5t5.default\cookies-3.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.222:C:\Documents and Settings\Haze\Application Data\Mozilla\Firefox\Profiles\8aaml5t5.default\cookies-1.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.223:C:\Documents and Settings\Haze\Application Data\Mozilla\Firefox\Profiles\8aaml5t5.default\cookies-1.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.223:C:\Documents and Settings\Haze\Application Data\Mozilla\Firefox\Profiles\8aaml5t5.default\cookies-2.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.224:C:\Documents and Settings\Haze\Application Data\Mozilla\Firefox\Profiles\8aaml5t5.default\cookies-1.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.224:C:\Documents and Settings\Haze\Application Data\Mozilla\Firefox\Profiles\8aaml5t5.default\cookies-2.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.225:C:\Documents and Settings\Haze\Application Data\Mozilla\Firefox\Profiles\8aaml5t5.default\cookies-1.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.225:C:\Documents and Settings\Haze\Application Data\Mozilla\Firefox\Profiles\8aaml5t5.default\cookies-2.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.226:C:\Documents and Settings\Haze\Application Data\Mozilla\Firefox\Profiles\8aaml5t5.default\cookies-2.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.264:C:\Documents and Settings\Haze\Application Data\Mozilla\Firefox\Profiles\8aaml5t5.default\cookies-3.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.265:C:\Documents and Settings\Haze\Application Data\Mozilla\Firefox\Profiles\8aaml5t5.default\cookies-3.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.266:C:\Documents and Settings\Haze\Application Data\Mozilla\Firefox\Profiles\8aaml5t5.default\cookies-3.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.267:C:\Documents and Settings\Haze\Application Data\Mozilla\Firefox\Profiles\8aaml5t5.default\cookies-3.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.522:C:\Documents and Settings\Haze\Application Data\Mozilla\Firefox\Profiles\8aaml5t5.default\cookies.txt -> TrackingCookie.Gamershell : Cleaned.
:mozilla.523:C:\Documents and Settings\Haze\Application Data\Mozilla\Firefox\Profiles\8aaml5t5.default\cookies.txt -> TrackingCookie.Gamershell : Cleaned.
:mozilla.737:C:\Documents and Settings\Haze\Application Data\Mozilla\Firefox\Profiles\8aaml5t5.default\cookies.txt -> TrackingCookie.Gamershell : Cleaned.
:mozilla.738:C:\Documents and Settings\Haze\Application Data\Mozilla\Firefox\Profiles\8aaml5t5.default\cookies.txt -> TrackingCookie.Gamershell : Cleaned.
:mozilla.739:C:\Documents and Settings\Haze\Application Data\Mozilla\Firefox\Profiles\8aaml5t5.default\cookies.txt -> TrackingCookie.Gamershell : Cleaned.
:mozilla.740:C:\Documents and Settings\Haze\Application Data\Mozilla\Firefox\Profiles\8aaml5t5.default\cookies.txt -> TrackingCookie.Gamershell : Cleaned.
:mozilla.741:C:\Documents and Settings\Haze\Application Data\Mozilla\Firefox\Profiles\8aaml5t5.default\cookies.txt -> TrackingCookie.Gamershell : Cleaned.
:mozilla.742:C:\Documents and Settings\Haze\Application Data\Mozilla\Firefox\Profiles\8aaml5t5.default\cookies.txt -> TrackingCookie.Gamershell : Cleaned.
:mozilla.743:C:\Documents and Settings\Haze\Application Data\Mozilla\Firefox\Profiles\8aaml5t5.default\cookies.txt -> TrackingCookie.Gamershell : Cleaned.
:mozilla.744:C:\Documents and Settings\Haze\Application Data\Mozilla\Firefox\Profiles\8aaml5t5.default\cookies.txt -> TrackingCookie.Gamershell : Cleaned.
:mozilla.745:C:\Documents and Settings\Haze\Application Data\Mozilla\Firefox\Profiles\8aaml5t5.default\cookies.txt -> TrackingCookie.Gamershell : Cleaned.
:mozilla.746:C:\Documents and Settings\Haze\Application Data\Mozilla\Firefox\Profiles\8aaml5t5.default\cookies.txt -> TrackingCookie.Gamershell : Cleaned.
:mozilla.747:C:\Documents and Settings\Haze\Application Data\Mozilla\Firefox\Profiles\8aaml5t5.default\cookies.txt -> TrackingCookie.Gamershell : Cleaned.
:mozilla.748:C:\Documents and Settings\Haze\Application Data\Mozilla\Firefox\Profiles\8aaml5t5.default\cookies.txt -> TrackingCookie.Gamershell : Cleaned.
:mozilla.749:C:\Documents and Settings\Haze\Application Data\Mozilla\Firefox\Profiles\8aaml5t5.default\cookies.txt -> TrackingCookie.Gamershell : Cleaned.
:mozilla.750:C:\Documents and Settings\Haze\Application Data\Mozilla\Firefox\Profiles\8aaml5t5.default\cookies.txt -> TrackingCookie.Gamershell : Cleaned.
:mozilla.751:C:\Documents and Settings\Haze\Application Data\Mozilla\Firefox\Profiles\8aaml5t5.default\cookies.txt -> TrackingCookie.Gamershell : Cleaned.
:mozilla.752:C:\Documents and Settings\Haze\Application Data\Mozilla\Firefox\Profiles\8aaml5t5.default\cookies.txt -> TrackingCookie.Gamershell : Cleaned.
:mozilla.753:C:\Documents and Settings\Haze\Application Data\Mozilla\Firefox\Profiles\8aaml5t5.default\cookies.txt -> TrackingCookie.Gamershell : Cleaned.
:mozilla.754:C:\Documents and Settings\Haze\Application Data\Mozilla\Firefox\Profiles\8aaml5t5.default\cookies.txt -> TrackingCookie.Gamershell : Cleaned.
:mozilla.755:C:\Documents and Settings\Haze\Application Data\Mozilla\Firefox\Profiles\8aaml5t5.default\cookies.txt -> TrackingCookie.Gamershell : Cleaned.
:mozilla.756:C:\Documents and Settings\Haze\Application Data\Mozilla\Firefox\Profiles\8aaml5t5.default\cookies.txt -> TrackingCookie.Gamershell : Cleaned.
:mozilla.757:C:\Documents and Settings\Haze\Application Data\Mozilla\Firefox\Profiles\8aaml5t5.default\cookies.txt -> TrackingCookie.Gamershell : Cleaned.
:mozilla.758:C:\Documents and Settings\Haze\Application Data\Mozilla\Firefox\Profiles\8aaml5t5.default\cookies.txt -> TrackingCookie.Gamershell : Cleaned.
:mozilla.759:C:\Documents and Settings\Haze\Application Data\Mozilla\Firefox\Profiles\8aaml5t5.default\cookies.txt -> TrackingCookie.Gamershell : Cleaned.
:mozilla.760:C:\Documents and Settings\Haze\Application Data\Mozilla\Firefox\Profiles\8aaml5t5.default\cookies.txt -> TrackingCookie.Gamershell : Cleaned.
:mozilla.761:C:\Documents and Settings\Haze\Application Data\Mozilla\Firefox\Profiles\8aaml5t5.default\cookies.txt -> TrackingCookie.Gamershell : Cleaned.
:mozilla.762:C:\Documents and Settings\Haze\Application Data\Mozilla\Firefox\Profiles\8aaml5t5.default\cookies.txt -> TrackingCookie.Gamershell : Cleaned.
:mozilla.763:C:\Documents and Settings\Haze\Application Data\Mozilla\Firefox\Profiles\8aaml5t5.default\cookies.txt -> TrackingCookie.Gamershell : Cleaned.
:mozilla.764:C:\Documents and Settings\Haze\Application Data\Mozilla\Firefox\Profiles\8aaml5t5.default\cookies.txt -> TrackingCookie.Gamershell : Cleaned.
:mozilla.765:C:\Documents and Settings\Haze\Application Data\Mozilla\Firefox\Profiles\8aaml5t5.default\cookies.txt -> TrackingCookie.Gamershell : Cleaned.
:mozilla.766:C:\Documents and Settings\Haze\Application Data\Mozilla\Firefox\Profiles\8aaml5t5.default\cookies.txt -> TrackingCookie.Gamershell : Cleaned.
:mozilla.767:C:\Documents and Settings\Haze\Application Data\Mozilla\Firefox\Profiles\8aaml5t5.default\cookies.txt -> TrackingCookie.Gamershell : Cleaned.
:mozilla.768:C:\Documents and Settings\Haze\Application Data\Mozilla\Firefox\Profiles\8aaml5t5.default\cookies.txt -> TrackingCookie.Gamershell : Cleaned.
:mozilla.769:C:\Documents and Settings\Haze\Application Data\Mozilla\Firefox\Profiles\8aaml5t5.default\cookies.txt -> TrackingCookie.Gamershell : Cleaned.
:mozilla.770:C:\Documents and Settings\Haze\Application Data\Mozilla\Firefox\Profiles\8aaml5t5.default\cookies.txt -> TrackingCookie.Gamershell : Cleaned.
:mozilla.771:C:\Documents and Settings\Haze\Application Data\Mozilla\Firefox\Profiles\8aaml5t5.default\cookies.txt -> TrackingCookie.Gamershell : Cleaned.
:mozilla.772:C:\Documents and Settings\Haze\Application Data\Mozilla\Firefox\Profiles\8aaml5t5.default\cookies.txt -> TrackingCookie.Gamershell : Cleaned.
:mozilla.773:C:\Documents and Settings\Haze\Application Data\Mozilla\Firefox\Profiles\8aaml5t5.default\cookies.txt -> TrackingCookie.Gamershell : Cleaned.
:mozilla.774:C:\Documents and Settings\Haze\Application Data\Mozilla\Firefox\Profiles\8aaml5t5.default\cookies.txt -> TrackingCookie.Gamershell : Cleaned.
:mozilla.775:C:\Documents and Settings\Haze\Application Data\Mozilla\Firefox\Profiles\8aaml5t5.default\cookies.txt -> TrackingCookie.Gamershell : Cleaned.
:mozilla.776:C:\Documents and Settings\Haze\Application Data\Mozilla\Firefox\Profiles\8aaml5t5.default\cookies.txt -> TrackingCookie.Gamershell : Cleaned.
:mozilla.777:C:\Documents and Settings\Haze\Application Data\Mozilla\Firefox\Profiles\8aaml5t5.default\cookies.txt -> TrackingCookie.Gamershell : Cleaned.
:mozilla.778:C:\Documents and Settings\Haze\Application Data\Mozilla\Firefox\Profiles\8aaml5t5.default\cookies.txt -> TrackingCookie.Gamershell : Cleaned.
:mozilla.779:C:\Documents and Settings\Haze\Application Data\Mozilla\Firefox\Profiles\8aaml5t5.default\cookies.txt -> TrackingCookie.Gamershell : Cleaned.
:mozilla.780:C:\Documents and Settings\Haze\Application Data\Mozilla\Firefox\Profiles\8aaml5t5.default\cookies.txt -> TrackingCookie.Gamershell : Cleaned.
:mozilla.781:C:\Documents and Settings\Haze\Application Data\Mozilla\Firefox\Profiles\8aaml5t5.default\cookies.txt -> TrackingCookie.Gamershell : Cleaned.
:mozilla.782:C:\Documents and Settings\Haze\Application Data\Mozilla\Firefox\Profiles\8aaml5t5.default\cookies.txt -> TrackingCookie.Gamershell : Cleaned.
:mozilla.783:C:\Documents and Settings\Haze\Application Data\Mozilla\Firefox\Profiles\8aaml5t5.default\cookies.txt -> TrackingCookie.Gamershell : Cleaned.
:mozilla.188:C:\Documents and Settings\Haze\Application Data\Mozilla\Firefox\Profiles\8aaml5t5.default\cookies-1.txt -> TrackingCookie.Imrworldwide : Cleaned.
:mozilla.189:C:\Documents and Settings\Haze\Application Data\Mozilla\Firefox\Profiles\8aaml5t5.default\cookies-2.txt -> TrackingCookie.Imrworldwide : Cleaned.
:mozilla.190:C:\Documents and Settings\Haze\Application Data\Mozilla\Firefox\Profiles\8aaml5t5.default\cookies-1.txt -> TrackingCookie.Imrworldwide : Cleaned.
:mozilla.191:C:\Documents and Settings\Haze\Application Data\Mozilla\Firefox\Profiles\8aaml5t5.default\cookies-2.txt -> TrackingCookie.Imrworldwide : Cleaned.
:mozilla.233:C:\Documents and Settings\Haze\Application Data\Mozilla\Firefox\Profiles\8aaml5t5.default\cookies-3.txt -> TrackingCookie.Imrworldwide : Cleaned.
:mozilla.235:C:\Documents and Settings\Haze\Application Data\Mozilla\Firefox\Profiles\8aaml5t5.default\cookies-3.txt -> TrackingCookie.Imrworldwide : Cleaned.
:mozilla.581:C:\Documents and Settings\Haze\Application Data\Mozilla\Firefox\Profiles\8aaml5t5.default\cookies.txt -> TrackingCookie.Imrworldwide : Cleaned.
:mozilla.582:C:\Documents and Settings\Haze\Application Data\Mozilla\Firefox\Profiles\8aaml5t5.default\cookies.txt -> TrackingCookie.Imrworldwide : Cleaned.
:mozilla.442:C:\Documents and Settings\Haze\Application Data\Mozilla\Firefox\Profiles\8aaml5t5.default\cookies-1.txt -> TrackingCookie.Information : Cleaned.
:mozilla.443:C:\Documents and Settings\Haze\Application Data\Mozilla\Firefox\Profiles\8aaml5t5.default\cookies-2.txt -> TrackingCookie.Information : Cleaned.
:mozilla.481:C:\Documents and Settings\Haze\Application Data\Mozilla\Firefox\Profiles\8aaml5t5.default\cookies-3.txt -> TrackingCookie.Information : Cleaned.
:mozilla.10:C:\Documents and Settings\Haze\Application Data\Mozilla\Firefox\Profiles\8aaml5t5.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.11:C:\Documents and Settings\Haze\Application Data\Mozilla\Firefox\Profiles\8aaml5t5.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.12:C:\Documents and Settings\Haze\Application Data\Mozilla\Firefox\Profiles\8aaml5t5.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.13:C:\Documents and Settings\Haze\Application Data\Mozilla\Firefox\Profiles\8aaml5t5.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.14:C:\Documents and Settings\Haze\Application Data\Mozilla\Firefox\Profiles\8aaml5t5.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.15:C:\Documents and Settings\Haze\Application Data\Mozilla\Firefox\Profiles\8aaml5t5.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.172:C:\Documents and Settings\Haze\Application Data\Mozilla\Firefox\Profiles\8aaml5t5.default\cookies-1.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.173:C:\Documents and Settings\Haze\Application Data\Mozilla\Firefox\Profiles\8aaml5t5.default\cookies-2.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.174:C:\Documents and Settings\Haze\Application Data\Mozilla\Firefox\Profiles\8aaml5t5.default\cookies-1.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.175:C:\Documents and Settings\Haze\Application Data\Mozilla\Firefox\Profiles\8aaml5t5.default\cookies-1.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.175:C:\Documents and Settings\Haze\Application Data\Mozilla\Firefox\Profiles\8aaml5t5.default\cookies-2.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.176:C:\Documents and Settings\Haze\Application Data\Mozilla\Firefox\Profiles\8aaml5t5.default\cookies-1.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.176:C:\Documents and Settings\Haze\Application Data\Mozilla\Firefox\Profiles\8aaml5t5.default\cookies-2.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.177:C:\Documents and Settings\Haze\Application Data\Mozilla\Firefox\Profiles\8aaml5t5.default\cookies-1.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.177:C:\Documents and Settings\Haze\Application Data\Mozilla\Firefox\Profiles\8aaml5t5.default\cookies-2.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.178:C:\Documents and Settings\Haze\Application Data\Mozilla\Firefox\Profiles\8aaml5t5.default\cookies-2.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.17:C:\Documents and Settings\Haze\Application Data\Mozilla\Firefox\Profiles\8aaml5t5.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.18:C:\Documents and Settings\Haze\Application Data\Mozilla\Firefox\Profiles\8aaml5t5.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.217:C:\Documents and Settings\Haze\Application Data\Mozilla\Firefox\Profiles\8aaml5t5.default\cookies-3.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.219:C:\Documents and Settings\Haze\Application Data\Mozilla\Firefox\Profiles\8aaml5t5.default\cookies-3.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.220:C:\Documents and Settings\Haze\Application Data\Mozilla\Firefox\Profiles\8aaml5t5.default\cookies-3.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.221:C:\Documents and Settings\Haze\Application Data\Mozilla\Firefox\Profiles\8aaml5t5.default\cookies-3.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.222:C:\Documents and Settings\Haze\Application Data\Mozilla\Firefox\Profiles\8aaml5t5.default\cookies-3.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.27:C:\Documents and Settings\Haze\Application Data\Mozilla\Firefox\Profiles\8aaml5t5.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.6:C:\Documents and Settings\Haze\Application Data\Mozilla\Firefox\Profiles\8aaml5t5.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.7:C:\Documents and Settings\Haze\Application Data\Mozilla\Firefox\Profiles\8aaml5t5.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.8:C:\Documents and Settings\Haze\Application Data\Mozilla\Firefox\Profiles\8aaml5t5.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.9:C:\Documents and Settings\Haze\Application Data\Mozilla\Firefox\Profiles\8aaml5t5.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.378:C:\Documents and Settings\Haze\Application Data\Mozilla\Firefox\Profiles\8aaml5t5.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.659:C:\Documents and Settings\Haze\Application Data\Mozilla\Firefox\Profiles\8aaml5t5.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.660:C:\Documents and Settings\Haze\Application Data\Mozilla\Firefox\Profiles\8aaml5t5.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.661:C:\Documents and Settings\Haze\Application Data\Mozilla\Firefox\Profiles\8aaml5t5.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.662:C:\Documents and Settings\Haze\Application Data\Mozilla\Firefox\Profiles\8aaml5t5.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.663:C:\Documents and Settings\Haze\Application Data\Mozilla\Firefox\Profiles\8aaml5t5.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.664:C:\Documents and Settings\Haze\Application Data\Mozilla\Firefox\Profiles\8aaml5t5.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.121:C:\Documents and Settings\Haze\Application Data\Mozilla\Firefox\Profiles\8aaml5t5.default\cookies-1.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.122:C:\Documents and Settings\Haze\Application Data\Mozilla\Firefox\Profiles\8aaml5t5.default\cookies-1.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.123:C:\Documents and Settings\Haze\Application Data\Mozilla\Firefox\Profiles\8aaml5t5.default\cookies-1.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.124:C:\Documents and Settings\Haze\Application Data\Mozilla\Firefox\Profiles\8aaml5t5.default\cookies-1.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.125:C:\Documents and Settings\Haze\Application Data\Mozilla\Firefox\Profiles\8aaml5t5.default\cookies-1.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.126:C:\Documents and Settings\Haze\Application Data\Mozilla\Firefox\Profiles\8aaml5t5.default\cookies-1.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.127:C:\Documents and Settings\Haze\Application Data\Mozilla\Firefox\Profiles\8aaml5t5.default\cookies-1.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.128:C:\Documents and Settings\Haze\Application Data\Mozilla\Firefox\Profiles\8aaml5t5.default\cookies-1.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.129:C:\Documents and Settings\Haze\Application Data\Mozilla\Firefox\Profiles\8aaml5t5.default\cookies-1.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.130:C:\Documents and Settings\Haze\Application Data\Mozilla\Firefox\Profiles\8aaml5t5.default\cookies-1.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.131:C:\Documents and Settings\Haze\Application Data\Mozilla\Firefox\Profiles\8aaml5t5.default\cookies-1.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.131:C:\Documents and Settings\Haze\Application Data\Mozilla\Firefox\Profiles\8aaml5t5.default\cookies-2.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.132:C:\Documents and Settings\Haze\Application Data\Mozilla\Firefox\Profiles\8aaml5t5.default\cookies-1.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.132:C:\Documents and Settings\Haze\Application Data\Mozilla\Firefox\Profiles\8aaml5t5.default\cookies-2.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.133:C:\Documents and Settings\Haze\Application Data\Mozilla\Firefox\Profiles\8aaml5t5.default\cookies-1.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.133:C:\Documents and Settings\Haze\Application Data\Mozilla\Firefox\Profiles\8aaml5t5.default\cookies-2.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.134:C:\Documents and Settings\Haze\Application Data\Mozilla\Firefox\Profiles\8aaml5t5.default\cookies-1.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.134:C:\Documents and Settings\Haze\Application Data\Mozilla\Firefox\Profiles\8aaml5t5.default\cookies-2.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.135:C:\Documents and Settings\Haze\Application Data\Mozilla\Firefox\Profiles\8aaml5t5.default\cookies-1.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.135:C:\Documents and Settings\Haze\Application Data\Mozilla\Firefox\Profiles\8aaml5t5.default\cookies-2.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.136:C:\Documents and Settings\Haze\Application Data\Mozilla\Firefox\Profiles\8aaml5t5.default\cookies-1.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.136:C:\Documents and Settings\Haze\Application Data\Mozilla\Firefox\Profiles\8aaml5t5.default\cookies-2.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.137:C:\Documents and Settings\Haze\Application Data\Mozilla\Firefox\Profiles\8aaml5t5.default\cookies-1.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.137:C:\Documents and Settings\Haze\Application Data\Mozilla\Firefox\Profiles\8aaml5t5.default\cookies-2.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.138:C:\Documents and Settings\Haze\Application Data\Mozilla\Firefox\Profiles\8aaml5t5.default\cookies-1.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.138:C:\Documents and Settings\Haze\Application Data\Mozilla\Firefox\Profiles\8aaml5t5.default\cookies-2.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.139:C:\Documents and Settings\Haze\Application Data\Mozilla\Firefox\Profiles\8aaml5t5.default\cookies-1.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.139:C:\Documents and Settings\Haze\Application Data\Mozilla\Firefox\Profiles\8aaml5t5.default\cookies-2.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.140:C:\Documents and Settings\Haze\Application Data\Mozilla\Firefox\Profiles\8aaml5t5.default\cookies-1.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.140:C:\Documents and Settings\Haze\Application Data\Mozilla\Firefox\Profiles\8aaml5t5.default\cookies-2.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.141:C:\Documents and Settings\Haze\Application Data\Mozilla\Firefox\Profiles\8aaml5t5.default\cookies-1.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.141:C:\Documents and Settings\Haze\Application Data\Mozilla\Firefox\Profiles\8aaml5t5.default\cookies-2.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.142:C:\Documents and Settings\Haze\Application Data\Mozilla\Firefox\Profiles\8aaml5t5.default\cookies-1.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.142:C:\Documents and Settings\Haze\Application Data\Mozilla\Firefox\Profiles\8aaml5t5.default\cookies-2.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.143:C:\Documents and Settings\Haze\Application Data\Mozilla\Firefox\Profiles\8aaml5t5.default\cookies-1.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.143:C:\Documents and Settings\Haze\Application Data\Mozilla\Firefox\Profiles\8aaml5t5.default\cookies-2.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.144:C:\Documents and Settings\Haze\Application Data\Mozilla\Firefox\Profiles\8aaml5t5.default\cookies-1.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.144:C:\Documents and Settings\Haze\Application Data\Mozilla\Firefox\Profiles\8aaml5t5.default\cookies-2.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.145:C:\Documents and Settings\Haze\Application Data\Mozilla\Firefox\Profiles\8aaml5t5.default\cookies-1.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.145:C:\Documents and Settings\Haze\Application Data\Mozilla\Firefox\Profiles\8aaml5t5.default\cookies-2.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.146:C:\Documents and Settings\Haze\Application Data\Mozilla\Firefox\Profiles\8aaml5t5.default\cookies-1.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.146:C:\Documents and Settings\Haze\Application Data\Mozilla\Firefox\Profiles\8aaml5t5.default\cookies-2.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.147:C:\Documents and Settings\Haze\Application Data\Mozilla\Firefox\Profiles\8aaml5t5.default\cookies-1.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.147:C:\Documents and Settings\Haze\Application Data\Mozilla\Firefox\Profiles\8aaml5t5.default\cookies-2.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.148:C:\Documents and Settings\Haze\Application Data\Mozilla\Firefox\Profiles\8aaml5t5.default\cookies-1.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.148:C:\Documents and Settings\Haze\Application Data\Mozilla\Firefox\Profiles\8aaml5t5.default\cookies-2.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.149:C:\Documents and Settings\Haze\Application Data\Mozilla\Firefox\Profiles\8aaml5t5.default\cookies-2.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.150:C:\Documents and Settings\Haze\Application Data\Mozilla\Firefox\Profiles\8aaml5t5.default\cookies-2.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.151:C:\Documents and Settings\Haze\Application Data\Mozilla\Firefox\Profiles\8aaml5t5.default\cookies-2.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.152:C:\Documents and Settings\Haze\Application Data\Mozilla\Firefox\Profiles\8aaml5t5.default\cookies-2.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.153:C:\Documents and Settings\Haze\Application Data\Mozilla\Firefox\Profiles\8aaml5t5.default\cookies-2.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.154:C:\Documents and Settings\Haze\Application Data\Mozilla\Firefox\Profiles\8aaml5t5.default\cookies-2.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.155:C:\Documents and Settings\Haze\Application Data\Mozilla\Firefox\Profiles\8aaml5t5.default\cookies-2.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.156:C:\Documents and Settings\Haze\Application Data\Mozilla\Firefox\Profiles\8aaml5t5.default\cookies-2.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.157:C:\Documents and Settings\Haze\Application Data\Mozilla\Firefox\Profiles\8aaml5t5.default\cookies-2.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.158:C:\Documents and Settings\Haze\Application Data\Mozilla\Firefox\Profiles\8aaml5t5.default\cookies-2.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.409:C:\Documents and Settings\Haze\Application Data\Mozilla\Firefox\Profiles\8aaml5t5.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.410:C:\Documents and Settings\Haze\Application Data\Mozilla\Firefox\Profiles\8aaml5t5.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.411:C:\Documents and Settings\Haze\Application Data\Mozilla\Firefox\Profiles\8aaml5t5.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.412:C:\Documents and Settings\Haze\Application Data\Mozilla\Firefox\Profiles\8aaml5t5.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.413:C:\Documents and Settings\Haze\Application Data\Mozilla\Firefox\Profiles\8aaml5t5.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.414:C:\Documents and Settings\Haze\Application Data\Mozilla\Firefox\Profiles\8aaml5t5.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.415:C:\Documents and Settings\Haze\Application Data\Mozilla\Firefox\Profiles\8aaml5t5.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.416:C:\Documents and Settings\Haze\Application Data\Mozilla\Firefox\Profiles\8aaml5t5.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.417:C:\Documents and Settings\Haze\Application Data\Mozilla\Firefox\Profiles\8aaml5t5.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.418:C:\Documents and Settings\Haze\Application Data\Mozilla\Firefox\Profiles\8aaml5t5.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.419:C:\Documents and Settings\Haze\Application Data\Mozilla\Firefox\Profiles\8aaml5t5.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.41:C:\Documents and Settings\Haze\Application Data\Mozilla\Firefox\Profiles\8aaml5t5.default\cookies-3.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.420:C:\Documents and Settings\Haze\Application Data\Mozilla\Firefox\Profiles\8aaml5t5.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.421:C:\Documents and Settings\Haze\Application Data\Mozilla\Firefox\Profiles\8aaml5t5.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.422:C:\Documents and Settings\Haze\Application Data\Mozilla\Firefox\Profiles\8aaml5t5.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.423:C:\Documents and Settings\Haze\Application Data\Mozilla\Firefox\Profiles\8aaml5t5.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.424:C:\Documents and Settings\Haze\Application Data\Mozilla\Firefox\Profiles\8aaml5t5.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.425:C:\Documents and Settings\Haze\Application Data\Mozilla\Firefox\Profiles\8aaml5t5.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.426:C:\Documents and Settings\Haze\Application Data\Mozilla\Firefox\Profiles\8aaml5t5.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.427:C:\Documents and Settings\Haze\Application Data\Mozilla\Firefox\Profiles\8aaml5t5.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.428:C:\Documents and Settings\Haze\Application Data\Mozilla\Firefox\Profiles\8aaml5t5.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.429:C:\Documents and Settings\Haze\Application Data\Mozilla\Firefox\Profiles\8aaml5t5.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.42:C:\Documents and Settings\Haze\Application Data\Mozilla\Firefox\Profiles\8aaml5t5.default\cookies-3.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.430:C:\Documents and Settings\Haze\Application Data\Mozilla\Firefox\Profiles\8aaml5t5.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.431:C:\Documents and Settings\Haze\Application Data\Mozilla\Firefox\Profiles\8aaml5t5.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.432:C:\Documents and Settings\Haze\Application Data\Mozilla\Firefox\Profiles\8aaml5t5.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.433:C:\Documents and Settings\Haze\Application Data\Mozilla\Firefox\Profiles\8aaml5t5.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.434:C:\Documents and Settings\Haze\Application Data\Mozilla\Firefox\Profiles\8aaml5t5.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.435:C:\Documents and Settings\Haze\Application Data\Mozilla\Firefox\Profiles\8aaml5t5.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.436:C:\Documents and Settings\Haze\Application Data\Mozilla\Firefox\Profiles\8aaml5t5.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.437:C:\Documents and Settings\Haze\Application Data\Mozilla\Firefox\Profiles\8aaml5t5.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.438:C:\Documents and Settings\Haze\Application Data\Mozilla\Firefox\Profiles\8aaml5t5.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.439:C:\Documents and Settings\Haze\Application Data\Mozilla\Firefox\Profiles\8aaml5t5.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.43:C:\Documents and Settings\Haze\Application Data\Mozilla\Firefox\Profiles\8aaml5t5.default\cookies-3.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.440:C:\Documents and Settings\Haze\Application Data\Mozilla\Firefox\Profiles\8aaml5t5.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.441:C:\Documents and Settings\Haze\Application Data\Mozilla\Firefox\Profiles\8aaml5t5.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.442:C:\Documents and Settings\Haze\Application Data\Mozilla\Firefox\Profiles\8aaml5t5.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.443:C:\Documents and Settings\Haze\Application Data\Mozilla\Firefox\Profiles\8aaml5t5.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.444:C:\Documents and Settings\Haze\Application Data\Mozilla\Firefox\Profiles\8aaml5t5.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.44:C:\Documents and Settings\Haze\Application Data\Mozilla\Firefox\Profiles\8aaml5t5.default\cookies-3.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.45:C:\Documents and Settings\Haze\Application Data\Mozilla\Firefox\Profiles\8aaml5t5.default\cookies-3.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.46:C:\Documents and Settings\Haze\Application Data\Mozilla\Firefox\Profiles\8aaml5t5.default\cookies-3.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.47:C:\Documents and Settings\Haze\Application Data\Mozilla\Firefox\Profiles\8aaml5t5.default\cookies-3.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.48:C:\Documents and Settings\Haze\Application Data\Mozilla\Firefox\Profiles\8aaml5t5.default\cookies-3.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.49:C:\Documents and Settings\Haze\Application Data\Mozilla\Firefox\Profiles\8aaml5t5.default\cookies-3.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.50:C:\Documents and Settings\Haze\Application Data\Mozilla\Firefox\Profiles\8aaml5t5.default\cookies-3.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.51:C:\Documents and Settings\Haze\Application Data\Mozilla\Firefox\Profiles\8aaml5t5.default\cookies-3.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.52:C:\Documents and Settings\Haze\Application Data\Mozilla\Firefox\Profiles\8aaml5t5.default\cookies-3.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.53:C:\Documents and Settings\Haze\Application Data\Mozilla\Firefox\Profiles\8aaml5t5.default\cookies-3.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.54:C:\Documents and Settings\Haze\Application Data\Mozilla\Firefox\Profiles\8aaml5t5.default\cookies-3.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.55:C:\Documents and Settings\Haze\Application Data\Mozilla\Firefox\Profiles\8aaml5t5.default\cookies-3.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.56:C:\Documents and Settings\Haze\Application Data\Mozilla\Firefox\Profiles\8aaml5t5.default\cookies-3.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.57:C:\Documents and Settings\Haze\Application Data\Mozilla\Firefox\Profiles\8aaml5t5.default\cookies-3.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.58:C:\Documents and Settings\Haze\Application Data\Mozilla\Firefox\Profiles\8aaml5t5.default\cookies-3.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.59:C:\Documents and Settings\Haze\Application Data\Mozilla\Firefox\Profiles\8aaml5t5.default\cookies-3.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.60:C:\Documents and Settings\Haze\Application Data\Mozilla\Firefox\Profiles\8aaml5t5.default\cookies-3.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.61:C:\Documents and Settings\Haze\Application Data\Mozilla\Firefox\Profiles\8aaml5t5.default\cookies-3.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.62:C:\Documents and Settings\Haze\Application Data\Mozilla\Firefox\Profiles\8aaml5t5.default\cookies-3.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.63:C:\Documents and Settings\Haze\Application Data\Mozilla\Firefox\Profiles\8aaml5t5.default\cookies-3.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.64:C:\Documents and Settings\Haze\Application Data\Mozilla\Firefox\Profiles\8aaml5t5.default\cookies-3.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.65:C:\Documents and Settings\Haze\Application Data\Mozilla\Firefox\Profiles\8aaml5t5.default\cookies-3.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.66:C:\Documents and Settings\Haze\Application Data\Mozilla\Firefox\Profiles\8aaml5t5.default\cookies-3.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.67:C:\Documents and Settings\Haze\Application Data\Mozilla\Firefox\Profiles\8aaml5t5.default\cookies-3.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.68:C:\Documents and Settings\Haze\Application Data\Mozilla\Firefox\Profiles\8aaml5t5.default\cookies-3.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.228:C:\Documents and Settings\Haze\Application Data\Mozilla\Firefox\Profiles\8aaml5t5.default\cookies-1.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.229:C:\Documents and Settings\Haze\Application Data\Mozilla\Firefox\Profiles\8aaml5t5.default\cookies-2.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.230:C:\Documents and Settings\Haze\Application Data\Mozilla\Firefox\Profiles\8aaml5t5.default\cookies-1.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.231:C:\Documents and Settings\Haze\Application Data\Mozilla\Firefox\Profiles\8aaml5t5.default\cookies-1.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.231:C:\Documents and Settings\Haze\Application Data\Mozilla\Firefox\Profiles\8aaml5t5.default\cookies-2.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.232:C:\Documents and Settings\Haze\Application Data\Mozilla\Firefox\Profiles\8aaml5t5.default\cookies-1.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.232:C:\Documents and Settings\Haze\Application Data\Mozilla\Firefox\Profiles\8aaml5t5.default\cookies-2.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.233:C:\Documents and Settings\Haze\Application Data\Mozilla\Firefox\Profiles\8aaml5t5.default\cookies-1.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.233:C:\Documents and Settings\Haze\Application Data\Mozilla\Firefox\Profiles\8aaml5t5.default\cookies-2.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.234:C:\Documents and Settings\Haze\Application Data\Mozilla\Firefox\Profiles\8aaml5t5.default\cookies-1.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.234:C:\Documents and Settings\Haze\Application Data\Mozilla\Firefox\Profiles\8aaml5t5.default\cookies-2.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.235:C:\Documents and Settings\Haze\Application Data\Mozilla\Firefox\Profiles\8aaml5t5.default\cookies-1.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.235:C:\Documents and Settings\Haze\Application Data\Mozilla\Firefox\Profiles\8aaml5t5.default\cookies-2.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.236:C:\Documents and Settings\Haze\Application Data\Mozilla\Firefox\Profiles\8aaml5t5.default\cookies-1.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.236:C:\Documents and Settings\Haze\Application Data\Mozilla\Firefox\Profiles\8aaml5t5.default\cookies-2.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.237:C:\Documents and Settings\Haze\Application Data\Mozilla\Firefox\Profiles\8aaml5t5.default\cookies-1.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.237:C:\Documents and Settings\Haze\Application Data\Mozilla\Firefox\Profiles\8aaml5t5.default\cookies-2.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.238:C:\Documents and Settings\Haze\Application Data\Mozilla\Firefox\Profiles\8aaml5t5.default\cookies-1.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.238:C:\Documents and Settings\Haze\Application Data\Mozilla\Firefox\Profiles\8aaml5t5.default\cookies-2.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.239:C:\Documents and Settings\Haze\Application Data\Mozilla\Firefox\Profiles\8aaml5t5.default\cookies-1.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.239:C:\Documents and Settings\Haze\Application Data\Mozilla\Firefox\Profiles\8aaml5t5.default\cookies-2.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.240:C:\Documents and Settings\Haze\Application Data\Mozilla\Firefox\Profiles\8aaml5t5.default\cookies-1.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.240:C:\Documents and Settings\Haze\Application Data\Mozilla\Firefox\Profiles\8aaml5t5.default\cookies-2.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.241:C:\Documents and Settings\Haze\Application Data\Mozilla\Firefox\Profiles\8aaml5t5.default\cookies-2.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.270:C:\Documents and Settings\Haze\Application Data\Mozilla\Firefox\Profiles\8aaml5t5.default\cookies-3.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.272:C:\Documents and Settings\Haze\Application Data\Mozilla\Firefox\Profiles\8aaml5t5.default\cookies-3.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.273:C:\Documents and Settings\Haze\Application Data\Mozilla\Firefox\Profiles\8aaml5t5.default\cookies-3.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.274:C:\Documents and Settings\Haze\Application Data\Mozilla\Firefox\Profiles\8aaml5t5.default\cookies-3.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.275:C:\Documents and Settings\Haze\Application Data\Mozilla\Firefox\Profiles\8aaml5t5.default\cookies-3.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.276:C:\Documents and Settings\Haze\Application Data\Mozilla\Firefox\Profiles\8aaml5t5.default\cookies-3.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.277:C:\Documents and Settings\Haze\Application Data\Mozilla\Firefox\Profiles\8aaml5t5.default\cookies-3.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.278:C:\Documents and Settings\Haze\Application Data\Mozilla\Firefox\Profiles\8aaml5t5.default\cookies-3.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.279:C:\Documents and Settings\Haze\Application Data\Mozilla\Firefox\Profiles\8aaml5t5.default\cookies-3.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.280:C:\Documents and Settings\Haze\Application Data\Mozilla\Firefox\Profiles\8aaml5t5.default\cookies-3.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.281:C:\Documents and Settings\Haze\Application Data\Mozilla\Firefox\Profiles\8aaml5t5.default\cookies-3.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.282:C:\Documents and Settings\Haze\Application Data\Mozilla\Firefox\Profiles\8aaml5t5.default\cookies-3.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.680:C:\Documents and Settings\Haze\Application Data\Mozilla\Firefox\Profiles\8aaml5t5.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.681:C:\Documents and Settings\Haze\Application Data\Mozilla\Firefox\Profiles\8aaml5t5.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.682:C:\Documents and Settings\Haze\Application Data\Mozilla\Firefox\Profiles\8aaml5t5.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.683:C:\Documents and Settings\Haze\Application Data\Mozilla\Firefox\Profiles\8aaml5t5.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.345:C:\Documents and Settings\Haze\Application Data\Mozilla\Firefox\Profiles\8aaml5t5.default\cookies-1.txt -> TrackingCookie.Webtrends : Cleaned.
:mozilla.346:C:\Documents and Settings\Haze\Application Data\Mozilla\Firefox\Profiles\8aaml5t5.default\cookies-2.txt -> TrackingCookie.Webtrends : Cleaned.
:mozilla.385:C:\Documents and Settings\Haze\Application Data\Mozilla\Firefox\Profiles\8aaml5t5.default\cookies-3.txt -> TrackingCookie.Webtrends : Cleaned.
:mozilla.844:C:\Documents and Settings\Haze\Application Data\Mozilla\Firefox\Profiles\8aaml5t5.default\cookies.txt -> TrackingCookie.Webtrends : Cleaned.
:mozilla.152:C:\Documents and Settings\Haze\Application Data\Mozilla\Firefox\Profiles\8aaml5t5.default\cookies-3.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.158:C:\Documents and Settings\Haze\Application Data\Mozilla\Firefox\Profiles\8aaml5t5.default\cookies-3.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.45:C:\Documents and Settings\Haze\Application Data\Mozilla\Firefox\Profiles\8aaml5t5.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.46:C:\Documents and Settings\Haze\Application Data\Mozilla\Firefox\Profiles\8aaml5t5.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.47:C:\Documents and Settings\Haze\Application Data\Mozilla\Firefox\Profiles\8aaml5t5.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.48:C:\Documents and Settings\Haze\Application Data\Mozilla\Firefox\Profiles\8aaml5t5.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.49:C:\Documents and Settings\Haze\Application Data\Mozilla\Firefox\Profiles\8aaml5t5.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.50:C:\Documents and Settings\Haze\Application Data\Mozilla\Firefox\Profiles\8aaml5t5.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.53:C:\Documents and Settings\Haze\Application Data\Mozilla\Firefox\Profiles\8aaml5t5.default\cookies-1.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.54:C:\Documents and Settings\Haze\Application Data\Mozilla\Firefox\Profiles\8aaml5t5.default\cookies-1.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.71:C:\Documents and Settings\Haze\Application Data\Mozilla\Firefox\Profiles\8aaml5t5.default\cookies-2.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.72:C:\Documents and Settings\Haze\Application Data\Mozilla\Firefox\Profiles\8aaml5t5.default\cookies-2.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.294:C:\Documents and Settings\Haze\Application Data\Mozilla\Firefox\Profiles\8aaml5t5.default\cookies-1.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.295:C:\Documents and Settings\Haze\Application Data\Mozilla\Firefox\Profiles\8aaml5t5.default\cookies-2.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.334:C:\Documents and Settings\Haze\Application Data\Mozilla\Firefox\Profiles\8aaml5t5.default\cookies-3.txt -> TrackingCookie.Zedo : Cleaned.


::Report end
beangod
Regular Member
 
Posts: 17
Joined: January 13th, 2008, 12:26 pm

Re: My hijack log

Unread postby IndiGenus » January 18th, 2008, 1:41 pm

Hi,

Glad to hear things are running better. I would suggest we do one more virus scan now and we should be pretty much OK after that...

Using Internet Explorer, click on Kaspersky Online Scanner
    * Click 'Accept' in the window that pops up.
    * You will be prompted to install an ActiveX component from Kaspersky, Click on the information bar and select Install ActiveX Control if so. This may happen more than once. That is OK. You also may get a warning from your Windows Firewall. You can tell it to unblock.
    * The program will launch and then start to download the latest definition files.
    * Once the scanner is installed and the definitions downloaded, click 'Next'.
    * Now click on 'Scan Settings'
    * In the scan settings make sure that the following are selected:
    o Scan using the following Anti-Virus database: 'Extended' (If available, otherwise 'Standard')
    o Scan Options: 'Scan Archives' and 'Scan Mail Bases'
    * Click 'OK'
    * Now under 'Select a target to scan' select 'My Computer'
    * The scan will take a while, so be patient and let it run. Once the scan is complete, it will display whether your system has been infected.
    * Now click on the 'Save Report As...' button:
    * Make sure it says Save as a text file - change it if not
    * Save the file to your desktop.
Please post the Kaspersky report and a new HijackThis log.
User avatar
IndiGenus
Regular Member
 
Posts: 657
Joined: February 2nd, 2005, 1:49 pm
Location: New England, USA

Re: My hijack log

Unread postby beangod » January 18th, 2008, 4:05 pm

Yea, things seem ok but it looks like I still have issues though, not sure. Here are the logs.

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Friday, January 18, 2008 2:56:58 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 18/01/2008
Kaspersky Anti-Virus database records: 522502
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\
E:\
F:\
G:\

Scan Statistics:
Total number of scanned objects: 55118
Number of viruses found: 5
Number of infected objects: 8
Number of suspicious objects: 4
Duration of the scan process: 00:31:10

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ZlobVideoActiveXAccess1.zip/imsmain.exe Suspicious: Password-protected-EXE skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ZlobVideoActiveXAccess1.zip ZIP: suspicious - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ZlobVideoActiveXAccess4.zip/iesmn.exe Suspicious: Password-protected-EXE skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ZlobVideoActiveXAccess4.zip ZIP: suspicious - 1 skipped
C:\Documents and Settings\Haze\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Haze\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Haze\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Haze\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Haze\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
C:\Documents and Settings\Haze\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Haze\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Haze\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\PolarisX\mirc.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.616 skipped
C:\Program Files\ESET\cache\CACHE.NDB Object is locked skipped
C:\Program Files\ESET\infected\0WPBIJAA.NQF Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\Program Files\ESET\infected\DLNZMWDA.NQF Infected: Trojan-Downloader.Win32.Agent.gwe skipped
C:\Program Files\ESET\infected\E1EH3TAA.NQF Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\Program Files\ESET\infected\GGXCS4DA.NQF Infected: Backdoor.Win32.Agent.dbm skipped
C:\Program Files\ESET\infected\HGJVM5CA.NQF Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\Program Files\ESET\infected\SDBBARCA.NQF Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\Program Files\ESET\logs\virlog.dat Object is locked skipped
C:\Program Files\ESET\logs\warnlog.dat Object is locked skipped
C:\Program Files\mIRC\mirc.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.616 skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{C89D0922-C6D1-45BF-95FE-BA0BEA67F03F}\RP6\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SoftwareDistribution\EventCache\{454D1722-1226-4231-A8F1-D6E34EBC4019}.bin Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\ACEEvent.evt Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\drivers\sptd.sys Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\TEMP\Perflib_Perfdata_628.dat Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
D:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
D:\System Volume Information\_restore{C89D0922-C6D1-45BF-95FE-BA0BEA67F03F}\RP6\change.log Object is locked skipped

Scan process completed.


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:58:28 PM, on 1/18/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Trend Micro\HijackThis\Findme.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKUS\S-1-5-20\..\RunOnce: [NeroHomeFirstStart] C:\Program Files\Common Files\Ahead\Lib\NMFirstStart.exe (User 'NETWORK SERVICE')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - http://www.comcastsupport.com/sdcxuser/asp/tgctlsr.cab
O16 - DPF: {02AA9E0F-B4EB-4BE9-A769-FD09543FEEC2} (UniInstaller Class) - http://www.sexyads.net/members/voice-installer.cab
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {0835BC90-6ABC-4F52-A103-4FC3A61F2C33} (A18X Control) - http://www.albatross18.com/cabs/A18X.ocx
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partne ... nicode.cab
O16 - DPF: {1842B0EE-B597-11D4-8997-00104BD12D94} (iCC Class) - http://pcpitstop.com/internet/pcpConnCheck.cab
O16 - DPF: {2931566C-B8A6-46C5-BF4D-E6AB9251E953} (Nexon Package Manager Control) - http://www.nexon.co.jp/JP/f/ActiveX/Public/nxpm.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - http://www.fileplanet.com/fpdlmgr/cabs/ ... 1.2.76.cab
O16 - DPF: {48884C41-EFAC-433D-958A-9FADAC41408E} (EGamesPlugin Class) - https://www.e-games.com.my/com/EGamesPlugin.cab
O16 - DPF: {56393399-041A-4650-94C7-13DFCB1F4665} (PSFormX Control) - http://pcpitstop.com/pestscan/pestscan.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windows ... 0231545154
O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Housecall ActiveX 6.5) - http://housecall65.trendmicro.com/house ... hcImpl.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004 ... scan53.cab
O16 - DPF: {77B4BB82-C2AD-4BF8-A1A2-795605604CA8} (CNeoInstallShieldX Object) - http://d-fighter.nefficient.co.kr/samsu ... er/dis.cab
O16 - DPF: {ADCC68D4-AAEA-4338-817D-1F261D9FB759} (ENetLauncher Control) - http://www.dragongemworld.com/Active_X/ENetLauncher.cab
O16 - DPF: {B45E969D-924F-4C83-ACF3-38CDD115AA2C} (MpiPlugin Class) - https://www.isaackorea.net/update/ilkactx.cab
O16 - DPF: {CEA3052D-65B9-44E2-A501-5E14024BC66F} (TricksterActiveX Control) - http://www.tricksteronline.com/control/ ... ctiveX.cab
O16 - DPF: {D6FCA8ED-4715-43DE-9BD2-2789778A5B09} - https://my.levelupgames.ph/KeyCrypt/npkcx.cab
O16 - DPF: {D88C7675-7CEE-4C9A-BDD4-7A43EED7794D} (Logout Class) - http://www.gamengame.com/KALogoutComponent.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{7EBB828C-B2CD-408D-84C5-04E387CD4CB8}: NameServer = 68.87.74.162,68.87.68.162
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\System32\UAService7.exe

--
End of file - 7386 bytes
beangod
Regular Member
 
Posts: 17
Joined: January 13th, 2008, 12:26 pm

Re: My hijack log

Unread postby beangod » January 20th, 2008, 11:33 am

Well I've rescanned everything, and it looks pretty clean. I guess those files stay in quarantine. So I'd like to extend my thanks to you again Dave with all your help. Here is my last HJT log, feel free to close the topic. :)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:28:14 AM, on 1/20/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\PeerGuardian2\pg2.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\Findme.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe"
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [PeerGuardian] C:\Program Files\PeerGuardian2\pg2.exe
O4 - HKUS\S-1-5-20\..\RunOnce: [NeroHomeFirstStart] C:\Program Files\Common Files\Ahead\Lib\NMFirstStart.exe (User 'NETWORK SERVICE')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - http://www.comcastsupport.com/sdcxuser/asp/tgctlsr.cab
O16 - DPF: {02AA9E0F-B4EB-4BE9-A769-FD09543FEEC2} (UniInstaller Class) - http://www.sexyads.net/members/voice-installer.cab
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {0835BC90-6ABC-4F52-A103-4FC3A61F2C33} (A18X Control) - http://www.albatross18.com/cabs/A18X.ocx
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partne ... nicode.cab
O16 - DPF: {1842B0EE-B597-11D4-8997-00104BD12D94} (iCC Class) - http://pcpitstop.com/internet/pcpConnCheck.cab
O16 - DPF: {2931566C-B8A6-46C5-BF4D-E6AB9251E953} (Nexon Package Manager Control) - http://www.nexon.co.jp/JP/f/ActiveX/Public/nxpm.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - http://www.fileplanet.com/fpdlmgr/cabs/ ... 1.2.76.cab
O16 - DPF: {48884C41-EFAC-433D-958A-9FADAC41408E} (EGamesPlugin Class) - https://www.e-games.com.my/com/EGamesPlugin.cab
O16 - DPF: {56393399-041A-4650-94C7-13DFCB1F4665} (PSFormX Control) - http://pcpitstop.com/pestscan/pestscan.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windows ... 0231545154
O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Housecall ActiveX 6.5) - http://housecall65.trendmicro.com/house ... hcImpl.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004 ... scan53.cab
O16 - DPF: {77B4BB82-C2AD-4BF8-A1A2-795605604CA8} (CNeoInstallShieldX Object) - http://d-fighter.nefficient.co.kr/samsu ... er/dis.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan ... asinst.cab
O16 - DPF: {ADCC68D4-AAEA-4338-817D-1F261D9FB759} (ENetLauncher Control) - http://www.dragongemworld.com/Active_X/ENetLauncher.cab
O16 - DPF: {B45E969D-924F-4C83-ACF3-38CDD115AA2C} (MpiPlugin Class) - https://www.isaackorea.net/update/ilkactx.cab
O16 - DPF: {CEA3052D-65B9-44E2-A501-5E14024BC66F} (TricksterActiveX Control) - http://www.tricksteronline.com/control/ ... ctiveX.cab
O16 - DPF: {D6FCA8ED-4715-43DE-9BD2-2789778A5B09} - https://my.levelupgames.ph/KeyCrypt/npkcx.cab
O16 - DPF: {D88C7675-7CEE-4C9A-BDD4-7A43EED7794D} (Logout Class) - http://www.gamengame.com/KALogoutComponent.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{7EBB828C-B2CD-408D-84C5-04E387CD4CB8}: NameServer = 68.87.74.162,68.87.68.162
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\System32\UAService7.exe

--
End of file - 7184 bytes
beangod
Regular Member
 
Posts: 17
Joined: January 13th, 2008, 12:26 pm

Re: My hijack log

Unread postby IndiGenus » January 20th, 2008, 1:39 pm

Hi,

Nothing too bad found by Kaspersky. The mirc items found by Kaspersky are false positives. The rest of the items are in your Antivirus infected folder or quarantined and can be emptied/removed.

Time for some housekeeping

  • Click START then RUN
  • Now type Combofix /u in the runbox and click OK. Note the space between the X and the U, it needs to be there.


    • Image
The above procedure will:

  • Delete the following:
    • ComboFix and its associated files and folders.
    • VundoFix backups, if present
    • The C:\Deckard folder, if present
    • The C:_OtMoveIt folder, if present
  • Reset the clock settings.
  • Hide file extensions, if required.
  • Hide System/Hidden files, if required.
  • Reset System Restore.

In addition to updating and using what you currently have you may want to consider the following:

Use a Firewall - I can not stress how important it is that you use a Firewall on your computer. Without a firewall your computer is succeptible to being hacked and taken over. Simply using a Firewall in its default configuration can lower your risk greatly. Here are some free and evalutation versions that provide
better security than the Windows Firewall.For a tutorial on Firewalls and a listing of some other available ones see the link below:
Understanding and Using Firewalls

Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly or set your computer to receive automatic updates. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.

Install Ad-Aware - Ad-Aware SE You should also scan your computer with program on a regular basis just as you would an antivirus software in conjunction with Spybot.
A tutorial on installing & using this product can be found here:
Using Ad-aware to remove Spyware, Malware, & Hijackers from Your Computer

Install SpywareBlaster - SpywareBlaster will added a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs.
A tutorial on installing & using this product can be found here:
Using SpywareBlaster to protect your computer from Spyware and Malware

Install SpywareGuard - SpywareGuard provides a real-time protection solution against spyware that is a great addition to SpywareBlaster's protection method.
A tutorial on installing & using this product can be found here:
Using SpywareGuard to protect your computer from Spyware and Malware

Use IESpy-Ad -
IESpy-Ad will block access to malicious websites so you cannot be redirected to them from an infected site or email. Instructions for set up and use can be found at the website.

Update all of your Anti-Malware programs regularly - Make sure you update all the programs I have listed and the ones you are currently running regularly. Without regular updates you Will Not be protected when new malicious programs are released.

Here is a great link to a post here on securing your PC after an attack.
http://users.telenet.be/bluepatchy/miek ... ntion.html
User avatar
IndiGenus
Regular Member
 
Posts: 657
Joined: February 2nd, 2005, 1:49 pm
Location: New England, USA
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 29 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware