Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

A log for you~

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

A log for you~

Unread postby DJ Kat~ » December 30th, 2007, 5:45 am

Something maybe tracking my IP or passwords ..anyone got an idea?


Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 3:24:14 AM, on 12/30/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\ibmpmsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\tp4mon.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\PRISMSVR.EXE
C:\Program Files\Ulead Systems\Ulead Photo Express 5 SE\calcheck.exe
C:\Program Files\SanDisk\Sansa Updater\SansaDispatch.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Belkin\Cardbus F5D7010\Wireless Utility\Belkinwcui.exe
C:\WINDOWS\system32\acs.exe
C:\WINDOWS\System32\atievxx.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\ibm\Desktop\HiJackThis_v2.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R3 - Default URLSearchHook is missing
N3 - Netscape 7: user_pref("browser.startup.homepage", "http://home.netscape.com/bookmark/7_2/home.html"); (C:\Documents and Settings\IBM\Application Data\Mozilla\Profiles\default\ahrlwcp5.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\IBM\Application Data\Mozilla\Profiles\default\ahrlwcp5.slt\prefs.js)
O2 - BHO: (no name) - SOFTWARE - (no file)
O2 - BHO: IncrediFindBHO Class - {0026AD90-C86F-4269-97F3-DAB4897C6D06} - C:\PROGRA~1\INCRED~1\BHO\INCFIN~1.DLL (file missing)
O2 - BHO: myBar BHO - {0494D0D1-F8E0-41ad-92A3-14154ECE70AC} - C:\Program Files\MyWay\myBar\1.bin\MYBAR.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: ChangerBHO Class - {4c03732f-43bb-4d80-ba45-66fd05db11df} - C:\WINDOWS\system32\acctresav.dll
O2 - BHO: REALBAR - {4E7BD74F-2B8D-469E-C0FF-FD60B590A87D} - C:\PROGRA~1\COMMON~1\Real\Toolbar\realbar.dll
O2 - BHO: (no name) - {4FD643E5-CE56-40DD-AB29-3E6A46E4807B} - C:\Program Files\CSBB\CSBB.dll (file missing)
O2 - BHO: KontekstualAds Class - {72217827-914b-46c6-a6ee-c00c70842ebf} - C:\Program Files\TrustIn Kontekstual\InTru.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {860C019F-8AE1-4DC3-A7B0-B7314DBC26A8} - C:\Program Files\CSBB\CSBB.dll (file missing)
O2 - BHO: (no name) - {9E033487-8635-494E-8D08-ACBCF8DB8399} - C:\Program Files\CSBB\CSBB.dll (file missing)
O2 - BHO: (no name) - {CA8553BF-D333-446E-8CC1-06C7AB26F968} - C:\Program Files\CSBB\CSBB.dll (file missing)
O2 - BHO: SpoofBHO Class - {F67EEB12-AB09-11DB-A6F1-260856D89593} - C:\WINDOWS\se_spoof.dll
O3 - Toolbar: REALBAR - {4E7BD74F-2B8D-469E-C0FF-FD60B590A87D} - C:\PROGRA~1\COMMON~1\Real\Toolbar\realbar.dll
O3 - Toolbar: &SearchBar - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} - C:\Program Files\MyWay\myBar\1.bin\MYBAR.DLL
O4 - HKLM\..\Run: [TrackPointSrv] tp4mon.exe
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [windowsupdate] RPCX1sq234.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SearchUpgrader] C:\Program Files\Common files\SearchUpgrader\SearchUpgrader.exe
O4 - HKLM\..\Run: [PRISMSVR.EXE] "C:\WINDOWS\system32\PRISMSVR.EXE" /APPLY
O4 - HKLM\..\Run: [Ulead Photo Express Calendar Checker] C:\Program Files\Ulead Systems\Ulead Photo Express 5 SE\calcheck.exe
O4 - HKLM\..\Run: [SansaDispatch] C:\Program Files\SanDisk\Sansa Updater\SansaDispatch.exe
O4 - HKLM\..\RunServices: [windowsupdate] RPCX1sq234.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Belkin Wireless Utility.lnk = C:\Program Files\Belkin\Cardbus F5D7010\Wireless Utility\Belkinwcui.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Sothink SWF Catcher - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Ebates - {6685509E-B47B-4f47-8E16-9A5F3A62F683} - file://C:\Program Files\Ebates_MoeMoneyMaker\Sy350\Tp350\scri350a.htm (file missing) (HKCU)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O18 - Filter hijack: text/html - (no CLSID) - (no file)
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe
O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
O23 - Service: IBM PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\System32\ibmpmsvc.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Sptisrv.exe

--
End of file - 7102 bytes
DJ Kat~
Active Member
 
Posts: 9
Joined: December 30th, 2007, 5:41 am
Advertisement
Register to Remove

Re: A log for you~

Unread postby Katana » January 3rd, 2008, 9:54 pm

I'm afraid I have unpleasant news for you. You have a Very Dangerous infection on this machine.
The infection is delivered by Troj/IRCBot-U
It allows outsiders COMPLETE access to every keystroke, account, and password you use while on this machine, and complete access to any other data present...
IF this computer has been used for any kind of important data, my best recommendation is to Disconnect from Internet, Re-Format the entire drive and re-install your Operating system and Applications.

We can likely clean the infected files off the computer, and if you wish we will attempt to do so, but we cannot be sure that the infection didn't do something to your system to reduce the system security. In that instance, even after removal of the infection, you could be subject to another attack or takeover as soon as you re-connect to the Internet.

The Decision Whether to ReFormat or Not should be based on:
  • The use of the computer - this is the primary factor in the decision whether to re-format and re-install, or just disinfect.
  • The variety of malware - this influences the decision on whether to re-format and re-install, or just disinfect. IN THIS CASE we have a Backdoor Trojan, the worst kind.
If the Computer has been used for any important data, you are strongly advised to do the following, immediately:
  • Disconnect the infected computer from the internet and from any networked computers until the computer can be cleaned.
  • Back up all important data on the machine. Do not back up any Applications (programs). Those should be re-installed from the original source CDs or websites.
  • If you have ever used this computer for shopping, banking, or any transactions relating to your financial well being:
    Call all of your banks, credit card companies, and financial institutions, informing them that you may be a victim of identity theft, and to put a watch on your accounts or change all your account numbers.
  • From a clean computer, change ALL your online passwords -- for ISP login, email, banks, financial accounts, PayPal, eBay, online companies, and any online forums or groups you belong to.
  • DO NOT change passwords or do any transactions while using the infected computer because the attacker will get the new password and transaction information.
  • Take any other steps you think appropriate for an attempted identity theft.
While you are deciding whether to ReFormat and Re-Install, a useful link is here: http://www.dslreports.com/faq/10063
Please let me know what you decide.
User avatar
Katana
MRU Teacher Emeritus
 
Posts: 6412
Joined: November 10th, 2006, 5:00 pm
Location: Manchester

Re: A log for you~

Unread postby DJ Kat~ » January 4th, 2008, 1:25 am

Well, that's lovely. Seeing as this is a gaming computer, I'm not concerned with reformatting it. It's not even an option for me. Still, I'll take those precautionary steps just to be on the safe side. Let's just try to clean it!

While waiting for a reply, I downloaded and scanned my registry with Uniblue RegistryBooster2 and Registry Machine. My paranoia drove me to mess around, so I have to provide another hijackthis log:

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 11:07:54 PM, on 1/3/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\ibmpmsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\tp4mon.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\PRISMSVR.EXE
C:\Program Files\SanDisk\Sansa Updater\SansaDispatch.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Belkin\Cardbus F5D7010\Wireless Utility\Belkinwcui.exe
C:\WINDOWS\system32\acs.exe
C:\WINDOWS\System32\atievxx.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe
C:\Documents and Settings\ibm\Desktop\HiJackThis_v2.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - SOFTWARE - (no file)
O2 - BHO: IncrediFindBHO Class - {0026AD90-C86F-4269-97F3-DAB4897C6D06} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: ChangerBHO Class - {4c03732f-43bb-4d80-ba45-66fd05db11df} - C:\WINDOWS\system32\acctresav.dll
O2 - BHO: REALBAR - {4E7BD74F-2B8D-469E-C0FF-FD60B590A87D} - C:\PROGRA~1\COMMON~1\Real\Toolbar\realbar.dll
O2 - BHO: (no name) - {4FD643E5-CE56-40DD-AB29-3E6A46E4807B} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {860C019F-8AE1-4DC3-A7B0-B7314DBC26A8} - (no file)
O2 - BHO: (no name) - {9E033487-8635-494E-8D08-ACBCF8DB8399} - (no file)
O2 - BHO: (no name) - {CA8553BF-D333-446E-8CC1-06C7AB26F968} - (no file)
O2 - BHO: SpoofBHO Class - {F67EEB12-AB09-11DB-A6F1-260856D89593} - C:\WINDOWS\se_spoof.dll
O3 - Toolbar: REALBAR - {4E7BD74F-2B8D-469E-C0FF-FD60B590A87D} - C:\PROGRA~1\COMMON~1\Real\Toolbar\realbar.dll
O4 - HKLM\..\Run: [TrackPointSrv] tp4mon.exe
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [windowsupdate] RPCX1sq234.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [PRISMSVR.EXE] "C:\WINDOWS\system32\PRISMSVR.EXE" /APPLY
O4 - HKLM\..\Run: [SansaDispatch] C:\Program Files\SanDisk\Sansa Updater\SansaDispatch.exe
O4 - HKLM\..\RunServices: [windowsupdate] RPCX1sq234.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Belkin Wireless Utility.lnk = C:\Program Files\Belkin\Cardbus F5D7010\Wireless Utility\Belkinwcui.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Sothink SWF Catcher - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Ebates - {6685509E-B47B-4f47-8E16-9A5F3A62F683} - C:\WINDOWS\System32\shdocvw.dll (HKCU)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O18 - Filter hijack: text/html - (no CLSID) - (no file)
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe
O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
O23 - Service: IBM PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\System32\ibmpmsvc.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Sptisrv.exe

--
End of file - 5768 bytes
DJ Kat~
Active Member
 
Posts: 9
Joined: December 30th, 2007, 5:41 am

Re: A log for you~

Unread postby Katana » January 4th, 2008, 10:19 am

I don't personally recommend the use of ANY registry cleaners.
Here is an excerpt from a discussion on regcleaners
Most reg cleaners aren't "bad" as such, but they aren't perfect and even the best have been known to cause problems.
The point we are trying to make is that the risk of using one far outweighs any benefit.
If it does work perfectly you will not see any difference
If it doesn't work properly you may end up with an expensive doorstop.

http://forums.whatthetech.com/Regcleaner_t42862.html

The Beta version of HJT is now out of date. Please download the latest version.

Download HJT

Click here to download HJTinstall.exe
  • Save HJTinstall.exe to your desktop.
  • Double click on the HJTinstall.exe icon on your desktop.
  • By default it will install to C:\\Program Files\\Trend Micro\\Hijack This.
  • Click I accept
  • Click on the Do a system scan and save a log file button. It will scan and then ask you to save the log.
  • Click Save to save the log file and then the log will open in notepad.
  • Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT have Hijack This fix anything yet. Most of what it finds will be harmless or even required.

SD Fix

DownloadSDFix and save it to your Desktop.

Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\\SDFix)

Please then reboot your computer in Safe Mode by doing the following :
  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, tap the F5 key continually;
  • Instead of Windows loading as normal, the Advanced Options Menu should appear;
  • Select the first option, to run Windows in Safe Mode, then press Enter.
  • Choose your usual account.
  • Open the extracted SDFix folder and double click RunThis.bat to start the script.
  • Type Y to begin the cleanup process.
  • It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
  • Press any Key and it will restart the PC.
  • When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
  • Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
    (Report.txt will also be copied to Clipboard ready for posting back on the forum).
  • Finally paste the contents of the Report.txt back on the forum with a new HijackThis log

Download and Run ComboFix
  • Download Combofix from one of the links below :

    ComboFix.exe 1
    ComboFix.exe 2
    ComboFix.exe 3

  • You must download it to and run it from your Desktop
  • Now STOP all your monitoring programs (Antivirus/Antispyware, Guards and Shields) as they could easily interfere with ComboFix.
  • Double click combofix.exe & follow the prompts.
  • When finished, it will produce a log. Please save that log to post in your next reply along with a fresh HJT log
  • Re-enable all the programs that were disabled during the running of ComboFix..

Note:
Do not mouse-click combofix's window while it is running. That may cause it to stall.

CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
ComboFix SHOULD NOT be used unless requested by a forum helper
User avatar
Katana
MRU Teacher Emeritus
 
Posts: 6412
Joined: November 10th, 2006, 5:00 pm
Location: Manchester

Re: A log for you~

Unread postby DJ Kat~ » January 4th, 2008, 7:51 pm

Alright, here's the new log, and are you telling me to use ComboFix or just throwing it out there?

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:44:01 PM, on 1/4/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\ibmpmsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\tp4mon.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\PRISMSVR.EXE
C:\Program Files\SanDisk\Sansa Updater\SansaDispatch.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Belkin\Cardbus F5D7010\Wireless Utility\Belkinwcui.exe
C:\WINDOWS\system32\acs.exe
C:\WINDOWS\System32\atievxx.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - SOFTWARE - (no file)
O2 - BHO: IncrediFindBHO Class - {0026AD90-C86F-4269-97F3-DAB4897C6D06} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: ChangerBHO Class - {4c03732f-43bb-4d80-ba45-66fd05db11df} - C:\WINDOWS\system32\acctresav.dll
O2 - BHO: REALBAR - {4E7BD74F-2B8D-469E-C0FF-FD60B590A87D} - C:\PROGRA~1\COMMON~1\Real\Toolbar\realbar.dll
O2 - BHO: (no name) - {4FD643E5-CE56-40DD-AB29-3E6A46E4807B} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {860C019F-8AE1-4DC3-A7B0-B7314DBC26A8} - (no file)
O2 - BHO: (no name) - {9E033487-8635-494E-8D08-ACBCF8DB8399} - (no file)
O2 - BHO: (no name) - {CA8553BF-D333-446E-8CC1-06C7AB26F968} - (no file)
O2 - BHO: SpoofBHO Class - {F67EEB12-AB09-11DB-A6F1-260856D89593} - C:\WINDOWS\se_spoof.dll
O3 - Toolbar: REALBAR - {4E7BD74F-2B8D-469E-C0FF-FD60B590A87D} - C:\PROGRA~1\COMMON~1\Real\Toolbar\realbar.dll
O4 - HKLM\..\Run: [TrackPointSrv] tp4mon.exe
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [windowsupdate] RPCX1sq234.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [PRISMSVR.EXE] "C:\WINDOWS\system32\PRISMSVR.EXE" /APPLY
O4 - HKLM\..\Run: [SansaDispatch] C:\Program Files\SanDisk\Sansa Updater\SansaDispatch.exe
O4 - HKLM\..\RunServices: [windowsupdate] RPCX1sq234.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Belkin Wireless Utility.lnk = C:\Program Files\Belkin\Cardbus F5D7010\Wireless Utility\Belkinwcui.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Sothink SWF Catcher - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Ebates - {6685509E-B47B-4f47-8E16-9A5F3A62F683} - C:\WINDOWS\System32\shdocvw.dll (HKCU)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O18 - Filter hijack: text/html - (no CLSID) - (no file)
O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe
O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
O23 - Service: IBM PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\System32\ibmpmsvc.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Sptisrv.exe

--
End of file - 5550 bytes
DJ Kat~
Active Member
 
Posts: 9
Joined: December 30th, 2007, 5:41 am

Re: A log for you~

Unread postby Katana » January 4th, 2008, 8:47 pm

DJ Kat~ wrote:Alright, here's the new log, and are you telling me to use ComboFix or just throwing it out there?


Backdoor trojans usually come with lots of friends, If you wish to make sure your machine is free of malware you will need to run both SDFix AND Combofix so that I can see the logs they produce.
User avatar
Katana
MRU Teacher Emeritus
 
Posts: 6412
Joined: November 10th, 2006, 5:00 pm
Location: Manchester

Re: A log for you~

Unread postby DJ Kat~ » January 5th, 2008, 3:29 pm

Horrah for SDfix and a Highjack afterwards!


SDFix: Version 1.123

Run by ibm on Sat 01/05/2008 at 12:32 PM

Microsoft Windows XP [Version 5.1.2600]

Running From: C:\SDFix

Safe Mode:
Checking Services:


Restoring Windows Registry Values
Restoring Windows Default Hosts File

Rebooting...


Normal Mode:
Checking Files:

No Trojan Files Found





Removing Temp Files...

ADS Check:

C:\WINDOWS
No streams found.

C:\WINDOWS\system32
No streams found.

C:\WINDOWS\system32\svchost.exe
No streams found.

C:\WINDOWS\system32\ntoskrnl.exe
No streams found.



Final Check:

catchme 0.3.1333.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-05 12:50:24
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


Remaining Services:
------------------



Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplic

ations\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Kazaa\\kazaa.exe"="C:\\Program Files\\Kazaa\\kazaa.exe:*:Enabled:Kazaa"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live

Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live

Messenger 8.1 (Phone)"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplicat

ions\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live

Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live

Messenger 8.1 (Phone)"

Remaining Files:
---------------


Files with Hidden Attributes:

Thu 9 Dec 2004 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Tue 10 Apr 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv02.tmp"
Tue 13 Jun 2006 35,328 A..H. --- "C:\Documents and Settings\ibm\My Documents\Misc\~WRL0005.tmp"
Mon 8 Jan 2007 38,400 ...H. --- "C:\Documents and Settings\ibm\Application Data\Microsoft\Word\~WRL1627.tmp"
Tue 11 Apr 2006 2,461,696 A..H. --- "C:\Documents and Settings\ibm\Application Data\U3\temp\Launchpad Removal.exe"
Thu 9 Dec 2004 4,348 A..H. --- "C:\Documents and Settings\ibm\My Documents\Misc\License Backup\drmv1key.bak"
Tue 26 Apr 2005 20 A..H. --- "C:\Documents and Settings\ibm\My Documents\Misc\License Backup\drmv1lic.bak"
Thu 9 Dec 2004 312 A..H. --- "C:\Documents and Settings\ibm\My Documents\Misc\License Backup\drmv2key.bak"
Tue 26 Apr 2005 1,536 A..H. --- "C:\Documents and Settings\ibm\My Documents\Misc\License Backup\drmv2lic.bak"
Thu 9 Dec 2004 4,348 ...H. --- "C:\Documents and Settings\ibm\My Documents\My Music\License Backup\drmv1key.bak"
Fri 28 Apr 2006 20 A..H. --- "C:\Documents and Settings\ibm\My Documents\My Music\License Backup\drmv1lic.bak"
Sun 26 Mar 2006 400 ...H. --- "C:\Documents and Settings\ibm\My Documents\My Music\License Backup\drmv2key.bak"
Fri 28 Apr 2006 10,752 A..H. --- "C:\Documents and Settings\ibm\My Documents\My Music\License Backup\drmv2lic.bak"

Finished!


---------------------------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:02:44 PM, on 1/5/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\ibmpmsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\acs.exe
C:\WINDOWS\System32\atievxx.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\tp4mon.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\PRISMSVR.EXE
C:\Program Files\SanDisk\Sansa Updater\SansaDispatch.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Belkin\Cardbus F5D7010\Wireless Utility\Belkinwcui.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - SOFTWARE - (no file)
O2 - BHO: IncrediFindBHO Class - {0026AD90-C86F-4269-97F3-DAB4897C6D06} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat

5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: ChangerBHO Class - {4c03732f-43bb-4d80-ba45-66fd05db11df} - C:\WINDOWS\system32\acctresav.dll
O2 - BHO: REALBAR - {4E7BD74F-2B8D-469E-C0FF-FD60B590A87D} - C:\PROGRA~1\COMMON~1\Real\Toolbar\realbar.dll
O2 - BHO: (no name) - {4FD643E5-CE56-40DD-AB29-3E6A46E4807B} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {860C019F-8AE1-4DC3-A7B0-B7314DBC26A8} - (no file)
O2 - BHO: (no name) - {9E033487-8635-494E-8D08-ACBCF8DB8399} - (no file)
O2 - BHO: (no name) - {CA8553BF-D333-446E-8CC1-06C7AB26F968} - (no file)
O2 - BHO: SpoofBHO Class - {F67EEB12-AB09-11DB-A6F1-260856D89593} - C:\WINDOWS\se_spoof.dll
O3 - Toolbar: REALBAR - {4E7BD74F-2B8D-469E-C0FF-FD60B590A87D} - C:\PROGRA~1\COMMON~1\Real\Toolbar\realbar.dll
O4 - HKLM\..\Run: [TrackPointSrv] tp4mon.exe
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [PRISMSVR.EXE] "C:\WINDOWS\system32\PRISMSVR.EXE" /APPLY
O4 - HKLM\..\Run: [SansaDispatch] C:\Program Files\SanDisk\Sansa Updater\SansaDispatch.exe
O4 - HKLM\..\RunServices: [windowsupdate] RPCX1sq234.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Belkin Wireless Utility.lnk = C:\Program Files\Belkin\Cardbus F5D7010\Wireless Utility\Belkinwcui.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Sothink SWF Catcher - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program

Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF

Catcher\InternetExplorer.htm
O9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common

Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program

Files\Messenger\msmsgs.exe
O9 - Extra button: Ebates - {6685509E-B47B-4f47-8E16-9A5F3A62F683} - C:\WINDOWS\System32\shdocvw.dll (HKCU)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O18 - Filter hijack: text/html - (no CLSID) - (no file)
O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe
O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
O23 - Service: IBM PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\System32\ibmpmsvc.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation -

C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Sptisrv.exe

--
End of file - 5423 bytes






Now here's the ComboFix's log and a fresh highjacking:

ComboFix 08-01-04.1 - ibm 2008-01-05 13:10:39.1 - NTFSx86
Running from: C:\Documents and Settings\ibm\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\ibm\Application Data\macromedia\Flash Player\#SharedObjects\2VRFLMAB\www.broadcaster.com
C:\Documents and Settings\ibm\Application Data\macromedia\Flash

Player\#SharedObjects\2VRFLMAB\www.broadcaster.com\played_list.sol
C:\Documents and Settings\ibm\Application Data\macromedia\Flash

Player\#SharedObjects\2VRFLMAB\www.broadcaster.com\video_queue.sol
C:\Documents and Settings\ibm\Application Data\macromedia\Flash

Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com
C:\Documents and Settings\ibm\Application Data\macromedia\Flash

Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com\settings.sol
C:\Program Files\TrustIn Contextual
C:\Program Files\TrustIn Kontekstual
C:\Program Files\TrustIn Kontekstual\InTru.dll
C:\Program Files\video access activex object
C:\WINDOWS\se_spoof.dll
C:\WINDOWS\system32\aspi32.exe

.
((((((((((((((((((((((((( Files Created from 2007-12-05 to 2008-01-05 )))))))))))))))))))))))))))))))
.

2008-01-05 13:08 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2008-01-05 12:31 . 2008-01-05 12:31 <DIR> d-------- C:\WINDOWS\ERUNT
2008-01-04 17:42 . 2008-01-04 17:42 <DIR> d-------- C:\Program Files\Trend Micro
2008-01-02 23:09 . 2008-01-02 23:09 <DIR> d-------- C:\Program Files\Uniblue
2008-01-02 23:09 . 2008-01-02 23:09 <DIR> d-------- C:\Documents and Settings\ibm\Application Data\Uniblue
2007-12-20 19:49 . 2007-12-26 11:22 <DIR> d-------- C:\WINDOWS\.jagex_cache_32
2007-12-12 19:54 . 2007-12-12 19:54 <DIR> d-------- C:\Program Files\BitAccelerator

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-03 04:54 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-01-03 04:54 --------- d-----w C:\Documents and Settings\All Users\Application Data\Ulead Systems
2008-01-03 04:53 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-03 03:53 --------- d-----w C:\Program Files\Netscape
2008-01-03 03:48 --------- d-----w C:\Program Files\mIRC
2008-01-03 03:40 --------- d-----w C:\Program Files\Winamp
2007-12-21 10:33 --------- d-----w C:\Program Files\Java
2007-12-21 08:06 33,816 ----a-w C:\Documents and Settings\ibm\Application Data\GDIPFONTCACHEV1.DAT
2007-12-14 04:30 --------- d-----w C:\Program Files\Extractor
2007-11-28 05:01 22,016 ----a-w C:\WINDOWS\system32\acctresav.dll
2007-11-26 06:34 22,016 ----a-w C:\WINDOWS\system32\apcupsbv.dll
2007-11-20 19:45 40,574 ----a-w C:\WINDOWS\cha_111.exe
2007-11-20 19:45 40,574 ----a-w C:\WINDOWS\cad_111.exe
2005-08-18 05:55 6,144 --sha-w C:\Program Files\Thumbs.db
2005-06-19 03:27 40 ----a-w C:\Documents and Settings\ibm\language.dat
2005-04-08 01:40 41 ----a-w C:\Documents and Settings\ibm\Application Data\tvmuknwrd.dll
2005-04-08 01:21 349,684 ----a-w C:\Documents and Settings\ibm\Application Data\tvmknwrd.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4c03732f-43bb-4d80-ba45-66fd05db11df}]
2007-11-27 23:01 22016 --a------ C:\WINDOWS\system32\acctresav.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 01:56 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TrackPointSrv"="tp4mon.exe" [2004-08-04 01:56 82432 C:\WINDOWS\system32\tp4mon.exe]
"vptray"="C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe" [2003-04-26 01:18 90112]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2004-05-08 16:00 98304]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2004-10-09 00:00 180269]
"PRISMSVR.EXE"="C:\WINDOWS\system32\PRISMSVR.exe" [2004-04-13 19:45 290905]
"SansaDispatch"="C:\Program Files\SanDisk\Sansa Updater\SansaDispatch.exe" [2007-05-02 18:00 55368]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
"windowsupdate"="RPCX1sq234.exe" []

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Belkin Wireless Utility.lnk - C:\Program Files\Belkin\Cardbus F5D7010\Wireless Utility\Belkinwcui.exe [2005-08-18 16:09:58]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 00:01:04]

R3 BLKWGN;Belkin Wireless G Notebook Card Service;C:\WINDOWS\system32\DRIVERS\BLKWGN.sys [2005-06-01 20:10]
R3 SndTDriverV32;SndTDriverV32;C:\WINDOWS\system32\drivers\SndTDriverV32.sys [2007-04-03 14:13]
R3 wlanndi5;wlanndi5 NDIS Protocol Driver;C:\WINDOWS\system32\wlanndi5.SYS [2004-04-21 16:51]
S3 LSWPCv4;Wireless-B Notebook Adapter Driver;C:\WINDOWS\system32\DRIVERS\LSRTNDS.SYS [2003-04-14 11:25]
S3 npkycryp;npkycryp;C:\Documents and Settings\ibm\Desktop\service\npkycryp.sys []
S3 WmaCDriverV32;WmaCDriverV32;C:\WINDOWS\system32\drivers\WmaCDriverV32.sys [2007-04-03 14:12]

*Newly Created Service* - PROCEXP90
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-05 13:18:18
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices
windowsupdate = RPCX1sq234.exe?w

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\WINDOWS\System32\NavLogon.dll
.
Completion time: 2008-01-05 13:21:56
ComboFix-quarantined-files.txt 2008-01-05 19:21:02
.
2007-07-08 03:56:05 --- E O F ---



------------------------------------------------------------------------------


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:24:16 PM, on 1/5/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\ibmpmsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\acs.exe
C:\WINDOWS\System32\atievxx.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\tp4mon.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\PRISMSVR.EXE
C:\Program Files\SanDisk\Sansa Updater\SansaDispatch.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Belkin\Cardbus F5D7010\Wireless Utility\Belkinwcui.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
O2 - BHO: (no name) - SOFTWARE - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat

5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: ChangerBHO Class - {4c03732f-43bb-4d80-ba45-66fd05db11df} - C:\WINDOWS\system32\acctresav.dll
O2 - BHO: REALBAR - {4E7BD74F-2B8D-469E-C0FF-FD60B590A87D} - C:\PROGRA~1\COMMON~1\Real\Toolbar\realbar.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O3 - Toolbar: REALBAR - {4E7BD74F-2B8D-469E-C0FF-FD60B590A87D} - C:\PROGRA~1\COMMON~1\Real\Toolbar\realbar.dll
O4 - HKLM\..\Run: [TrackPointSrv] tp4mon.exe
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [PRISMSVR.EXE] "C:\WINDOWS\system32\PRISMSVR.EXE" /APPLY
O4 - HKLM\..\Run: [SansaDispatch] C:\Program Files\SanDisk\Sansa Updater\SansaDispatch.exe
O4 - HKLM\..\RunServices: [windowsupdate] RPCX1sq234.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Belkin Wireless Utility.lnk = C:\Program Files\Belkin\Cardbus F5D7010\Wireless Utility\Belkinwcui.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Sothink SWF Catcher - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program

Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF

Catcher\InternetExplorer.htm
O9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common

Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program

Files\Messenger\msmsgs.exe
O9 - Extra button: Ebates - {6685509E-B47B-4f47-8E16-9A5F3A62F683} - C:\WINDOWS\System32\shdocvw.dll (HKCU)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe
O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
O23 - Service: IBM PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\System32\ibmpmsvc.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation -

C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Sptisrv.exe

--
End of file - 4825 bytes
DJ Kat~
Active Member
 
Posts: 9
Joined: December 30th, 2007, 5:41 am

Re: A log for you~

Unread postby Katana » January 5th, 2008, 6:59 pm

Submit a File For Analysis
We need to have the files below Scanned by Uploading them/it to Virus Total

Please visit Virustotal
Copy/paste the the following file path into the window
C:\WINDOWS\system32\acctresav.dll
Click Submit/Send File
Please post back, to let me know the results.

Please do the same for the following file
C:\WINDOWS\system32\apcupsbv.dll

If Virustotal is too busy please try Jotti

Custom CFScript
  • Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the code box below:

    Code: Select all
    http://malwareremoval.com/forum/viewtopic.php?f=11&t=26468&p=252384#p252384
    Comment:: Katana suspect files
    
    
    Suspect::[4]
    C:\WINDOWS\system32\apcupsbv.dll
    
    File::
    C:\WINDOWS\system32\acctresav.dll
    C:\WINDOWS\cha_111.exe
    C:\WINDOWS\cad_111.exe
    C:\Documents and Settings\ibm\Application Data\tvmuknwrd.dll
    C:\Documents and Settings\ibm\Application Data\tvmknwrd.dll
    Folder::
    Driver::
    npkycryp
    Registry::
    [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4c03732f-43bb-4d80-ba45-66fd05db11df}]
    
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SunJavaUpdateSched"=-
    
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
    "windowsupdate"=-
    

  • Save this as CFScript.txt and place it on your desktop.


    Image


  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
  • When finished, it will produce a log for you. Copy and paste the contents of the log in your next reply.
  • A window will open asking you to ensure you are connected to the internet, this is so a file can be submitted for analysis.
  • Click OK and follow the instructions to submit the file.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.
Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.



Kaspersky Online Scanner .
Your Antivirus and/or Antispyware may give a warning during the scan. This is perfectly normal
Go Here http://www.kaspersky.com/kos/eng/partne ... bscan.html

Read the Requirements and limitations before you click Accept.
Allow the ActiveX download if necessary
Once the database has downloaded, click Next.
Click Scan Settings and change the "Scan using the following antivirus database" from standard to extended and then click OK.
Click on "My Computer" and then put the kettle on!
When the scan has completed, click Save Report As...
Enter a name for the file in the Filename: text box and then click the down arrow to the right of Save as type: and select text file (*.txt)
Click Save - by default the file will be saved to your Desktop, but you can change this if you wish.

Please post both logs in your reply
User avatar
Katana
MRU Teacher Emeritus
 
Posts: 6412
Joined: November 10th, 2006, 5:00 pm
Location: Manchester

Re: A log for you~

Unread postby DJ Kat~ » January 6th, 2008, 4:14 am

Here's the info you've requested, odd thing was I could not submit the file for analysis, because it wasn't found at /C:/ComboFix/CF-Submit.htm.
Should we retry this before I move onto the Kaspersky Online Scanner step?




File acctresav.dll received on 01.06.2008 05:48:36 (CET)
Current status: Loading ... queued waiting scanning finished NOT FOUND STOPPED
Result: 6/32 (18.75%)


Antivirus Version Last Update Result
AhnLab-V3 2008.1.5.11 2008.01.05 -
AntiVir 7.6.0.46 2008.01.04 -
Authentium 4.93.8 2008.01.05 -
Avast 4.7.1098.0 2008.01.05 Win32:Small-ELB
AVG 7.5.0.516 2008.01.05 -
BitDefender 7.2 2008.01.06 -
CAT-QuickHeal 9.00 2008.01.05 -
ClamAV 0.91.2 2008.01.06 -
DrWeb 4.44.0.09170 2008.01.05 -
eSafe 7.0.15.0 2008.01.03 -
eTrust-Vet 31.3.5432 2008.01.04 -
Ewido 4.0 2008.01.05 Downloader.Small.gxc
FileAdvisor 1 2008.01.06 -
Fortinet 3.14.0.0 2008.01.06 -
F-Prot 4.4.2.54 2008.01.05 -
F-Secure 6.70.13030.0 2008.01.05 -
Ikarus T3.1.1.15 2008.01.06 -
Kaspersky 7.0.0.125 2008.01.06 -
McAfee 5200 2008.01.04 AZESearch.dll
Microsoft 1.3109 2008.01.05 -
NOD32v2 2766 2008.01.04 -
Norman 5.80.02 2008.01.04 -
Panda 9.0.0.4 2008.01.05 -
Prevx1 V2 2008.01.06 Generic.Malware
Rising 20.25.52.00 2008.01.05 Trojan.Win32.Mnless.zxl
Sophos 4.24.0 2008.01.05 -
Sunbelt 2.2.907.0 2008.01.05 -
Symantec 10 2008.01.06 Adware.TrustInBar
TheHacker 6.2.9.181 2008.01.05 -
VBA32 3.12.2.5 2008.01.02 -
VirusBuster 4.3.26:9 2008.01.05 -
Webwasher-Gateway 6.6.2 2008.01.04 -
Additional information
File size: 22016 bytes
MD5: 554762edadb86cbf352695933caaf885
SHA1: a9bdb3677221c41ed76fefe2f980a05947beffe5
PEiD: -
Prevx info: http://info.prevx.com/aboutprogramtext. ... 00FC81D3AF










File apcupsbv.dll received on 01.06.2008 05:49:02 (CET)
Current status: Loading ... queued waiting scanning finished NOT FOUND STOPPED
Result: 6/32 (18.75%)


You can wait for web response (automatic reload) or type your email in the form below and click "request" so the system sends you a notification when the scan is finished.
Email:

Antivirus Version Last Update Result
AhnLab-V3 2008.1.5.11 2008.01.05 -
AntiVir 7.6.0.46 2008.01.04 -
Authentium 4.93.8 2008.01.05 -
Avast 4.7.1098.0 2008.01.05 Win32:Small-ELB
AVG 7.5.0.516 2008.01.05 -
BitDefender 7.2 2008.01.06 -
CAT-QuickHeal 9.00 2008.01.05 -
ClamAV 0.91.2 2008.01.06 -
DrWeb 4.44.0.09170 2008.01.05 -
eSafe 7.0.15.0 2008.01.03 -
eTrust-Vet 31.3.5432 2008.01.04 -
Ewido 4.0 2008.01.05 Downloader.Small.gxc
FileAdvisor 1 2008.01.06 -
Fortinet 3.14.0.0 2008.01.06 -
F-Prot 4.4.2.54 2008.01.05 -
F-Secure 6.70.13030.0 2008.01.05 -
Ikarus T3.1.1.15 2008.01.06 -
Kaspersky 7.0.0.125 2008.01.06 -
McAfee 5200 2008.01.04 AZESearch.dll
Microsoft 1.3109 2008.01.05 -
NOD32v2 2766 2008.01.04 -
Norman 5.80.02 2008.01.04 -
Panda 9.0.0.4 2008.01.05 -
Prevx1 V2 2008.01.06 Generic.Malware
Rising 20.25.52.00 2008.01.05 Trojan.Win32.Mnless.zxl
Sophos 4.24.0 2008.01.05 -
Sunbelt 2.2.907.0 2008.01.05 -
Symantec 10 2008.01.06 Adware.TrustInBar
TheHacker 6.2.9.181 2008.01.05 -
VBA32 3.12.2.5 2008.01.02 -
VirusBuster 4.3.26:9 2008.01.05 -
Webwasher-Gateway 6.6.2 2008.01.04 -
Additional information
File size: 22016 bytes
MD5: 554762edadb86cbf352695933caaf885
SHA1: a9bdb3677221c41ed76fefe2f980a05947beffe5
PEiD: -
Prevx info: http://info.prevx.com/aboutprogramtext. ... 00FC81D3AF


















ComboFix 08-01-04.1 - ibm 2008-01-06 1:44:32.2 - NTFSx86
Running from: C:\Documents and Settings\ibm\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\ibm\Desktop\CFScript.txt
* Created a new restore point

FILE
C:\Documents and Settings\ibm\Application Data\tvmknwrd.dll
C:\Documents and Settings\ibm\Application Data\tvmuknwrd.dll
C:\WINDOWS\cad_111.exe
C:\WINDOWS\cha_111.exe
C:\WINDOWS\system32\acctresav.dll
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\ibm\Application Data\tvmknwrd.dll
C:\Documents and Settings\ibm\Application Data\tvmuknwrd.dll
C:\WINDOWS\cad_111.exe
C:\WINDOWS\cha_111.exe
C:\WINDOWS\system32\acctresav.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\npkycryp


((((((((((((((((((((((((( Files Created from 2007-12-06 to 2008-01-06 )))))))))))))))))))))))))))))))
.

2008-01-05 13:08 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2008-01-05 12:31 . 2008-01-05 12:31 <DIR> d-------- C:\WINDOWS\ERUNT
2008-01-04 17:42 . 2008-01-04 17:42 <DIR> d-------- C:\Program Files\Trend Micro
2008-01-02 23:09 . 2008-01-02 23:09 <DIR> d-------- C:\Program Files\Uniblue
2008-01-02 23:09 . 2008-01-02 23:09 <DIR> d-------- C:\Documents and Settings\ibm\Application Data\Uniblue
2007-12-20 19:49 . 2007-12-26 11:22 <DIR> d-------- C:\WINDOWS\.jagex_cache_32
2007-12-12 19:54 . 2007-12-12 19:54 <DIR> d-------- C:\Program Files\BitAccelerator

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-03 04:54 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-01-03 04:54 --------- d-----w C:\Documents and Settings\All Users\Application Data\Ulead Systems
2008-01-03 04:53 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-03 03:53 --------- d-----w C:\Program Files\Netscape
2008-01-03 03:48 --------- d-----w C:\Program Files\mIRC
2008-01-03 03:40 --------- d-----w C:\Program Files\Winamp
2007-12-21 10:33 --------- d-----w C:\Program Files\Java
2007-12-21 08:06 33,816 ----a-w C:\Documents and Settings\ibm\Application Data\GDIPFONTCACHEV1.DAT
2007-12-14 04:30 --------- d-----w C:\Program Files\Extractor
2005-08-18 05:55 6,144 --sha-w C:\Program Files\Thumbs.db
2005-06-19 03:27 40 ----a-w C:\Documents and Settings\ibm\language.dat
.

((((((((((((((((((((((((((((( snapshot@2008-01-05_13.20.20.73 )))))))))))))))))))))))))))))))))))))))))
.
+ 2000-08-31 14:00:00 163,328 ----a-w C:\WINDOWS\erdnt\subs\ERDNT.EXE
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 01:56 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TrackPointSrv"="tp4mon.exe" [2004-08-04 01:56 82432 C:\WINDOWS\system32\tp4mon.exe]
"vptray"="C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe" [2003-04-26 01:18 90112]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2004-05-08 16:00 98304]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2004-10-09 00:00 180269]
"PRISMSVR.EXE"="C:\WINDOWS\system32\PRISMSVR.exe" [2004-04-13 19:45 290905]
"SansaDispatch"="C:\Program Files\SanDisk\Sansa Updater\SansaDispatch.exe" [2007-05-02 18:00 55368]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Belkin Wireless Utility.lnk - C:\Program Files\Belkin\Cardbus F5D7010\Wireless Utility\Belkinwcui.exe [2005-08-18 16:09:58]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 00:01:04]


.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-06 01:55:03
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\WINDOWS\System32\NavLogon.dll
.
Completion time: 2008-01-06 2:01:41 - machine was rebooted
ComboFix-quarantined-files.txt 2008-01-06 08:01:32
ComboFix2.txt 2008-01-05 19:21:58
.
2007-07-08 03:56:05 --- E O F ---
DJ Kat~
Active Member
 
Posts: 9
Joined: December 30th, 2007, 5:41 am

Re: A log for you~

Unread postby Katana » January 6th, 2008, 9:53 am

It doesn't matter about submitting that file, the online scanner identified it.

Please continue with the Kaspersky scan.
User avatar
Katana
MRU Teacher Emeritus
 
Posts: 6412
Joined: November 10th, 2006, 5:00 pm
Location: Manchester

Re: A log for you~

Unread postby DJ Kat~ » January 6th, 2008, 3:52 pm

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Sunday, January 06, 2008 12:53:16 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 6/01/2008
Kaspersky Anti-Virus database records: 503089
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\
E:\

Scan Statistics:
Total number of scanned objects: 53335
Number of viruses found: 14
Number of infected objects: 130
Number of suspicious objects: 0
Duration of the scan process: 02:14:01

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Prism\a00aac8c Object is locked skipped
C:\Documents and Settings\ibm\Application Data\Mozilla\Firefox\Profiles\cdie3gyv.Kat\cert8.db Object is locked skipped
C:\Documents and Settings\ibm\Application Data\Mozilla\Firefox\Profiles\cdie3gyv.Kat\history.dat Object is locked skipped
C:\Documents and Settings\ibm\Application Data\Mozilla\Firefox\Profiles\cdie3gyv.Kat\key3.db Object is locked skipped
C:\Documents and Settings\ibm\Application Data\Mozilla\Firefox\Profiles\cdie3gyv.Kat\parent.lock Object is locked skipped
C:\Documents and Settings\ibm\Application Data\Mozilla\Firefox\Profiles\cdie3gyv.Kat\search.sqlite Object is locked skipped
C:\Documents and Settings\ibm\Application Data\Mozilla\Firefox\Profiles\cdie3gyv.Kat\urlclassifier2.sqlite Object is locked skipped
C:\Documents and Settings\ibm\Application Data\Sun\Java\Deployment\cache\6.0\29\775d249d-308e0b83/vmain.class Infected: Exploit.Java.Gimsh.b skipped
C:\Documents and Settings\ibm\Application Data\Sun\Java\Deployment\cache\6.0\29\775d249d-308e0b83 ZIP: infected - 1 skipped
C:\Documents and Settings\ibm\Application Data\Sun\Java\Deployment\cache\6.0\49\49820371-72d7b506/vmain.class Infected: Exploit.Java.Gimsh.b skipped
C:\Documents and Settings\ibm\Application Data\Sun\Java\Deployment\cache\6.0\49\49820371-72d7b506 ZIP: infected - 1 skipped
C:\Documents and Settings\ibm\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jvmimpro.jar-1181d259-7fae2e11.zip/vmain.class Infected: Exploit.Java.Gimsh.b skipped
C:\Documents and Settings\ibm\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jvmimpro.jar-1181d259-7fae2e11.zip ZIP: infected - 1 skipped
C:\Documents and Settings\ibm\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jvmimpro.jar-5efd1945-26417037.zip/vmain.class Infected: Exploit.Java.Gimsh.b skipped
C:\Documents and Settings\ibm\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jvmimpro.jar-5efd1945-26417037.zip ZIP: infected - 1 skipped
C:\Documents and Settings\ibm\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\ibm\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\ibm\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\ibm\Local Settings\Application Data\Mozilla\Firefox\Profiles\cdie3gyv.Kat\Cache\_CACHE_001_ Object is locked skipped
C:\Documents and Settings\ibm\Local Settings\Application Data\Mozilla\Firefox\Profiles\cdie3gyv.Kat\Cache\_CACHE_002_ Object is locked skipped
C:\Documents and Settings\ibm\Local Settings\Application Data\Mozilla\Firefox\Profiles\cdie3gyv.Kat\Cache\_CACHE_003_ Object is locked skipped
C:\Documents and Settings\ibm\Local Settings\Application Data\Mozilla\Firefox\Profiles\cdie3gyv.Kat\Cache\_CACHE_MAP_ Object is locked skipped
C:\Documents and Settings\ibm\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\ibm\Local Settings\Temp\hsperfdata_ibm\2636 Object is locked skipped
C:\Documents and Settings\ibm\Local Settings\Temp\~DF88A4.tmp Object is locked skipped
C:\Documents and Settings\ibm\Local Settings\Temp\~DF88B6.tmp Object is locked skipped
C:\Documents and Settings\ibm\Local Settings\Temp\~DFCFD4.tmp Object is locked skipped
C:\Documents and Settings\ibm\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\ibm\ntuser.dat Object is locked skipped
C:\Documents and Settings\ibm\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Program Files\3f0fniic\0sb15oo7.DLL Infected: not-a-virus:AdWare.Win32.ClearSearch.t skipped
C:\Program Files\3f0fniic\28449240.exe Infected: not-a-virus:AdWare.Win32.ClearSearch.av skipped
C:\Program Files\3f0fniic\76tyofeg.DLL Infected: not-a-virus:AdWare.Win32.ClearSearch.al skipped
C:\Program Files\3f0fniic\7ej48xgl.DLL Infected: not-a-virus:AdWare.Win32.ClearSearch.w skipped
C:\Program Files\3f0fniic\il1uj378.DLL Infected: not-a-virus:AdWare.Win32.ClearSearch.al skipped
C:\Program Files\3f0fniic\lxelx3uu.DLL Infected: not-a-virus:AdWare.Win32.ClearSearch.al skipped
C:\Program Files\3f0fniic\tv3e4irm.DLL Infected: not-a-virus:AdWare.Win32.ClearSearch.al skipped
C:\Program Files\BitAccelerator\BitAccelerator.dll Infected: not-a-virus:AdWare.Win32.BHO.ic skipped
C:\Program Files\BitAccelerator\BitAccelerator.exe Infected: not-a-virus:AdWare.Win32.BHO.cc skipped
C:\Program Files\MyWay\myBar\1.bin\MYBAR.DLL Infected: not-a-virus:AdWare.Win32.MyWay.m skipped
C:\QooBox\Quarantine\C\WINDOWS\se_spoof.dll.vir Infected: Trojan-Downloader.Win32.Small.ddp skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{F5920F88-9D5A-460B-AB9C-B5DFFE7B7C33}\RP602\A0827163.exe Infected: Trojan-Downloader.Win32.Small.ddp skipped
C:\System Volume Information\_restore{F5920F88-9D5A-460B-AB9C-B5DFFE7B7C33}\RP602\A0827164.exe Infected: Trojan-Downloader.Win32.Small.ddp skipped
C:\System Volume Information\_restore{F5920F88-9D5A-460B-AB9C-B5DFFE7B7C33}\RP603\A0828163.exe Infected: Trojan-Downloader.Win32.Small.ddp skipped
C:\System Volume Information\_restore{F5920F88-9D5A-460B-AB9C-B5DFFE7B7C33}\RP603\A0828164.exe Infected: Trojan-Downloader.Win32.Small.ddp skipped
C:\System Volume Information\_restore{F5920F88-9D5A-460B-AB9C-B5DFFE7B7C33}\RP603\A0830165.exe Infected: Trojan-Downloader.Win32.Small.ddp skipped
C:\System Volume Information\_restore{F5920F88-9D5A-460B-AB9C-B5DFFE7B7C33}\RP603\A0830166.exe Infected: Trojan-Downloader.Win32.Small.ddp skipped
C:\System Volume Information\_restore{F5920F88-9D5A-460B-AB9C-B5DFFE7B7C33}\RP607\A0850166.exe Infected: Trojan-Downloader.Win32.Small.ddp skipped
C:\System Volume Information\_restore{F5920F88-9D5A-460B-AB9C-B5DFFE7B7C33}\RP607\A0850167.exe Infected: Trojan-Downloader.Win32.Small.ddp skipped
C:\System Volume Information\_restore{F5920F88-9D5A-460B-AB9C-B5DFFE7B7C33}\RP611\A0864180.exe Infected: Trojan-Downloader.Win32.Small.ddp skipped
C:\System Volume Information\_restore{F5920F88-9D5A-460B-AB9C-B5DFFE7B7C33}\RP611\A0864181.exe Infected: Trojan-Downloader.Win32.Small.ddp skipped
C:\System Volume Information\_restore{F5920F88-9D5A-460B-AB9C-B5DFFE7B7C33}\RP612\A0870163.exe Infected: Trojan-Downloader.Win32.Small.ddp skipped
C:\System Volume Information\_restore{F5920F88-9D5A-460B-AB9C-B5DFFE7B7C33}\RP612\A0870164.exe Infected: Trojan-Downloader.Win32.Small.ddp skipped
C:\System Volume Information\_restore{F5920F88-9D5A-460B-AB9C-B5DFFE7B7C33}\RP614\A0876196.exe/stream/data0006 Infected: not-a-virus:Client-IRC.Win32.mIRC.62 skipped
C:\System Volume Information\_restore{F5920F88-9D5A-460B-AB9C-B5DFFE7B7C33}\RP614\A0876196.exe/stream Infected: not-a-virus:Client-IRC.Win32.mIRC.62 skipped
C:\System Volume Information\_restore{F5920F88-9D5A-460B-AB9C-B5DFFE7B7C33}\RP614\A0876196.exe NSIS: infected - 2 skipped
C:\System Volume Information\_restore{F5920F88-9D5A-460B-AB9C-B5DFFE7B7C33}\RP618\A0890175.exe Infected: Trojan-Downloader.Win32.Small.ddp skipped
C:\System Volume Information\_restore{F5920F88-9D5A-460B-AB9C-B5DFFE7B7C33}\RP618\A0890176.exe Infected: Trojan-Downloader.Win32.Small.ddp skipped
C:\System Volume Information\_restore{F5920F88-9D5A-460B-AB9C-B5DFFE7B7C33}\RP624\A0906166.exe/data0005 Infected: not-a-virus:AdWare.Win32.BHO.ic skipped
C:\System Volume Information\_restore{F5920F88-9D5A-460B-AB9C-B5DFFE7B7C33}\RP624\A0906166.exe/data0006 Infected: not-a-virus:AdWare.Win32.BHO.cc skipped
C:\System Volume Information\_restore{F5920F88-9D5A-460B-AB9C-B5DFFE7B7C33}\RP624\A0906166.exe NSIS: infected - 2 skipped
C:\System Volume Information\_restore{F5920F88-9D5A-460B-AB9C-B5DFFE7B7C33}\RP636\A0932226.dll Infected: Trojan-Downloader.Win32.Small.ddp skipped
C:\System Volume Information\_restore{F5920F88-9D5A-460B-AB9C-B5DFFE7B7C33}\RP636\A0932227.dll Infected: Trojan-Downloader.Win32.Small.ddp skipped
C:\System Volume Information\_restore{F5920F88-9D5A-460B-AB9C-B5DFFE7B7C33}\RP636\A0932228.dll Infected: Trojan-Downloader.Win32.Small.ddp skipped
C:\System Volume Information\_restore{F5920F88-9D5A-460B-AB9C-B5DFFE7B7C33}\RP636\A0932229.dll Infected: Trojan-Downloader.Win32.Small.ddp skipped
C:\System Volume Information\_restore{F5920F88-9D5A-460B-AB9C-B5DFFE7B7C33}\RP636\A0932230.dll Infected: Trojan-Downloader.Win32.Small.ddp skipped
C:\System Volume Information\_restore{F5920F88-9D5A-460B-AB9C-B5DFFE7B7C33}\RP636\A0932231.dll Infected: Trojan-Downloader.Win32.Small.ddp skipped
C:\System Volume Information\_restore{F5920F88-9D5A-460B-AB9C-B5DFFE7B7C33}\RP636\A0932232.dll Infected: Trojan-Downloader.Win32.Small.ddp skipped
C:\System Volume Information\_restore{F5920F88-9D5A-460B-AB9C-B5DFFE7B7C33}\RP636\A0932233.dll Infected: Trojan-Downloader.Win32.Small.ddp skipped
C:\System Volume Information\_restore{F5920F88-9D5A-460B-AB9C-B5DFFE7B7C33}\RP636\A0932234.dll Infected: Trojan-Downloader.Win32.Small.ddp skipped
C:\System Volume Information\_restore{F5920F88-9D5A-460B-AB9C-B5DFFE7B7C33}\RP636\A0932235.dll Infected: Trojan-Downloader.Win32.Small.ddp skipped
C:\System Volume Information\_restore{F5920F88-9D5A-460B-AB9C-B5DFFE7B7C33}\RP636\A0932236.dll Infected: Trojan-Downloader.Win32.Small.ddp skipped
C:\System Volume Information\_restore{F5920F88-9D5A-460B-AB9C-B5DFFE7B7C33}\RP636\A0932237.dll Infected: Trojan-Downloader.Win32.Small.ddp skipped
C:\System Volume Information\_restore{F5920F88-9D5A-460B-AB9C-B5DFFE7B7C33}\RP636\A0932238.dll Infected: Trojan-Downloader.Win32.Small.ddp skipped
C:\System Volume Information\_restore{F5920F88-9D5A-460B-AB9C-B5DFFE7B7C33}\RP636\A0932239.dll Infected: Trojan-Downloader.Win32.Small.ddp skipped
C:\System Volume Information\_restore{F5920F88-9D5A-460B-AB9C-B5DFFE7B7C33}\RP636\A0932240.dll Infected: Trojan-Downloader.Win32.Small.ddp skipped
C:\System Volume Information\_restore{F5920F88-9D5A-460B-AB9C-B5DFFE7B7C33}\RP636\A0932241.dll Infected: Trojan-Downloader.Win32.Small.ddp skipped
C:\System Volume Information\_restore{F5920F88-9D5A-460B-AB9C-B5DFFE7B7C33}\RP636\A0932242.dll Infected: Trojan-Downloader.Win32.Small.ddp skipped
C:\System Volume Information\_restore{F5920F88-9D5A-460B-AB9C-B5DFFE7B7C33}\RP636\A0932243.dll Infected: Trojan-Downloader.Win32.Small.ddp skipped
C:\System Volume Information\_restore{F5920F88-9D5A-460B-AB9C-B5DFFE7B7C33}\RP636\A0932244.dll Infected: Trojan-Downloader.Win32.Small.ddp skipped
C:\System Volume Information\_restore{F5920F88-9D5A-460B-AB9C-B5DFFE7B7C33}\RP636\A0932245.dll Infected: Trojan-Downloader.Win32.Small.ddp skipped
C:\System Volume Information\_restore{F5920F88-9D5A-460B-AB9C-B5DFFE7B7C33}\RP636\A0932246.dll Infected: Trojan-Downloader.Win32.Small.ddp skipped
C:\System Volume Information\_restore{F5920F88-9D5A-460B-AB9C-B5DFFE7B7C33}\RP636\A0932247.dll Infected: Trojan-Downloader.Win32.Small.ddp skipped
C:\System Volume Information\_restore{F5920F88-9D5A-460B-AB9C-B5DFFE7B7C33}\RP636\A0932248.dll Infected: Trojan-Downloader.Win32.Small.ddp skipped
C:\System Volume Information\_restore{F5920F88-9D5A-460B-AB9C-B5DFFE7B7C33}\RP636\A0932249.dll Infected: Trojan-Downloader.Win32.Small.ddp skipped
C:\System Volume Information\_restore{F5920F88-9D5A-460B-AB9C-B5DFFE7B7C33}\RP636\A0932250.dll Infected: Trojan-Downloader.Win32.Small.ddp skipped
C:\System Volume Information\_restore{F5920F88-9D5A-460B-AB9C-B5DFFE7B7C33}\RP636\A0932251.dll Infected: Trojan-Downloader.Win32.Small.ddp skipped
C:\System Volume Information\_restore{F5920F88-9D5A-460B-AB9C-B5DFFE7B7C33}\RP636\A0932252.dll Infected: Trojan-Downloader.Win32.Small.ddp skipped
C:\System Volume Information\_restore{F5920F88-9D5A-460B-AB9C-B5DFFE7B7C33}\RP636\A0932253.dll Infected: Trojan-Downloader.Win32.Small.ddp skipped
C:\System Volume Information\_restore{F5920F88-9D5A-460B-AB9C-B5DFFE7B7C33}\RP636\A0932254.dll Infected: Trojan-Downloader.Win32.Small.ddp skipped
C:\System Volume Information\_restore{F5920F88-9D5A-460B-AB9C-B5DFFE7B7C33}\RP636\A0932255.dll Infected: Trojan-Downloader.Win32.Small.ddp skipped
C:\System Volume Information\_restore{F5920F88-9D5A-460B-AB9C-B5DFFE7B7C33}\RP636\A0932256.dll Infected: Trojan-Downloader.Win32.Small.ddp skipped
C:\System Volume Information\_restore{F5920F88-9D5A-460B-AB9C-B5DFFE7B7C33}\RP636\A0932257.dll Infected: Trojan-Downloader.Win32.Small.ddp skipped
C:\System Volume Information\_restore{F5920F88-9D5A-460B-AB9C-B5DFFE7B7C33}\RP636\A0932258.dll Infected: Trojan-Downloader.Win32.Small.ddp skipped
C:\System Volume Information\_restore{F5920F88-9D5A-460B-AB9C-B5DFFE7B7C33}\RP636\A0932259.dll Infected: Trojan-Downloader.Win32.Small.ddp skipped
C:\System Volume Information\_restore{F5920F88-9D5A-460B-AB9C-B5DFFE7B7C33}\RP636\A0932260.dll Infected: Trojan-Downloader.Win32.Small.ddp skipped
C:\System Volume Information\_restore{F5920F88-9D5A-460B-AB9C-B5DFFE7B7C33}\RP636\A0932261.dll Infected: Trojan-Downloader.Win32.Small.ddp skipped
C:\System Volume Information\_restore{F5920F88-9D5A-460B-AB9C-B5DFFE7B7C33}\RP636\A0932262.dll Infected: Trojan-Downloader.Win32.Small.ddp skipped
C:\System Volume Information\_restore{F5920F88-9D5A-460B-AB9C-B5DFFE7B7C33}\RP636\A0932263.dll Infected: Trojan-Downloader.Win32.Small.ddp skipped
C:\System Volume Information\_restore{F5920F88-9D5A-460B-AB9C-B5DFFE7B7C33}\RP636\A0932264.dll Infected: Trojan-Downloader.Win32.Small.ddp skipped
C:\System Volume Information\_restore{F5920F88-9D5A-460B-AB9C-B5DFFE7B7C33}\RP636\A0932265.dll Infected: Trojan-Downloader.Win32.Small.ddp skipped
C:\System Volume Information\_restore{F5920F88-9D5A-460B-AB9C-B5DFFE7B7C33}\RP636\A0932266.dll Infected: Trojan-Downloader.Win32.Small.ddp skipped
C:\System Volume Information\_restore{F5920F88-9D5A-460B-AB9C-B5DFFE7B7C33}\RP636\A0932267.dll Infected: Trojan-Downloader.Win32.Small.ddp skipped
C:\System Volume Information\_restore{F5920F88-9D5A-460B-AB9C-B5DFFE7B7C33}\RP636\A0932268.dll Infected: Trojan-Downloader.Win32.Small.ddp skipped
C:\System Volume Information\_restore{F5920F88-9D5A-460B-AB9C-B5DFFE7B7C33}\RP636\A0932269.dll Infected: Trojan-Downloader.Win32.Small.ddp skipped
C:\System Volume Information\_restore{F5920F88-9D5A-460B-AB9C-B5DFFE7B7C33}\RP636\A0932270.dll Infected: Trojan-Downloader.Win32.Small.ddp skipped
C:\System Volume Information\_restore{F5920F88-9D5A-460B-AB9C-B5DFFE7B7C33}\RP636\A0932271.dll Infected: Trojan-Downloader.Win32.Small.ddp skipped
C:\System Volume Information\_restore{F5920F88-9D5A-460B-AB9C-B5DFFE7B7C33}\RP636\A0932272.dll Infected: Trojan-Downloader.Win32.Small.ddp skipped
C:\System Volume Information\_restore{F5920F88-9D5A-460B-AB9C-B5DFFE7B7C33}\RP636\A0932273.dll Infected: Trojan-Downloader.Win32.Small.ddp skipped
C:\System Volume Information\_restore{F5920F88-9D5A-460B-AB9C-B5DFFE7B7C33}\RP636\A0932274.dll Infected: Trojan-Downloader.Win32.Small.ddp skipped
C:\System Volume Information\_restore{F5920F88-9D5A-460B-AB9C-B5DFFE7B7C33}\RP636\A0932275.dll Infected: Trojan-Downloader.Win32.Small.ddp skipped
C:\System Volume Information\_restore{F5920F88-9D5A-460B-AB9C-B5DFFE7B7C33}\RP636\A0932276.dll Infected: Trojan-Downloader.Win32.Small.ddp skipped
C:\System Volume Information\_restore{F5920F88-9D5A-460B-AB9C-B5DFFE7B7C33}\RP636\A0932277.dll Infected: Trojan-Downloader.Win32.Small.ddp skipped
C:\System Volume Information\_restore{F5920F88-9D5A-460B-AB9C-B5DFFE7B7C33}\RP636\A0932278.dll Infected: Trojan-Downloader.Win32.Small.ddp skipped
C:\System Volume Information\_restore{F5920F88-9D5A-460B-AB9C-B5DFFE7B7C33}\RP636\A0932279.dll Infected: Trojan-Downloader.Win32.Small.ddp skipped
C:\System Volume Information\_restore{F5920F88-9D5A-460B-AB9C-B5DFFE7B7C33}\RP636\A0932280.dll Infected: Trojan-Downloader.Win32.Small.ddp skipped
C:\System Volume Information\_restore{F5920F88-9D5A-460B-AB9C-B5DFFE7B7C33}\RP636\A0932281.dll Infected: Trojan-Downloader.Win32.Small.ddp skipped
C:\System Volume Information\_restore{F5920F88-9D5A-460B-AB9C-B5DFFE7B7C33}\RP636\A0932282.dll Infected: Trojan-Downloader.Win32.Small.ddp skipped
C:\System Volume Information\_restore{F5920F88-9D5A-460B-AB9C-B5DFFE7B7C33}\RP636\A0932283.dll Infected: Trojan-Downloader.Win32.Small.ddp skipped
C:\System Volume Information\_restore{F5920F88-9D5A-460B-AB9C-B5DFFE7B7C33}\RP636\A0932284.dll Infected: Trojan-Downloader.Win32.Small.ddp skipped
C:\System Volume Information\_restore{F5920F88-9D5A-460B-AB9C-B5DFFE7B7C33}\RP636\A0932285.dll Infected: Trojan-Downloader.Win32.Small.ddp skipped
C:\System Volume Information\_restore{F5920F88-9D5A-460B-AB9C-B5DFFE7B7C33}\RP636\A0932286.dll Infected: Trojan-Downloader.Win32.Small.ddp skipped
C:\System Volume Information\_restore{F5920F88-9D5A-460B-AB9C-B5DFFE7B7C33}\RP636\A0932287.dll Infected: Trojan-Downloader.Win32.Small.ddp skipped
C:\System Volume Information\_restore{F5920F88-9D5A-460B-AB9C-B5DFFE7B7C33}\RP636\A0932288.dll Infected: Trojan-Downloader.Win32.Small.ddp skipped
C:\System Volume Information\_restore{F5920F88-9D5A-460B-AB9C-B5DFFE7B7C33}\RP636\A0932289.dll Infected: Trojan-Downloader.Win32.Small.ddp skipped
C:\System Volume Information\_restore{F5920F88-9D5A-460B-AB9C-B5DFFE7B7C33}\RP636\A0932290.dll Infected: Trojan-Downloader.Win32.Small.ddp skipped
C:\System Volume Information\_restore{F5920F88-9D5A-460B-AB9C-B5DFFE7B7C33}\RP636\A0932291.dll Infected: Trojan-Downloader.Win32.Small.ddp skipped
C:\System Volume Information\_restore{F5920F88-9D5A-460B-AB9C-B5DFFE7B7C33}\RP636\A0932292.dll Infected: Trojan-Downloader.Win32.Small.ddp skipped
C:\System Volume Information\_restore{F5920F88-9D5A-460B-AB9C-B5DFFE7B7C33}\RP636\A0932293.dll Infected: Trojan-Downloader.Win32.Small.ddp skipped
C:\System Volume Information\_restore{F5920F88-9D5A-460B-AB9C-B5DFFE7B7C33}\RP636\A0932294.dll Infected: Trojan-Downloader.Win32.Small.ddp skipped
C:\System Volume Information\_restore{F5920F88-9D5A-460B-AB9C-B5DFFE7B7C33}\RP636\A0932295.dll Infected: Trojan-Downloader.Win32.Small.ddp skipped
C:\System Volume Information\_restore{F5920F88-9D5A-460B-AB9C-B5DFFE7B7C33}\RP636\A0932296.dll Infected: Trojan-Downloader.Win32.Small.ddp skipped
C:\System Volume Information\_restore{F5920F88-9D5A-460B-AB9C-B5DFFE7B7C33}\RP636\A0932297.dll Infected: Trojan-Downloader.Win32.Small.ddp skipped
C:\System Volume Information\_restore{F5920F88-9D5A-460B-AB9C-B5DFFE7B7C33}\RP636\A0932298.dll Infected: Trojan-Downloader.Win32.Small.ddp skipped
C:\System Volume Information\_restore{F5920F88-9D5A-460B-AB9C-B5DFFE7B7C33}\RP636\A0932299.dll Infected: Trojan-Downloader.Win32.Small.ddp skipped
C:\System Volume Information\_restore{F5920F88-9D5A-460B-AB9C-B5DFFE7B7C33}\RP636\A0932300.dll Infected: Trojan-Downloader.Win32.Small.ddp skipped
C:\System Volume Information\_restore{F5920F88-9D5A-460B-AB9C-B5DFFE7B7C33}\RP636\A0932301.dll Infected: Trojan-Downloader.Win32.Small.ddp skipped
C:\System Volume Information\_restore{F5920F88-9D5A-460B-AB9C-B5DFFE7B7C33}\RP636\A0932302.dll Infected: Trojan-Downloader.Win32.Small.ddp skipped
C:\System Volume Information\_restore{F5920F88-9D5A-460B-AB9C-B5DFFE7B7C33}\RP636\A0932303.dll Infected: Trojan-Downloader.Win32.Small.ddp skipped
C:\System Volume Information\_restore{F5920F88-9D5A-460B-AB9C-B5DFFE7B7C33}\RP636\A0932304.dll Infected: Trojan-Downloader.Win32.Small.ddp skipped
C:\System Volume Information\_restore{F5920F88-9D5A-460B-AB9C-B5DFFE7B7C33}\RP636\A0932305.dll Infected: Trojan-Downloader.Win32.Small.ddp skipped
C:\System Volume Information\_restore{F5920F88-9D5A-460B-AB9C-B5DFFE7B7C33}\RP636\A0932306.dll Infected: Trojan-Downloader.Win32.Small.ddp skipped
C:\System Volume Information\_restore{F5920F88-9D5A-460B-AB9C-B5DFFE7B7C33}\RP636\A0932307.dll Infected: Trojan-Downloader.Win32.Small.ddp skipped
C:\System Volume Information\_restore{F5920F88-9D5A-460B-AB9C-B5DFFE7B7C33}\RP636\A0932308.dll Infected: Trojan-Downloader.Win32.Small.ddp skipped
C:\System Volume Information\_restore{F5920F88-9D5A-460B-AB9C-B5DFFE7B7C33}\RP636\A0932309.dll Infected: Trojan-Downloader.Win32.Small.ddp skipped
C:\System Volume Information\_restore{F5920F88-9D5A-460B-AB9C-B5DFFE7B7C33}\RP636\A0932310.dll Infected: Trojan-Downloader.Win32.Small.ddp skipped
C:\System Volume Information\_restore{F5920F88-9D5A-460B-AB9C-B5DFFE7B7C33}\RP636\A0932311.dll Infected: Trojan-Downloader.Win32.Small.ddp skipped
C:\System Volume Information\_restore{F5920F88-9D5A-460B-AB9C-B5DFFE7B7C33}\RP638\A0940296.dll Infected: not-a-virus:AdWare.Win32.BHO.kj skipped
C:\System Volume Information\_restore{F5920F88-9D5A-460B-AB9C-B5DFFE7B7C33}\RP638\A0940298.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.621 skipped
C:\System Volume Information\_restore{F5920F88-9D5A-460B-AB9C-B5DFFE7B7C33}\RP638\A0940299.DLL Infected: not-a-virus:AdWare.Win32.MyWay.f skipped
C:\System Volume Information\_restore{F5920F88-9D5A-460B-AB9C-B5DFFE7B7C33}\RP646\A0943374.dll Infected: Trojan-Downloader.Win32.Small.ddp skipped
C:\System Volume Information\_restore{F5920F88-9D5A-460B-AB9C-B5DFFE7B7C33}\RP647\change.log Object is locked skipped
C:\WINDOWS\.file_store_32\runescape\main_file_cache.dat2 Object is locked skipped
C:\WINDOWS\.file_store_32\runescape\main_file_cache.idx0 Object is locked skipped
C:\WINDOWS\.file_store_32\runescape\main_file_cache.idx1 Object is locked skipped
C:\WINDOWS\.file_store_32\runescape\main_file_cache.idx10 Object is locked skipped
C:\WINDOWS\.file_store_32\runescape\main_file_cache.idx11 Object is locked skipped
C:\WINDOWS\.file_store_32\runescape\main_file_cache.idx12 Object is locked skipped
C:\WINDOWS\.file_store_32\runescape\main_file_cache.idx13 Object is locked skipped
C:\WINDOWS\.file_store_32\runescape\main_file_cache.idx14 Object is locked skipped
C:\WINDOWS\.file_store_32\runescape\main_file_cache.idx15 Object is locked skipped
C:\WINDOWS\.file_store_32\runescape\main_file_cache.idx2 Object is locked skipped
C:\WINDOWS\.file_store_32\runescape\main_file_cache.idx255 Object is locked skipped
C:\WINDOWS\.file_store_32\runescape\main_file_cache.idx3 Object is locked skipped
C:\WINDOWS\.file_store_32\runescape\main_file_cache.idx4 Object is locked skipped
C:\WINDOWS\.file_store_32\runescape\main_file_cache.idx5 Object is locked skipped
C:\WINDOWS\.file_store_32\runescape\main_file_cache.idx6 Object is locked skipped
C:\WINDOWS\.file_store_32\runescape\main_file_cache.idx7 Object is locked skipped
C:\WINDOWS\.file_store_32\runescape\main_file_cache.idx8 Object is locked skipped
C:\WINDOWS\.file_store_32\runescape\main_file_cache.idx9 Object is locked skipped
C:\WINDOWS\.jagex_cache_32\random.dat Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\system32\biR.exe Infected: Trojan-Dropper.Win32.Agent.og skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edbtmp.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\LogFiles\WUDF\WUDFTrace.etl Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped

Scan process completed.
DJ Kat~
Active Member
 
Posts: 9
Joined: December 30th, 2007, 5:41 am

Re: A log for you~

Unread postby Katana » January 6th, 2008, 4:21 pm

Custom CFScript
  • Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the code box below:

    Code: Select all
    File::
    C:\WINDOWS\system32\apcupsbv.dll
    C:\Program Files\BitAccelerator\BitAccelerator.dll
    C:\Program Files\BitAccelerator\BitAccelerator.exe
    C:\WINDOWS\system32\biR.exe
    Folder::
    C:\Program Files\MyWay
    C:\Documents and Settings\ibm\Application Data\Sun\Java\Deployment\cache\6.0
    C:\Documents and Settings\ibm\Application Data\Sun\Java\Deployment\cache\javapi
    C:\Program Files\3f0fniic
    

  • Save this as CFScript.txt and place it on your desktop.


    Image


  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
  • When finished, it will produce a log for you. Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.
Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.


How are things running now ?
User avatar
Katana
MRU Teacher Emeritus
 
Posts: 6412
Joined: November 10th, 2006, 5:00 pm
Location: Manchester

Re: A log for you~

Unread postby DJ Kat~ » January 6th, 2008, 9:45 pm

Mm, running normally, I guess. Meow~

ComboFix 08-01-04.1 - ibm 2008-01-06 19:18:14.3 - NTFSx86
Running from: C:\Documents and Settings\ibm\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\ibm\Desktop\CFScript.txt
* Created a new restore point

FILE
C:\Program Files\BitAccelerator\BitAccelerator.dll
C:\Program Files\BitAccelerator\BitAccelerator.exe
C:\WINDOWS\system32\apcupsbv.dll
C:\WINDOWS\system32\biR.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\ibm\Application Data\Sun\Java\Deployment\cache\6.0\0\4b3a6a40-2abb6a5b
C:\Documents and Settings\ibm\Application Data\Sun\Java\Deployment\cache\6.0\0\4b3a6a40-2abb6a5b.idx
C:\Documents and Settings\ibm\Application Data\Sun\Java\Deployment\cache\6.0\0\9beac0-13050890
C:\Documents and Settings\ibm\Application Data\Sun\Java\Deployment\cache\6.0\0\9beac0-13050890.idx
C:\Documents and Settings\ibm\Application Data\Sun\Java\Deployment\cache\6.0\0\9beac0-1ea6274d
C:\Documents and Settings\ibm\Application Data\Sun\Java\Deployment\cache\6.0\0\9beac0-1ea6274d.idx
C:\Documents and Settings\ibm\Application Data\Sun\Java\Deployment\cache\6.0\0\9beac0-348b0355
C:\Documents and Settings\ibm\Application Data\Sun\Java\Deployment\cache\6.0\0\9beac0-348b0355.idx
C:\Documents and Settings\ibm\Application Data\Sun\Java\Deployment\cache\6.0\0\9beac0-3a9fe431
C:\Documents and Settings\ibm\Application Data\Sun\Java\Deployment\cache\6.0\0\9beac0-3a9fe431.idx
C:\Documents and Settings\ibm\Application Data\Sun\Java\Deployment\cache\6.0\0\9beac0-55461fa9
C:\Documents and Settings\ibm\Application Data\Sun\Java\Deployment\cache\6.0\0\9beac0-55461fa9.idx
C:\Documents and Settings\ibm\Application Data\Sun\Java\Deployment\cache\6.0\0\f08bd80-7293a01d
C:\Documents and Settings\ibm\Application Data\Sun\Java\Deployment\cache\6.0\0\f08bd80-7293a01d.idx
C:\Documents and Settings\ibm\Application Data\Sun\Java\Deployment\cache\6.0\1\3853c341-2ee58f39
C:\Documents and Settings\ibm\Application Data\Sun\Java\Deployment\cache\6.0\1\3853c341-2ee58f39.idx
C:\Documents and Settings\ibm\Application Data\Sun\Java\Deployment\cache\6.0\1\38abdcc1-6c99801a
C:\Documents and Settings\ibm\Application Data\Sun\Java\Deployment\cache\6.0\1\38abdcc1-6c99801a.idx
C:\Documents and Settings\ibm\Application Data\Sun\Java\Deployment\cache\6.0\1\3a4ecd01-2dd4b77a
C:\Documents and Settings\ibm\Application Data\Sun\Java\Deployment\cache\6.0\1\3a4ecd01-2dd4b77a.idx
C:\Documents and Settings\ibm\Application Data\Sun\Java\Deployment\cache\6.0\1\4759ad01-4fcf32ac
C:\Documents and Settings\ibm\Application Data\Sun\Java\Deployment\cache\6.0\1\4759ad01-4fcf32ac.idx
C:\Documents and Settings\ibm\Application Data\Sun\Java\Deployment\cache\6.0\11\1fd5cacb-4f24c5c9
C:\Documents and Settings\ibm\Application Data\Sun\Java\Deployment\cache\6.0\11\1fd5cacb-4f24c5c9.idx
C:\Documents and Settings\ibm\Application Data\Sun\Java\Deployment\cache\6.0\11\3d5b184b-1d27084d
C:\Documents and Settings\ibm\Application Data\Sun\Java\Deployment\cache\6.0\11\3d5b184b-1d27084d.idx
C:\Documents and Settings\ibm\Application Data\Sun\Java\Deployment\cache\6.0\11\4bc4568b-5ba29b58
C:\Documents and Settings\ibm\Application Data\Sun\Java\Deployment\cache\6.0\11\4bc4568b-5ba29b58.idx
C:\Documents and Settings\ibm\Application Data\Sun\Java\Deployment\cache\6.0\12\42d9274c-571a939e
C:\Documents and Settings\ibm\Application Data\Sun\Java\Deployment\cache\6.0\12\42d9274c-571a939e.idx
C:\Documents and Settings\ibm\Application Data\Sun\Java\Deployment\cache\6.0\12\51b65e4c-2dbd41bd
C:\Documents and Settings\ibm\Application Data\Sun\Java\Deployment\cache\6.0\12\51b65e4c-2dbd41bd.idx
C:\Documents and Settings\ibm\Application Data\Sun\Java\Deployment\cache\6.0\12\6a492b8c-3a01557a
C:\Documents and Settings\ibm\Application Data\Sun\Java\Deployment\cache\6.0\12\6a492b8c-3a01557a.idx
C:\Documents and Settings\ibm\Application Data\Sun\Java\Deployment\cache\6.0\13\5d6653cd-350e899d
C:\Documents and Settings\ibm\Application Data\Sun\Java\Deployment\cache\6.0\13\5d6653cd-350e899d.idx
C:\Documents and Settings\ibm\Application Data\Sun\Java\Deployment\cache\6.0\14\666fbace-6f8cd960
C:\Documents and Settings\ibm\Application Data\Sun\Java\Deployment\cache\6.0\14\666fbace-6f8cd960.idx
C:\Documents and Settings\ibm\Application Data\Sun\Java\Deployment\cache\6.0\15\2afc75cf-5949e857
C:\Documents and Settings\ibm\Application Data\Sun\Java\Deployment\cache\6.0\15\2afc75cf-5949e857.idx
C:\Documents and Settings\ibm\Application Data\Sun\Java\Deployment\cache\6.0\15\3ce9680f-34684576
C:\Documents and Settings\ibm\Application Data\Sun\Java\Deployment\cache\6.0\15\3ce9680f-34684576.idx
C:\Documents and Settings\ibm\Application Data\Sun\Java\Deployment\cache\6.0\16\58e71ad0-5fa8f5d0
C:\Documents and Settings\ibm\Application Data\Sun\Java\Deployment\cache\6.0\16\58e71ad0-5fa8f5d0.idx
C:\Documents and Settings\ibm\Application Data\Sun\Java\Deployment\cache\6.0\16\717a9f90-503fb3c5
C:\Documents and Settings\ibm\Application Data\Sun\Java\Deployment\cache\6.0\16\717a9f90-503fb3c5.idx
C:\Documents and Settings\ibm\Application Data\Sun\Java\Deployment\cache\6.0\17\3a62cad1-400e80da
C:\Documents and Settings\ibm\Application Data\Sun\Java\Deployment\cache\6.0\17\3a62cad1-400e80da.idx
C:\Documents and Settings\ibm\Application Data\Sun\Java\Deployment\cache\6.0\17\62dd3191-45068ea7
C:\Documents and Settings\ibm\Application Data\Sun\Java\Deployment\cache\6.0\17\62dd3191-45068ea7.idx
C:\Documents and Settings\ibm\Application Data\Sun\Java\Deployment\cache\6.0\17\64404d91-19c6ba4c
C:\Documents and Settings\ibm\Application Data\Sun\Java\Deployment\cache\6.0\17\64404d91-19c6ba4c.idx
C:\Documents and Settings\ibm\Application Data\Sun\Java\Deployment\cache\6.0\18\2055e8d2-47384f56
C:\Documents and Settings\ibm\Application Data\Sun\Java\Deployment\cache\6.0\18\2055e8d2-47384f56.idx
C:\Documents and Settings\ibm\Application Data\Sun\Java\Deployment\cache\6.0\2\3991bc2-615d7ee0
C:\Documents and Settings\ibm\Application Data\Sun\Java\Deployment\cache\6.0\2\3991bc2-615d7ee0.idx
C:\Documents and Settings\ibm\Application Data\Sun\Java\Deployment\cache\6.0\2\3a1edb02-3f262a74
C:\Documents and Settings\ibm\Application Data\Sun\Java\Deployment\cache\6.0\2\3a1edb02-3f262a74.idx
C:\Documents and Settings\ibm\Application Data\Sun\Java\Deployment\cache\6.0\2\69cec002-314e7a6a
C:\Documents and Settings\ibm\Application Data\Sun\Java\Deployment\cache\6.0\2\69cec002-314e7a6a.idx
C:\Documents and Settings\ibm\Application Data\Sun\Java\Deployment\cache\6.0\20\2ae43214-6d8e4f7e
C:\Documents and Settings\ibm\Application Data\Sun\Java\Deployment\cache\6.0\20\2ae43214-6d8e4f7e.idx
C:\Documents and Settings\ibm\Application Data\Sun\Java\Deployment\cache\6.0\20\2feeea94-56b208aa
C:\Documents and Settings\ibm\Application Data\Sun\Java\Deployment\cache\6.0\20\2feeea94-56b208aa.idx
C:\Documents and Settings\ibm\Application Data\Sun\Java\Deployment\cache\6.0\20\557ac3d4-40eacdb8
C:\Documents and Settings\ibm\Application Data\Sun\Java\Deployment\cache\6.0\20\557ac3d4-40eacdb8.idx
C:\Documents and Settings\ibm\Application Data\Sun\Java\Deployment\cache\6.0\22\122872d6-7d6ce967
C:\Documents and Settings\ibm\Application Data\Sun\Java\Deployment\cache\6.0\22\122872d6-7d6ce967.idx
C:\Documents and Settings\ibm\Application Data\Sun\Java\Deployment\cache\6.0\22\2274a4d6-491b5066
C:\Documents and Settings\ibm\Application Data\Sun\Java\Deployment\cache\6.0\22\2274a4d6-491b5066.idx
C:\Documents and Settings\ibm\Application Data\Sun\Java\Deployment\cache\6.0\22\58e9fad6-4f9fc592
C:\Documents and Settings\ibm\Application Data\Sun\Java\Deployment\cache\6.0\22\58e9fad6-4f9fc592.idx
C:\Documents and Settings\ibm\Application Data\Sun\Java\Deployment\cache\6.0\22\5fbf90d6-134a7004
C:\Documents and Settings\ibm\Application Data\Sun\Java\Deployment\cache\6.0\22\5fbf90d6-134a7004.idx
C:\Documents and Settings\ibm\Application Data\Sun\Java\Deployment\cache\6.0\23\27b30357-6f901f8a
C:\Documents and Settings\ibm\Application Data\Sun\Java\Deployment\cache\6.0\23\27b30357-6f901f8a.idx
C:\Documents and Settings\ibm\Application Data\Sun\Java\Deployment\cache\6.0\23\5a2a7517-635a6842
C:\Documents and Settings\ibm\Application Data\Sun\Java\Deployment\cache\6.0\23\5a2a7517-635a6842.idx
C:\Documents and Settings\ibm\Application Data\Sun\Java\Deployment\cache\6.0\24\3e776458-165e5f11
C:\Documents and Settings\ibm\Application Data\Sun\Java\Deployment\cache\6.0\24\3e776458-165e5f11.idx
C:\Documents and Settings\ibm\Application Data\Sun\Java\Deployment\cache\6.0\25\1339e659-47264a25
C:\Documents and Settings\ibm\Application Data\Sun\Java\Deployment\cache\6.0\25\1339e659-47264a25.idx
C:\Documents and Settings\ibm\Application Data\Sun\Java\Deployment\cache\6.0\25\522859d9-5b05b7dc
C:\Documents and Settings\ibm\Application Data\Sun\Java\Deployment\cache\6.0\25\522859d9-5b05b7dc.idx
C:\Documents and Settings\ibm\Application Data\Sun\Java\Deployment\cache\6.0\25\7015d0d9-40270182
C:\Documents and Settings\ibm\Application Data\Sun\Java\Deployment\cache\6.0\25\7015d0d9-40270182.idx
C:\Documents and Settings\ibm\Application Data\Sun\Java\Deployment\cache\6.0\25\71148d99-233678ea
C:\Documents and Settings\ibm\Application Data\Sun\Java\Deployment\cache\6.0\25\71148d99-233678ea.idx
C:\Documents and Settings\ibm\Application Data\Sun\Java\Deployment\cache\6.0\26\25455b1a-1ec189d3
C:\Documents and Settings\ibm\Application Data\Sun\Java\Deployment\cache\6.0\26\25455b1a-1ec189d3.idx
C:\Documents and Settings\ibm\Application Data\Sun\Java\Deployment\cache\6.0\26\3646385a-63b9dd11
C:\Documents and Settings\ibm\Application Data\Sun\Java\Deployment\cache\6.0\26\3646385a-63b9dd11.idx
C:\Documents and Settings\ibm\Application Data\Sun\Java\Deployment\cache\6.0\26\4d1d751a-15023f6f
C:\Documents and Settings\ibm\Application Data\Sun\Java\Deployment\cache\6.0\26\4d1d751a-15023f6f.idx
C:\Documents and Settings\ibm\Application Data\Sun\Java\Deployment\cache\6.0\26\568d8eda-14845b5e
C:\Documents and Settings\ibm\Application Data\Sun\Java\Deployment\cache\6.0\26\568d8eda-14845b5e.idx
C:\Documents and Settings\ibm\Application Data\Sun\Java\Deployment\cache\6.0\26\581214da-3f0c6c66
C:\Documents and Settings\ibm\Application Data\Sun\Java\Deployment\cache\6.0\26\581214da-3f0c6c66.idx
C:\Documents and Settings\ibm\Application Data\Sun\Java\Deployment\cache\6.0\27\75af489b-58390af9
C:\Documents and Settings\ibm\Application Data\Sun\Java\Deployment\cache\6.0\27\75af489b-58390af9.idx
C:\Documents and Settings\ibm\Application Data\Sun\Java\Deployment\cache\6.0\28\10c993dc-1164fd26
C:\Documents and Settings\ibm\Application Data\Sun\Java\Deployment\cache\6.0\28\10c993dc-1164fd26.idx
C:\Documents and Settings\ibm\Application Data\Sun\Java\Deployment\cache\6.0\28\65257b5c-37a70d79
C:\Documents and Settings\ibm\Application Data\Sun\Java\Deployment\cache\6.0\28\65257b5c-37a70d79.idx
C:\Documents and Settings\ibm\Application Data\Sun\Java\Deployment\cache\6.0\29\3408691d-66eae447
C:\Documents and Settings\ibm\Application Data\Sun\Java\Deployment\cache\6.0\29\3408691d-66eae447.idx
C:\Documents and Settings\ibm\Application Data\Sun\Java\Deployment\cache\6.0\29\775d249d-308e0b83
C:\Documents and Settings\ibm\Application Data\Sun\Java\Deployment\cache\6.0\29\775d249d-308e0b83.idx
C:\Documents and Settings\ibm\Application Data\Sun\Java\Deployment\cache\6.0\29\7dcdb81d-3051afd8
C:\Documents and Settings\ibm\Application Data\Sun\Java\Deployment\cache\6.0\29\7dcdb81d-3051afd8.idx
C:\Documents and Settings\ibm\Application Data\Sun\Java\Deployment\cache\6.0\29\91915dd-1a73a2a0
C:\Documents and Settings\ibm\Application Data\Sun\Java\Deployment\cache\6.0\29\91915dd-1a73a2a0.idx
C:\Documents and Settings\ibm\Application Data\Sun\Java\Deployment\cache\6.0\3\3d004b83-4bc76940
C:\Documents and Settings\ibm\Application Data\Sun\Java\Deployment\cache\6.0\3\3d004b83-4bc76940.idx
C:\Documents and Settings\ibm\Application Data\Sun\Java\Deployment\cache\6.0\3\4cfa0543-2e02519f
C:\Documents and Settings\ibm\Application Data\Sun\Java\Deployment\cache\6.0\3\4cfa0543-2e02519f.idx
C:\Documents and Settings\ibm\Application Data\Sun\Java\Deployment\cache\6.0\30\5361431e-715aab14
C:\Documents and Settings\ibm\Application Data\Sun\Java\Deployment\cache\6.0\30\5361431e-715aab14.idx
C:\Documents and Settings\ibm\Application Data\Sun\Java\Deployment\cache\6.0\30\6eadef1e-740bb42c
C:\Documents and Settings\ibm\Application Data\Sun\Java\Deployment\cache\6.0\30\6eadef1e-740bb42c.idx
C:\Documents and Settings\ibm\Application Data\Sun\Java\Deployment\cache\6.0\31\1812e15f-3ece5cf6
C:\Documents and Settings\ibm\Application Data\Sun\Java\Deployment\cache\6.0\31\1812e15f-3ece5cf6.idx
C:\Documents and Settings\ibm\Application Data\Sun\Java\Deployment\cache\6.0\31\3742e2df-312af1ac
C:\Documents and Settings\ibm\Application Data\Sun\Java\Deployment\cache\6.0\31\3742e2df-312af1ac.idx
C:\Documents and Settings\ibm\Application Data\Sun\Java\Deployment\cache\6.0\31\5b08e09f-3138994d
C:\Documents and Settings\ibm\Application Data\Sun\Java\Deployment\cache\6.0\31\5b08e09f-3138994d.idx
C:\Documents and Settings\ibm\Application Data\Sun\Java\Deployment\cache\6.0\31\6f9c5adf-7ebcecf9
C:\Documents and Settings\ibm\Application Data\Sun\Java\Deployment\cache\6.0\31\6f9c5adf-7ebcecf9.idx
C:\Documents and Settings\ibm\Application Data\Sun\Java\Deployment\cache\6.0\32\24eb9d20-4860b37f
C:\Documents and Settings\ibm\Application Data\Sun\Java\Deployment\cache\6.0\32\24eb9d20-4860b37f.idx
C:\Documents and Settings\ibm\Application Data\Sun\Java\Deployment\cache\6.0\32\78a19160-6702314f
C:\Documents and Settings\ibm\Application Data\Sun\Java\Deployment\cache\6.0\32\78a19160-6702314f.idx
C:\Documents and Settings\ibm\Application Data\Sun\Java\Deployment\cache\6.0\33\236aaba1-600e489c
C:\Documents and Settings\ibm\Application Data\Sun\Java\Deployment\cache\6.0\33\236aaba1-600e489c.idx
C:\Documents and Settings\ibm\Application Data\Sun\Java\Deployment\cache\6.0\33\2bd07be1-3d4424bc
C:\Documents and Settings\ibm\Application Data\Sun\Java\Deployment\cache\6.0\33\2bd07be1-3d4424bc.idx
C:\Documents and Settings\ibm\Application Data\Sun\Java\Deployment\cache\6.0\33\5f6a47e1-248b1e5d
C:\Documents and Settings\ibm\Application Data\Sun\Java\Deployment\cache\6.0\33\5f6a47e1-248b1e5d.idx
C:\Documents and Settings\ibm\Application Data\Sun\Java\Deployment\cache\6.0\34\6090362-6e06a0df
C:\Documents and Settings\ibm\Application Data\Sun\Java\Deployment\cache\6.0\34\6090362-6e06a0df.idx
C:\Documents and Settings\ibm\Application Data\Sun\Java\Deployment\cache\6.0\34\7f119162-7c38859d
C:\Documents and Settings\ibm\Application Data\Sun\Java\Deployment\cache\6.0\34\7f119162-7c38859d.idx
C:\Documents and Settings\ibm\Application Data\Sun\Java\Deployment\cache\6.0\35\e5cad63-28cc8481
C:\Documents and Settings\ibm\Application Data\Sun\Java\Deployment\cache\6.0\35\e5cad63-28cc8481.idx
C:\Documents and Settings\ibm\Application Data\Sun\Java\Deployment\cache\6.0\36\143123a4-2a0c6415
C:\Documents and Settings\ibm\Application Data\Sun\Java\Deployment\cache\6.0\36\143123a4-2a0c6415.idx
C:\Documents and Settings\ibm\Application Data\Sun\Java\Deployment\cache\6.0\36\68207364-18b1cc28
C:\Documents and Settings\ibm\Application Data\Sun\Java\Deployment\cache\6.0\36\68207364-18b1cc28.idx
C:\Documents and Settings\ibm\Application Data\Sun\Java\Deployment\cache\6.0\37\41c2aea5-5aa5a1c5
C:\Documents and Settings\ibm\Application Data\Sun\Java\Deployment\cache\6.0\37\41c2aea5-5aa5a1c5.idx
C:\Documents and Settings\ibm\Application Data\Sun\Java\Deployment\cache\6.0\37\5d4be865-66e7c380
C:\Documents and Settings\ibm\Application Data\Sun\Java\Deployment\cache\6.0\37\5d4be865-66e7c380.idx
C:\Documents and Settings\ibm\Application Data\Sun\Java\Deployment\cache\6.0\37\76a74865-418dbe6d
C:\Documents and Settings\ibm\Application Data\Sun\Java\Deployment\cache\6.0\37\76a74865-418dbe6d.idx
C:\Documents and Settings\ibm\Application Data\Sun\Java\Deployment\cache\6.0\38\50bc6c66-3309a18d
C:\Documents and Settings\ibm\Application Data\Sun\Java\Deployment\cache\6.0\38\50bc6c66-3309a18d.idx
C:\Documents and Settings\ibm\Application Data\Sun\Java\Deployment\cache\6.0\38\592c8da6-13cb596b
C:\Documents and Settings\ibm\Application Data\Sun\Java\Deployment\cache\6.0\38\592c8da6-13cb596b.idx
C:\Documents and Settings\ibm\Application Data\Sun\Java\Deployment\cache\6.0\38\5a8250e6-4082721d
C:\Documents and Settings\ibm\Application Data\Sun\Java\Deployment\cache\6.0\38\5a8250e6-4082721d.idx
C:\Documents and Settings\ibm\Application Data\Sun\Java\Deployment\cache\6.0\38\65195aa6-613fc623
C:\Documents and Settings\ibm\Application Data\Sun\Java\Deployment\cache\6.0\38\65195aa6-613fc623.idx
C:\Documents and Settings\ibm\Application Data\Sun\Java\Deployment\cache\6.0\38\7f2d48a6-61d3a25c
C:\Documents and Settings\ibm\Application Data\Sun\Java\Deployment\cache\6.0\38\7f2d48a6-61d3a25c.idx
C:\Documents and Settings\ibm\Application Data\Sun\Java\Deployment\cache\6.0\4\51d69884-2b9db1ec
C:\Documents and Settings\ibm\Application Data\Sun\Java\Deployment\cache\6.0\4\51d69884-2b9db1ec.idx
C:\Documents and Settings\ibm\Application Data\Sun\Java\Deployment\cache\6.0\4\597c6584-6dd4d05d
C:\Documents and Settings\ibm\Application Data\Sun\Java\Deployment\cache\6.0\4\597c6584-6dd4d05d.idx
C:\Documents and Settings\ibm\Application Data\Sun\Java\Deployment\cache\6.0\40\337087e8-168d0a07
C:\Documents and Settings\ibm\Application Data\Sun\Java\Deployment\cache\6.0\40\337087e8-168d0a07.idx
C:\Documents and Settings\ibm\Application Data\Sun\Java\Deployment\cache\6.0\40\4c981da8-31ef37d3
C:\Documents and Settings\ibm\Application Data\Sun\Java\Deployment\cache\6.0\40\4c981da8-31ef37d3.idx
C:\Documents and Settings\ibm\Application Data\Sun\Java\Deployment\cache\6.0\40\53036468-58f18939
C:\Documents and Settings\ibm\Application Data\Sun\Java\Deployment\cache\6.0\40\53036468-58f18939.idx
C:\Documents and Settings\ibm\Application Data\Sun\Java\Deployment\cache\6.0\40\5775f468-4d606efe
C:\Documents and Settings\ibm\Application Data\Sun\Java\Deployment\cache\6.0\40\5775f468-4d606efe.idx
C:\Documents and Settings\ibm\Application Data\Sun\Java\Deployment\cache\6.0\41\342c5ea9-2ad0e954
C:\Documents and Settings\ibm\Application Data\Sun\Java\Deployment\cache\6.0\41\342c5ea9-2ad0e954.idx
C:\Documents and Settings\ibm\Application Data\Sun\Java\Deployment\cache\6.0\41\4ee6d7a9-4fa9793c
C:\Documents and Settings\ibm\Application Data\Sun\Java\Deployment\cache\6.0\41\4ee6d7a9-4fa9793c.idx
C:\Documents and Settings\ibm\Application Data\Sun\Java\Deployment\cache\6.0\42\1fff89aa-16b97507
C:\Documents and Settings\ibm\Application Data\Sun\Java\Deployment\cache\6.0\42\1fff89aa-16b97507.idx
C:\Documents and Settings\ibm\Application Data\Sun\Java\Deployment\cache\6.0\42\26e3166a-423cfe4f
C:\Documents and Settings\ibm\Application Data\Sun\Java\Deployment\cache\6.0\42\26e3166a-423cfe4f.idx
C:\Documents and Settings\ibm\Application Data\Sun\Java\Deployment\cache\6.0\42\3313936a-77a32b14
C:\Documents and Settings\ibm\Application Data\Sun\Java\Deployment\cache\6.0\42\3313936a-77a32b14.idx
C:\Documents and Settings\ibm\Application Data\Sun\Java\Deployment\cache\6.0\43\300a00eb-7560f79b
C:\Documents and Settings\ibm\Application Data\Sun\Java\Deployment\cache\6.0\43\300a00eb-7560f79b.idx
C:\Documents and Settings\ibm\Application Data\Sun\Java\Deployment\cache\6.0\43\3681d26b-4758544b
C:\Documents and Settings\ibm\Application Data\Sun\Java\Deployment\cache\6.0\43\3681d26b-4758544b.idx
C:\Documents and Settings\ibm\Application Data\Sun\Java\Deployment\cache\6.0\43\7fff11eb-57aa3fd1
C:\Documents and Settings\ibm\Application Data\Sun\Java\Deployment\cache\6.0\43\7fff11eb-57aa3fd1.idx
C:\Documents and Settings\ibm\Application Data\Sun\Java\Deployment\cache\6.0\44\2b3e90ac-1dc3d888
C:\Documents and Settings\ibm\Application Data\Sun\Java\Deployment\cache\6.0\44\2b3e90ac-1dc3d888.idx
C:\Documents and Settings\ibm\Application Data\Sun\Java\Deployment\cache\6.0\44\69654eec-534505cb
C:\Documents and Settings\ibm\Application Data\Sun\Java\Deployment\cache\6.0\44\69654eec-534505cb.idx
C:\Documents and Settings\ibm\Application Data\Sun\Java\Deployment\cache\6.0\45\1e78706d-582306b5
C:\Documents and Settings\ibm\Application Data\Sun\Java\Deployment\cache\6.0\45\1e78706d-582306b5.idx
C:\Documents and Settings\ibm\Application Data\Sun\Java\Deployment\cache\6.0\46\1cc062ae-1d1869e7
C:\Documents and Settings\ibm\Application Data\Sun\Java\Deployment\cache\6.0\46\1cc062ae-1d1869e7.idx
C:\Documents and Settings\ibm\Application Data\Sun\Java\Deployment\cache\6.0\46\3940c96e-72e07e71
C:\Documents and Settings\ibm\Application Data\Sun\Java\Deployment\cache\6.0\46\3940c96e-72e07e71.idx
C:\Documents and Settings\ibm\Application Data\Sun\Java\Deployment\cache\6.0\46\52ef46ae-6b7e6356
C:\Documents and Settings\ibm\Application Data\Sun\Java\Deployment\cache\6.0\46\52ef46ae-6b7e6356.idx
C:\Documents and Settings\ibm\Application Data\Sun\Java\Deployment\cache\6.0\46\69720a6e-653eae89
C:\Documents and Settings\ibm\Application Data\Sun\Java\Deployment\cache\6.0\46\69720a6e-653eae89.idx
C:\Documents and Settings\ibm\Application Data\Sun\Java\Deployment\cache\6.0\46\6c56106e-794d1851
C:\Documents and Settings\ibm\Application Data\Sun\Java\Deployment\cache\6.0\46\6c56106e-794d1851.idx
C:\Documents and Settings\ibm\Application Data\Sun\Java\Deployment\cache\6.0\46\71c2346e-4d70068f
C:\Documents and Settings\ibm\Application Data\Sun\Java\Deployment\cache\6.0\46\71c2346e-4d70068f.idx
C:\Documents and Settings\ibm\Application Data\Sun\Java\Deployment\cache\6.0\47\9dc412f-587c4b20
C:\Documents and Settings\ibm\Application Data\Sun\Java\Deployment\cache\6.0\47\9dc412f-587c4b20.idx
C:\Documents and Settings\ibm\Application Data\Sun\Java\Deployment\cache\6.0\47\e6c17ef-2f3a66b7
C:\Documents and Settings\ibm\Application Data\Sun\Java\Deployment\cache\6.0\47\e6c17ef-2f3a66b7.idx
C:\Documents and Settings\ibm\Application Data\Sun\Java\Deployment\cache\6.0\47\ec1d2f-21087843
C:\Documents and Settings\ibm\Application Data\Sun\Java\Deployment\cache\6.0\47\ec1d2f-21087843.idx
C:\Documents and Settings\ibm\Application Data\Sun\Java\Deployment\cache\6.0\48\7491c930-4c5def7b
C:\Documents and Settings\ibm\Application Data\Sun\Java\Deployment\cache\6.0\48\7491c930-4c5def7b.idx
C:\Documents and Settings\ibm\Application Data\Sun\Java\Deployment\cache\6.0\48\75e80b0-43c04363
C:\Documents and Settings\ibm\Application Data\Sun\Java\Deployment\cache\6.0\48\75e80b0-43c04363.idx
C:\Documents and Settings\ibm\Application Data\Sun\Java\Deployment\cache\6.0\49\4074f0b1-54836335
C:\Documents and Settings\ibm\Application Data\Sun\Java\Deployment\cache\6.0\49\4074f0b1-54836335.idx
C:\Documents and Settings\ibm\Application Data\Sun\Java\Deployment\cache\6.0\49\49820371-72d7b506
C:\Documents and Settings\ibm\Application Data\Sun\Java\Deployment\cache\6.0\49\49820371-72d7b506.idx
C:\Documents and Settings\ibm\Application Data\Sun\Java\Deployment\cache\6.0\5\22a464c5-65068b71
C:\Documents and Settings\ibm\Application Data\Sun\Java\Deployment\cache\6.0\5\22a464c5-65068b71.idx
C:\Documents and Settings\ibm\Application Data\Sun\Java\Deployment\cache\6.0\5\781dd385-3409ed74
C:\Documents and Settings\ibm\Application Data\Sun\Java\Deployment\cache\6.0\5\781dd385-3409ed74.idx
C:\Documents and Settings\ibm\Application Data\Sun\Java\Deployment\cache\6.0\50\1590c6b2-1df77e97
C:\Documents and Settings\ibm\Application Data\Sun\Java\Deployment\cache\6.0\50\1590c6b2-1df77e97.idx
C:\Documents and Settings\ibm\Application Data\Sun\Java\Deployment\cache\6.0\50\1d3a8eb2-4a53f42f
C:\Documents and Settings\ibm\Application Data\Sun\Java\Deployment\cache\6.0\50\1d3a8eb2-4a53f42f.idx
C:\Documents and Settings\ibm\Application Data\Sun\Java\Deployment\cache\6.0\50\442dd4b2-2479523d
C:\Documents and Settings\ibm\Application Data\Sun\Java\Deployment\cache\6.0\50\442dd4b2-2479523d.idx
C:\Documents and Settings\ibm\Application Data\Sun\Java\Deployment\cache\6.0\51\1f8e9df3-76b444a7
C:\Documents and Settings\ibm\Application Data\Sun\Java\Deployment\cache\6.0\51\1f8e9df3-76b444a7.idx
C:\Documents and Settings\ibm\Application Data\Sun\Java\Deployment\cache\6.0\51\36579f3-31e78de3
C:\Documents and Settings\ibm\Application Data\Sun\Java\Deployment\cache\6.0\51\36579f3-31e78de3.idx
C:\Documents and Settings\ibm\Application Data\Sun\Java\Deployment\cache\6.0\51\5ae67833-5c024468
C:\Documents and Settings\ibm\Application Data\Sun\Java\Deployment\cache\6.0\51\5ae67833-5c024468.idx
C:\Documents and Settings\ibm\Application Data\Sun\Java\Deployment\cache\6.0\52\1635ecf4-7abf9852
C:\Documents and Settings\ibm\Application Data\Sun\Java\Deployment\cache\6.0\52\1635ecf4-7abf9852.idx
C:\Documents and Settings\ibm\Application Data\Sun\Java\Deployment\cache\6.0\52\80f6d34-532fecc4
C:\Documents and Settings\ibm\Application Data\Sun\Java\Deployment\cache\6.0\52\80f6d34-532fecc4.idx
C:\Documents and Settings\ibm\Application Data\Sun\Java\Deployment\cache\6.0\53\246d06b5-16db9942
C:\Documents and Settings\ibm\Application Data\Sun\Java\Deployment\cache\6.0\53\246d06b5-16db9942.idx
C:\Documents and Settings\ibm\Application Data\Sun\Java\Deployment\cache\6.0\53\526de335-50a6f113
C:\Documents and Settings\ibm\Application Data\Sun\Java\Deployment\cache\6.0\53\526de335-50a6f113.idx
C:\Documents and Settings\ibm\Application Data\Sun\Java\Deployment\cache\6.0\53\78c3e735-154bbff0
C:\Documents and Settings\ibm\Application Data\Sun\Java\Deployment\cache\6.0\53\78c3e735-154bbff0.idx
C:\Documents and Settings\ibm\Application Data\Sun\Java\Deployment\cache\6.0\54\12d41036-4d6fa92f
C:\Documents and Settings\ibm\Application Data\Sun\Java\Deployment\cache\6.0\54\12d41036-4d6fa92f.idx
C:\Documents and Settings\ibm\Application Data\Sun\Java\Deployment\cache\6.0\54\428ef336-66088331
C:\Documents and Settings\ibm\Application Data\Sun\Java\Deployment\cache\6.0\54\428ef336-66088331.idx
C:\Documents and Settings\ibm\Application Data\Sun\Java\Deployment\cache\6.0\54\591ef8f6-5db04f97
C:\Documents and Settings\ibm\Application Data\Sun\Java\Deployment\cache\6.0\54\591ef8f6-5db04f97.idx
C:\Documents and Settings\ibm\Application Data\Sun\Java\Deployment\cache\6.0\54\6fa952b6-686dfdc8
C:\Documents and Settings\ibm\Application Data\Sun\Java\Deployment\cache\6.0\54\6fa952b6-686dfdc8.idx
C:\Documents and Settings\ibm\Application Data\Sun\Java\Deployment\cache\6.0\55\2d3c3fb7-662c25a4
C:\Documents and Settings\ibm\Application Data\Sun\Java\Deployment\cache\6.0\55\2d3c3fb7-662c25a4.idx
C:\Documents and Settings\ibm\Application Data\Sun\Java\Deployment\cache\6.0\57\476a9e79-708e80b9
C:\Documents and Settings\ibm\Application Data\Sun\Java\Deployment\cache\6.0\57\476a9e79-708e80b9.idx
C:\Documents and Settings\ibm\Application Data\Sun\Java\Deployment\cache\6.0\57\6c019739-2552ac5b
C:\Documents and Settings\ibm\Application Data\Sun\Java\Deployment\cache\6.0\57\6c019739-2552ac5b.idx
C:\Documents and Settings\ibm\Application Data\Sun\Java\Deployment\cache\6.0\59\33f5c2fb-642de9f2
C:\Documents and Settings\ibm\Application Data\Sun\Java\Deployment\cache\6.0\59\33f5c2fb-642de9f2.idx
C:\Documents and Settings\ibm\Application Data\Sun\Java\Deployment\cache\6.0\59\369bfebb-642d5ed1
C:\Documents and Settings\ibm\Application Data\Sun\Java\Deployment\cache\6.0\59\369bfebb-642d5ed1.idx
C:\Documents and Settings\ibm\Application Data\Sun\Java\Deployment\cache\6.0\59\4fef97b-7b35bf5d
C:\Documents and Settings\ibm\Application Data\Sun\Java\Deployment\cache\6.0\59\4fef97b-7b35bf5d.idx
C:\Documents and Settings\ibm\Application Data\Sun\Java\Deployment\cache\6.0\6\4f7f5c86-1383535f
C:\Documents and Settings\ibm\Application Data\Sun\Java\Deployment\cache\6.0\6\4f7f5c86-1383535f.idx
C:\Documents and Settings\ibm\Application Data\Sun\Java\Deployment\cache\6.0\60\24e851fc-49d93d00
C:\Documents and Settings\ibm\Application Data\Sun\Java\Deployment\cache\6.0\60\24e851fc-49d93d00.idx
C:\Documents and Settings\ibm\Application Data\Sun\Java\Deployment\cache\6.0\61\231c8dfd-6c350d39
C:\Documents and Settings\ibm\Application Data\Sun\Java\Deployment\cache\6.0\61\231c8dfd-6c350d39.idx
C:\Documents and Settings\ibm\Application Data\Sun\Java\Deployment\cache\6.0\61\488b373d-50b35dd8
C:\Documents and Settings\ibm\Application Data\Sun\Java\Deployment\cache\6.0\61\488b373d-50b35dd8.idx
C:\Documents and Settings\ibm\Application Data\Sun\Java\Deployment\cache\6.0\62\518657fe-710fbf02
C:\Documents and Settings\ibm\Application Data\Sun\Java\Deployment\cache\6.0\62\518657fe-710fbf02.idx
C:\Documents and Settings\ibm\Application Data\Sun\Java\Deployment\cache\6.0\62\62811dbe-1da2928f
C:\Documents and Settings\ibm\Application Data\Sun\Java\Deployment\cache\6.0\62\62811dbe-1da2928f.idx
C:\Documents and Settings\ibm\Application Data\Sun\Java\Deployment\cache\6.0\62\63d1e5be-7c8a7891
C:\Documents and Settings\ibm\Application Data\Sun\Java\Deployment\cache\6.0\62\63d1e5be-7c8a7891.idx
C:\Documents and Settings\ibm\Application Data\Sun\Java\Deployment\cache\6.0\62\f86733e-38f22653
C:\Documents and Settings\ibm\Application Data\Sun\Java\Deployment\cache\6.0\62\f86733e-38f22653.idx
C:\Documents and Settings\ibm\Application Data\Sun\Java\Deployment\cache\6.0\63\1973c9bf-1fb13f19
C:\Documents and Settings\ibm\Application Data\Sun\Java\Deployment\cache\6.0\63\1973c9bf-1fb13f19.idx
C:\Documents and Settings\ibm\Application Data\Sun\Java\Deployment\cache\6.0\63\33b303f-6af1ec7b
C:\Documents and Settings\ibm\Application Data\Sun\Java\Deployment\cache\6.0\63\33b303f-6af1ec7b.idx
C:\Documents and Settings\ibm\Application Data\Sun\Java\Deployment\cache\6.0\63\3478787f-64f44977
C:\Documents and Settings\ibm\Application Data\Sun\Java\Deployment\cache\6.0\63\3478787f-64f44977.idx
C:\Documents and Settings\ibm\Application Data\Sun\Java\Deployment\cache\6.0\63\537cabff-7bcb82eb
C:\Documents and Settings\ibm\Application Data\Sun\Java\Deployment\cache\6.0\63\537cabff-7bcb82eb.idx
C:\Documents and Settings\ibm\Application Data\Sun\Java\Deployment\cache\6.0\7\e2df387-5968127b
C:\Documents and Settings\ibm\Application Data\Sun\Java\Deployment\cache\6.0\7\e2df387-5968127b.idx
C:\Documents and Settings\ibm\Application Data\Sun\Java\Deployment\cache\6.0\8\23298308-4df64c5e
C:\Documents and Settings\ibm\Application Data\Sun\Java\Deployment\cache\6.0\8\23298308-4df64c5e.idx
C:\Documents and Settings\ibm\Application Data\Sun\Java\Deployment\cache\6.0\8\3bb60808-28b5319b
C:\Documents and Settings\ibm\Application Data\Sun\Java\Deployment\cache\6.0\8\3bb60808-28b5319b.idx
C:\Documents and Settings\ibm\Application Data\Sun\Java\Deployment\cache\6.0\9\137fdc09-601a7bf4
C:\Documents and Settings\ibm\Application Data\Sun\Java\Deployment\cache\6.0\9\137fdc09-601a7bf4.idx
C:\Documents and Settings\ibm\Application Data\Sun\Java\Deployment\cache\6.0\9\13a6c149-67dac638
C:\Documents and Settings\ibm\Application Data\Sun\Java\Deployment\cache\6.0\9\13a6c149-67dac638.idx
C:\Documents and Settings\ibm\Application Data\Sun\Java\Deployment\cache\6.0\9\20002e49-3f0090f5
C:\Documents and Settings\ibm\Application Data\Sun\Java\Deployment\cache\6.0\9\20002e49-3f0090f5.idx
C:\Documents and Settings\ibm\Application Data\Sun\Java\Deployment\cache\6.0\9\60528bc9-5557e770
C:\Documents and Settings\ibm\Application Data\Sun\Java\Deployment\cache\6.0\9\60528bc9-5557e770.idx
C:\Documents and Settings\ibm\Application Data\Sun\Java\Deployment\cache\6.0\host\11a64fc0-73a244b0.hst
C:\Documents and Settings\ibm\Application Data\Sun\Java\Deployment\cache\6.0\host\238b4f97-1f31b82f.hst
C:\Documents and Settings\ibm\Application Data\Sun\Java\Deployment\cache\6.0\host\2b2d6d94-35516eed.hst
C:\Documents and Settings\ibm\Application Data\Sun\Java\Deployment\cache\6.0\host\361f7de0-58404b02.hst
C:\Documents and Settings\ibm\Application Data\Sun\Java\Deployment\cache\6.0\host\38795277-2dc1a0ad.hst
C:\Documents and Settings\ibm\Application Data\Sun\Java\Deployment\cache\6.0\host\3dfef25d-1e40c9fa.hst
C:\Documents and Settings\ibm\Application Data\Sun\Java\Deployment\cache\6.0\host\523ddd44-1fa684a5.hst
C:\Documents and Settings\ibm\Application Data\Sun\Java\Deployment\cache\6.0\host\53721f76-577d64e3.hst
C:\Documents and Settings\ibm\Application Data\Sun\Java\Deployment\cache\6.0\host\53e0ca6-2e03ef7b.hst
C:\Documents and Settings\ibm\Application Data\Sun\Java\Deployment\cache\6.0\host\64f2ecd3-310a5f40.hst
C:\Documents and Settings\ibm\Application Data\Sun\Java\Deployment\cache\6.0\host\677dfa23-71acab3e.hst
C:\Documents and Settings\ibm\Application Data\Sun\Java\Deployment\cache\6.0\host\67e60179-2de21646.hst
C:\Documents and Settings\ibm\Application Data\Sun\Java\Deployment\cache\6.0\host\6a6bd067-3d167aa4.hst
C:\Documents and Settings\ibm\Application Data\Sun\Java\Deployment\cache\6.0\host\6fe8dda-54f36bf7.hst
C:\Documents and Settings\ibm\Application Data\Sun\Java\Deployment\cache\6.0\host\7048f3f2-4c3b20cf.hst
C:\Documents and Settings\ibm\Application Data\Sun\Java\Deployment\cache\6.0\host\bc8d351-1e876b9e.hst
C:\Documents and Settings\ibm\Application Data\Sun\Java\Deployment\cache\6.0\host\ca22ba0-7c8b3d66.hst
C:\Documents and Settings\ibm\Application Data\Sun\Java\Deployment\cache\6.0\lastAccessed
C:\Documents and Settings\ibm\Application Data\Sun\Java\Deployment\cache\javapi
C:\Documents and Settings\ibm\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\Thumbs.db
C:\Documents and Settings\ibm\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\Counter.zip-da673f0-31b58df7.idx
C:\Documents and Settings\ibm\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\Counter.zip-da673f0-31b58df7.zip
C:\Documents and Settings\ibm\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jangoro.jar-3046a1bb-54b66c03.idx
C:\Documents and Settings\ibm\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jangoro.jar-3046a1bb-54b66c03.zip
C:\Documents and Settings\ibm\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jvmimpro.jar-1181d259-7fae2e11.idx
C:\Documents and Settings\ibm\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jvmimpro.jar-1181d259-7fae2e11.zip
C:\Documents and Settings\ibm\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jvmimpro.jar-5efd1945-26417037.idx
C:\Documents and Settings\ibm\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jvmimpro.jar-5efd1945-26417037.zip
C:\Documents and Settings\ibm\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\quicks.jar-31a48f79-3964ff5e.idx
C:\Documents and Settings\ibm\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\quicks.jar-31a48f79-3964ff5e.zip
C:\Program Files\3f0fniic
C:\Program Files\3f0fniic\0sb15oo7.DLL
C:\Program Files\3f0fniic\1304380.txt
C:\Program Files\3f0fniic\14078321.bin
C:\Program Files\3f0fniic\22320303.txt
C:\Program Files\3f0fniic\28449240.exe
C:\Program Files\3f0fniic\28979809.bin
C:\Program Files\3f0fniic\33341945.txt
C:\Program Files\3f0fniic\36359764.dat
C:\Program Files\3f0fniic\37931394.txt
C:\Program Files\3f0fniic\43190562.bin
C:\Program Files\3f0fniic\45948789.dat
C:\Program Files\3f0fniic\53026172.bin
C:\Program Files\3f0fniic\5528048.dat
C:\Program Files\3f0fniic\63568352.dat
C:\Program Files\3f0fniic\64476780.bin
C:\Program Files\3f0fniic\69743310.txt
C:\Program Files\3f0fniic\74877660.bin
C:\Program Files\3f0fniic\76tyofeg.DLL
C:\Program Files\3f0fniic\7901980.bin
C:\Program Files\3f0fniic\7ej48xgl.DLL
C:\Program Files\3f0fniic\83hlkpul.DLL
C:\Program Files\3f0fniic\91705306.bin
C:\Program Files\3f0fniic\94208532.txt
C:\Program Files\3f0fniic\9pmt7t8l.DLL
C:\Program Files\3f0fniic\control.dat
C:\Program Files\3f0fniic\fzp7dmrz.DLL
C:\Program Files\3f0fniic\il1uj378.DLL
C:\Program Files\3f0fniic\lxelx3uu.DLL
C:\Program Files\3f0fniic\mi2u241b.DLL
C:\Program Files\3f0fniic\tv3e4irm.DLL
C:\Program Files\BitAccelerator\BitAccelerator.dll
C:\Program Files\BitAccelerator\BitAccelerator.exe
C:\Program Files\MyWay
C:\Program Files\MyWay\myBar\1.bin\MYBAR.DLL
C:\Program Files\MyWay\myBar\History\search
C:\Program Files\MyWay\myBar\Settings\prevcfg.htm
C:\WINDOWS\system32\apcupsbv.dll
C:\WINDOWS\system32\biR.exe
C:\Documents and Settings\ibm\Application Data\Sun\Java\Deployment\cache\6.0

.
((((((((((((((((((((((((( Files Created from 2007-12-07 to 2008-01-07 )))))))))))))))))))))))))))))))
.

2008-01-06 10:19 . 2008-01-06 10:19 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-01-06 10:18 . 2008-01-06 10:18 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-01-05 13:08 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2008-01-05 12:31 . 2008-01-05 12:31 <DIR> d-------- C:\WINDOWS\ERUNT
2008-01-04 17:42 . 2008-01-04 17:42 <DIR> d-------- C:\Program Files\Trend Micro
2008-01-02 23:09 . 2008-01-02 23:09 <DIR> d-------- C:\Program Files\Uniblue
2008-01-02 23:09 . 2008-01-02 23:09 <DIR> d-------- C:\Documents and Settings\ibm\Application Data\Uniblue
2007-12-20 19:49 . 2007-12-26 11:22 <DIR> d-------- C:\WINDOWS\.jagex_cache_32
2007-12-12 19:54 . 2008-01-06 19:25 <DIR> d-------- C:\Program Files\BitAccelerator

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-03 04:54 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-01-03 04:54 --------- d-----w C:\Documents and Settings\All Users\Application Data\Ulead Systems
2008-01-03 04:53 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-03 03:53 --------- d-----w C:\Program Files\Netscape
2008-01-03 03:48 --------- d-----w C:\Program Files\mIRC
2008-01-03 03:40 --------- d-----w C:\Program Files\Winamp
2007-12-21 10:33 --------- d-----w C:\Program Files\Java
2007-12-21 08:06 33,816 ----a-w C:\Documents and Settings\ibm\Application Data\GDIPFONTCACHEV1.DAT
2007-12-14 04:30 --------- d-----w C:\Program Files\Extractor
2005-08-18 05:55 6,144 --sha-w C:\Program Files\Thumbs.db
2005-06-19 03:27 40 ----a-w C:\Documents and Settings\ibm\language.dat
.

((((((((((((((((((((((((((((( snapshot@2008-01-05_13.20.20.73 )))))))))))))))))))))))))))))))))))))))))
.
+ 2000-08-31 14:00:00 163,328 ----a-w C:\WINDOWS\erdnt\subs\ERDNT.EXE
+ 2005-05-24 18:27:16 213,048 ----a-w C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavss.dll
+ 2007-08-29 21:47:20 94,208 ----a-w C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exe
+ 2007-08-29 21:49:54 950,272 ----a-w C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavwebscan.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 01:56 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TrackPointSrv"="tp4mon.exe" [2004-08-04 01:56 82432 C:\WINDOWS\system32\tp4mon.exe]
"vptray"="C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe" [2003-04-26 01:18 90112]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2004-05-08 16:00 98304]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2004-10-09 00:00 180269]
"PRISMSVR.EXE"="C:\WINDOWS\system32\PRISMSVR.exe" [2004-04-13 19:45 290905]
"SansaDispatch"="C:\Program Files\SanDisk\Sansa Updater\SansaDispatch.exe" [2007-05-02 18:00 55368]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Belkin Wireless Utility.lnk - C:\Program Files\Belkin\Cardbus F5D7010\Wireless Utility\Belkinwcui.exe [2005-08-18 16:09:58]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 00:01:04]


.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-06 19:33:35
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\WINDOWS\System32\NavLogon.dll
.
Completion time: 2008-01-06 19:38:26 - machine was rebooted
ComboFix-quarantined-files.txt 2008-01-07 01:38:06
ComboFix2.txt 2008-01-06 08:01:41
ComboFix3.txt 2008-01-05 19:21:58
.
2007-07-08 03:56:05 --- E O F ---
DJ Kat~
Active Member
 
Posts: 9
Joined: December 30th, 2007, 5:41 am

Re: A log for you~

Unread postby Katana » January 7th, 2008, 6:24 am

I would like to do one last scan to be certain.


TotalScan
Your Antivirus and/or Antispyware may give a warning during the scan. This is perfectly normal
Please go to this site Link >> TotalScan << LINK
  • Under Scan Now click the Full Scan button
  • Follow the prompts to install the Active X if necessary
  • Go and make a cup of tea/coffee/beverage of your choice and watch some TV :)
  • When the scan is finished, a report will be generated
  • Next to Scan Details click the small Save button and save the report to your desktop.
  • Please post the report in your reply.
User avatar
Katana
MRU Teacher Emeritus
 
Posts: 6412
Joined: November 10th, 2006, 5:00 pm
Location: Manchester

Re: A log for you~

Unread postby DJ Kat~ » January 7th, 2008, 10:00 pm

Blah, that took way too long!

;***********************************************************************************************************************************************************************************
ANALYSIS: 2008-01-07 19:39:52
PROTECTIONS: 2
MALWARE: 89
SUSPECTS: 0
;***********************************************************************************************************************************************************************************
PROTECTIONS
Description Version Active Updated
;===================================================================================================================================================================================
Symantec Antivirus Corporate Edition 8.0 No Yes
Norton Antivirus Edition 7.5 No No
;===================================================================================================================================================================================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;===================================================================================================================================================================================
00020302 adware/ncase Adware No 0 Yes No c:\windows\system32\fleok
00024343 adware/keenvalue Adware No 0 Yes No c:\program files\common files\searchupgrader
00024343 adware/keenvalue Adware No 0 Yes No hkey_local_machine\software\perfectnav
00029258 application/altnet HackTools No 0 Yes No c:\windows\smdat32a.sys
00029258 application/altnet HackTools No 0 Yes No hkey_local_machine\software\microsoft\windows\currentversion\app management\arpcache\altnetdm
00029459 spyware/betterinet Spyware No 1 Yes No c:\windows\inf\biini.inf
00032710 adware/transponder Adware No 0 Yes No c:\windows\inf\dlmax.inf
00036016 adware/topmoxie Adware No 0 Yes No HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\{6685509E-B47B-4f47-8E16-9A5F3A62F683}
00041446 application/myway HackTools No 0 Yes No HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0494D0D9-F8E0-41AD-92A3-14154ECE70AC}
00041446 application/myway HackTools No 0 Yes No HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0494D0D1-F8E0-41AD-92A3-14154ECE70AC}
00041904 adware/sidesearch Adware No 0 Yes No hkey_local_machine\software\lycos
00041904 adware/sidesearch Adware No 0 Yes No c:\documents and settings\ibm\application data\lycos
00047660 adware/sqwire Adware No 0 Yes No hkey_local_machine\software\microsoft\windows\currentversion\app management\arpcache\tsa
00047863 adware/ieplugin Adware No 0 Yes No c:\windows\kwv2.dat
00064206 Spyware/BetterInet Spyware No 1 Yes No C:\Program Files\Common Files\SearchUpgrader\system.cfg
00064207 Spyware/BetterInet Spyware No 1 Yes No C:\Program Files\Common Files\SearchUpgrader\client.cfg
00064455 Adware/SAHAgent Adware No 0 Yes No C:\WINDOWS\inf\biR.inf
00065260 adware/ipinsight Adware No 0 Yes No c:\windows\inf\farmmext.inf
00096188 spyware/searchcentrix Spyware No 1 Yes No hkey_current_user\software\dynamic toolbar
00098492 Adware/Transponder Adware No 0 Yes No C:\QooBox\Quarantine\C\WINDOWS\system32\biR.exe.vir
00098492 Adware/Transponder Adware No 0 Yes No C:\System Volume Information\_restore{F5920F88-9D5A-460B-AB9C-B5DFFE7B7C33}\RP648\A0943498.exe
00099224 Application/MyWay HackTools No 0 Yes No C:\QooBox\Quarantine\C\Program Files\MyWay\myBar\1.bin\MYBAR.DLL.vir
00099224 Application/MyWay HackTools No 0 Yes No C:\System Volume Information\_restore{F5920F88-9D5A-460B-AB9C-B5DFFE7B7C33}\RP648\A0943494.DLL
00134461 adware/btgrab Adware No 0 Yes No hkey_current_user\software\btgrab
00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No C:\Documents and Settings\ibm\Application Data\Mozilla\Firefox\Profiles\cdie3gyv.Kat\cookies.txt[.trafficmp.com/]
00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No C:\Documents and Settings\ibm\Application Data\Mozilla\Firefox\Profiles\cdie3gyv.Kat\cookies.txt[.trafficmp.com/]
00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No C:\Documents and Settings\ibm\Application Data\Mozilla\Firefox\Profiles\cdie3gyv.Kat\cookies.txt[.trafficmp.com/]
00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No C:\Documents and Settings\ibm\Application Data\Mozilla\Firefox\Profiles\cdie3gyv.Kat\cookies.txt[.trafficmp.com/]
00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No C:\Documents and Settings\ibm\Application Data\Mozilla\Profiles\default\ahrlwcp5.slt\cookies.txt[.trafficmp.com/]
00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No C:\Documents and Settings\ibm\Application Data\Mozilla\Profiles\default\ahrlwcp5.slt\cookies.txt[.trafficmp.com/]
00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No C:\Documents and Settings\ibm\Application Data\Mozilla\Firefox\Profiles\cdie3gyv.Kat\cookies.txt[.trafficmp.com/]
00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No C:\Documents and Settings\ibm\Application Data\Mozilla\Firefox\Profiles\cdie3gyv.Kat\cookies.txt[.trafficmp.com/]
00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No C:\Documents and Settings\ibm\Application Data\Mozilla\Firefox\Profiles\cdie3gyv.Kat\cookies.txt[.trafficmp.com/]
00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No C:\Documents and Settings\ibm\Application Data\Mozilla\Firefox\Profiles\xdqnmi4m.default\cookies.txt[.trafficmp.com/]
00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No C:\Documents and Settings\ibm\Application Data\Mozilla\Firefox\Profiles\xdqnmi4m.default\cookies.txt[.trafficmp.com/]
00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No C:\Documents and Settings\ibm\Application Data\Mozilla\Firefox\Profiles\cdie3gyv.Kat\cookies.txt[.trafficmp.com/]
00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No C:\Documents and Settings\ibm\Application Data\Mozilla\Firefox\Profiles\cdie3gyv.Kat\cookies.txt[.trafficmp.com/]
00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No C:\Documents and Settings\ibm\Application Data\Mozilla\Firefox\Profiles\cdie3gyv.Kat\cookies.txt[.trafficmp.com/]
00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No C:\Documents and Settings\ibm\Application Data\Mozilla\Firefox\Profiles\cdie3gyv.Kat\cookies.txt[.trafficmp.com/]
00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No C:\Documents and Settings\ibm\Application Data\Mozilla\Firefox\Profiles\tqmh0a9h.Default User\cookies.txt[.trafficmp.com/]
00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No C:\Documents and Settings\ibm\Application Data\Mozilla\Firefox\Profiles\tqmh0a9h.Default User\cookies.txt[.trafficmp.com/]
00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No C:\Documents and Settings\ibm\Application Data\Mozilla\Firefox\Profiles\tqmh0a9h.Default User\cookies.txt[.trafficmp.com/]
00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No C:\Documents and Settings\ibm\Application Data\Mozilla\Firefox\Profiles\tqmh0a9h.Default User\cookies.txt[.trafficmp.com/]
00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No C:\Documents and Settings\ibm\Application Data\Mozilla\Firefox\Profiles\tqmh0a9h.Default User\cookies.txt[.trafficmp.com/]
00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No C:\Documents and Settings\ibm\Application Data\Mozilla\Firefox\Profiles\tqmh0a9h.Default User\cookies.txt[.trafficmp.com/]
00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No C:\Documents and Settings\ibm\Application Data\Mozilla\Firefox\Profiles\tqmh0a9h.Default User\cookies.txt[.trafficmp.com/]
00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No C:\Documents and Settings\ibm\Application Data\Mozilla\Firefox\Profiles\tqmh0a9h.Default User\cookies.txt[.trafficmp.com/]
00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No C:\Documents and Settings\ibm\Application Data\Mozilla\Firefox\Profiles\tqmh0a9h.Default User\cookies.txt[.trafficmp.com/]
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Documents and Settings\ibm\Application Data\Mozilla\Firefox\Profiles\cdie3gyv.Kat\cookies.txt[.casalemedia.com/]
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Documents and Settings\ibm\Application Data\Mozilla\Firefox\Profiles\tqmh0a9h.Default User\cookies.txt[.casalemedia.com/]
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Documents and Settings\ibm\Application Data\Mozilla\Firefox\Profiles\tqmh0a9h.Default User\cookies.txt[.casalemedia.com/]
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Documents and Settings\ibm\Application Data\Mozilla\Firefox\Profiles\tqmh0a9h.Default User\cookies.txt[.casalemedia.com/]
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Documents and Settings\ibm\Application Data\Mozilla\Firefox\Profiles\tqmh0a9h.Default User\cookies.txt[.casalemedia.com/]
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Documents and Settings\ibm\Application Data\Mozilla\Firefox\Profiles\tqmh0a9h.Default User\cookies.txt[.casalemedia.com/]
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Documents and Settings\ibm\Application Data\Mozilla\Firefox\Profiles\tqmh0a9h.Default User\cookies.txt[.casalemedia.com/]
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Documents and Settings\ibm\Application Data\Mozilla\Firefox\Profiles\tqmh0a9h.Default User\cookies.txt[.casalemedia.com/]
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Documents and Settings\ibm\Application Data\Mozilla\Firefox\Profiles\cdie3gyv.Kat\cookies.txt[.casalemedia.com/]
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Documents and Settings\ibm\Application Data\Mozilla\Firefox\Profiles\cdie3gyv.Kat\cookies.txt[.casalemedia.com/]
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Documents and Settings\ibm\Application Data\Mozilla\Firefox\Profiles\cdie3gyv.Kat\cookies.txt[.casalemedia.com/]
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Documents and Settings\ibm\Application Data\Mozilla\Firefox\Profiles\cdie3gyv.Kat\cookies.txt[.casalemedia.com/]
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Documents and Settings\ibm\Application Data\Mozilla\Firefox\Profiles\cdie3gyv.Kat\cookies.txt[.casalemedia.com/]
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Documents and Settings\ibm\Application Data\Mozilla\Firefox\Profiles\xdqnmi4m.default\cookies.txt[.casalemedia.com/]
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Documents and Settings\ibm\Application Data\Mozilla\Firefox\Profiles\cdie3gyv.Kat\cookies.txt[.casalemedia.com/]
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Documents and Settings\ibm\Application Data\Mozilla\Firefox\Profiles\cdie3gyv.Kat\cookies.txt[.casalemedia.com/]
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Documents and Settings\ibm\Application Data\Mozilla\Profiles\default\ahrlwcp5.slt\cookies.txt[.casalemedia.com/]
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Documents and Settings\ibm\Application Data\Mozilla\Firefox\Profiles\cdie3gyv.Kat\cookies.txt[.casalemedia.com/]
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Documents and Settings\ibm\Application Data\Mozilla\Profiles\default\ahrlwcp5.slt\cookies.txt[.doubleclick.net/]
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Documents and Settings\ibm\Application Data\Mozilla\Firefox\Profiles\tqmh0a9h.Default User\cookies.txt[.doubleclick.net/]
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Documents and Settings\ibm\Application Data\Mozilla\Firefox\Profiles\xdqnmi4m.default\cookies.txt[.doubleclick.net/]
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Documents and Settings\ibm\Application Data\Mozilla\Firefox\Profiles\cdie3gyv.Kat\cookies.txt[.doubleclick.net/]
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Documents and Settings\ibm\Application Data\Mozilla\Firefox\Profiles\cdie3gyv.Kat\cookies.txt[.atdmt.com/]
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Documents and Settings\ibm\Application Data\Mozilla\Profiles\default\ahrlwcp5.slt\cookies.txt[.atdmt.com/]
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Documents and Settings\ibm\Application Data\Mozilla\Firefox\Profiles\xdqnmi4m.default\cookies.txt[.atdmt.com/]
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Documents and Settings\ibm\Application Data\Mozilla\Firefox\Profiles\tqmh0a9h.Default User\cookies.txt[.atdmt.com/]
00139535 Application/Processor HackTools No 0 No No C:\Documents and Settings\ibm\Desktop\SDFix.exe[SDFix\apps\Process.exe]
00139535 Application/Processor HackTools No 0 Yes No C:\SDFix\apps\Process.exe
00139558 Adware/BTGrab Adware No 0 Yes No C:\WINDOWS\inf\btgrab.inf
00140385 Adware/Transponder Adware No 0 Yes No C:\WINDOWS\inf\polmx2.inf
00145405 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\ibm\Application Data\Mozilla\Firefox\Profiles\xdqnmi4m.default\cookies.txt[.247realmedia.com/]
00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\Documents and Settings\ibm\Application Data\Mozilla\Firefox\Profiles\cdie3gyv.Kat\cookies.txt[.fastclick.net/]
00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\Documents and Settings\ibm\Application Data\Mozilla\Firefox\Profiles\cdie3gyv.Kat\cookies.txt[.fastclick.net/]
00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\Documents and Settings\ibm\Application Data\Mozilla\Firefox\Profiles\cdie3gyv.Kat\cookies.txt[.fastclick.net/]
00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\Documents and Settings\ibm\Application Data\Mozilla\Firefox\Profiles\tqmh0a9h.Default User\cookies.txt[.fastclick.net/]
00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\Documents and Settings\ibm\Application Data\Mozilla\Firefox\Profiles\tqmh0a9h.Default User\cookies.txt[.fastclick.net/]
00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\Documents and Settings\ibm\Application Data\Mozilla\Firefox\Profiles\tqmh0a9h.Default User\cookies.txt[.fastclick.net/]
00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\Documents and Settings\ibm\Application Data\Mozilla\Firefox\Profiles\tqmh0a9h.Default User\cookies.txt[.fastclick.net/]
00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\Documents and Settings\ibm\Application Data\Mozilla\Firefox\Profiles\xdqnmi4m.default\cookies.txt[.fastclick.net/]
00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\Documents and Settings\ibm\Application Data\Mozilla\Firefox\Profiles\cdie3gyv.Kat\cookies.txt[.fastclick.net/]
00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\Documents and Settings\ibm\Application Data\Mozilla\Firefox\Profiles\cdie3gyv.Kat\cookies.txt[.fastclick.net/]
00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\Documents and Settings\ibm\Application Data\Mozilla\Firefox\Profiles\cdie3gyv.Kat\cookies.txt[.fastclick.net/]
00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\Documents and Settings\ibm\Application Data\Mozilla\Firefox\Profiles\xdqnmi4m.default\cookies.txt[.fastclick.net/]
00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\Documents and Settings\ibm\Application Data\Mozilla\Profiles\default\ahrlwcp5.slt\cookies.txt[.fastclick.net/]
00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\Documents and Settings\ibm\Application Data\Mozilla\Firefox\Profiles\cdie3gyv.Kat\cookies.txt[.fastclick.net/]
00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No C:\Documents and Settings\ibm\Application Data\Mozilla\Profiles\default\ahrlwcp5.slt\cookies.txt[.tribalfusion.com/]
00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No C:\Documents and Settings\ibm\Application Data\Mozilla\Firefox\Profiles\xdqnmi4m.default\cookies.txt[.tribalfusion.com/]
00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No C:\Documents and Settings\ibm\Application Data\Mozilla\Firefox\Profiles\cdie3gyv.Kat\cookies.txt[.tribalfusion.com/]
00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No C:\Documents and Settings\ibm\Application Data\Mozilla\Firefox\Profiles\cdie3gyv.Kat\cookies.txt[.tribalfusion.com/]
00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No C:\Documents and Settings\ibm\Application Data\Mozilla\Firefox\Profiles\cdie3gyv.Kat\cookies.txt[.tribalfusion.com/]
00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No C:\Documents and Settings\ibm\Application Data\Mozilla\Firefox\Profiles\tqmh0a9h.Default User\cookies.txt[.tribalfusion.com/]
00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No C:\Documents and Settings\ibm\Application Data\Mozilla\Firefox\Profiles\cdie3gyv.Kat\cookies.txt[.tribalfusion.com/]
00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No C:\Documents and Settings\ibm\Application Data\Mozilla\Firefox\Profiles\tqmh0a9h.Default User\cookies.txt[.mediaplex.com/]
00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No C:\Documents and Settings\ibm\Application Data\Mozilla\Firefox\Profiles\tqmh0a9h.Default User\cookies.txt[.mediaplex.com/]
00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No C:\Documents and Settings\ibm\Application Data\Mozilla\Firefox\Profiles\cdie3gyv.Kat\cookies.txt[.mediaplex.com/]
00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No C:\Documents and Settings\ibm\Application Data\Mozilla\Firefox\Profiles\cdie3gyv.Kat\cookies.txt[.mediaplex.com/]
00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No C:\Documents and Settings\ibm\Application Data\Mozilla\Profiles\default\ahrlwcp5.slt\cookies.txt[.mediaplex.com/]
00145770 Cookie/CentrPort TrackingCookie No 0 Yes No C:\Documents and Settings\ibm\Application Data\Mozilla\Profiles\default\ahrlwcp5.slt\cookies.txt[.centrport.net/]
00145770 Cookie/CentrPort TrackingCookie No 0 Yes No C:\Documents and Settings\ibm\Application Data\Mozilla\Profiles\default\ahrlwcp5.slt\cookies.txt[.centrport.net/]
00146967 Cookie/PayCounter TrackingCookie No 0 Yes No C:\Documents and Settings\ibm\Application Data\Mozilla\Profiles\default\ahrlwcp5.slt\cookies.txt[.paycounter.com/]
00147824 Cookie/Clickbank TrackingCookie No 0 Yes No C:\Documents and Settings\ibm\Application Data\Mozilla\Firefox\Profiles\cdie3gyv.Kat\cookies.txt[.clickbank.net/]
00147824 Cookie/Clickbank TrackingCookie No 0 Yes No C:\Documents and Settings\ibm\Application Data\Mozilla\Firefox\Profiles\tqmh0a9h.Default User\cookies.txt[.clickbank.net/]
00149807 Spyware/ClearSearch Spyware No 1 Yes No C:\System Volume Information\_restore{F5920F88-9D5A-460B-AB9C-B5DFFE7B7C33}\RP648\A0943483.DLL
00149807 Spyware/ClearSearch Spyware No 1 Yes No C:\QooBox\Quarantine\C\Program Files\3f0fniic\0sb15oo7.DLL.vir
00149810 Spyware/ClearSearch Spyware No 1 Yes No C:\QooBox\Quarantine\C\Program Files\3f0fniic\7ej48xgl.DLL.vir
00149810 Spyware/ClearSearch Spyware No 1 Yes No C:\System Volume Information\_restore{F5920F88-9D5A-460B-AB9C-B5DFFE7B7C33}\RP648\A0943486.DLL
00167642 Cookie/Com.com TrackingCookie No 0 Yes No C:\Documents and Settings\ibm\Application Data\Mozilla\Firefox\Profiles\tqmh0a9h.Default User\cookies.txt[.com.com/]
00167642 Cookie/Com.com TrackingCookie No 0 Yes No C:\Documents and Settings\ibm\Application Data\Mozilla\Firefox\Profiles\cdie3gyv.Kat\cookies.txt[.com.com/]
00167642 Cookie/Com.com TrackingCookie No 0 Yes No C:\Documents and Settings\ibm\Application Data\Mozilla\Firefox\Profiles\cdie3gyv.Kat\cookies.txt[.com.com/]
00167642 Cookie/Com.com TrackingCookie No 0 Yes No C:\Documents and Settings\ibm\Application Data\Mozilla\Profiles\default\ahrlwcp5.slt\cookies.txt[.com.com/]
00167642 Cookie/Com.com TrackingCookie No 0 Yes No C:\Documents and Settings\ibm\Application Data\Mozilla\Firefox\Profiles\cdie3gyv.Kat\cookies.txt[.com.com/]
00167642 Cookie/Com.com TrackingCookie No 0 Yes No C:\Documents and Settings\ibm\Application Data\Mozilla\Firefox\Profiles\xdqnmi4m.default\cookies.txt[.com.com/]
00167642 Cookie/Com.com TrackingCookie No 0 Yes No C:\Documents and Settings\ibm\Application Data\Mozilla\Profiles\default\ahrlwcp5.slt\cookies.txt[.com.com/]
00167647 Cookie/Yadro TrackingCookie No 0 Yes No C:\Documents and Settings\ibm\Application Data\Mozilla\Firefox\Profiles\tqmh0a9h.Default User\cookies.txt[.yadro.ru/]
00167647 Cookie/Yadro TrackingCookie No 0 Yes No C:\Documents and Settings\ibm\Application Data\Mozilla\Firefox\Profiles\cdie3gyv.Kat\cookies.txt[.yadro.ru/]
00167647 Cookie/Yadro TrackingCookie No 0 Yes No C:\Documents and Settings\ibm\Cookies\ibm@yadro[2].txt
00167647 Cookie/Yadro TrackingCookie No 0 Yes No C:\Documents and Settings\ibm\Application Data\Mozilla\Firefox\Profiles\xdqnmi4m.default\cookies.txt[.yadro.ru/]
00167647 Cookie/Yadro TrackingCookie No 0 Yes No C:\Documents and Settings\ibm\Application Data\Mozilla\Firefox\Profiles\xdqnmi4m.default\cookies.txt[.yadro.ru/]
00167704 Cookie/Xiti TrackingCookie No 0 Yes No C:\Documents and Settings\ibm\Application Data\Mozilla\Firefox\Profiles\cdie3gyv.Kat\cookies.txt[.xiti.com/]
00167704 Cookie/Xiti TrackingCookie No 0 Yes No C:\Documents and Settings\ibm\Application Data\Mozilla\Firefox\Profiles\tqmh0a9h.Default User\cookies.txt[.xiti.com/]
00167724 Cookie/HotLog TrackingCookie No 0 Yes No C:\Documents and Settings\ibm\Application Data\Mozilla\Firefox\Profiles\xdqnmi4m.default\cookies.txt[.hotlog.ru/]
00167749 Cookie/Toplist TrackingCookie No 0 Yes No C:\Documents and Settings\ibm\Application Data\Mozilla\Firefox\Profiles\cdie3gyv.Kat\cookies.txt[.toplist.cz/]
00167749 Cookie/Toplist TrackingCookie No 0 Yes No C:\Documents and Settings\ibm\Cookies\ibm@toplist[1].txt
00167749 Cookie/Toplist TrackingCookie No 0 Yes No C:\Documents and Settings\ibm\Application Data\Mozilla\Firefox\Profiles\xdqnmi4m.default\cookies.txt[.toplist.cz/]
00167749 Cookie/Toplist TrackingCookie No 0 Yes No C:\Documents and Settings\ibm\Application Data\Mozilla\Firefox\Profiles\tqmh0a9h.Default User\cookies.txt[.toplist.cz/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\ibm\Application Data\Mozilla\Firefox\Profiles\cdie3gyv.Kat\cookies.txt[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\ibm\Application Data\Mozilla\Firefox\Profiles\xdqnmi4m.default\cookies.txt[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\ibm\Application Data\Mozilla\Firefox\Profiles\cdie3gyv.Kat\cookies.txt[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\ibm\Application Data\Mozilla\Firefox\Profiles\cdie3gyv.Kat\cookies.txt[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\ibm\Application Data\Mozilla\Firefox\Profiles\cdie3gyv.Kat\cookies.txt[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\ibm\Application Data\Mozilla\Firefox\Profiles\cdie3gyv.Kat\cookies.txt[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\ibm\Application Data\Mozilla\Firefox\Profiles\cdie3gyv.Kat\cookies.txt[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\ibm\Application Data\Mozilla\Firefox\Profiles\cdie3gyv.Kat\cookies.txt[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\ibm\Application Data\Mozilla\Firefox\Profiles\cdie3gyv.Kat\cookies.txt[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\ibm\Application Data\Mozilla\Firefox\Profiles\cdie3gyv.Kat\cookies.txt[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\ibm\Application Data\Mozilla\Firefox\Profiles\cdie3gyv.Kat\cookies.txt[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\ibm\Application Data\Mozilla\Firefox\Profiles\cdie3gyv.Kat\cookies.txt[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\ibm\Application Data\Mozilla\Firefox\Profiles\cdie3gyv.Kat\cookies.txt[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\ibm\Application Data\Mozilla\Firefox\Profiles\cdie3gyv.Kat\cookies.txt[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\ibm\Application Data\Mozilla\Firefox\Profiles\cdie3gyv.Kat\cookies.txt[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\ibm\Application Data\Mozilla\Firefox\Profiles\cdie3gyv.Kat\cookies.txt[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\ibm\Application Data\Mozilla\Firefox\Profiles\xdqnmi4m.default\cookies.txt[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\ibm\Application Data\Mozilla\Firefox\Profiles\cdie3gyv.Kat\cookies.txt[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\ibm\Application Data\Mozilla\Firefox\Profiles\cdie3gyv.Kat\cookies.txt[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\ibm\Application Data\Mozilla\Firefox\Profiles\cdie3gyv.Kat\cookies.txt[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\ibm\Application Data\Mozilla\Profiles\default\ahrlwcp5.slt\cookies.txt[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\ibm\Application Data\Mozilla\Firefox\Profiles\cdie3gyv.Kat\cookies.txt[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\ibm\Application Data\Mozilla\Firefox\Profiles\cdie3gyv.Kat\cookies.txt[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\ibm\Application Data\Mozilla\Firefox\Profiles\cdie3gyv.Kat\cookies.txt[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\ibm\Application Data\Mozilla\Firefox\Profiles\tqmh0a9h.Default User\cookies.txt[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\ibm\Application Data\Mozilla\Firefox\Profiles\tqmh0a9h.Default User\cookies.txt[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\ibm\Application Data\Mozilla\Firefox\Profiles\tqmh0a9h.Default User\cookies.txt[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\ibm\Application Data\Mozilla\Firefox\Profiles\tqmh0a9h.Default User\cookies.txt[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\ibm\Application Data\Mozilla\Firefox\Profiles\xdqnmi4m.default\cookies.txt[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\ibm\Application Data\Mozilla\Firefox\Profiles\tqmh0a9h.Default User\cookies.txt[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\ibm\Application Data\Mozilla\Firefox\Profiles\tqmh0a9h.Default User\cookies.txt[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\ibm\Application Data\Mozilla\Firefox\Profiles\tqmh0a9h.Default User\cookies.txt[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\ibm\Application Data\Mozilla\Firefox\Profiles\tqmh0a9h.Default User\cookies.txt[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\ibm\Application Data\Mozilla\Firefox\Profiles\tqmh0a9h.Default User\cookies.txt[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\ibm\Application Data\Mozilla\Firefox\Profiles\tqmh0a9h.Default User\cookies.txt[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\ibm\Application Data\Mozilla\Firefox\Profiles\tqmh0a9h.Default User\cookies.txt[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\ibm\Application Data\Mozilla\Firefox\Profiles\tqmh0a9h.Default User\cookies.txt[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\ibm\Application Data\Mozilla\Firefox\Profiles\tqmh0a9h.Default User\cookies.txt[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\ibm\Application Data\Mozilla\Firefox\Profiles\tqmh0a9h.Default User\cookies.txt[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\ibm\Application Data\Mozilla\Firefox\Profiles\tqmh0a9h.Default User\cookies.txt[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\ibm\Application Data\Mozilla\Firefox\Profiles\tqmh0a9h.Default User\cookies.txt[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\ibm\Application Data\Mozilla\Firefox\Profiles\tqmh0a9h.Default User\cookies.txt[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\ibm\Application Data\Mozilla\Firefox\Profiles\tqmh0a9h.Default User\cookies.txt[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\ibm\Application Data\Mozilla\Firefox\Profiles\tqmh0a9h.Default User\cookies.txt[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\ibm\Application Data\Mozilla\Firefox\Profiles\tqmh0a9h.Default User\cookies.txt[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\ibm\Application Data\Mozilla\Firefox\Profiles\tqmh0a9h.Default User\cookies.txt[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\ibm\Application Data\Mozilla\Firefox\Profiles\tqmh0a9h.Default User\cookies.txt[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\ibm\Application Data\Mozilla\Firefox\Profiles\tqmh0a9h.Default User\cookies.txt[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\ibm\Application Data\Mozilla\Firefox\Profiles\tqmh0a9h.Default User\cookies.txt[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\ibm\Application Data\Mozilla\Firefox\Profiles\tqmh0a9h.Default User\cookies.txt[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\ibm\Application Data\Mozilla\Firefox\Profiles\tqmh0a9h.Default User\cookies.txt[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\ibm\Application Data\Mozilla\Firefox\Profiles\tqmh0a9h.Default User\cookies.txt[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\ibm\Application Data\Mozilla\Firefox\Profiles\tqmh0a9h.Default User\cookies.txt[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\ibm\Application Data\Mozilla\Firefox\Profiles\tqmh0a9h.Default User\cookies.txt[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\ibm\Application Data\Mozilla\Firefox\Profiles\tqmh0a9h.Default User\cookies.txt[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\ibm\Application Data\Mozilla\Firefox\Profiles\tqmh0a9h.Default User\cookies.txt[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\ibm\Application Data\Mozilla\Firefox\Profiles\tqmh0a9h.Default User\cookies.txt[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\ibm\Application Data\Mozilla\Firefox\Profiles\tqmh0a9h.Default User\cookies.txt[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\ibm\Application Data\Mozilla\Firefox\Profiles\tqmh0a9h.Default User\cookies.txt[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\ibm\Application Data\Mozilla\Firefox\Profiles\cdie3gyv.Kat\cookies.txt[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\ibm\Application Data\Mozilla\Firefox\Profiles\cdie3gyv.Kat\cookies.txt[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\ibm\Application Data\Mozilla\Firefox\Profiles\cdie3gyv.Kat\cookies.txt[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\ibm\Application Data\Mozilla\Firefox\Profiles\cdie3gyv.Kat\cookies.txt[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\ibm\Application Data\Mozilla\Firefox\Profiles\cdie3gyv.Kat\cookies.txt[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\ibm\Application Data\Mozilla\Firefox\Profiles\cdie3gyv.Kat\cookies.txt[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\ibm\Application Data\Mozilla\Firefox\Profiles\cdie3gyv.Kat\cookies.txt[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\ibm\Application Data\Mozilla\Firefox\Profiles\cdie3gyv.Kat\cookies.txt[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\ibm\Application Data\Mozilla\Firefox\Profiles\tqmh0a9h.Default User\cookies.txt[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\ibm\Application Data\Mozilla\Firefox\Profiles\xdqnmi4m.default\cookies.txt[.statcounter.com/]
00167760 Cookie/Hitslink TrackingCookie No 0 Yes No C:\Documents and Settings\ibm\Application Data\Mozilla\Firefox\Profiles\tqmh0a9h.Default User\cookies.txt[counter.hitslink.com/]
00168048 Cookie/Overture TrackingCookie No 0 Yes No C:\Documents and Settings\ibm\Application Data\Mozilla\Firefox\Profiles\tqmh0a9h.Default User\cookies.txt[.perf.overture.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\ibm\Application Data\Mozilla\Firefox\Profiles\tqmh0a9h.Default User\cookies.txt[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\ibm\Application Data\Mozilla\Firefox\Profiles\tqmh0a9h.Default User\cookies.txt[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\ibm\Application Data\Mozilla\Firefox\Profiles\tqmh0a9h.Default User\cookies.txt[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\ibm\Application Data\Mozilla\Firefox\Profiles\cdie3gyv.Kat\cookies.txt[.ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\ibm\Application Data\Mozilla\Firefox\Profiles\cdie3gyv.Kat\cookies.txt[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\ibm\Application Data\Mozilla\Firefox\Profiles\cdie3gyv.Kat\cookies.txt[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\ibm\Application Data\Mozilla\Firefox\Profiles\tqmh0a9h.Default User\cookies.txt[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\ibm\Application Data\Mozilla\Firefox\Profiles\xdqnmi4m.default\cookies.txt[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\ibm\Application Data\Mozilla\Firefox\Profiles\cdie3gyv.Kat\cookies.txt[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\ibm\Application Data\Mozilla\Firefox\Profiles\cdie3gyv.Kat\cookies.txt[.ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\ibm\Application Data\Mozilla\Firefox\Profiles\cdie3gyv.Kat\cookies.txt[.ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\ibm\Application Data\Mozilla\Firefox\Profiles\cdie3gyv.Kat\cookies.txt[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\ibm\Application Data\Mozilla\Firefox\Profiles\cdie3gyv.Kat\cookies.txt[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\ibm\Application Data\Mozilla\Firefox\Profiles\cdie3gyv.Kat\cookies.txt[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\ibm\Application Data\Mozilla\Firefox\Profiles\xdqnmi4m.default\cookies.txt[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\ibm\Application Data\Mozilla\Profiles\default\ahrlwcp5.slt\cookies.txt[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\ibm\Application Data\Mozilla\Profiles\default\ahrlwcp5.slt\cookies.txt[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\ibm\Application Data\Mozilla\Profiles\default\ahrlwcp5.slt\cookies.txt[ad.yieldmanager.com/]
00168061 Cookie/Apmebf TrackingCookie No 0 Yes No C:\Documents and Settings\ibm\Application Data\Mozilla\Firefox\Profiles\cdie3gyv.Kat\cookies.txt[.apmebf.com/]
00168076 Cookie/BurstNet TrackingCookie No 0 Yes No C:\Documents and Settings\ibm\Application Data\Mozilla\Firefox\Profiles\tqmh0a9h.Default User\cookies.txt[.burstnet.com/]
00168076 Cookie/BurstNet TrackingCookie No 0 Yes No C:\Documents and Settings\ibm\Application Data\Mozilla\Firefox\Profiles\cdie3gyv.Kat\cookies.txt[.burstnet.com/]
00168076 Cookie/BurstNet TrackingCookie No 0 Yes No C:\Documents and Settings\ibm\Application Data\Mozilla\Firefox\Profiles\tqmh0a9h.Default User\cookies.txt[.burstnet.com/]
00168076 Cookie/BurstNet TrackingCookie No 0 Yes No C:\Documents and Settings\ibm\Application Data\Mozilla\Profiles\default\ahrlwcp5.slt\cookies.txt[.burstnet.com/]
00168076 Cookie/BurstNet TrackingCookie No 0 Yes No C:\Documents and Settings\ibm\Application Data\Mozilla\Profiles\default\ahrlwcp5.slt\cookies.txt[.burstnet.com/]
00168076 Cookie/BurstNet TrackingCookie No 0 Yes No C:\Documents and Settings\ibm\Cookies\ibm@burstnet[2].txt
00168076 Cookie/BurstNet TrackingCookie No 0 Yes No C:\Documents and Settings\ibm\Application Data\Mozilla\Firefox\Profiles\cdie3gyv.Kat\cookies.txt[.burstnet.com/]
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\ibm\Application Data\Mozilla\Firefox\Profiles\xdqnmi4m.default\cookies.txt[.serving-sys.com/]
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\ibm\Application Data\Mozilla\Firefox\Profiles\xdqnmi4m.default\cookies.txt[.serving-sys.com/]
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\ibm\Application Data\Mozilla\Firefox\Profiles\xdqnmi4m.default\cookies.txt[.serving-sys.com/]
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\ibm\Application Data\Mozilla\Firefox\Profiles\xdqnmi4m.default\cookies.txt[.serving-sys.com/]
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\ibm\Application Data\Mozilla\Firefox\Profiles\tqmh0a9h.Default User\cookies.txt[.serving-sys.com/]
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\ibm\Application Data\Mozilla\Firefox\Profiles\xdqnmi4m.default\cookies.txt[.serving-sys.com/]
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\ibm\Application Data\Mozilla\Firefox\Profiles\tqmh0a9h.Default User\cookies.txt[.serving-sys.com/]
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\ibm\Application Data\Mozilla\Profiles\default\ahrlwcp5.slt\cookies.txt[.serving-sys.com/]
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\ibm\Application Data\Mozilla\Profiles\default\ahrlwcp5.slt\cookies.txt[.serving-sys.com/]
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\ibm\Application Data\Mozilla\Profiles\default\ahrlwcp5.slt\cookies.txt[.serving-sys.com/]
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\ibm\Application Data\Mozilla\Profiles\default\ahrlwcp5.slt\cookies.txt[.serving-sys.com/]
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\ibm\Application Data\Mozilla\Firefox\Profiles\tqmh0a9h.Default User\cookies.txt[.serving-sys.com/]
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\ibm\Application Data\Mozilla\Firefox\Profiles\tqmh0a9h.Default User\cookies.txt[.serving-sys.com/]
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\ibm\Application Data\Mozilla\Firefox\Profiles\tqmh0a9h.Default User\cookies.txt[.serving-sys.com/]
00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\ibm\Application Data\Mozilla\Profiles\default\ahrlwcp5.slt\cookies.txt[bs.serving-sys.com/]
00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\ibm\Application Data\Mozilla\Firefox\Profiles\xdqnmi4m.default\cookies.txt[.bs.serving-sys.com/]
00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\ibm\Application Data\Mozilla\Firefox\Profiles\tqmh0a9h.Default User\cookies.txt[.bs.serving-sys.com/]
00168097 Cookie/BurstBeacon TrackingCookie No 0 Yes No C:\Documents and Settings\ibm\Cookies\ibm@www.burstbeacon[2].txt
00168097 Cookie/BurstBeacon TrackingCookie No 0 Yes No C:\Documents and Settings\ibm\Application Data\Mozilla\Firefox\Profiles\cdie3gyv.Kat\cookies.txt[www.burstbeacon.com/]
00168106 Cookie/Weborama TrackingCookie No 0 Yes No C:\Documents and Settings\ibm\Application Data\Mozilla\Firefox\Profiles\tqmh0a9h.Default User\cookies.txt[.weborama.fr/]
00168109 Cookie/Adtech TrackingCookie No 0 Yes No C:\Documents and Settings\ibm\Application Data\Mozilla\Firefox\Profiles\cdie3gyv.Kat\cookies.txt[.adtech.de/]
00168110 Cookie/Server.iad.Liveperson TrackingCookie No 0 Yes No C:\Documents and Settings\ibm\Application Data\Mozilla\Firefox\Profiles\cdie3gyv.Kat\cookies.txt[server.iad.liveperson.net/]
00168110 Cookie/Server.iad.Liveperson TrackingCookie No 0 Yes No C:\Documents and Settings\ibm\Application Data\Mozilla\Firefox\Profiles\tqmh0a9h.Default User\cookies.txt[server.iad.liveperson.net/]
00168112 Cookie/Com.com TrackingCookie No 0 Yes No C:\Documents and Settings\ibm\Application Data\Mozilla\Firefox\Profiles\xdqnmi4m.default\cookies.txt[.bannerlandia.com.ar/]
00168114 Cookie/onestat.com TrackingCookie No 0 Yes No C:\Documents and Settings\ibm\Application Data\Mozilla\Firefox\Profiles\tqmh0a9h.Default User\cookies.txt[stat.onestat.com/]
00168114 Cookie/onestat.com TrackingCookie No 0 Yes No C:\Documents and Settings\ibm\Application Data\Mozilla\Firefox\Profiles\tqmh0a9h.Default User\cookies.txt[stat.onestat.com/]
00168114 Cookie/onestat.com TrackingCookie No 0 Yes No C:\Documents and Settings\ibm\Application Data\Mozilla\Firefox\Profiles\tqmh0a9h.Default User\cookies.txt[stat.onestat.com/]
00168114 Cookie/onestat.com TrackingCookie No 0 Yes No C:\Documents and Settings\ibm\Application Data\Mozilla\Firefox\Profiles\tqmh0a9h.Default User\cookies.txt[stat.onestat.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\ibm\Application Data\Mozilla\Profiles\default\ahrlwcp5.slt\cookies.txt[.advertising.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\ibm\Application Data\Mozilla\Profiles\default\ahrlwcp5.slt\cookies.txt[.advertising.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\ibm\Application Data\Mozilla\Profiles\default\ahrlwcp5.slt\cookies.txt[.advertising.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\ibm\Application Data\Mozilla\Firefox\Profiles\cdie3gyv.Kat\cookies.txt[.advertising.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\ibm\Application Data\Mozilla\Firefox\Profiles\cdie3gyv.Kat\cookies.txt[.advertising.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\ibm\Application Data\Mozilla\Firefox\Profiles\cdie3gyv.Kat\cookies.txt[.advertising.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\ibm\Application Data\Mozilla\Firefox\Profiles\xdqnmi4m.default\cookies.txt[.advertising.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\ibm\Application Data\Mozilla\Profiles\default\ahrlwcp5.slt\cookies.txt[.advertising.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\ibm\Application Data\Mozilla\Profiles\default\ahrlwcp5.slt\cookies.txt[.advertising.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\ibm\Application Data\Mozilla\Firefox\Profiles\cdie3gyv.Kat\cookies.txt[.advertising.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\ibm\Application Data\Mozilla\Firefox\Profiles\xdqnmi4m.default\cookies.txt[.advertising.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\ibm\Application Data\Mozilla\Firefox\Profiles\xdqnmi4m.default\cookies.txt[.advertising.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\ibm\Application Data\Mozilla\Firefox\Profiles\xdqnmi4m.default\cookies.txt[.advertising.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\ibm\Application Data\Mozilla\Firefox\Profiles\tqmh0a9h.Default User\cookies.txt[.advertising.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\ibm\Application Data\Mozilla\Firefox\Profiles\tqmh0a9h.Default User\cookies.txt[.advertising.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\ibm\Application Data\Mozilla\Firefox\Profiles\tqmh0a9h.Default User\cookies.txt[.advertising.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\ibm\Application Data\Mozilla\Firefox\Profiles\xdqnmi4m.default\cookies.txt[.advertising.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\ibm\Application Data\Mozilla\Firefox\Profiles\tqmh0a9h.Default User\cookies.txt[.advertising.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\ibm\Application Data\Mozilla\Firefox\Profiles\tqmh0a9h.Default User\cookies.txt[.advertising.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\ibm\Application Data\Mozilla\Firefox\Profiles\cdie3gyv.Kat\cookies.txt[.advertising.com/]
00169752 application/need2find HackTools No 0 Yes No hkey_local_machine\software\need2find
00169752 application/need2find HackTools No 0 Yes No c:\program files\need2find
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\ibm\Application Data\Mozilla\Firefox\Profiles\xdqnmi4m.default\cookies.txt[.ads.pointroll.com/]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\ibm\Application Data\Mozilla\Firefox\Profiles\xdqnmi4m.default\cookies.txt[.ads.pointroll.com/]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\ibm\Application Data\Mozilla\Firefox\Profiles\xdqnmi4m.default\cookies.txt[.ads.pointroll.com/]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\ibm\Application Data\Mozilla\Firefox\Profiles\tqmh0a9h.Default User\cookies.txt[.ads.pointroll.com/]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\ibm\Application Data\Mozilla\Firefox\Profiles\tqmh0a9h.Default User\cookies.txt[.ads.pointroll.com/]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\ibm\Application Data\Mozilla\Firefox\Profiles\tqmh0a9h.Default User\cookies.txt[.ads.pointroll.com/]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\ibm\Application Data\Mozilla\Firefox\Profiles\cdie3gyv.Kat\cookies.txt[.ads.pointroll.com/]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\ibm\Application Data\Mozilla\Firefox\Profiles\cdie3gyv.Kat\cookies.txt[.ads.pointroll.com/]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\ibm\Application Data\Mozilla\Firefox\Profiles\xdqnmi4m.default\cookies.txt[.ads.pointroll.com/]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\ibm\Application Data\Mozilla\Firefox\Profiles\cdie3gyv.Kat\cookies.txt[.ads.pointroll.com/]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\ibm\Application Data\Mozilla\Firefox\Profiles\cdie3gyv.Kat\cookies.txt[.ads.pointroll.com/]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\ibm\Application Data\Mozilla\Firefox\Profiles\cdie3gyv.Kat\cookies.txt[.ads.pointroll.com/]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\ibm\Application Data\Mozilla\Firefox\Profiles\cdie3gyv.Kat\cookies.txt[.ads.pointroll.com/]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\ibm\Application Data\Mozilla\Firefox\Profiles\cdie3gyv.Kat\cookies.txt[.ads.pointroll.com/]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\ibm\Application Data\Mozilla\Firefox\Profiles\cdie3gyv.Kat\cookies.txt[.ads.pointroll.com/]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\ibm\Application Data\Mozilla\Firefox\Profiles\cdie3gyv.Kat\cookies.txt[.ads.pointroll.com/]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\ibm\Application Data\Mozilla\Firefox\Profiles\tqmh0a9h.Default User\cookies.txt[.ads.pointroll.com/]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\ibm\Application Data\Mozilla\Firefox\Profiles\cdie3gyv.Kat\cookies.txt[.ads.pointroll.com/]
00170554 Cookie/Overture TrackingCookie No 0 Yes No C:\Documents and Settings\ibm\Application Data\Mozilla\Profiles\default\ahrlwcp5.slt\cookies.txt[.overture.com/]
00170554 Cookie/Overture TrackingCookie No 0 Yes No C:\Documents and Settings\ibm\Application Data\Mozilla\Firefox\Profiles\xdqnmi4m.default\cookies.txt[.overture.com/]
00170554 Cookie/Overture TrackingCookie No 0 Yes No C:\Documents and Settings\ibm\Application Data\Mozilla\Firefox\Profiles\xdqnmi4m.default\cookies.txt[.overture.com/]
00170554 Cookie/Overture TrackingCookie No 0 Yes No C:\Documents and Settings\ibm\Application Data\Mozilla\Firefox\Profiles\tqmh0a9h.Default User\cookies.txt[.overture.com/]
00170554 Cookie/Overture TrackingCookie No 0 Yes No C:\Documents and Settings\ibm\Application Data\Mozilla\Firefox\Profiles\tqmh0a9h.Default User\cookies.txt[.overture.com/]
00170554 Cookie/Overture TrackingCookie No 0 Yes No C:\Documents and Settings\ibm\Application Data\Mozilla\Profiles\default\ahrlwcp5.slt\cookies.txt[.overture.com/]
00170554 Cookie/Overture TrackingCookie No 0 Yes No C:\Documents and Settings\ibm\Application Data\Mozilla\Firefox\Profiles\xdqnmi4m.default\cookies.txt[.overture.com/]
00170556 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\ibm\Application Data\Mozilla\Firefox\Profiles\xdqnmi4m.default\cookies.txt[.realmedia.com/]
00170556 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\ibm\Application Data\Mozilla\Firefox\Profiles\xdqnmi4m.default\cookies.txt[.realmedia.com/]
00170556 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\ibm\Application Data\Mozilla\Firefox\Profiles\cdie3gyv.Kat\cookies.txt[.realmedia.com/]
00170556 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\ibm\Application Data\Mozilla\Firefox\Profiles\cdie3gyv.Kat\cookies.txt[.realmedia.com/]
00170556 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\ibm\Application Data\Mozilla\Firefox\Profiles\cdie3gyv.Kat\cookies.txt[.realmedia.com/]
00170556 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\ibm\Application Data\Mozilla\Firefox\Profiles\tqmh0a9h.Default User\cookies.txt[.realmedia.com/]
00170556 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\ibm\Application Data\Mozilla\Firefox\Profiles\tqmh0a9h.Default User\cookies.txt[.realmedia.com/]
00170556 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\ibm\Application Data\Mozilla\Firefox\Profiles\cdie3gyv.Kat\cookies.txt[.realmedia.com/]
00170556 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\ibm\Application Data\Mozilla\Profiles\default\ahrlwcp5.slt\cookies.txt[.realmedia.com/]
00170556 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\ibm\Application Data\Mozilla\Profiles\default\ahrlwcp5.slt\cookies.txt[.realmedia.com/]
00170556 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\ibm\Application Data\Mozilla\Firefox\Profiles\tqmh0a9h.Default User\cookies.txt[.realmedia.com/]
00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No C:\Documents and Settings\ibm\Application Data\Mozilla\Firefox\Profiles\cdie3gyv.Kat\cookies.txt[.questionmarket.com/]
00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No C:\Documents and Settings\ibm\Application Data\Mozilla\Firefox\Profiles\tqmh0a9h.Default User\cookies.txt[.questionmarket.com/]
00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No C:\Documents and Settings\ibm\Application Data\Mozilla\Firefox\Profiles\tqmh0a9h.Default User\cookies.txt[.questionmarket.com/]
00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No C:\Documents and Settings\ibm\Application Data\Mozilla\Firefox\Profiles\tqmh0a9h.Default User\cookies.txt[.questionmarket.com/]
00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No C:\Documents and Settings\ibm\Application Data\Mozilla\Profiles\default\ahrlwcp5.slt\cookies.txt[.questionmarket.com/]
00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No C:\Documents and Settings\ibm\Application Data\Mozilla\Profiles\default\ahrlwcp5.slt\cookies.txt[.questionmarket.com/]
00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No C:\Documents and Settings\ibm\Application Data\Mozilla\Firefox\Profiles\cdie3gyv.Kat\cookies.txt[.questionmarket.com/]
00172221 Cookie/Zedo TrackingCookie No 0 Yes No C:\Documents and Settings\ibm\Application Data\Mozilla\Firefox\Profiles\cdie3gyv.Kat\cookies.txt[.zedo.com/]
00172221 Cookie/Zedo TrackingCookie No 0 Yes No C:\Documents and Settings\ibm\Application Data\Mozilla\Firefox\Profiles\xdqnmi4m.default\cookies.txt[.zedo.com/]
00172221 Cookie/Zedo TrackingCookie No 0 Yes No C:\Documents and Settings\ibm\Application Data\Mozilla\Firefox\Profiles\cdie3gyv.Kat\cookies.txt[.zedo.com/]
00172221 Cookie/Zedo TrackingCookie No 0 Yes No C:\Documents and Settings\ibm\Application Data\Mozilla\Firefox\Profiles\cdie3gyv.Kat\cookies.txt[.zedo.com/]
00172221 Cookie/Zedo TrackingCookie No 0 Yes No C:\Documents and Settings\ibm\Application Data\Mozilla\Firefox\Profiles\cdie3gyv.Kat\cookies.txt[.zedo.com/]
00172221 Cookie/Zedo TrackingCookie No 0 Yes No C:\Documents and Settings\ibm\Application Data\Mozilla\Firefox\Profiles\tqmh0a9h.Default User\cookies.txt[.zedo.com/]
00172221 Cookie/Zedo TrackingCookie No 0 Yes No C:\Documents and Settings\ibm\Application Data\Mozilla\Firefox\Profiles\cdie3gyv.Kat\cookies.txt[.zedo.com/]
00172221 Cookie/Zedo TrackingCookie No 0 Yes No C:\Documents and Settings\ibm\Application Data\Mozilla\Firefox\Profiles\cdie3gyv.Kat\cookies.txt[.zedo.com/]
00172221 Cookie/Zedo TrackingCookie No 0 Yes No C:\Documents and Settings\ibm\Application Data\Mozilla\Firefox\Profiles\tqmh0a9h.Default User\cookies.txt[.zedo.com/]
00172221 Cookie/Zedo TrackingCookie No 0 Yes No C:\Documents and Settings\ibm\Application Data\Mozilla\Firefox\Profiles\tqmh0a9h.Default User\cookies.txt[.zedo.com/]
00172221 Cookie/Zedo TrackingCookie No 0 Yes No C:\Documents and Settings\ibm\Application Data\Mozilla\Firefox\Profiles\tqmh0a9h.Default User\cookies.txt[.zedo.com/]
00172221 Cookie/Zedo TrackingCookie No 0 Yes No C:\Documents and Settings\ibm\Application Data\Mozilla\Firefox\Profiles\cdie3gyv.Kat\cookies.txt[.zedo.com/]
00172221 Cookie/Zedo TrackingCookie No 0 Yes No C:\Documents and Settings\ibm\Application Data\Mozilla\Firefox\Profiles\xdqnmi4m.default\cookies.txt[.zedo.com/]
00172221 Cookie/Zedo TrackingCookie No 0 Yes No C:\Documents and Settings\ibm\Application Data\Mozilla\Firefox\Profiles\tqmh0a9h.Default User\cookies.txt[.zedo.com/]
00172221 Cookie/Zedo TrackingCookie No 0 Yes No C:\Documents and Settings\ibm\Application Data\Mozilla\Firefox\Profiles\tqmh0a9h.Default User\cookies.txt[.zedo.com/]
00172221 Cookie/Zedo TrackingCookie No 0 Yes No C:\Documents and Settings\ibm\Application Data\Mozilla\Firefox\Profiles\tqmh0a9h.Default User\cookies.txt[.zedo.com/]
00173520 Cookie/Bluestreak TrackingCookie No 0 Yes No C:\Documents and Settings\ibm\Application Data\Mozilla\Profiles\default\ahrlwcp5.slt\cookies.txt[.bluestreak.com/]
00173520 Cookie/Bluestreak TrackingCookie No 0 Yes No C:\Documents and Settings\ibm\Application Data\Mozilla\Firefox\Profiles\cdie3gyv.Kat\cookies.txt[.bluestreak.com/]
00173520 Cookie/Bluestreak TrackingCookie No 0 Yes No C:\Documents and Settings\ibm\Application Data\Mozilla\Firefox\Profiles\tqmh0a9h.Default User\cookies.txt[.bluestreak.com/]
00173992 Cookie/Zedo TrackingCookie No 0 Yes No C:\Documents and Settings\ibm\Application Data\Mozilla\Firefox\Profiles\tqmh0a9h.Default User\cookies.txt[c5.zedo.com/]
00173992 Cookie/Zedo TrackingCookie No 0 Yes No C:\Documents and Settings\ibm\Application Data\Mozilla\Firefox\Profiles\tqmh0a9h.Default User\cookies.txt[c5.zedo.com/]
00175950 Cookie/cs.sexcounter TrackingCookie No 0 Yes No C:\Documents and Settings\ibm\Application Data\Mozilla\Profiles\default\ahrlwcp5.slt\cookies.txt[.cs.sexcounter.com/]
00175950 Cookie/cs.sexcounter TrackingCookie No 0 Yes No C:\Documents and Settings\ibm\Application Data\Mozilla\Profiles\default\ahrlwcp5.slt\cookies.txt[.cs.sexcounter.com/]
00184846 Cookie/Adrevolver TrackingCookie No 0 Yes No C:\Documents and Settings\ibm\Application Data\Mozilla\Firefox\Profiles\cdie3gyv.Kat\cookies.txt[.adrevolver.com/]
00184846 Cookie/Adrevolver TrackingCookie No 0 Yes No C:\Documents and Settings\ibm\Application Data\Mozilla\Firefox\Profiles\xdqnmi4m.default\cookies.txt[.adrevolver.com/]
00184846 Cookie/Adrevolver TrackingCookie No 0 Yes No C:\Documents and Settings\ibm\Application Data\Mozilla\Firefox\Profiles\cdie3gyv.Kat\cookies.txt[.adrevolver.com/]
00184846 Cookie/Adrevolver TrackingCookie No 0 Yes No C:\Documents and Settings\ibm\Application Data\Mozilla\Firefox\Profiles\tqmh0a9h.Default User\cookies.txt[.adrevolver.com/]
00184846 Cookie/Adrevolver TrackingCookie No 0 Yes No C:\Documents and Settings\ibm\Application Data\Mozilla\Firefox\Profiles\cdie3gyv.Kat\cookies.txt[.adrevolver.com/]
00184846 Cookie/Adrevolver TrackingCookie No 0 Yes No C:\Documents and Settings\ibm\Application Data\Mozilla\Firefox\Profiles\tqmh0a9h.Default User\cookies.txt[.adrevolver.com/]
00184846 Cookie/Adrevolver TrackingCookie No 0 Yes No C:\Documents and Settings\ibm\Application Data\Mozilla\Firefox\Profiles\tqmh0a9h.Default User\cookies.txt[.adrevolver.com/]
00184846 Cookie/Adrevolver TrackingCookie No 0 Yes No C:\Documents and Settings\ibm\Application Data\Mozilla\Firefox\Profiles\xdqnmi4m.default\cookies.txt[.adrevolver.com/]
00187950 Cookie/bravenetA TrackingCookie No 0 Yes No C:\Documents and Settings\ibm\Application Data\Mozilla\Profiles\default\ahrlwcp5.slt\cookies.txt[.bravenet.com/]
00191644 Cookie/adultfriendfinder TrackingCookie No 0 Yes No C:\Documents and Settings\ibm\Application Data\Mozilla\Firefox\Profiles\cdie3gyv.Kat\cookies.txt[.adultfriendfinder.com/]
00191644 Cookie/adultfriendfinder TrackingCookie No 0 Yes No C:\Documents and Settings\ibm\Application Data\Mozilla\Firefox\Profiles\cdie3gyv.Kat\cookies.txt[.adultfriendfinder.com/]
00193644 Spyware/ClearSearch Spyware No 1 Yes No C:\System Volume Information\_restore{F5920F88-9D5A-460B-AB9C-B5DFFE7B7C33}\RP648\A0943488.DLL
00193644 Spyware/ClearSearch Spyware No 1 Yes No C:\QooBox\Quarantine\C\Program Files\3f0fniic\9pmt7t8l.DLL.vir
00193644 Spyware/ClearSearch Spyware No 1 Yes No C:\System Volume Information\_restore{F5920F88-9D5A-460B-AB9C-B5DFFE7B7C33}\RP648\A0943487.DLL
00193644 Spyware/ClearSearch Spyware No 1 Yes No C:\QooBox\Quarantine\C\Program Files\3f0fniic\83hlkpul.DLL.vir
00194327 Cookie/Go TrackingCookie No 0 Yes No C:\Documents and Settings\ibm\Application Data\Mozilla\Firefox\Profiles\tqmh0a9h.Default User\cookies.txt[.go.com/]
00194327 Cookie/Go TrackingCookie No 0 Yes No C:\Documents and Settings\ibm\Application Data\Mozilla\Profiles\default\ahrlwcp5.slt\cookies.txt[.go.com/]
00207338 Cookie/Target TrackingCookie No 0 Yes No C:\Documents and Settings\ibm\Cookies\ibm@target[1].txt
00211158 application/bestoffer HackTools No 0 Yes No c:\windows\smdat32m.sys
00242402 Application/MyWay HackTools No 0 Yes No C:\System Volume Information\_restore{F5920F88-9D5A-460B-AB9C-B5DFFE7B7C33}\RP638\A0940299.DLL
00262020 Cookie/Atwola TrackingCookie No 0 Yes No C:\Documents and Settings\ibm\Application Data\Mozilla\Profiles\default\ahrlwcp5.slt\cookies.txt[.atwola.com/]
00262020 Cookie/Atwola TrackingCookie No 0 Yes No C:\Documents and Settings\ibm\Application Data\Mozilla\Firefox\Profiles\tqmh0a9h.Default User\cookies.txt[.atwola.com/]
00286734 Cookie/Adserver TrackingCookie No 0 Yes No C:\Documents and Settings\ibm\Application Data\Mozilla\Firefox\Profiles\xdqnmi4m.default\cookies.txt[adserver.filefront.com/]
00286734 Cookie/Adserver TrackingCookie No 0 Yes No C:\Documents and Settings\ibm\Application Data\Mozilla\Firefox\Profiles\xdqnmi4m.default\cookies.txt[adserver.filefront.com/]
00286734 Cookie/Adserver TrackingCookie No 0 Yes No C:\Documents and Settings\ibm\Application Data\Mozilla\Firefox\Profiles\xdqnmi4m.default\cookies.txt[adserver.filefront.com/]
00286734 Cookie/Adserver TrackingCookie No 0 Yes No C:\Documents and Settings\ibm\Application Data\Mozilla\Firefox\Profiles\xdqnmi4m.default\cookies.txt[adserver.filefront.com/]
00286739 Cookie/Hitbox TrackingCookie No 0 Yes No C:\Documents and Settings\ibm\Application Data\Mozilla\Firefox\Profiles\tqmh0a9h.Default User\cookies.txt[.ehg-dig.hitbox.com/]
00286739 Cookie/Hitbox TrackingCookie No 0 Yes No C:\Documents and Settings\ibm\Application Data\Mozilla\Firefox\Profiles\tqmh0a9h.Default User\cookies.txt[.ehg-dig.hitbox.com/]
00286739 Cookie/Hitbox TrackingCookie No 0 Yes No C:\Documents and Settings\ibm\Application Data\Mozilla\Firefox\Profiles\tqmh0a9h.Default User\cookies.txt[.ehg-dig.hitbox.com/]
00286739 Cookie/Hitbox TrackingCookie No 0 Yes No C:\Documents and Settings\ibm\Application Data\Mozilla\Firefox\Profiles\tqmh0a9h.Default User\cookies.txt[.ehg-dig.hitbox.com/]
00332277 Adware/TrustIn Adware No 0 Yes No C:\System Volume Information\_restore{F5920F88-9D5A-460B-AB9C-B5DFFE7B7C33}\RP603\A0830166.exe
00332277 Adware/TrustIn Adware No 0 Yes No C:\System Volume Information\_restore{F5920F88-9D5A-460B-AB9C-B5DFFE7B7C33}\RP607\A0850167.exe
00332277 Adware/TrustIn Adware No 0 Yes No C:\System Volume Information\_restore{F5920F88-9D5A-460B-AB9C-B5DFFE7B7C33}\RP611\A0864181.exe
00332277 Adware/TrustIn Adware No 0 Yes No C:\System Volume Information\_restore{F5920F88-9D5A-460B-AB9C-B5DFFE7B7C33}\RP612\A0870164.exe
00332277 Adware/TrustIn Adware No 0 Yes No C:\System Volume Information\_restore{F5920F88-9D5A-460B-AB9C-B5DFFE7B7C33}\RP603\A0828164.exe
00332277 Adware/TrustIn Adware No 0 Yes No C:\System Volume Information\_restore{F5920F88-9D5A-460B-AB9C-B5DFFE7B7C33}\RP602\A0827164.exe
00374226 Trj/Downloader.MSW Virus/Trojan No 1 Yes No C:\System Volume Information\_restore{F5920F88-9D5A-460B-AB9C-B5DFFE7B7C33}\RP636\A0932273.dll
00374226 Trj/Downloader.MSW Virus/Trojan No 1 Yes No C:\System Volume Information\_restore{F5920F88-9D5A-460B-AB9C-B5DFFE7B7C33}\RP636\A0932303.dll
00374226 Trj/Downloader.MSW Virus/Trojan No 1 Yes No C:\System Volume Information\_restore{F5920F88-9D5A-460B-AB9C-B5DFFE7B7C33}\RP636\A0932302.dll
00374226 Trj/Downloader.MSW Virus/Trojan No 1 Yes No C:\System Volume Information\_restore{F5920F88-9D5A-460B-AB9C-B5DFFE7B7C33}\RP636\A0932311.dll
00374226 Trj/Downloader.MSW Virus/Trojan No 1 Yes No C:\System Volume Information\_restore{F5920F88-9D5A-460B-AB9C-B5DFFE7B7C33}\RP636\A0932301.dll
00374226 Trj/Downloader.MSW Virus/Trojan No 1 Yes No C:\System Volume Information\_restore{F5920F88-9D5A-460B-AB9C-B5DFFE7B7C33}\RP636\A0932310.dll
00374226 Trj/Downloader.MSW Virus/Trojan No 1 Yes No C:\System Volume Information\_restore{F5920F88-9D5A-460B-AB9C-B5DFFE7B7C33}\RP636\A0932300.dll
00374226 Trj/Downloader.MSW Virus/Trojan No 1 Yes No C:\System Volume Information\_restore{F5920F88-9D5A-460B-AB9C-B5DFFE7B7C33}\RP636\A0932309.dll
00374226 Trj/Downloader.MSW Virus/Trojan No 1 Yes No C:\System Volume Information\_restore{F5920F88-9D5A-460B-AB9C-B5DFFE7B7C33}\RP636\A0932299.dll
00374226 Trj/Downloader.MSW Virus/Trojan No 1 Yes No C:\System Volume Information\_restore{F5920F88-9D5A-460B-AB9C-B5DFFE7B7C33}\RP636\A0932308.dll
00374226 Trj/Downloader.MSW Virus/Trojan No 1 Yes No C:\System Volume Information\_restore{F5920F88-9D5A-460B-AB9C-B5DFFE7B7C33}\RP636\A0932298.dll
00374226 Trj/Downloader.MSW Virus/Trojan No 1 Yes No C:\System Volume Information\_restore{F5920F88-9D5A-460B-AB9C-B5DFFE7B7C33}\RP636\A0932307.dll
00374226 Trj/Downloader.MSW Virus/Trojan No 1 Yes No C:\System Volume Information\_restore{F5920F88-9D5A-460B-AB9C-B5DFFE7B7C33}\RP636\A0932306.dll
00374226 Trj/Downloader.MSW Virus/Trojan No 1 Yes No C:\System Volume Information\_restore{F5920F88-9D5A-460B-AB9C-B5DFFE7B7C33}\RP636\A0932305.dll
00374226 Trj/Downloader.MSW Virus/Trojan No 1 Yes No C:\System Volume Information\_restore{F5920F88-9D5A-460B-AB9C-B5DFFE7B7C33}\RP636\A0932226.dll
00374226 Trj/Downloader.MSW Virus/Trojan No 1 Yes No C:\System Volume Information\_restore{F5920F88-9D5A-460B-AB9C-B5DFFE7B7C33}\RP636\A0932227.dll
00374226 Trj/Downloader.MSW Virus/Trojan No 1 Yes No C:\System Volume Information\_restore{F5920F88-9D5A-460B-AB9C-B5DFFE7B7C33}\RP636\A0932228.dll
00374226 Trj/Downloader.MSW Virus/Trojan No 1 Yes No C:\System Volume Information\_restore{F5920F88-9D5A-460B-AB9C-B5DFFE7B7C33}\RP636\A0932229.dll
00374226 Trj/Downloader.MSW Virus/Trojan No 1 Yes No C:\System Volume Information\_restore{F5920F88-9D5A-460B-AB9C-B5DFFE7B7C33}\RP636\A0932230.dll
00374226 Trj/Downloader.MSW Virus/Trojan No 1 Yes No C:\System Volume Information\_restore{F5920F88-9D5A-460B-AB9C-B5DFFE7B7C33}\RP636\A0932231.dll
00374226 Trj/Downloader.MSW Virus/Trojan No 1 Yes No C:\System Volume Information\_restore{F5920F88-9D5A-460B-AB9C-B5DFFE7B7C33}\RP636\A0932232.dll
00374226 Trj/Downloader.MSW Virus/Trojan No 1 Yes No C:\System Volume Information\_restore{F5920F88-9D5A-460B-AB9C-B5DFFE7B7C33}\RP636\A0932233.dll
00374226 Trj/Downloader.MSW Virus/Trojan No 1 Yes No C:\System Volume Information\_restore{F5920F88-9D5A-460B-AB9C-B5DFFE7B7C33}\RP636\A0932234.dll
00374226 Trj/Downloader.MSW Virus/Trojan No 1 Yes No C:\System Volume Information\_restore{F5920F88-9D5A-460B-AB9C-B5DFFE7B7C33}\RP636\A0932235.dll
00374226 Trj/Downloader.MSW Virus/Trojan No 1 Yes No C:\System Volume Information\_restore{F5920F88-9D5A-460B-AB9C-B5DFFE7B7C33}\RP636\A0932236.dll
00374226 Trj/Downloader.MSW Virus/Trojan No 1 Yes No C:\System Volume Information\_restore{F5920F88-9D5A-460B-AB9C-B5DFFE7B7C33}\RP636\A0932237.dll
00374226 Trj/Downloader.MSW Virus/Trojan No 1 Yes No C:\System Volume Information\_restore{F5920F88-9D5A-460B-AB9C-B5DFFE7B7C33}\RP636\A0932238.dll
00374226 Trj/Downloader.MSW Virus/Trojan No 1 Yes No C:\System Volume Information\_restore{F5920F88-9D5A-460B-AB9C-B5DFFE7B7C33}\RP636\A0932239.dll
00374226 Trj/Downloader.MSW Virus/Trojan No 1 Yes No C:\System Volume Information\_restore{F5920F88-9D5A-460B-AB9C-B5DFFE7B7C33}\RP636\A0932240.dll
00374226 Trj/Downloader.MSW Virus/Trojan No 1 Yes No C:\System Volume Information\_restore{F5920F88-9D5A-460B-AB9C-B5DFFE7B7C33}\RP636\A0932241.dll
00374226 Trj/Downloader.MSW Virus/Trojan No 1 Yes No C:\System Volume Information\_restore{F5920F88-9D5A-460B-AB9C-B5DFFE7B7C33}\RP636\A0932242.dll
00374226 Trj/Downloader.MSW Virus/Trojan No 1 Yes No C:\System Volume Information\_restore{F5920F88-9D5A-460B-AB9C-B5DFFE7B7C33}\RP636\A0932243.dll
00374226 Trj/Downloader.MSW Virus/Trojan No 1 Yes No C:\System Volume Information\_restore{F5920F88-9D5A-460B-AB9C-B5DFFE7B7C33}\RP636\A0932244.dll
00374226 Trj/Downloader.MSW Virus/Trojan No 1 Yes No C:\System Volume Information\_restore{F5920F88-9D5A-460B-AB9C-B5DFFE7B7C33}\RP636\A0932245.dll
00374226 Trj/Downloader.MSW Virus/Trojan No 1 Yes No C:\System Volume Information\_restore{F5920F88-9D5A-460B-AB9C-B5DFFE7B7C33}\RP636\A0932246.dll
00374226 Trj/Downloader.MSW Virus/Trojan No 1 Yes No C:\System Volume Information\_restore{F5920F88-9D5A-460B-AB9C-B5DFFE7B7C33}\RP636\A0932247.dll
00374226 Trj/Downloader.MSW Virus/Trojan No 1 Yes No C:\System Volume Information\_restore{F5920F88-9D5A-460B-AB9C-B5DFFE7B7C33}\RP636\A0932248.dll
00374226 Trj/Downloader.MSW Virus/Trojan No 1 Yes No C:\System Volume Information\_restore{F5920F88-9D5A-460B-AB9C-B5DFFE7B7C33}\RP636\A0932249.dll
00374226 Trj/Downloader.MSW Virus/Trojan No 1 Yes No C:\System Volume Information\_restore{F5920F88-9D5A-460B-AB9C-B5DFFE7B7C33}\RP636\A0932250.dll
00374226 Trj/Downloader.MSW Virus/Trojan No 1 Yes No C:\System Volume Information\_restore{F5920F88-9D5A-460B-AB9C-B5DFFE7B7C33}\RP636\A0932251.dll
00374226 Trj/Downloader.MSW Virus/Trojan No 1 Yes No C:\System Volume Information\_restore{F5920F88-9D5A-460B-AB9C-B5DFFE7B7C33}\RP636\A0932252.dll
00374226 Trj/Downloader.MSW Virus/Trojan No 1 Yes No C:\System Volume Information\_restore{F5920F88-9D5A-460B-AB9C-B5DFFE7B7C33}\RP636\A0932253.dll
00374226 Trj/Downloader.MSW Virus/Trojan No 1 Yes No C:\System Volume Information\_restore{F5920F88-9D5A-460B-AB9C-B5DFFE7B7C33}\RP636\A0932254.dll
00374226 Trj/Downloader.MSW Virus/Trojan No 1 Yes No C:\System Volume Information\_restore{F5920F88-9D5A-460B-AB9C-B5DFFE7B7C33}\RP636\A0932255.dll
00374226 Trj/Downloader.MSW Virus/Trojan No 1 Yes No C:\System Volume Information\_restore{F5920F88-9D5A-460B-AB9C-B5DFFE7B7C33}\RP636\A0932256.dll
00374226 Trj/Downloader.MSW Virus/Trojan No 1 Yes No C:\System Volume Information\_restore{F5920F88-9D5A-460B-AB9C-B5DFFE7B7C33}\RP636\A0932257.dll
00374226 Trj/Downloader.MSW Virus/Trojan No 1 Yes No C:\System Volume Information\_restore{F5920F88-9D5A-460B-AB9C-B5DFFE7B7C33}\RP636\A0932258.dll
00374226 Trj/Downloader.MSW Virus/Trojan No 1 Yes No C:\System Volume Information\_restore{F5920F88-9D5A-460B-AB9C-B5DFFE7B7C33}\RP636\A0932259.dll
00374226 Trj/Downloader.MSW Virus/Trojan No 1 Yes No C:\System Volume Information\_restore{F5920F88-9D5A-460B-AB9C-B5DFFE7B7C33}\RP636\A0932260.dll
00374226 Trj/Downloader.MSW Virus/Trojan No 1 Yes No C:\System Volume Information\_restore{F5920F88-9D5A-460B-AB9C-B5DFFE7B7C33}\RP636\A0932261.dll
00374226 Trj/Downloader.MSW Virus/Trojan No 1 Yes No C:\System Volume Information\_restore{F5920F88-9D5A-460B-AB9C-B5DFFE7B7C33}\RP636\A0932262.dll
00374226 Trj/Downloader.MSW Virus/Trojan No 1 Yes No C:\System Volume Information\_restore{F5920F88-9D5A-460B-AB9C-B5DFFE7B7C33}\RP636\A0932263.dll
00374226 Trj/Downloader.MSW Virus/Trojan No 1 Yes No C:\System Volume Information\_restore{F5920F88-9D5A-460B-AB9C-B5DFFE7B7C33}\RP636\A0932264.dll
00374226 Trj/Downloader.MSW Virus/Trojan No 1 Yes No C:\System Volume Information\_restore{F5920F88-9D5A-460B-AB9C-B5DFFE7B7C33}\RP636\A0932265.dll
00374226 Trj/Downloader.MSW Virus/Trojan No 1 Yes No C:\System Volume Information\_restore{F5920F88-9D5A-460B-AB9C-B5DFFE7B7C33}\RP636\A0932266.dll
00374226 Trj/Downloader.MSW Virus/Trojan No 1 Yes No C:\System Volume Information\_restore{F5920F88-9D5A-460B-AB9C-B5DFFE7B7C33}\RP636\A0932267.dll
00374226 Trj/Downloader.MSW Virus/Trojan No 1 Yes No C:\System Volume Information\_restore{F5920F88-9D5A-460B-AB9C-B5DFFE7B7C33}\RP636\A0932268.dll
00374226 Trj/Downloader.MSW Virus/Trojan No 1 Yes No C:\System Volume Information\_restore{F5920F88-9D5A-460B-AB9C-B5DFFE7B7C33}\RP636\A0932269.dll
00374226 Trj/Downloader.MSW Virus/Trojan No 1 Yes No C:\System Volume Information\_restore{F5920F88-9D5A-460B-AB9C-B5DFFE7B7C33}\RP636\A0932270.dll
00374226 Trj/Downloader.MSW Virus/Trojan No 1 Yes No C:\System Volume Information\_restore{F5920F88-9D5A-460B-AB9C-B5DFFE7B7C33}\RP636\A0932271.dll
00374226 Trj/Downloader.MSW Virus/Trojan No 1 Yes No C:\System Volume Information\_restore{F5920F88-9D5A-460B-AB9C-B5DFFE7B7C33}\RP636\A0932272.dll
00374226 Trj/Downloader.MSW Virus/Trojan No 1 Yes No C:\System Volume Information\_restore{F5920F88-9D5A-460B-AB9C-B5DFFE7B7C33}\RP636\A0932297.dll
00374226 Trj/Downloader.MSW Virus/Trojan No 1 Yes No C:\System Volume Information\_restore{F5920F88-9D5A-460B-AB9C-B5DFFE7B7C33}\RP636\A0932274.dll
00374226 Trj/Downloader.MSW Virus/Trojan No 1 Yes No C:\System Volume Information\_restore{F5920F88-9D5A-460B-AB9C-B5DFFE7B7C33}\RP636\A0932275.dll
00374226 Trj/Downloader.MSW Virus/Trojan No 1 Yes No C:\System Volume Information\_restore{F5920F88-9D5A-460B-AB9C-B5DFFE7B7C33}\RP636\A0932276.dll
00374226 Trj/Downloader.MSW Virus/Trojan No 1 Yes No C:\System Volume Information\_restore{F5920F88-9D5A-460B-AB9C-B5DFFE7B7C33}\RP636\A0932277.dll
00374226 Trj/Downloader.MSW Virus/Trojan No 1 Yes No C:\System Volume Information\_restore{F5920F88-9D5A-460B-AB9C-B5DFFE7B7C33}\RP636\A0932278.dll
00374226 Trj/Downloader.MSW Virus/Trojan No 1 Yes No C:\System Volume Information\_restore{F5920F88-9D5A-460B-AB9C-B5DFFE7B7C33}\RP636\A0932279.dll
00374226 Trj/Downloader.MSW Virus/Trojan No 1 Yes No C:\System Volume Information\_restore{F5920F88-9D5A-460B-AB9C-B5DFFE7B7C33}\RP636\A0932280.dll
00374226 Trj/Downloader.MSW Virus/Trojan No 1 Yes No C:\System Volume Information\_restore{F5920F88-9D5A-460B-AB9C-B5DFFE7B7C33}\RP636\A0932281.dll
00374226 Trj/Downloader.MSW Virus/Trojan No 1 Yes No C:\System Volume Information\_restore{F5920F88-9D5A-460B-AB9C-B5DFFE7B7C33}\RP636\A0932282.dll
00374226 Trj/Downloader.MSW Virus/Trojan No 1 Yes No C:\System Volume Information\_restore{F5920F88-9D5A-460B-AB9C-B5DFFE7B7C33}\RP636\A0932283.dll
00374226 Trj/Downloader.MSW Virus/Trojan No 1 Yes No C:\System Volume Information\_restore{F5920F88-9D5A-460B-AB9C-B5DFFE7B7C33}\RP636\A0932284.dll
00374226 Trj/Downloader.MSW Virus/Trojan No 1 Yes No C:\System Volume Information\_restore{F5920F88-9D5A-460B-AB9C-B5DFFE7B7C33}\RP636\A0932285.dll
00374226 Trj/Downloader.MSW Virus/Trojan No 1 Yes No C:\System Volume Information\_restore{F5920F88-9D5A-460B-AB9C-B5DFFE7B7C33}\RP636\A0932286.dll
00374226 Trj/Downloader.MSW Virus/Trojan No 1 Yes No C:\System Volume Information\_restore{F5920F88-9D5A-460B-AB9C-B5DFFE7B7C33}\RP636\A0932287.dll
00374226 Trj/Downloader.MSW Virus/Trojan No 1 Yes No C:\System Volume Information\_restore{F5920F88-9D5A-460B-AB9C-B5DFFE7B7C33}\RP636\A0932288.dll
00374226 Trj/Downloader.MSW Virus/Trojan No 1 Yes No C:\System Volume Information\_restore{F5920F88-9D5A-460B-AB9C-B5DFFE7B7C33}\RP636\A0932289.dll
00374226 Trj/Downloader.MSW Virus/Trojan No 1 Yes No C:\System Volume Information\_restore{F5920F88-9D5A-460B-AB9C-B5DFFE7B7C33}\RP636\A0932290.dll
00374226 Trj/Downloader.MSW Virus/Trojan No 1 Yes No C:\System Volume Information\_restore{F5920F88-9D5A-460B-AB9C-B5DFFE7B7C33}\RP636\A0932291.dll
00374226 Trj/Downloader.MSW Virus/Trojan No 1 Yes No C:\System Volume Information\_restore{F5920F88-9D5A-460B-AB9C-B5DFFE7B7C33}\RP636\A0932292.dll
00374226 Trj/Downloader.MSW Virus/Trojan No 1 Yes No C:\System Volume Information\_restore{F5920F88-9D5A-460B-AB9C-B5DFFE7B7C33}\RP636\A0932293.dll
00374226 Trj/Downloader.MSW Virus/Trojan No 1 Yes No C:\System Volume Information\_restore{F5920F88-9D5A-460B-AB9C-B5DFFE7B7C33}\RP636\A0932294.dll
00374226 Trj/Downloader.MSW Virus/Trojan No 1 Yes No C:\System Volume Information\_restore{F5920F88-9D5A-460B-AB9C-B5DFFE7B7C33}\RP636\A0932295.dll
00374226 Trj/Downloader.MSW Virus/Trojan No 1 Yes No C:\System Volume Information\_restore{F5920F88-9D5A-460B-AB9C-B5DFFE7B7C33}\RP636\A0932296.dll
00374226 Trj/Downloader.MSW Virus/Trojan No 1 Yes No C:\System Volume Information\_restore{F5920F88-9D5A-460B-AB9C-B5DFFE7B7C33}\RP636\A0932304.dll
00378782 Trj/Downloader.MXC Virus/Trojan No 1 Yes No C:\System Volume Information\_restore{F5920F88-9D5A-460B-AB9C-B5DFFE7B7C33}\RP612\A0870163.exe
00378782 Trj/Downloader.MXC Virus/Trojan No 1 Yes No C:\System Volume Information\_restore{F5920F88-9D5A-460B-AB9C-B5DFFE7B7C33}\RP611\A0864180.exe
00378782 Trj/Downloader.MXC Virus/Trojan No 1 Yes No C:\System Volume Information\_restore{F5920F88-9D5A-460B-AB9C-B5DFFE7B7C33}\RP607\A0850166.exe
00378782 Trj/Downloader.MXC Virus/Trojan No 1 Yes No C:\System Volume Information\_restore{F5920F88-9D5A-460B-AB9C-B5DFFE7B7C33}\RP603\A0830165.exe
00378782 Trj/Downloader.MXC Virus/Trojan No 1 Yes No C:\System Volume Information\_restore{F5920F88-9D5A-460B-AB9C-B5DFFE7B7C33}\RP602\A0827163.exe
00378782 Trj/Downloader.MXC Virus/Trojan No 1 Yes No C:\System Volume Information\_restore{F5920F88-9D5A-460B-AB9C-B5DFFE7B7C33}\RP618\A0890175.exe
00378782 Trj/Downloader.MXC Virus/Trojan No 1 Yes No C:\System Volume Information\_restore{F5920F88-9D5A-460B-AB9C-B5DFFE7B7C33}\RP603\A0828163.exe
00506776 Adware/AzeSearch Adware No 0 Yes No C:\QooBox\Quarantine\C\WINDOWS\se_spoof.dll.vir
00506776 Adware/AzeSearch Adware No 0 Yes No C:\System Volume Information\_restore{F5920F88-9D5A-460B-AB9C-B5DFFE7B7C33}\RP646\A0943374.dll
01048319 Spyware/ClearSearch Spyware No 1 Yes No C:\System Volume Information\_restore{F5920F88-9D5A-460B-AB9C-B5DFFE7B7C33}\RP648\A0943493.DLL
01048319 Spyware/ClearSearch Spyware No 1 Yes No C:\QooBox\Quarantine\C\Program Files\3f0fniic\tv3e4irm.DLL.vir
01196325 Cookie/Enhance TrackingCookie No 0 Yes No C:\Documents and Settings\ibm\Cookies\ibm@enhance[1].txt
01262593 Application/NirCmd.A HackTools No 0 No No C:\Documents and Settings\ibm\Desktop\ComboFix.exe[nircmd.cfexe]
01262593 Application/NirCmd.A HackTools No 0 Yes No C:\System Volume Information\_restore{F5920F88-9D5A-460B-AB9C-B5DFFE7B7C33}\RP646\A0943422.exe
01262593 Application/NirCmd.A HackTools No 0 Yes No C:\WINDOWS\NirCmd.exe
01262593 Application/NirCmd.A HackTools No 0 No No C:\Documents and Settings\ibm\Desktop\ComboFix.exe[nircmd.exe]
01262593 Application/NirCmd.A HackTools No 0 Yes No C:\System Volume Information\_restore{F5920F88-9D5A-460B-AB9C-B5DFFE7B7C33}\RP646\A0943408.exe
01262593 Application/NirCmd.A HackTools No 0 Yes No C:\System Volume Information\_restore{F5920F88-9D5A-460B-AB9C-B5DFFE7B7C33}\RP647\A0943478.exe
01262593 Application/NirCmd.A HackTools No 0 Yes No C:\System Volume Information\_restore{F5920F88-9D5A-460B-AB9C-B5DFFE7B7C33}\RP647\A0943459.exe
01262593 Application/NirCmd.A HackTools No 0 Yes No C:\System Volume Information\_restore{F5920F88-9D5A-460B-AB9C-B5DFFE7B7C33}\RP648\A0943529.exe
01344898 Adware/BHO.L Adware No 0 Yes No C:\QooBox\Quarantine\C\Program Files\BitAccelerator\BitAccelerator.exe.vir
01344898 Adware/BHO.L Adware No 0 No No C:\System Volume Information\_restore{F5920F88-9D5A-460B-AB9C-B5DFFE7B7C33}\RP624\A0906166.exe[BitAccelerator.exe]
01344898 Adware/BHO.L Adware No 0 Yes No C:\System Volume Information\_restore{F5920F88-9D5A-460B-AB9C-B5DFFE7B7C33}\RP648\A0943496.exe
01556295 Spyware/ClearSearch Spyware No 1 Yes No C:\QooBox\Quarantine\C\Program Files\3f0fniic\28449240.exe.vir
01556295 Spyware/ClearSearch Spyware No 1 Yes No C:\System Volume Information\_restore{F5920F88-9D5A-460B-AB9C-B5DFFE7B7C33}\RP648\A0943484.exe
01606636 Cookie/Adserver TrackingCookie No 0 Yes No C:\Documents and Settings\ibm\Application Data\Mozilla\Firefox\Profiles\tqmh0a9h.Default User\cookies.txt[.adserver.easyad.info/]
01606636 Cookie/Adserver TrackingCookie No 0 Yes No C:\Documents and Settings\ibm\Application Data\Mozilla\Firefox\Profiles\cdie3gyv.Kat\cookies.txt[.adserver.easyad.info/]
01606636 Cookie/Adserver TrackingCookie No 0 Yes No C:\Documents and Settings\ibm\Application Data\Mozilla\Firefox\Profiles\cdie3gyv.Kat\cookies.txt[.adserver.easyad.info/]
01606636 Cookie/Adserver TrackingCookie No 0 Yes No C:\Documents and Settings\ibm\Application Data\Mozilla\Firefox\Profiles\tqmh0a9h.Default User\cookies.txt[.adserver.easyad.info/]
02426938 Generic Backdoor Virus/Trojan No 0 Yes No C:\WINDOWS\IFinst25.exe
02670559 Adware/BHO.L Adware No 0 Yes No C:\System Volume Information\_restore{F5920F88-9D5A-460B-AB9C-B5DFFE7B7C33}\RP648\A0943495.dll
02670559 Adware/BHO.L Adware No 0 No No C:\System Volume Information\_restore{F5920F88-9D5A-460B-AB9C-B5DFFE7B7C33}\RP624\A0906166.exe[BitAccelerator.dll]
02670559 Adware/BHO.L Adware No 0 Yes No C:\QooBox\Quarantine\C\Program Files\BitAccelerator\BitAccelerator.dll.vir
02670562 Adware/BHO.L Adware No 0 Yes No C:\System Volume Information\_restore{F5920F88-9D5A-460B-AB9C-B5DFFE7B7C33}\RP624\A0906166.exe
02885963 Rootkit/Booto.C Virus/Worm No 0 Yes No C:\System Volume Information\_restore{F5920F88-9D5A-460B-AB9C-B5DFFE7B7C33}\RP648\A0943510.sys
02888262 Exploit/Gimsh.B HackTools No 0 Yes No C:\QooBox\Quarantine\C\Documents and Settings\ibm\Application Data\Sun\Java\Deployment\cache\6.0\49\49820371-72d7b506.vir[vmain.class]
02888262 Exploit/Gimsh.B HackTools No 0 Yes No C:\QooBox\Quarantine\C\Documents and Settings\ibm\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jvmimpro.jar-5efd1945-26417037.zip.vir[vmain.class]
;===================================================================================================================================================================================
SUSPECTS
Location
;===================================================================================================================================================================================
;===================================================================================================================================================================================
DJ Kat~
Active Member
 
Posts: 9
Joined: December 30th, 2007, 5:41 am
Advertisement
Register to Remove

Next

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 286 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware