Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

I NEED HELP WITH THE VUNDO TROJAN and other Malware - PLEASE

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

I NEED HELP WITH THE VUNDO TROJAN and other Malware - PLEASE

Unread postby Piankhi » September 25th, 2007, 8:21 pm

I have my hijack this log please can someone help me find and remove the Trojan??

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:10:10 PM, on 9/25/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\$sys$filesystem\$sys$DRMServer.exe
C:\WINDOWS\CDProxyServ.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\System32\GEARSec.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
C:\Program Files\Norton Ghost\Agent\VProSvc.exe
C:\Program Files\SiteAdvisor\6172\SAService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\dllhost.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Norton Ghost\Agent\GhostTray.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
C:\Program Files\Dell Photo AIO Printer 964\dlcjmon.exe
C:\Program Files\Dell Photo AIO Printer 964\memcard.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
C:\Program Files\inKline Global\PC Booster\pcbooster.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\SiteAdvisor\6172\SiteAdv.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\dlcjcoms.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\AdwareAlert\AdwareAlert.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Documents and Settings\Big Wes\Desktop\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/def ... earch.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Comcast
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6172\SiteAdv.dll
O2 - BHO: McAfee AntiPhishing Filter - {41D68ED8-4CFF-4115-88A6-6EBB8AF19000} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptcl.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\Program Files\BAE\BAE.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6172\SiteAdv.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Norton Ghost 10.0] "C:\Program Files\Norton Ghost\Agent\GhostTray.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe /startup
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
O4 - HKLM\..\Run: [DLCJCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCJtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [dlcjmon.exe] "C:\Program Files\Dell Photo AIO Printer 964\dlcjmon.exe"
O4 - HKLM\..\Run: [MemoryCardManager] "C:\Program Files\Dell Photo AIO Printer 964\memcard.exe"
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [ComcastSUPPORT] C:\Program Files\Support.com\bin\tgkill.exe /cleaneahtioga /start
O4 - HKLM\..\Run: [MMTray] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe"
O4 - HKLM\..\Run: [PC Booster] C:\Program Files\inKline Global\PC Booster\pcbooster.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6172\SiteAdv.exe
O4 - HKLM\..\Run: [winshow] "C:\WINDOWS\winshow.exe"
O4 - HKLM\..\Run: [winprotector] "C:\WINDOWS\winprotector.exe"
O4 - HKLM\..\Run: [AAWTray] C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe
O4 - HKLM\..\Run: [SearchIndexer] rundll32.exe "C:\WINDOWS\system32\qlcwjpmp.dll",sitypnow
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [DW4] "C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe"
O4 - HKCU\..\Run: [AdwareAlert] C:\Program Files\AdwareAlert\AdwareAlert.exe -boot
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: (no name) - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O9 - Extra 'Tools' menuitem: McAfee AntiPhishing Filter - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Support - {5ADBB9A5-0C6C-449D-8665-18DEDCF0815C} - http://www.comcastsupport.com (file missing) (HKCU)
O9 - Extra button: ComcastHSI - {776590E3-E488-4B9F-93AB-EC10A11C85F9} - http://www.comcast.net (file missing) (HKCU)
O9 - Extra button: Help - {87B9AD9D-4B79-4582-9F48-77A2BC78139D} - http://www.comcast.net/memberservices/ (file missing) (HKCU)
O14 - IERESET.INF: START_PAGE_URL=http://www.comcast.net
O15 - Trusted Zone: *.errorprotector.com
O15 - Trusted Zone: *.systemdoctor.com
O15 - Trusted Zone: *.errorprotector.com (HKLM)
O15 - Trusted Zone: *.systemdoctor.com (HKLM)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/share ... insctl.cab
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Plug and Play Device Manager ($sys$DRMServer) - First 4 Internet Ltd - C:\WINDOWS\system32\$sys$filesystem\$sys$DRMServer.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: XCP CD Proxy (CD_Proxy) - Unknown owner - C:\WINDOWS\CDProxyServ.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: dlcj_device - Unknown owner - C:\WINDOWS\system32\dlcjcoms.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Norton Ghost\Agent\VProSvc.exe
O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6172\SAService.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

--
End of file - 15094 bytes
Piankhi
Regular Member
 
Posts: 24
Joined: September 25th, 2007, 8:14 pm
Advertisement
Register to Remove

Unread postby beynac » September 28th, 2007, 8:35 am

Welcome to Malware Removal.

ComboFix by sUBs
  • Download this file - ComboFix.exe
  • Close all open windows.
  • Double click ComboFix.exe and follow the prompts.
  • When finished, it will produce a log for you. Please post that log in your next reply
Important: Do not mouseclick ComboFix's window whilst it's running. That may cause it to stall

If necessary, please split the log into separate posts to ensure that they don't get cut off. It is important that I see the full log.

Note: ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.

------------------------------------------------

You are running HijackThis from your desktop. In order to save backups, it must be in its own folder. The easiest way to do this would be to delete your copy of HijackThis and download, and install, a new copy, as follows:

Please download HJTInstall.exe and save it to your desktop
  • Double click on the HJTInstall.exe icon on your desktop
  • Click I Accept
  • HijackThis will open
  • Click on the Do a system scan and save a log file button.
  • It will scan and then the log will open in notepad.
  • Paste the log as a reply to this thread.
  • Don't use the Analyse This button - its findings are dangerous if misinterpreted.
Do NOT have HijackThis fix anything yet.

-------------------------------------------

Please post the following, as a reply to this thread:
  • The ComboFix log
  • A new HijackThis log
User avatar
beynac
MRU Honors Grad Emeritus
 
Posts: 1638
Joined: February 14th, 2006, 12:14 pm
Location: Norwich, England

Unread postby Piankhi » September 28th, 2007, 1:49 pm

First part of the Combofix Log:

ComboFix 07-09-21.2 - "Big Wes" 2007-09-28 13:37:56.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1339 [GMT -4:00]
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\check_LSA7.txt
C:\WINDOWS\cookies.ini

.
((((((((((((((((((((((((( Files Created from 2007-08-28 to 2007-09-28 )))))))))))))))))))))))))))))))
.

2007-09-28 12:59 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-09-25 19:25 2,063,100 ---hs---- C:\WINDOWS\system32\bccdd.ini2
2007-09-25 19:06 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2007-09-25 19:06 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-09-25 19:06 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\SUPERAntiSpyware.com
2007-09-25 18:20 84,032 --a------ C:\WINDOWS\system32\qlcwjpmp.dll
2007-09-25 17:58 <DIR> d-------- C:\Program Files\AdwareAlert
2007-09-24 17:39 85,056 --a------ C:\WINDOWS\system32\wshqpxkd.dll
2007-09-24 17:36 2,013,704 ---hs---- C:\WINDOWS\system32\bccdd.bak2
2007-09-23 21:45 2,004,676 --ahs---- C:\WINDOWS\system32\oqstv.bak2
2007-09-23 19:58 2,004,676 --ahs---- C:\WINDOWS\system32\jlnmp.bak1
2007-09-23 16:27 6,448 --ahs---- C:\WINDOWS\system32\xybeg.bak2
2007-09-23 16:25 6,500 --ahs---- C:\WINDOWS\system32\xybeg.ini2
2007-09-23 16:18 2,014,885 --ahs---- C:\WINDOWS\system32\llkkj.bak2
2007-09-23 10:58 2,004,676 --ahs---- C:\WINDOWS\system32\bccdd.bak1
2007-09-22 22:18 2,004,676 --ahs---- C:\WINDOWS\system32\llkkj.bak1
2007-09-22 12:24 6,448 --ahs---- C:\WINDOWS\system32\oqstv.bak1
2007-09-21 06:59 87,616 --a------ C:\WINDOWS\system32\nvgepykv.dll
2007-09-20 21:15 83,008 --a------ C:\WINDOWS\system32\ljwgsoxg.dll
2007-09-16 16:00 107,888 --a------ C:\WINDOWS\system32\CmdLineExt.dll
2007-09-09 08:24 <DIR> d-------- C:\Program Files\SiteAdvisor
2007-09-09 08:24 <DIR> d-------- C:\DOCUME~1\LOCALS~1\APPLIC~1\SiteAdvisor
2007-09-09 08:24 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\SiteAdvisor
2007-09-09 08:23 71,496 --a------ C:\WINDOWS\system32\drivers\mfeavfk.sys
2007-09-09 08:23 37,480 --a------ C:\WINDOWS\system32\drivers\mfesmfk.sys
2007-09-09 08:23 34,184 --a------ C:\WINDOWS\system32\drivers\mfebopk.sys
2007-09-09 08:23 32,008 --a------ C:\WINDOWS\system32\drivers\mferkdk.sys
2007-09-09 08:23 170,408 --a------ C:\WINDOWS\system32\drivers\mfehidk.sys
2007-09-09 08:22 109,608 --a------ C:\WINDOWS\system32\drivers\Mpfp.sys
2007-09-09 08:21 <DIR> d-------- C:\Program Files\Common Files\McAfee

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-09-28 07:24 --------- d-------- C:\Program Files\Dl_cats
2007-09-20 11:41 3350 --ahsc--- C:\WINDOWS\system32\KGyGaAvL.sys
2007-09-16 15:51 --------- d-------- C:\Program Files\EA GAMES
2007-09-09 09:06 --------- d-------- C:\Program Files\McAfee.com
2007-09-09 09:06 --------- d-------- C:\Program Files\McAfee
2007-09-09 09:06 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\McAfee.com
2007-09-09 09:06 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\McAfee
2007-08-08 20:05 --------- d-------- C:\Program Files\The Weather Channel FW
2007-08-08 19:57 --------- d-------- C:\Program Files\Audible
2007-08-08 19:56 --------- d-------- C:\Program Files\Common Files\xing shared
2007-08-08 19:56 --------- d-------- C:\Program Files\Common Files\Real
2007-07-31 18:53 61424 --a------ C:\WINDOWS\system32\drivers\cdr4_xp.sys
2007-07-31 18:53 57344 --a------ C:\WINDOWS\uneng.exe
2007-07-31 18:53 49152 --a------ C:\WINDOWS\system32\cdrtc.dll
2007-07-31 18:53 45056 --a------ C:\WINDOWS\system32\cdral.dll
2007-07-31 18:53 23436 --a------ C:\WINDOWS\system32\drivers\cdralw2k.sys
2007-07-31 18:53 --------- d-------- C:\Program Files\Roxio
2007-07-31 18:53 --------- d-------- C:\Program Files\directx
2007-07-31 18:53 --------- d-------- C:\Program Files\Common Files\Roxio Shared
2007-07-31 18:53 --------- d-------- C:\Program Files\Common Files\Adaptec Shared
2007-07-31 18:43 --------- d--h----- C:\Program Files\InstallShield Installation Information
2007-07-30 19:19 92504 --a------ C:\WINDOWS\system32\dllcache\cdm.dll
2007-07-30 19:19 92504 --a------ C:\WINDOWS\system32\cdm.dll
2007-07-30 19:19 549720 --a------ C:\WINDOWS\system32\wuapi.dll
2007-07-30 19:19 549720 --a------ C:\WINDOWS\system32\dllcache\wuapi.dll
2007-07-30 19:19 53080 --a------ C:\WINDOWS\system32\wuauclt.exe
2007-07-30 19:19 53080 --a------ C:\WINDOWS\system32\dllcache\wuauclt.exe
2007-07-30 19:19 43352 --a------ C:\WINDOWS\system32\wups2.dll
2007-07-30 19:19 325976 --a------ C:\WINDOWS\system32\wucltui.dll
2007-07-30 19:19 325976 --a------ C:\WINDOWS\system32\dllcache\wucltui.dll
2007-07-30 19:19 203096 --a------ C:\WINDOWS\system32\wuweb.dll
2007-07-30 19:19 203096 --a------ C:\WINDOWS\system32\dllcache\wuweb.dll
2007-07-30 19:19 1712984 --a------ C:\WINDOWS\system32\wuaueng.dll
2007-07-30 19:19 1712984 --a------ C:\WINDOWS\system32\dllcache\wuaueng.dll
2007-07-30 19:18 33624 --a------ C:\WINDOWS\system32\wups.dll
2007-07-30 19:18 33624 --a------ C:\WINDOWS\system32\dllcache\wups.dll
2007-07-19 02:59 3583488 --a------ C:\WINDOWS\system32\dllcache\mshtml.dll
2007-07-12 19:31 765952 --a------ C:\WINDOWS\system32\dllcache\vgx.dll
2006-12-21 13:41 5696560 --a--c--- C:\Program Files\R142470.EXE
2006-11-18 18:33 798186 --a--c--- C:\Program Files\E113.ZIP
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
Piankhi
Regular Member
 
Posts: 24
Joined: September 25th, 2007, 8:14 pm

Unread postby Piankhi » September 28th, 2007, 1:50 pm

2nd part of the Combofix Log:

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-09-29 14:01]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-10-14 20:49]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-10-14 20:46]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-10-14 20:50]
"DMXLauncher"="C:\Program Files\Dell\Media Experience\DMXLauncher.exe" [2005-10-05 03:12]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2004-12-13 15:30]
"Norton Ghost 10.0"="C:\Program Files\Norton Ghost\Agent\GhostTray.exe" [2005-12-07 16:05]
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 10:44]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 10:44]
"MSKDetectorExe"="C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe" [2006-11-07 15:49]
"DLA"="C:\WINDOWS\System32\DLA\DLACTRLW.EXE" [2005-09-08 05:20]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2007-07-23 15:59]
"MSKAGENTEXE"="C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe" [2005-09-26 11:26]
"DLCJCATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCJtime.dll" [2005-08-15 05:40]
"dlcjmon.exe"="C:\Program Files\Dell Photo AIO Printer 964\dlcjmon.exe" [2005-08-12 08:47]
"MemoryCardManager"="C:\Program Files\Dell Photo AIO Printer 964\memcard.exe" [2005-08-10 02:12]
"BJCFD"="C:\Program Files\BroadJump\Client Foundation\CFD.exe" [2001-12-17 12:18]
"ComcastSUPPORT"="C:\Program Files\Support.com\bin\tgkill.exe" []
"MMTray"="C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe" [2005-09-08 19:20]
"PC Booster"="C:\Program Files\inKline Global\PC Booster\pcbooster.exe" [2003-09-17 13:42]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-05-01 18:33]
"SiteAdvisor"="C:\Program Files\SiteAdvisor\6172\SiteAdv.exe" [2007-08-24 17:57]
"winprotector"="C:\WINDOWS\winprotector.exe" []
"AAWTray"="C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe" []
"SearchIndexer"="C:\WINDOWS\system32\qlcwjpmp.dll" [2007-09-25 18:20]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 05:00]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-05-26 08:13]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2006-10-24 17:10]
"DellSupport"="C:\Program Files\DellSupport\DSAgnt.exe" [2007-03-15 11:09]
"DW4"="C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe" [2007-03-16 07:51]
"AdwareAlert"="C:\Program Files\AdwareAlert\AdwareAlert.exe" [2007-09-17 12:17]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-06-21 14:06]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t

C:\DOCUME~1\ALLUSE~1\STARTM~1\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 04:44:06]
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2006-05-30 23:49:58]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

R0 $sys$cor;$sys$cor;C:\WINDOWS\system32\Drivers\$sys$cor.sys
R1 $sys$crater;$sys$crater;\??\C:\WINDOWS\system32\$sys$filesystem\crater.sys
R1 V2IMount;V2IMount;C:\WINDOWS\system32\drivers\V2IMount.sys
R2 $sys$DRMServer;Plug and Play Device Manager;C:\WINDOWS\system32\$sys$filesystem\$sys$DRMServer.exe
R2 CD_Proxy;XCP CD Proxy;C:\WINDOWS\CDProxyServ.exe
S3 iatmunin;iatmunin;\??\C:\DOCUME~1\BIGWES~1\LOCALS~1\Temp\iatmunin.sys


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}]
AutoRun\command- E:\setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a01c3480-6f88-11db-a147-00121777935b}]
AutoRun\command- L:\setupSNK.exe

*Newly Created Service* - CATCHME
*Newly Created Service* - VPROEVENTMONITOR
.
Contents of the 'Scheduled Tasks' folder
"2007-09-28 15:48:11 C:\WINDOWS\Tasks\AdwareAlert Scheduled Scan.job"
"2007-09-15 05:00:03 C:\WINDOWS\Tasks\McDefragTask.job"
- c:\PROGRA~1\mcafee\mqc\QcConsol.exe
"2007-09-09 12:22:33 C:\WINDOWS\Tasks\McQcTask.job"
- c:\PROGRA~1\mcafee\mqc\QcConsol.exe
.
**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-09-28 13:40:15
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
DLCJCATS = rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCJtime.dll,_RunDLLEntry@16

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\$sys$cor]
"ImagePath"="System32\Drivers\$sys$cor.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\$sys$crater]
"ImagePath"="\??\C:\WINDOWS\system32\$sys$filesystem\crater.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\$sys$DRMServer]
"ImagePath"="C:\WINDOWS\system32\$sys$filesystem\$sys$DRMServer.exe"
.
Completion time: 2007-09-28 13:41:10
C:\ComboFix-quarantined-files.txt ... 2007-09-28 13:41
.
--- E O F ---
Piankhi
Regular Member
 
Posts: 24
Joined: September 25th, 2007, 8:14 pm

Unread postby Piankhi » September 28th, 2007, 1:51 pm

Hijiack This Log File:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:47:31 PM, on 9/28/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\$sys$filesystem\$sys$DRMServer.exe
C:\WINDOWS\CDProxyServ.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\System32\GEARSec.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\WINDOWS\ehome\ehtray.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Norton Ghost\Agent\GhostTray.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
C:\Program Files\Dell Photo AIO Printer 964\dlcjmon.exe
C:\Program Files\Dell Photo AIO Printer 964\memcard.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
C:\Program Files\inKline Global\PC Booster\pcbooster.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\SiteAdvisor\6172\SiteAdv.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe
C:\Program Files\AdwareAlert\AdwareAlert.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Norton Ghost\Agent\VProSvc.exe
C:\Program Files\SiteAdvisor\6172\SAService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\dlcjcoms.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/def ... earch.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6172\SiteAdv.dll
O2 - BHO: McAfee AntiPhishing Filter - {41D68ED8-4CFF-4115-88A6-6EBB8AF19000} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptcl.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\Program Files\BAE\BAE.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6172\SiteAdv.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Norton Ghost 10.0] "C:\Program Files\Norton Ghost\Agent\GhostTray.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe /startup
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
O4 - HKLM\..\Run: [DLCJCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCJtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [dlcjmon.exe] "C:\Program Files\Dell Photo AIO Printer 964\dlcjmon.exe"
O4 - HKLM\..\Run: [MemoryCardManager] "C:\Program Files\Dell Photo AIO Printer 964\memcard.exe"
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [ComcastSUPPORT] C:\Program Files\Support.com\bin\tgkill.exe /cleaneahtioga /start
O4 - HKLM\..\Run: [MMTray] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe"
O4 - HKLM\..\Run: [PC Booster] C:\Program Files\inKline Global\PC Booster\pcbooster.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6172\SiteAdv.exe
O4 - HKLM\..\Run: [winprotector] "C:\WINDOWS\winprotector.exe"
O4 - HKLM\..\Run: [AAWTray] C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe
O4 - HKLM\..\Run: [SearchIndexer] rundll32.exe "C:\WINDOWS\system32\qlcwjpmp.dll",sitypnow
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [DW4] "C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe"
O4 - HKCU\..\Run: [AdwareAlert] C:\Program Files\AdwareAlert\AdwareAlert.exe -boot
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: (no name) - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O9 - Extra 'Tools' menuitem: McAfee AntiPhishing Filter - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Support - {5ADBB9A5-0C6C-449D-8665-18DEDCF0815C} - http://www.comcastsupport.com (file missing) (HKCU)
O9 - Extra button: ComcastHSI - {776590E3-E488-4B9F-93AB-EC10A11C85F9} - http://www.comcast.net (file missing) (HKCU)
O9 - Extra button: Help - {87B9AD9D-4B79-4582-9F48-77A2BC78139D} - http://www.comcast.net/memberservices/ (file missing) (HKCU)
O14 - IERESET.INF: START_PAGE_URL=http://www.comcast.net
O15 - Trusted Zone: *.errorprotector.com
O15 - Trusted Zone: *.systemdoctor.com
O15 - Trusted Zone: *.errorprotector.com (HKLM)
O15 - Trusted Zone: *.systemdoctor.com (HKLM)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/share ... insctl.cab
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Plug and Play Device Manager ($sys$DRMServer) - First 4 Internet Ltd - C:\WINDOWS\system32\$sys$filesystem\$sys$DRMServer.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: XCP CD Proxy (CD_Proxy) - Unknown owner - C:\WINDOWS\CDProxyServ.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: dlcj_device - Unknown owner - C:\WINDOWS\system32\dlcjcoms.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Norton Ghost\Agent\VProSvc.exe
O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6172\SAService.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

--
End of file - 14709 bytes
Piankhi
Regular Member
 
Posts: 24
Joined: September 25th, 2007, 8:14 pm

Unread postby beynac » September 28th, 2007, 5:17 pm

Good evening.

VundoFix

Please download VundoFix.exe to your desktop.
  • Double-click VundoFix.exe to run it.
  • Click the Scan for Vundo button.
  • Once it's done scanning, click the Remove Vundo button.
  • You will receive a prompt asking if you want to remove the files, click YES
  • Once you click yes, your desktop will go blank as it starts removing Vundo.
  • When completed, it will prompt that it will reboot your computer, click OK.
  • It will create a report named vundofix.txt on your main drive (C:\vundofix.txt)
Note: It is possible that VundoFix may encounter a file it cannot remove.
In this case, VundoFix will run on reboot. Simply follow the above instructions starting from "Click the Scan for Vundo button" when VundoFix appears at reboot.

-------------------------------------------

Please run another HijackThis scan and post the following, as a reply to this thread:
  • The VundoFix report (C:\vundofix.txt)
  • A new HijackThis log
User avatar
beynac
MRU Honors Grad Emeritus
 
Posts: 1638
Joined: February 14th, 2006, 12:14 pm
Location: Norwich, England

Unread postby Piankhi » September 29th, 2007, 2:53 pm

i also have Generix dx Trojan as well. Btu here is the Vundo fix log:

VundoFix V6.5.9

Checking Java version...

Java version is 1.4.2.3
Old versions of java are exploitable and should be removed.

Scan started at 1:59:43 PM 9/29/2007

Listing files found while scanning....

C:\windows\system32\gxosgwjl.ini
C:\windows\system32\ljwgsoxg.dll
C:\WINDOWS\system32\qlcwjpmp.dll

Beginning removal...

Attempting to delete C:\windows\system32\gxosgwjl.ini
C:\windows\system32\gxosgwjl.ini Has been deleted!

Attempting to delete C:\windows\system32\ljwgsoxg.dll
C:\windows\system32\ljwgsoxg.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\qlcwjpmp.dll
C:\WINDOWS\system32\qlcwjpmp.dll Could not be deleted.

Performing Repairs to the registry.
Done!

VundoFix V6.5.9

Checking Java version...

Java version is 1.4.2.3
Old versions of java are exploitable and should be removed.

Scan started at 2:38:01 PM 9/29/2007

Listing files found while scanning....

No infected files were found.


Beginning removal...



Below is the New hijack this log.


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:49:13 PM, on 9/29/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\$sys$filesystem\$sys$DRMServer.exe
C:\WINDOWS\CDProxyServ.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\System32\GEARSec.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
C:\Program Files\Norton Ghost\Agent\VProSvc.exe
C:\Program Files\SiteAdvisor\6172\SAService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Norton Ghost\Agent\GhostTray.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
C:\Program Files\Dell Photo AIO Printer 964\dlcjmon.exe
C:\Program Files\Dell Photo AIO Printer 964\memcard.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
C:\Program Files\inKline Global\PC Booster\pcbooster.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\SiteAdvisor\6172\SiteAdv.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\dlcjcoms.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe
C:\Program Files\AdwareAlert\AdwareAlert.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/def ... earch.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6172\SiteAdv.dll
O2 - BHO: McAfee AntiPhishing Filter - {41D68ED8-4CFF-4115-88A6-6EBB8AF19000} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptcl.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\Program Files\BAE\BAE.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6172\SiteAdv.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Norton Ghost 10.0] "C:\Program Files\Norton Ghost\Agent\GhostTray.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe /startup
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
O4 - HKLM\..\Run: [DLCJCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCJtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [dlcjmon.exe] "C:\Program Files\Dell Photo AIO Printer 964\dlcjmon.exe"
O4 - HKLM\..\Run: [MemoryCardManager] "C:\Program Files\Dell Photo AIO Printer 964\memcard.exe"
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [ComcastSUPPORT] C:\Program Files\Support.com\bin\tgkill.exe /cleaneahtioga /start
O4 - HKLM\..\Run: [MMTray] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe"
O4 - HKLM\..\Run: [PC Booster] C:\Program Files\inKline Global\PC Booster\pcbooster.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6172\SiteAdv.exe
O4 - HKLM\..\Run: [winprotector] "C:\WINDOWS\winprotector.exe"
O4 - HKLM\..\Run: [AAWTray] C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [DW4] "C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe"
O4 - HKCU\..\Run: [AdwareAlert] C:\Program Files\AdwareAlert\AdwareAlert.exe -boot
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: (no name) - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O9 - Extra 'Tools' menuitem: McAfee AntiPhishing Filter - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Support - {5ADBB9A5-0C6C-449D-8665-18DEDCF0815C} - http://www.comcastsupport.com (file missing) (HKCU)
O9 - Extra button: ComcastHSI - {776590E3-E488-4B9F-93AB-EC10A11C85F9} - http://www.comcast.net (file missing) (HKCU)
O9 - Extra button: Help - {87B9AD9D-4B79-4582-9F48-77A2BC78139D} - http://www.comcast.net/memberservices/ (file missing) (HKCU)
O14 - IERESET.INF: START_PAGE_URL=http://www.comcast.net
O15 - Trusted Zone: *.errorprotector.com
O15 - Trusted Zone: *.systemdoctor.com
O15 - Trusted Zone: *.errorprotector.com (HKLM)
O15 - Trusted Zone: *.systemdoctor.com (HKLM)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/share ... insctl.cab
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Plug and Play Device Manager ($sys$DRMServer) - First 4 Internet Ltd - C:\WINDOWS\system32\$sys$filesystem\$sys$DRMServer.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: XCP CD Proxy (CD_Proxy) - Unknown owner - C:\WINDOWS\CDProxyServ.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: dlcj_device - Unknown owner - C:\WINDOWS\system32\dlcjcoms.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Norton Ghost\Agent\VProSvc.exe
O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6172\SAService.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

--
End of file - 14585 bytes
[/u][/i]
Piankhi
Regular Member
 
Posts: 24
Joined: September 25th, 2007, 8:14 pm

Unread postby beynac » September 29th, 2007, 4:57 pm

Good evening.

i also have Generix dx Trojan as well.

We've still got quite a lot to get rid of. :)

---------------------------------------------

Run HijackThis and click Scan and then check (tick) the following, if present (don't worry if any are missing):

O4 - HKLM\..\Run: [winprotector] "C:\WINDOWS\winprotector.exe"
O15 - Trusted Zone: *.errorprotector.com
O15 - Trusted Zone: *.systemdoctor.com
O15 - Trusted Zone: *.errorprotector.com (HKLM)
O15 - Trusted Zone: *.systemdoctor.com (HKLM)


Close down all programs, browsers and other open windows. Make sure that only the above items are checked and then click on Fix checked.

---------------------------------------------

Download OTMoveIt by OldTimer to your Desktop.
  • Double-click OTMoveIt.exe to launch it.
  • Copy/Paste the contents of the box below into the left hand pane of OTMoveIt.
C:\WINDOWS\winprotector.exe
C:\WINDOWS\system32\bccdd.ini2
C:\WINDOWS\system32\qlcwjpmp.dll
C:\WINDOWS\system32\wshqpxkd.dll
C:\WINDOWS\system32\bccdd.bak2
C:\WINDOWS\system32\oqstv.bak2
C:\WINDOWS\system32\jlnmp.bak1
C:\WINDOWS\system32\xybeg.bak2
C:\WINDOWS\system32\xybeg.ini2
C:\WINDOWS\system32\llkkj.bak2
C:\WINDOWS\system32\bccdd.bak1
C:\WINDOWS\system32\llkkj.bak1
C:\WINDOWS\system32\oqstv.bak1
C:\WINDOWS\system32\nvgepykv.dll
C:\WINDOWS\system32\ljwgsoxg.dll


  • Click the Move It button.
  • The list will be processed and the results will appear in the right hand pane.
  • If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.
  • When finished click Exit to exit the programme.
  • A log - C:\_OTMoveIt\MovedFiles\mmddyyyy_hhmmss.log will be created (where mmddyyyy_hhmmss are numbers giving date and time the log was created).
--------------------------------------------

Reboot the computer

----------------------------------------------

F-Secure BlackLight

Please download F-Secure Blacklight (fsbl.exe) from here.
  • Click I ACCEPT and download the graphical user interface version to your Desktop
  • Double click the file to run it, choose I accept the agreement then click Scan
  • It will create a log on your desktop (fsbl-date/time.log).
  • If it finds anything, do not rename any. Legitimate items can also be present.
  • Exit Blacklight
Please post the contents of the log as a reply to this thread.

----------------------------------------------

ATF Cleaner by Atribune ©

Download ATF Cleaner by Atribune © from here : http://www.atribune.org/ccount/click.php?id=1
This is a stand-alone program that does not need to be installed. Save it to a convenient location and make a shortcut on your desktop. Using this program will remove temporary files, temporary internet files and cookies from your system, which will mean that any scans will run faster.
  • Make sure that all browser windows are closed
  • Double-click the shortcut on your desktop to run the program.
  • Under Main, choose Select All
  • Untick Prefetch
  • Click Empty Selected
  • If you use Firefox browser,
    • Click Firefox at the top and choose Select All
    • Click on Empty Selected
    • NOTE: If you would like to keep any saved passwords, please untick that option.
  • Click Exit to close.
  • If you use Opera browser,
    • Click Opera at the top and choose Select All
    • Click on Empty Selected
    • NOTE: If you would like to keep any saved passwords, please untick that option.
  • Click Exit to close.
--------------------------------------------

AVG Anti-Spyware:

Download the trial version of AVG Anti-Spyware from here and install it. When the program has been installed, and you click the Finish button, AVG Anti-Spyware will open. Do not run a scan yet.

If the program does not automatically update itself during installation, or you are unsure whether it has done so, please do the following:
  • Click the Update icon at the top and under Manual Update click the Start update button.
  • The program will either update or inform you that no update was available.
  • It is essential that you get the update - keep trying until successful.
You will need to change the following settings:
  • Click the Shield icon at the top and under Resident shield is... click active. This should now change to inactive.
  • Click the Update icon and untick the automatic update option.
  • Click on Scanner on the toolbar.
  • Click on the Settings tab.
    • Under How to act? - make sure that Quarantine is selected.
    • Under How to scan? - All checkboxes should be ticked.
    • Under Possibly unwanted software - All checkboxes should be ticked.
    • Under Reports - Select Do not automatically generate reports.
    • Under What to scan? - Select Scan every file.
You can now close AVG Anti-Spyware. Do not scan yet.

---------------------------------------------------

Boot to Safe Mode.

You will need to reboot your computer into Safe Mode for the next steps. It would be a good idea for you to print these instructions, as you will not have access to the internet.

Important: If you have an always on connection to the internet, physically disconnect that connection until you are finished with Safe Mode and have rebooted back into normal mode. I suggest that you print out these instructions.
  • Restart your computer.
  • Continually tap the F8 button as your computer is booting (a menu appears).
  • Use up-arrow key to select Safe Mode and press Enter.
------------------------------------------------

Run AVG Anti-Spyware:

Close all open windows and then start AVG Anti-Spyware, which you downloaded earlier
  • Click on Scanner on the toolbar.
  • Click on Complete System Scan to start the scan process.
  • Let the program scan your computer.
  • When the scan has finished, follow the instructions below:
    • Make sure that Set all elements to: shows Quarantine
    • Important: Click on the Apply all Actions button (*** This must done before saving the report ***)
    • When the program has finished, it will display the message All actions have been applied.
    • Then click the Save Scan Report button.
    • Click the Save Report as button.
    • Save the report to your Desktop.
  • Right-click the AVG Tray Icon and select Exit.
-----------------------------------------------------------------

Reboot in Normal Mode

---------------------------------------------------------------

Please run another HijackThis scan and post the following, as a reply to this thread:
  • The OTMoveIt log
  • The Blacklight log
  • The AVG Anti-Spyware report
  • A new HijackThis log
User avatar
beynac
MRU Honors Grad Emeritus
 
Posts: 1638
Joined: February 14th, 2006, 12:14 pm
Location: Norwich, England

Unread postby Piankhi » September 30th, 2007, 2:26 am

OT Moveit didn't create a log it said zero items found.

Black light report:

09/29/07 23:59:17 [Info]: BlackLight Engine 1.0.64 initialized
09/29/07 23:59:17 [Info]: OS: 5.1 build 2600 (Service Pack 2)
09/29/07 23:59:18 [Note]: 7019 4
09/29/07 23:59:18 [Note]: 7005 0
09/29/07 23:59:54 [Note]: 7006 0
09/29/07 23:59:54 [Note]: 7011 2924
09/29/07 23:59:55 [Note]: 7026 0
09/29/07 23:59:55 [Note]: 7026 0
09/30/07 00:00:01 [Note]: FSRAW library version 1.7.1022
09/30/07 00:07:36 [Note]: 2000 1012
09/30/07 00:11:39 [Note]: 7007 0


AVG Report:


AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 2:11:20 AM 9/30/2007

+ Scan result:



HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AdwareAlert_is1 -> Adware.GoodByeSpyware : Cleaned with backup (quarantined).
C:\Program Files\DIGStream\digstream.exe -> Not-A-Virus.Downloader.Win32.DigStream : Cleaned with backup (quarantined).
:mozilla.213:C:\Documents and Settings\Holly\Application Data\Mozilla\Firefox\Profiles\aiclfcrx.default\cookies.txt -> TrackingCookie.247realmedia : Cleaned.
:mozilla.214:C:\Documents and Settings\Holly\Application Data\Mozilla\Firefox\Profiles\aiclfcrx.default\cookies.txt -> TrackingCookie.247realmedia : Cleaned.
:mozilla.215:C:\Documents and Settings\Holly\Application Data\Mozilla\Firefox\Profiles\aiclfcrx.default\cookies.txt -> TrackingCookie.247realmedia : Cleaned.
:mozilla.278:C:\Documents and Settings\Big Wes\Application Data\Mozilla\Firefox\Profiles\tccigict.default\cookies.txt -> TrackingCookie.247realmedia : Cleaned.
:mozilla.279:C:\Documents and Settings\Big Wes\Application Data\Mozilla\Firefox\Profiles\tccigict.default\cookies.txt -> TrackingCookie.247realmedia : Cleaned.
C:\Documents and Settings\Big Wes\Application Data\AdwareAlert\Quarantine\29-09-2007-14-42-47\10000.qit -> TrackingCookie.247realmedia : Cleaned.
:mozilla.11:C:\Documents and Settings\Khalif\Application Data\Mozilla\Firefox\Profiles\uh89gd0a.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.12:C:\Documents and Settings\Khalif\Application Data\Mozilla\Firefox\Profiles\uh89gd0a.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.13:C:\Documents and Settings\Khalif\Application Data\Mozilla\Firefox\Profiles\uh89gd0a.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.14:C:\Documents and Settings\Khalif\Application Data\Mozilla\Firefox\Profiles\uh89gd0a.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.18:C:\Documents and Settings\Khalif\Application Data\Mozilla\Firefox\Profiles\uh89gd0a.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.299:C:\Documents and Settings\Big Wes\Application Data\Mozilla\Firefox\Profiles\tccigict.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.300:C:\Documents and Settings\Big Wes\Application Data\Mozilla\Firefox\Profiles\tccigict.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.301:C:\Documents and Settings\Big Wes\Application Data\Mozilla\Firefox\Profiles\tccigict.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.302:C:\Documents and Settings\Big Wes\Application Data\Mozilla\Firefox\Profiles\tccigict.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.382:C:\Documents and Settings\Holly\Application Data\Mozilla\Firefox\Profiles\aiclfcrx.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.441:C:\Documents and Settings\Holly\Application Data\Mozilla\Firefox\Profiles\aiclfcrx.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.446:C:\Documents and Settings\Big Wes\Application Data\Mozilla\Firefox\Profiles\tccigict.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.463:C:\Documents and Settings\Holly\Application Data\Mozilla\Firefox\Profiles\aiclfcrx.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.590:C:\Documents and Settings\Big Wes\Application Data\Mozilla\Firefox\Profiles\tccigict.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.6:C:\Documents and Settings\Khalif\Application Data\Mozilla\Firefox\Profiles\uh89gd0a.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.755:C:\Documents and Settings\Holly\Application Data\Mozilla\Firefox\Profiles\aiclfcrx.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.779:C:\Documents and Settings\Holly\Application Data\Mozilla\Firefox\Profiles\aiclfcrx.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.78:C:\Documents and Settings\Holly\Application Data\Mozilla\Firefox\Profiles\aiclfcrx.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.79:C:\Documents and Settings\Holly\Application Data\Mozilla\Firefox\Profiles\aiclfcrx.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.80:C:\Documents and Settings\Holly\Application Data\Mozilla\Firefox\Profiles\aiclfcrx.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.81:C:\Documents and Settings\Holly\Application Data\Mozilla\Firefox\Profiles\aiclfcrx.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.82:C:\Documents and Settings\Holly\Application Data\Mozilla\Firefox\Profiles\aiclfcrx.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.83:C:\Documents and Settings\Holly\Application Data\Mozilla\Firefox\Profiles\aiclfcrx.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.84:C:\Documents and Settings\Holly\Application Data\Mozilla\Firefox\Profiles\aiclfcrx.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.85:C:\Documents and Settings\Holly\Application Data\Mozilla\Firefox\Profiles\aiclfcrx.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.86:C:\Documents and Settings\Holly\Application Data\Mozilla\Firefox\Profiles\aiclfcrx.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.87:C:\Documents and Settings\Holly\Application Data\Mozilla\Firefox\Profiles\aiclfcrx.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.88:C:\Documents and Settings\Holly\Application Data\Mozilla\Firefox\Profiles\aiclfcrx.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.89:C:\Documents and Settings\Holly\Application Data\Mozilla\Firefox\Profiles\aiclfcrx.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.90:C:\Documents and Settings\Holly\Application Data\Mozilla\Firefox\Profiles\aiclfcrx.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.91:C:\Documents and Settings\Holly\Application Data\Mozilla\Firefox\Profiles\aiclfcrx.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.92:C:\Documents and Settings\Holly\Application Data\Mozilla\Firefox\Profiles\aiclfcrx.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.93:C:\Documents and Settings\Holly\Application Data\Mozilla\Firefox\Profiles\aiclfcrx.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.94:C:\Documents and Settings\Holly\Application Data\Mozilla\Firefox\Profiles\aiclfcrx.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.95:C:\Documents and Settings\Holly\Application Data\Mozilla\Firefox\Profiles\aiclfcrx.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.211:C:\Documents and Settings\Big Wes\Application Data\Mozilla\Firefox\Profiles\tccigict.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.212:C:\Documents and Settings\Big Wes\Application Data\Mozilla\Firefox\Profiles\tccigict.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.213:C:\Documents and Settings\Big Wes\Application Data\Mozilla\Firefox\Profiles\tccigict.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.217:C:\Documents and Settings\Big Wes\Application Data\Mozilla\Firefox\Profiles\tccigict.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.481:C:\Documents and Settings\Holly\Application Data\Mozilla\Firefox\Profiles\aiclfcrx.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.482:C:\Documents and Settings\Holly\Application Data\Mozilla\Firefox\Profiles\aiclfcrx.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.483:C:\Documents and Settings\Holly\Application Data\Mozilla\Firefox\Profiles\aiclfcrx.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.827:C:\Documents and Settings\Big Wes\Application Data\Mozilla\Firefox\Profiles\tccigict.default\cookies.txt -> TrackingCookie.Adition : Cleaned.
:mozilla.828:C:\Documents and Settings\Big Wes\Application Data\Mozilla\Firefox\Profiles\tccigict.default\cookies.txt -> TrackingCookie.Adition : Cleaned.
:mozilla.635:C:\Documents and Settings\Holly\Application Data\Mozilla\Firefox\Profiles\aiclfcrx.default\cookies.txt -> TrackingCookie.Adjuggler : Cleaned.
:mozilla.636:C:\Documents and Settings\Holly\Application Data\Mozilla\Firefox\Profiles\aiclfcrx.default\cookies.txt -> TrackingCookie.Adjuggler : Cleaned.
:mozilla.186:C:\Documents and Settings\Big Wes\Application Data\Mozilla\Firefox\Profiles\tccigict.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.187:C:\Documents and Settings\Big Wes\Application Data\Mozilla\Firefox\Profiles\tccigict.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.188:C:\Documents and Settings\Big Wes\Application Data\Mozilla\Firefox\Profiles\tccigict.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.189:C:\Documents and Settings\Big Wes\Application Data\Mozilla\Firefox\Profiles\tccigict.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.190:C:\Documents and Settings\Big Wes\Application Data\Mozilla\Firefox\Profiles\tccigict.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.191:C:\Documents and Settings\Big Wes\Application Data\Mozilla\Firefox\Profiles\tccigict.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.192:C:\Documents and Settings\Big Wes\Application Data\Mozilla\Firefox\Profiles\tccigict.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.193:C:\Documents and Settings\Big Wes\Application Data\Mozilla\Firefox\Profiles\tccigict.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.194:C:\Documents and Settings\Big Wes\Application Data\Mozilla\Firefox\Profiles\tccigict.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.352:C:\Documents and Settings\Holly\Application Data\Mozilla\Firefox\Profiles\aiclfcrx.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.353:C:\Documents and Settings\Holly\Application Data\Mozilla\Firefox\Profiles\aiclfcrx.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.354:C:\Documents and Settings\Holly\Application Data\Mozilla\Firefox\Profiles\aiclfcrx.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.355:C:\Documents and Settings\Holly\Application Data\Mozilla\Firefox\Profiles\aiclfcrx.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.356:C:\Documents and Settings\Holly\Application Data\Mozilla\Firefox\Profiles\aiclfcrx.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.357:C:\Documents and Settings\Holly\Application Data\Mozilla\Firefox\Profiles\aiclfcrx.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.358:C:\Documents and Settings\Holly\Application Data\Mozilla\Firefox\Profiles\aiclfcrx.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.922:C:\Documents and Settings\Holly\Application Data\Mozilla\Firefox\Profiles\aiclfcrx.default\cookies.txt -> TrackingCookie.Adtech : Cleaned.
:mozilla.923:C:\Documents and Settings\Holly\Application Data\Mozilla\Firefox\Profiles\aiclfcrx.default\cookies.txt -> TrackingCookie.Adtech : Cleaned.
:mozilla.132:C:\Documents and Settings\Big Wes\Application Data\Mozilla\Firefox\Profiles\tccigict.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.133:C:\Documents and Settings\Big Wes\Application Data\Mozilla\Firefox\Profiles\tccigict.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.134:C:\Documents and Settings\Big Wes\Application Data\Mozilla\Firefox\Profiles\tccigict.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.135:C:\Documents and Settings\Big Wes\Application Data\Mozilla\Firefox\Profiles\tccigict.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.136:C:\Documents and Settings\Big Wes\Application Data\Mozilla\Firefox\Profiles\tccigict.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.187:C:\Documents and Settings\Holly\Application Data\Mozilla\Firefox\Profiles\aiclfcrx.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.188:C:\Documents and Settings\Holly\Application Data\Mozilla\Firefox\Profiles\aiclfcrx.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.189:C:\Documents and Settings\Holly\Application Data\Mozilla\Firefox\Profiles\aiclfcrx.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.190:C:\Documents and Settings\Holly\Application Data\Mozilla\Firefox\Profiles\aiclfcrx.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.191:C:\Documents and Settings\Holly\Application Data\Mozilla\Firefox\Profiles\aiclfcrx.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.22:C:\Documents and Settings\Khalif\Application Data\Mozilla\Firefox\Profiles\uh89gd0a.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
:mozilla.482:C:\Documents and Settings\Big Wes\Application Data\Mozilla\Firefox\Profiles\tccigict.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
:mozilla.65:C:\Documents and Settings\Big Wes\Application Data\Mozilla\Firefox\Profiles\tccigict.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
:mozilla.97:C:\Documents and Settings\Holly\Application Data\Mozilla\Firefox\Profiles\aiclfcrx.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
C:\Documents and Settings\Big Wes\Application Data\AdwareAlert\Quarantine\29-09-2007-14-42-47\10001.qit -> TrackingCookie.Atdmt : Cleaned.
:mozilla.542:C:\Documents and Settings\Holly\Application Data\Mozilla\Firefox\Profiles\aiclfcrx.default\cookies.txt -> TrackingCookie.Bluestreak : Cleaned.
:mozilla.576:C:\Documents and Settings\Big Wes\Application Data\Mozilla\Firefox\Profiles\tccigict.default\cookies.txt -> TrackingCookie.Bluestreak : Cleaned.
:mozilla.211:C:\Documents and Settings\Holly\Application Data\Mozilla\Firefox\Profiles\aiclfcrx.default\cookies.txt -> TrackingCookie.Bridgetrack : Cleaned.
:mozilla.212:C:\Documents and Settings\Holly\Application Data\Mozilla\Firefox\Profiles\aiclfcrx.default\cookies.txt -> TrackingCookie.Bridgetrack : Cleaned.
:mozilla.566:C:\Documents and Settings\Holly\Application Data\Mozilla\Firefox\Profiles\aiclfcrx.default\cookies.txt -> TrackingCookie.Bridgetrack : Cleaned.
:mozilla.926:C:\Documents and Settings\Big Wes\Application Data\Mozilla\Firefox\Profiles\tccigict.default\cookies.txt -> TrackingCookie.Burstbeacon : Cleaned.
:mozilla.509:C:\Documents and Settings\Holly\Application Data\Mozilla\Firefox\Profiles\aiclfcrx.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.510:C:\Documents and Settings\Holly\Application Data\Mozilla\Firefox\Profiles\aiclfcrx.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.591:C:\Documents and Settings\Big Wes\Application Data\Mozilla\Firefox\Profiles\tccigict.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.592:C:\Documents and Settings\Big Wes\Application Data\Mozilla\Firefox\Profiles\tccigict.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.593:C:\Documents and Settings\Big Wes\Application Data\Mozilla\Firefox\Profiles\tccigict.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.220:C:\Documents and Settings\Holly\Application Data\Mozilla\Firefox\Profiles\aiclfcrx.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.221:C:\Documents and Settings\Holly\Application Data\Mozilla\Firefox\Profiles\aiclfcrx.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.222:C:\Documents and Settings\Holly\Application Data\Mozilla\Firefox\Profiles\aiclfcrx.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.223:C:\Documents and Settings\Holly\Application Data\Mozilla\Firefox\Profiles\aiclfcrx.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.23:C:\Documents and Settings\Khalif\Application Data\Mozilla\Firefox\Profiles\uh89gd0a.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.24:C:\Documents and Settings\Khalif\Application Data\Mozilla\Firefox\Profiles\uh89gd0a.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.25:C:\Documents and Settings\Khalif\Application Data\Mozilla\Firefox\Profiles\uh89gd0a.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.26:C:\Documents and Settings\Khalif\Application Data\Mozilla\Firefox\Profiles\uh89gd0a.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.27:C:\Documents and Settings\Khalif\Application Data\Mozilla\Firefox\Profiles\uh89gd0a.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.318:C:\Documents and Settings\Big Wes\Application Data\Mozilla\Firefox\Profiles\tccigict.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.319:C:\Documents and Settings\Big Wes\Application Data\Mozilla\Firefox\Profiles\tccigict.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.320:C:\Documents and Settings\Big Wes\Application Data\Mozilla\Firefox\Profiles\tccigict.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.321:C:\Documents and Settings\Big Wes\Application Data\Mozilla\Firefox\Profiles\tccigict.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.322:C:\Documents and Settings\Big Wes\Application Data\Mozilla\Firefox\Profiles\tccigict.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.323:C:\Documents and Settings\Big Wes\Application Data\Mozilla\Firefox\Profiles\tccigict.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.324:C:\Documents and Settings\Big Wes\Application Data\Mozilla\Firefox\Profiles\tccigict.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.325:C:\Documents and Settings\Big Wes\Application Data\Mozilla\Firefox\Profiles\tccigict.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.636:C:\Documents and Settings\Big Wes\Application Data\Mozilla\Firefox\Profiles\tccigict.default\cookies.txt -> TrackingCookie.Clickbank : Cleaned.
:mozilla.660:C:\Documents and Settings\Holly\Application Data\Mozilla\Firefox\Profiles\aiclfcrx.default\cookies.txt -> TrackingCookie.Clickbank : Cleaned.
:mozilla.372:C:\Documents and Settings\Big Wes\Application Data\Mozilla\Firefox\Profiles\tccigict.default\cookies.txt -> TrackingCookie.Cnn : Cleaned.
:mozilla.183:C:\Documents and Settings\Holly\Application Data\Mozilla\Firefox\Profiles\aiclfcrx.default\cookies.txt -> TrackingCookie.Com : Cleaned.
:mozilla.712:C:\Documents and Settings\Big Wes\Application Data\Mozilla\Firefox\Profiles\tccigict.default\cookies.txt -> TrackingCookie.Com : Cleaned.
:mozilla.646:C:\Documents and Settings\Holly\Application Data\Mozilla\Firefox\Profiles\aiclfcrx.default\cookies.txt -> TrackingCookie.Connextra : Cleaned.
:mozilla.647:C:\Documents and Settings\Holly\Application Data\Mozilla\Firefox\Profiles\aiclfcrx.default\cookies.txt -> TrackingCookie.Connextra : Cleaned.
:mozilla.648:C:\Documents and Settings\Holly\Application Data\Mozilla\Firefox\Profiles\aiclfcrx.default\cookies.txt -> TrackingCookie.Connextra : Cleaned.
:mozilla.401:C:\Documents and Settings\Big Wes\Application Data\Mozilla\Firefox\Profiles\tccigict.default\cookies.txt -> TrackingCookie.Coremetrics : Cleaned.
:mozilla.580:C:\Documents and Settings\Holly\Application Data\Mozilla\Firefox\Profiles\aiclfcrx.default\cookies.txt -> TrackingCookie.Coremetrics : Cleaned.
:mozilla.921:C:\Documents and Settings\Holly\Application Data\Mozilla\Firefox\Profiles\aiclfcrx.default\cookies.txt -> TrackingCookie.Coremetrics : Cleaned.
:mozilla.517:C:\Documents and Settings\Big Wes\Application Data\Mozilla\Firefox\Profiles\tccigict.default\cookies.txt -> TrackingCookie.Counted : Cleaned.
:mozilla.20:C:\Documents and Settings\Khalif\Application Data\Mozilla\Firefox\Profiles\uh89gd0a.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.24:C:\Documents and Settings\Holly\Application Data\Mozilla\Firefox\Profiles\aiclfcrx.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.61:C:\Documents and Settings\Big Wes\Application Data\Mozilla\Firefox\Profiles\tccigict.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.751:C:\Documents and Settings\Holly\Application Data\Mozilla\Firefox\Profiles\aiclfcrx.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.771:C:\Documents and Settings\Holly\Application Data\Mozilla\Firefox\Profiles\aiclfcrx.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.
C:\Documents and Settings\Big Wes\Application Data\AdwareAlert\Quarantine\26-09-2007-18-11-30\10000.qit -> TrackingCookie.Doubleclick : Cleaned.
C:\Documents and Settings\Big Wes\Application Data\AdwareAlert\Quarantine\29-09-2007-14-42-47\10002.qit -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.204:C:\Documents and Settings\Holly\Application Data\Mozilla\Firefox\Profiles\aiclfcrx.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.205:C:\Documents and Settings\Holly\Application Data\Mozilla\Firefox\Profiles\aiclfcrx.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.803:C:\Documents and Settings\Holly\Application Data\Mozilla\Firefox\Profiles\aiclfcrx.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.201:C:\Documents and Settings\Big Wes\Application Data\Mozilla\Firefox\Profiles\tccigict.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.202:C:\Documents and Settings\Big Wes\Application Data\Mozilla\Firefox\Profiles\tccigict.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.203:C:\Documents and Settings\Big Wes\Application Data\Mozilla\Firefox\Profiles\tccigict.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.204:C:\Documents and Settings\Big Wes\Application Data\Mozilla\Firefox\Profiles\tccigict.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.205:C:\Documents and Settings\Big Wes\Application Data\Mozilla\Firefox\Profiles\tccigict.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.206:C:\Documents and Settings\Big Wes\Application Data\Mozilla\Firefox\Profiles\tccigict.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.207:C:\Documents and Settings\Big Wes\Application Data\Mozilla\Firefox\Profiles\tccigict.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.208:C:\Documents and Settings\Big Wes\Application Data\Mozilla\Firefox\Profiles\tccigict.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.209:C:\Documents and Settings\Big Wes\Application Data\Mozilla\Firefox\Profiles\tccigict.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.210:C:\Documents and Settings\Big Wes\Application Data\Mozilla\Firefox\Profiles\tccigict.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.402:C:\Documents and Settings\Holly\Application Data\Mozilla\Firefox\Profiles\aiclfcrx.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.403:C:\Documents and Settings\Holly\Application Data\Mozilla\Firefox\Profiles\aiclfcrx.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.404:C:\Documents and Settings\Holly\Application Data\Mozilla\Firefox\Profiles\aiclfcrx.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.635:C:\Documents and Settings\Big Wes\Application Data\Mozilla\Firefox\Profiles\tccigict.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.13:C:\Documents and Settings\Holly\Application Data\Mozilla\Firefox\Profiles\aiclfcrx.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.423:C:\Documents and Settings\Holly\Application Data\Mozilla\Firefox\Profiles\aiclfcrx.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.511:C:\Documents and Settings\Holly\Application Data\Mozilla\Firefox\Profiles\aiclfcrx.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.547:C:\Documents and Settings\Holly\Application Data\Mozilla\Firefox\Profiles\aiclfcrx.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.548:C:\Documents and Settings\Holly\Application Data\Mozilla\Firefox\Profiles\aiclfcrx.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.549:C:\Documents and Settings\Holly\Application Data\Mozilla\Firefox\Profiles\aiclfcrx.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.550:C:\Documents and Settings\Holly\Application Data\Mozilla\Firefox\Profiles\aiclfcrx.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.551:C:\Documents and Settings\Holly\Application Data\Mozilla\Firefox\Profiles\aiclfcrx.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.552:C:\Documents and Settings\Holly\Application Data\Mozilla\Firefox\Profiles\aiclfcrx.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.801:C:\Documents and Settings\Holly\Application Data\Mozilla\Firefox\Profiles\aiclfcrx.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.886:C:\Documents and Settings\Holly\Application Data\Mozilla\Firefox\Profiles\aiclfcrx.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.887:C:\Documents and Settings\Holly\Application Data\Mozilla\Firefox\Profiles\aiclfcrx.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.888:C:\Documents and Settings\Holly\Application Data\Mozilla\Firefox\Profiles\aiclfcrx.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.889:C:\Documents and Settings\Holly\Application Data\Mozilla\Firefox\Profiles\aiclfcrx.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.890:C:\Documents and Settings\Holly\Application Data\Mozilla\Firefox\Profiles\aiclfcrx.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.901:C:\Documents and Settings\Holly\Application Data\Mozilla\Firefox\Profiles\aiclfcrx.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.902:C:\Documents and Settings\Holly\Application Data\Mozilla\Firefox\Profiles\aiclfcrx.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.904:C:\Documents and Settings\Holly\Application Data\Mozilla\Firefox\Profiles\aiclfcrx.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\Big Wes\Application Data\AdwareAlert\Quarantine\29-09-2007-14-42-47\10003.qit -> TrackingCookie.Hitbox : Cleaned.
:mozilla.425:C:\Documents and Settings\Big Wes\Application Data\Mozilla\Firefox\Profiles\tccigict.default\cookies.txt -> TrackingCookie.Hitslink : Cleaned.
:mozilla.565:C:\Documents and Settings\Holly\Application Data\Mozilla\Firefox\Profiles\aiclfcrx.default\cookies.txt -> TrackingCookie.Hitslink : Cleaned.
:mozilla.464:C:\Documents and Settings\Big Wes\Application Data\Mozilla\Firefox\Profiles\tccigict.default\cookies.txt -> TrackingCookie.Imrworldwide : Cleaned.
:mozilla.465:C:\Documents and Settings\Big Wes\Application Data\Mozilla\Firefox\Profiles\tccigict.default\cookies.txt -> TrackingCookie.Imrworldwide : Cleaned.
:mozilla.568:C:\Documents and Settings\Holly\Application Data\Mozilla\Firefox\Profiles\aiclfcrx.default\cookies.txt -> TrackingCookie.Imrworldwide : Cleaned.
:mozilla.569:C:\Documents and Settings\Holly\Application Data\Mozilla\Firefox\Profiles\aiclfcrx.default\cookies.txt -> TrackingCookie.Imrworldwide : Cleaned.
:mozilla.315:C:\Documents and Settings\Holly\Application Data\Mozilla\Firefox\Profiles\aiclfcrx.default\cookies.txt -> TrackingCookie.Information : Cleaned.
:mozilla.874:C:\Documents and Settings\Big Wes\Application Data\Mozilla\Firefox\Profiles\tccigict.default\cookies.txt -> TrackingCookie.Intelli-direct : Cleaned.
:mozilla.554:C:\Documents and Settings\Big Wes\Application Data\Mozilla\Firefox\Profiles\tccigict.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.555:C:\Documents and Settings\Big Wes\Application Data\Mozilla\Firefox\Profiles\tccigict.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.578:C:\Documents and Settings\Holly\Application Data\Mozilla\Firefox\Profiles\aiclfcrx.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.579:C:\Documents and Settings\Holly\Application Data\Mozilla\Firefox\Profiles\aiclfcrx.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.643:C:\Documents and Settings\Holly\Application Data\Mozilla\Firefox\Profiles\aiclfcrx.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.644:C:\Documents and Settings\Holly\Application Data\Mozilla\Firefox\Profiles\aiclfcrx.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.645:C:\Documents and Settings\Holly\Application Data\Mozilla\Firefox\Profiles\aiclfcrx.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.467:C:\Documents and Settings\Holly\Application Data\Mozilla\Firefox\Profiles\aiclfcrx.default\cookies.txt -> TrackingCookie.Masterstats : Cleaned.
:mozilla.216:C:\Documents and Settings\Holly\Application Data\Mozilla\Firefox\Profiles\aiclfcrx.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.217:C:\Documents and Settings\Holly\Application Data\Mozilla\Firefox\Profiles\aiclfcrx.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.283:C:\Documents and Settings\Big Wes\Application Data\Mozilla\Firefox\Profiles\tccigict.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.284:C:\Documents and Settings\Big Wes\Application Data\Mozilla\Firefox\Profiles\tccigict.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.12:C:\Documents and Settings\Big Wes\Application Data\Mozilla\Firefox\Profiles\tccigict.default\cookies.txt -> TrackingCookie.Netflame : Cleaned.
:mozilla.13:C:\Documents and Settings\Big Wes\Application Data\Mozilla\Firefox\Profiles\tccigict.default\cookies.txt -> TrackingCookie.Netflame : Cleaned.
:mozilla.688:C:\Documents and Settings\Holly\Application Data\Mozilla\Firefox\Profiles\aiclfcrx.default\cookies.txt -> TrackingCookie.Onestat : Cleaned.
:mozilla.689:C:\Documents and Settings\Holly\Application Data\Mozilla\Firefox\Profiles\aiclfcrx.default\cookies.txt -> TrackingCookie.Onestat : Cleaned.
:mozilla.343:C:\Documents and Settings\Holly\Application Data\Mozilla\Firefox\Profiles\aiclfcrx.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.420:C:\Documents and Settings\Big Wes\Application Data\Mozilla\Firefox\Profiles\tccigict.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.421:C:\Documents and Settings\Big Wes\Application Data\Mozilla\Firefox\Profiles\tccigict.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.631:C:\Documents and Settings\Holly\Application Data\Mozilla\Firefox\Profiles\aiclfcrx.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.218:C:\Documents and Settings\Big Wes\Application Data\Mozilla\Firefox\Profiles\tccigict.default\cookies.txt -> TrackingCookie.Paypal : Cleaned.
:mozilla.319:C:\Documents and Settings\Holly\Application Data\Mozilla\Firefox\Profiles\aiclfcrx.default\cookies.txt -> TrackingCookie.Paypal : Cleaned.
:mozilla.405:C:\Documents and Settings\Big Wes\Application Data\Mozilla\Firefox\Profiles\tccigict.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.406:C:\Documents and Settings\Big Wes\Application Data\Mozilla\Firefox\Profiles\tccigict.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.407:C:\Documents and Settings\Big Wes\Application Data\Mozilla\Firefox\Profiles\tccigict.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.408:C:\Documents and Settings\Big Wes\Application Data\Mozilla\Firefox\Profiles\tccigict.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.409:C:\Documents and Settings\Big Wes\Application Data\Mozilla\Firefox\Profiles\tccigict.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.410:C:\Documents and Settings\Big Wes\Application Data\Mozilla\Firefox\Profiles\tccigict.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.411:C:\Documents and Settings\Big Wes\Application Data\Mozilla\Firefox\Profiles\tccigict.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.412:C:\Documents and Settings\Big Wes\Application Data\Mozilla\Firefox\Profiles\tccigict.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.413:C:\Documents and Settings\Big Wes\Application Data\Mozilla\Firefox\Profiles\tccigict.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.454:C:\Documents and Settings\Holly\Application Data\Mozilla\Firefox\Profiles\aiclfcrx.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.455:C:\Documents and Settings\Holly\Application Data\Mozilla\Firefox\Profiles\aiclfcrx.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.456:C:\Documents and Settings\Holly\Application Data\Mozilla\Firefox\Profiles\aiclfcrx.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.457:C:\Documents and Settings\Holly\Application Data\Mozilla\Firefox\Profiles\aiclfcrx.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.458:C:\Documents and Settings\Holly\Application Data\Mozilla\Firefox\Profiles\aiclfcrx.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.459:C:\Documents and Settings\Holly\Application Data\Mozilla\Firefox\Profiles\aiclfcrx.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.460:C:\Documents and Settings\Holly\Application Data\Mozilla\Firefox\Profiles\aiclfcrx.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.461:C:\Documents and Settings\Holly\Application Data\Mozilla\Firefox\Profiles\aiclfcrx.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.462:C:\Documents and Settings\Holly\Application Data\Mozilla\Firefox\Profiles\aiclfcrx.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.100:C:\Documents and Settings\Holly\Application Data\Mozilla\Firefox\Profiles\aiclfcrx.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.274:C:\Documents and Settings\Big Wes\Application Data\Mozilla\Firefox\Profiles\tccigict.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.275:C:\Documents and Settings\Big Wes\Application Data\Mozilla\Firefox\Profiles\tccigict.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.99:C:\Documents and Settings\Holly\Application Data\Mozilla\Firefox\Profiles\aiclfcrx.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.327:C:\Documents and Settings\Holly\Application Data\Mozilla\Firefox\Profiles\aiclfcrx.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.328:C:\Documents and Settings\Holly\Application Data\Mozilla\Firefox\Profiles\aiclfcrx.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.329:C:\Documents and Settings\Holly\Application Data\Mozilla\Firefox\Profiles\aiclfcrx.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.330:C:\Documents and Settings\Holly\Application Data\Mozilla\Firefox\Profiles\aiclfcrx.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.331:C:\Documents and Settings\Big Wes\Application Data\Mozilla\Firefox\Profiles\tccigict.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.331:C:\Documents and Settings\Holly\Application Data\Mozilla\Firefox\Profiles\aiclfcrx.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.332:C:\Documents and Settings\Holly\Application Data\Mozilla\Firefox\Profiles\aiclfcrx.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.333:C:\Documents and Settings\Holly\Application Data\Mozilla\Firefox\Profiles\aiclfcrx.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.349:C:\Documents and Settings\Big Wes\Application Data\Mozilla\Firefox\Profiles\tccigict.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.350:C:\Documents and Settings\Big Wes\Application Data\Mozilla\Firefox\Profiles\tccigict.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.351:C:\Documents and Settings\Big Wes\Application Data\Mozilla\Firefox\Profiles\tccigict.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.352:C:\Documents and Settings\Big Wes\Application Data\Mozilla\Firefox\Profiles\tccigict.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.358:C:\Documents and Settings\Big Wes\Application Data\Mozilla\Firefox\Profiles\tccigict.default\cookies.txt -> TrackingCookie.Realtracker : Cleaned.
:mozilla.111:C:\Documents and Settings\Holly\Application Data\Mozilla\Firefox\Profiles\aiclfcrx.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.112:C:\Documents and Settings\Holly\Application Data\Mozilla\Firefox\Profiles\aiclfcrx.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.113:C:\Documents and Settings\Holly\Application Data\Mozilla\Firefox\Profiles\aiclfcrx.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.114:C:\Documents and Settings\Holly\Application Data\Mozilla\Firefox\Profiles\aiclfcrx.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.115:C:\Documents and Settings\Holly\Application Data\Mozilla\Firefox\Profiles\aiclfcrx.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.116:C:\Documents and Settings\Holly\Application Data\Mozilla\Firefox\Profiles\aiclfcrx.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.117:C:\Documents and Settings\Holly\Application Data\Mozilla\Firefox\Profiles\aiclfcrx.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.118:C:\Documents and Settings\Holly\Application Data\Mozilla\Firefox\Profiles\aiclfcrx.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.601:C:\Documents and Settings\Big Wes\Application Data\Mozilla\Firefox\Profiles\tccigict.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.602:C:\Documents and Settings\Big Wes\Application Data\Mozilla\Firefox\Profiles\tccigict.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.603:C:\Documents and Settings\Big Wes\Application Data\Mozilla\Firefox\Profiles\tccigict.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.604:C:\Documents and Settings\Big Wes\Application Data\Mozilla\Firefox\Profiles\tccigict.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.605:C:\Documents and Settings\Big Wes\Application Data\Mozilla\Firefox\Profiles\tccigict.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.606:C:\Documents and Settings\Big Wes\Application Data\Mozilla\Firefox\Profiles\tccigict.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.612:C:\Documents and Settings\Big Wes\Application Data\Mozilla\Firefox\Profiles\tccigict.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.614:C:\Documents and Settings\Big Wes\Application Data\Mozilla\Firefox\Profiles\tccigict.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.794:C:\Documents and Settings\Holly\Application Data\Mozilla\Firefox\Profiles\aiclfcrx.default\cookies.txt -> TrackingCookie.Revenue : Cleaned.
:mozilla.228:C:\Documents and Settings\Big Wes\Application Data\Mozilla\Firefox\Profiles\tccigict.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.229:C:\Documents and Settings\Big Wes\Application Data\Mozilla\Firefox\Profiles\tccigict.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.230:C:\Documents and Settings\Big Wes\Application Data\Mozilla\Firefox\Profiles\tccigict.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.231:C:\Documents and Settings\Big Wes\Application Data\Mozilla\Firefox\Profiles\tccigict.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.232:C:\Documents and Settings\Big Wes\Application Data\Mozilla\Firefox\Profiles\tccigict.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.233:C:\Documents and Settings\Big Wes\Application Data\Mozilla\Firefox\Profiles\tccigict.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.52:C:\Documents and Settings\Holly\Application Data\Mozilla\Firefox\Profiles\aiclfcrx.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.532:C:\Documents and Settings\Holly\Application Data\Mozilla\Firefox\Profiles\aiclfcrx.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.53:C:\Documents and Settings\Holly\Application Data\Mozilla\Firefox\Profiles\aiclfcrx.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.54:C:\Documents and Settings\Holly\Application Data\Mozilla\Firefox\Profiles\aiclfcrx.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.55:C:\Documents and Settings\Holly\Application Data\Mozilla\Firefox\Profiles\aiclfcrx.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.56:C:\Documents and Settings\Holly\Application Data\Mozilla\Firefox\Profiles\aiclfcrx.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.57:C:\Documents and Settings\Holly\Application Data\Mozilla\Firefox\Profiles\aiclfcrx.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.58:C:\Documents and Settings\Holly\Application Data\Mozilla\Firefox\Profiles\aiclfcrx.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.600:C:\Documents and Settings\Big Wes\Application Data\Mozilla\Firefox\Profiles\tccigict.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.399:C:\Documents and Settings\Holly\Application Data\Mozilla\Firefox\Profiles\aiclfcrx.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.400:C:\Documents and Settings\Holly\Application Data\Mozilla\Firefox\Profiles\aiclfcrx.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.401:C:\Documents and Settings\Holly\Application Data\Mozilla\Firefox\Profiles\aiclfcrx.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.594:C:\Documents and Settings\Big Wes\Application Data\Mozilla\Firefox\Profiles\tccigict.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.595:C:\Documents and Settings\Big Wes\Application Data\Mozilla\Firefox\Profiles\tccigict.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.148:C:\Documents and Settings\Big Wes\Application Data\Mozilla\Firefox\Profiles\tccigict.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.149:C:\Documents and Settings\Big Wes\Application Data\Mozilla\Firefox\Profiles\tccigict.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.150:C:\Documents and Settings\Big Wes\Application Data\Mozilla\Firefox\Profiles\tccigict.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.151:C:\Documents and Settings\Big Wes\Application Data\Mozilla\Firefox\Profiles\tccigict.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.152:C:\Documents and Settings\Big Wes\Application Data\Mozilla\Firefox\Profiles\tccigict.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.153:C:\Documents and Settings\Big Wes\Application Data\Mozilla\Firefox\Profiles\tccigict.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.177:C:\Documents and Settings\Holly\Application Data\Mozilla\Firefox\Profiles\aiclfcrx.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.178:C:\Documents and Settings\Holly\Application Data\Mozilla\Firefox\Profiles\aiclfcrx.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.179:C:\Documents and Settings\Holly\Application Data\Mozilla\Firefox\Profiles\aiclfcrx.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.180:C:\Documents and Settings\Holly\Application Data\Mozilla\Firefox\Profiles\aiclfcrx.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.181:C:\Documents and Settings\Holly\Application Data\Mozilla\Firefox\Profiles\aiclfcrx.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.182:C:\Documents and Settings\Holly\Application Data\Mozilla\Firefox\Profiles\aiclfcrx.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.783:C:\Documents and Settings\Holly\Application Data\Mozilla\Firefox\Profiles\aiclfcrx.default\cookies.txt -> TrackingCookie.Spylog : Cleaned.
:mozilla.214:C:\Documents and Settings\Big Wes\Application Data\Mozilla\Firefox\Profiles\tccigict.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.215:C:\Documents and Settings\Big Wes\Application Data\Mozilla\Firefox\Profiles\tccigict.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.216:C:\Documents and Settings\Big Wes\Application Data\Mozilla\Firefox\Profiles\tccigict.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.295:C:\Documents and Settings\Holly\Application Data\Mozilla\Firefox\Profiles\aiclfcrx.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.296:C:\Documents and Settings\Holly\Application Data\Mozilla\Firefox\Profiles\aiclfcrx.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.297:C:\Documents and Settings\Holly\Application Data\Mozilla\Firefox\Profiles\aiclfcrx.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.298:C:\Documents and Settings\Holly\Application Data\Mozilla\Firefox\Profiles\aiclfcrx.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.299:C:\Documents and Settings\Holly\Application Data\Mozilla\Firefox\Profiles\aiclfcrx.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.300:C:\Documents and Settings\Holly\Application Data\Mozilla\Firefox\Profiles\aiclfcrx.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.301:C:\Documents and Settings\Holly\Application Data\Mozilla\Firefox\Profiles\aiclfcrx.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.302:C:\Documents and Settings\Holly\Application Data\Mozilla\Firefox\Profiles\aiclfcrx.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.303:C:\Documents and Settings\Holly\Application Data\Mozilla\Firefox\Profiles\aiclfcrx.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.304:C:\Documents and Settings\Holly\Application Data\Mozilla\Firefox\Profiles\aiclfcrx.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.305:C:\Documents and Settings\Holly\Application Data\Mozilla\Firefox\Profiles\aiclfcrx.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.306:C:\Documents and Settings\Holly\Application Data\Mozilla\Firefox\Profiles\aiclfcrx.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.307:C:\Documents and Settings\Holly\Application Data\Mozilla\Firefox\Profiles\aiclfcrx.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.308:C:\Documents and Settings\Holly\Application Data\Mozilla\Firefox\Profiles\aiclfcrx.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.309:C:\Documents and Settings\Holly\Application Data\Mozilla\Firefox\Profiles\aiclfcrx.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.310:C:\Documents and Settings\Holly\Application Data\Mozilla\Firefox\Profiles\aiclfcrx.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.311:C:\Documents and Settings\Holly\Application Data\Mozilla\Firefox\Profiles\aiclfcrx.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.25:C:\Documents and Settings\Holly\Application Data\Mozilla\Firefox\Profiles\aiclfcrx.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.31:C:\Documents and Settings\Holly\Application Data\Mozilla\Firefox\Profiles\aiclfcrx.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.32:C:\Documents and Settings\Holly\Application Data\Mozilla\Firefox\Profiles\aiclfcrx.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.33:C:\Documents and Settings\Holly\Application Data\Mozilla\Firefox\Profiles\aiclfcrx.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.34:C:\Documents and Settings\Holly\Application Data\Mozilla\Firefox\Profiles\aiclfcrx.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.35:C:\Documents and Settings\Holly\Application Data\Mozilla\Firefox\Profiles\aiclfcrx.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.53:C:\Documents and Settings\Big Wes\Application Data\Mozilla\Firefox\Profiles\tccigict.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.54:C:\Documents and Settings\Big Wes\Application Data\Mozilla\Firefox\Profiles\tccigict.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.55:C:\Documents and Settings\Big Wes\Application Data\Mozilla\Firefox\Profiles\tccigict.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.56:C:\Documents and Settings\Big Wes\Application Data\Mozilla\Firefox\Profiles\tccigict.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.57:C:\Documents and Settings\Big Wes\Application Data\Mozilla\Firefox\Profiles\tccigict.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.64:C:\Documents and Settings\Big Wes\Application Data\Mozilla\Firefox\Profiles\tccigict.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.66:C:\Documents and Settings\Big Wes\Application Data\Mozilla\Firefox\Profiles\tccigict.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.72:C:\Documents and Settings\Holly\Application Data\Mozilla\Firefox\Profiles\aiclfcrx.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.73:C:\Documents and Settings\Holly\Application Data\Mozilla\Firefox\Profiles\aiclfcrx.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.750:C:\Documents and Settings\Holly\Application Data\Mozilla\Firefox\Profiles\aiclfcrx.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned.
:mozilla.261:C:\Documents and Settings\Holly\Application Data\Mozilla\Firefox\Profiles\aiclfcrx.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.262:C:\Documents and Settings\Holly\Application Data\Mozilla\Firefox\Profiles\aiclfcrx.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.263:C:\Documents and Settings\Holly\Application Data\Mozilla\Firefox\Profiles\aiclfcrx.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.332:C:\Documents and Settings\Big Wes\Application Data\Mozilla\Firefox\Profiles\tccigict.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.335:C:\Documents and Settings\Big Wes\Application Data\Mozilla\Firefox\Profiles\tccigict.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.336:C:\Documents and Settings\Big Wes\Application Data\Mozilla\Firefox\Profiles\tccigict.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.337:C:\Documents and Settings\Big Wes\Application Data\Mozilla\Firefox\Profiles\tccigict.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.338:C:\Documents and Settings\Big Wes\Application Data\Mozilla\Firefox\Profiles\tccigict.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.340:C:\Documents and Settings\Big Wes\Application Data\Mozilla\Firefox\Profiles\tccigict.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.341:C:\Documents and Settings\Big Wes\Application Data\Mozilla\Firefox\Profiles\tccigict.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.342:C:\Documents and Settings\Big Wes\Application Data\Mozilla\Firefox\Profiles\tccigict.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.343:C:\Documents and Settings\Big Wes\Application Data\Mozilla\Firefox\Profiles\tccigict.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.344:C:\Documents and Settings\Big Wes\Application Data\Mozilla\Firefox\Profiles\tccigict.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.345:C:\Documents and Settings\Big Wes\Application Data\Mozilla\Firefox\Profiles\tccigict.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.346:C:\Documents and Settings\Big Wes\Application Data\Mozilla\Firefox\Profiles\tccigict.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.347:C:\Documents and Settings\Big Wes\Application Data\Mozilla\Firefox\Profiles\tccigict.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.348:C:\Documents and Settings\Big Wes\Application Data\Mozilla\Firefox\Profiles\tccigict.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.138:C:\Documents and Settings\Big Wes\Application Data\Mozilla\Firefox\Profiles\tccigict.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.21:C:\Documents and Settings\Khalif\Application Data\Mozilla\Firefox\Profiles\uh89gd0a.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.96:C:\Documents and Settings\Holly\Application Data\Mozilla\Firefox\Profiles\aiclfcrx.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
C:\Documents and Settings\Big Wes\Application Data\AdwareAlert\Quarantine\29-09-2007-14-42-47\10006.qit -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.605:C:\Documents and Settings\Holly\Application Data\Mozilla\Firefox\Profiles\aiclfcrx.default\cookies.txt -> TrackingCookie.Valuead : Cleaned.
:mozilla.606:C:\Documents and Settings\Holly\Application Data\Mozilla\Firefox\Profiles\aiclfcrx.default\cookies.txt -> TrackingCookie.Valuead : Cleaned.
:mozilla.607:C:\Documents and Settings\Holly\Application Data\Mozilla\Firefox\Profiles\aiclfcrx.default\cookies.txt -> TrackingCookie.Valuead : Cleaned.
:mozilla.608:C:\Documents and Settings\Holly\Application Data\Mozilla\Firefox\Profiles\aiclfcrx.default\cookies.txt -> TrackingCookie.Valuead : Cleaned.
:mozilla.609:C:\Documents and Settings\Holly\Application Data\Mozilla\Firefox\Profiles\aiclfcrx.default\cookies.txt -> TrackingCookie.Valuead : Cleaned.
:mozilla.610:C:\Documents and Settings\Holly\Application Data\Mozilla\Firefox\Profiles\aiclfcrx.default\cookies.txt -> TrackingCookie.Valuead : Cleaned.
:mozilla.901:C:\Documents and Settings\Big Wes\Application Data\Mozilla\Firefox\Profiles\tccigict.default\cookies.txt -> TrackingCookie.Valuead : Cleaned.
:mozilla.468:C:\Documents and Settings\Holly\Application Data\Mozilla\Firefox\Profiles\aiclfcrx.default\cookies.txt -> TrackingCookie.Webtrends : Cleaned.
:mozilla.588:C:\Documents and Settings\Big Wes\Application Data\Mozilla\Firefox\Profiles\tccigict.default\cookies.txt -> TrackingCookie.Webtrends : Cleaned.
:mozilla.14:C:\Documents and Settings\Big Wes\Application Data\Mozilla\Firefox\Profiles\tccigict.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned.
:mozilla.907:C:\Documents and Settings\Holly\Application Data\Mozilla\Firefox\Profiles\aiclfcrx.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned.
:mozilla.782:C:\Documents and Settings\Holly\Application Data\Mozilla\Firefox\Profiles\aiclfcrx.default\cookies.txt -> TrackingCookie.Yadro : Cleaned.
:mozilla.234:C:\Documents and Settings\Big Wes\Application Data\Mozilla\Firefox\Profiles\tccigict.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.235:C:\Documents and Settings\Big Wes\Application Data\Mozilla\Firefox\Profiles\tccigict.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.236:C:\Documents and Settings\Big Wes\Application Data\Mozilla\Firefox\Profiles\tccigict.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.237:C:\Documents and Settings\Big Wes\Application Data\Mozilla\Firefox\Profiles\tccigict.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.238:C:\Documents and Settings\Big Wes\Application Data\Mozilla\Firefox\Profiles\tccigict.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.239:C:\Documents and Settings\Big Wes\Application Data\Mozilla\Firefox\Profiles\tccigict.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.239:C:\Documents and Settings\Holly\Application Data\Mozilla\Firefox\Profiles\aiclfcrx.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.240:C:\Documents and Settings\Big Wes\Application Data\Mozilla\Firefox\Profiles\tccigict.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.240:C:\Documents and Settings\Holly\Application Data\Mozilla\Firefox\Profiles\aiclfcrx.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.241:C:\Documents and Settings\Holly\Application Data\Mozilla\Firefox\Profiles\aiclfcrx.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.596:C:\Documents and Settings\Big Wes\Application Data\Mozilla\Firefox\Profiles\tccigict.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.597:C:\Documents and Settings\Big Wes\Application Data\Mozilla\Firefox\Profiles\tccigict.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.598:C:\Documents and Settings\Big Wes\Application Data\Mozilla\Firefox\Profiles\tccigict.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.599:C:\Documents and Settings\Big Wes\Application Data\Mozilla\Firefox\Profiles\tccigict.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.602:C:\Documents and Settings\Holly\Application Data\Mozilla\Firefox\Profiles\aiclfcrx.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.603:C:\Documents and Settings\Holly\Application Data\Mozilla\Firefox\Profiles\aiclfcrx.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.604:C:\Documents and Settings\Holly\Application Data\Mozilla\Firefox\Profiles\aiclfcrx.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.


::Report end

Hijack This Report

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:25:13 AM, on 9/30/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\$sys$filesystem\$sys$DRMServer.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\CDProxyServ.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\System32\GEARSec.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\McAfee\MPF\MPFSrv.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Norton Ghost\Agent\GhostTray.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Norton Ghost\Agent\VProSvc.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
C:\Program Files\Dell Photo AIO Printer 964\dlcjmon.exe
C:\Program Files\Dell Photo AIO Printer 964\memcard.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
C:\Program Files\inKline Global\PC Booster\pcbooster.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\SiteAdvisor\6172\SAService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\SiteAdvisor\6172\SiteAdv.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe
C:\Program Files\AdwareAlert\AdwareAlert.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\WINDOWS\system32\dlcjcoms.exe
c:\program files\common files\installshield\updateservice\isuspm.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/def ... earch.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6172\SiteAdv.dll
O2 - BHO: McAfee AntiPhishing Filter - {41D68ED8-4CFF-4115-88A6-6EBB8AF19000} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptcl.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\Program Files\BAE\BAE.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program
Piankhi
Regular Member
 
Posts: 24
Joined: September 25th, 2007, 8:14 pm

Unread postby beynac » September 30th, 2007, 8:35 am

Hi.
OT Moveit didn't create a log it said zero items found.

That's surprising. If they're not there, I don't know what deleted them. Did you run OTMoveIt more than once? Your HijackThis log got cut off. In the circumstances, I would like you to run ComboFix again, so that I can see what is going on.

----------------------------------------

Please delete your copy of ComboFix and download the latest version.

ComboFix by sUBs
  • Download this file - ComboFix.exe
  • Close all open windows.
  • Double click ComboFix.exe and follow the prompts.
  • When finished, it will produce a log for you. Please post that log in your next reply
Important: Do not mouseclick ComboFix's window whilst it's running. That may cause it to stall

If necessary, please split the log into separate posts to ensure that they don't get cut off. It is important that I see the full log.

Note: ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.

----------------------------------------

Please post the following, as a reply to this thread.
  • The ComboFix log
  • A new HijackThis log
User avatar
beynac
MRU Honors Grad Emeritus
 
Posts: 1638
Joined: February 14th, 2006, 12:14 pm
Location: Norwich, England

Unread postby Piankhi » September 30th, 2007, 12:31 pm

My internet explorer looks different than it did before. It has no colors on the main screen and the links are also awkward though they still work...

Here is the HJT Log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:29:56 PM, on 9/30/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\$sys$filesystem\$sys$DRMServer.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\CDProxyServ.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\System32\GEARSec.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Norton Ghost\Agent\VProSvc.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Norton Ghost\Agent\GhostTray.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\SiteAdvisor\6172\SAService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
C:\Program Files\Dell Photo AIO Printer 964\dlcjmon.exe
C:\Program Files\Dell Photo AIO Printer 964\memcard.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
C:\Program Files\inKline Global\PC Booster\pcbooster.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\SiteAdvisor\6172\SiteAdv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe
C:\Program Files\AdwareAlert\AdwareAlert.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\dlcjcoms.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/def ... earch.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6172\SiteAdv.dll
O2 - BHO: McAfee AntiPhishing Filter - {41D68ED8-4CFF-4115-88A6-6EBB8AF19000} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptcl.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\Program Files\BAE\BAE.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6172\SiteAdv.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Norton Ghost 10.0] "C:\Program Files\Norton Ghost\Agent\GhostTray.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe /startup
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
O4 - HKLM\..\Run: [DLCJCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCJtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [dlcjmon.exe] "C:\Program Files\Dell Photo AIO Printer 964\dlcjmon.exe"
O4 - HKLM\..\Run: [MemoryCardManager] "C:\Program Files\Dell Photo AIO Printer 964\memcard.exe"
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [ComcastSUPPORT] C:\Program Files\Support.com\bin\tgkill.exe /cleaneahtioga /start
O4 - HKLM\..\Run: [MMTray] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe"
O4 - HKLM\..\Run: [PC Booster] C:\Program Files\inKline Global\PC Booster\pcbooster.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6172\SiteAdv.exe
O4 - HKLM\..\Run: [AAWTray] C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [DW4] "C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe"
O4 - HKCU\..\Run: [AdwareAlert] C:\Program Files\AdwareAlert\AdwareAlert.exe -boot
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: (no name) - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O9 - Extra 'Tools' menuitem: McAfee AntiPhishing Filter - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Support - {5ADBB9A5-0C6C-449D-8665-18DEDCF0815C} - http://www.comcastsupport.com (file missing) (HKCU)
O9 - Extra button: ComcastHSI - {776590E3-E488-4B9F-93AB-EC10A11C85F9} - http://www.comcast.net (file missing) (HKCU)
O9 - Extra button: Help - {87B9AD9D-4B79-4582-9F48-77A2BC78139D} - http://www.comcast.net/memberservices/ (file missing) (HKCU)
O14 - IERESET.INF: START_PAGE_URL=http://www.comcast.net
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/share ... insctl.cab
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Plug and Play Device Manager ($sys$DRMServer) - First 4 Internet Ltd - C:\WINDOWS\system32\$sys$filesystem\$sys$DRMServer.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: XCP CD Proxy (CD_Proxy) - Unknown owner - C:\WINDOWS\CDProxyServ.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: dlcj_device - Unknown owner - C:\WINDOWS\system32\dlcjcoms.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Norton Ghost\Agent\VProSvc.exe
O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6172\SAService.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

--
End of file - 14713 bytes
Piankhi
Regular Member
 
Posts: 24
Joined: September 25th, 2007, 8:14 pm

Unread postby Piankhi » September 30th, 2007, 12:32 pm

Combo Fix log:

ComboFix 07-09-21.2 - "Big Wes" 2007-09-30 12:22:57.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1326 [GMT -4:00]
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\cookies.ini

.
((((((((((((((((((((((((( Files Created from 2007-08-28 to 2007-09-30 )))))))))))))))))))))))))))))))
.

2007-09-30 00:19 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-09-29 14:07 24,576 --a------ C:\WINDOWS\system32\VundoFixSVC.exe
2007-09-29 13:59 <DIR> d-------- C:\VundoFix Backups
2007-09-28 13:47 <DIR> d-------- C:\Program Files\Trend Micro
2007-09-28 12:59 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-09-25 19:06 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2007-09-25 19:06 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-09-25 19:06 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\SUPERAntiSpyware.com
2007-09-25 17:58 <DIR> d-------- C:\Program Files\AdwareAlert
2007-09-24 17:39 85,056 --a------ C:\WINDOWS\system32\wshqpxkd.dll
2007-09-24 17:36 2,013,704 ---hs---- C:\WINDOWS\system32\bccdd.bak2
2007-09-23 21:45 2,004,676 --ahs---- C:\WINDOWS\system32\oqstv.bak2
2007-09-23 19:58 2,004,676 --ahs---- C:\WINDOWS\system32\jlnmp.bak1
2007-09-23 16:27 6,448 --ahs---- C:\WINDOWS\system32\xybeg.bak2
2007-09-23 16:25 6,500 --ahs---- C:\WINDOWS\system32\xybeg.ini2
2007-09-23 16:18 2,014,885 --ahs---- C:\WINDOWS\system32\llkkj.bak2
2007-09-23 10:58 2,004,676 --ahs---- C:\WINDOWS\system32\bccdd.bak1
2007-09-22 22:18 2,004,676 --ahs---- C:\WINDOWS\system32\llkkj.bak1
2007-09-22 12:24 6,448 --ahs---- C:\WINDOWS\system32\oqstv.bak1
2007-09-21 06:59 87,616 --a------ C:\WINDOWS\system32\nvgepykv.dll
2007-09-16 16:00 107,888 --a------ C:\WINDOWS\system32\CmdLineExt.dll
2007-09-09 08:24 <DIR> d-------- C:\Program Files\SiteAdvisor
2007-09-09 08:24 <DIR> d-------- C:\DOCUME~1\LOCALS~1\APPLIC~1\SiteAdvisor
2007-09-09 08:24 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\SiteAdvisor
2007-09-09 08:23 71,496 --a------ C:\WINDOWS\system32\drivers\mfeavfk.sys
2007-09-09 08:23 37,480 --a------ C:\WINDOWS\system32\drivers\mfesmfk.sys
2007-09-09 08:23 34,184 --a------ C:\WINDOWS\system32\drivers\mfebopk.sys
2007-09-09 08:23 32,008 --a------ C:\WINDOWS\system32\drivers\mferkdk.sys
2007-09-09 08:23 170,408 --a------ C:\WINDOWS\system32\drivers\mfehidk.sys
2007-09-09 08:22 109,608 --a------ C:\WINDOWS\system32\drivers\Mpfp.sys
2007-09-09 08:21 <DIR> d-------- C:\Program Files\Common Files\McAfee
2007-08-08 20:05 <DIR> d-------- C:\Program Files\The Weather Channel FW
2007-08-08 19:56 <DIR> d-------- C:\Program Files\Common Files\xing shared
2007-08-04 19:02 <DIR> d-------- C:\WINDOWS\.jagex_cache_32

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-09-30 00:24 --------- d-------- C:\Program Files\Dl_cats
2007-09-20 11:41 3350 --ahsc--- C:\WINDOWS\system32\KGyGaAvL.sys
2007-09-16 15:51 --------- d-------- C:\Program Files\EA GAMES
2007-09-09 09:06 --------- d-------- C:\Program Files\McAfee.com
2007-09-09 09:06 --------- d-------- C:\Program Files\McAfee
2007-09-09 09:06 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\McAfee.com
2007-09-09 09:06 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\McAfee
2007-08-08 19:57 --------- d-------- C:\Program Files\Audible
2007-08-08 19:56 --------- d-------- C:\Program Files\Common Files\Real
2007-07-31 18:53 61424 --a------ C:\WINDOWS\system32\drivers\cdr4_xp.sys
2007-07-31 18:53 57344 --a------ C:\WINDOWS\uneng.exe
2007-07-31 18:53 49152 --a------ C:\WINDOWS\system32\cdrtc.dll
2007-07-31 18:53 45056 --a------ C:\WINDOWS\system32\cdral.dll
2007-07-31 18:53 23436 --a------ C:\WINDOWS\system32\drivers\cdralw2k.sys
2007-07-31 18:53 --------- d-------- C:\Program Files\Roxio
2007-07-31 18:53 --------- d-------- C:\Program Files\directx
2007-07-31 18:53 --------- d-------- C:\Program Files\Common Files\Roxio Shared
2007-07-31 18:53 --------- d-------- C:\Program Files\Common Files\Adaptec Shared
2007-07-31 18:43 --------- d--h----- C:\Program Files\InstallShield Installation Information
2007-07-30 19:19 92504 --a------ C:\WINDOWS\system32\dllcache\cdm.dll
2007-07-30 19:19 92504 --a------ C:\WINDOWS\system32\cdm.dll
2007-07-30 19:19 549720 --a------ C:\WINDOWS\system32\wuapi.dll
2007-07-30 19:19 549720 --a------ C:\WINDOWS\system32\dllcache\wuapi.dll
2007-07-30 19:19 53080 --a------ C:\WINDOWS\system32\wuauclt.exe
2007-07-30 19:19 53080 --a------ C:\WINDOWS\system32\dllcache\wuauclt.exe
2007-07-30 19:19 43352 --a------ C:\WINDOWS\system32\wups2.dll
2007-07-30 19:19 325976 --a------ C:\WINDOWS\system32\wucltui.dll
2007-07-30 19:19 325976 --a------ C:\WINDOWS\system32\dllcache\wucltui.dll
2007-07-30 19:19 203096 --a------ C:\WINDOWS\system32\wuweb.dll
2007-07-30 19:19 203096 --a------ C:\WINDOWS\system32\dllcache\wuweb.dll
2007-07-30 19:19 1712984 --a------ C:\WINDOWS\system32\wuaueng.dll
2007-07-30 19:19 1712984 --a------ C:\WINDOWS\system32\dllcache\wuaueng.dll
2007-07-30 19:18 33624 --a------ C:\WINDOWS\system32\wups.dll
2007-07-30 19:18 33624 --a------ C:\WINDOWS\system32\dllcache\wups.dll
2007-07-19 02:59 3583488 --a------ C:\WINDOWS\system32\dllcache\mshtml.dll
2007-07-12 19:31 765952 --a------ C:\WINDOWS\system32\dllcache\vgx.dll
2007-06-27 10:34 823808 --a------ C:\WINDOWS\system32\dllcache\wininet.dll
2007-06-27 10:34 671232 --a------ C:\WINDOWS\system32\dllcache\mstime.dll
2007-06-27 10:34 6058496 --------- C:\WINDOWS\system32\dllcache\ieframe.dll
2007-06-27 10:34 52224 --------- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2007-06-27 10:34 477696 --a------ C:\WINDOWS\system32\dllcache\mshtmled.dll
2007-06-27 10:34 459264 --------- C:\WINDOWS\system32\dllcache\msfeeds.dll
2007-06-27 10:34 44544 --------- C:\WINDOWS\system32\dllcache\iernonce.dll
2007-06-27 10:34 384512 --------- C:\WINDOWS\system32\dllcache\iedkcs32.dll
2007-06-27 10:34 383488 --------- C:\WINDOWS\system32\dllcache\ieapfltr.dll
2007-06-27 10:34 27648 --a------ C:\WINDOWS\system32\dllcache\jsproxy.dll
2007-06-27 10:34 267776 --------- C:\WINDOWS\system32\dllcache\iertutil.dll
2007-06-27 10:34 232960 --------- C:\WINDOWS\system32\dllcache\webcheck.dll
2007-06-27 10:34 230400 --a------ C:\WINDOWS\system32\dllcache\ieaksie.dll
2007-06-27 10:34 193024 --a------ C:\WINDOWS\system32\dllcache\msrating.dll
2007-06-27 10:34 153088 --a------ C:\WINDOWS\system32\dllcache\ieakeng.dll
2007-06-27 10:34 132608 --a------ C:\WINDOWS\system32\dllcache\extmgr.dll
2007-06-27 10:34 124928 --------- C:\WINDOWS\system32\dllcache\advpack.dll
2007-06-27 10:34 1152000 --a------ C:\WINDOWS\system32\dllcache\urlmon.dll
2007-06-27 10:34 105984 --------- C:\WINDOWS\system32\dllcache\url.dll
2007-06-27 10:34 102400 --------- C:\WINDOWS\system32\dllcache\occache.dll
2007-06-27 04:27 63488 --------- C:\WINDOWS\system32\dllcache\ie4uinit.exe
2007-06-27 04:27 625152 --------- C:\WINDOWS\system32\dllcache\iexplore.exe
2007-06-27 04:27 13824 --------- C:\WINDOWS\system32\dllcache\ieudinit.exe
2007-06-27 03:00 161792 --a------ C:\WINDOWS\system32\dllcache\ieakui.dll
2007-06-26 02:08 1104896 --a------ C:\WINDOWS\system32\msxml3.dll
2007-06-26 02:08 1104896 --------- C:\WINDOWS\system32\dllcache\msxml3.dll
2007-06-19 09:31 282112 --a------ C:\WINDOWS\system32\gdi32.dll
2007-06-19 09:31 282112 --a------ C:\WINDOWS\system32\dllcache\gdi32.dll
2007-06-13 06:23 1033216 --a------ C:\WINDOWS\explorer.exe
2007-06-13 06:23 1033216 --------- C:\WINDOWS\system32\dllcache\explorer.exe
2006-12-21 13:41 5696560 --a--c--- C:\Program Files\R142470.EXE
2006-11-18 18:33 798186 --a--c--- C:\Program Files\E113.ZIP
.

((((((((((((((((((((((((((((( snapshot_2007-09-28_134043.46 )))))))))))))))))))))))))))))))))))))))))
.
----atw 16,384 2007-09-30 16:07:38 C:\WINDOWS\Temp\Perflib_Perfdata_b94.dat
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-09-29 14:01]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-10-14 20:49]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-10-14 20:46]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-10-14 20:50]
"DMXLauncher"="C:\Program Files\Dell\Media Experience\DMXLauncher.exe" [2005-10-05 03:12]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2004-12-13 15:30]
"Norton Ghost 10.0"="C:\Program Files\Norton Ghost\Agent\GhostTray.exe" [2005-12-07 16:05]
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 10:44]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 10:44]
"MSKDetectorExe"="C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe" [2006-11-07 15:49]
"DLA"="C:\WINDOWS\System32\DLA\DLACTRLW.EXE" [2005-09-08 05:20]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2007-07-23 15:59]
"MSKAGENTEXE"="C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe" [2005-09-26 11:26]
"DLCJCATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCJtime.dll" [2005-08-15 05:40]
"dlcjmon.exe"="C:\Program Files\Dell Photo AIO Printer 964\dlcjmon.exe" [2005-08-12 08:47]
"MemoryCardManager"="C:\Program Files\Dell Photo AIO Printer 964\memcard.exe" [2005-08-10 02:12]
"BJCFD"="C:\Program Files\BroadJump\Client Foundation\CFD.exe" [2001-12-17 12:18]
"ComcastSUPPORT"="C:\Program Files\Support.com\bin\tgkill.exe" []
"MMTray"="C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe" [2005-09-08 19:20]
"PC Booster"="C:\Program Files\inKline Global\PC Booster\pcbooster.exe" [2003-09-17 13:42]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-05-01 18:33]
"SiteAdvisor"="C:\Program Files\SiteAdvisor\6172\SiteAdv.exe" [2007-08-24 17:57]
"AAWTray"="C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe" []
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 05:25]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 05:00]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-05-26 08:13]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2006-10-24 17:10]
"DellSupport"="C:\Program Files\DellSupport\DSAgnt.exe" [2007-03-15 11:09]
"DW4"="C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe" [2007-03-16 07:51]
"AdwareAlert"="C:\Program Files\AdwareAlert\AdwareAlert.exe" [2007-09-17 12:17]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-06-21 14:06]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t

C:\DOCUME~1\ALLUSE~1\STARTM~1\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 04:44:06]
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2006-05-30 23:49:58]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

R0 $sys$cor;$sys$cor;C:\WINDOWS\system32\Drivers\$sys$cor.sys
R1 $sys$crater;$sys$crater;\??\C:\WINDOWS\system32\$sys$filesystem\crater.sys
R1 V2IMount;V2IMount;C:\WINDOWS\system32\drivers\V2IMount.sys
R2 $sys$DRMServer;Plug and Play Device Manager;C:\WINDOWS\system32\$sys$filesystem\$sys$DRMServer.exe
R2 CD_Proxy;XCP CD Proxy;C:\WINDOWS\CDProxyServ.exe
S3 iatmunin;iatmunin;\??\C:\DOCUME~1\BIGWES~1\LOCALS~1\Temp\iatmunin.sys


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}]
AutoRun\command- E:\setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a01c3480-6f88-11db-a147-00121777935b}]
AutoRun\command- L:\setupSNK.exe

*Newly Created Service* - VPROEVENTMONITOR
.
Contents of the 'Scheduled Tasks' folder
"2007-09-30 16:08:36 C:\WINDOWS\Tasks\AdwareAlert Scheduled Scan.job"
"2007-09-15 05:00:03 C:\WINDOWS\Tasks\McDefragTask.job"
- c:\PROGRA~1\mcafee\mqc\QcConsol.exe
"2007-09-09 12:22:33 C:\WINDOWS\Tasks\McQcTask.job"
- c:\PROGRA~1\mcafee\mqc\QcConsol.exe
.
**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-09-30 12:27:32
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
DLCJCATS = rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCJtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\$sys$cor]
"ImagePath"="System32\Drivers\$sys$cor.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\$sys$crater]
"ImagePath"="\??\C:\WINDOWS\system32\$sys$filesystem\crater.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\$sys$DRMServer]
"ImagePath"="C:\WINDOWS\system32\$sys$filesystem\$sys$DRMServer.exe"
.
Completion time: 2007-09-30 12:28:19
C:\ComboFix-quarantined-files.txt ... 2007-09-30 12:28
C:\ComboFix2.txt ... 2007-09-28 13:41
.
--- E O F ---
Piankhi
Regular Member
 
Posts: 24
Joined: September 25th, 2007, 8:14 pm

Unread postby beynac » September 30th, 2007, 1:45 pm

Good evening.

My internet explorer looks different than it did before. It has no colors on the main screen and the links are also awkward though they still work...

Could you give me a few more details please. Most of those files we tried to delete are still there. Let's try a different method.

-----------------------------------------------

Open Notepad and copy/paste the text in the quotebox below into it:
File::
C:\WINDOWS\system32\bccdd.ini2
C:\WINDOWS\system32\qlcwjpmp.dll
C:\WINDOWS\system32\wshqpxkd.dll
C:\WINDOWS\system32\bccdd.bak2
C:\WINDOWS\system32\oqstv.bak2
C:\WINDOWS\system32\jlnmp.bak1
C:\WINDOWS\system32\xybeg.bak2
C:\WINDOWS\system32\xybeg.ini2
C:\WINDOWS\system32\llkkj.bak2
C:\WINDOWS\system32\bccdd.bak1
C:\WINDOWS\system32\llkkj.bak1
C:\WINDOWS\system32\oqstv.bak1
C:\WINDOWS\system32\nvgepykv.dll
C:\WINDOWS\system32\ljwgsoxg.dll
C:\WINDOWS\winprotector.exe


Save this on your Desktop as CFScript.txt

Image
ComboFix should also be on your Desktop. Referring to the picture above, drag CFScript.txt into ComboFix.exe. ComboFix will then run. When finished, it will produce a log (C:\ComboFix.txt). Post that log in your next reply.

Note:
Do not mouseclick ComboFix's window whilst it's running as this may cause it to stall.

--------------------------------------------

Please post, as a reply to this thread:
  • The ComboFix log
  • A new HijackThis log
User avatar
beynac
MRU Honors Grad Emeritus
 
Posts: 1638
Joined: February 14th, 2006, 12:14 pm
Location: Norwich, England

Unread postby Piankhi » October 1st, 2007, 11:30 am

Good Evening,

Here is the Combofix log.

ComboFix 07-09-21.2 - "Big Wes" 2007-10-01 11:20:17.4 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1301 [GMT -4:00]
Command switches used :: C:\Documents and Settings\Big Wes\Desktop\CFScript.txt
* Created a new restore point

FILE::
C:\WINDOWS\system32\bccdd.ini2
C:\WINDOWS\system32\qlcwjpmp.dll
C:\WINDOWS\system32\wshqpxkd.dll
C:\WINDOWS\system32\bccdd.bak2
C:\WINDOWS\system32\oqstv.bak2
C:\WINDOWS\system32\jlnmp.bak1
C:\WINDOWS\system32\xybeg.bak2
C:\WINDOWS\system32\xybeg.ini2
C:\WINDOWS\system32\llkkj.bak2
C:\WINDOWS\system32\bccdd.bak1
C:\WINDOWS\system32\llkkj.bak1
C:\WINDOWS\system32\oqstv.bak1
C:\WINDOWS\system32\nvgepykv.dll
C:\WINDOWS\system32\ljwgsoxg.dll
C:\WINDOWS\winprotector.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\bccdd.bak1
C:\WINDOWS\system32\bccdd.bak2
C:\WINDOWS\system32\jlnmp.bak1
C:\WINDOWS\system32\llkkj.bak1
C:\WINDOWS\system32\llkkj.bak2
C:\WINDOWS\system32\nvgepykv.dll
C:\WINDOWS\system32\oqstv.bak1
C:\WINDOWS\system32\oqstv.bak2
C:\WINDOWS\system32\wshqpxkd.dll
C:\WINDOWS\system32\xybeg.bak2
C:\WINDOWS\system32\xybeg.ini2

.
((((((((((((((((((((((((( Files Created from 2007-09-01 to 2007-10-01 )))))))))))))))))))))))))))))))
.

2007-09-30 00:19 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-09-29 14:07 24,576 --a------ C:\WINDOWS\system32\VundoFixSVC.exe
2007-09-29 13:59 <DIR> d-------- C:\VundoFix Backups
2007-09-28 13:47 <DIR> d-------- C:\Program Files\Trend Micro
2007-09-28 12:59 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-09-25 19:06 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2007-09-25 19:06 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-09-25 19:06 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\SUPERAntiSpyware.com
2007-09-25 17:58 <DIR> d-------- C:\Program Files\AdwareAlert
2007-09-16 16:00 107,888 --a------ C:\WINDOWS\system32\CmdLineExt.dll
2007-09-09 08:24 <DIR> d-------- C:\Program Files\SiteAdvisor
2007-09-09 08:24 <DIR> d-------- C:\DOCUME~1\LOCALS~1\APPLIC~1\SiteAdvisor
2007-09-09 08:24 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\SiteAdvisor
2007-09-09 08:23 71,496 --a------ C:\WINDOWS\system32\drivers\mfeavfk.sys
2007-09-09 08:23 37,480 --a------ C:\WINDOWS\system32\drivers\mfesmfk.sys
2007-09-09 08:23 34,184 --a------ C:\WINDOWS\system32\drivers\mfebopk.sys
2007-09-09 08:23 32,008 --a------ C:\WINDOWS\system32\drivers\mferkdk.sys
2007-09-09 08:23 170,408 --a------ C:\WINDOWS\system32\drivers\mfehidk.sys
2007-09-09 08:22 109,608 --a------ C:\WINDOWS\system32\drivers\Mpfp.sys
2007-09-09 08:21 <DIR> d-------- C:\Program Files\Common Files\McAfee

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-09-30 20:14 --------- d-------- C:\Program Files\Dl_cats
2007-09-16 15:51 --------- d-------- C:\Program Files\EA GAMES
2007-09-09 09:06 --------- d-------- C:\Program Files\McAfee.com
2007-09-09 09:06 --------- d-------- C:\Program Files\McAfee
2007-09-09 09:06 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\McAfee.com
2007-09-09 09:06 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\McAfee
2007-08-08 20:05 --------- d-------- C:\Program Files\The Weather Channel FW
2007-08-08 19:57 --------- d-------- C:\Program Files\Audible
2007-08-08 19:56 --------- d-------- C:\Program Files\Common Files\xing shared
2007-08-08 19:56 --------- d-------- C:\Program Files\Common Files\Real
2007-07-31 18:53 57344 --a------ C:\WINDOWS\uneng.exe
2006-12-21 13:41 5696560 --a--c--- C:\Program Files\R142470.EXE
2006-11-18 18:33 798186 --a--c--- C:\Program Files\E113.ZIP
.

((((((((((((((((((((((((((((( snapshot_2007-09-28_134043.46 )))))))))))))))))))))))))))))))))))))))))
.
----atw 16,384 2007-10-01 15:22:59 C:\WINDOWS\Temp\Perflib_Perfdata_94c.dat
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-09-29 14:01]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-10-14 20:49]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-10-14 20:46]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-10-14 20:50]
"DMXLauncher"="C:\Program Files\Dell\Media Experience\DMXLauncher.exe" [2005-10-05 03:12]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2004-12-13 15:30]
"Norton Ghost 10.0"="C:\Program Files\Norton Ghost\Agent\GhostTray.exe" [2005-12-07 16:05]
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 10:44]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 10:44]
"MSKDetectorExe"="C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe" [2006-11-07 15:49]
"DLA"="C:\WINDOWS\System32\DLA\DLACTRLW.EXE" [2005-09-08 05:20]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2007-07-23 15:59]
"MSKAGENTEXE"="C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe" [2005-09-26 11:26]
"DLCJCATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCJtime.dll" [2005-08-15 05:40]
"dlcjmon.exe"="C:\Program Files\Dell Photo AIO Printer 964\dlcjmon.exe" [2005-08-12 08:47]
"MemoryCardManager"="C:\Program Files\Dell Photo AIO Printer 964\memcard.exe" [2005-08-10 02:12]
"BJCFD"="C:\Program Files\BroadJump\Client Foundation\CFD.exe" [2001-12-17 12:18]
"ComcastSUPPORT"="C:\Program Files\Support.com\bin\tgkill.exe" []
"MMTray"="C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe" [2005-09-08 19:20]
"PC Booster"="C:\Program Files\inKline Global\PC Booster\pcbooster.exe" [2003-09-17 13:42]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-05-01 18:33]
"SiteAdvisor"="C:\Program Files\SiteAdvisor\6172\SiteAdv.exe" [2007-08-24 17:57]
"AAWTray"="C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe" []
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 05:25]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 05:00]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-05-26 08:13]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2006-10-24 17:10]
"DellSupport"="C:\Program Files\DellSupport\DSAgnt.exe" [2007-03-15 11:09]
"DW4"="C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe" [2007-03-16 07:51]
"AdwareAlert"="C:\Program Files\AdwareAlert\AdwareAlert.exe" [2007-09-17 12:17]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-06-21 14:06]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t

C:\DOCUME~1\ALLUSE~1\STARTM~1\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 04:44:06]
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2006-05-30 23:49:58]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

R0 $sys$cor;$sys$cor;C:\WINDOWS\system32\Drivers\$sys$cor.sys
R1 $sys$crater;$sys$crater;\??\C:\WINDOWS\system32\$sys$filesystem\crater.sys
R1 V2IMount;V2IMount;C:\WINDOWS\system32\drivers\V2IMount.sys
R2 $sys$DRMServer;Plug and Play Device Manager;C:\WINDOWS\system32\$sys$filesystem\$sys$DRMServer.exe
R2 CD_Proxy;XCP CD Proxy;C:\WINDOWS\CDProxyServ.exe
S3 iatmunin;iatmunin;\??\C:\DOCUME~1\BIGWES~1\LOCALS~1\Temp\iatmunin.sys


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}]
AutoRun\command- E:\setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a01c3480-6f88-11db-a147-00121777935b}]
AutoRun\command- L:\setupSNK.exe

*Newly Created Service* - VPROEVENTMONITOR
.
Contents of the 'Scheduled Tasks' folder
"2007-10-01 15:25:31 C:\WINDOWS\Tasks\AdwareAlert Scheduled Scan.job"
"2007-09-15 05:00:03 C:\WINDOWS\Tasks\McDefragTask.job"
- c:\PROGRA~1\mcafee\mqc\QcConsol.exe
"2007-09-09 12:22:33 C:\WINDOWS\Tasks\McQcTask.job"
- c:\PROGRA~1\mcafee\mqc\QcConsol.exe
.
**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-10-01 11:24:07
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\$sys$cor]
"ImagePath"="System32\Drivers\$sys$cor.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\$sys$crater]
"ImagePath"="\??\C:\WINDOWS\system32\$sys$filesystem\crater.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\$sys$DRMServer]
"ImagePath"="C:\WINDOWS\system32\$sys$filesystem\$sys$DRMServer.exe"
.
Completion time: 2007-10-01 11:27:02 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-10-01 11:27
C:\ComboFix2.txt ... 2007-10-01 11:14
C:\ComboFix3.txt ... 2007-09-30 12:28
.
--- E O F ---
Piankhi
Regular Member
 
Posts: 24
Joined: September 25th, 2007, 8:14 pm

Unread postby Piankhi » October 1st, 2007, 11:31 am

Here is the new HJT log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:28:54 AM, on 10/1/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\$sys$filesystem\$sys$DRMServer.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\CDProxyServ.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\System32\GEARSec.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
C:\Program Files\Norton Ghost\Agent\VProSvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\SiteAdvisor\6172\SAService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\dllhost.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Norton Ghost\Agent\GhostTray.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
C:\Program Files\Dell Photo AIO Printer 964\dlcjmon.exe
C:\Program Files\Dell Photo AIO Printer 964\memcard.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
C:\Program Files\inKline Global\PC Booster\pcbooster.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\SiteAdvisor\6172\SiteAdv.exe
C:\WINDOWS\system32\dlcjcoms.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe
C:\Program Files\AdwareAlert\AdwareAlert.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/def ... earch.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6172\SiteAdv.dll
O2 - BHO: McAfee AntiPhishing Filter - {41D68ED8-4CFF-4115-88A6-6EBB8AF19000} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptcl.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\Program Files\BAE\BAE.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6172\SiteAdv.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Norton Ghost 10.0] "C:\Program Files\Norton Ghost\Agent\GhostTray.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe /startup
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
O4 - HKLM\..\Run: [DLCJCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCJtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [dlcjmon.exe] "C:\Program Files\Dell Photo AIO Printer 964\dlcjmon.exe"
O4 - HKLM\..\Run: [MemoryCardManager] "C:\Program Files\Dell Photo AIO Printer 964\memcard.exe"
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [ComcastSUPPORT] C:\Program Files\Support.com\bin\tgkill.exe /cleaneahtioga /start
O4 - HKLM\..\Run: [MMTray] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe"
O4 - HKLM\..\Run: [PC Booster] C:\Program Files\inKline Global\PC Booster\pcbooster.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6172\SiteAdv.exe
O4 - HKLM\..\Run: [AAWTray] C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [DW4] "C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe"
O4 - HKCU\..\Run: [AdwareAlert] C:\Program Files\AdwareAlert\AdwareAlert.exe -boot
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: (no name) - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O9 - Extra 'Tools' menuitem: McAfee AntiPhishing Filter - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Support - {5ADBB9A5-0C6C-449D-8665-18DEDCF0815C} - http://www.comcastsupport.com (file missing) (HKCU)
O9 - Extra button: ComcastHSI - {776590E3-E488-4B9F-93AB-EC10A11C85F9} - http://www.comcast.net (file missing) (HKCU)
O9 - Extra button: Help - {87B9AD9D-4B79-4582-9F48-77A2BC78139D} - http://www.comcast.net/memberservices/ (file missing) (HKCU)
O14 - IERESET.INF: START_PAGE_URL=http://www.comcast.net
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/share ... insctl.cab
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Plug and Play Device Manager ($sys$DRMServer) - First 4 Internet Ltd - C:\WINDOWS\system32\$sys$filesystem\$sys$DRMServer.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: XCP CD Proxy (CD_Proxy) - Unknown owner - C:\WINDOWS\CDProxyServ.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: dlcj_device - Unknown owner - C:\WINDOWS\system32\dlcjcoms.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Norton Ghost\Agent\VProSvc.exe
O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6172\SAService.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

--
End of file - 14746 bytes
Piankhi
Regular Member
 
Posts: 24
Joined: September 25th, 2007, 8:14 pm
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 496 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware