|
|
|
Hijackthis - analysis please =)
|
|
|
rowski
Junior Member
|
6. October 2006 @ 09:46 |
Link to this message
|
Computers been playing up, nothing major, just loadsa little niggles, and as of about half hour ago, when i couldnt load up msn, i was REALLY annoyed!
Check this out please
Logfile of HijackThis v1.99.1
Scan saved at 18:42:30, on 06/10/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\PROGRA~1\COMMON~1\Stardock\SDMCP.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Q2hyaXM\command.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\LClock\LClock.exe
C:\Program Files\iTunes\iTunesHelper.exe
D:\Documents and Settings\Chris\Yinstall.exe
C:\windows\system32\stonedrv.exe
C:\WINDOWS\v1201.exe
c:\windows\system32\winlogon7.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\dfndrff_e24.exe
C:\kybrdff_e24.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Common Files\{44A874C3-0BF3-2057-0830-05092905002c}\Update.exe
C:\Program Files\PeerGuardian2\pg2.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\WinRAR\WinRAR.exe
D:\DOCUME~1\Chris\LOCALS~1\Temp\Rar$EX00.078\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.wanadoo.co.uk/iesearch/default.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wanadoo.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.wanadoo.co.uk
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Wanadoo
F2 - REG:system.ini: Shell=explorer.exe "C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00025.exe"
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - (no file)
O3 - Toolbar: Wanadoo - {8B68564D-53FD-4293-B80C-993A9F3988EE} - C:\PROGRA~1\Wanadoo\WSBar\WSBar.dll (file missing)
O3 - Toolbar: ToolBar888 - {C004DEC2-2623-438e-9CA2-C9043AB28508} - C:\Program Files\Common Files\{34A874C3-0BF4-2057-0830-05092905002c}\MyToolBar.dll
O4 - HKLM\..\Run: [LClock] C:\Program Files\LClock\LClock.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [explorer] D:\Documents and Settings\Chris\Yinstall.exe
O4 - HKLM\..\Run: [stonedrv] c:\windows\system32\stonedrv.exe
O4 - HKLM\..\Run: [SvcManager] winlogon7.exe
O4 - HKLM\..\Run: [ACTX1] C:\WINDOWS\v1201.exe
O4 - HKLM\..\Run: [nwr66710] RUNDLL32.EXE w0027fe4.dll,n 0056670b0000000a0027fe4
O4 - HKLM\..\Run: [defender] C:\\dfndrff_e24.exe
O4 - HKLM\..\Run: [keyboard] C:\\kybrdff_e24.exe
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\RunServices: [stonedrv] c:\windows\system32\stonedrv.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [PeerGuardian] C:\Program Files\PeerGuardian2\pg2.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [stonedrv] c:\windows\system32\stonedrv.exe
O4 - HKCU\..\Run: [shell] "C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00025.exe"
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Search with Wanadoo - res://C:\PROGRA~1\Wanadoo\WSBar\WSBar.dll/VSearch.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.wanadoo.co.uk
O16 - DPF: {E055C02E-6258-40FF-80A7-3BDA52FACAD7} (Installer Class) - http://activex.matcash.com/speedtest2.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{A63F059F-F9E6-4A1A-A157-8813BE59A2FC}: NameServer = 195.92.195.95 195.92.195.94
O20 - Winlogon Notify: MCPClient - C:\PROGRA~1\COMMON~1\Stardock\mcpstub.dll
O20 - Winlogon Notify: Reliability - C:\WINDOWS\system32\j0j6la1s1d.dll
O20 - Winlogon Notify: SharedDlls - C:\WINDOWS\system32\WQVXENCD.dll (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\Q2hyaXM\command.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
|
|
Advertisement
|
|
|
|
|
rowski
Junior Member
|
6. October 2006 @ 10:04 |
Link to this message
|
Just run vundofix and it said it found it, although my wallpaper didn't dissapear :s
Logfile of HijackThis v1.99.1
Scan saved at 19:02:51, on 06/10/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\PROGRA~1\COMMON~1\Stardock\SDMCP.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Q2hyaXM\command.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\explorer.exe
C:\Program Files\LClock\LClock.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
D:\Documents and Settings\Chris\Yinstall.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\windows\system32\stonedrv.exe
C:\WINDOWS\system32\winlogon7.exe
C:\WINDOWS\v1201.exe
C:\dfndrff_e24.exe
C:\kybrdff_e24.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Common Files\{44A874C3-0BF3-2057-0830-05092905002c}\Update.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\WINDOWS\system32\rundll32.exe
D:\DOCUME~1\Chris\LOCALS~1\Temp\Rar$EX05.219\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.wanadoo.co.uk/iesearch/default.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wanadoo.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.wanadoo.co.uk
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Wanadoo
F2 - REG:system.ini: Shell=explorer.exe "C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00025.exe"
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - (no file)
O3 - Toolbar: Wanadoo - {8B68564D-53FD-4293-B80C-993A9F3988EE} - C:\PROGRA~1\Wanadoo\WSBar\WSBar.dll (file missing)
O3 - Toolbar: ToolBar888 - {C004DEC2-2623-438e-9CA2-C9043AB28508} - C:\Program Files\Common Files\{34A874C3-0BF4-2057-0830-05092905002c}\MyToolBar.dll
O4 - HKLM\..\Run: [LClock] C:\Program Files\LClock\LClock.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [explorer] D:\Documents and Settings\Chris\Yinstall.exe
O4 - HKLM\..\Run: [stonedrv] c:\windows\system32\stonedrv.exe
O4 - HKLM\..\Run: [SvcManager] winlogon7.exe
O4 - HKLM\..\Run: [ACTX1] C:\WINDOWS\v1201.exe
O4 - HKLM\..\Run: [nwr66710] RUNDLL32.EXE w0027fe4.dll,n 0056670b0000000a0027fe4
O4 - HKLM\..\Run: [defender] C:\\dfndrff_e24.exe
O4 - HKLM\..\Run: [keyboard] C:\\kybrdff_e24.exe
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\RunServices: [stonedrv] c:\windows\system32\stonedrv.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [PeerGuardian] C:\Program Files\PeerGuardian2\pg2.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [stonedrv] c:\windows\system32\stonedrv.exe
O4 - HKCU\..\Run: [shell] "C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00025.exe"
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Search with Wanadoo - res://C:\PROGRA~1\Wanadoo\WSBar\WSBar.dll/VSearch.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.wanadoo.co.uk
O16 - DPF: {E055C02E-6258-40FF-80A7-3BDA52FACAD7} (Installer Class) - http://activex.matcash.com/speedtest2.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{A63F059F-F9E6-4A1A-A157-8813BE59A2FC}: NameServer = 195.92.195.94 195.92.195.95
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: Extensions - C:\WINDOWS\system32\j0j6la1s1d.dll
O20 - Winlogon Notify: MCPClient - C:\PROGRA~1\COMMON~1\Stardock\mcpstub.dll
O20 - Winlogon Notify: SharedDlls - C:\WINDOWS\system32\WQVXENCD.dll (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\Q2hyaXM\command.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
|
|
maca1
Senior Member
|
6. October 2006 @ 10:14 |
Link to this message
|
Click here http://www.atribune.org/ccount/click.php?id=7
to download Look2Me-Destroyer.exe and save it to your desktop.
Close all windows before continuing.
Double-click Look2Me-Destroyer.exe to run it.
Put a check next to Run this program as a task.
You will receive a message saying Look2Me-Destroyer will close and re-open in approximately 10 seconds. Click OK
When Look2Me-Destroyer re-opens, click the Scan for L2M button, your desktop icons will disappear, this is normal.
Once it's done scanning, click the Remove L2M button.
You will receive a Done Scanning message, click OK.
When completed, you will receive this message: Done removing infected files! Look2Me-Destroyer will now shutdown your computer, click OK.
Your computer will then shutdown.
Turn your computer back on.
Please post the contents of C:\Look2Me-Destroyer.txt and a new HijackThis log.
If Look2Me-Destroyer does not reopen automatically, reboot and try again.
If you receive a message from your firewall about this program accessing the internet please allow it.
If you receive a runtime error '339' please download MSWINSCK.OCX from here http://www.ascentive.com/support/new/images/lib/MSWINSCK.OCX
and place it in your C:\Windows\System32 Folder.
Download Ewido Anti-Spyware http://www.ewido.net/en/download/
· Install and run ewido
· Click Scanner
· select the "Settings" tab.
· Once in the Settings screen click on "Recommended actions" and then select "Delete".
· Select "Automatically generate report after every scan"
· UnSelect "Only if threats were found"
· Click Complete System Scan and the scan will begin.
· When the scan is finished, Set all items to delete
· Click Apply all actions
· Click the Save report button.
· Save the report to your C: Drive
Reboot
Post that log and a new HiJack log
|
Senior Member
|
6. October 2006 @ 10:27 |
Link to this message
|
|
Edit: didn't see maca's post.
Welcome back maca! Good to have your help again! :)
This message has been edited since posting. Last time this message was edited on 6. October 2006 @ 10:32
|
|
rowski
Junior Member
|
6. October 2006 @ 10:42 |
Link to this message
|
Right here goes:
Look2Me-Destroyer V1.0.12
Scanning for infected files.....
Scan started at 06/10/2006 19:31:06
Infected! C:\WINDOWS\system32\j0j6la1s1d.dll
Infected! C:\WINDOWS\system32\WQVXENCD.dll
Infected! C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP71\A0019300.dll
Infected! C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP71\A0019301.dll
Infected! C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP71\A0019337.dll
Infected! C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP71\A0019338.dll
Infected! C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP71\A0019339.dll
Infected! C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP71\A0019354.dll
Infected! C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP71\A0019355.dll
Infected! C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP72\A0020354.dll
Infected! C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP73\A0021367.dll
Infected! C:\WINDOWS\system32\cudial32.dll
Infected! C:\WINDOWS\system32\gp8ql3l51.dll
Infected! C:\WINDOWS\system32\h44mleh11h4.dll
Infected! C:\WINDOWS\system32\ir8ol5l31.dll
Infected! C:\WINDOWS\system32\j0j6la1s1d.dll
Infected! C:\WINDOWS\system32\j84o0ih3e84.dll
Infected! C:\WINDOWS\system32\jt0407dqe.dll
Infected! C:\WINDOWS\system32\rwpsnd.dll
Infected! C:\WINDOWS\system32\swrenacm.dll
Infected! C:\WINDOWS\system32\guard.tmp
Attempting to delete infected files...
Attempting to delete: C:\WINDOWS\system32\j0j6la1s1d.dll
C:\WINDOWS\system32\j0j6la1s1d.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP71\A0019300.dll
C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP71\A0019300.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP71\A0019301.dll
C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP71\A0019301.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP71\A0019337.dll
C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP71\A0019337.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP71\A0019338.dll
C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP71\A0019338.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP71\A0019339.dll
C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP71\A0019339.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP71\A0019354.dll
C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP71\A0019354.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP71\A0019355.dll
C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP71\A0019355.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP72\A0020354.dll
C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP72\A0020354.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP73\A0021367.dll
C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP73\A0021367.dll Deleted successfully!
Attempting to delete: C:\WINDOWS\system32\cudial32.dll
C:\WINDOWS\system32\cudial32.dll Deleted successfully!
Attempting to delete: C:\WINDOWS\system32\gp8ql3l51.dll
C:\WINDOWS\system32\gp8ql3l51.dll Deleted successfully!
Attempting to delete: C:\WINDOWS\system32\h44mleh11h4.dll
C:\WINDOWS\system32\h44mleh11h4.dll Deleted successfully!
Attempting to delete: C:\WINDOWS\system32\ir8ol5l31.dll
C:\WINDOWS\system32\ir8ol5l31.dll Deleted successfully!
Attempting to delete: C:\WINDOWS\system32\j0j6la1s1d.dll
C:\WINDOWS\system32\j0j6la1s1d.dll Deleted successfully!
Attempting to delete: C:\WINDOWS\system32\j84o0ih3e84.dll
C:\WINDOWS\system32\j84o0ih3e84.dll Deleted successfully!
Attempting to delete: C:\WINDOWS\system32\jt0407dqe.dll
C:\WINDOWS\system32\jt0407dqe.dll Deleted successfully!
Attempting to delete: C:\WINDOWS\system32\rwpsnd.dll
C:\WINDOWS\system32\rwpsnd.dll Deleted successfully!
Attempting to delete: C:\WINDOWS\system32\swrenacm.dll
C:\WINDOWS\system32\swrenacm.dll Deleted successfully!
Attempting to delete: C:\WINDOWS\system32\guard.tmp
C:\WINDOWS\system32\guard.tmp Deleted successfully!
Making registry repairs.
Removing: HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Extensions
Removing: HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SharedDLLs
Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{3C270C5E-11FA-4DA9-8E90-E62DD8CF7C46}"
HKCR\Clsid\{3C270C5E-11FA-4DA9-8E90-E62DD8CF7C46}
Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{BF979F65-4A78-462B-BB2C-0F791BBE5857}"
HKCR\Clsid\{BF979F65-4A78-462B-BB2C-0F791BBE5857}
Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{2BA228C3-1171-4754-8C09-E39E256FD193}"
HKCR\Clsid\{2BA228C3-1171-4754-8C09-E39E256FD193}
Restoring Windows certificates.
Replaced hosts file with default windows hosts file
Restoring SeDebugPrivilege for Administrators - Succeeded
***AND HERES THE HjT LOG***
Logfile of HijackThis v1.99.1
Scan saved at 19:41:56, on 06/10/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\PROGRA~1\COMMON~1\Stardock\SDMCP.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Q2hyaXM\command.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\LClock\LClock.exe
C:\Program Files\iTunes\iTunesHelper.exe
D:\Documents and Settings\Chris\Yinstall.exe
C:\windows\system32\stonedrv.exe
C:\WINDOWS\system32\winlogon7.exe
C:\WINDOWS\v1201.exe
C:\dfndrff_e24.exe
C:\kybrdff_e24.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Common Files\{44A874C3-0BF3-2057-0830-05092905002c}\Update.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\PeerGuardian2\pg2.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
D:\DOCUME~1\Chris\LOCALS~1\Temp\Rar$EX00.313\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.wanadoo.co.uk/iesearch/default.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wanadoo.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.wanadoo.co.uk
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Wanadoo
F2 - REG:system.ini: Shell=explorer.exe "C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00025.exe"
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - (no file)
O3 - Toolbar: Wanadoo - {8B68564D-53FD-4293-B80C-993A9F3988EE} - C:\PROGRA~1\Wanadoo\WSBar\WSBar.dll (file missing)
O3 - Toolbar: ToolBar888 - {C004DEC2-2623-438e-9CA2-C9043AB28508} - C:\Program Files\Common Files\{34A874C3-0BF4-2057-0830-05092905002c}\MyToolBar.dll
O4 - HKLM\..\Run: [LClock] C:\Program Files\LClock\LClock.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [explorer] D:\Documents and Settings\Chris\Yinstall.exe
O4 - HKLM\..\Run: [stonedrv] c:\windows\system32\stonedrv.exe
O4 - HKLM\..\Run: [SvcManager] winlogon7.exe
O4 - HKLM\..\Run: [ACTX1] C:\WINDOWS\v1201.exe
O4 - HKLM\..\Run: [nwr66710] RUNDLL32.EXE w0027fe4.dll,n 0056670b0000000a0027fe4
O4 - HKLM\..\Run: [defender] C:\\dfndrff_e24.exe
O4 - HKLM\..\Run: [keyboard] C:\\kybrdff_e24.exe
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\RunServices: [stonedrv] c:\windows\system32\stonedrv.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [PeerGuardian] C:\Program Files\PeerGuardian2\pg2.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [stonedrv] c:\windows\system32\stonedrv.exe
O4 - HKCU\..\Run: [shell] "C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00025.exe"
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Search with Wanadoo - res://C:\PROGRA~1\Wanadoo\WSBar\WSBar.dll/VSearch.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.wanadoo.co.uk
O16 - DPF: {E055C02E-6258-40FF-80A7-3BDA52FACAD7} (Installer Class) - http://activex.matcash.com/speedtest2.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{A63F059F-F9E6-4A1A-A157-8813BE59A2FC}: NameServer = 195.92.195.94 195.92.195.95
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: MCPClient - C:\PROGRA~1\COMMON~1\Stardock\mcpstub.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\Q2hyaXM\command.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
|
|
maca1
Senior Member
|
6. October 2006 @ 10:42 |
Link to this message
|
|
Hey Niobis, thnaks man.
Back at college, being busy :)
=========
have you got the ewido log as well?
This message has been edited since posting. Last time this message was edited on 6. October 2006 @ 10:44
|
|
rowski
Junior Member
|
6. October 2006 @ 10:50 |
Link to this message
|
|
Im doing that now. I thought id post those first as it was taking a while, see if you spotted anything out of place :)
|
|
rowski
Junior Member
|
6. October 2006 @ 12:09 |
Link to this message
|
---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------
+ Created at: 20:37:47 06/10/2006
+ Scan result:
D:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP12\A0002135.exe -> Adware.180Solutions : Cleaned.
C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP73\A0021417.dll -> Adware.CommAd : Cleaned.
C:\WINDOWS\Q2hyaXM\__delete_on_reboot__a_s_a_p_p_s_r_v_._d_l_l_ -> Adware.CommAd : Cleaned.
C:\WINDOWS\Q2hyaXM\command.exe -> Adware.CommAd : Cleaned.
C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP73\A0021379.dll -> Adware.Look2Me : Cleaned.
C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP73\A0021380.dll -> Adware.Look2Me : Cleaned.
C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP73\A0021381.dll -> Adware.Look2Me : Cleaned.
C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP73\A0021382.dll -> Adware.Look2Me : Cleaned.
C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP73\A0021383.dll -> Adware.Look2Me : Cleaned.
C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP73\A0021384.dll -> Adware.Look2Me : Cleaned.
C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP73\A0021385.dll -> Adware.Look2Me : Cleaned.
C:\WINDOWS\system32\guard.tmp_tobedeleted -> Adware.Look2Me : Cleaned.
C:\warebundlenewer.exe -> Adware.Look2Me : Cleaned.
C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP71\A0019480.exe -> Adware.PurityScan : Cleaned.
C:\WINDOWS\system32\Yinstall.exe -> Adware.PurityScan : Cleaned.
D:\Documents and Settings\Chris\Local Settings\Temp\Temporary Internet Files\Content.IE5\ZQ8BS54P\Yinstall[1].mp3 -> Adware.PurityScan : Cleaned.
D:\Documents and Settings\Chris\Yinstall.exe -> Adware.PurityScan : Cleaned.
D:\Documents and Settings\Chris\mt-uninstaller.exe -> Adware.PurityScan : Cleaned.
D:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP71\A0019294.exe -> Adware.PurityScan : Cleaned.
D:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP71\A0019362.exe -> Adware.PurityScan : Cleaned.
D:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP71\A0019455.exe -> Adware.PurityScan : Cleaned.
C:\Program Files\Deskbar\deskbar.dll -> Adware.Softomate : Cleaned.
C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP71\A0019345.exe/IUCMORE.DLL -> Adware.Ucmore : Cleaned.
C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP71\A0019345.exe/UCMTSAIE.DLL -> Adware.Ucmore : Cleaned.
C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP71\A0019345.exe/empty_00000001 -> Adware.Ucmore : Cleaned.
C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP71\A0019346.dll -> Adware.Ucmore : Cleaned.
C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP71\A0019347.dll -> Adware.Ucmore : Cleaned.
D:\Documents and Settings\Steve.SN048853520471.000\Start Menu\Programs\UCmore - The Search Accelerator -> Adware.Ucmore : Cleaned.
D:\Documents and Settings\Steve.SN048853520471.000\Start Menu\Programs\UCmore - The Search Accelerator\How To Uninstall.lnk -> Adware.Ucmore : Error during cleaning.
D:\Documents and Settings\Steve.SN048853520471.000\Start Menu\Programs\UCmore - The Search Accelerator\UCmore - The Search Accelerator.lnk -> Adware.Ucmore : Error during cleaning.
D:\Documents and Settings\Steve.SN048853520471.000\Start Menu\Programs\UCmore - The Search Accelerator\UCmore Tour.lnk -> Adware.Ucmore : Error during cleaning.
C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP72\A0020355.rbf -> Backdoor.MSNMaker.z : Cleaned.
D:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP71\A0019295.pif -> Backdoor.MSNMaker.z : Cleaned.
C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP71\A0019482.exe -> Downloader.Adload.fu : Cleaned.
C:\WINDOWS\system32\drsmartload1135a.exe -> Downloader.Adload.fu : Cleaned.
D:\Documents and Settings\Chris\Local Settings\Temp\Temporary Internet Files\Content.IE5\61C5678J\drsmartload1135a[1].exe -> Downloader.Adload.fu : Cleaned.
D:\Documents and Settings\Chris\drsmartload1135a.exe -> Downloader.Adload.fu : Cleaned.
D:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP71\A0019291.exe -> Downloader.Adload.fu : Cleaned.
D:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP71\A0019457.exe -> Downloader.Adload.fu : Cleaned.
C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP71\A0019328.exe -> Downloader.Adload.gf : Cleaned.
C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP71\A0019474.exe -> Downloader.Adload.gf : Cleaned.
C:\WINDOWS\system32\nwr66710.dll -> Downloader.Agent.awb : Cleaned.
C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP71\A0019483.exe -> Downloader.Harnig.cu : Cleaned.
C:\WINDOWS\system32\loadadv455.exe -> Downloader.Harnig.cu : Cleaned.
D:\Documents and Settings\Chris\Local Settings\Temp\Temporary Internet Files\Content.IE5\2R47MNIF\loadadv455[1].exe -> Downloader.Harnig.cu : Cleaned.
D:\Documents and Settings\Chris\loadadv455.exe -> Downloader.Harnig.cu : Cleaned.
D:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP71\A0019292.exe -> Downloader.Harnig.cu : Cleaned.
D:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP71\A0019458.exe -> Downloader.Harnig.cu : Cleaned.
C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP71\A0019335.exe -> Downloader.Small : Cleaned.
C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP71\A0019336.dll -> Downloader.Small : Cleaned.
C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP71\A0018292.exe -> Downloader.Small.ajc : Cleaned.
C:\Program Files\Messenger\mewomyw.dll -> Downloader.Small.ctp : Cleaned.
C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP73\A0021414.exe -> Hijacker.Small : Cleaned.
C:\Program Files\Common Files\pofoz.html -> Hijacker.Small.jf : Cleaned.
C:\Program Files\Internet Explorer\mecewem.html -> Hijacker.Small.jf : Cleaned.
C:\WINDOWS\Downloaded Program Files\speedtest2.dll -> Not-A-Virus.Downloader.Win32.InsTool.a : Cleaned.
C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP71\A0019341.exe -> Not-A-Virus.Monitor.Win32.NetMon.a : Cleaned.
C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP71\A0019473.exe -> Not-A-Virus.Monitor.Win32.NetMon.a : Cleaned.
C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP71\A0019320.exe -> Proxy.Small.bo : Cleaned.
C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP71\A0019321.exe -> Proxy.Small.bo : Cleaned.
C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP71\A0019352.exe -> Proxy.Small.bo : Cleaned.
C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP71\A0019465.exe -> Proxy.Small.bo : Cleaned.
C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP71\A0019466.exe -> Proxy.Small.bo : Cleaned.
C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP73\A0021413.exe -> Proxy.Small.bo : Cleaned.
C:\WINDOWS\system32\__delete_on_reboot__s_t_o_n_e_d_r_v_._e_x_e_ -> Proxy.Small.bo : Cleaned.
D:\Documents and Settings\Chris\Local Settings\Temp\Temporary Internet Files\Content.IE5\ZQ8BS54P\ljeuqaxuj[1].htm -> Proxy.Small.bo : Cleaned.
:mozilla.127:D:\RECYCLER\S-1-5-21-2067689471-534587028-3215152666-500\Dd56\Application Data\Mozilla\Firefox\Profiles\y2mp4w9d.default\cookies.txt -> TrackingCookie.247realmedia : Cleaned.
:mozilla.15:D:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\3s9w2q5e.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.76:D:\RECYCLER\S-1-5-21-2067689471-534587028-3215152666-500\Dd56\Application Data\Mozilla\Firefox\Profiles\y2mp4w9d.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.168:D:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\m6482rnr.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.169:D:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\m6482rnr.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.170:D:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\m6482rnr.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.178:D:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\m6482rnr.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.607:D:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\m6482rnr.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.80:D:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\3s9w2q5e.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.81:D:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\3s9w2q5e.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.17:D:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\m6482rnr.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.18:D:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\m6482rnr.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.19:D:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\m6482rnr.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.20:D:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\m6482rnr.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.22:D:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\m6482rnr.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.23:D:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\m6482rnr.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.24:D:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\m6482rnr.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.62:D:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\3s9w2q5e.default\cookies.txt -> TrackingCookie.Adtech : Cleaned.
:mozilla.63:D:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\3s9w2q5e.default\cookies.txt -> TrackingCookie.Adtech : Cleaned.
:mozilla.82:D:\RECYCLER\S-1-5-21-2067689471-534587028-3215152666-500\Dd56\Application Data\Mozilla\Firefox\Profiles\y2mp4w9d.default\cookies.txt -> TrackingCookie.Adtech : Cleaned.
:mozilla.83:D:\RECYCLER\S-1-5-21-2067689471-534587028-3215152666-500\Dd56\Application Data\Mozilla\Firefox\Profiles\y2mp4w9d.default\cookies.txt -> TrackingCookie.Adtech : Cleaned.
:mozilla.63:D:\RECYCLER\S-1-5-21-2067689471-534587028-3215152666-500\Dd56\Application Data\Mozilla\Firefox\Profiles\y2mp4w9d.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.64:D:\RECYCLER\S-1-5-21-2067689471-534587028-3215152666-500\Dd56\Application Data\Mozilla\Firefox\Profiles\y2mp4w9d.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.65:D:\RECYCLER\S-1-5-21-2067689471-534587028-3215152666-500\Dd56\Application Data\Mozilla\Firefox\Profiles\y2mp4w9d.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.66:D:\RECYCLER\S-1-5-21-2067689471-534587028-3215152666-500\Dd56\Application Data\Mozilla\Firefox\Profiles\y2mp4w9d.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.132:D:\RECYCLER\S-1-5-21-2067689471-534587028-3215152666-500\Dd56\Application Data\Mozilla\Firefox\Profiles\y2mp4w9d.default\cookies.txt -> TrackingCookie.Adviva : Cleaned.
:mozilla.61:D:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\3s9w2q5e.default\cookies.txt -> TrackingCookie.Adviva : Cleaned.
:mozilla.28:D:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\3s9w2q5e.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
:mozilla.36:D:\RECYCLER\S-1-5-21-2067689471-534587028-3215152666-500\Dd56\Application Data\Mozilla\Firefox\Profiles\y2mp4w9d.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
:mozilla.144:D:\RECYCLER\S-1-5-21-2067689471-534587028-3215152666-500\Dd56\Application Data\Mozilla\Firefox\Profiles\y2mp4w9d.default\cookies.txt -> TrackingCookie.Bfast : Cleaned.
:mozilla.22:D:\RECYCLER\S-1-5-21-2067689471-534587028-3215152666-500\Dd56\Application Data\Mozilla\Firefox\Profiles\y2mp4w9d.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.27:D:\RECYCLER\S-1-5-21-2067689471-534587028-3215152666-500\Dd56\Application Data\Mozilla\Firefox\Profiles\y2mp4w9d.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.36:D:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\m6482rnr.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.37:D:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\m6482rnr.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.38:D:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\m6482rnr.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.39:D:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\m6482rnr.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.40:D:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\m6482rnr.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.41:D:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\m6482rnr.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.42:D:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\m6482rnr.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.43:D:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\m6482rnr.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.57:D:\RECYCLER\S-1-5-21-2067689471-534587028-3215152666-500\Dd56\Application Data\Mozilla\Firefox\Profiles\y2mp4w9d.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.58:D:\RECYCLER\S-1-5-21-2067689471-534587028-3215152666-500\Dd56\Application Data\Mozilla\Firefox\Profiles\y2mp4w9d.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.59:D:\RECYCLER\S-1-5-21-2067689471-534587028-3215152666-500\Dd56\Application Data\Mozilla\Firefox\Profiles\y2mp4w9d.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.60:D:\RECYCLER\S-1-5-21-2067689471-534587028-3215152666-500\Dd56\Application Data\Mozilla\Firefox\Profiles\y2mp4w9d.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.61:D:\RECYCLER\S-1-5-21-2067689471-534587028-3215152666-500\Dd56\Application Data\Mozilla\Firefox\Profiles\y2mp4w9d.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.613:D:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\m6482rnr.default\cookies.txt -> TrackingCookie.Clickhype : Cleaned.
:mozilla.614:D:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\m6482rnr.default\cookies.txt -> TrackingCookie.Clickhype : Cleaned.
:mozilla.615:D:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\m6482rnr.default\cookies.txt -> TrackingCookie.Clickhype : Cleaned.
:mozilla.616:D:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\m6482rnr.default\cookies.txt -> TrackingCookie.Clickhype : Cleaned.
:mozilla.102:D:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\m6482rnr.default\cookies.txt -> TrackingCookie.Com : Cleaned.
:mozilla.103:D:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\m6482rnr.default\cookies.txt -> TrackingCookie.Com : Cleaned.
:mozilla.113:D:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\m6482rnr.default\cookies.txt -> TrackingCookie.Cpvfeed : Cleaned.
:mozilla.114:D:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\m6482rnr.default\cookies.txt -> TrackingCookie.Cpvfeed : Cleaned.
:mozilla.115:D:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\m6482rnr.default\cookies.txt -> TrackingCookie.Cpvfeed : Cleaned.
:mozilla.116:D:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\m6482rnr.default\cookies.txt -> TrackingCookie.Cpvfeed : Cleaned.
:mozilla.25:D:\RECYCLER\S-1-5-21-2067689471-534587028-3215152666-500\Dd56\Application Data\Mozilla\Firefox\Profiles\y2mp4w9d.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.26:D:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\3s9w2q5e.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.408:D:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\m6482rnr.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.409:D:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\m6482rnr.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.410:D:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\m6482rnr.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
D:\RECYCLER\S-1-5-21-2067689471-534587028-3215152666-500\Dd56\Cookies\stephen@e-2dj6wflygoazobq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.504:D:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\m6482rnr.default\cookies.txt -> TrackingCookie.Etracker : Cleaned.
:mozilla.505:D:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\m6482rnr.default\cookies.txt -> TrackingCookie.Etracker : Cleaned.
:mozilla.438:D:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\m6482rnr.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.439:D:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\m6482rnr.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.440:D:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\m6482rnr.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.51:D:\RECYCLER\S-1-5-21-2067689471-534587028-3215152666-500\Dd56\Application Data\Mozilla\Firefox\Profiles\y2mp4w9d.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.52:D:\RECYCLER\S-1-5-21-2067689471-534587028-3215152666-500\Dd56\Application Data\Mozilla\Firefox\Profiles\y2mp4w9d.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.53:D:\RECYCLER\S-1-5-21-2067689471-534587028-3215152666-500\Dd56\Application Data\Mozilla\Firefox\Profiles\y2mp4w9d.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.54:D:\RECYCLER\S-1-5-21-2067689471-534587028-3215152666-500\Dd56\Application Data\Mozilla\Firefox\Profiles\y2mp4w9d.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.66:D:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\3s9w2q5e.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.67:D:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\3s9w2q5e.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.68:D:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\3s9w2q5e.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
D:\RECYCLER\S-1-5-21-2067689471-534587028-3215152666-500\Dd56\Cookies\stephen@adopt.euroclick[1].txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.77:D:\RECYCLER\S-1-5-21-2067689471-534587028-3215152666-500\Dd56\Application Data\Mozilla\Firefox\Profiles\y2mp4w9d.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.19:D:\RECYCLER\S-1-5-21-2067689471-534587028-3215152666-500\Dd56\Application Data\Mozilla\Firefox\Profiles\y2mp4w9d.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.20:D:\RECYCLER\S-1-5-21-2067689471-534587028-3215152666-500\Dd56\Application Data\Mozilla\Firefox\Profiles\y2mp4w9d.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.21:D:\RECYCLER\S-1-5-21-2067689471-534587028-3215152666-500\Dd56\Application Data\Mozilla\Firefox\Profiles\y2mp4w9d.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.24:D:\RECYCLER\S-1-5-21-2067689471-534587028-3215152666-500\Dd56\Application Data\Mozilla\Firefox\Profiles\y2mp4w9d.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.28:D:\RECYCLER\S-1-5-21-2067689471-534587028-3215152666-500\Dd56\Application Data\Mozilla\Firefox\Profiles\y2mp4w9d.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.29:D:\RECYCLER\S-1-5-21-2067689471-534587028-3215152666-500\Dd56\Application Data\Mozilla\Firefox\Profiles\y2mp4w9d.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.311:D:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\m6482rnr.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.392:D:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\m6482rnr.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.407:D:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\m6482rnr.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.556:D:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\m6482rnr.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.564:D:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\m6482rnr.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.59:D:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\3s9w2q5e.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.771:D:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\m6482rnr.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.772:D:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\m6482rnr.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.774:D:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\m6482rnr.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.789:D:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\m6482rnr.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.790:D:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\m6482rnr.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.811:D:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\m6482rnr.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.822:D:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\m6482rnr.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.82:D:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\3s9w2q5e.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.836:D:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\m6482rnr.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.846:D:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\m6482rnr.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.849:D:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\m6482rnr.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.108:D:\RECYCLER\S-1-5-21-2067689471-534587028-3215152666-500\Dd56\Application Data\Mozilla\Firefox\Profiles\y2mp4w9d.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.109:D:\RECYCLER\S-1-5-21-2067689471-534587028-3215152666-500\Dd56\Application Data\Mozilla\Firefox\Profiles\y2mp4w9d.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.111:D:\RECYCLER\S-1-5-21-2067689471-534587028-3215152666-500\Dd56\Application Data\Mozilla\Firefox\Profiles\y2mp4w9d.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.821:D:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\m6482rnr.default\cookies.txt -> TrackingCookie.Hypertracker : Cleaned.
:mozilla.183:D:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\m6482rnr.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.184:D:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\m6482rnr.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.185:D:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\m6482rnr.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.538:D:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\m6482rnr.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.539:D:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\m6482rnr.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.540:D:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\m6482rnr.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.557:D:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\m6482rnr.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.558:D:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\m6482rnr.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.785:D:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\m6482rnr.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.786:D:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\m6482rnr.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.841:D:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\m6482rnr.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.65:D:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\3s9w2q5e.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.84:D:\RECYCLER\S-1-5-21-2067689471-534587028-3215152666-500\Dd56\Application Data\Mozilla\Firefox\Profiles\y2mp4w9d.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.834:D:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\m6482rnr.default\cookies.txt -> TrackingCookie.Onestat : Cleaned.
:mozilla.835:D:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\m6482rnr.default\cookies.txt -> TrackingCookie.Onestat : Cleaned.
:mozilla.196:D:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\m6482rnr.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.197:D:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\m6482rnr.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.198:D:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\m6482rnr.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.199:D:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\m6482rnr.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.202:D:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\m6482rnr.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.203:D:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\m6482rnr.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.204:D:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\m6482rnr.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.530:D:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\m6482rnr.default\cookies.txt -> TrackingCookie.Revenue : Cleaned.
:mozilla.416:D:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\m6482rnr.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.417:D:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\m6482rnr.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.418:D:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\m6482rnr.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.419:D:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\m6482rnr.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.420:D:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\m6482rnr.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.421:D:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\m6482rnr.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.707:D:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\m6482rnr.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.708:D:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\m6482rnr.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.48:D:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\3s9w2q5e.default\cookies.txt -> TrackingCookie.Sitestat : Cleaned.
:mozilla.50:D:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\3s9w2q5e.default\cookies.txt -> TrackingCookie.Sitestat : Cleaned.
:mozilla.639:D:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\m6482rnr.default\cookies.txt -> TrackingCookie.Sitestat : Cleaned.
:mozilla.55:D:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\3s9w2q5e.default\cookies.txt -> TrackingCookie.Starware : Cleaned.
:mozilla.56:D:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\3s9w2q5e.default\cookies.txt -> TrackingCookie.Starware : Cleaned.
:mozilla.57:D:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\3s9w2q5e.default\cookies.txt -> TrackingCookie.Starware : Cleaned.
:mozilla.58:D:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\3s9w2q5e.default\cookies.txt -> TrackingCookie.Starware : Cleaned.
:mozilla.323:D:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\m6482rnr.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.324:D:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\m6482rnr.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.325:D:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\m6482rnr.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.326:D:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\m6482rnr.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.327:D:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\m6482rnr.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.328:D:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\m6482rnr.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.330:D:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\m6482rnr.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.331:D:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\m6482rnr.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.51:D:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\3s9w2q5e.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.52:D:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\3s9w2q5e.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
D:\Documents and Settings\Chris\Local Settings\Temp\Cookies\chris@statcounter[1].txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.23:D:\RECYCLER\S-1-5-21-2067689471-534587028-3215152666-500\Dd56\Application Data\Mozilla\Firefox\Profiles\y2mp4w9d.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.257:D:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\m6482rnr.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.261:D:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\m6482rnr.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.263:D:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\m6482rnr.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.26:D:\RECYCLER\S-1-5-21-2067689471-534587028-3215152666-500\Dd56\Application Data\Mozilla\Firefox\Profiles\y2mp4w9d.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.30:D:\RECYCLER\S-1-5-21-2067689471-534587028-3215152666-500\Dd56\Application Data\Mozilla\Firefox\Profiles\y2mp4w9d.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.31:D:\RECYCLER\S-1-5-21-2067689471-534587028-3215152666-500\Dd56\Application Data\Mozilla\Firefox\Profiles\y2mp4w9d.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.32:D:\RECYCLER\S-1-5-21-2067689471-534587028-3215152666-500\Dd56\Application Data\Mozilla\Firefox\Profiles\y2mp4w9d.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.85:D:\RECYCLER\S-1-5-21-2067689471-534587028-3215152666-500\Dd56\Application Data\Mozilla\Firefox\Profiles\y2mp4w9d.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned.
:mozilla.86:D:\RECYCLER\S-1-5-21-2067689471-534587028-3215152666-500\Dd56\Application Data\Mozilla\Firefox\Profiles\y2mp4w9d.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned.
:mozilla.87:D:\RECYCLER\S-1-5-21-2067689471-534587028-3215152666-500\Dd56\Application Data\Mozilla\Firefox\Profiles\y2mp4w9d.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned.
:mozilla.88:D:\RECYCLER\S-1-5-21-2067689471-534587028-3215152666-500\Dd56\Application Data\Mozilla\Firefox\Profiles\y2mp4w9d.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned.
:mozilla.49:D:\RECYCLER\S-1-5-21-2067689471-534587028-3215152666-500\Dd56\Application Data\Mozilla\Firefox\Profiles\y2mp4w9d.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.50:D:\RECYCLER\S-1-5-21-2067689471-534587028-3215152666-500\Dd56\Application Data\Mozilla\Firefox\Profiles\y2mp4w9d.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.48:D:\RECYCLER\S-1-5-21-2067689471-534587028-3215152666-500\Dd56\Application Data\Mozilla\Firefox\Profiles\y2mp4w9d.default\cookies.txt -> TrackingCookie.Valueclick : Cleaned.
:mozilla.491:D:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\m6482rnr.default\cookies.txt -> TrackingCookie.Web-stat : Cleaned.
:mozilla.492:D:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\m6482rnr.default\cookies.txt -> TrackingCookie.Web-stat : Cleaned.
:mozilla.525:D:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\m6482rnr.default\cookies.txt -> TrackingCookie.Web-stat : Cleaned.
:mozilla.12:D:\RECYCLER\S-1-5-21-2067689471-534587028-3215152666-500\Dd56\Application Data\Mozilla\Firefox\Profiles\y2mp4w9d.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned.
:mozilla.54:D:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\m6482rnr.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.55:D:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\m6482rnr.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.56:D:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\m6482rnr.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.57:D:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\m6482rnr.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.58:D:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\m6482rnr.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.59:D:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\m6482rnr.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.60:D:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\m6482rnr.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.61:D:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\m6482rnr.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.62:D:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\m6482rnr.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.63:D:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\m6482rnr.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
D:\Documents and Settings\Chris\Local Settings\Temp\Cookies\chris@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Cleaned.
D:\RECYCLER\S-1-5-21-2067689471-534587028-3215152666-500\Dd56\Cookies\stephen@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.134:D:\RECYCLER\S-1-5-21-2067689471-534587028-3215152666-500\Dd56\Application Data\Mozilla\Firefox\Profiles\y2mp4w9d.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.135:D:\RECYCLER\S-1-5-21-2067689471-534587028-3215152666-500\Dd56\Application Data\Mozilla\Firefox\Profiles\y2mp4w9d.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.136:D:\RECYCLER\S-1-5-21-2067689471-534587028-3215152666-500\Dd56\Application Data\Mozilla\Firefox\Profiles\y2mp4w9d.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.824:D:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\m6482rnr.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.825:D:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\m6482rnr.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.826:D:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\m6482rnr.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP71\A0019316.exe -> Trojan.ProcKill.DJ : Cleaned.
C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP71\A0019322.exe -> Trojan.ProcKill.DJ : Cleaned.
C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP71\A0019323.exe -> Trojan.ProcKill.DJ : Cleaned.
C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP71\A0019342.exe -> Trojan.ProcKill.DJ : Cleaned.
C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP71\A0019343.exe -> Trojan.ProcKill.DJ : Cleaned.
C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP71\A0019344.exe -> Trojan.ProcKill.DJ : Cleaned.
C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP71\A0019463.exe -> Trojan.ProcKill.DJ : Cleaned.
C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP71\A0019467.exe -> Trojan.ProcKill.DJ : Cleaned.
C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP71\A0019468.exe -> Trojan.ProcKill.DJ : Cleaned.
C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP71\A0019469.exe -> Trojan.ProcKill.DJ : Cleaned.
D:\Documents and Settings\Chris\Local Settings\Temp\Temporary Internet Files\Content.IE5\1EFFTYZP\htozsp[1].htm -> Trojan.ProcKill.DJ : Cleaned.
D:\Documents and Settings\Chris\Local Settings\Temp\Temporary Internet Files\Content.IE5\2R47MNIF\oaikjxxq[1].htm -> Trojan.ProcKill.DJ : Cleaned.
D:\Documents and Settings\Chris\Local Settings\Temp\Temporary Internet Files\Content.IE5\61C5678J\jhqbhroln[1].htm -> Trojan.ProcKill.DJ : Cleaned.
D:\Documents and Settings\Chris\Local Settings\Temp\Temporary Internet Files\Content.IE5\61C5678J\ucbacz[1].htm -> Trojan.ProcKill.DJ : Cleaned.
C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00025.exe -> Trojan.Sinowal.ay : Cleaned.
C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP71\A0019318.exe -> Trojan.Sinowal.ay : Cleaned.
C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP71\A0019461.exe -> Trojan.Sinowal.ay : Cleaned.
C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP72\A0019489.exe -> Trojan.Sinowal.ay : Cleaned.
C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP71\A0019308.exe -> Trojan.Sinowal.az : Cleaned.
C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP71\A0019387.exe -> Trojan.Sinowal.az : Cleaned.
C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP71\A0019459.exe -> Trojan.Sinowal.az : Cleaned.
D:\Documents and Settings\Chris\Local Settings\Temp\Temporary Internet Files\Content.IE5\1EFFTYZP\edyokhrbd[1].txt -> Trojan.Sinowal.az : Cleaned.
C:\Program Files\Common Files\Microsoft Shared\Web Folders\__delete_on_reboot__i_b_m_0_0_0_2_5_._d_l_l_ -> Trojan.Sinowal.bc : Cleaned.
C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00017.dll -> Trojan.Sinowal.bc : Cleaned.
C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP71\A0019319.dll -> Trojan.Sinowal.bc : Cleaned.
C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP71\A0019462.dll -> Trojan.Sinowal.bc : Cleaned.
C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP72\A0019542.dll -> Trojan.Sinowal.bc : Cleaned.
C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP73\A0021416.dll -> Trojan.Sinowal.bc : Cleaned.
C:\Program Files\Common Files\Microsoft Shared\Web Folders\__delete_on_reboot__i_b_m_0_0_0_2_6_._d_l_l_ -> Trojan.Sinowal.bd : Cleaned.
C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00016.dll -> Trojan.Sinowal.bd : Cleaned.
C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00018.dll -> Trojan.Sinowal.bd : Cleaned.
C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00020.dll -> Trojan.Sinowal.bd : Cleaned.
C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00022.dll -> Trojan.Sinowal.bd : Cleaned.
C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP71\A0019317.dll -> Trojan.Sinowal.bd : Cleaned.
C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP71\A0019329.dll -> Trojan.Sinowal.bd : Cleaned.
C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP71\A0019460.dll -> Trojan.Sinowal.bd : Cleaned.
C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP73\A0021415.dll -> Trojan.Sinowal.bd : Cleaned.
::Report end
*****
HJT
*****
Logfile of HijackThis v1.99.1
Scan saved at 21:07:55, on 06/10/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\COMMON~1\Stardock\SDMCP.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\LClock\LClock.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\winlogon7.exe
C:\dfndrff_e24.exe
C:\kybrdff_e24.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Common Files\{44A874C3-0BF3-2057-0830-05092905002c}\Update.exe
C:\Program Files\PeerGuardian2\pg2.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\WinRAR\WinRAR.exe
D:\DOCUME~1\Chris\LOCALS~1\Temp\Rar$EX00.640\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.wanadoo.co.uk/iesearch/default.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wanadoo.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.wanadoo.co.uk
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Wanadoo
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - (no file)
O3 - Toolbar: Wanadoo - {8B68564D-53FD-4293-B80C-993A9F3988EE} - C:\PROGRA~1\Wanadoo\WSBar\WSBar.dll (file missing)
O3 - Toolbar: ToolBar888 - {C004DEC2-2623-438e-9CA2-C9043AB28508} - C:\Program Files\Common Files\{34A874C3-0BF4-2057-0830-05092905002c}\MyToolBar.dll
O4 - HKLM\..\Run: [LClock] C:\Program Files\LClock\LClock.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [explorer] D:\Documents and Settings\Chris\Yinstall.exe
O4 - HKLM\..\Run: [SvcManager] winlogon7.exe
O4 - HKLM\..\Run: [nwr66710] RUNDLL32.EXE w0027fe4.dll,n 0056670b0000000a0027fe4
O4 - HKLM\..\Run: [defender] C:\\dfndrff_e24.exe
O4 - HKLM\..\Run: [keyboard] C:\\kybrdff_e24.exe
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [PeerGuardian] C:\Program Files\PeerGuardian2\pg2.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Search with Wanadoo - res://C:\PROGRA~1\Wanadoo\WSBar\WSBar.dll/VSearch.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.wanadoo.co.uk
O16 - DPF: {E055C02E-6258-40FF-80A7-3BDA52FACAD7} (Installer Class) - http://activex.matcash.com/speedtest2.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{A63F059F-F9E6-4A1A-A157-8813BE59A2FC}: NameServer = 195.92.195.95 195.92.195.94
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: MCPClient - C:\PROGRA~1\COMMON~1\Stardock\mcpstub.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\Q2hyaXM\command.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
|
|
maca1
Senior Member
|
6. October 2006 @ 13:03 |
Link to this message
|
|
This message has been edited since posting. Last time this message was edited on 6. October 2006 @ 13:11
|
|
rowski
Junior Member
|
7. October 2006 @ 01:43 |
Link to this message
|
Chris - 06-10-07 10:35:39.32 Service Pack 2
ComboFix 06.09.28 - Running from: "D:\Documents and Settings\Chris\Desktop"
(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
C:\dfndrff_e24.exe
C:\kybrdff_e24.exe
C:\MTE3NDI6ODoxNgnew.exe
C:\MTE3NDI6ODoxNgV2.exe
C:\RDFX4.exe
C:\Program Files\Deskbar
C:\Program Files\Common Files\{34A874C3-0BF3-2057-0830-05092905002c}
C:\Program Files\Common Files\{34A874C3-0BF4-2057-0830-05092905002c}
C:\Program Files\Common Files\{44A874C3-0BF3-2057-0830-05092905002c}
C:\WINDOWS\Q2hyaXM
C:\Program Files\Common Files\{44A874C3-0BF4-2057-0830-05092905002c}
((((((((((((((((((((((((((((((( Files Created from 2006-09-07 to 2006-10-07 ))))))))))))))))))))))))))))))))))
2006-10-06 19:46 3,968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2006-10-06 18:27 40,960 --a------ C:\WINDOWS\system32\svchost6.exe
2006-10-06 17:26 0 --a------ C:\tyeoh.exe
2006-10-06 17:24 0 --a------ C:\teqnsq.exe
2006-10-06 17:23 0 --a------ C:\pmmbhym.exe
2006-10-06 17:21 0 --a------ C:\otwlkons.exe
2006-10-06 17:18 0 --a------ C:\ffgwmpsk.exe
2006-10-06 16:36 115,947 --a------ C:\WINDOWS\system32\mny.exe
2006-10-06 16:36 115,712 --a------ C:\WINDOWS\system32\c.exe
2006-10-06 16:26 76,288 --a------ C:\ccreenfd.exe
2006-10-06 16:04 70,936 --a------ C:\WINDOWS\system32\lzx32.sys
2006-10-06 16:03 40,960 --a------ C:\WINDOWS\system32\winlogon7.exe
2006-10-06 09:40 40,960 --a------ C:\ufhkfrm.exe
2006-10-06 09:40 1,465 --a------ C:\fpkbgcl.exe
2006-10-06 09:39 76,288 --a------ C:\jyxpor.exe
2006-10-06 09:31 578,560 --a------ C:\Installer4.exe
2006-10-06 09:31 1,233 --a------ C:\WINDOWS\system32\nwr66710.sys
2006-10-06 09:30 77,312 --a------ C:\jttsdgjj.exe
2006-10-06 09:30 1,465 --a------ C:\ovvpecjh.exe
2006-09-17 15:07 44,114 --a------ C:\WINDOWS\BricoPackUninst.cmd
2006-09-17 15:06 3,038 --a------ C:\WINDOWS\BricoPackFoldersDelete.cmd
2006-09-14 20:01 24,816 --a------ C:\WINDOWS\system32\mdimon.dll
(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))
Rootkit driver pe386 is present. A rootkit scan is required
2006-10-07 10:37 -------- d-------- C:\Program Files\Common Files
2006-10-07 10:37 -------- d-------- C:\Program Files\Common Files
2006-10-07 10:34 -------- d-------- C:\Program Files\Java
2006-10-07 10:34 -------- d-------- C:\Program Files\Java
2006-10-07 10:32 -------- d-------- C:\Program Files\Common Files\Java
2006-10-07 10:21 -------- d-------- C:\Program Files\PeerGuardian2
2006-10-07 10:21 -------- d-------- C:\Program Files\PeerGuardian2
2006-10-07 10:12 -------- d-------- C:\Program Files\Mozilla Firefox
2006-10-07 10:12 -------- d-------- C:\Program Files\Mozilla Firefox
2006-10-06 20:37 -------- d-------- C:\Program Files\Internet Explorer
2006-10-06 20:37 -------- d-------- C:\Program Files\Internet Explorer
2006-10-06 19:23 -------- d-------- C:\Program Files\Grisoft
2006-10-06 19:23 -------- d-------- C:\Program Files\Grisoft
2006-10-06 18:47 -------- d-------- C:\Program Files\MSN Messenger
2006-10-06 18:47 -------- d-------- C:\Program Files\MSN Messenger
2006-10-06 17:18 -------- d-------- C:\Program Files\Bit_Torrent
2006-10-06 17:18 -------- d-------- C:\Program Files\Bit_Torrent
2006-10-06 16:48 -------- d-------- C:\Program Files\CCleaner
2006-10-06 16:48 -------- d-------- C:\Program Files\CCleaner
2006-10-06 16:47 -------- d-------- C:\Program Files\Zone Labs
2006-10-06 16:47 -------- d-------- C:\Program Files\Zone Labs
2006-10-06 09:30 -------- d-------- C:\Program Files\Messenger
2006-10-06 09:30 -------- d-------- C:\Program Files\Messenger
2006-10-03 16:41 -------- d-------- C:\Program Files\Adobe
2006-10-03 16:41 -------- d-------- C:\Program Files\Adobe
2006-10-03 16:40 -------- d-------- C:\Program Files\Common Files\Adobe
2006-10-03 16:39 -------- d-------- C:\Program Files\Common Files\Adobe Systems Shared
2006-10-02 16:55 -------- d--h----- C:\Program Files\InstallShield Installation Information
2006-10-02 16:55 -------- d--h----- C:\Program Files\InstallShield Installation Information
2006-10-02 16:51 -------- d-------- C:\Program Files\QuickTime
2006-10-02 16:51 -------- d-------- C:\Program Files\QuickTime
2006-10-02 16:50 -------- d-------- C:\Program Files\iTunes
2006-10-02 16:50 -------- d-------- C:\Program Files\iTunes
2006-10-02 16:50 -------- d-------- C:\Program Files\iPod
2006-10-02 16:50 -------- d-------- C:\Program Files\iPod
2006-10-02 16:01 -------- d-------- C:\Program Files\Windows Media Player
2006-10-02 16:01 -------- d-------- C:\Program Files\Windows Media Player
2006-09-24 09:52 -------- d-------- C:\Program Files\Messenger Plus! Live
2006-09-24 09:52 -------- d-------- C:\Program Files\Messenger Plus! Live
2006-09-23 22:02 -------- d-------- C:\Program Files\Last.fm
2006-09-23 22:02 -------- d-------- C:\Program Files\Last.fm
2006-09-21 20:52 -------- d-------- C:\Program Files\mpegable
2006-09-21 20:52 -------- d-------- C:\Program Files\mpegable
2006-09-21 20:51 -------- d-------- C:\Program Files\Windows Media Connect 2
2006-09-21 20:51 -------- d-------- C:\Program Files\Windows Media Connect 2
2006-09-21 20:48 -------- d-------- C:\Program Files\Shareaza
2006-09-21 20:48 -------- d-------- C:\Program Files\Shareaza
2006-09-17 16:47 -------- d-------- C:\Program Files\Outlook Express
2006-09-17 16:47 -------- d-------- C:\Program Files\Outlook Express
2006-09-17 16:34 -------- d-------- C:\Program Files\Common Files\Microsoft Shared
2006-09-17 16:24 -------- d-------- C:\Program Files\Microsoft ActiveSync
2006-09-17 16:24 -------- d-------- C:\Program Files\Microsoft ActiveSync
2006-09-17 16:23 -------- d-------- C:\Program Files\Microsoft Office
2006-09-17 16:23 -------- d-------- C:\Program Files\Microsoft Office
2006-09-17 16:23 -------- d-------- C:\Program Files\Common Files\DESIGNER
2006-09-17 16:22 -------- d-------- C:\Program Files\Microsoft.NET
2006-09-17 16:22 -------- d-------- C:\Program Files\Microsoft.NET
2006-09-17 16:22 -------- d-------- C:\Program Files\Common Files\System
2006-09-17 16:22 -------- d-------- C:\Program Files\Common Files\ODBC
2006-09-17 15:25 -------- d-------- C:\Program Files\DivX
2006-09-17 15:25 -------- d-------- C:\Program Files\DivX
2006-09-17 15:25 -------- d-------- C:\Program Files\Common Files\aolshare
2006-09-17 15:25 -------- d-------- C:\Program Files\AOL 9.0
2006-09-17 15:25 -------- d-------- C:\Program Files\AOL 9.0
2006-09-14 19:58 -------- d-------- C:\Program Files\Microsoft Visual Studio
2006-09-14 19:58 -------- d-------- C:\Program Files\Microsoft Visual Studio
2006-09-13 19:03 -------- d-------- C:\Program Files\Warez
2006-09-13 19:03 -------- d-------- C:\Program Files\Warez
2006-08-28 09:24 -------- d-------- C:\Program Files\EA GAMES
2006-08-28 09:24 -------- d-------- C:\Program Files\EA GAMES
2006-08-27 17:24 -------- d-------- C:\Program Files\HiVision Multimedia
2006-08-27 17:24 -------- d-------- C:\Program Files\HiVision Multimedia
2006-08-26 22:57 -------- d-------- C:\Program Files\HP
2006-08-26 22:57 -------- d-------- C:\Program Files\HP
2006-08-26 22:57 -------- d-------- C:\Program Files\Common Files\HP
2006-08-26 22:56 -------- d-------- C:\Program Files\Hewlett-Packard
2006-08-26 22:56 -------- d-------- C:\Program Files\Hewlett-Packard
2006-08-26 22:56 -------- d-------- C:\Program Files\Common Files\Hewlett-Packard
2006-08-24 22:42 8704 --a------ C:\WINDOWS\system32\wdfmgr.exe
2006-08-24 22:42 8704 --a------ C:\WINDOWS\system32\uwdf.exe
2006-08-24 22:30 99840 --a------ C:\WINDOWS\system32\wmpshell.dll
2006-08-24 22:30 990208 --a------ C:\WINDOWS\system32\drmv2clt.dll
2006-08-24 22:30 937984 --a------ C:\WINDOWS\system32\WMNetMgr.dll
2006-08-24 22:30 8337920 --a------ C:\WINDOWS\system32\wmploc.dll
2006-08-24 22:30 790016 --------- C:\WINDOWS\system32\WMVSENCD.dll
2006-08-24 22:30 757248 --a------ C:\WINDOWS\system32\WMADMOD.dll
2006-08-24 22:30 7168 --a------ C:\WINDOWS\system32\asferror.dll
2006-08-24 22:30 656896 --------- C:\WINDOWS\system32\WMVXENCD.dll
2006-08-24 22:30 63488 --a------ C:\WINDOWS\system32\wpdmtpus.dll
2006-08-24 22:30 629760 --a------ C:\WINDOWS\system32\wpd_ci.dll
2006-08-24 22:30 611840 --------- C:\WINDOWS\system32\wmpmde.dll
2006-08-24 22:30 603648 --a------ C:\WINDOWS\system32\WMSPDMOD.dll
2006-08-24 22:30 537600 --a------ C:\WINDOWS\system32\blackbox.dll
2006-08-24 22:30 532992 --------- C:\WINDOWS\system32\wmdrmsdk.dll
2006-08-24 22:30 428032 --a------ C:\WINDOWS\system32\wmdrmdev.dll
2006-08-24 22:30 414208 --a------ C:\WINDOWS\system32\msscp.dll
2006-08-24 22:30 4096 --a------ C:\WINDOWS\system32\wmvdmoe2.dll
2006-08-24 22:30 4096 --a------ C:\WINDOWS\system32\wmvdmod.dll
2006-08-24 22:30 4096 --a------ C:\WINDOWS\system32\WMVADVE.DLL
2006-08-24 22:30 4096 --a------ C:\WINDOWS\system32\WMVADVD.dll
2006-08-24 22:30 4096 --a------ C:\WINDOWS\system32\wmsdmoe2.dll
2006-08-24 22:30 4096 --a------ C:\WINDOWS\system32\wmsdmod.dll
2006-08-24 22:30 4096 --a------ C:\WINDOWS\system32\wdfapi.dll
2006-08-24 22:30 4096 --a------ C:\WINDOWS\system32\MPG4DMOD.dll
2006-08-24 22:30 4096 --a------ C:\WINDOWS\system32\MP4SDMOD.dll
2006-08-24 22:30 4096 --a------ C:\WINDOWS\system32\MP43DMOD.dll
2006-08-24 22:30 37376 --a------ C:\WINDOWS\system32\wmdmps.dll
2006-08-24 22:30 35840 --a------ C:\WINDOWS\system32\wpdconns.dll
2006-08-24 22:30 349184 --a------ C:\WINDOWS\system32\wpdsp.dll
2006-08-24 22:30 347648 --a------ C:\WINDOWS\system32\wmdrmnet.dll
2006-08-24 22:30 33792 --a------ C:\WINDOWS\system32\wmdmlog.dll
2006-08-24 22:30 320512 --a------ C:\WINDOWS\system32\mswmdm.dll
2006-08-24 22:30 316928 --------- C:\WINDOWS\system32\MP4SDECD.dll
2006-08-24 22:30 314368 --a------ C:\WINDOWS\system32\wmpdxm.dll
2006-08-24 22:30 305152 --------- C:\WINDOWS\system32\MSDelta.dll
2006-08-24 22:30 295424 --------- C:\WINDOWS\system32\wmpeffects.dll
2006-08-24 22:30 284160 --------- C:\WINDOWS\system32\PortableDeviceApi.dll
2006-08-24 22:30 276480 --a------ C:\WINDOWS\system32\audiodev.dll
2006-08-24 22:30 27648 --a------ C:\WINDOWS\system32\mspmsnsv.dll
2006-08-24 22:30 259072 --------- C:\WINDOWS\system32\MPG4DECD.dll
2006-08-24 22:30 2589184 --------- C:\WINDOWS\system32\WpdShext.dll
2006-08-24 22:30 258560 --------- C:\WINDOWS\system32\MP43DECD.dll
2006-08-24 22:30 2450944 --a------ C:\WINDOWS\system32\wmvcore.dll
2006-08-24 22:30 242176 --a------ C:\WINDOWS\system32\wmpasf.dll
2006-08-24 22:30 228352 --a------ C:\WINDOWS\system32\cewmdm.dll
2006-08-24 22:30 227328 --a------ C:\WINDOWS\system32\wmerror.dll
2006-08-24 22:30 222208 --a------ C:\WINDOWS\system32\WMASF.dll
2006-08-24 22:30 211968 --------- C:\WINDOWS\system32\MFPLAT.dll
2006-08-24 22:30 210432 --a------ C:\WINDOWS\system32\qasf.dll
2006-08-24 22:30 204800 --a------ C:\WINDOWS\system32\wmpsrcwp.dll
2006-08-24 22:30 198144 --------- C:\WINDOWS\system32\PortableDeviceWMDRM.dll
2006-08-24 22:30 179712 --a------ C:\WINDOWS\system32\msnetobj.dll
2006-08-24 22:30 175104 --a------ C:\WINDOWS\system32\mspmsp.dll
2006-08-24 22:30 166912 --------- C:\WINDOWS\system32\PortableDeviceTypes.dll
2006-08-24 22:30 1660416 --a------ C:\WINDOWS\system32\wmpencen.dll
2006-08-24 22:30 157184 --a------ C:\WINDOWS\system32\wmidx.dll
2006-08-24 22:30 154624 --a------ C:\WINDOWS\system32\wpdmtp.dll
2006-08-24 22:30 1539584 --------- C:\WINDOWS\system32\WMVDECOD.dll
2006-08-24 22:30 1532416 --------- C:\WINDOWS\system32\WMVENCOD.dll
2006-08-24 22:30 1392128 --------- C:\WINDOWS\system32\WMVSDECD.dll
2006-08-24 22:30 133120 --------- C:\WINDOWS\system32\WPDShServiceObj.dll
2006-08-24 22:30 1327616 --a------ C:\WINDOWS\system32\WMSPDMOE.dll
2006-08-24 22:30 132096 --------- C:\WINDOWS\system32\PortableDeviceWiaCompat.dll
2006-08-24 22:30 130048 --------- C:\WINDOWS\system32\wmpps.dll
2006-08-24 22:30 11264 --a------ C:\WINDOWS\system32\LAPRXY.dll
2006-08-24 22:30 1118208 --a------ C:\WINDOWS\system32\WMADMOE.dll
2006-08-24 22:30 101888 --------- C:\WINDOWS\system32\PortableDeviceClassExtension.dll
2006-08-24 20:31 100864 --a------ C:\WINDOWS\system32\logagent.exe
2006-08-24 20:27 249344 --------- C:\WINDOWS\system32\drmupgds.exe
2006-08-24 20:26 95288 --------- C:\WINDOWS\system32\WUDFCoinstaller.dll
2006-08-24 20:26 38656 --a------ C:\WINDOWS\system32\drivers\wpdusb.sys
2006-08-24 20:26 17408 --------- C:\WINDOWS\system32\wpdshextautoplay.exe
2006-08-24 19:22 90112 --------- C:\WINDOWS\system32\drivers\WudfRd.sys
2006-08-24 19:19 316416 --------- C:\WINDOWS\system32\WUDFx.dll
2006-08-24 19:19 145920 --------- C:\WINDOWS\system32\WudfHost.exe
2006-08-24 19:18 84864 --------- C:\WINDOWS\system32\drivers\WudfPf.sys
2006-08-24 19:18 56320 --------- C:\WINDOWS\system32\WudfSvc.dll
2006-08-24 19:18 168448 --------- C:\WINDOWS\system32\WudfPlatform.dll
2006-08-23 23:12 218624 --a------ C:\WINDOWS\system32\uxtheme.dll
2006-08-23 23:12 -------- d-------- C:\Program Files\LClock
2006-08-23 23:12 -------- d-------- C:\Program Files\LClock
2006-08-23 23:12 -------- d-------- C:\Program Files\Glass2k
2006-08-23 23:12 -------- d-------- C:\Program Files\Glass2k
2006-08-21 13:21 16896 --a------ C:\WINDOWS\system32\fltlib.dll
2006-08-21 10:14 23040 --a------ C:\WINDOWS\system32\fltmc.exe
2006-08-21 10:14 128896 --a------ C:\WINDOWS\system32\drivers\fltmgr.sys
2006-08-14 16:55 -------- d--h----- C:\Program Files\BitLord
2006-08-14 16:55 -------- d--h----- C:\Program Files\BitLord
2006-08-11 11:29 60416 --a------ C:\WINDOWS\system32\rbap350.dll
2006-08-11 11:29 54784 --a------ C:\WINDOWS\system32\RBQT350.DLL
2006-08-11 11:29 39936 --a------ C:\WINDOWS\system32\RBShell350.dll
2006-08-11 11:29 25600 --a------ C:\WINDOWS\system32\ecryptstrong.dll
2006-08-11 11:29 18944 --a------ C:\WINDOWS\system32\ecrypt.dll
2006-08-11 11:29 170496 --a------ C:\WINDOWS\system32\plugin.dll
2006-08-11 11:29 105472 --a------ C:\WINDOWS\system32\charset.dll
2006-08-10 19:11 -------- d-------- C:\Program Files\VideoLAN
2006-08-10 19:11 -------- d-------- C:\Program Files\VideoLAN
2006-08-10 18:56 47104 --------- C:\WINDOWS\AKDeInstall.exe
2006-08-10 17:29 -------- d-------- C:\Program Files\AC3Filter
2006-08-10 17:29 -------- d-------- C:\Program Files\AC3Filter
2006-08-09 19:59 -------- d-------- C:\Program Files\WinRAR
2006-08-09 19:59 -------- d-------- C:\Program Files\WinRAR
2006-08-08 20:33 -------- d-------- C:\Program Files\Nokia
2006-08-08 20:33 -------- d-------- C:\Program Files\Nokia
2006-08-08 20:30 -------- d-------- C:\Program Files\DIFX
2006-08-08 20:30 -------- d-------- C:\Program Files\DIFX
2006-08-08 20:30 -------- d-------- C:\Program Files\Common Files\PCSuite
2006-08-08 20:30 -------- d-------- C:\Program Files\Common Files\Nokia
2006-08-08 19:28 -------- d-------- C:\Program Files\SpywareBlaster
2006-08-08 19:28 -------- d-------- C:\Program Files\SpywareBlaster
2006-08-08 19:20 -------- d-------- C:\Program Files\WinCleaner Memory Optimizer
2006-08-08 19:20 -------- d-------- C:\Program Files\WinCleaner Memory Optimizer
2006-08-08 19:18 -------- d-------- C:\Program Files\Advanced System Optimizer
2006-08-08 19:18 -------- d-------- C:\Program Files\Advanced System Optimizer
2006-08-07 19:43 -------- d-------- C:\Program Files\Stardock
2006-08-07 19:43 -------- d-------- C:\Program Files\Stardock
2006-08-07 19:43 -------- d-------- C:\Program Files\Common Files\stardock
2006-08-06 13:35 0 -rahs---- C:\MSDOS.SYS
2006-08-06 13:35 0 -rahs---- C:\IO.SYS
2006-07-29 19:32 48936 --a------ C:\WINDOWS\system32\sirenacm.dll
2006-07-27 14:24 679424 --a------ C:\WINDOWS\system32\inetcomm.dll
2006-07-27 03:05 73728 --a------ C:\WINDOWS\system32\dpl100.dll
2006-07-27 03:05 3596288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2006-07-27 03:05 192512 --a------ C:\WINDOWS\system32\dtu100.dll
2006-07-27 03:05 109568 --------- C:\WINDOWS\system32\pxinsi64.exe
2006-07-27 03:05 108544 --------- C:\WINDOWS\system32\pxcpyi64.exe
2006-07-21 09:24 72704 --a------ C:\WINDOWS\system32\hlink.dll
(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries are not shown
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="\"C:\\Program Files\\MSN Messenger\\MsnMsgr.Exe\" /background"
"PeerGuardian"="C:\\Program Files\\PeerGuardian2\\pg2.exe"
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LClock"="C:\\Program Files\\LClock\\LClock.exe"
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"SvcManager"="winlogon7.exe"
"nwr66710"="RUNDLL32.EXE w0027fe4.dll,n 0056670b0000000a0027fe4"
"Zone Labs Client"="\"C:\\Program Files\\Zone Labs\\ZoneAlarm\\zlclient.exe\""
"!AVG Anti-Spyware"="\"C:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized"
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.5.0_09\\bin\\jusched.exe\""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
"Installed"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
"Installed"="1"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000001
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,00,01,00,00,00,00,00,00,00,04,00,00,e2,03,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\
ff,ff,04,00,00,00
"RestoredStateInfo"=hex:18,00,00,00,6a,02,00,00,23,00,00,00,a4,00,00,00,9a,00,\
00,00,01,00,00,00
[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE"
[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Runonce]
"RunNarrator"=""
[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE"
[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Runonce]
"RunNarrator"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
"NoRecentDocsHistory"=dword:00000001
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001
[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
"CDRAutoRun"=dword:00000000
[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
"CDRAutoRun"=dword:00000000
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"0aMCPClient"="{F5DF91F9-15E9-416B-A7C3-7519B11ECBFC}"
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"
"WPDShServiceObj"="{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupfolder]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupfolder\D:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
"path"="D:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\HP Digital Imaging Monitor.lnk"
"backup"="C:\\WINDOWS\\pss\\HP Digital Imaging Monitor.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\HP\\DIGITA~1\\bin\\hpqtra08.exe "
"item"="HP Digital Imaging Monitor"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupfolder\D:^Documents and Settings^All Users^Start Menu^Programs^Startup^Privoxy.lnk]
"path"="D:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Privoxy.lnk"
"backup"="C:\\WINDOWS\\pss\\Privoxy.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\Privoxy\\privoxy.exe "
"item"="Privoxy"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupfolder\D:^Documents and Settings^All Users^Start Menu^Programs^Startup^Remote Control.lnk]
"path"="D:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Remote Control.lnk"
"backup"="C:\\WINDOWS\\pss\\Remote Control.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\HIVISI~1\\DVB-T1~1\\DVBTRCtl.EXE "
"item"="Remote Control"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\Alcmtr]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ALCMTR"
"hkey"="HKLM"
"command"="ALCMTR.EXE"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\AlcWzrd]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ALCWZRD"
"hkey"="HKLM"
"command"="ALCWZRD.EXE"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\ccApp]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ccApp"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\""
"inimapping"="0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\DTVR Agent]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Scheduled"
"hkey"="HKLM"
"command"="C:\\Program Files\\HiVision Multimedia\\DVB-T PLUS\\DTVR\\Scheduled.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\EmailChecker]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ech"
"hkey"="HKLM"
"command"="C:\\APPS\\EmailChecker\\ech.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\High Definition Audio Property Page Shortcut]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="HDAudPropShortcut"
"hkey"="HKLM"
"command"="HDAudPropShortcut.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\HP Software Update]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="HPWuSchd2"
"hkey"="HKLM"
"command"="C:\\Program Files\\HP\\HP Software Update\\HPWuSchd2.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\IMJPMIG8.1]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="IMJPMIG"
"hkey"="HKLM"
"command"="\"C:\\WINDOWS\\IME\\imjp8_1\\IMJPMIG.EXE\" /Spoil /RemAdvDef /Migration32"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\IS CfgWiz]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="cfgwiz"
"hkey"="HKLM"
"command"="C:\\Program Files\\Norton Internet Security\\cfgwiz.exe /GUID {257BBC47-1B26-432e-9F84-188603799DD3} /MODE CfgWiz /CMDLINE \"REBOOT\""
"inimapping"="0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\NvCplDaemon]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="NvCpl"
"hkey"="HKLM"
"command"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\NvMediaCenter]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="NvMcTray"
"hkey"="HKLM"
"command"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvMcTray.dll,NvTaskbarInit"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\nwiz]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="nwiz"
"hkey"="HKLM"
"command"="nwiz.exe /install"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\PCMService]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="PCMService"
"hkey"="HKLM"
"command"="\"c:\\Apps\\Powercinema\\PCMService.exe\""
"inimapping"="0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\PCSuiteTrayApplication]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="LAUNCH~1"
"hkey"="HKLM"
"command"="C:\\PROGRA~1\\Nokia\\NOKIAP~1\\LAUNCH~1.EXE -startup"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\PcSync]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="PcSync2"
"hkey"="HKCU"
"command"="C:\\Program Files\\Nokia\\Nokia PC Suite 6\\PcSync2.exe /NoDialog"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\PHIME2002A]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="TINTSETP"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\system32\\IME\\TINTLGNT\\TINTSETP.EXE /IMEName"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\PHIME2002ASync]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="TINTSETP"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\system32\\IME\\TINTLGNT\\TINTSETP.EXE /SYNC"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\RoxioDragToDisc]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="DrgToDsc"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Roxio\\Easy Media Creator 7\\Drag to Disc\\DrgToDsc.exe\""
"inimapping"="0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\SoundMan]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="SOUNDMAN"
"hkey"="HKLM"
"command"="SOUNDMAN.EXE"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\SpeedTouch USB Diagnostics]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Dragdiag"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Thomson\\SpeedTouch USB\\Dragdiag.exe\" /icon"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\SSC_UserPrompt]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="UsrPrmpt"
"hkey"="HKLM"
"command"="C:\\Program Files\\Common Files\\Symantec Shared\\Security Center\\UsrPrmpt.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\SunJavaUpdateSched]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="jusched"
"hkey"="HKLM"
"command"="C:\\Program Files\\Java\\jre1.5.0_02\\bin\\jusched.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\TkBellExe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="realsched"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\Ulead AutoDetector v2]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="monitor"
"hkey"="HKLM"
"command"="C:\\Program Files\\Common Files\\Ulead Systems\\AutoDetector\\monitor.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\Warez]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Warez"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Warez\\Warez.exe\" /minimized"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\WinMem]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="WinMemOpt"
"hkey"="HKCU"
"command"="C:\\Program Files\\WinCleaner Memory Optimizer\\WinMemOpt.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\services]
"UleadBurningHelper"=dword:00000002
"SPBBCSvc"=dword:00000003
"SNDSrvc"=dword:00000003
"ServiceLayer"=dword:00000003
"SAVScan"=dword:00000003
"NVSvc"=dword:00000002
"navapsvc"=dword:00000002
"ISSVC"=dword:00000003
"GenericHidService"=dword:00000002
"CyberLink Media Library Service"=dword:00000002
"CLSched"=dword:00000002
"CLCapSvc"=dword:00000002
"ccSetMgr"=dword:00000002
"ccPwdSvc"=dword:00000003
"ccProxy"=dword:00000002
"ccEvtMgr"=dword:00000002
"AOL ACS"=dword:00000002
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\MCPClient
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders
securityproviders REG_SZ msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll
Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\At1.job
C:\WINDOWS\tasks\Setup my PC.job
C:\WINDOWS\tasks\Symantec NetDetect.job
C:\WINDOWS\tasks\WebReg psc 1500 series.job
Completion time: 07/10/2006 10:38:20.98
ComboFix.txt
******
Logfile of HijackThis v1.99.1
Scan saved at 10:42:24, on 07/10/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\PROGRA~1\COMMON~1\Stardock\SDMCP.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\LClock\LClock.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\winlogon7.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\WinRAR\WinRAR.exe
D:\DOCUME~1\Chris\LOCALS~1\Temp\Rar$EX00.406\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.wanadoo.co.uk/iesearch/default.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wanadoo.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.wanadoo.co.uk
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Wanadoo
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O4 - HKLM\..\Run: [LClock] C:\Program Files\LClock\LClock.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SvcManager] winlogon7.exe
O4 - HKLM\..\Run: [nwr66710] RUNDLL32.EXE w0027fe4.dll,n 0056670b0000000a0027fe4
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [PeerGuardian] C:\Program Files\PeerGuardian2\pg2.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Search with Wanadoo - res://C:\PROGRA~1\Wanadoo\WSBar\WSBar.dll/VSearch.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\npjpi150_09.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\npjpi150_09.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.wanadoo.co.uk
O16 - DPF: {E055C02E-6258-40FF-80A7-3BDA52FACAD7} (Installer Class) - http://activex.matcash.com/speedtest2.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{A63F059F-F9E6-4A1A-A157-8813BE59A2FC}: NameServer = 195.92.195.94 195.92.195.95
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: MCPClient - C:\PROGRA~1\COMMON~1\Stardock\mcpstub.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
Everything seems to be working pretty wwell now :) thanks guys, VERY much appreciated!
|
|
maca1
Senior Member
|
7. October 2006 @ 07:22 |
Link to this message
|
You have a rootkit infection, let's try some things now to get rid of that.
Your HijackThis.exe is running from a temp folder
Find your HijackThis.exe here
D:\DOCUME~1\Chris\LOCALS~1\Temp\Rar$EX00.406\HijackThis.exe
Create a new permanent folder such as C:\HJT\
then move your HijackThis.exe in there.
Next run HijackThis and "Do a system scan only"
place a check beside these
O4 - HKLM\..\Run: [SvcManager] winlogon7.exe
O4 - HKLM\..\Run: [nwr66710] RUNDLL32.EXE w0027fe4.dll,n 0056670b0000000a0027fe4
make sure all other windows are closed and click fix checked
Please download The Avenger by Swandog46 to your Desktop.
http://swandog46.geekstogo.com/avenger.zip
Click on Avenger.zip to open the file
Extract avenger.exe to your desktop
2. Copy all the text in bold contained inside the 2 lines below to your Clipboard by highlighting it and pressing (Ctrl+C):
___________________________________________
Drivers to unload:
pe386
________________________________________________
Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.
3. Now, start The Avenger program by clicking on its icon on your desktop.
Under "Script file to execute" choose "Input Script Manually".
Now click on the Magnifying Glass icon which will open a new window titled "View/edit script"
Paste the text copied to clipboard into this window by pressing (Ctrl+V).
Click Done
Now click on the Green Light to begin execution of the script
Answer "Yes" twice when prompted.
4. The Avenger will automatically do the following:
It will Restart your computer. ( In cases where the code to execute contains "Drivers to Unload", The Avenger will actually restart your system twice.)
On reboot, it will briefly open a black command window on your desktop, this is normal.
After the restart, it creates a log file that should open with the results of Avenger?s actions. This log file will be located at C:\avenger.txt
The Avenger will also have backed up all the files, etc., that you asked it to delete, and will have zipped them and moved the zip archives to C:\avenger\backup.zip.
5. Please copy/paste the content of c:\avenger.txt into your reply.
Run combofix again and post that log also.
This message has been edited since posting. Last time this message was edited on 7. October 2006 @ 07:39
|
|
rowski
Junior Member
|
7. October 2006 @ 09:39 |
Link to this message
|
Avenger didnt leave a report, or text file of any kind. :s
Chris - 06-10-07 18:35:10.32 Service Pack 2
ComboFix 06.09.28 - Running from: "D:\Documents and Settings\Chris\Desktop"
((((((((((((((((((((((((((((((( Files Created from 2006-09-07 to 2006-10-07 ))))))))))))))))))))))))))))))))))
2006-10-07 18:34 0 --a------ C:\backup.reg
2006-10-07 18:15 96 --a------ C:\avexport.bat
2006-10-07 18:15 336 --a------ C:\reboot.bat
2006-10-07 18:15 19,814 --a------ C:\reboot.exe
2006-10-07 18:15 126,976 --a------ C:\zip.exe
2006-10-06 19:46 3,968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2006-10-06 18:27 40,960 --a------ C:\WINDOWS\system32\svchost6.exe
2006-10-06 17:26 0 --a------ C:\tyeoh.exe
2006-10-06 17:24 0 --a------ C:\teqnsq.exe
2006-10-06 17:23 0 --a------ C:\pmmbhym.exe
2006-10-06 17:21 0 --a------ C:\otwlkons.exe
2006-10-06 17:18 0 --a------ C:\ffgwmpsk.exe
2006-10-06 16:36 115,947 --a------ C:\WINDOWS\system32\mny.exe
2006-10-06 16:36 115,712 --a------ C:\WINDOWS\system32\c.exe
2006-10-06 16:26 76,288 --a------ C:\ccreenfd.exe
2006-10-06 16:04 70,936 --a------ C:\WINDOWS\system32\lzx32.sys
2006-10-06 16:03 40,960 --a------ C:\WINDOWS\system32\winlogon7.exe
2006-10-06 09:40 40,960 --a------ C:\ufhkfrm.exe
2006-10-06 09:40 1,465 --a------ C:\fpkbgcl.exe
2006-10-06 09:39 76,288 --a------ C:\jyxpor.exe
2006-10-06 09:31 578,560 --a------ C:\Installer4.exe
2006-10-06 09:31 1,233 --a------ C:\WINDOWS\system32\nwr66710.sys
2006-10-06 09:30 77,312 --a------ C:\jttsdgjj.exe
2006-10-06 09:30 1,465 --a------ C:\ovvpecjh.exe
2006-09-17 15:07 44,114 --a------ C:\WINDOWS\BricoPackUninst.cmd
2006-09-17 15:06 3,038 --a------ C:\WINDOWS\BricoPackFoldersDelete.cmd
2006-09-14 20:01 24,816 --a------ C:\WINDOWS\system32\mdimon.dll
(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))
2006-10-07 18:34 -------- d-------- C:\Program Files\PeerGuardian2
2006-10-07 18:34 -------- d-------- C:\Program Files\PeerGuardian2
2006-10-07 18:13 -------- d-------- C:\Program Files\Mozilla Firefox
2006-10-07 18:13 -------- d-------- C:\Program Files\Mozilla Firefox
2006-10-07 10:37 -------- d-------- C:\Program Files\Common Files
2006-10-07 10:37 -------- d-------- C:\Program Files\Common Files
2006-10-07 10:34 -------- d-------- C:\Program Files\Java
2006-10-07 10:34 -------- d-------- C:\Program Files\Java
2006-10-07 10:32 -------- d-------- C:\Program Files\Common Files\Java
2006-10-06 20:37 -------- d-------- C:\Program Files\Internet Explorer
2006-10-06 20:37 -------- d-------- C:\Program Files\Internet Explorer
2006-10-06 19:23 -------- d-------- C:\Program Files\Grisoft
2006-10-06 19:23 -------- d-------- C:\Program Files\Grisoft
2006-10-06 18:47 -------- d-------- C:\Program Files\MSN Messenger
2006-10-06 18:47 -------- d-------- C:\Program Files\MSN Messenger
2006-10-06 17:18 -------- d-------- C:\Program Files\Bit_Torrent
2006-10-06 17:18 -------- d-------- C:\Program Files\Bit_Torrent
2006-10-06 16:48 -------- d-------- C:\Program Files\CCleaner
2006-10-06 16:48 -------- d-------- C:\Program Files\CCleaner
2006-10-06 16:47 -------- d-------- C:\Program Files\Zone Labs
2006-10-06 16:47 -------- d-------- C:\Program Files\Zone Labs
2006-10-06 09:30 -------- d-------- C:\Program Files\Messenger
2006-10-06 09:30 -------- d-------- C:\Program Files\Messenger
2006-10-03 16:41 -------- d-------- C:\Program Files\Adobe
2006-10-03 16:41 -------- d-------- C:\Program Files\Adobe
2006-10-03 16:40 -------- d-------- C:\Program Files\Common Files\Adobe
2006-10-03 16:39 -------- d-------- C:\Program Files\Common Files\Adobe Systems Shared
2006-10-02 16:55 -------- d--h----- C:\Program Files\InstallShield Installation Information
2006-10-02 16:55 -------- d--h----- C:\Program Files\InstallShield Installation Information
2006-10-02 16:51 -------- d-------- C:\Program Files\QuickTime
2006-10-02 16:51 -------- d-------- C:\Program Files\QuickTime
2006-10-02 16:50 -------- d-------- C:\Program Files\iTunes
2006-10-02 16:50 -------- d-------- C:\Program Files\iTunes
2006-10-02 16:50 -------- d-------- C:\Program Files\iPod
2006-10-02 16:50 -------- d-------- C:\Program Files\iPod
2006-10-02 16:01 -------- d-------- C:\Program Files\Windows Media Player
2006-10-02 16:01 -------- d-------- C:\Program Files\Windows Media Player
2006-09-24 09:52 -------- d-------- C:\Program Files\Messenger Plus! Live
2006-09-24 09:52 -------- d-------- C:\Program Files\Messenger Plus! Live
2006-09-23 22:02 -------- d-------- C:\Program Files\Last.fm
2006-09-23 22:02 -------- d-------- C:\Program Files\Last.fm
2006-09-21 20:52 -------- d-------- C:\Program Files\mpegable
2006-09-21 20:52 -------- d-------- C:\Program Files\mpegable
2006-09-21 20:51 -------- d-------- C:\Program Files\Windows Media Connect 2
2006-09-21 20:51 -------- d-------- C:\Program Files\Windows Media Connect 2
2006-09-21 20:48 -------- d-------- C:\Program Files\Shareaza
2006-09-21 20:48 -------- d-------- C:\Program Files\Shareaza
2006-09-17 16:47 -------- d-------- C:\Program Files\Outlook Express
2006-09-17 16:47 -------- d-------- C:\Program Files\Outlook Express
2006-09-17 16:34 -------- d-------- C:\Program Files\Common Files\Microsoft Shared
2006-09-17 16:24 -------- d-------- C:\Program Files\Microsoft ActiveSync
2006-09-17 16:24 -------- d-------- C:\Program Files\Microsoft ActiveSync
2006-09-17 16:23 -------- d-------- C:\Program Files\Microsoft Office
2006-09-17 16:23 -------- d-------- C:\Program Files\Microsoft Office
2006-09-17 16:23 -------- d-------- C:\Program Files\Common Files\DESIGNER
2006-09-17 16:22 -------- d-------- C:\Program Files\Microsoft.NET
2006-09-17 16:22 -------- d-------- C:\Program Files\Microsoft.NET
2006-09-17 16:22 -------- d-------- C:\Program Files\Common Files\System
2006-09-17 16:22 -------- d-------- C:\Program Files\Common Files\ODBC
2006-09-17 15:25 -------- d-------- C:\Program Files\DivX
2006-09-17 15:25 -------- d-------- C:\Program Files\DivX
2006-09-17 15:25 -------- d-------- C:\Program Files\Common Files\aolshare
2006-09-17 15:25 -------- d-------- C:\Program Files\AOL 9.0
2006-09-17 15:25 -------- d-------- C:\Program Files\AOL 9.0
2006-09-14 19:58 -------- d-------- C:\Program Files\Microsoft Visual Studio
2006-09-14 19:58 -------- d-------- C:\Program Files\Microsoft Visual Studio
2006-09-13 19:03 -------- d-------- C:\Program Files\Warez
2006-09-13 19:03 -------- d-------- C:\Program Files\Warez
2006-08-28 09:24 -------- d-------- C:\Program Files\EA GAMES
2006-08-28 09:24 -------- d-------- C:\Program Files\EA GAMES
2006-08-27 17:24 -------- d-------- C:\Program Files\HiVision Multimedia
2006-08-27 17:24 -------- d-------- C:\Program Files\HiVision Multimedia
2006-08-26 22:57 -------- d-------- C:\Program Files\HP
2006-08-26 22:57 -------- d-------- C:\Program Files\HP
2006-08-26 22:57 -------- d-------- C:\Program Files\Common Files\HP
2006-08-26 22:56 -------- d-------- C:\Program Files\Hewlett-Packard
2006-08-26 22:56 -------- d-------- C:\Program Files\Hewlett-Packard
2006-08-26 22:56 -------- d-------- C:\Program Files\Common Files\Hewlett-Packard
2006-08-24 22:42 8704 --a------ C:\WINDOWS\system32\wdfmgr.exe
2006-08-24 22:42 8704 --a------ C:\WINDOWS\system32\uwdf.exe
2006-08-24 22:30 99840 --a------ C:\WINDOWS\system32\wmpshell.dll
2006-08-24 22:30 990208 --a------ C:\WINDOWS\system32\drmv2clt.dll
2006-08-24 22:30 937984 --a------ C:\WINDOWS\system32\WMNetMgr.dll
2006-08-24 22:30 8337920 --a------ C:\WINDOWS\system32\wmploc.dll
2006-08-24 22:30 790016 --------- C:\WINDOWS\system32\WMVSENCD.dll
2006-08-24 22:30 757248 --a------ C:\WINDOWS\system32\WMADMOD.dll
2006-08-24 22:30 7168 --a------ C:\WINDOWS\system32\asferror.dll
2006-08-24 22:30 656896 --------- C:\WINDOWS\system32\WMVXENCD.dll
2006-08-24 22:30 63488 --a------ C:\WINDOWS\system32\wpdmtpus.dll
2006-08-24 22:30 629760 --a------ C:\WINDOWS\system32\wpd_ci.dll
2006-08-24 22:30 611840 --------- C:\WINDOWS\system32\wmpmde.dll
2006-08-24 22:30 603648 --a------ C:\WINDOWS\system32\WMSPDMOD.dll
2006-08-24 22:30 537600 --a------ C:\WINDOWS\system32\blackbox.dll
2006-08-24 22:30 532992 --------- C:\WINDOWS\system32\wmdrmsdk.dll
2006-08-24 22:30 428032 --a------ C:\WINDOWS\system32\wmdrmdev.dll
2006-08-24 22:30 414208 --a------ C:\WINDOWS\system32\msscp.dll
2006-08-24 22:30 4096 --a------ C:\WINDOWS\system32\wmvdmoe2.dll
2006-08-24 22:30 4096 --a------ C:\WINDOWS\system32\wmvdmod.dll
2006-08-24 22:30 4096 --a------ C:\WINDOWS\system32\WMVADVE.DLL
2006-08-24 22:30 4096 --a------ C:\WINDOWS\system32\WMVADVD.dll
2006-08-24 22:30 4096 --a------ C:\WINDOWS\system32\wmsdmoe2.dll
2006-08-24 22:30 4096 --a------ C:\WINDOWS\system32\wmsdmod.dll
2006-08-24 22:30 4096 --a------ C:\WINDOWS\system32\wdfapi.dll
2006-08-24 22:30 4096 --a------ C:\WINDOWS\system32\MPG4DMOD.dll
2006-08-24 22:30 4096 --a------ C:\WINDOWS\system32\MP4SDMOD.dll
2006-08-24 22:30 4096 --a------ C:\WINDOWS\system32\MP43DMOD.dll
2006-08-24 22:30 37376 --a------ C:\WINDOWS\system32\wmdmps.dll
2006-08-24 22:30 35840 --a------ C:\WINDOWS\system32\wpdconns.dll
2006-08-24 22:30 349184 --a------ C:\WINDOWS\system32\wpdsp.dll
2006-08-24 22:30 347648 --a------ C:\WINDOWS\system32\wmdrmnet.dll
2006-08-24 22:30 33792 --a------ C:\WINDOWS\system32\wmdmlog.dll
2006-08-24 22:30 320512 --a------ C:\WINDOWS\system32\mswmdm.dll
2006-08-24 22:30 316928 --------- C:\WINDOWS\system32\MP4SDECD.dll
2006-08-24 22:30 314368 --a------ C:\WINDOWS\system32\wmpdxm.dll
2006-08-24 22:30 305152 --------- C:\WINDOWS\system32\MSDelta.dll
2006-08-24 22:30 295424 --------- C:\WINDOWS\system32\wmpeffects.dll
2006-08-24 22:30 284160 --------- C:\WINDOWS\system32\PortableDeviceApi.dll
2006-08-24 22:30 276480 --a------ C:\WINDOWS\system32\audiodev.dll
2006-08-24 22:30 27648 --a------ C:\WINDOWS\system32\mspmsnsv.dll
2006-08-24 22:30 259072 --------- C:\WINDOWS\system32\MPG4DECD.dll
2006-08-24 22:30 2589184 --------- C:\WINDOWS\system32\WpdShext.dll
2006-08-24 22:30 258560 --------- C:\WINDOWS\system32\MP43DECD.dll
2006-08-24 22:30 2450944 --a------ C:\WINDOWS\system32\wmvcore.dll
2006-08-24 22:30 242176 --a------ C:\WINDOWS\system32\wmpasf.dll
2006-08-24 22:30 228352 --a------ C:\WINDOWS\system32\cewmdm.dll
2006-08-24 22:30 227328 --a------ C:\WINDOWS\system32\wmerror.dll
2006-08-24 22:30 222208 --a------ C:\WINDOWS\system32\WMASF.dll
2006-08-24 22:30 211968 --------- C:\WINDOWS\system32\MFPLAT.dll
2006-08-24 22:30 210432 --a------ C:\WINDOWS\system32\qasf.dll
2006-08-24 22:30 204800 --a------ C:\WINDOWS\system32\wmpsrcwp.dll
2006-08-24 22:30 198144 --------- C:\WINDOWS\system32\PortableDeviceWMDRM.dll
2006-08-24 22:30 179712 --a------ C:\WINDOWS\system32\msnetobj.dll
2006-08-24 22:30 175104 --a------ C:\WINDOWS\system32\mspmsp.dll
2006-08-24 22:30 166912 --------- C:\WINDOWS\system32\PortableDeviceTypes.dll
2006-08-24 22:30 1660416 --a------ C:\WINDOWS\system32\wmpencen.dll
2006-08-24 22:30 157184 --a------ C:\WINDOWS\system32\wmidx.dll
2006-08-24 22:30 154624 --a------ C:\WINDOWS\system32\wpdmtp.dll
2006-08-24 22:30 1539584 --------- C:\WINDOWS\system32\WMVDECOD.dll
2006-08-24 22:30 1532416 --------- C:\WINDOWS\system32\WMVENCOD.dll
2006-08-24 22:30 1392128 --------- C:\WINDOWS\system32\WMVSDECD.dll
2006-08-24 22:30 133120 --------- C:\WINDOWS\system32\WPDShServiceObj.dll
2006-08-24 22:30 1327616 --a------ C:\WINDOWS\system32\WMSPDMOE.dll
2006-08-24 22:30 132096 --------- C:\WINDOWS\system32\PortableDeviceWiaCompat.dll
2006-08-24 22:30 130048 --------- C:\WINDOWS\system32\wmpps.dll
2006-08-24 22:30 11264 --a------ C:\WINDOWS\system32\LAPRXY.dll
2006-08-24 22:30 1118208 --a------ C:\WINDOWS\system32\WMADMOE.dll
2006-08-24 22:30 101888 --------- C:\WINDOWS\system32\PortableDeviceClassExtension.dll
2006-08-24 20:31 100864 --a------ C:\WINDOWS\system32\logagent.exe
2006-08-24 20:27 249344 --------- C:\WINDOWS\system32\drmupgds.exe
2006-08-24 20:26 95288 --------- C:\WINDOWS\system32\WUDFCoinstaller.dll
2006-08-24 20:26 38656 --a------ C:\WINDOWS\system32\drivers\wpdusb.sys
2006-08-24 20:26 17408 --------- C:\WINDOWS\system32\wpdshextautoplay.exe
2006-08-24 19:22 90112 --------- C:\WINDOWS\system32\drivers\WudfRd.sys
2006-08-24 19:19 316416 --------- C:\WINDOWS\system32\WUDFx.dll
2006-08-24 19:19 145920 --------- C:\WINDOWS\system32\WudfHost.exe
2006-08-24 19:18 84864 --------- C:\WINDOWS\system32\drivers\WudfPf.sys
2006-08-24 19:18 56320 --------- C:\WINDOWS\system32\WudfSvc.dll
2006-08-24 19:18 168448 --------- C:\WINDOWS\system32\WudfPlatform.dll
2006-08-23 23:12 218624 --a------ C:\WINDOWS\system32\uxtheme.dll
2006-08-23 23:12 -------- d-------- C:\Program Files\LClock
2006-08-23 23:12 -------- d-------- C:\Program Files\LClock
2006-08-23 23:12 -------- d-------- C:\Program Files\Glass2k
2006-08-23 23:12 -------- d-------- C:\Program Files\Glass2k
2006-08-21 13:21 16896 --a------ C:\WINDOWS\system32\fltlib.dll
2006-08-21 10:14 23040 --a------ C:\WINDOWS\system32\fltmc.exe
2006-08-21 10:14 128896 --a------ C:\WINDOWS\system32\drivers\fltmgr.sys
2006-08-14 16:55 -------- d--h----- C:\Program Files\BitLord
2006-08-14 16:55 -------- d--h----- C:\Program Files\BitLord
2006-08-11 11:29 60416 --a------ C:\WINDOWS\system32\rbap350.dll
2006-08-11 11:29 54784 --a------ C:\WINDOWS\system32\RBQT350.DLL
2006-08-11 11:29 39936 --a------ C:\WINDOWS\system32\RBShell350.dll
2006-08-11 11:29 25600 --a------ C:\WINDOWS\system32\ecryptstrong.dll
2006-08-11 11:29 18944 --a------ C:\WINDOWS\system32\ecrypt.dll
2006-08-11 11:29 170496 --a------ C:\WINDOWS\system32\plugin.dll
2006-08-11 11:29 105472 --a------ C:\WINDOWS\system32\charset.dll
2006-08-10 19:11 -------- d-------- C:\Program Files\VideoLAN
2006-08-10 19:11 -------- d-------- C:\Program Files\VideoLAN
2006-08-10 18:56 47104 --------- C:\WINDOWS\AKDeInstall.exe
2006-08-10 17:29 -------- d-------- C:\Program Files\AC3Filter
2006-08-10 17:29 -------- d-------- C:\Program Files\AC3Filter
2006-08-09 19:59 -------- d-------- C:\Program Files\WinRAR
2006-08-09 19:59 -------- d-------- C:\Program Files\WinRAR
2006-08-08 20:33 -------- d-------- C:\Program Files\Nokia
2006-08-08 20:33 -------- d-------- C:\Program Files\Nokia
2006-08-08 20:30 -------- d-------- C:\Program Files\DIFX
2006-08-08 20:30 -------- d-------- C:\Program Files\DIFX
2006-08-08 20:30 -------- d-------- C:\Program Files\Common Files\PCSuite
2006-08-08 20:30 -------- d-------- C:\Program Files\Common Files\Nokia
2006-08-08 19:28 -------- d-------- C:\Program Files\SpywareBlaster
2006-08-08 19:28 -------- d-------- C:\Program Files\SpywareBlaster
2006-08-08 19:20 -------- d-------- C:\Program Files\WinCleaner Memory Optimizer
2006-08-08 19:20 -------- d-------- C:\Program Files\WinCleaner Memory Optimizer
2006-08-08 19:18 -------- d-------- C:\Program Files\Advanced System Optimizer
2006-08-08 19:18 -------- d-------- C:\Program Files\Advanced System Optimizer
2006-08-07 19:43 -------- d-------- C:\Program Files\Stardock
2006-08-07 19:43 -------- d-------- C:\Program Files\Stardock
2006-08-07 19:43 -------- d-------- C:\Program Files\Common Files\stardock
2006-08-06 13:35 0 -rahs---- C:\MSDOS.SYS
2006-08-06 13:35 0 -rahs---- C:\IO.SYS
2006-07-29 19:32 48936 --a------ C:\WINDOWS\system32\sirenacm.dll
2006-07-27 14:24 679424 --a------ C:\WINDOWS\system32\inetcomm.dll
2006-07-27 03:05 73728 --a------ C:\WINDOWS\system32\dpl100.dll
2006-07-27 03:05 3596288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2006-07-27 03:05 192512 --a------ C:\WINDOWS\system32\dtu100.dll
2006-07-27 03:05 109568 --------- C:\WINDOWS\system32\pxinsi64.exe
2006-07-27 03:05 108544 --------- C:\WINDOWS\system32\pxcpyi64.exe
2006-07-21 09:24 72704 --a------ C:\WINDOWS\system32\hlink.dll
(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries are not shown
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="\"C:\\Program Files\\MSN Messenger\\MsnMsgr.Exe\" /background"
"PeerGuardian"="C:\\Program Files\\PeerGuardian2\\pg2.exe"
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LClock"="C:\\Program Files\\LClock\\LClock.exe"
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"Zone Labs Client"="\"C:\\Program Files\\Zone Labs\\ZoneAlarm\\zlclient.exe\""
"!AVG Anti-Spyware"="\"C:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized"
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.5.0_09\\bin\\jusched.exe\""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
"Installed"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
"Installed"="1"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000001
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,00,01,00,00,00,00,00,00,00,04,00,00,e2,03,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\
ff,ff,04,00,00,00
"RestoredStateInfo"=hex:18,00,00,00,6a,02,00,00,23,00,00,00,a4,00,00,00,9a,00,\
00,00,01,00,00,00
[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE"
[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Runonce]
"RunNarrator"=""
[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE"
[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Runonce]
"RunNarrator"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
"NoRecentDocsHistory"=dword:00000001
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001
[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
"CDRAutoRun"=dword:00000000
[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
"CDRAutoRun"=dword:00000000
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"0aMCPClient"="{F5DF91F9-15E9-416B-A7C3-7519B11ECBFC}"
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"
"WPDShServiceObj"="{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupfolder]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupfolder\D:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
"path"="D:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\HP Digital Imaging Monitor.lnk"
"backup"="C:\\WINDOWS\\pss\\HP Digital Imaging Monitor.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\HP\\DIGITA~1\\bin\\hpqtra08.exe "
"item"="HP Digital Imaging Monitor"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupfolder\D:^Documents and Settings^All Users^Start Menu^Programs^Startup^Privoxy.lnk]
"path"="D:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Privoxy.lnk"
"backup"="C:\\WINDOWS\\pss\\Privoxy.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\Privoxy\\privoxy.exe "
"item"="Privoxy"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupfolder\D:^Documents and Settings^All Users^Start Menu^Programs^Startup^Remote Control.lnk]
"path"="D:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Remote Control.lnk"
"backup"="C:\\WINDOWS\\pss\\Remote Control.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\HIVISI~1\\DVB-T1~1\\DVBTRCtl.EXE "
"item"="Remote Control"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\Alcmtr]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ALCMTR"
"hkey"="HKLM"
"command"="ALCMTR.EXE"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\AlcWzrd]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ALCWZRD"
"hkey"="HKLM"
"command"="ALCWZRD.EXE"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\ccApp]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ccApp"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\""
"inimapping"="0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\DTVR Agent]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Scheduled"
"hkey"="HKLM"
"command"="C:\\Program Files\\HiVision Multimedia\\DVB-T PLUS\\DTVR\\Scheduled.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\EmailChecker]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ech"
"hkey"="HKLM"
"command"="C:\\APPS\\EmailChecker\\ech.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\High Definition Audio Property Page Shortcut]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="HDAudPropShortcut"
"hkey"="HKLM"
"command"="HDAudPropShortcut.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\HP Software Update]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="HPWuSchd2"
"hkey"="HKLM"
"command"="C:\\Program Files\\HP\\HP Software Update\\HPWuSchd2.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\IMJPMIG8.1]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="IMJPMIG"
"hkey"="HKLM"
"command"="\"C:\\WINDOWS\\IME\\imjp8_1\\IMJPMIG.EXE\" /Spoil /RemAdvDef /Migration32"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\IS CfgWiz]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="cfgwiz"
"hkey"="HKLM"
"command"="C:\\Program Files\\Norton Internet Security\\cfgwiz.exe /GUID {257BBC47-1B26-432e-9F84-188603799DD3} /MODE CfgWiz /CMDLINE \"REBOOT\""
"inimapping"="0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\NvCplDaemon]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="NvCpl"
"hkey"="HKLM"
"command"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\NvMediaCenter]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="NvMcTray"
"hkey"="HKLM"
"command"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvMcTray.dll,NvTaskbarInit"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\nwiz]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="nwiz"
"hkey"="HKLM"
"command"="nwiz.exe /install"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\PCMService]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="PCMService"
"hkey"="HKLM"
"command"="\"c:\\Apps\\Powercinema\\PCMService.exe\""
"inimapping"="0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\PCSuiteTrayApplication]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="LAUNCH~1"
"hkey"="HKLM"
"command"="C:\\PROGRA~1\\Nokia\\NOKIAP~1\\LAUNCH~1.EXE -startup"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\PcSync]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="PcSync2"
"hkey"="HKCU"
"command"="C:\\Program Files\\Nokia\\Nokia PC Suite 6\\PcSync2.exe /NoDialog"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\PHIME2002A]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="TINTSETP"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\system32\\IME\\TINTLGNT\\TINTSETP.EXE /IMEName"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\PHIME2002ASync]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="TINTSETP"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\system32\\IME\\TINTLGNT\\TINTSETP.EXE /SYNC"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\RoxioDragToDisc]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="DrgToDsc"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Roxio\\Easy Media Creator 7\\Drag to Disc\\DrgToDsc.exe\""
"inimapping"="0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\SoundMan]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="SOUNDMAN"
"hkey"="HKLM"
"command"="SOUNDMAN.EXE"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\SpeedTouch USB Diagnostics]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Dragdiag"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Thomson\\SpeedTouch USB\\Dragdiag.exe\" /icon"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\SSC_UserPrompt]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="UsrPrmpt"
"hkey"="HKLM"
"command"="C:\\Program Files\\Common Files\\Symantec Shared\\Security Center\\UsrPrmpt.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\SunJavaUpdateSched]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="jusched"
"hkey"="HKLM"
"command"="C:\\Program Files\\Java\\jre1.5.0_02\\bin\\jusched.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\TkBellExe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="realsched"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\Ulead AutoDetector v2]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="monitor"
"hkey"="HKLM"
"command"="C:\\Program Files\\Common Files\\Ulead Systems\\AutoDetector\\monitor.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\Warez]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Warez"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Warez\\Warez.exe\" /minimized"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\WinMem]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="WinMemOpt"
"hkey"="HKCU"
"command"="C:\\Program Files\\WinCleaner Memory Optimizer\\WinMemOpt.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\services]
"UleadBurningHelper"=dword:00000002
"SPBBCSvc"=dword:00000003
"SNDSrvc"=dword:00000003
"ServiceLayer"=dword:00000003
"SAVScan"=dword:00000003
"NVSvc"=dword:00000002
"navapsvc"=dword:00000002
"ISSVC"=dword:00000003
"GenericHidService"=dword:00000002
"CyberLink Media Library Service"=dword:00000002
"CLSched"=dword:00000002
"CLCapSvc"=dword:00000002
"ccSetMgr"=dword:00000002
"ccPwdSvc"=dword:00000003
"ccProxy"=dword:00000002
"ccEvtMgr"=dword:00000002
"AOL ACS"=dword:00000002
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\MCPClient
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders
securityproviders REG_SZ msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll
Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\At1.job
C:\WINDOWS\tasks\Setup my PC.job
C:\WINDOWS\tasks\Symantec NetDetect.job
C:\WINDOWS\tasks\WebReg psc 1500 series.job
Completion time: 07/10/2006 18:36:21.45
ComboFix.txt
ComboFix2.txt
|
|
maca1
Senior Member
|
7. October 2006 @ 10:05 |
Link to this message
|
|
|
|
rowski
Junior Member
|
7. October 2006 @ 11:11 |
Link to this message
|
Incident Status Location
Adware:adware/dollarrevenue Not disinfected c:\windows\keyboard1.dat
Adware:adware/searchexe Not disinfected Windows Registry
Adware:adware/ucmore Not disinfected Windows Registry
Adware:Adware/Look2Me Not disinfected C:\Installer4.exe
Virus:Trj/Torpig.DM Disinfected C:\jttsdgjj.exe
Virus:Trj/Wupi.N Disinfected C:\ufhkfrm.exe
Adware:Adware/DollarRevenue Not disinfected C:\WINDOWS\system32\mny.exe[²ÜÇ\nsProcess.dll]
Virus:Bck/Keylog.IM Not disinfected C:\WINDOWS\system32\mny.exe[Activate.exe]
Virus:Trj/Wupi.N Disinfected C:\WINDOWS\system32\svchost6.exe
Virus:Trj/Wupi.N Disinfected C:\WINDOWS\system32\winlogon7.exe
Spyware:Cookie/YieldManager Not disinfected D:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\m6482rnr.default\cookies.txt[ad.yieldmanager.com/]
Spyware:Cookie/Casalemedia Not disinfected D:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\m6482rnr.default\cookies.txt[.casalemedia.com/]
Spyware:Cookie/RealMedia Not disinfected D:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\m6482rnr.default\cookies.txt[.realmedia.com/]
Spyware:Cookie/Adrevolver Not disinfected D:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\m6482rnr.default\cookies.txt[.adrevolver.com/]
Spyware:Cookie/WUpd Not disinfected D:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\m6482rnr.default\cookies.txt[.revenue.net/]
Spyware:Cookie/DriveCleaner Not disinfected D:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\m6482rnr.default\cookies.txt[.drivecleaner.com/]
Spyware:Cookie/DriveCleaner Not disinfected D:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\m6482rnr.default\cookies.txt[www.drivecleaner.com/.freeware/]
Spyware:Cookie/DriveCleaner Not disinfected D:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\m6482rnr.default\cookies.txt[stats.drivecleaner.com/]
Spyware:Cookie/DriveCleaner Not disinfected D:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\m6482rnr.default\cookies.txt[drivecleaner.com/]
Spyware:Cookie/DriveCleaner Not disinfected D:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\m6482rnr.default\cookies.txt[stats.drivecleaner.com/]
Spyware:Cookie/Com.com Not disinfected D:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\m6482rnr.default\cookies.txt[.com.com/]
Spyware:Cookie/ErrorSafe Not disinfected D:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\m6482rnr.default\cookies.txt[.errorsafe.com/]
Spyware:Cookie/ErrorSafe Not disinfected D:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\m6482rnr.default\cookies.txt[www.errorsafe.com/pages/scanner/]
Spyware:Cookie/Hbmediapro Not disinfected D:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\m6482rnr.default\cookies.txt[.adopt.hbmediapro.com/]
Spyware:Cookie/DriveCleaner Not disinfected D:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\m6482rnr.default\cookies.txt[drivecleaner.com/.freeware/]
Spyware:Cookie/Server.iad.Liveperson Not disinfected D:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\m6482rnr.default\cookies.txt[server.iad.liveperson.net/]
Spyware:Cookie/Server.iad.Liveperson Not disinfected D:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\m6482rnr.default\cookies.txt[server.iad.liveperson.net/hc/45553385]
Spyware:Cookie/Reliablestats Not disinfected D:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\m6482rnr.default\cookies.txt[stats1.reliablestats.com/]
Spyware:Cookie/888 Not disinfected D:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\m6482rnr.default\cookies.txt[.888.com/]
Spyware:Cookie/Statcounter Not disinfected D:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\m6482rnr.default\cookies.txt[.statcounter.com/]
Spyware:Cookie/Maxserving Not disinfected D:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\m6482rnr.default\cookies.txt[.maxserving.com/]
Spyware:Cookie/Serving-sys Not disinfected D:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\m6482rnr.default\cookies.txt[.serving-sys.com/]
Spyware:Cookie/Serving-sys Not disinfected D:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\m6482rnr.default\cookies.txt[.bs.serving-sys.com/]
Spyware:Cookie/Atwola Not disinfected D:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\m6482rnr.default\cookies.txt[.atwola.com/]
Spyware:Cookie/Searchportal Not disinfected D:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\m6482rnr.default\cookies.txt[searchportal.information.com/]
Spyware:Cookie/Server.iad.Liveperson Not disinfected D:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\m6482rnr.default\cookies.txt[server.iad.liveperson.net/hc/15824921]
Spyware:Cookie/Apmebf Not disinfected D:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\m6482rnr.default\cookies.txt[.apmebf.com/]
Spyware:Cookie/cs.sexcounter Not disinfected D:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\m6482rnr.default\cookies.txt[.cs.sexcounter.com/]
Spyware:Cookie/Server.iad.Liveperson Not disinfected D:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\m6482rnr.default\cookies.txt[server.iad.liveperson.net/hc/29419095]
Spyware:Cookie/Zedo Not disinfected D:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\m6482rnr.default\cookies.txt[.zedo.com/]
Spyware:Cookie/onestat.com Not disinfected D:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\m6482rnr.default\cookies.txt[stat.onestat.com/]
Spyware:Cookie/DomainSponsor Not disinfected D:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\m6482rnr.default\cookies.txt[landing.domainsponsor.com/]
Spyware:Cookie/Server.iad.Liveperson Not disinfected D:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\m6482rnr.default\cookies.txt[server.iad.liveperson.net/hc/2378597]
Spyware:Cookie/Statcounter Not disinfected D:\Documents and Settings\Chris\Cookies\chris@statcounter[2].txt
Adware:Adware/DollarRevenue Not disinfected D:\Documents and Settings\Chris\Local Settings\Temp\Temporary Internet Files\Content.IE5\1EFFTYZP\mcs[1].mp3[²ÜÇ\nsProcess.dll]
Virus:Bck/Keylog.IM Not disinfected D:\Documents and Settings\Chris\Local Settings\Temp\Temporary Internet Files\Content.IE5\1EFFTYZP\mcs[1].mp3[Activate.exe]
Adware:Adware/DollarRevenue Not disinfected D:\Documents and Settings\Chris\mny.exe[²ÜÇ\nsProcess.dll]
Virus:Bck/Keylog.IM Not disinfected D:\Documents and Settings\Chris\mny.exe[Activate.exe]
Logfile of HijackThis v1.99.1
Scan saved at 20:11:15, on 07/10/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\COMMON~1\Stardock\SDMCP.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\LClock\LClock.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
D:\Documents and Settings\Chris\Desktop\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wanadoo.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.wanadoo.co.uk
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Wanadoo
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O4 - HKLM\..\Run: [LClock] C:\Program Files\LClock\LClock.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [PeerGuardian] C:\Program Files\PeerGuardian2\pg2.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Search with Wanadoo - res://C:\PROGRA~1\Wanadoo\WSBar\WSBar.dll/VSearch.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.wanadoo.co.uk
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {E055C02E-6258-40FF-80A7-3BDA52FACAD7} (Installer Class) - http://activex.matcash.com/speedtest2.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{A63F059F-F9E6-4A1A-A157-8813BE59A2FC}: NameServer = 195.92.195.95 195.92.195.94
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: MCPClient - C:\PROGRA~1\COMMON~1\Stardock\mcpstub.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
|
|
Advertisement
|
|
|
|
maca1
Senior Member
|
7. October 2006 @ 13:58 |
Link to this message
|
DownLoad http://www.downloads.subratam.org/KillBox.zip
Copy these instructions to Notepad for safe mode.
Restart your computer into safe mode now. (keep tapping F8 on startup)
Double-click on Killbox.exe to run it. Now put a tick by Standard File Kill. In the "Full Path of File to Delete" box, copy and paste each of the following lines one at a time then click on the X button after you enter each file. It will ask for confimation to delete the file. Click Yes.
Note:
It is possible that Killbox will tell you that one or more files do not
exist. If that happens, just continue on with all the files.
C:\Installer4.exe
c:\windows\keyboard1.dat
C:\jttsdgjj.exe
C:\WINDOWS\system32\mny.exe[²ÜÇ\nsProcess.dll]
C:\ufhkfrm.exe
D:\Documents and Settings\Chris\mny.exe[Activate.exe]
C:\WINDOWS\system32\mny.exe[Activate.exe]
C:\WINDOWS\system32\mny.exe
D:\Documents and Settings\Chris\Local Settings\Temp\Temporary Internet Files\Content.IE5\1EFFTYZP\
D:\Documents and Settings\Chris\mny.exe
D:\Documents and Settings\Chris\mny.exe[²ÜÇ\nsProcess.dll]
Next in Killbox go to Tools > Delete Temp Files
In the window that pops up, put a check by ALL the options there except these three:
XP Prefetch
Recent
History
Now click the Delete Selected Temp Files button.
Exit the Killbox.
Reboot to Normal Mode.
post another HjT log
This message has been edited since posting. Last time this message was edited on 7. October 2006 @ 14:03
|
|
