Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

browser hijacker and other problems

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Re: browser hijacker and other problems

Unread postby alango1 » October 18th, 2009, 10:37 pm

yes someone downloaded ovoot without my permission; I'm not happy and apologize for this
alango1
Regular Member
 
Posts: 45
Joined: September 23rd, 2009, 5:21 pm
Advertisement
Register to Remove

Re: browser hijacker and other problems

Unread postby alango1 » October 18th, 2009, 11:05 pm

All processes killed
========== PROCESSES ==========
========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A1FB2F9A-D35E-11DD-8935-E46A56D89593}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A1FB2F9A-D35E-11DD-8935-E46A56D89593}\ deleted successfully.
Registry key HKEY_CLASSES_ROOT\CLSID\{A1FB2F9A-D35E-11DD-8935-E46A56D89593}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A1FB2F9A-D35E-11DD-8935-E46A56D89593}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{A1FB2F9A-D35E-11DD-8935-E46A56D89593} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A1FB2F9A-D35E-11DD-8935-E46A56D89593}\ not found.
Registry key HKEY_CLASSES_ROOT\CLSID\{A1FB2F9A-D35E-11DD-8935-E46A56D89593}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A1FB2F9A-D35E-11DD-8935-E46A56D89593}\ not found.
Registry key HKEY_USERS\S-1-5-21-1242254589-3928601052-1316946525-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\Run not found.
Registry key HKEY_USERS\S-1-5-21-1242254589-3928601052-1316946525-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\Run not found.
Registry key HKEY_USERS\S-1-5-21-1242254589-3928601052-1316946525-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\Run not found.
Registry key HKEY_USERS\S-1-5-21-1242254589-3928601052-1316946525-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\Run not found.
Registry key HKEY_USERS\S-1-5-21-1242254589-3928601052-1316946525-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\Run not found.
Registry key HKEY_USERS\S-1-5-21-1242254589-3928601052-1316946525-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\Run not found.
Registry key HKEY_USERS\S-1-5-21-1242254589-3928601052-1316946525-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\Run not found.
Registry key HKEY_USERS\S-1-5-21-1242254589-3928601052-1316946525-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\Run not found.
Registry key HKEY_USERS\S-1-5-21-1242254589-3928601052-1316946525-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\Run not found.
Registry key HKEY_USERS\S-1-5-21-1242254589-3928601052-1316946525-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\Run not found.
Registry key HKEY_USERS\S-1-5-21-1242254589-3928601052-1316946525-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\Run not found.
Registry key HKEY_USERS\S-1-5-21-1242254589-3928601052-1316946525-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\Run not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ deleted successfully.
========== FILES ==========
C:\WINDOWS\Fonts moved successfully.
File/Folder C:\Program Files\?asks not found.
C:\Program Files\oovootb\chrome\skin\panels\images moved successfully.
C:\Program Files\oovootb\chrome\skin\panels\custom-form-elements moved successfully.
C:\Program Files\oovootb\chrome\skin\panels\css moved successfully.
C:\Program Files\oovootb\chrome\skin\panels moved successfully.
C:\Program Files\oovootb\chrome\skin\options moved successfully.
C:\Program Files\oovootb\chrome\skin\lib\weather moved successfully.
C:\Program Files\oovootb\chrome\skin\lib\uwa moved successfully.
C:\Program Files\oovootb\chrome\skin\lib moved successfully.
C:\Program Files\oovootb\chrome\skin\icon moved successfully.
C:\Program Files\oovootb\chrome\skin\button moved successfully.
C:\Program Files\oovootb\chrome\skin moved successfully.
C:\Program Files\oovootb\chrome\data\weather moved successfully.
C:\Program Files\oovootb\chrome\data\search moved successfully.
C:\Program Files\oovootb\chrome\data moved successfully.
C:\Program Files\oovootb\chrome\content\newtab\images moved successfully.
C:\Program Files\oovootb\chrome\content\newtab moved successfully.
C:\Program Files\oovootb\chrome\content\lib moved successfully.
C:\Program Files\oovootb\chrome\content\images moved successfully.
C:\Program Files\oovootb\chrome\content\gamefeeds moved successfully.
C:\Program Files\oovootb\chrome\content moved successfully.
C:\Program Files\oovootb\chrome moved successfully.
C:\Program Files\oovootb moved successfully.
File/Folder C:\Program Files\ooVoo not found.
File/Folder C:\Program Files\?ppPatch not found.
C:\Program Files\Common Files\System\Ole DB\resources\1033 moved successfully.
C:\Program Files\Common Files\System\Ole DB\resources moved successfully.
Folder move failed. C:\Program Files\Common Files\System\Ole DB scheduled to be moved on reboot.
C:\Program Files\Common Files\System\MSMAPI\1033 moved successfully.
C:\Program Files\Common Files\System\MSMAPI moved successfully.
Folder move failed. C:\Program Files\Common Files\System\MSADC scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Common Files\System\ADO scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Common Files\System scheduled to be moved on reboot.
C:\DOCUME~1\Andrew\MYDOCU~1\Оracle\Оracle moved successfully.
C:\DOCUME~1\Andrew\MYDOCU~1\Оracle moved successfully.
C:\Documents and Settings\Andrew\My Documents\АppPatch moved successfully.
C:\Documents and Settings\Andrew\Application Data\Adobe\Flash Player\AssetCache\U8QM5QDD moved successfully.
C:\Documents and Settings\Andrew\Application Data\Adobe\Flash Player\AssetCache moved successfully.
C:\Documents and Settings\Andrew\Application Data\Adobe\Flash Player moved successfully.
C:\Documents and Settings\Andrew\Application Data\Adobe\Acrobat\6.0\Updater moved successfully.
C:\Documents and Settings\Andrew\Application Data\Adobe\Acrobat\6.0\Preferences moved successfully.
C:\Documents and Settings\Andrew\Application Data\Adobe\Acrobat\6.0\Messages\ENU moved successfully.
C:\Documents and Settings\Andrew\Application Data\Adobe\Acrobat\6.0\Messages moved successfully.
C:\Documents and Settings\Andrew\Application Data\Adobe\Acrobat\6.0\eBooks moved successfully.
C:\Documents and Settings\Andrew\Application Data\Adobe\Acrobat\6.0\Collab moved successfully.
C:\Documents and Settings\Andrew\Application Data\Adobe\Acrobat\6.0\AcroForm moved successfully.
C:\Documents and Settings\Andrew\Application Data\Adobe\Acrobat\6.0 moved successfully.
C:\Documents and Settings\Andrew\Application Data\Adobe\Acrobat moved successfully.
C:\Documents and Settings\Andrew\Application Data\Adobe moved successfully.
C:\Documents and Settings\Andrew\Application Data\Αdobe moved successfully.
C:\Documents and Settings\Andrew\Application Data\Аdobe moved successfully.
C:\Documents and Settings\Andrew\Application Data\WіnSxS moved successfully.
File/Folder C:\Documents and Settings\Andrew\My Documents\?racle not found.
C:\Documents and Settings\Andrew\Application Data\Acid Body Poll moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Andrew
->Temp folder emptied: 91045 bytes
->Temporary Internet Files folder emptied: 183426336 bytes
->Java cache emptied: 0 bytes

User: Dad
->Temp folder emptied: 17924 bytes
->Temporary Internet Files folder emptied: 6307671 bytes
->Java cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
File delete failed. C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
->Temporary Internet Files folder emptied: 33170 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
File delete failed. C:\WINDOWS\temp\mcmsc_hqKW0IwizT3xkkf scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\mcmsc_XYmnEyVMa2pSXwm scheduled to be deleted on reboot.
Windows Temp folder emptied: 37071 bytes
RecycleBin emptied: 235 bytes

Total Files Cleaned = 181.15 mb

C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTM by OldTimer - Version 3.0.0.6 log created on 10182009_225533

Files moved on Reboot...
Folder move failed. C:\Program Files\Common Files\System\Ole DB scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Common Files\System\MSADC scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Common Files\System\ADO scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Common Files\System\Ole DB scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Common Files\System\MSADC scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Common Files\System\ADO scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Common Files\System scheduled to be moved on reboot.
File C:\WINDOWS\temp\mcmsc_hqKW0IwizT3xkkf not found!
File C:\WINDOWS\temp\mcmsc_XYmnEyVMa2pSXwm not found!

Registry entries deleted on Reboot...
alango1
Regular Member
 
Posts: 45
Joined: September 23rd, 2009, 5:21 pm

Re: browser hijacker and other problems

Unread postby alango1 » October 18th, 2009, 11:13 pm

--------------------\\ Lop S&D 4.2.5-0 XP/Vista

Microsoft Windows XP Home Edition ( v5.1.2600 ) Service Pack 3
X86-based PC ( Multiprocessor Free : Intel(R) Pentium(R) 4 CPU 3.00GHz )
BIOS : Phoenix ROM BIOS PLUS Version 1.10 A03
USER : Dad ( Administrator )
BOOT : Normal boot
Antivirus : McAfee VirusScan (Not Activated)
Firewall : McAfee Personal Firewall (Activated)
A:\ (USB)
C:\ (Local Disk) - NTFS - Total:70 Go (Free:37 Go)
D:\ (CD or DVD)
E:\ (CD or DVD)

"C:\Lop SD" ( MAJ : 19-12-2008|23:40 )
Option : [1] ( Sun 10/18/2009|23:09 )

--------------------\\ Listing folders in APPLIC~1

[11/16/2004|08:53] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Adobe
[05/15/2008|10:10] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> AOL
[05/15/2008|10:10] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> AOL Downloads
[02/12/2007|03:04] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> AOL OCP
[07/16/2008|01:40] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Apple
[07/20/2008|01:59] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Apple Computer
[04/28/2009|01:26] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> AVS4YOU
[11/16/2004|08:41] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> CyberLink
[04/28/2008|06:56] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Dell
[10/16/2009|11:11] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> EmailNotifier
[03/30/2008|11:56] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Grisoft
[08/19/2008|12:33] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Logishrd
[08/19/2008|12:24] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Logitech
[04/24/2008|09:55] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Malwarebytes
[10/12/2009|01:30] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> McAfee
[04/24/2008|11:39] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> McAfee.com
[10/08/2009|04:39] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Microsoft
[04/28/2008|06:47] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Ping Online Link Corn
[09/19/2009|10:56] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Pure Networks
[11/16/2004|08:43] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> QuickTime
[11/16/2004|08:18] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> SBSI
[10/08/2008|12:31] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> SiteAdvisor
[04/24/2008|11:24] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Spybot - Search & Destroy
[10/08/2009|02:22] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> TEMP
[02/19/2009|11:50] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Viewpoint
[04/21/2009|12:51] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Windows Genuine Advantage

[02/12/2007|03:04] C:\DOCUME~1\Andrew\APPLIC~1\<DIR> acccore
[02/26/2005|11:35] C:\DOCUME~1\Andrew\APPLIC~1\<DIR> AdobeUM
[01/03/2005|02:29] C:\DOCUME~1\Andrew\APPLIC~1\<DIR> Aim
[10/27/2008|08:01] C:\DOCUME~1\Andrew\APPLIC~1\<DIR> Apple Computer
[04/28/2009|01:26] C:\DOCUME~1\Andrew\APPLIC~1\<DIR> AVS4YOU
[06/18/2005|12:46] C:\DOCUME~1\Andrew\APPLIC~1\<DIR> CyberLink
[12/13/2006|08:17] C:\DOCUME~1\Andrew\APPLIC~1\<DIR> DivX
[10/16/2009|11:25] C:\DOCUME~1\Andrew\APPLIC~1\<DIR> EmailNotifier
[03/07/2008|02:33] C:\DOCUME~1\Andrew\APPLIC~1\<DIR> F?nts
[09/19/2006|11:59] C:\DOCUME~1\Andrew\APPLIC~1\<DIR> Google
[03/09/2005|12:43] C:\DOCUME~1\Andrew\APPLIC~1\<DIR> Help
[11/16/2004|08:18] C:\DOCUME~1\Andrew\APPLIC~1\<DIR> Identities
[11/16/2004|08:43] C:\DOCUME~1\Andrew\APPLIC~1\<DIR> Jasc Software Inc
[11/20/2004|04:23] C:\DOCUME~1\Andrew\APPLIC~1\<DIR> Leadertech
[05/30/2005|09:06] C:\DOCUME~1\Andrew\APPLIC~1\<DIR> Macromedia
[02/19/2009|09:47] C:\DOCUME~1\Andrew\APPLIC~1\<DIR> Malwarebytes
[05/05/2009|09:45] C:\DOCUME~1\Andrew\APPLIC~1\<DIR> McGraw-HillLicensing
[07/17/2008|09:50] C:\DOCUME~1\Andrew\APPLIC~1\<DIR> Microsoft
[06/12/2008|05:39] C:\DOCUME~1\Andrew\APPLIC~1\<DIR> MSNInstaller
[01/02/2006|03:26] C:\DOCUME~1\Andrew\APPLIC~1\<DIR> Musicmatch
[05/19/2005|05:47] C:\DOCUME~1\Andrew\APPLIC~1\<DIR> Netscape
[10/16/2009|11:15] C:\DOCUME~1\Andrew\APPLIC~1\<DIR> ooVoo Details
[10/16/2009|11:26] C:\DOCUME~1\Andrew\APPLIC~1\<DIR> oovootb
[08/14/2005|08:20] C:\DOCUME~1\Andrew\APPLIC~1\<DIR> Real
[02/15/2006|12:12] C:\DOCUME~1\Andrew\APPLIC~1\<DIR> Registry Defender
[11/16/2004|08:57] C:\DOCUME~1\Andrew\APPLIC~1\<DIR> Sonic
[11/16/2004|08:40] C:\DOCUME~1\Andrew\APPLIC~1\<DIR> Sun
[05/22/2008|03:46] C:\DOCUME~1\Andrew\APPLIC~1\<DIR> Viewpoint
[09/28/2009|10:09] C:\DOCUME~1\Andrew\APPLIC~1\<DIR> WeatherBug
[05/02/2009|11:00] C:\DOCUME~1\Andrew\APPLIC~1\<DIR> ??crosoft.NET
[04/13/2008|03:27] C:\DOCUME~1\Andrew\APPLIC~1\<DIR> ?ssembly
[03/21/2008|06:05] C:\DOCUME~1\Andrew\APPLIC~1\<DIR> ??pPatch
[03/26/2009|01:16] C:\DOCUME~1\Andrew\APPLIC~1\<DIR> ??crosoft.NET

[09/13/2009|11:13] C:\DOCUME~1\Dad\APPLIC~1\<DIR> Adobe
[10/10/2005|12:47] C:\DOCUME~1\Dad\APPLIC~1\<DIR> Aim
[10/05/2009|02:58] C:\DOCUME~1\Dad\APPLIC~1\<DIR> DivX
[10/17/2009|08:42] C:\DOCUME~1\Dad\APPLIC~1\<DIR> EmailNotifier
[09/13/2009|11:17] C:\DOCUME~1\Dad\APPLIC~1\<DIR> Google
[11/16/2004|08:18] C:\DOCUME~1\Dad\APPLIC~1\<DIR> Identities
[11/16/2004|08:43] C:\DOCUME~1\Dad\APPLIC~1\<DIR> Jasc Software Inc
[06/24/2006|10:50] C:\DOCUME~1\Dad\APPLIC~1\<DIR> Macromedia
[04/24/2008|09:55] C:\DOCUME~1\Dad\APPLIC~1\<DIR> Malwarebytes
[09/24/2009|09:42] C:\DOCUME~1\Dad\APPLIC~1\<DIR> Microsoft
[10/17/2009|08:42] C:\DOCUME~1\Dad\APPLIC~1\<DIR> oovootb
[11/16/2004|08:57] C:\DOCUME~1\Dad\APPLIC~1\<DIR> Sonic
[11/16/2004|08:40] C:\DOCUME~1\Dad\APPLIC~1\<DIR> Sun

[11/16/2004|08:18] C:\DOCUME~1\DEFAUL~1\APPLIC~1\<DIR> Identities
[11/16/2004|08:43] C:\DOCUME~1\DEFAUL~1\APPLIC~1\<DIR> Jasc Software Inc
[11/16/2004|08:18] C:\DOCUME~1\DEFAUL~1\APPLIC~1\<DIR> Microsoft
[11/16/2004|08:57] C:\DOCUME~1\DEFAUL~1\APPLIC~1\<DIR> Sonic
[11/16/2004|08:40] C:\DOCUME~1\DEFAUL~1\APPLIC~1\<DIR> Sun

[04/24/2008|09:49] C:\DOCUME~1\LOCALS~1\APPLIC~1\<DIR> Google
[10/13/2009|11:48] C:\DOCUME~1\LOCALS~1\APPLIC~1\<DIR> Microsoft
[08/27/2009|02:32] C:\DOCUME~1\LOCALS~1\APPLIC~1\<DIR> SACore

[07/11/2007|03:00] C:\DOCUME~1\NETWOR~1\APPLIC~1\<DIR> Microsoft

--------------------\\ Scheduled Tasks located in C:\WINDOWS\Tasks

[10/12/2009 01:24 PM][--a------] C:\WINDOWS\tasks\McDefragTask.job
[10/12/2009 01:23 PM][--a------] C:\WINDOWS\tasks\McQcTask.job
[09/01/2009 08:45 PM][--a------] C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[10/18/2009 10:59 PM][--ah-----] C:\WINDOWS\tasks\SA.DAT
[08/04/2004 07:00 AM][-r-h-----] C:\WINDOWS\tasks\DESKTOP.INI

--------------------\\ Listing Folders in C:\Program Files

[03/04/2007|03:06] C:\Program Files\<DIR> Acid Body Poll
[02/26/2005|11:35] C:\Program Files\<DIR> Adobe
[02/14/2007|04:12] C:\Program Files\<DIR> AIM
[05/15/2008|10:13] C:\Program Files\<DIR> AIM6
[01/03/2005|02:20] C:\Program Files\<DIR> America Online 9.0
[09/13/2006|09:27] C:\Program Files\<DIR> AOD
[05/15/2008|10:11] C:\Program Files\<DIR> AOL
[11/16/2004|08:43] C:\Program Files\<DIR> AOL Companion
[07/16/2008|01:41] C:\Program Files\<DIR> Apple Software Update
[12/01/2005|03:19] C:\Program Files\<DIR> ArtisanDVDPlayer
[01/16/2009|06:25] C:\Program Files\<DIR> ASIO4ALL v2
[09/28/2008|05:30] C:\Program Files\<DIR> Audacity
[04/28/2009|01:26] C:\Program Files\<DIR> AVS4YOU
[01/03/2005|02:29] C:\Program Files\<DIR> AWS
[03/21/2009|01:50] C:\Program Files\<DIR> bama
[10/13/2009|11:24] C:\Program Files\<DIR> Common Files
[11/16/2004|08:18] C:\Program Files\<DIR> ComPlus Applications
[11/16/2004|08:30] C:\Program Files\<DIR> CONEXANT
[11/16/2004|08:52] C:\Program Files\<DIR> Dell
[11/16/2004|08:43] C:\Program Files\<DIR> Dell Computer
[11/16/2004|08:41] C:\Program Files\<DIR> Digital Line Detect
[10/05/2009|04:24] C:\Program Files\<DIR> DivX
[10/12/2009|12:23] C:\Program Files\<DIR> ERUNT
[04/24/2008|10:26] C:\Program Files\<DIR> EsetOnlineScanner
[03/21/2009|01:51] C:\Program Files\<DIR> Free Offers from Freeze.com
[10/08/2009|11:22] C:\Program Files\<DIR> Google
[04/11/2007|12:05] C:\Program Files\<DIR> Grisoft
[01/16/2009|06:25] C:\Program Files\<DIR> Image-Line
[10/17/2009|08:45] C:\Program Files\<DIR> InstallShield Installation Information
[11/16/2004|08:40] C:\Program Files\<DIR> Intel
[10/14/2009|12:31] C:\Program Files\<DIR> Internet Explorer
[07/20/2008|02:00] C:\Program Files\<DIR> iPod
[07/20/2008|02:00] C:\Program Files\<DIR> iTunes
[11/16/2004|08:43] C:\Program Files\<DIR> Jasc Software Inc
[10/13/2009|10:45] C:\Program Files\<DIR> Java
[11/16/2004|08:43] C:\Program Files\<DIR> Learn2.com
[09/19/2009|10:57] C:\Program Files\<DIR> Linksys
[08/19/2008|12:24] C:\Program Files\<DIR> Logitech
[10/12/2009|01:54] C:\Program Files\<DIR> Malwarebytes' Anti-Malware
[10/12/2009|02:15] C:\Program Files\<DIR> McAfee
[10/12/2009|01:23] C:\Program Files\<DIR> McAfee.com
[10/10/2008|04:01] C:\Program Files\<DIR> Media Converter SA Edition
[06/01/2009|02:55] C:\Program Files\<DIR> Messenger
[10/08/2009|04:39] C:\Program Files\<DIR> Microsoft
[11/16/2004|08:44] C:\Program Files\<DIR> Microsoft ActiveSync
[11/16/2004|08:18] C:\Program Files\<DIR> microsoft frontpage
[11/16/2004|08:44] C:\Program Files\<DIR> Microsoft Office
[11/16/2004|08:55] C:\Program Files\<DIR> Microsoft Plus! Digital Media Edition
[11/16/2004|08:55] C:\Program Files\<DIR> Microsoft Plus! Photo Story 2 LE
[11/16/2004|08:45] C:\Program Files\<DIR> Microsoft SQL Server
[11/16/2004|08:44] C:\Program Files\<DIR> Microsoft Visual Studio
[11/16/2004|08:46] C:\Program Files\<DIR> Microsoft Visual Studio .NET 2003
[01/14/2005|10:26] C:\Program Files\<DIR> Microsoft Works
[11/16/2004|08:44] C:\Program Files\<DIR> Microsoft.NET
[11/16/2004|08:41] C:\Program Files\<DIR> Modem Helper
[06/01/2009|02:46] C:\Program Files\<DIR> Movie Maker
[08/16/2009|02:51] C:\Program Files\<DIR> MSBuild
[10/08/2009|04:38] C:\Program Files\<DIR> MSN
[11/16/2004|08:18] C:\Program Files\<DIR> MSN Gaming Zone
[01/02/2006|03:26] C:\Program Files\<DIR> MUSICMATCH
[06/01/2009|02:41] C:\Program Files\<DIR> NetMeeting
[05/19/2005|05:45] C:\Program Files\<DIR> Netscape
[11/16/2004|08:41] C:\Program Files\<DIR> NetWaiting
[01/14/2005|10:28] C:\Program Files\<DIR> OfficeUpdate11
[11/16/2004|08:18] C:\Program Files\<DIR> Online Services
[08/12/2009|03:53] C:\Program Files\<DIR> Outlook Express
[01/16/2009|06:19] C:\Program Files\<DIR> Outsim
[07/16/2008|01:43] C:\Program Files\<DIR> QuickTime
[11/16/2004|08:42] C:\Program Files\<DIR> Real
[08/16/2009|02:51] C:\Program Files\<DIR> Reference Assemblies
[02/15/2006|12:12] C:\Program Files\<DIR> Registry Defender Trial
[07/13/2005|04:41] C:\Program Files\<DIR> SecretSmileys
[11/16/2004|08:56] C:\Program Files\<DIR> Sonic
[04/24/2008|11:28] C:\Program Files\<DIR> Spybot - Search & Destroy
[10/08/2009|02:21] C:\Program Files\<DIR> SpywareBlaster
[07/13/2005|07:59] C:\Program Files\<DIR> The Weather Channel FW
[10/14/2009|09:19] C:\Program Files\<DIR> trend micro
[11/16/2004|08:46] C:\Program Files\<DIR> Uninstall Information
[02/19/2009|11:50] C:\Program Files\<DIR> Viewpoint
[01/16/2009|06:25] C:\Program Files\<DIR> VstPlugins
[04/21/2009|12:10] C:\Program Files\<DIR> Windows Media Connect 2
[06/01/2009|02:41] C:\Program Files\<DIR> Windows Media Player
[06/01/2009|02:41] C:\Program Files\<DIR> Windows NT
[11/16/2004|08:18] C:\Program Files\<DIR> WindowsUpdate
[11/16/2004|08:18] C:\Program Files\<DIR> XEROX
[03/20/2006|04:37] C:\Program Files\<DIR> Xilisoft
[07/13/2005|05:11] C:\Program Files\<DIR> Xingtone
[05/30/2005|09:05] C:\Program Files\<DIR> Yahoo!
[11/16/2004|08:51] C:\Program Files\<DIR> Your Company Name

--------------------\\ Listing Folders in C:\Program Files\Common Files

[11/21/2004|11:00] C:\Program Files\Common Files\<DIR> Adobe
[05/15/2008|10:11] C:\Program Files\Common Files\<DIR> AOL
[11/16/2004|08:43] C:\Program Files\Common Files\<DIR> aolshare
[07/16/2008|01:40] C:\Program Files\Common Files\<DIR> Apple
[04/28/2009|01:26] C:\Program Files\Common Files\<DIR> AVSMedia
[11/16/2004|08:46] C:\Program Files\Common Files\<DIR> Crystal Decisions
[11/16/2004|08:44] C:\Program Files\Common Files\<DIR> DESIGNER
[11/16/2004|08:56] C:\Program Files\Common Files\<DIR> InstallShield
[11/16/2004|08:44] C:\Program Files\Common Files\<DIR> L&H
[08/19/2008|12:29] C:\Program Files\Common Files\<DIR> LogiShrd
[10/12/2009|01:24] C:\Program Files\Common Files\<DIR> McAfee
[04/28/2009|01:26] C:\Program Files\Common Files\<DIR> Microsoft Shared
[11/16/2004|08:18] C:\Program Files\Common Files\<DIR> MSSoap
[11/16/2004|08:43] C:\Program Files\Common Files\<DIR> Nullsoft
[11/16/2004|08:18] C:\Program Files\Common Files\<DIR> ODBC
[09/19/2009|10:56] C:\Program Files\Common Files\<DIR> Pure Networks Shared
[11/16/2004|08:42] C:\Program Files\Common Files\<DIR> Real
[11/16/2004|08:18] C:\Program Files\Common Files\<DIR> Services
[11/16/2004|08:56] C:\Program Files\Common Files\<DIR> Sonic
[11/16/2004|08:18] C:\Program Files\Common Files\<DIR> SpeechEngines
[10/18/2009|11:00] C:\Program Files\Common Files\<DIR> System

--------------------\\ Process

( 57 Processes )

iexplore.exe ~ [PID:3060]

--------------------\\ Searching with S_Lop

No Lop folder found !

--------------------\\ Searching for Lop Files - Folders

No Lop folder found !

--------------------\\ Searching within the Registry

..... OK !

--------------------\\ Checking the Hosts file

Hosts file CLEAN


--------------------\\ Searching for hidden files with Catchme

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-18 23:11:20
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 0

--------------------\\ Searching for other infections


No other infections found !

[F:5][D:1]-> C:\DOCUME~1\Dad\LOCALS~1\Temp
[F:13][D:0]-> C:\DOCUME~1\Dad\Cookies
[F:419][D:4]-> C:\DOCUME~1\Dad\LOCALS~1\TEMPOR~1\content.IE5

1 - "C:\Lop SD\LopR_1.txt" - Sun 10/18/2009|23:12 - Option : [1]

--------------------\\ Scan completed at 23:12:20
alango1
Regular Member
 
Posts: 45
Joined: September 23rd, 2009, 5:21 pm

Re: browser hijacker and other problems

Unread postby alango1 » October 18th, 2009, 11:14 pm

Logfile of random's system information tool 1.06 (written by random/random)
Run by Dad at 2009-10-18 23:13:44
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 38 GB (52%) free of 73 GB
Total RAM: 502 MB (40% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:13:51 PM, on 10/18/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16915)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
C:\WINDOWS\Explorer.EXE
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\notepad.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Linksys\Linksys Wireless Manager\LinksysWirelessManager.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\America Online 9.0\aoltray.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\internet explorer\iexplore.exe
c:\program files\aol\aim toolbar 5.0\AolTbServer.exe
C:\Program Files\MSN\Toolbar\3.0.1125.0\msntask.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Dad\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Dad.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell4me.com/myway
O1 - Hosts: ÿþ127.0.0.1 localhost
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: MSN Toolbar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN\Toolbar\3.0.1125.0\msneshellx.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O3 - Toolbar: AIM Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O3 - Toolbar: MSN Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.1125.0\msneshellx.dll
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [Linksys Wireless Manager] "C:\Program Files\Linksys\Linksys Wireless Manager\LinksysWirelessManager.exe" /cm /min /lcid 1033
O4 - HKLM\..\Run: [Microsoft Default Manager] "C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aim toolbar 5.0\resources\en-US\local\search.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra button: AIM Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: MBackMonitor - McAfee - C:\Program Files\McAfee\MBK\MBackMonitor.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Pure Networks Platform Service (nmservice) - Cisco Systems, Inc. - C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

--
End of file - 9904 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\McDefragTask.job
C:\WINDOWS\tasks\McQcTask.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]
Yahoo! Companion BHO - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll [2004-09-29 292947]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll [2003-11-03 54248]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5CA3D70E-1895-11CF-8E15-001234567890}]
DriveLetterAccess - C:\WINDOWS\system32\dla\tfswshx.dll [2004-08-13 118842]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}]
Search Helper - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll [2009-01-14 92504]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre6\bin\ssv.dll [2009-10-08 321312]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7C554162-8CB7-45A4-B8F4-8EA1C75885F9}]
AOL Toolbar Launcher - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll [2007-10-10 1090912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7DB2D5A0-7241-4E79-B68D-6309F01C5231}]
scriptproxy - C:\Program Files\McAfee\VirusScan\scriptsn.dll [2009-07-08 62784]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d2ce3e00-f94a-4740-988e-03dc2f38c34f}]
MSN Toolbar Helper - C:\Program Files\MSN\Toolbar\3.0.1125.0\msneshellx.dll [2009-02-09 82768]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-10-08 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-10-08 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Companion - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll [2004-09-29 292947]
{DE9C389F-3316-41A7-809B-AA305ED9D922} - AIM Toolbar - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll [2007-10-10 1090912]
{1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - MSN Toolbar - C:\Program Files\MSN\Toolbar\3.0.1125.0\msneshellx.dll [2009-02-09 82768]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"PCMService"=C:\Program Files\Dell\Media Experience\PCMService.exe [2004-04-11 290816]
"UpdateManager"=C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe [2004-01-07 110592]
"dla"=C:\WINDOWS\system32\dla\tfswctrl.exe [2004-08-13 122939]
"igfxhkcmd"=C:\WINDOWS\system32\hkcmd.exe [2005-10-14 77824]
"igfxpers"=C:\WINDOWS\system32\igfxpers.exe [2005-10-14 114688]
"AppleSyncNotifier"=C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [2008-07-10 116040]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2008-07-10 289064]
"LogitechQuickCamRibbon"=C:\Program Files\Logitech\QuickCam\Quickcam.exe [2007-10-25 2178832]
"LogitechCommunicationsManager"=C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe [2007-10-25 563984]
"Linksys Wireless Manager"=C:\Program Files\Linksys\Linksys Wireless Manager\LinksysWirelessManager.exe [2009-02-16 1358384]
"Microsoft Default Manager"=C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe [2009-02-03 233304]
"mcagent_exe"=C:\Program Files\McAfee.com\Agent\mcagent.exe [2009-07-10 645328]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
America Online 9.0 Tray Icon.lnk - C:\Program Files\America Online 9.0\aoltray.exe
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2005-10-14 135168]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mcmscsvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MpfService]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

======List of files/folders created in the last 1 months======

2009-10-18 23:09:19 ----A---- C:\lopR.txt
2009-10-18 23:08:19 ----D---- C:\Lop SD
2009-10-17 20:42:00 ----D---- C:\Documents and Settings\Dad\Application Data\EmailNotifier
2009-10-17 20:41:40 ----D---- C:\Documents and Settings\Dad\Application Data\oovootb
2009-10-16 23:11:50 ----D---- C:\Documents and Settings\All Users\Application Data\EmailNotifier
2009-10-16 20:56:55 ----D---- C:\_OTM
2009-10-14 22:00:27 ----SHD---- C:\RECYCLER
2009-10-14 00:36:38 ----SHD---- C:\Config.Msi
2009-10-14 00:35:07 ----HDC---- C:\WINDOWS\$NtUninstallKB958869$
2009-10-14 00:32:14 ----HDC---- C:\WINDOWS\$NtUninstallKB969059$
2009-10-14 00:32:06 ----HDC---- C:\WINDOWS\$NtUninstallKB954155_WM9$
2009-10-14 00:31:57 ----HDC---- C:\WINDOWS\$NtUninstallKB974112$
2009-10-14 00:31:48 ----HDC---- C:\WINDOWS\$NtUninstallKB975025$
2009-10-14 00:30:19 ----HDC---- C:\WINDOWS\$NtUninstallKB974571$
2009-10-14 00:28:59 ----HDC---- C:\WINDOWS\$NtUninstallKB971486$
2009-10-14 00:28:40 ----HDC---- C:\WINDOWS\$NtUninstallKB973525$
2009-10-14 00:28:25 ----HDC---- C:\WINDOWS\$NtUninstallKB975467$
2009-10-13 23:45:30 ----A---- C:\ComboFix.txt
2009-10-13 23:18:38 ----A---- C:\WINDOWS\system32\MPFServiceFailureCount.txt
2009-10-12 14:09:33 ----HDC---- C:\WINDOWS\$NtUninstallKB968816_WM9$
2009-10-12 14:08:52 ----HDC---- C:\WINDOWS\$NtUninstallKB956844$
2009-10-12 14:08:42 ----HDC---- C:\WINDOWS\$NtUninstallKB971961$
2009-10-12 14:08:15 ----HDC---- C:\WINDOWS\$NtUninstallKB968389$
2009-10-12 13:41:21 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-10-12 13:23:25 ----D---- C:\Program Files\Common Files\McAfee
2009-10-12 13:22:52 ----D---- C:\Program Files\McAfee
2009-10-12 12:29:47 ----A---- C:\Boot.bak
2009-10-12 12:29:36 ----RASHD---- C:\cmdcons
2009-10-12 12:28:17 ----A---- C:\WINDOWS\zip.exe
2009-10-12 12:28:17 ----A---- C:\WINDOWS\SWXCACLS.exe
2009-10-12 12:28:17 ----A---- C:\WINDOWS\SWSC.exe
2009-10-12 12:28:17 ----A---- C:\WINDOWS\SWREG.exe
2009-10-12 12:28:17 ----A---- C:\WINDOWS\sed.exe
2009-10-12 12:28:17 ----A---- C:\WINDOWS\PEV.exe
2009-10-12 12:28:17 ----A---- C:\WINDOWS\NIRCMD.exe
2009-10-12 12:28:17 ----A---- C:\WINDOWS\grep.exe
2009-10-12 12:27:01 ----D---- C:\Qoobox
2009-10-12 12:24:33 ----D---- C:\WINDOWS\ERDNT
2009-10-12 12:23:12 ----D---- C:\Program Files\ERUNT
2009-10-08 16:39:45 ----D---- C:\Program Files\Microsoft
2009-10-08 16:38:04 ----A---- C:\WINDOWS\system32\javaws.exe
2009-10-08 16:38:04 ----A---- C:\WINDOWS\system32\javaw.exe
2009-10-08 16:38:04 ----A---- C:\WINDOWS\system32\java.exe
2009-10-08 16:38:04 ----A---- C:\WINDOWS\system32\deploytk.dll
2009-10-08 14:07:27 ----D---- C:\Malwarebytes' Anti-Malware
2009-10-08 13:41:27 ----D---- C:\New Folder
2009-10-08 11:49:09 ----D---- C:\HostsXpert
2009-10-05 15:38:54 ----A---- C:\WINDOWS\resetlog.txt
2009-10-05 14:35:42 ----D---- C:\WINDOWS\system32\NtmsData
2009-10-02 20:22:44 ----D---- C:\Program Files\trend micro
2009-10-02 20:22:42 ----D---- C:\rsit
2009-09-23 17:00:59 ----D---- C:\WINDOWS\pss
2009-09-19 22:57:52 ----D---- C:\Program Files\Linksys
2009-09-19 22:56:39 ----D---- C:\Program Files\Common Files\Pure Networks Shared
2009-09-19 22:56:21 ----D---- C:\Documents and Settings\All Users\Application Data\Pure Networks
2009-09-19 22:55:34 ----A---- C:\WINDOWS\system32\RaCoInst.dll

======List of files/folders modified in the last 1 months======

2009-10-18 23:13:47 ----D---- C:\WINDOWS\Temp
2009-10-18 23:11:30 ----D---- C:\WINDOWS\Prefetch
2009-10-18 23:02:39 ----D---- C:\WINDOWS
2009-10-18 23:02:17 ----RSHD---- C:\WINDOWS\system32\DLLCACHE
2009-10-18 23:00:42 ----D---- C:\Program Files\Common Files\System
2009-10-18 23:00:04 ----D---- C:\WINDOWS\system32\CatRoot2
2009-10-18 22:59:22 ----A---- C:\WINDOWS\ModemLog_Conexant D850 56K V.9x DFVc Modem.txt
2009-10-18 22:58:15 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-10-18 22:56:05 ----D---- C:\Program Files
2009-10-17 20:45:53 ----HD---- C:\Program Files\InstallShield Installation Information
2009-10-17 04:47:34 ----D---- C:\WINDOWS\system32\FxsTmp
2009-10-16 20:57:49 ----D---- C:\WINDOWS\SYSTEM32
2009-10-14 21:48:59 ----D---- C:\WINDOWS\Microsoft.NET
2009-10-14 21:48:50 ----RSD---- C:\WINDOWS\ASSEMBLY
2009-10-14 00:40:31 ----SHD---- C:\WINDOWS\Installer
2009-10-14 00:39:35 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-10-14 00:38:31 ----D---- C:\WINDOWS\WinSxS
2009-10-14 00:35:17 ----HD---- C:\WINDOWS\INF
2009-10-14 00:32:17 ----A---- C:\WINDOWS\imsins.BAK
2009-10-14 00:31:19 ----D---- C:\WINDOWS\system32\en-US
2009-10-14 00:31:19 ----D---- C:\Program Files\Internet Explorer
2009-10-14 00:30:57 ----D---- C:\WINDOWS\ie7updates
2009-10-14 00:28:49 ----HD---- C:\WINDOWS\$hf_mig$
2009-10-13 23:45:36 ----D---- C:\WINDOWS\system32\DRIVERS
2009-10-13 23:35:53 ----A---- C:\WINDOWS\system.ini
2009-10-13 23:25:15 ----D---- C:\WINDOWS\AppPatch
2009-10-13 23:24:55 ----D---- C:\Program Files\Common Files
2009-10-13 22:45:54 ----D---- C:\Program Files\Java
2009-10-12 13:30:06 ----D---- C:\Documents and Settings\All Users\Application Data\McAfee
2009-10-12 13:29:21 ----D---- C:\WINDOWS\system32\CatRoot
2009-10-12 13:24:00 ----SD---- C:\WINDOWS\Tasks
2009-10-12 13:23:51 ----D---- C:\Program Files\McAfee.com
2009-10-12 12:50:45 ----D---- C:\WINDOWS\system32\CONFIG
2009-10-12 12:29:48 ----RASH---- C:\BOOT.INI
2009-10-08 16:39:49 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2009-10-08 16:38:35 ----D---- C:\Program Files\MSN
2009-10-08 16:30:46 ----D---- C:\WINDOWS\Minidump
2009-10-08 14:22:10 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2009-10-08 14:21:23 ----D---- C:\Program Files\SpywareBlaster
2009-10-08 11:22:00 ----D---- C:\Program Files\Google
2009-10-05 16:24:34 ----D---- C:\Program Files\DivX
2009-10-05 14:58:28 ----D---- C:\Documents and Settings\Dad\Application Data\DivX
2009-10-02 14:01:57 ----A---- C:\WINDOWS\system32\MRT.exe
2009-09-28 11:40:00 ----SHD---- C:\System Volume Information
2009-09-24 21:42:20 ----SD---- C:\Documents and Settings\Dad\Application Data\Microsoft
2009-09-19 23:26:49 ----D---- C:\WINDOWS\network diagnostic
2009-09-19 23:13:58 ----D---- C:\WINDOWS\system32\ReinstallBackups
2009-09-19 22:57:22 ----DC---- C:\WINDOWS\system32\DRVSTORE

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14592]
R1 mfehidk;McAfee Inc. mfehidk; C:\WINDOWS\system32\drivers\mfehidk.sys [2009-07-08 214024]
R1 MPFP;MPFP; C:\WINDOWS\System32\Drivers\Mpfp.sys [2009-07-16 120136]
R1 omci;OMCI WDM Device Driver; C:\WINDOWS\system32\DRIVERS\omci.sys [2002-11-08 17217]
R1 sscdbhk5;sscdbhk5; C:\WINDOWS\system32\drivers\sscdbhk5.sys [2004-07-14 5627]
R1 ssrtln;ssrtln; C:\WINDOWS\system32\drivers\ssrtln.sys [2004-07-14 23545]
R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2004-08-04 12032]
R2 ASCTRM;ASCTRM; C:\WINDOWS\system32\drivers\ASCTRM.sys [2004-11-16 8552]
R2 drvnddm;drvnddm; C:\WINDOWS\system32\drivers\drvnddm.sys [2004-08-13 40544]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2003-04-09 11043]
R2 pnarp;Pure Networks Device Discovery Driver; C:\WINDOWS\system32\DRIVERS\pnarp.sys [2008-12-12 23984]
R2 purendis;Pure Networks Wireless Driver; C:\WINDOWS\system32\DRIVERS\purendis.sys [2008-12-12 25264]
R2 tfsnboio;tfsnboio; C:\WINDOWS\system32\dla\tfsnboio.sys [2004-08-13 25723]
R2 tfsncofs;tfsncofs; C:\WINDOWS\system32\dla\tfsncofs.sys [2004-08-13 34843]
R2 tfsndrct;tfsndrct; C:\WINDOWS\system32\dla\tfsndrct.sys [2004-08-13 4123]
R2 tfsndres;tfsndres; C:\WINDOWS\system32\dla\tfsndres.sys [2004-08-13 2239]
R2 tfsnifs;tfsnifs; C:\WINDOWS\system32\dla\tfsnifs.sys [2004-08-13 86202]
R2 tfsnopio;tfsnopio; C:\WINDOWS\system32\dla\tfsnopio.sys [2004-08-13 14715]
R2 tfsnpool;tfsnpool; C:\WINDOWS\system32\dla\tfsnpool.sys [2004-08-13 6363]
R2 tfsnudf;tfsnudf; C:\WINDOWS\system32\dla\tfsnudf.sys [2004-08-13 98714]
R2 tfsnudfa;tfsnudfa; C:\WINDOWS\system32\dla\tfsnudfa.sys [2004-08-13 100603]
R3 aeaudio;aeaudio; C:\WINDOWS\system32\drivers\aeaudio.sys [2002-04-01 4816]
R3 E100B;Intel(R) PRO Adapter Driver; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2004-02-10 154112]
R3 GEARAspiWDM;GEARAspiWDM; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2008-01-29 16168]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 HSF_DP;HSF_DP; C:\WINDOWS\system32\DRIVERS\HSF_DP.sys [2003-11-17 1042432]
R3 HSFHWBS2;HSFHWBS2; C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys [2003-11-17 212224]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2005-10-14 1302812]
R3 LVPr2Mon;Logitech LVPr2Mon Driver; C:\WINDOWS\system32\DRIVERS\LVPr2Mon.sys [2007-10-11 25624]
R3 mfeavfk;McAfee Inc. mfeavfk; C:\WINDOWS\system32\drivers\mfeavfk.sys [2009-07-08 79816]
R3 mfebopk;McAfee Inc. mfebopk; C:\WINDOWS\system32\drivers\mfebopk.sys [2009-07-08 35272]
R3 mfesmfk;McAfee Inc. mfesmfk; C:\WINDOWS\system32\drivers\mfesmfk.sys [2009-07-08 40552]
R3 MODEMCSA;Unimodem Streaming Filter Device; C:\WINDOWS\system32\drivers\MODEMCSA.sys [2001-08-17 16128]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 smwdm;smwdm; C:\WINDOWS\system32\drivers\smwdm.sys [2004-04-09 612352]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 wanatw;WAN Miniport (ATW); C:\WINDOWS\system32\DRIVERS\wanatw4.sys [2003-01-10 33588]
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2003-11-17 680704]
R3 WUSB54GCv3;Compact Wireless-G USB Network Adapter; C:\WINDOWS\system32\DRIVERS\WUSB54GCv3.sys [2008-12-04 627072]
S3 bvrp_pci;bvrp_pci; C:\WINDOWS\system32\drivers\bvrp_pci.sys []
S3 catchme;catchme; \??\C:\alango1\catchme.sys []
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 LVcKap;Logitech AEC Driver; C:\WINDOWS\system32\DRIVERS\LVcKap.sys [2007-10-19 2109976]
S3 LVMVDrv;Logitech Machine Vision Engine Loader; C:\WINDOWS\system32\DRIVERS\LVMVDrv.sys [2007-10-11 2142488]
S3 LVUSBSta;Logitech USB Monitor Filter; C:\WINDOWS\system32\drivers\LVUSBSta.sys [2007-10-11 41752]
S3 mferkdk;McAfee Inc. mferkdk; C:\WINDOWS\system32\drivers\mferkdk.sys [2009-07-08 34248]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2004-08-04 1897408]
S3 pepifilter;Volume Adapter; C:\WINDOWS\system32\DRIVERS\lv302af.sys [2007-10-11 13848]
S3 PID_PEPI;Logitech QuickCam IM(PID_PEPI); C:\WINDOWS\system32\DRIVERS\LV302V32.SYS [2007-10-11 1279000]
S3 RT2500;Linksys Wireless Driver; C:\WINDOWS\system32\DRIVERS\RT2500.sys [2004-04-22 120448]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 tj2knd5;Terayon Cable Modem (NDIS); C:\WINDOWS\system32\DRIVERS\tj2knd5.sys [2002-10-14 17616]
S3 tj2kunic;Terayon Cable Modem (WDM); C:\WINDOWS\system32\DRIVERS\tj2kunic.sys [2002-10-14 69680]
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2008-07-10 32000]
S3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]
S3 WpdUsb;WpdUsb; C:\WINDOWS\System32\Drivers\wpdusb.sys [2006-10-18 38528]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AOL ACS;AOL Connectivity Service; C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe [2003-08-06 1376360]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-07-10 116040]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-10-08 153376]
R2 LVCOMSer;LVCOMSer; C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe [2007-10-19 186904]
R2 LVPrcSrv;Process Monitor; C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe [2007-10-19 141848]
R2 mcmscsvc;McAfee Services; C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe [2009-07-10 865832]
R2 McNASvc;McAfee Network Agent; c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe [2009-07-07 2482848]
R2 McProxy;McAfee Proxy Service; c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe [2009-07-08 359952]
R2 McShield;McAfee Real-time Scanner; C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe [2009-07-08 144704]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-20 322120]
R2 MpfService;McAfee Personal Firewall Service; C:\Program Files\McAfee\MPF\MPFSrv.exe [2009-07-10 894136]
R2 MSSQL$MICROSOFTBCM;MSSQL$MICROSOFTBCM; C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe [2003-05-31 7544916]
R2 nmservice;Pure Networks Platform Service; C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe [2008-12-12 642856]
R2 SeaPort;SeaPort; C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2009-01-14 226656]
R2 Viewpoint Manager Service;Viewpoint Manager Service; C:\Program Files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]
R2 WANMiniportService;WAN Miniport (ATW) Service; C:\WINDOWS\wanmpsvc.exe [2003-01-10 65536]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-07-10 532264]
R3 McSysmon;McAfee SystemGuards; C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe [2009-07-08 606736]
S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-13 267776]
S2 LVSrvLauncher;LVSrvLauncher; C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe [2007-10-19 141848]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 MBackMonitor;MBackMonitor; C:\Program Files\McAfee\MBK\MBackMonitor.exe [2009-07-08 68112]
S3 McODS;McAfee Scanner; C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe [2009-07-08 365072]
S3 MSSQLServerADHelper;MSSQLServerADHelper; C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe [2002-12-17 66112]
S3 NetSvc;Intel NCS NetService; C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe [2003-12-17 143360]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 SQLAgent$MICROSOFTBCM;SQLAgent$MICROSOFTBCM; C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlagent.EXE [2002-12-17 311872]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------
alango1
Regular Member
 
Posts: 45
Joined: September 23rd, 2009, 5:21 pm

Re: browser hijacker and other problems

Unread postby Dakeyras » October 19th, 2009, 6:49 am

Hi. :)

yes someone downloaded ovoot without my permission; I'm not happy and apologize for this
OK not a problem. :thumbup:

I do need to know however how the computer is performing, thank you.

Reset Host File:

  • Open Notepad.
  • Copy and Paste everything from the Code Box below into Notepad: <-- Start >> Run... type in notepad and select OK
Code: Select all
@Echo off
pushd\windows\system32\drivers\etc
attrib -h -s -r hosts
echo 127.0.0.1 localhost>HOSTS
attrib +r +h +s hosts
popd
del %0
  • Go to File >> Save As
  • Save File name as "Dakeyras.bat" <-- Make sure to include the quotes.
  • Change Save as Type to All Files and save the file to your Desktop.
  • It should look like this: Image

Now double click on the desktop Dakeyras.bat to run the batch file. It will self-delete when completed.

Malwarebytes Anti-Malware:

  • Launch the application, Check for Updates >> Perform a Quick Scan
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply.

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

Panda Online Scan:

Please go here to run Panda's ActiveScan

  • Once you are on the Panda site, click the Scan your PC now button
  • A new window will open...click the Scan Now button
  • Allow the ActiveX control to be installed. It will start downloading the files it requires for the scan. Note: This may take a couple of minutes
  • Run the ActiveX control, if requested. The screen will then show the scanning progress - the scan will take a while to finish. Please be patient.
  • When the scan has finished, click on Export To
  • Save the file as Activescan.txt to your Desktop
  • Close the Activescan window then go to your Desktop
  • Double-click on Activescan.txt and it will open in Notepad
  • In Notepad, click Edit > Select all, then Edit > Copy
  • Reply to this thread and click Ctrl+V to paste the log in your reply

When completed the above, please post back the following:

  • How is you computer performing now? Any problems encountered and or any further symptoms?
  • Malwarebytes Anti-Malware Log.
  • Activescan.txt.
  • A new HijackThis Log.

Note: Post all requested logs separately if it makes it easier to do so.
User avatar
Dakeyras
MRU Honors Graduate
MRU Honors Graduate
 
Posts: 8804
Joined: November 21st, 2007, 5:30 am
Location: The Tundra

Re: browser hijacker and other problems

Unread postby alango1 » October 19th, 2009, 12:28 pm

Malwarebytes' Anti-Malware 1.41
Database version: 2987
Windows 5.1.2600 Service Pack 3

10/19/2009 12:27:50 PM
mbam-log-2009-10-19 (12-27-50).txt

Scan type: Quick Scan
Objects scanned: 110621
Time elapsed: 8 minute(s), 40 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
alango1
Regular Member
 
Posts: 45
Joined: September 23rd, 2009, 5:21 pm

Re: browser hijacker and other problems

Unread postby alango1 » October 19th, 2009, 4:13 pm

;***********************************************************************************************************************************************************************************
ANALYSIS: 2009-10-19 16:09:05
PROTECTIONS: 1
MALWARE: 123
SUSPECTS: 0
;***********************************************************************************************************************************************************************************
PROTECTIONS
Description Version Active Updated
;===================================================================================================================================================================================
McAfee VirusScan Yes Yes
;===================================================================================================================================================================================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;===================================================================================================================================================================================
00040538 adware/zango Adware No 0 Yes No hkey_classes_root\appid\zangotoolbar.dll
00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No C:\Documents and Settings\Andrew\Application Data\Netscape\NSB\Profiles\1l93yh1a.default\cookies.txt[.trafficmp.com/]
00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No C:\Documents and Settings\Andrew\Cookies\andrew@trafficmp[1].txt
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Documents and Settings\Andrew\Application Data\Netscape\NSB\Profiles\1l93yh1a.default\cookies.txt[.casalemedia.com/]
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Documents and Settings\Andrew\Cookies\andrew@casalemedia[2].txt
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Documents and Settings\Andrew\Application Data\Netscape\NSB\Profiles\1l93yh1a.default\cookies.txt[.doubleclick.net/]
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Documents and Settings\Andrew\Application Data\Netscape\NSB\Profiles\1l93yh1a.default\cookies.txt[.atdmt.com/]
00145393 Cookie/Tradedoubler TrackingCookie No 0 Yes No C:\Documents and Settings\Andrew\Application Data\Netscape\NSB\Profiles\1l93yh1a.default\cookies.txt[.tradedoubler.com/]
00145393 Cookie/Tradedoubler TrackingCookie No 0 Yes No C:\Documents and Settings\Andrew\Cookies\andrew@tradedoubler[1].txt
00145405 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\Andrew\Cookies\andrew@247realmedia[2].txt
00145405 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\Andrew\Application Data\Netscape\NSB\Profiles\1l93yh1a.default\cookies.txt[.247realmedia.com/]
00145433 Cookie/Mammamediasolutions TrackingCookie No 0 Yes No C:\Documents and Settings\Andrew\Application Data\Netscape\NSB\Profiles\1l93yh1a.default\cookies.txt[.targetnet.com/]
00145433 Cookie/Mammamediasolutions TrackingCookie No 0 Yes No C:\Documents and Settings\Andrew\Application Data\Netscape\NSB\Profiles\1l93yh1a.default\cookies.txt[.targetnet.com/]
00145453 Cookie/Bfast TrackingCookie No 0 Yes No C:\Documents and Settings\Andrew\Application Data\Netscape\NSB\Profiles\1l93yh1a.default\cookies.txt[.bfast.com/]
00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\Documents and Settings\Andrew\Application Data\Netscape\NSB\Profiles\1l93yh1a.default\cookies.txt[.fastclick.net/]
00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No C:\Documents and Settings\Andrew\Cookies\andrew@tribalfusion[2].txt
00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No C:\Documents and Settings\Andrew\Application Data\Netscape\NSB\Profiles\1l93yh1a.default\cookies.txt[.tribalfusion.com/]
00145732 Cookie/Falkag TrackingCookie No 0 Yes No C:\Documents and Settings\Andrew\Cookies\andrew@as-eu.falkag[2].txt
00145734 Cookie/Affiliate fuel TrackingCookie No 0 Yes No C:\Documents and Settings\Andrew\Cookies\andrew@www.affiliatefuel[1].txt
00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No C:\Documents and Settings\Andrew\Application Data\Netscape\NSB\Profiles\1l93yh1a.default\cookies.txt[.mediaplex.com/]
00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No C:\Documents and Settings\Andrew\Application Data\Netscape\NSB\Profiles\1l93yh1a.default\cookies.txt[.mediaplex.com/]
00145745 Cookie/OfferOptimizer TrackingCookie No 0 Yes No C:\Documents and Settings\Andrew\Cookies\andrew@offeroptimizer[2].txt
00145758 Cookie/Mysearch TrackingCookie No 0 Yes No C:\Documents and Settings\Andrew\Cookies\andrew@mysearch[1].txt
00145770 Cookie/CentrPort TrackingCookie No 0 Yes No C:\Documents and Settings\Andrew\Cookies\andrew@centrport[1].txt
00145770 Cookie/CentrPort TrackingCookie No 0 Yes No C:\Documents and Settings\Andrew\Application Data\Netscape\NSB\Profiles\1l93yh1a.default\cookies.txt[.centrport.net/]
00145770 Cookie/CentrPort TrackingCookie No 0 Yes No C:\Documents and Settings\Andrew\Application Data\Netscape\NSB\Profiles\1l93yh1a.default\cookies.txt[.centrport.net/]
00145770 Cookie/CentrPort TrackingCookie No 0 Yes No C:\Documents and Settings\Andrew\Application Data\Netscape\NSB\Profiles\1l93yh1a.default\cookies.txt[.centrport.net/]
00145792 Cookie/SexList TrackingCookie No 0 Yes No C:\Documents and Settings\Andrew\Application Data\Netscape\NSB\Profiles\1l93yh1a.default\cookies.txt[.sexlist.com/]
00145792 Cookie/SexList TrackingCookie No 0 Yes No C:\Documents and Settings\Andrew\Application Data\Netscape\NSB\Profiles\1l93yh1a.default\cookies.txt[.sexlist.com/]
00145792 Cookie/SexList TrackingCookie No 0 Yes No C:\Documents and Settings\Andrew\Application Data\Netscape\NSB\Profiles\1l93yh1a.default\cookies.txt[.sexlist.com/]
00145869 Cookie/SpyLog TrackingCookie No 0 Yes No C:\Documents and Settings\Andrew\Cookies\andrew@spylog[2].txt
00146967 Cookie/PayCounter TrackingCookie No 0 Yes No C:\Documents and Settings\Andrew\Cookies\andrew@paycounter[1].txt
00146967 Cookie/PayCounter TrackingCookie No 0 Yes No C:\Documents and Settings\Andrew\Application Data\Netscape\NSB\Profiles\1l93yh1a.default\cookies.txt[.paycounter.com/]
00147424 Cookie/Luckynugget TrackingCookie No 0 Yes No C:\Documents and Settings\Andrew\Cookies\andrew@www.luckynugget[2].txt
00147517 Cookie/Versiontracker TrackingCookie No 0 Yes No C:\Documents and Settings\Andrew\Cookies\andrew@www.versiontracker[1].txt
00147796 Cookie/Entrepreneur TrackingCookie No 0 Yes No C:\Documents and Settings\Andrew\Cookies\andrew@entrepreneur[1].txt
00147814 Cookie/AspinallsOnlineCasino TrackingCookie No 0 Yes No C:\Documents and Settings\Andrew\Cookies\andrew@pacificpoker[2].txt
00147824 Cookie/Clickbank TrackingCookie No 0 Yes No C:\Documents and Settings\Andrew\Cookies\andrew@clickbank[2].txt
00149064 Cookie/Maxserving TrackingCookie No 0 Yes No C:\Documents and Settings\Andrew\Application Data\Netscape\NSB\Profiles\1l93yh1a.default\cookies.txt[.maxserving.com/]
00149064 Cookie/Maxserving TrackingCookie No 0 Yes No C:\Documents and Settings\Andrew\Application Data\Netscape\NSB\Profiles\1l93yh1a.default\cookies.txt[.maxserving.com/]
00149064 Cookie/Maxserving TrackingCookie No 0 Yes No C:\Documents and Settings\Andrew\Cookies\andrew@maxserving[1].txt
00149104 Cookie/Date TrackingCookie No 0 Yes No C:\Documents and Settings\Andrew\Cookies\andrew@date[1].txt
00149116 Cookie/Ccbill TrackingCookie No 0 Yes No C:\Documents and Settings\Andrew\Cookies\andrew@ccbill[1].txt
00152401 Cookie/Belnk TrackingCookie No 0 Yes No C:\Documents and Settings\Andrew\Cookies\andrew@belnk[1].txt
00152401 Cookie/Belnk TrackingCookie No 0 Yes No C:\Documents and Settings\Andrew\Application Data\Netscape\NSB\Profiles\1l93yh1a.default\cookies.txt[.belnk.com/]
00159564 Cookie/WUpd TrackingCookie No 0 Yes No C:\Documents and Settings\Andrew\Application Data\Netscape\NSB\Profiles\1l93yh1a.default\cookies.txt[.revenue.net/]
00159564 Cookie/WUpd TrackingCookie No 0 Yes No C:\Documents and Settings\Andrew\Cookies\andrew@revenue[2].txt
00160284 Cookie/Findwhat TrackingCookie No 0 Yes No C:\Documents and Settings\Andrew\Cookies\andrew@findwhat[2].txt
00162730 Cookie/Belnk TrackingCookie No 0 Yes No C:\Documents and Settings\Andrew\Cookies\andrew@dist.belnk[2].txt
00167430 Cookie/myaffiliateprogram TrackingCookie No 0 Yes No C:\Documents and Settings\Andrew\Application Data\Netscape\NSB\Profiles\1l93yh1a.default\cookies.txt[.www.myaffiliateprogram.com/]
00167430 Cookie/myaffiliateprogram TrackingCookie No 0 Yes No C:\Documents and Settings\Andrew\Cookies\andrew@www.myaffiliateprogram[1].txt
00167642 Cookie/Com.com TrackingCookie No 0 Yes No C:\Documents and Settings\Andrew\Application Data\Netscape\NSB\Profiles\1l93yh1a.default\cookies.txt[.com.com/]
00167642 Cookie/Com.com TrackingCookie No 0 Yes No C:\Documents and Settings\Andrew\Application Data\Netscape\NSB\Profiles\1l93yh1a.default\cookies.txt[.com.com/]
00167642 Cookie/Com.com TrackingCookie No 0 Yes No C:\Documents and Settings\Andrew\Cookies\andrew@com[2].txt
00167647 Cookie/Yadro TrackingCookie No 0 Yes No C:\Documents and Settings\Andrew\Cookies\andrew@yadro[2].txt
00167665 Cookie/Clicktracks TrackingCookie No 0 Yes No C:\Documents and Settings\Andrew\Application Data\Netscape\NSB\Profiles\1l93yh1a.default\cookies.txt[.stats1.clicktracks.com/]
00167665 Cookie/Clicktracks TrackingCookie No 0 Yes No C:\Documents and Settings\Andrew\Cookies\andrew@stats1.clicktracks[1].txt
00167665 Cookie/Clicktracks TrackingCookie No 0 Yes No C:\Documents and Settings\Andrew\Application Data\Netscape\NSB\Profiles\1l93yh1a.default\cookies.txt[.stats1.clicktracks.com/]
00167665 Cookie/Clicktracks TrackingCookie No 0 Yes No C:\Documents and Settings\Andrew\Application Data\Netscape\NSB\Profiles\1l93yh1a.default\cookies.txt[.stats1.clicktracks.com/]
00167672 Cookie/DomainSponsor TrackingCookie No 0 Yes No C:\Documents and Settings\Andrew\Cookies\andrew@landing.domainsponsor[1].txt
00167690 Cookie/Rightmedia TrackingCookie No 0 Yes No C:\Documents and Settings\Andrew\Application Data\Netscape\NSB\Profiles\1l93yh1a.default\cookies.txt[.rightmedia.net/]
00167690 Cookie/Rightmedia TrackingCookie No 0 Yes No C:\Documents and Settings\Andrew\Application Data\Netscape\NSB\Profiles\1l93yh1a.default\cookies.txt[.rightmedia.net/]
00167690 Cookie/Rightmedia TrackingCookie No 0 Yes No C:\Documents and Settings\Andrew\Application Data\Netscape\NSB\Profiles\1l93yh1a.default\cookies.txt[.rightmedia.net/]
00167690 Cookie/Rightmedia TrackingCookie No 0 Yes No C:\Documents and Settings\Andrew\Application Data\Netscape\NSB\Profiles\1l93yh1a.default\cookies.txt[.rightmedia.net/]
00167690 Cookie/Rightmedia TrackingCookie No 0 Yes No C:\Documents and Settings\Andrew\Cookies\andrew@rightmedia[1].txt
00167690 Cookie/Rightmedia TrackingCookie No 0 Yes No C:\Documents and Settings\Andrew\Application Data\Netscape\NSB\Profiles\1l93yh1a.default\cookies.txt[.rightmedia.net/]
00167704 Cookie/Xiti TrackingCookie No 0 Yes No C:\Documents and Settings\Andrew\Cookies\andrew@xiti[1].txt
00167708 Cookie/GoStats TrackingCookie No 0 Yes No C:\Documents and Settings\Andrew\Cookies\andrew@c2.gostats[2].txt
00167714 Cookie/64.62.232 TrackingCookie No 0 Yes No C:\Documents and Settings\Andrew\Cookies\andrew@64.62.232[3].txt
00167724 Cookie/HotLog TrackingCookie No 0 Yes No C:\Documents and Settings\Andrew\Cookies\andrew@hotlog[2].txt
00167726 Cookie/Tickle TrackingCookie No 0 Yes No C:\Documents and Settings\Andrew\Cookies\andrew@tickle[2].txt
00167726 Cookie/Tickle TrackingCookie No 0 Yes No C:\Documents and Settings\Andrew\Application Data\Netscape\NSB\Profiles\1l93yh1a.default\cookies.txt[.tickle.com/]
00167733 Cookie/Adserver TrackingCookie No 0 Yes No C:\Documents and Settings\Andrew\Application Data\Netscape\NSB\Profiles\1l93yh1a.default\cookies.txt[.z1.adserver.com/]
00167733 Cookie/Adserver TrackingCookie No 0 Yes No C:\Documents and Settings\Andrew\Application Data\Netscape\NSB\Profiles\1l93yh1a.default\cookies.txt[.z1.adserver.com/]
00167733 Cookie/Adserver TrackingCookie No 0 Yes No C:\Documents and Settings\Andrew\Cookies\andrew@z1.adserver[2].txt
00167733 Cookie/Adserver TrackingCookie No 0 Yes No C:\Documents and Settings\Andrew\Application Data\Netscape\NSB\Profiles\1l93yh1a.default\cookies.txt[.z1.adserver.com/]
00167733 Cookie/Adserver TrackingCookie No 0 Yes No C:\Documents and Settings\Andrew\Application Data\Netscape\NSB\Profiles\1l93yh1a.default\cookies.txt[.z1.adserver.com/]
00167733 Cookie/Adserver TrackingCookie No 0 Yes No C:\Documents and Settings\Andrew\Application Data\Netscape\NSB\Profiles\1l93yh1a.default\cookies.txt[.z1.adserver.com/]
00167733 Cookie/Adserver TrackingCookie No 0 Yes No C:\Documents and Settings\Andrew\Application Data\Netscape\NSB\Profiles\1l93yh1a.default\cookies.txt[.z1.adserver.com/]
00167733 Cookie/Adserver TrackingCookie No 0 Yes No C:\Documents and Settings\Andrew\Application Data\Netscape\NSB\Profiles\1l93yh1a.default\cookies.txt[.z1.adserver.com/]
00167733 Cookie/Adserver TrackingCookie No 0 Yes No C:\Documents and Settings\Andrew\Application Data\Netscape\NSB\Profiles\1l93yh1a.default\cookies.txt[.z1.adserver.com/]
00167735 Cookie/Netster TrackingCookie No 0 Yes No C:\Documents and Settings\Andrew\Cookies\andrew@lb1.netster[1].txt
00167744 Cookie/GoStats TrackingCookie No 0 Yes No C:\Documents and Settings\Andrew\Cookies\andrew@gostats[1].txt
00167747 Cookie/Azjmp TrackingCookie No 0 Yes No C:\Documents and Settings\Andrew\Cookies\andrew@azjmp[1].txt
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\Andrew\Cookies\andrew@statcounter[3].txt
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\Andrew\Application Data\Netscape\NSB\Profiles\1l93yh1a.default\cookies.txt[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\Andrew\Cookies\andrew@statcounter[2].txt
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\Andrew\Application Data\Netscape\NSB\Profiles\1l93yh1a.default\cookies.txt[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\Andrew\Application Data\Netscape\NSB\Profiles\1l93yh1a.default\cookies.txt[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\Andrew\Application Data\Netscape\NSB\Profiles\1l93yh1a.default\cookies.txt[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\Andrew\Application Data\Netscape\NSB\Profiles\1l93yh1a.default\cookies.txt[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\Andrew\Application Data\Netscape\NSB\Profiles\1l93yh1a.default\cookies.txt[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\Andrew\Application Data\Netscape\NSB\Profiles\1l93yh1a.default\cookies.txt[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\Andrew\Application Data\Netscape\NSB\Profiles\1l93yh1a.default\cookies.txt[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\Andrew\Application Data\Netscape\NSB\Profiles\1l93yh1a.default\cookies.txt[.statcounter.com/]
00167767 Cookie/WegCash TrackingCookie No 0 Yes No C:\Documents and Settings\Andrew\Cookies\andrew@programs.wegcash[1].txt
00167776 Cookie/Kount TrackingCookie No 0 Yes No C:\Documents and Settings\Andrew\Cookies\andrew@kount[1].txt
00167776 Cookie/Kount TrackingCookie No 0 Yes No C:\Documents and Settings\Andrew\Application Data\Netscape\NSB\Profiles\1l93yh1a.default\cookies.txt[.kount.com/]
00167795 Cookie/Cd Freaks TrackingCookie No 0 Yes No C:\Documents and Settings\Andrew\Cookies\andrew@club.cdfreaks[1].txt
00168048 Cookie/Overture TrackingCookie No 0 Yes No C:\Documents and Settings\Andrew\Application Data\Netscape\NSB\Profiles\1l93yh1a.default\cookies.txt[.perf.overture.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Andrew\Cookies\andrew@ad.yieldmanager[2].txt
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Andrew\Application Data\Netscape\NSB\Profiles\1l93yh1a.default\cookies.txt[.ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Andrew\Application Data\Netscape\NSB\Profiles\1l93yh1a.default\cookies.txt[.ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Andrew\Application Data\Netscape\NSB\Profiles\1l93yh1a.default\cookies.txt[.ad.yieldmanager.com/]
00168061 Cookie/Apmebf TrackingCookie No 0 Yes No C:\Documents and Settings\Andrew\Cookies\andrew@apmebf[1].txt
00168061 Cookie/Apmebf TrackingCookie No 0 Yes No C:\Documents and Settings\Andrew\Application Data\Netscape\NSB\Profiles\1l93yh1a.default\cookies.txt[.apmebf.com/]
00168061 Cookie/Apmebf TrackingCookie No 0 Yes No C:\Documents and Settings\Andrew\Application Data\Netscape\NSB\Profiles\1l93yh1a.default\cookies.txt[.apmebf.com/]
00168076 Cookie/BurstNet TrackingCookie No 0 Yes No C:\Documents and Settings\Andrew\Cookies\andrew@burstnet[1].txt
00168076 Cookie/BurstNet TrackingCookie No 0 Yes No C:\Documents and Settings\Andrew\Application Data\Netscape\NSB\Profiles\1l93yh1a.default\cookies.txt[.burstnet.com/]
00168077 Cookie/Versiontracker TrackingCookie No 0 Yes No C:\Documents and Settings\Andrew\Cookies\andrew@versiontracker[2].txt
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\Andrew\Application Data\Netscape\NSB\Profiles\1l93yh1a.default\cookies.txt[.serving-sys.com/]
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\Andrew\Application Data\Netscape\NSB\Profiles\1l93yh1a.default\cookies.txt[.serving-sys.com/]
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\Andrew\Cookies\andrew@serving-sys[2].txt
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\Andrew\Application Data\Netscape\NSB\Profiles\1l93yh1a.default\cookies.txt[.serving-sys.com/]
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\Andrew\Application Data\Netscape\NSB\Profiles\1l93yh1a.default\cookies.txt[.serving-sys.com/]
00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\Andrew\Cookies\andrew@bs.serving-sys[1].txt
00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\Andrew\Application Data\Netscape\NSB\Profiles\1l93yh1a.default\cookies.txt[.bs.serving-sys.com/]
00168095 Cookie/888 TrackingCookie No 0 Yes No C:\Documents and Settings\Andrew\Cookies\andrew@888[2].txt
00168097 Cookie/BurstBeacon TrackingCookie No 0 Yes No C:\Documents and Settings\Andrew\Cookies\andrew@www.burstbeacon[2].txt
00168101 Cookie/Falkag TrackingCookie No 0 Yes No C:\Documents and Settings\Andrew\Application Data\Netscape\NSB\Profiles\1l93yh1a.default\cookies.txt[.as-us.falkag.net/]
00168102 Cookie/Falkag TrackingCookie No 0 Yes No C:\Documents and Settings\Andrew\Cookies\andrew@as1.falkag[1].txt
00168105 Cookie/Cd Freaks TrackingCookie No 0 Yes No C:\Documents and Settings\Andrew\Cookies\andrew@cdfreaks[1].txt
00168106 Cookie/Weborama TrackingCookie No 0 Yes No C:\Documents and Settings\Andrew\Cookies\andrew@weborama[2].txt
00168109 Cookie/Adtech TrackingCookie No 0 Yes No C:\Documents and Settings\Andrew\Application Data\Netscape\NSB\Profiles\1l93yh1a.default\cookies.txt[.adtech.de/]
00168109 Cookie/Adtech TrackingCookie No 0 Yes No C:\Documents and Settings\Andrew\Cookies\andrew@adtech[1].txt
00168109 Cookie/Adtech TrackingCookie No 0 Yes No C:\Documents and Settings\Andrew\Application Data\Netscape\NSB\Profiles\1l93yh1a.default\cookies.txt[.adtech.de/]
00168110 Cookie/Server.iad.Liveperson TrackingCookie No 0 Yes No C:\Documents and Settings\Andrew\Application Data\Netscape\NSB\Profiles\1l93yh1a.default\cookies.txt[.server.iad.liveperson.net/hc/9341582]
00168110 Cookie/Server.iad.Liveperson TrackingCookie No 0 Yes No C:\Documents and Settings\Andrew\Application Data\Netscape\NSB\Profiles\1l93yh1a.default\cookies.txt[.server.iad.liveperson.net/hc/66693905]
00168110 Cookie/Server.iad.Liveperson TrackingCookie No 0 Yes No C:\Documents and Settings\Andrew\Application Data\Netscape\NSB\Profiles\1l93yh1a.default\cookies.txt[.server.iad.liveperson.net/]
00168110 Cookie/Server.iad.Liveperson TrackingCookie No 0 Yes No C:\Documents and Settings\Andrew\Cookies\andrew@server.iad.liveperson[3].txt
00168114 Cookie/onestat.com TrackingCookie No 0 Yes No C:\Documents and Settings\Andrew\Cookies\andrew@stat.onestat[2].txt
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\Andrew\Application Data\Netscape\NSB\Profiles\1l93yh1a.default\cookies.txt[.advertising.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\Andrew\Application Data\Netscape\NSB\Profiles\1l93yh1a.default\cookies.txt[.advertising.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\Andrew\Application Data\Netscape\NSB\Profiles\1l93yh1a.default\cookies.txt[.advertising.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\Andrew\Application Data\Netscape\NSB\Profiles\1l93yh1a.default\cookies.txt[.advertising.com/]
00169287 Cookie/Adrevolver TrackingCookie No 0 Yes No C:\Documents and Settings\Andrew\Cookies\andrew@media.adrevolver[3].txt
00169287 Cookie/Adrevolver TrackingCookie No 0 Yes No C:\Documents and Settings\Andrew\Cookies\andrew@adrevolver[1].txt
00170087 Cookie/Hbmediapro TrackingCookie No 0 Yes No C:\Documents and Settings\Andrew\Cookies\andrew@adopt.hbmediapro[2].txt
00170304 Cookie/WebtrendsLive TrackingCookie No 0 Yes No C:\Documents and Settings\Andrew\Application Data\Netscape\NSB\Profiles\1l93yh1a.default\cookies.txt[.statse.webtrendslive.com/dcspmlfn66twkfocu55nbix84_4c4t]
00170304 Cookie/WebtrendsLive TrackingCookie No 0 Yes No C:\Documents and Settings\Andrew\Application Data\Netscape\NSB\Profiles\1l93yh1a.default\cookies.txt[.statse.webtrendslive.com/S126446]
00170304 Cookie/WebtrendsLive TrackingCookie No 0 Yes No C:\Documents and Settings\Andrew\Application Data\Netscape\NSB\Profiles\1l93yh1a.default\cookies.txt[.statse.webtrendslive.com/S0031-01-3-14-166952-60307]
00170304 Cookie/WebtrendsLive TrackingCookie No 0 Yes No C:\Documents and Settings\Andrew\Application Data\Netscape\NSB\Profiles\1l93yh1a.default\cookies.txt[.statse.webtrendslive.com/S0031-01-3-14-166952-60307]
00170304 Cookie/WebtrendsLive TrackingCookie No 0 Yes No C:\Documents and Settings\Andrew\Application Data\Netscape\NSB\Profiles\1l93yh1a.default\cookies.txt[.statse.webtrendslive.com/S005-00-5-30-109972-12434]
00170304 Cookie/WebtrendsLive TrackingCookie No 0 Yes No C:\Documents and Settings\Andrew\Application Data\Netscape\NSB\Profiles\1l93yh1a.default\cookies.txt[.statse.webtrendslive.com/S126446]
00170304 Cookie/WebtrendsLive TrackingCookie No 0 Yes No C:\Documents and Settings\Andrew\Application Data\Netscape\NSB\Profiles\1l93yh1a.default\cookies.txt[.statse.webtrendslive.com/S110202]
00170304 Cookie/WebtrendsLive TrackingCookie No 0 Yes No C:\Documents and Settings\Andrew\Application Data\Netscape\NSB\Profiles\1l93yh1a.default\cookies.txt[.statse.webtrendslive.com/S110202]
00170304 Cookie/WebtrendsLive TrackingCookie No 0 Yes No C:\Documents and Settings\Andrew\Application Data\Netscape\NSB\Profiles\1l93yh1a.default\cookies.txt[.statse.webtrendslive.com/S005-00-5-30-109972-12434]
00170304 Cookie/WebtrendsLive TrackingCookie No 0 Yes No C:\Documents and Settings\Andrew\Application Data\Netscape\NSB\Profiles\1l93yh1a.default\cookies.txt[.statse.webtrendslive.com/dcskqeg2voifwznnd6alhtnei_8f3u]
00170304 Cookie/WebtrendsLive TrackingCookie No 0 Yes No C:\Documents and Settings\Andrew\Application Data\Netscape\NSB\Profiles\1l93yh1a.default\cookies.txt[.statse.webtrendslive.com/dcsugf2jboifwzby1fhkq37lv_9z9z]
00170304 Cookie/WebtrendsLive TrackingCookie No 0 Yes No C:\Documents and Settings\Andrew\Application Data\Netscape\NSB\Profiles\1l93yh1a.default\cookies.txt[.statse.webtrendslive.com/dcsauhh66pifwz3kt81grbj8d_5p7p]
00170304 Cookie/WebtrendsLive TrackingCookie No 0 Yes No C:\Documents and Settings\Andrew\Application Data\Netscape\NSB\Profiles\1l93yh1a.default\cookies.txt[.statse.webtrendslive.com/dcspm9oqubydgs5gg5bznhu5s_7h1y]
00170304 Cookie/WebtrendsLive TrackingCookie No 0 Yes No C:\Documents and Settings\Andrew\Application Data\Netscape\NSB\Profiles\1l93yh1a.default\cookies.txt[.statse.webtrendslive.com/S005-01-7-23-264542-91419]
00170304 Cookie/WebtrendsLive TrackingCookie No 0 Yes No C:\Documents and Settings\Andrew\Application Data\Netscape\NSB\Profiles\1l93yh1a.default\cookies.txt[.statse.webtrendslive.com/S005-01-6-2-131613-78447]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\Andrew\Application Data\Netscape\NSB\Profiles\1l93yh1a.default\cookies.txt[.ads.pointroll.com/]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\Andrew\Application Data\Netscape\NSB\Profiles\1l93yh1a.default\cookies.txt[.ads.pointroll.com/]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\Andrew\Application Data\Netscape\NSB\Profiles\1l93yh1a.default\cookies.txt[.ads.pointroll.com/]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\Andrew\Application Data\Netscape\NSB\Profiles\1l93yh1a.default\cookies.txt[.ads.pointroll.com/]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\Andrew\Cookies\andrew@ads.pointroll[1].txt
00170549 Cookie/FortuneCity TrackingCookie No 0 Yes No C:\Documents and Settings\Andrew\Cookies\andrew@fortunecity[1].txt
00170550 Cookie/Humanclick TrackingCookie No 0 Yes No C:\Documents and Settings\Andrew\Cookies\andrew@hc2.humanclick[1].txt
00170554 Cookie/Overture TrackingCookie No 0 Yes No C:\Documents and Settings\Andrew\Cookies\andrew@overture[2].txt
00170554 Cookie/Overture TrackingCookie No 0 Yes No C:\Documents and Settings\Andrew\Application Data\Netscape\NSB\Profiles\1l93yh1a.default\cookies.txt[.overture.com/]
00170554 Cookie/Overture TrackingCookie No 0 Yes No C:\Documents and Settings\Andrew\Application Data\Netscape\NSB\Profiles\1l93yh1a.default\cookies.txt[.overture.com/]
00170556 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\Andrew\Application Data\Netscape\NSB\Profiles\1l93yh1a.default\cookies.txt[.realmedia.com/]
00170556 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\Andrew\Application Data\Netscape\NSB\Profiles\1l93yh1a.default\cookies.txt[.realmedia.com/]
00170556 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\Andrew\Application Data\Netscape\NSB\Profiles\1l93yh1a.default\cookies.txt[.realmedia.com/]
00170556 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\Andrew\Cookies\andrew@realmedia[1].txt
00170556 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\Andrew\Cookies\andrew@realmedia[3].txt
00171633 Cookie/Cgi-bin TrackingCookie No 0 Yes No C:\Documents and Settings\Andrew\Cookies\andrew@www5.addfreestats[1].txt
00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No C:\Documents and Settings\Andrew\Cookies\andrew@questionmarket[2].txt
00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No C:\Documents and Settings\Andrew\Application Data\Netscape\NSB\Profiles\1l93yh1a.default\cookies.txt[.questionmarket.com/]
00172221 Cookie/Zedo TrackingCookie No 0 Yes No C:\Documents and Settings\Andrew\Application Data\Netscape\NSB\Profiles\1l93yh1a.default\cookies.txt[.zedo.com/]
00172221 Cookie/Zedo TrackingCookie No 0 Yes No C:\Documents and Settings\Andrew\Application Data\Netscape\NSB\Profiles\1l93yh1a.default\cookies.txt[.zedo.com/]
00172221 Cookie/Zedo TrackingCookie No 0 Yes No C:\Documents and Settings\Andrew\Cookies\andrew@zedo[1].txt
00172447 Cookie/Inet-Traffic TrackingCookie No 0 Yes No C:\Documents and Settings\Andrew\Cookies\andrew@inet-traffic[2].txt
00172447 Cookie/Inet-Traffic TrackingCookie No 0 Yes No C:\Documents and Settings\Andrew\Application Data\Netscape\NSB\Profiles\1l93yh1a.default\cookies.txt[.inet-traffic.com/]
00172447 Cookie/Inet-Traffic TrackingCookie No 0 Yes No C:\Documents and Settings\Andrew\Application Data\Netscape\NSB\Profiles\1l93yh1a.default\cookies.txt[.inet-traffic.com/]
00172483 Cookie/888 TrackingCookie No 0 Yes No C:\Documents and Settings\Andrew\Cookies\andrew@888[1].txt
00172484 Cookie/Cassava TrackingCookie No 0 Yes No C:\Documents and Settings\Andrew\Cookies\andrew@cassava[1].txt
00173520 Cookie/Bluestreak TrackingCookie No 0 Yes No C:\Documents and Settings\Andrew\Cookies\andrew@bluestreak[2].txt
00173520 Cookie/Bluestreak TrackingCookie No 0 Yes No C:\Documents and Settings\Andrew\Application Data\Netscape\NSB\Profiles\1l93yh1a.default\cookies.txt[.bluestreak.com/]
00173905 Cookie/Xmts TrackingCookie No 0 Yes No C:\Documents and Settings\Andrew\Cookies\andrew@xmts[1].txt
00175950 Cookie/cs.sexcounter TrackingCookie No 0 Yes No C:\Documents and Settings\Andrew\Application Data\Netscape\NSB\Profiles\1l93yh1a.default\cookies.txt[.cs.sexcounter.com/]
00175950 Cookie/cs.sexcounter TrackingCookie No 0 Yes No C:\Documents and Settings\Andrew\Application Data\Netscape\NSB\Profiles\1l93yh1a.default\cookies.txt[.cs.sexcounter.com/]
00175950 Cookie/cs.sexcounter TrackingCookie No 0 Yes No C:\Documents and Settings\Andrew\Cookies\andrew@cs.sexcounter[2].txt
00182104 Cookie/Hitbox TrackingCookie No 0 Yes No C:\Documents and Settings\Andrew\Application Data\Netscape\NSB\Profiles\1l93yh1a.default\cookies.txt[.phg.hitbox.com/]
00182104 Cookie/Hitbox TrackingCookie No 0 Yes No C:\Documents and Settings\Andrew\Application Data\Netscape\NSB\Profiles\1l93yh1a.default\cookies.txt[.phg.hitbox.com/]
00182104 Cookie/Hitbox TrackingCookie No 0 Yes No C:\Documents and Settings\Andrew\Application Data\Netscape\NSB\Profiles\1l93yh1a.default\cookies.txt[.phg.hitbox.com/]
00184846 Cookie/Adrevolver TrackingCookie No 0 Yes No C:\Documents and Settings\Andrew\Cookies\andrew@adrevolver[3].txt
00184846 Cookie/Adrevolver TrackingCookie No 0 Yes No C:\Documents and Settings\Andrew\Cookies\andrew@adrevolver[5].txt
00186469 Cookie/Reliablestats TrackingCookie No 0 Yes No C:\Documents and Settings\Andrew\Cookies\andrew@stats1.reliablestats[1].txt
00187950 Cookie/bravenetA TrackingCookie No 0 Yes No C:\Documents and Settings\Andrew\Application Data\Netscape\NSB\Profiles\1l93yh1a.default\cookies.txt[.bravenet.com/]
00187950 Cookie/bravenetA TrackingCookie No 0 Yes No C:\Documents and Settings\Andrew\Cookies\andrew@bravenet[1].txt
00191644 Cookie/adultfriendfinder TrackingCookie No 0 Yes No C:\Documents and Settings\Andrew\Cookies\andrew@adultfriendfinder[2].txt
00194327 Cookie/Go TrackingCookie No 0 Yes No C:\Documents and Settings\Andrew\Application Data\Netscape\NSB\Profiles\1l93yh1a.default\cookies.txt[.go.com/]
00194327 Cookie/Go TrackingCookie No 0 Yes No C:\Documents and Settings\Andrew\Cookies\andrew@go[6].txt
00196960 Cookie/Belnk TrackingCookie No 0 Yes No C:\Documents and Settings\Andrew\Cookies\andrew@ath.belnk[1].txt
00199309 Cookie/Falkag TrackingCookie No 0 Yes No C:\Documents and Settings\Andrew\Cookies\andrew@sel.as-eu.falkag[2].txt
00199983 Cookie/Valueclick TrackingCookie No 0 Yes No C:\Documents and Settings\Andrew\Application Data\Netscape\NSB\Profiles\1l93yh1a.default\cookies.txt[.valueclick.com/]
00199983 Cookie/Valueclick TrackingCookie No 0 Yes No C:\Documents and Settings\Andrew\Application Data\Netscape\NSB\Profiles\1l93yh1a.default\cookies.txt[.valueclick.com/]
00199984 Cookie/Searchportal TrackingCookie No 0 Yes No C:\Documents and Settings\Andrew\Cookies\andrew@searchportal.information[1].txt
00207338 Cookie/Target TrackingCookie No 0 Yes No C:\Documents and Settings\Andrew\Application Data\Netscape\NSB\Profiles\1l93yh1a.default\cookies.txt[.target.com/]
00207338 Cookie/Target TrackingCookie No 0 Yes No C:\Documents and Settings\Andrew\Application Data\Netscape\NSB\Profiles\1l93yh1a.default\cookies.txt[.target.com/]
00207338 Cookie/Target TrackingCookie No 0 Yes No C:\Documents and Settings\Andrew\Cookies\andrew@target[1].txt
00207712 Cookie/360i TrackingCookie No 0 Yes No C:\Documents and Settings\Andrew\Cookies\andrew@ct.360i[1].txt
00207862 Cookie/did-it TrackingCookie No 0 Yes No C:\Documents and Settings\Andrew\Cookies\andrew@did-it[2].txt
00213141 Cookie/GoStats TrackingCookie No 0 Yes No C:\Documents and Settings\Andrew\Application Data\Netscape\NSB\Profiles\1l93yh1a.default\cookies.txt[.c3.gostats.com/]
00213141 Cookie/GoStats TrackingCookie No 0 Yes No C:\Documents and Settings\Andrew\Application Data\Netscape\NSB\Profiles\1l93yh1a.default\cookies.txt[.c3.gostats.com/]
00213141 Cookie/GoStats TrackingCookie No 0 Yes No C:\Documents and Settings\Andrew\Cookies\andrew@c3.gostats[1].txt
00213141 Cookie/GoStats TrackingCookie No 0 Yes No C:\Documents and Settings\Andrew\Application Data\Netscape\NSB\Profiles\1l93yh1a.default\cookies.txt[.c3.gostats.com/]
00213141 Cookie/GoStats TrackingCookie No 0 Yes No C:\Documents and Settings\Andrew\Application Data\Netscape\NSB\Profiles\1l93yh1a.default\cookies.txt[.c3.gostats.com/]
00216065 Cookie/Screensavers TrackingCookie No 0 Yes No C:\Documents and Settings\Andrew\Cookies\andrew@i.screensavers[1].txt
00241796 Application/MyWebSearch HackTools No 0 Yes No C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1011\A0207320.DLL
00241834 Application/MyWebSearch HackTools No 0 Yes No C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1011\A0207319.DLL
00249100 Cookie/Cgi-bin TrackingCookie No 0 Yes No C:\Documents and Settings\Andrew\Cookies\andrew@cgi-bin[10].txt
00262020 Cookie/Atwola TrackingCookie No 0 Yes No C:\Documents and Settings\Andrew\Application Data\Netscape\NSB\Profiles\1l93yh1a.default\cookies.txt[.atwola.com/]
00262020 Cookie/Atwola TrackingCookie No 0 Yes No C:\Documents and Settings\Andrew\Cookies\andrew@atwola[2].txt
00262021 Cookie/Kmpads TrackingCookie No 0 Yes No C:\Documents and Settings\Andrew\Cookies\andrew@kmpads[1].txt
00262025 Cookie/ErrorSafe TrackingCookie No 0 Yes No C:\Documents and Settings\Andrew\Cookies\andrew@errorsafe[2].txt
00286732 Cookie/Cgi-bin TrackingCookie No 0 Yes No C:\Documents and Settings\Andrew\Cookies\andrew@cgi-bin[2].txt
00286734 Cookie/Adserver TrackingCookie No 0 Yes No C:\Documents and Settings\Andrew\Cookies\andrew@adserver.filefront[1].txt
00286736 Cookie/Cgi-bin TrackingCookie No 0 Yes No C:\Documents and Settings\Andrew\Cookies\andrew@www6.addfreestats[1].txt
00286738 Cookie/Cgi-bin TrackingCookie No 0 Yes No C:\Documents and Settings\Andrew\Cookies\andrew@cgi-bin[13].txt
00293517 Cookie/AdDynamix TrackingCookie No 0 Yes No C:\Documents and Settings\Andrew\Cookies\andrew@ads.addynamix[1].txt
00296583 Cookie/DriveCleaner TrackingCookie No 0 Yes No C:\Documents and Settings\Andrew\Cookies\andrew@stats.drivecleaner[2].txt
00296584 Cookie/DriveCleaner TrackingCookie No 0 Yes No C:\Documents and Settings\Andrew\Cookies\andrew@drivecleaner[1].txt
00319799 Application/MyWebSearch HackTools No 0 Yes No C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1011\A0207348.DLL
00320977 Cookie/Winantivirus TrackingCookie No 0 Yes No C:\Documents and Settings\Andrew\Cookies\andrew@www.winantivirus[1].txt
00325830 Cookie/Bridgetrack TrackingCookie No 0 Yes No C:\Documents and Settings\Andrew\Cookies\andrew@citi.bridgetrack[2].txt
00325830 Cookie/Bridgetrack TrackingCookie No 0 Yes No C:\Documents and Settings\Andrew\Application Data\Netscape\NSB\Profiles\1l93yh1a.default\cookies.txt[.citi.bridgetrack.com/]
00505449 Cookie/Winantivirus TrackingCookie No 0 Yes No C:\Documents and Settings\Andrew\Cookies\andrew@winantispyware[2].txt
00523287 Application/MyWebSearch HackTools No 0 Yes No C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1011\A0207321.DLL
00950035 Cookie/RegistryDefender TrackingCookie No 0 Yes No C:\Documents and Settings\Andrew\Cookies\andrew@registrydefender[1].txt
01196325 Cookie/Enhance TrackingCookie No 0 Yes No C:\Documents and Settings\Andrew\Cookies\andrew@enhance[2].txt
02747539 W32/Koobface.C.worm Virus/Worm No 0 Yes No C:\Documents and Settings\Andrew\d4fderx3_2604
02885963 Rootkit/Booto.C Virus/Worm No 0 Yes No C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1011\A0207600.sys
02885963 Rootkit/Booto.C Virus/Worm No 0 Yes No C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1006\A0206677.sys
02908816 Cookie/Starware TrackingCookie No 0 Yes No C:\Documents and Settings\Andrew\Cookies\andrew@h.starware[1].txt
;===================================================================================================================================================================================
SUSPECTS
Sent Location
;===================================================================================================================================================================================
;===================================================================================================================================================================================
VULNERABILITIES
Id Severity Description
;===================================================================================================================================================================================
;===================================================================================================================================================================================
alango1
Regular Member
 
Posts: 45
Joined: September 23rd, 2009, 5:21 pm

Re: browser hijacker and other problems

Unread postby alango1 » October 19th, 2009, 4:16 pm

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:15:10 PM, on 10/19/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16915)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Linksys\Linksys Wireless Manager\LinksysWirelessManager.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\America Online 9.0\aoltray.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\iPod\bin\iPodService.exe
c:\program files\aol\aim toolbar 5.0\AolTbServer.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\MSN\Toolbar\3.0.1125.0\msntask.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\trend micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell4me.com/myway
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: MSN Toolbar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN\Toolbar\3.0.1125.0\msneshellx.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O3 - Toolbar: AIM Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O3 - Toolbar: MSN Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.1125.0\msneshellx.dll
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [Linksys Wireless Manager] "C:\Program Files\Linksys\Linksys Wireless Manager\LinksysWirelessManager.exe" /cm /min /lcid 1033
O4 - HKLM\..\Run: [Microsoft Default Manager] "C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aim toolbar 5.0\resources\en-US\local\search.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra button: AIM Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan ... stubie.cab
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: MBackMonitor - McAfee - C:\Program Files\McAfee\MBK\MBackMonitor.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Pure Networks Platform Service (nmservice) - Cisco Systems, Inc. - C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

--
End of file - 9915 bytes
alango1
Regular Member
 
Posts: 45
Joined: September 23rd, 2009, 5:21 pm

Re: browser hijacker and other problems

Unread postby alango1 » October 19th, 2009, 4:21 pm

By the way, the computer is running well

thanks
alango1
Regular Member
 
Posts: 45
Joined: September 23rd, 2009, 5:21 pm

Re: browser hijacker and other problems

Unread postby Dakeyras » October 19th, 2009, 5:26 pm

Hi. :)

By the way, the computer is running well

thanks
Good to know and you are welcome!

Next:

  • Double-click OTM to start the program.
  • Copy the lines from the codebox to the clipboard by highlighting ALL of them and pressing CTRL + B (or, after highlighting, right-click and choose Copy):
Code: Select all
:Processes

:Files
C:\Documents and Settings\Andrew\d4fderx3_2604

:Commands
[Purity]
[EmptyTemp]
[Start Explorer]
[Reboot]
  • Return to OTM, right-click in the "Paste instructions for items to be moved" window (under the yellow bar) and choose Paste
  • Then click the red MoveIt! button.
  • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of it and pressing CTRL + C (or, after highlighting, right-click and choose Copy), and paste it into your next response.
  • If OTM asks to reboot your computer, allow it to do so. The report should appear in Notepad after the reboot.
  • Close OTM.

When completed the above, please post back the following:

  • How is you computer performing now? Any problems encountered and or any further symptoms?
  • OTM Log.
  • A new HijackThis Log.
User avatar
Dakeyras
MRU Honors Graduate
MRU Honors Graduate
 
Posts: 8804
Joined: November 21st, 2007, 5:30 am
Location: The Tundra

Re: browser hijacker and other problems

Unread postby alango1 » October 19th, 2009, 10:34 pm

All processes killed
========== PROCESSES ==========
========== FILES ==========
C:\Documents and Settings\Andrew\d4fderx3_2604 moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Andrew
->Temp folder emptied: 800 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Java cache emptied: 0 bytes

User: Dad
->Temp folder emptied: 47161 bytes
->Temporary Internet Files folder emptied: 12629606 bytes
->Java cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
File delete failed. C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
->Temporary Internet Files folder emptied: 33170 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
Windows Temp folder emptied: 1619 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 12.19 mb


OTM by OldTimer - Version 3.0.0.6 log created on 10192009_222508

Files moved on Reboot...

Registry entries deleted on Reboot...
alango1
Regular Member
 
Posts: 45
Joined: September 23rd, 2009, 5:21 pm

Re: browser hijacker and other problems

Unread postby alango1 » October 19th, 2009, 10:35 pm

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:35:24 PM, on 10/19/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16915)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
C:\WINDOWS\Explorer.EXE
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\notepad.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Linksys\Linksys Wireless Manager\LinksysWirelessManager.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\America Online 9.0\aoltray.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\internet explorer\iexplore.exe
c:\program files\aol\aim toolbar 5.0\AolTbServer.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\MSN\Toolbar\3.0.1125.0\msntask.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
c:\PROGRA~1\mcafee\msc\mcupdmgr.exe
c:\PROGRA~1\mcafee\msc\mcupdui.exe
C:\Program Files\trend micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell4me.com/myway
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: MSN Toolbar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN\Toolbar\3.0.1125.0\msneshellx.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O3 - Toolbar: AIM Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O3 - Toolbar: MSN Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.1125.0\msneshellx.dll
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [Linksys Wireless Manager] "C:\Program Files\Linksys\Linksys Wireless Manager\LinksysWirelessManager.exe" /cm /min /lcid 1033
O4 - HKLM\..\Run: [Microsoft Default Manager] "C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aim toolbar 5.0\resources\en-US\local\search.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra button: AIM Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan ... stubie.cab
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: MBackMonitor - McAfee - C:\Program Files\McAfee\MBK\MBackMonitor.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Pure Networks Platform Service (nmservice) - Cisco Systems, Inc. - C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

--
End of file - 10109 bytes
alango1
Regular Member
 
Posts: 45
Joined: September 23rd, 2009, 5:21 pm

Re: browser hijacker and other problems

Unread postby alango1 » October 19th, 2009, 10:38 pm

The system crashed after running OIT. I rebooted and retrieved the oit log and then ran hijackthis. Both logs are posted. Computer still performomg well overall.
alango1
Regular Member
 
Posts: 45
Joined: September 23rd, 2009, 5:21 pm

Re: browser hijacker and other problems

Unread postby Dakeyras » October 20th, 2009, 6:26 am

Hi. :)

The system crashed after running OIT.
No reason as to why it should have as the OTM script was quite a basic one, however Windows being what it is anything can happen unfortunately and in light of this I advise you run this type of maintenance as outlined in my tutorial below soon as possible(overnight would be ideal if not wanting to run it during daylight hours). It is even more prudent to do so since we have put your computers Hard-Drive thru the mill so to speak with all the scans etc:-

How to run CHKDSK(Disk Error Checking) in Windows XP

Do not perform the above however until after you have uninstalled/removed all the tools we have used during the malware removal process.

Computer still performomg well overall.
Good to know. :thumbup:

Next:

Congratulations your computer now appears to be malware free!

Now I have some tasks for your good self to carry out as part of a clean up process and some advice about online safety.

Importance of Regular System Maintenance:

I advice you read both of the below listed topics as this will go a long way to keeping your Computer performing well. Plus bare in mind my prior advice about upgrading the presently installed RAM(Random Access Memory).

Help! My computer is slow!

Also so is this:

What to do if your Computer is running slowly

Uninstall ComboFix:

  • Click on Start >> Run...
  • Now type in Combofix /u in the and click OK.
  • Note the space between the X and the U, it needs to be there.
  • Image

Clean up with OTM:

  • Double-click OTM to start the program.
  • Close all other programs apart from OTM as this step will require a reboot
  • On the OTM main screen, press the CleanUp! button
  • Say Yes to the prompt and then allow the program to reboot your computer.

The above process should clean up and remove the vast majority of scanners used and logs created etc.

Any left over merely delete yourself and empty the Recycle Bin.

Now some advice for on-line safety:

Malwarebyte's Anti-Malware:

This is a excellent application and I advise you keep this installed. Check for updates and run a scan once a week.

Other installed security software:

Your presently installed combination security application, McAfee SecurityCenter automatically checks for updates and downloads/installs them with every system reboot and or periodically if the machine is left running providing a internet connection is active.

I advise you also run a complete scan with this also once per week.

Erunt:

Emergency Recovery Utility NT, I advice you keep this installed as a means to keep a complete backup of your registry and restore it when needed.

Myself I would actually create a new back up once per week as this along with System Restore may prove to be invaluable if something unforeseen occurs!

Keep your system updated:

Microsoft releases patches for Windows and other products regularly:


Be careful when opening attachments and downloading files:

  • Never open email attachments, not even if they are from someone you know. If you need to open them, scan them with your antivirus program before opening.
  • Never open emails from unknown senders.
  • Beware of emails that warn about viruses that are spreading, especially those from antivirus vendors. These email addresses can be easily spoofed. Check the antivirus vendor websites to be sure.
  • Be careful of what you download. Only download files from known sources. Also, avoid cracked programs. If you need a particular program that costs too much for you, try finding free alternatives on Sourceforge or Pricelessware.

Stop malicious scripts:

Windows by default allow scripts (which is VBScript and JavaScript) to run and some of these scripts are malicious. Use Noscript by Symantec or Script Defender by AnalogX to handle these scripts.

Make your Internet Explorer safer:

  • From within Internet Explorer click on the Tools menu and then click on Options.
  • Click once on the Security tab
  • Click once on the Internet icon so it becomes highlighted.
  • Click once on the Custom Level button.
    • Change the Download signed ActiveX controls to Prompt
    • Change the Download unsigned ActiveX controls to Disable
    • Change the Initialise and script ActiveX controls not marked as safe to Disable
    • Change the Installation of desktop items to Prompt
    • Change the Launching programs and files in an IFRAME to Prompt
    • Change the Navigate sub-frames across different domains to Prompt
    • When all these settings have been made, click on the OK button.
    • If it prompts you as to whether or not you want to save the settings, press the Yes button.
  • Next press the Apply button and then the OK to exit the Internet Properties page.

Avoid Peer to Peer software:

P2P may be a great way to get lots of seemingly freeware, but it is a great way to get infected as well. There's no way to tell if the file being shared is infected. Worse still, some worms spread via P2P networks, infecting you as well. My advice avoid these types of software applications.

Hosts File:

A Hosts file is like a phone book. You look up someone's name in the phone book before calling him/her. Similarly, your computer will look up the website's IP address before you can view the website.

Hosts file will replace your current Hosts file with another one containing well-known advertisement sites, spyware sites and other bad sites. This new Hosts file will protect you by re-directing these bad sites to 127.0.0.1.

Here are some Hosts files:


Only use one of the above!

Finally a educational source:

To learn more about how to protect yourself while on the internet read this article by Tony Klein:

So how did I get infected in the first place?

Some consider this article outdated, personally I still think it bares relevance and the author is well respected in the Anti-Malware community and by myself also!

Any questions,feel free to ask? If not stay safe!
User avatar
Dakeyras
MRU Honors Graduate
MRU Honors Graduate
 
Posts: 8804
Joined: November 21st, 2007, 5:30 am
Location: The Tundra

Re: browser hijacker and other problems

Unread postby alango1 » October 20th, 2009, 8:14 am

Hi,

received your message and will perform these tasks when I get time later.

thanks very much

this was a lot of work, thanks for sharing your expertise; how do i repay you?
alango1
Regular Member
 
Posts: 45
Joined: September 23rd, 2009, 5:21 pm
Advertisement
Register to Remove

PreviousNext

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 283 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware