Author Topic: virus? (Read 640 times)

take_warning410 · « **on:** January 01, 2007, 10:46:31 PM »

im getting a lot of pop ups. sometimes the computer wont load all the way or all of my icons and windows will dissapear.

Logfile of HijackThis v1.99.1
Scan saved at 7:32:14 PM, on 1/1/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\system32\CTsvcCDA.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\McAfee.com\VSO\oasclnt.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\D-Link\AirPlus XtremeG\AirPlusCFG.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\AGEIA Technologies\TrayIcon.exe
C:\WINDOWS\System32\Rundll32.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\Program Files\CyberLink\Power2Go\Power2GoExpress.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.2480\GoogleToolbarNotifier.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\Program Files\BigFix\bigfix.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\WINDOWS\explorer.exe
C:\HJT\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://sbc.yahoo.com/dsl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.gateway.com/g/startpage.html?Ch...DTP&M=D3123
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.com/g/startpage.html?Ch...DTP&M=D3123
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [Reminder] %WINDIR%\Creator\Remind_XP.exe
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
O4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe /startup
O4 - HKLM\..\Run: [VirusScan Online] c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton AntiVirus\osCheck.exe"
O4 - HKLM\..\Run: [D-Link AirPlus XtremeG] C:\Program Files\D-Link\AirPlus XtremeG\AirPlusCFG.exe
O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AGEIA PhysX SysTray] "C:\Program Files\AGEIA Technologies\TrayIcon.exe"
O4 - HKLM\..\Run: [DllRunning] rundll32.exe "C:\WINDOWS\system32\lonxighk.dll",setvm
O4 - HKLM\..\Run: [adstart] C:\WINDOWS\System32\Rundll32.exe "C:\WINDOWS\system32\brrotate.dll" DllVerify
O4 - HKCU\..\Run: [Mercora] "C:\Program Files\Mercora\MercoraClient.exe" -min
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Torrent Finder] "C:\Program Files\Torrent Finder\Torrent-Finder.exe"
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_5 -reboot 1
O4 - HKCU\..\Run: [Creative Detector] "C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [Power2GoExpress] "C:\Program Files\CyberLink\Power2Go\Power2GoExpress.exe" /Startup
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.2480\GoogleToolbarNotifier.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\bigfix.exe
O8 - Extra context menu item: Download all links using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Download all videos using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: Download link using &BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O9 - Extra 'Tools' menuitem: McAfee Anti-Phishing Filter - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\common\yinsthelper.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe

guestolo · « **Reply #1 on:** January 02, 2007, 01:43:50 AM »

Can I see a few logs from you please, then we'll clean up this problem

1. Do this first, supply an uninstall list from Hijackthis
Open Hijackthis>>Open MISC TOOLS SECTION>>Open UNINSTALL MANAGER
Click the SAVE LIST... button
Save the list to your desktop then copy>>Paste back here the Whole contents

Afterwards,
2. Can you navigate to Hijackthis.exe>>RIGHT CLICK on it and rename it scanner.exe
Then run a fresh Scan and save logfile with scanner.exe and post the fresh log

3. This will show me other entries
Download this file - Combofix.exe and save it too desktop
Double click combofix.exe & follow the prompts.
When finished, it shall produce a log for you.
Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Post the log from Combofix

NOTE: It may take more than one reply to post all that info, but please try and post it all

take_warning410 · « **Reply #2 on:** January 08, 2007, 11:15:37 AM »

after i clicked on save list, the box closed. it's not giving me an option where to save it to.

guestolo · « **Reply #3 on:** January 09, 2007, 12:13:15 AM »

Try this
Don't worry about the uninstall list from Hijackthis for now

But go ahead and try and run Combofix and post the log from it

Also, since it's been some time since you last posted, also, post a fresh hijackthis log

take_warning410 · « **Reply #4 on:** January 09, 2007, 02:02:46 PM »

Logfile of HijackThis v1.99.1
Scan saved at 11:00:56 AM, on 1/9/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\SOUNDMAN.EXE
c:\program files\mcafee.com\agent\mcdetect.exe
C:\WINDOWS\system32\RUNDLL32.EXE
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
c:\PROGRA~1\mcafee.com\vso\OasClnt.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
c:\program files\mcafee.com\vso\mcvsshld.exe
c:\program files\mcafee.com\agent\mcagent.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\Program Files\D-Link\AirPlus XtremeG\AirPlusCFG.exe
C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\AGEIA Technologies\TrayIcon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.2480\GoogleToolbarNotifier.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\Program Files\BigFix\bigfix.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\HJT\scanner.exe.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://sbc.yahoo.com/dsl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.gateway.com/g/startpage.html?Ch...DTP&M=D3123
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.com/g/startpage.html?Ch...DTP&M=D3123
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: McAfee Anti-Phishing Filter - {41D68ED8-4CFF-4115-88A6-6EBB8AF19000} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O2 - BHO: BannerCpm.com Browser Optimizer - {49C96360-9DA5-4E3A-8FF4-FAD8E79DABF2} - C:\WINDOWS\system32\brrotate.dll
O2 - BHO: (no name) - {5D3D3E35-2DFE-4D59-B6B2-24B09969F3D1} - C:\WINDOWS\system32\vtstt.dll
O2 - BHO: ohb - {5ED7D3DE-6DBE-4516-8712-01B1B64B7057} - C:\WINDOWS\system32\SearchEnhancer\nsa296.dll
O2 - BHO: ohb - {5ED7D3DE-6DBE-4516-8712-436325722327} - C:\WINDOWS\system32\SmartShopper\SmartShopper.dll (file missing)
O2 - BHO: (no name) - {7DA39570-5FD2-4f18-94B4-20730CB3F727} - C:\WINDOWS\system32\msbhmfow.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\windows\system32\BAE.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [Reminder] %WINDIR%\Creator\Remind_XP.exe
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
O4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe /startup
O4 - HKLM\..\Run: [VirusScan Online] c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton AntiVirus\osCheck.exe"
O4 - HKLM\..\Run: [D-Link AirPlus XtremeG] C:\Program Files\D-Link\AirPlus XtremeG\AirPlusCFG.exe
O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AGEIA PhysX SysTray] "C:\Program Files\AGEIA Technologies\TrayIcon.exe"
O4 - HKLM\..\Run: [DllRunning] rundll32.exe "C:\WINDOWS\system32\lonxighk.dll",setvm
O4 - HKLM\..\Run: [adstart] C:\WINDOWS\System32\Rundll32.exe "C:\WINDOWS\system32\brrotate.dll" DllVerify
O4 - HKCU\..\Run: [Mercora] "C:\Program Files\Mercora\MercoraClient.exe" -min
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Torrent Finder] "C:\Program Files\Torrent Finder\Torrent-Finder.exe"
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_5 -reboot 1
O4 - HKCU\..\Run: [Creative Detector] "C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.2480\GoogleToolbarNotifier.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\bigfix.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O9 - Extra 'Tools' menuitem: McAfee Anti-Phishing Filter - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\common\yinsthelper.dll
O20 - Winlogon Notify: vtstt - C:\WINDOWS\system32\vtstt.dll
O20 - Winlogon Notify: winetn32 - winetn32.dll (file missing)
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe

take_warning410 · « **Reply #5 on:** January 09, 2007, 02:09:35 PM »

Owner - 07-01-09 11:03:53.98 Service Pack 2
ComboFix 06.11.27 - Running from: "D:\"

((((((((((((((((((((((((((((((( Files Created from 2006-12-09 to 2007-01-09 ))))))))))))))))))))))))))))))))))

2007-01-08   18:11   81,684   --a------   C:\WINDOWS\system32\dvkenghk.dll
2007-01-08   16:54   81,684   --a------   C:\WINDOWS\system32\chheengb.dll
2007-01-05   12:33   81,684   --a------   C:\WINDOWS\system32\iovbdqgx.dll
2007-01-04   20:32   870,954   ---hs----   C:\WINDOWS\system32\ttstv.ini2
2007-01-04   12:24   81,684   --a------   C:\WINDOWS\system32\vuvdkeaq.dll
2007-01-01   19:22   <DIR>   d--------   C:\HJT
2006-12-30   19:50   <DIR>   d--------   C:\Program Files\_ArcadeDownloadFolder
2006-12-29   19:10   <DIR>   d--------   C:\My Backup -- 06-12-29 0810PM
2006-12-29   10:40   81,684   --a------   C:\WINDOWS\system32\akjkuenm.dll
2006-12-28   10:05   44,060   --a------   C:\WINDOWS\system32\msbhmfow.dll
2006-12-28   10:04   81,684   --a------   C:\WINDOWS\system32\fcjbighr.dll
2006-12-27   17:25   44,060   --a------   C:\WINDOWS\system32\jqbargpy.dll
2006-12-27   16:21   44,060   --a------   C:\WINDOWS\system32\auwnjdkh.dll
2006-12-27   15:15   44,060   --a------   C:\WINDOWS\system32\lxfdvhnu.dll
2006-12-27   14:48   44,060   --a------   C:\WINDOWS\system32\pleqjput.dll
2006-12-25   06:41   61,440   --a------   C:\WINDOWS\system32\brrotate.dll
2006-12-22   22:45   81,684   --a------   C:\WINDOWS\system32\bkxdihgx.dll
2006-12-19   16:37   81,684   --a------   C:\WINDOWS\system32\nmypsyfy.dll
2006-12-15   18:13   <DIR>   d--------   C:\Program Files\Blubster
2006-12-14   16:27   118,804   --a------   C:\WINDOWS\system32\lonxighk.dll
2006-12-14   15:02   118,804   --a------   C:\WINDOWS\system32\ntfhowex.dll

(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-01-09 10:59   382   --a------   C:\Documents and Settings\Owner\Application Data\internaldb1942.dat
2007-01-09 10:21   --------   d--------   C:\Program Files\Mozilla Firefox
2007-01-09 10:13   69632   --a------   C:\Documents and Settings\Owner\Application Data\internaldb4827.dat
2007-01-09 10:13   151   --a------   C:\Documents and Settings\Owner\Application Data\internaldb9912.dat
2007-01-09 10:13   0   --a------   C:\Documents and Settings\Owner\Application Data\internaldb715.dat
2007-01-09 10:08   850096   ---hs----   C:\WINDOWS\system32\ttstv.bak2
2007-01-09 07:05   --------   d--------   C:\Program Files\Common Files\Symantec Shared
2007-01-08 08:30   --------   d--------   C:\Program Files\BitComet
2007-01-05 03:17   1594382   ---hs----   C:\WINDOWS\system32\ttstv.bak1
2007-01-03 08:36   --------   d--------   C:\Program Files\LimeWire
2006-12-31 18:52   --------   d--------   C:\Program Files\Google
2006-12-31 15:54   --------   d--------   C:\Program Files\Common Files\Adobe
2006-12-31 15:54   --------   d--------   C:\Program Files\Adobe
2006-12-30 19:50   --------   d--------   C:\Program Files\_ArcadeDownloadFolder
2006-12-28 10:05   39751   --a------   C:\WINDOWS\system32\brrot-uninst.exe
2006-12-27 16:02   --------   d--------   C:\Program Files\VSAdd-in
2006-12-27 14:59   --------   d--------   C:\Program Files\Soulseek
2006-12-15 14:18   --------   d--------   C:\Program Files\Internet Explorer
2006-12-15 10:18   --------   d--------   C:\Program Files\Common Files\System
2006-12-15 10:13   --------   d--------   C:\Program Files\Outlook Express
2006-12-07 01:44   --------   d--------   C:\Documents and Settings\Owner\Application Data\CyberLink
2006-12-06 22:40   2362184   --a------   C:\WINDOWS\system32\wmvcore.dll
2006-11-28 09:54   --------   d--------   C:\Program Files\Pure Networks
2006-11-28 09:54   --------   d--------   C:\Program Files\Common Files
2006-11-28 09:21   --------   d--------   C:\Program Files\BitTorrent
2006-11-28 09:17   --------   d--------   C:\Documents and Settings\Owner\Application Data\BitTorrent
2006-11-28 09:11   --------   d--------   C:\Program Files\Common Files\AOL
2006-11-28 09:10   --------   d--------   C:\Documents and Settings\Owner\Application Data\AOL
2006-11-26 20:31   --------   d--------   C:\Documents and Settings\Owner\Application Data\Adobe
2006-11-25 19:01   --------   d--------   C:\Documents and Settings\Owner\Application Data\Creative
2006-11-24 08:14   --------   d--------   C:\Program Files\Creative
2006-11-24 08:12   --------   d--h-----   C:\Program Files\InstallShield Installation Information
2006-11-24 08:05   --------   d--------   C:\Program Files\Windows Media Player
2006-11-22 18:03   --------   d--------   C:\Documents and Settings\Owner\Application Data\vlc
2006-11-20 20:37   --------   d--------   C:\Program Files\Common Files\Vbox
2006-11-20 20:23   --------   d--------   C:\Documents and Settings\Owner\Application Data\Leadertech
2006-11-20 20:05   --------   d--------   C:\Documents and Settings\Owner\Application Data\AdobeAUM
2006-11-19 19:37   --------   d--------   C:\Program Files\VideoLAN
2006-11-18 13:26   --------   d--------   C:\Program Files\MSXML 4.0
2006-11-17 18:34   0   --a------   C:\Documents and Settings\Owner\Application Data\internaldb5436.dat
2006-11-17 15:34   --------   d---s----   C:\Documents and Settings\Owner\Application Data\Microsoft
2006-11-15 15:54   0   --a------   C:\Documents and Settings\Owner\Application Data\internaldb4179.dat
2006-11-15 15:54   0   --a------   C:\Documents and Settings\Owner\Application Data\internaldb2391.dat
2006-11-15 15:54   0   --a------   C:\Documents and Settings\Owner\Application Data\internaldb1869.dat
2006-11-12 00:52   692276   ---hs----   C:\WINDOWS\system32\vtstt.dll
2006-11-12 00:46   40973   ---hs----   C:\WINDOWS\system32\vtuspop.dll
2006-11-12 00:32   9216   --a------   C:\Documents and Settings\Owner\Application Data\internaldb8467.dat
2006-11-12 00:32   49   --a------   C:\Documents and Settings\Owner\Application Data\internaldb41.dat
2006-11-12 00:32   0   --a------   C:\Documents and Settings\Owner\Application Data\internaldb6334.dat
2006-11-12 00:31   97455   --a------   C:\WINDOWS\5-a0c18a429b8010fee34ee31d9073371d.exe
2006-11-12 00:31   622613   --a------   C:\WINDOWS\4-efb7bab6499fc415ee93f4097033deae.exe
2006-11-12 00:31   365132   --a------   C:\WINDOWS\7-7c15eb3352bcc3049d7e9e974ad283bf.exe
2006-11-12 00:31   23   --a------   C:\Documents and Settings\Owner\Application Data\inifile41.ini
2006-11-12 00:03   --------   d--------   C:\Program Files\Corel
2006-11-09 18:45   --------   d--------   C:\Documents and Settings\Owner\Application Data\AdobeUM
2006-11-07 21:06   679424   --a------   C:\WINDOWS\system32\inetcomm.dll
2006-11-04 14:14   1245696   --a------   C:\WINDOWS\system32\msxml4.dll
2006-10-19 20:09   0   --a------   C:\Documents and Settings\Owner\Application Data\wklnhst.dat
2006-10-19 05:56   713216   --a------   C:\WINDOWS\system32\sxs.dll
2006-10-13 21:26   284672   --a------   C:\WINDOWS\rapidui.exe
2006-10-13 04:35   142336   --a------   C:\WINDOWS\system32\nwprovau.dll

(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"Mercora"="\"C:\\Program Files\\Mercora\\MercoraClient.exe\" -min"
"MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"Torrent Finder"="\"C:\\Program Files\\Torrent Finder\\Torrent-Finder.exe\""
"updateMgr"="C:\\Program Files\\Adobe\\Acrobat 7.0\\Reader\\AdobeUpdateManager.exe AcRdB7_0_5 -reboot 1"
"Creative Detector"="\"C:\\Program Files\\Creative\\MediaSource\\Detector\\CTDetect.exe\" /R"
"BitTorrent"="\"C:\\Program Files\\BitTorrent\\bittorrent.exe\" --force_start_minimized"
"Power2GoExpress"=""
"swg"="C:\\Program Files\\Google\\GoogleToolbarNotifier\\1.2.1128.2480\\GoogleToolbarNotifier.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"RemoteControl"="\"C:\\Program Files\\CyberLink\\PowerDVD\\PDVDServ.exe\""
"SoundMan"="SOUNDMAN.EXE"
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"nwiz"="nwiz.exe /install"
"NvMediaCenter"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvMcTray.dll,NvTaskbarInit"
"Recguard"=hex(2):25,57,49,4e,44,49,52,25,5c,53,4d,49,4e,53,54,5c,52,45,43,47,\
55,41,52,44,2e,45,58,45,00
"Reminder"=hex(2):25,57,49,4e,44,49,52,25,5c,43,72,65,61,74,6f,72,5c,52,65,6d,\
69,6e,64,5f,58,50,2e,65,78,65,00
"VSOCheckTask"="\"C:\\PROGRA~1\\McAfee.com\\VSO\\mcmnhdlr.exe\" /checktask"
"OASClnt"="C:\\Program Files\\McAfee.com\\VSO\\oasclnt.exe"
"MCAgentExe"="c:\\PROGRA~1\\mcafee.com\\agent\\mcagent.exe"
"MCUpdateExe"="C:\\PROGRA~1\\mcafee.com\\agent\\McUpdate.exe"
"MSKAGENTEXE"="C:\\PROGRA~1\\McAfee\\SPAMKI~1\\MskAgent.exe"
"MSKDetectorExe"="C:\\PROGRA~1\\McAfee\\SPAMKI~1\\MSKDetct.exe /startup"
"VirusScan Online"="c:\\PROGRA~1\\mcafee.com\\vso\\mcvsshld.exe"
"MPFExe"="C:\\PROGRA~1\\McAfee.com\\PERSON~1\\MpfTray.exe"
"ccApp"="\"C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\""
"osCheck"="\"C:\\Program Files\\Norton AntiVirus\\osCheck.exe\""
"D-Link AirPlus XtremeG"="C:\\Program Files\\D-Link\\AirPlus XtremeG\\AirPlusCFG.exe"
"ANIWZCS2Service"="C:\\Program Files\\ANI\\ANIWZCS2 Service\\WZCSLDR2.exe"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"AGEIA PhysX SysTray"="\"C:\\Program Files\\AGEIA Technologies\\TrayIcon.exe\""
"DllRunning"="rundll32.exe \"C:\\WINDOWS\\system32\\lonxighk.dll\",setvm"
"adstart"="C:\\WINDOWS\\System32\\Rundll32.exe \"C:\\WINDOWS\\system32\\brrotate.dll\" DllVerify"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000001

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"Source"="file:///C:/DOCUME~1/Owner/LOCALS~1/Temp/msohtml1/01/clip_image002.jpg"
"SubscribedURL"="file:///C:/DOCUME~1/Owner/LOCALS~1/Temp/msohtml1/01/clip_image002.jpg"
"FriendlyName"=""
"Flags"=dword:00000001
"Position"=hex:2c,00,00,00,04,01,00,00,86,00,00,00,40,02,00,00,00,03,00,00,e8,\
03,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:01,00,00,00
"OriginalStateInfo"=hex:18,00,00,00,04,01,00,00,86,00,00,00,40,02,00,00,00,03,\
00,00,01,00,00,40
"RestoredStateInfo"=hex:dc,ff,91,04,a8,9a,83,7c,40,9a,80,7c,ff,ff,ff,ff,36,9a,\
80,7c,36,9a,80,7c

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\1]
"Source"="http://x.myspace.com/images/LogoDotcom.gif"
"SubscribedURL"="http://x.myspace.com/images/LogoDotcom.gif"
"FriendlyName"=""
"Flags"=dword:00001001
"Position"=hex:2c,00,00,00,70,01,00,00,de,00,00,00,cd,00,00,00,2b,00,00,00,8e,\
13,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:01,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,e1,01,00,00,84,00,00,00,cd,00,00,00,2b,00,\
00,00,01,00,00,40
"RestoredStateInfo"=hex:18,00,00,00,70,01,00,00,de,00,00,00,cd,00,00,00,2b,00,\
00,00,01,00,00,40

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\2]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,e2,02,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\
ff,ff,04,00,00,00
"RestoredStateInfo"=hex:18,00,00,00,12,03,00,00,23,00,00,00,dc,00,00,00,d2,00,\
00,00,01,00,00,00

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"Power2GoExpress"="NA"

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"Power2GoExpress"="NA"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
"CDRAutoRun"=dword:00000000

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
"CDRAutoRun"=dword:00000000

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\vtstt
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winetn32

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\Norton AntiVirus - Run Full System Scan - Owner.job

Completion time: 07-01-09 11:08:20.46
C:\ComboFix.txt ... 07-01-09 11:08

guestolo · « **Reply #6 on:** January 09, 2007, 04:00:51 PM »

Can you do the following please

Download [color=\"blue\"]VundoFix.exe[/color]
to your desktop.
We'll need it later

Do a "System scan only" with Hijackthis and put a check next to these entries:

O2 - BHO: BannerCpm.com Browser Optimizer - {49C96360-9DA5-4E3A-8FF4-FAD8E79DABF2} - C:\WINDOWS\system32\brrotate.dll
O2 - BHO: (no name) - {5D3D3E35-2DFE-4D59-B6B2-24B09969F3D1} - C:\WINDOWS\system32\vtstt.dll
O2 - BHO: ohb - {5ED7D3DE-6DBE-4516-8712-01B1B64B7057} - C:\WINDOWS\system32\SearchEnhancer\nsa296.dll
O2 - BHO: ohb - {5ED7D3DE-6DBE-4516-8712-436325722327} - C:\WINDOWS\system32\SmartShopper\SmartShopper.dll (file missing)
O2 - BHO: (no name) - {7DA39570-5FD2-4f18-94B4-20730CB3F727} - C:\WINDOWS\system32\msbhmfow.dll
O4 - HKLM\..\Run: [DllRunning] rundll32.exe "C:\WINDOWS\system32\lonxighk.dll",setvm
O4 - HKLM\..\Run: [adstart] C:\WINDOWS\System32\Rundll32.exe "C:\WINDOWS\system32\brrotate.dll" DllVerify
O20 - Winlogon Notify: vtstt - C:\WINDOWS\system32\vtstt.dll
O20 - Winlogon Notify: winetn32 - winetn32.dll (file missing)

After you have ticked the above entries, close All other open windows
Including this one
Leave Hijackthis open and click FIX CHECKED
OK the prompt and exit Hijackthis

Vundofix.exe

Double-click VundoFix.exe to run it.
Click the Scan for Vundo button.
Once it's done scanning, click the Remove Vundo button.
You will receive a prompt asking if you want to remove the files, click YES
Once you click yes, your desktop will go blank as it starts removing Vundo.
When completed, it will prompt that it will reboot your computer, click OK.

Note: It is possible that VundoFix encountered a file it could not remove.
In this case, VundoFix will run on reboot, simply follow the above
instructions starting from "Click the Scan for Vundo button."

Back in Windows
Can you post the following

1. Post a fresh hijackthis log
2. Post the report from Vundofix>>C:\Vundofix.txt

3. Could you also
Download and unzip to your desktop InstalledPrograms.zip
Double click on InstalledPrograms.vbs

Click OK at the IP prompt and click YES to view the results now
A text file will open, can you copy and paste back here the whole contents

ALLOW this script to run if prompted by your AntiVirus

Could you also let me know why Combofix was running from your D:\ drive

take_warning410 · « **Reply #7 on:** January 10, 2007, 01:28:23 PM »

Logfile of HijackThis v1.99.1
Scan saved at 10:27:14 AM, on 1/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\system32\CTsvcCDA.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\Explorer.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\D-Link\AirPlus XtremeG\AirPlusCFG.exe
C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\AGEIA Technologies\TrayIcon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.2480\GoogleToolbarNotifier.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\BigFix\bigfix.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\HJT\scanner.exe.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://sbc.yahoo.com/dsl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.gateway.com/g/startpage.html?Ch...DTP&M=D3123
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.com/g/startpage.html?Ch...DTP&M=D3123
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: McAfee Anti-Phishing Filter - {41D68ED8-4CFF-4115-88A6-6EBB8AF19000} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O2 - BHO: (no name) - {97D364E2-614A-4160-8127-CDE889EDA420} - C:\WINDOWS\system32\vtstt.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\windows\system32\BAE.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [Reminder] %WINDIR%\Creator\Remind_XP.exe
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
O4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe /startup
O4 - HKLM\..\Run: [VirusScan Online] c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton AntiVirus\osCheck.exe"
O4 - HKLM\..\Run: [D-Link AirPlus XtremeG] C:\Program Files\D-Link\AirPlus XtremeG\AirPlusCFG.exe
O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AGEIA PhysX SysTray] "C:\Program Files\AGEIA Technologies\TrayIcon.exe"
O4 - HKCU\..\Run: [Mercora] "C:\Program Files\Mercora\MercoraClient.exe" -min
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Torrent Finder] "C:\Program Files\Torrent Finder\Torrent-Finder.exe"
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_5 -reboot 1
O4 - HKCU\..\Run: [Creative Detector] "C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.2480\GoogleToolbarNotifier.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\bigfix.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O9 - Extra 'Tools' menuitem: McAfee Anti-Phishing Filter - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\common\yinsthelper.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe

take_warning410 · « **Reply #8 on:** January 10, 2007, 01:31:24 PM »

VundoFix V6.2.13

Checking Java version...

Java version is 1.5.0.2

Scan started at 10:12:03 AM 1/10/2007

Listing files found while scanning....

C:\WINDOWS\system32\vtstt.dll
C:\WINDOWS\system32\ttstv.ini
C:\WINDOWS\system32\ttstv.bak1
C:\WINDOWS\system32\ttstv.bak2
C:\WINDOWS\system32\ttstv.ini2
C:\WINDOWS\system32\ttstv.tmp
C:\WINDOWS\system32\vtstt.dll
C:\WINDOWS\system32\ttstv.ini
C:\WINDOWS\system32\ttstv.bak1
C:\WINDOWS\system32\ttstv.bak2
C:\WINDOWS\system32\ttstv.ini2
C:\WINDOWS\system32\ttstv.tmp
C:\WINDOWS\system32\ttstv.ini
C:\WINDOWS\system32\ttstv.bak1
C:\WINDOWS\system32\ttstv.bak2
C:\WINDOWS\system32\ttstv.ini2
C:\WINDOWS\system32\ttstv.tmp

Beginning removal...

Attempting to delete C:\WINDOWS\system32\vtstt.dll
C:\WINDOWS\system32\vtstt.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\ttstv.ini
C:\WINDOWS\system32\ttstv.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\ttstv.bak1
C:\WINDOWS\system32\ttstv.bak1 Has been deleted!

Attempting to delete C:\WINDOWS\system32\ttstv.bak2
C:\WINDOWS\system32\ttstv.bak2 Has been deleted!

Attempting to delete C:\WINDOWS\system32\ttstv.ini2
C:\WINDOWS\system32\ttstv.ini2 Has been deleted!

Attempting to delete C:\WINDOWS\system32\ttstv.tmp
C:\WINDOWS\system32\ttstv.tmp Has been deleted!

Performing Repairs to the registry.
Done!

take_warning410 · « **Reply #9 on:** January 10, 2007, 01:33:18 PM »

INSTALLED SOFTWARE (172) - YOUR-A25ECD8E63 - 1/10/2007 10:32:22 AM

Adobe Reader 7.0.5   Ver: 7.0.5   Installed: 10/9/2006
AGEIA PhysX v2.4.4
AirPlus XtremeG      Installed: 10/8/2006
AirPlus XtremeG      Installed: 10/8/2006
ANIO Service
ANIWZCS2 Service
AppCore   Ver: 1   Installed: 10/8/2006
AV   Ver: 1   Installed: 10/8/2006
Bannercpm Browser Optimizer   Ver: 1.0.5.1
BigFix
Browser Address Error Redirector
ccCommon   Ver: 106.0.1.10   Installed: 10/8/2006
Creative MediaSource   Ver: 3.00
Creative Removable Disk Manager
Creative System Information
Creative Zen MicroPhoto   Ver: 1.0
DVD Solution
Google Toolbar for Internet Explorer
HijackThis 1.99.1   Ver: 1.99.1
Hotfix for Windows XP (KB893357)   Ver: 2
Hotfix for Windows XP (KB895953)   Ver: 4
Hotfix for Windows XP (KB896256)   Ver: 3   Installed: 10/7/2006
Hotfix for Windows XP (KB896344)   Ver: 2
Hotfix for Windows XP (KB906569)   Ver: 2
Internet Worm Protection   Ver: 14.0.0   Installed: 10/8/2006
iTunes   Ver: 7.0.1.8   Installed: 10/9/2006
J2SE Runtime Environment 5.0 Update 2   Ver: 1.5.0.20   Installed: 10/7/2006
LimeWire 4.12.6   Ver: 4.12.6
LiveUpdate 3.1 (Symantec Corporation)   Ver: 3.1.0.99
McAfee Personal Firewall Plus
McAfee SecurityCenter
McAfee SpamKiller
McAfee Uninstall Wizard
McAfee VirusScan
Microsoft .NET Framework 2.0
Microsoft .NET Framework 2.0   Ver: 2.0.50727   Installed: 10/13/2006
Microsoft Digital Image Library 9 - Blocker   Ver: 9.00.0000
Microsoft Digital Image Starter Edition 2006   Ver: 11.0.0422
Microsoft Digital Image Starter Edition 2006 Editor   Ver: 11.0.0422   Installed: 10/7/2006
Microsoft Digital Image Starter Edition 2006 Library   Ver: 11.0.0422   Installed: 10/7/2006
Microsoft Money 2006   Ver: 15
Microsoft Office Standard Edition 2003   Ver: 11.0.6361.0   Installed: 10/7/2006
Microsoft Works   Ver: 08.05.0818   Installed: 10/7/2006
Mozilla Firefox (1.5.0.9)   Ver: 1.5.0.9 (en-US)
MSXML 4.0 SP2 (KB927978)   Ver: 4.20.9841.0   Installed: 11/18/2006
Napster   Ver: 3.0.3.7
Napster Burn Engine   Ver: 2.5.0000   Installed: 10/7/2006
Norton AntiVirus   Ver: 14.0.0.89   Installed: 10/8/2006
Norton AntiVirus (Symantec Corporation)   Ver: 14.0.0.89
Norton AntiVirus Help   Ver: 14.00.00   Installed: 10/8/2006
Norton AntiVirus Parent MSI   Ver: 14.0.0   Installed: 10/8/2006
Norton AntiVirus SYMLT MSI   Ver: 14.0.0   Installed: 10/8/2006
Norton Protection Center   Ver: 2007.1.0.118   Installed: 10/8/2006
NVIDIA Drivers
Power2Go 4.0
PowerDVD
QuickTime   Ver: 7.1.3.130   Installed: 10/9/2006
RealPlayer Basic
Realtek AC'97 Audio   Ver: 5.17   Installed: 10/7/2006
Recovery Software Suite eMachines   Ver: 1.00.0000   Installed: 10/7/2006
SBC Yahoo! DSL Home Networking Installer
Search Enhancer
Security Update for Microsoft .NET Framework 2.0 (KB917283)   Ver: 1
Security Update for Microsoft .NET Framework 2.0 (KB922770)   Ver: 1
Security Update for Step By Step Interactive Training (KB898458)   Ver: 20050502.101010
Security Update for Windows Media Player (KB911564)      Installed: 10/8/2006
Security Update for Windows Media Player 10 (KB917734)      Installed: 10/8/2006
Security Update for Windows Media Player 6.4 (KB925398)      Installed: 12/15/2006
Security Update for Windows XP (KB883939)   Ver: 1
Security Update for Windows XP (KB890046)   Ver: 1
Security Update for Windows XP (KB893756)   Ver: 1
Security Update for Windows XP (KB896358)   Ver: 1   Installed: 10/8/2006
Security Update for Windows XP (KB896422)   Ver: 1
Security Update for Windows XP (KB896423)   Ver: 1   Installed: 10/8/2006
Security Update for Windows XP (KB896424)   Ver: 1   Installed: 10/7/2006
Security Update for Windows XP (KB896428)   Ver: 1
Security Update for Windows XP (KB896688)   Ver: 1
Security Update for Windows XP (KB899587)   Ver: 1
Security Update for Windows XP (KB899588)   Ver: 1
Security Update for Windows XP (KB899589)   Ver: 1
Security Update for Windows XP (KB899591)   Ver: 1
Security Update for Windows XP (KB900725)   Ver: 1
Security Update for Windows XP (KB901017)   Ver: 1
Security Update for Windows XP (KB901214)   Ver: 1
Security Update for Windows XP (KB902400)   Ver: 1   Installed: 10/8/2006
Security Update for Windows XP (KB903235)   Ver: 1
Security Update for Windows XP (KB904706)   Ver: 2   Installed: 10/7/2006
Security Update for Windows XP (KB905414)   Ver: 1
Security Update for Windows XP (KB905749)   Ver: 1
Security Update for Windows XP (KB905915)   Ver: 1   Installed: 10/7/2006
Security Update for Windows XP (KB908519)   Ver: 1   Installed: 10/7/2006
Security Update for Windows XP (KB911562)   Ver: 1   Installed: 10/8/2006
Security Update for Windows XP (KB911567)   Ver: 1   Installed: 10/8/2006
Security Update for Windows XP (KB911927)   Ver: 1   Installed: 10/8/2006
Security Update for Windows XP (KB912919)   Ver: 1   Installed: 10/7/2006
Security Update for Windows XP (KB913580)   Ver: 1   Installed: 10/8/2006
Security Update for Windows XP (KB914388)   Ver: 1   Installed: 10/8/2006
Security Update for Windows XP (KB914389)   Ver: 1   Installed: 10/8/2006
Security Update for Windows XP (KB917159)   Ver: 1   Installed: 10/8/2006
Security Update for Windows XP (KB917344)   Ver: 1   Installed: 10/8/2006
Security Update for Windows XP (KB917422)   Ver: 1   Installed: 10/8/2006
Security Update for Windows XP (KB917953)   Ver: 1   Installed: 10/8/2006
Security Update for Windows XP (KB918439)   Ver: 1   Installed: 10/8/2006
Security Update for Windows XP (KB918899)   Ver: 1   Installed: 10/8/2006
Security Update for Windows XP (KB919007)   Ver: 1   Installed: 10/8/2006
Security Update for Windows XP (KB920213)   Ver: 1   Installed: 11/18/2006
Security Update for Windows XP (KB920214)   Ver: 1   Installed: 10/8/2006
Security Update for Windows XP (KB920670)   Ver: 1   Installed: 10/8/2006
Security Update for Windows XP (KB920683)   Ver: 1   Installed: 10/8/2006
Security Update for Windows XP (KB920685)   Ver: 1   Installed: 10/8/2006
Security Update for Windows XP (KB921398)   Ver: 1   Installed: 10/8/2006
Security Update for Windows XP (KB921883)   Ver: 1   Installed: 10/8/2006
Security Update for Windows XP (KB922616)   Ver: 1   Installed: 10/8/2006
Security Update for Windows XP (KB922760)   Ver: 1   Installed: 11/18/2006
Security Update for Windows XP (KB922819)   Ver: 1   Installed: 10/13/2006
Security Update for Windows XP (KB923191)   Ver: 1   Installed: 10/13/2006
Security Update for Windows XP (KB923414)   Ver: 1   Installed: 10/13/2006
Security Update for Windows XP (KB923689)      Installed: 12/15/2006
Security Update for Windows XP (KB923694)   Ver: 1   Installed: 12/15/2006
Security Update for Windows XP (KB923980)   Ver: 1   Installed: 11/18/2006
Security Update for Windows XP (KB924191)   Ver: 1   Installed: 10/13/2006
Security Update for Windows XP (KB924270)   Ver: 1   Installed: 11/18/2006
Security Update for Windows XP (KB924496)   Ver: 1   Installed: 10/13/2006
Security Update for Windows XP (KB925454)   Ver: 1   Installed: 12/15/2006
Security Update for Windows XP (KB925486)   Ver: 1   Installed: 10/8/2006
Security Update for Windows XP (KB926255)   Ver: 1   Installed: 12/15/2006
Security Update for Windows XP (KB929969)   Ver: 1   Installed: 1/9/2007
Shockwave Flash
Soft Data Fax Modem with SmartCP
SPBBC 32bit   Ver: 3.0.1.10   Installed: 10/8/2006
Symantec   Ver: 11.5.0   Installed: 10/8/2006
Symantec Real Time Storage Protection Component   Ver: 10.0.1.4   Installed: 10/8/2006
SymNet   Ver: 7.0.0.170   Installed: 10/8/2006
Update for Windows XP (KB894391)   Ver: 1
Update for Windows XP (KB896727)   Ver: 1
Update for Windows XP (KB898461)   Ver: 1   Installed: 10/8/2006
Update for Windows XP (KB900485)   Ver: 2   Installed: 10/8/2006
Update for Windows XP (KB908531)   Ver: 2   Installed: 10/8/2006
Update for Windows XP (KB910437)   Ver: 1   Installed: 10/7/2006
Update for Windows XP (KB911280)   Ver: 2   Installed: 10/8/2006
Update for Windows XP (KB916595)   Ver: 1   Installed: 10/8/2006
Update for Windows XP (KB920872)   Ver: 1   Installed: 10/8/2006
Update for Windows XP (KB922582)   Ver: 1   Installed: 10/8/2006
Viewpoint Media Player
WebFldrs XP   Ver: 9.50.7523   Installed: 8/26/2004
Windows Backup Utility   Ver: 5.1   Installed: 8/26/2004
Windows Installer 3.1 (KB893803)   Ver: 3.1
Windows Installer 3.1 (KB893803)   Ver: 3.1
Windows Media Format Runtime
Windows Media Player 10
Windows XP Hotfix - KB834707   Ver: 20040929.110854
Windows XP Hotfix - KB867282   Ver: 20050127.090417
Windows XP Hotfix - KB873333   Ver: 20050114.005213
Windows XP Hotfix - KB873339   Ver: 20041117.092459
Windows XP Hotfix - KB885250   Ver: 20050118.202711
Windows XP Hotfix - KB885835   Ver: 20041027.181713
Windows XP Hotfix - KB885836   Ver: 20041028.173203
Windows XP Hotfix - KB886185   Ver: 20041021.090540
Windows XP Hotfix - KB887472   Ver: 20041014.162858
Windows XP Hotfix - KB888113   Ver: 20041116.131036
Windows XP Hotfix - KB888239   Ver: 20041124.162528
Windows XP Hotfix - KB888302   Ver: 20041207.111426
Windows XP Hotfix - KB890047   Ver: 20041221.124506
Windows XP Hotfix - KB890175   Ver: 20041201.233338
Windows XP Hotfix - KB890859   Ver: 1
Windows XP Hotfix - KB890923   Ver: 1
Windows XP Hotfix - KB891781   Ver: 20050110.165439
Windows XP Hotfix - KB893066   Ver: 1
Windows XP Hotfix - KB893086   Ver: 1
WinPcap 3.1      Installed: 10/13/2006
Xfire (remove only)
Yahoo! Install Manager

take_warning410 · « **Reply #10 on:** January 10, 2007, 01:34:59 PM »

i dont know why combofix was running from my d drive or how it got on my d drive

guestolo · « **Reply #11 on:** January 11, 2007, 08:00:40 PM »

Sorry about the delay take_warning410

Can we carry on with the following please

You have more than one active AntiVirus software running it's protections on your computer
This is not adviseable, it can cause system conflicts and reduce performance
I recommend you access your Add/Remove programs
and remove either Nortons' or McAfee's. Keep the one your happiest with
Reboot the computer afterwards

Back in Windows
[color=\"blue\"]Your Java Runtime Environment is out of date.[/color] Older versions have vulnerabilities that malware can use to infect your system.

Download the latest version of Java Runtime Environment (JRE) 6.
Scroll down to where it says "Java Runtime Enviroinment (JRE) 6, The Java SE Runtime Environment (JRE) allows end-users to run Java applications".
Click the "Download" button to the right.
Check the box that says: "Accept License Agreement[/i]".
The page will refresh.
Click on the link to download Windows Offline Installation, Multi-language and save it to your desktop (12.56 MB).

DON'T install it yet

Access your Add/remove programs
Click the Remove or Change/Remove button.
on the following
J2SE Runtime Environment 5.0 Update 2
Bannercpm Browser Optimizer
Search Enhancer
Viewpoint Media Player

REBOOT the computer

Back in windows
Go ahead and install the latest version of Java from the installer on the desktop

Afterwards
Can you do the following
==Download AVG Anti-Spyware 7.5

Save the installer to desktop
Double click the installer, select your language, and then select "OK"
Click NEXT>>>Select I Agree>>>NEXT>>>INSTALL
AVG will now install and afterwards click FINISH
AVG Anti-Spyware 7.5 should now Load
Click the Update tab at the top. Under Manual Update click Start update.
After the update finishes (the status bar at the bottom will display "Update successful")
Click on the Scanner tab at the top
Click the "Settings" tab and then change the recommended action under "How to Act" to Quarantine and ensure that "Automatically generate report after every scan" IS selected and
"Only if Threats are found" IS NOT selected
Click back to the "Scan" tab and then click on Complete System Scan.
This scan can take a while to run, let it run uninterrupted
When the scan is complete it will list any infections found on the left hand side.
Click the Apply all actions button. AVG Anti-Spyware will display "All actions have been applied" on the right hand side.
Click on "Save Report", then "Save Report As". This will create a text file. Make sure you know where to find this file (like on the Desktop).

I'll need to see this log later
Reboot the computer again

Back in Windows
Go to start > control panel > Display properties > Desktop > Customize Desktop... > Web tab
Uncheck and delete everything you find in there. (except for "My current home page")

Can you post back all the following please

1. Post a fresh Hijackthis log
2. Post the report from AVG-Antispyware
3. Can you run Combofix again, copy>>paste back here the new log that opens please

take_warning410 · « **Reply #12 on:** January 17, 2007, 01:33:18 AM »

Logfile of HijackThis v1.99.1
Scan saved at 10:31:48 PM, on 1/16/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\D-Link\AirPlus XtremeG\AirPlusCFG.exe
C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\AGEIA Technologies\TrayIcon.exe
C:\Program Files\Java\jre1.6.0\bin\jusched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.2480\GoogleToolbarNotifier.exe
C:\Program Files\BigFix\bigfix.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\HJT\scanner.exe.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://sbc.yahoo.com/dsl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.gateway.com/g/startpage.html?Ch...DTP&M=D3123
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.com/g/startpage.html?Ch...DTP&M=D3123
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: (no name) - {97D364E2-614A-4160-8127-CDE889EDA420} - C:\WINDOWS\system32\vtstt.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\windows\system32\BAE.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [Reminder] %WINDIR%\Creator\Remind_XP.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton AntiVirus\osCheck.exe"
O4 - HKLM\..\Run: [D-Link AirPlus XtremeG] C:\Program Files\D-Link\AirPlus XtremeG\AirPlusCFG.exe
O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AGEIA PhysX SysTray] "C:\Program Files\AGEIA Technologies\TrayIcon.exe"
O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [Mercora] "C:\Program Files\Mercora\MercoraClient.exe" -min
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Torrent Finder] "C:\Program Files\Torrent Finder\Torrent-Finder.exe"
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_5 -reboot 1
O4 - HKCU\..\Run: [Creative Detector] "C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.2480\GoogleToolbarNotifier.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\bigfix.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\common\yinsthelper.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe

take_warning410 · « **Reply #13 on:** January 17, 2007, 01:38:22 AM »

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 10:18:19 PM 1/16/2007

+ Scan result:

C:\Program Files\n-CASE -> Adware.180Solutions : Cleaned.
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP63\A0177546.dll -> Adware.AdvertMen : Cleaned.
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP63\A0177548.dll -> Adware.AdvertMen : Cleaned.
C:\HJT\backups\backup-20070110-101018-427.dll -> Adware.Beginto : Cleaned.
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP71\A0215548.dll -> Adware.Beginto : Cleaned.
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP66\A0187680.sys -> Adware.BetterInternet : Cleaned.
C:\WINDOWS\4-efb7bab6499fc415ee93f4097033deae.exe -> Adware.SmartShoppe : Cleaned.
C:\WINDOWS\system32\SmartShopper\SmartShopper0.dll -> Adware.SmartShoppe : Cleaned.
C:\WINDOWS\5-a0c18a429b8010fee34ee31d9073371d.exe -> Adware.TrafficSol : Cleaned.
C:\WINDOWS\system32\vtuspop.dll -> Adware.Virtumonde : Cleaned.
C:\Documents and Settings\Miguel\Local Settings\Temporary Internet Files\Content.IE5\4ZW3K5MT\ad-sp2-fastclick[1].swf -> Not-A-Virus.Hoax.SWF.Alerter.a : Cleaned.
:mozilla.300:C:\Documents and Settings\Sandy\Application Data\Mozilla\Firefox\Profiles\raqyjw88.default\cookies.txt -> TrackingCookie.247realmedia : Cleaned.
:mozilla.588:C:\Documents and Settings\Isidro\Application Data\Mozilla\Firefox\Profiles\4dyd557j.default\cookies.txt -> TrackingCookie.247realmedia : Cleaned.
C:\Documents and Settings\Owner\Cookies\owner@247realmedia[1].txt -> TrackingCookie.247realmedia : Cleaned.
:mozilla.250:C:\Documents and Settings\Sandy\Application Data\Mozilla\Firefox\Profiles\raqyjw88.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.27:C:\Documents and Settings\Sandy\Application Data\Mozilla\Firefox\Profiles\raqyjw88.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.29:C:\Documents and Settings\Sandy\Application Data\Mozilla\Firefox\Profiles\raqyjw88.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.325:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lrueosh9.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.32:C:\Documents and Settings\Sandy\Application Data\Mozilla\Firefox\Profiles\raqyjw88.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.33:C:\Documents and Settings\Sandy\Application Data\Mozilla\Firefox\Profiles\raqyjw88.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.34:C:\Documents and Settings\Sandy\Application Data\Mozilla\Firefox\Profiles\raqyjw88.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.35:C:\Documents and Settings\Sandy\Application Data\Mozilla\Firefox\Profiles\raqyjw88.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.36:C:\Documents and Settings\Sandy\Application Data\Mozilla\Firefox\Profiles\raqyjw88.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.37:C:\Documents and Settings\Sandy\Application Data\Mozilla\Firefox\Profiles\raqyjw88.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.38:C:\Documents and Settings\Sandy\Application Data\Mozilla\Firefox\Profiles\raqyjw88.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.39:C:\Documents and Settings\Sandy\Application Data\Mozilla\Firefox\Profiles\raqyjw88.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.40:C:\Documents and Settings\Sandy\Application Data\Mozilla\Firefox\Profiles\raqyjw88.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.41:C:\Documents and Settings\Sandy\Application Data\Mozilla\Firefox\Profiles\raqyjw88.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.42:C:\Documents and Settings\Sandy\Application Data\Mozilla\Firefox\Profiles\raqyjw88.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.43:C:\Documents and Settings\Sandy\Application Data\Mozilla\Firefox\Profiles\raqyjw88.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.44:C:\Documents and Settings\Sandy\Application Data\Mozilla\Firefox\Profiles\raqyjw88.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.45:C:\Documents and Settings\Sandy\Application Data\Mozilla\Firefox\Profiles\raqyjw88.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.46:C:\Documents and Settings\Sandy\Application Data\Mozilla\Firefox\Profiles\raqyjw88.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.47:C:\Documents and Settings\Sandy\Application Data\Mozilla\Firefox\Profiles\raqyjw88.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.48:C:\Documents and Settings\Sandy\Application Data\Mozilla\Firefox\Profiles\raqyjw88.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.49:C:\Documents and Settings\Sandy\Application Data\Mozilla\Firefox\Profiles\raqyjw88.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.50:C:\Documents and Settings\Sandy\Application Data\Mozilla\Firefox\Profiles\raqyjw88.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.51:C:\Documents and Settings\Sandy\Application Data\Mozilla\Firefox\Profiles\raqyjw88.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.52:C:\Documents and Settings\Sandy\Application Data\Mozilla\Firefox\Profiles\raqyjw88.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.53:C:\Documents and Settings\Sandy\Application Data\Mozilla\Firefox\Profiles\raqyjw88.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.54:C:\Documents and Settings\Sandy\Application Data\Mozilla\Firefox\Profiles\raqyjw88.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.55:C:\Documents and Settings\Sandy\Application Data\Mozilla\Firefox\Profiles\raqyjw88.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.56:C:\Documents and Settings\Sandy\Application Data\Mozilla\Firefox\Profiles\raqyjw88.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.57:C:\Documents and Settings\Sandy\Application Data\Mozilla\Firefox\Profiles\raqyjw88.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.58:C:\Documents and Settings\Sandy\Application Data\Mozilla\Firefox\Profiles\raqyjw88.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.59:C:\Documents and Settings\Sandy\Application Data\Mozilla\Firefox\Profiles\raqyjw88.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.613:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lrueosh9.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.670:C:\Documents and Settings\Isidro\Application Data\Mozilla\Firefox\Profiles\4dyd557j.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.671:C:\Documents and Settings\Isidro\Application Data\Mozilla\Firefox\Profiles\4dyd557j.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.672:C:\Documents and Settings\Isidro\Application Data\Mozilla\Firefox\Profiles\4dyd557j.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.673:C:\Documents and Settings\Isidro\Application Data\Mozilla\Firefox\Profiles\4dyd557j.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.674:C:\Documents and Settings\Isidro\Application Data\Mozilla\Firefox\Profiles\4dyd557j.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.675:C:\Documents and Settings\Isidro\Application Data\Mozilla\Firefox\Profiles\4dyd557j.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.676:C:\Documents and Settings\Isidro\Application Data\Mozilla\Firefox\Profiles\4dyd557j.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.677:C:\Documents and Settings\Isidro\Application Data\Mozilla\Firefox\Profiles\4dyd557j.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.678:C:\Documents and Settings\Isidro\Application Data\Mozilla\Firefox\Profiles\4dyd557j.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.679:C:\Documents and Settings\Isidro\Application Data\Mozilla\Firefox\Profiles\4dyd557j.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.680:C:\Documents and Settings\Isidro\Application Data\Mozilla\Firefox\Profiles\4dyd557j.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.681:C:\Documents and Settings\Isidro\Application Data\Mozilla\Firefox\Profiles\4dyd557j.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.682:C:\Documents and Settings\Isidro\Application Data\Mozilla\Firefox\Profiles\4dyd557j.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.683:C:\Documents and Settings\Isidro\Application Data\Mozilla\Firefox\Profiles\4dyd557j.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.684:C:\Documents and Settings\Isidro\Application Data\Mozilla\Firefox\Profiles\4dyd557j.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.685:C:\Documents and Settings\Isidro\Application Data\Mozilla\Firefox\Profiles\4dyd557j.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.686:C:\Documents and Settings\Isidro\Application Data\Mozilla\Firefox\Profiles\4dyd557j.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.687:C:\Documents and Settings\Isidro\Application Data\Mozilla\Firefox\Profiles\4dyd557j.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.688:C:\Documents and Settings\Isidro\Application Data\Mozilla\Firefox\Profiles\4dyd557j.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.689:C:\Documents and Settings\Isidro\Application Data\Mozilla\Firefox\Profiles\4dyd557j.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.690:C:\Documents and Settings\Isidro\Application Data\Mozilla\Firefox\Profiles\4dyd557j.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.691:C:\Documents and Settings\Isidro\Application Data\Mozilla\Firefox\Profiles\4dyd557j.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.692:C:\Documents and Settings\Isidro\Application Data\Mozilla\Firefox\Profiles\4dyd557j.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.693:C:\Documents and Settings\Isidro\Application Data\Mozilla\Firefox\Profiles\4dyd557j.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.694:C:\Documents and Settings\Isidro\Application Data\Mozilla\Firefox\Profiles\4dyd557j.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.695:C:\Documents and Settings\Isidro\Application Data\Mozilla\Firefox\Profiles\4dyd557j.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.696:C:\Documents and Settings\Isidro\Application Data\Mozilla\Firefox\Profiles\4dyd557j.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.697:C:\Documents and Settings\Isidro\Application Data\Mozilla\Firefox\Profiles\4dyd557j.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.698:C:\Documents and Settings\Isidro\Application Data\Mozilla\Firefox\Profiles\4dyd557j.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.699:C:\Documents and Settings\Isidro\Application Data\Mozilla\Firefox\Profiles\4dyd557j.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.700:C:\Documents and Settings\Isidro\Application Data\Mozilla\Firefox\Profiles\4dyd557j.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.701:C:\Documents and Settings\Isidro\Application Data\Mozilla\Firefox\Profiles\4dyd557j.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.702:C:\Documents and Settings\Isidro\Application Data\Mozilla\Firefox\Profiles\4dyd557j.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.703:C:\Documents and Settings\Isidro\Application Data\Mozilla\Firefox\Profiles\4dyd557j.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.704:C:\Documents and Settings\Isidro\Application Data\Mozilla\Firefox\Profiles\4dyd557j.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.705:C:\Documents and Settings\Isidro\Application Data\Mozilla\Firefox\Profiles\4dyd557j.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.720:C:\Documents and Settings\Isidro\Application Data\Mozilla\Firefox\Profiles\4dyd557j.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.723:C:\Documents and Settings\Isidro\Application Data\Mozilla\Firefox\Profiles\4dyd557j.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.738:C:\Documents and Settings\Sandy\Application Data\Mozilla\Firefox\Profiles\raqyjw88.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.786:C:\Documents and Settings\Isidro\Application Data\Mozilla\Firefox\Profiles\4dyd557j.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.797:C:\Documents and Settings\Isidro\Application Data\Mozilla\Firefox\Profiles\4dyd557j.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.846:C:\Documents and Settings\Isidro\Application Data\Mozilla\Firefox\Profiles\4dyd557j.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.872:C:\Documents and Settings\Sandy\Application Data\Mozilla\Firefox\Profiles\raqyjw88.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.906:C:\Documents and Settings\Sandy\Application Data\Mozilla\Firefox\Profiles\raqyjw88.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.90:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lrueosh9.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.91:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lrueosh9.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.92:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lrueosh9.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.93:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lrueosh9.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.94:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lrueosh9.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.95:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lrueosh9.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.96:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lrueosh9.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.97:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lrueosh9.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.98:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lrueosh9.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Isidro\Cookies\isidro@2o7[2].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Isidro\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Isidro\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Owner\Cookies\owner@2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Sandy\Cookies\sandy@2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Sandy\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Sandy\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.154:C:\Documents and Settings\Miguel\Application Data\Mozilla\Firefox\Profiles\6tm4hhd5.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.155:C:\Documents and Settings\Miguel\Application Data\Mozilla\Firefox\Profiles\6tm4hhd5.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.163:C:\Documents and Settings\Miguel\Application Data\Mozilla\Firefox\Profiles\6tm4hhd5.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.164:C:\Documents and Settings\Miguel\Application Data\Mozilla\Firefox\Profiles\6tm4hhd5.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.165:C:\Documents and Settings\Miguel\Application Data\Mozilla\Firefox\Profiles\6tm4hhd5.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.166:C:\Documents and Settings\Miguel\Application Data\Mozilla\Firefox\Profiles\6tm4hhd5.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.170:C:\Documents and Settings\Miguel\Application Data\Mozilla\Firefox\Profiles\6tm4hhd5.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.292:C:\Documents and Settings\Sandy\Application Data\Mozilla\Firefox\Profiles\raqyjw88.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.293:C:\Documents and Settings\Sandy\Application Data\Mozilla\Firefox\Profiles\raqyjw88.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.294:C:\Documents and Settings\Sandy\Application Data\Mozilla\Firefox\Profiles\raqyjw88.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.295:C:\Documents and Settings\Sandy\Application Data\Mozilla\Firefox\Profiles\raqyjw88.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.296:C:\Documents and Settings\Sandy\Application Data\Mozilla\Firefox\Profiles\raqyjw88.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.297:C:\Documents and Settings\Sandy\Application Data\Mozilla\Firefox\Profiles\raqyjw88.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.298:C:\Documents and Settings\Sandy\Application Data\Mozilla\Firefox\Profiles\raqyjw88.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.299:C:\Documents and Settings\Sandy\Application Data\Mozilla\Firefox\Profiles\raqyjw88.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.304:C:\Documents and Settings\Sandy\Application Data\Mozilla\Firefox\Profiles\raqyjw88.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.330:C:\Documents and Settings\Sandy\Application Data\Mozilla\Firefox\Profiles\raqyjw88.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.335:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lrueosh9.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.336:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lrueosh9.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.431:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lrueosh9.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.432:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lrueosh9.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.433:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lrueosh9.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.434:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lrueosh9.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.435:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lrueosh9.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.436:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lrueosh9.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.437:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lrueosh9.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.532:C:\Documents and Settings\Isidro\Application Data\Mozilla\Firefox\Profiles\4dyd557j.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.533:C:\Documents and Settings\Isidro\Application Data\Mozilla\Firefox\Profiles\4dyd557j.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.534:C:\Documents and Settings\Isidro\Application Data\Mozilla\Firefox\Profiles\4dyd557j.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.535:C:\Documents and Settings\Isidro\Application Data\Mozilla\Firefox\Profiles\4dyd557j.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.536:C:\Documents and Settings\Isidro\Application Data\Mozilla\Firefox\Profiles\4dyd557j.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.537:C:\Documents and Settings\Isidro\Application Data\Mozilla\Firefox\Profiles\4dyd557j.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.538:C:\Documents and Settings\Isidro\Application Data\Mozilla\Firefox\Profiles\4dyd557j.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.539:C:\Documents and Settings\Isidro\Application Data\Mozilla\Firefox\Profiles\4dyd557j.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.540:C:\Documents and Settings\Isidro\Application Data\Mozilla\Firefox\Profiles\4dyd557j.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
C:\Documents and Settings\Isidro\Cookies\isidro@adbrite[2].txt -> TrackingCookie.Adbrite : Cleaned.
C:\Documents and Settings\Miguel\Cookies\miguel@adbrite[2].txt -> TrackingCookie.Adbrite : Cleaned.
C:\Documents and Settings\Owner\Cookies\owner@adbrite[2].txt -> TrackingCookie.Adbrite : Cleaned.
C:\Documents and Settings\Sandy\Cookies\sandy@adbrite[2].txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.406:C:\Documents and Settings\Sandy\Application Data\Mozilla\Firefox\Profiles\raqyjw88.default\cookies.txt -> TrackingCookie.Addynamix : Cleaned.
:mozilla.734:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lrueosh9.default\cookies.txt -> TrackingCookie.Addynamix : Cleaned.
C:\Documents and Settings\Isidro\Cookies\[email protected][1].txt -> TrackingCookie.Addynamix : Cleaned.
C:\Documents and Settings\Miguel\Cookies\[email protected][2].txt -> TrackingCookie.Addynamix : Cleaned.
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt -> TrackingCookie.Addynamix : Cleaned.
C:\Documents and Settings\Sandy\Cookies\[email protected][2].txt -> TrackingCookie.Addynamix : Cleaned.
:mozilla.528:C:\Documents and Settings\Isidro\Application Data\Mozilla\Firefox\Profiles\4dyd557j.default\cookies.txt -> TrackingCookie.Adjuggler : Cleaned.
:mozilla.529:C:\Documents and Settings\Isidro\Application Data\Mozilla\Firefox\Profiles\4dyd557j.default\cookies.txt -> TrackingCookie.Adjuggler : Cleaned.
C:\Documents and Settings\Isidro\Cookies\isidro@adjuggler[1].txt -> TrackingCookie.Adjuggler : Cleaned.
C:\Documents and Settings\Isidro\Cookies\isidro@adjuggler[3].txt -> TrackingCookie.Adjuggler : Cleaned.
C:\Documents and Settings\Isidro\Cookies\[email protected][2].txt -> TrackingCookie.Adjuggler : Cleaned.
C:\Documents and Settings\Isidro\Local Settings\Temp\Cookies\[email protected][1].txt -> TrackingCookie.Adjuggler : Cleaned.
C:\Documents and Settings\Miguel\Cookies\miguel@adjuggler[1].txt -> TrackingCookie.Adjuggler : Cleaned.
C:\Documents and Settings\Miguel\Cookies\[email protected][2].txt -> TrackingCookie.Adjuggler : Cleaned.
C:\Documents and Settings\Owner\Cookies\owner@adjuggler[2].txt -> TrackingCookie.Adjuggler : Cleaned.
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt -> TrackingCookie.Adjuggler : Cleaned.
C:\Documents and Settings\Sandy\Cookies\sandy@adjuggler[1].txt -> TrackingCookie.Adjuggler : Cleaned.
C:\Documents and Settings\Sandy\Cookies\[email protected][1].txt -> TrackingCookie.Adjuggler : Cleaned.
C:\Documents and Settings\Isidro\Cookies\isidro@admarketplace[1].txt -> TrackingCookie.Admarketplace : Cleaned.
C:\Documents and Settings\Miguel\Cookies\miguel@admarketplace[1].txt -> TrackingCookie.Admarketplace : Cleaned.
C:\Documents and Settings\Owner\Cookies\owner@admarketplace[1].txt -> TrackingCookie.Admarketplace : Cleaned.
C:\Documents and Settings\Sandy\Cookies\sandy@admarketplace[2].txt -> TrackingCookie.Admarketplace : Cleaned.
:mozilla.760:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lrueosh9.default\cookies.txt -> TrackingCookie.Adocean : Cleaned.
:mozilla.761:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lrueosh9.default\cookies.txt -> TrackingCookie.Adocean : Cleaned.
:mozilla.101:C:\Documents and Settings\Miguel\Application Data\Mozilla\Firefox\Profiles\6tm4hhd5.default\cookies-1.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.102:C:\Documents and Settings\Miguel\Application Data\Mozilla\Firefox\Profiles\6tm4hhd5.default\cookies-1.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.103:C:\Documents and Settings\Miguel\Application Data\Mozilla\Firefox\Profiles\6tm4hhd5.default\cookies-1.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.104:C:\Documents and Settings\Miguel\Application Data\Mozilla\Firefox\Profiles\6tm4hhd5.default\cookies-1.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.104:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lrueosh9.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.105:C:\Documents and Settings\Miguel\Application Data\Mozilla\Firefox\Profiles\6tm4hhd5.default\cookies-1.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.105:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lrueosh9.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.106:C:\Documents and Settings\Miguel\Application Data\Mozilla\Firefox\Profiles\6tm4hhd5.default\cookies-1.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.106:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lrueosh9.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.107:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lrueosh9.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.108:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lrueosh9.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.109:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lrueosh9.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.184:C:\Documents and Settings\Miguel\Application Data\Mozilla\Firefox\Profiles\6tm4hhd5.default\cookies-1.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.185:C:\Documents and Settings\Miguel\Application Data\Mozilla\Firefox\Profiles\6tm4hhd5.default\cookies-1.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.186:C:\Documents and Settings\Miguel\Application Data\Mozilla\Firefox\Profiles\6tm4hhd5.default\cookies-1.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.187:C:\Documents and Settings\Miguel\Application Data\Mozilla\Firefox\Profiles\6tm4hhd5.default\cookies-1.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.190:C:\Documents and Settings\Miguel\Application Data\Mozilla\Firefox\Profiles\6tm4hhd5.default\cookies-1.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.194:C:\Documents and Settings\Miguel\Application Data\Mozilla\Firefox\Profiles\6tm4hhd5.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.195:C:\Documents and Settings\Miguel\Application Data\Mozilla\Firefox\Profiles\6tm4hhd5.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.196:C:\Documents and Settings\Miguel\Application Data\Mozilla\Firefox\Profiles\6tm4hhd5.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.197:C:\Documents and Settings\Miguel\Application Data\Mozilla\Firefox\Profiles\6tm4hhd5.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.198:C:\Documents and Settings\Miguel\Application Data\Mozilla\Firefox\Profiles\6tm4hhd5.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.199:C:\Documents and Settings\Miguel\Application Data\Mozilla\Firefox\Profiles\6tm4hhd5.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.264:C:\Documents and Settings\Miguel\Application Data\Mozilla\Firefox\Profiles\6tm4hhd5.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.265:C:\Documents and Settings\Miguel\Application Data\Mozilla\Firefox\Profiles\6tm4hhd5.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.266:C:\Documents and Settings\Miguel\Application Data\Mozilla\Firefox\Profiles\6tm4hhd5.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.267:C:\Documents and Settings\Miguel\Application Data\Mozilla\Firefox\Profiles\6tm4hhd5.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.270:C:\Documents and Settings\Miguel\Application Data\Mozilla\Firefox\Profiles\6tm4hhd5.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.295:C:\Documents and Settings\Isidro\Application Data\Mozilla\Firefox\Profiles\4dyd557j.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.296:C:\Documents and Settings\Isidro\Application Data\Mozilla\Firefox\Profiles\4dyd557j.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.297:C:\Documents and Settings\Isidro\Application Data\Mozilla\Firefox\Profiles\4dyd557j.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.298:C:\Documents and Settings\Isidro\Application Data\Mozilla\Firefox\Profiles\4dyd557j.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.299:C:\Documents and Settings\Isidro\Application Data\Mozilla\Firefox\Profiles\4dyd557j.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.300:C:\Documents and Settings\Isidro\Application Data\Mozilla\Firefox\Profiles\4dyd557j.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.425:C:\Documents and Settings\Sandy\Application Data\Mozilla\Firefox\Profiles\raqyjw88.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.426:C:\Documents and Settings\Sandy\Application Data\Mozilla\Firefox\Profiles\raqyjw88.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.427:C:\Documents and Settings\Sandy\Application Data\Mozilla\Firefox\Profiles\raqyjw88.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.428:C:\Documents and Settings\Sandy\Application Data\Mozilla\Firefox\Profiles\raqyjw88.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.429:C:\Documents and Settings\Sandy\Application Data\Mozilla\Firefox\Profiles\raqyjw88.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.430:C:\Documents and Settings\Sandy\Application Data\Mozilla\Firefox\Profiles\raqyjw88.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.603:C:\Documents and Settings\Sandy\Application Data\Mozilla\Firefox\Profiles\raqyjw88.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
C:\Documents and Settings\Isidro\Cookies\isidro@adrevolver[1].txt -> TrackingCookie.Adrevolver : Cleaned.
C:\Documents and Settings\Isidro\Local Settings\Temp\Cookies\isidro@adrevolver[2].txt -> TrackingCookie.Adrevolver : Cleaned.
C:\Documents and Settings\Miguel\Cookies\miguel@adrevolver[1].txt -> TrackingCookie.Adrevolver : Cleaned.
C:\Documents and Settings\Owner\Cookies\owner@adrevolver[1].txt -> TrackingCookie.Adrevolver : Cleaned.
C:\Documents and Settings\Sandy\Cookies\sandy@adrevolver[3].txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.729:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lrueosh9.default\cookies.txt -> TrackingCookie.Adtech : Cleaned.
:mozilla.730:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lrueosh9.default\cookies.txt -> TrackingCookie.Adtech : Cleaned.
:mozilla.777:C:\Documents and Settings\Sandy\Application Data\Mozilla\Firefox\Profiles\raqyjw88.default\cookies.txt -> TrackingCookie.Adtech : Cleaned.
:mozilla.778:C:\Documents and Settings\Sandy\Application Data\Mozilla\Firefox\Profiles\raqyjw88.default\cookies.txt -> TrackingCookie.Adtech : Cleaned.
:mozilla.10:C:\Documents and Settings\Miguel\Application Data\Mozilla\Firefox\Profiles\6tm4hhd5.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.11:C:\Documents and Settings\Miguel\Application Data\Mozilla\Firefox\Profiles\6tm4hhd5.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.19:C:\Documents and Settings\Sandy\Application Data\Mozilla\Firefox\Profiles\raqyjw88.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.22:C:\Documents and Settings\Sandy\Application Data\Mozilla\Firefox\Profiles\raqyjw88.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.23:C:\Documents and Settings\Sandy\Application Data\Mozilla\Firefox\Profiles\raqyjw88.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.24:C:\Documents and Settings\Sandy\Application Data\Mozilla\Firefox\Profiles\raqyjw88.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.25:C:\Documents and Settings\Sandy\Application Data\Mozilla\Firefox\Profiles\raqyjw88.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.35:C:\Documents and Settings\Isidro\Application Data\Mozilla\Firefox\Profiles\4dyd557j.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.40:C:\Documents and Settings\Isidro\Application Data\Mozilla\Firefox\Profiles\4dyd557j.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.41:C:\Documents and Settings\Isidro\Application Data\Mozilla\Firefox\Profiles\4dyd557j.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.42:C:\Documents and Settings\Isidro\Application Data\Mozilla\Firefox\Profiles\4dyd557j.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.43:C:\Documents and Settings\Isidro\Application Data\Mozilla\Firefox\Profiles\4dyd557j.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.48:C:\Documents and Settings\Miguel\Application Data\Mozilla\Firefox\Profiles\6tm4hhd5.default\cookies-1.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.49:C:\Documents and Settings\Miguel\Application Data\Mozilla\Firefox\Profiles\6tm4hhd5.default\cookies-1.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.50:C:\Documents and Settings\Miguel\Application Data\Mozilla\Firefox\Profiles\6tm4hhd5.default\cookies-1.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.51:C:\Documents and Settings\Miguel\Application Data\Mozilla\Firefox\Profiles\6tm4hhd5.default\cookies-1.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.52:C:\Documents and Settings\Miguel\Application Data\Mozilla\Firefox\Profiles\6tm4hhd5.default\cookies-1.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.61:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lrueosh9.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.62:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lrueosh9.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.63:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lrueosh9.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.64:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lrueosh9.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.65:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lrueosh9.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.7:C:\Documents and Settings\Miguel\Application Data\Mozilla\Firefox\Profiles\6tm4hhd5.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.8:C:\Documents and Settings\Miguel\Application Data\Mozilla\Firefox\Profiles\6tm4hhd5.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.9:C:\Documents and Settings\Miguel\Application Data\Mozilla\Firefox\Profiles\6tm4hhd5.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
C:\Documents and Settings\Isidro\Cookies\isidro@advertising[1].txt -> TrackingCookie.Advertising : Cleaned.
C:\Documents and Settings\Isidro\Cookies\isidro@advertising[3].txt -> TrackingCookie.Advertising : Cleaned.
C:\Documents and Settings\Isidro\Local Settings\Temp\Cookies\isidro@advertising[2].txt -> TrackingCookie.Advertising : Cleaned.
C:\Documents and Settings\Miguel\Cookies\miguel@advertising[2].txt -> TrackingCookie.Advertising : Cleaned.
C:\Documents and Settings\Owner\Cookies\owner@advertising[1].txt -> TrackingCookie.Advertising : Cleaned.
C:\Documents and Settings\Sandy\Cookies\sandy@advertising[1].txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.100:C:\Documents and Settings\Miguel\Application Data\Mozilla\Firefox\Profiles\6tm4hhd5.default\cookies-1.txt -> TrackingCookie.Atdmt : Cleaned.
:mozilla.21:C:\Documents and Settings\Sandy\Application Data\Mozilla\Firefox\Profiles\raqyjw88.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
:mozilla.44:C:\Documents and Settings\Isidro\Application Data\Mozilla\Firefox\Profiles\4dyd557j.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
:mozilla.45:C:\Documents and Settings\Isidro\Application Data\Mozilla\Firefox\Profiles\4dyd557j.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
:mozilla.64:C:\Documents and Settings\Isidro\Application Data\Mozilla\Firefox\Profiles\4dyd557j.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
:mozilla.6:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lrueosh9.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
:mozilla.89:C:\Documents and Settings\Miguel\Application Data\Mozilla\Firefox\Profiles\6tm4hhd5.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
C:\Documents and Settings\Isidro\Cookies\isidro@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned.
C:\Documents and Settings\Isidro\Local Settings\Temp\Cookies\isidro@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned.
C:\Documents and Settings\Miguel\Cookies\miguel@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned.
C:\Documents and Settings\Owner\Cookies\owner@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned.
C:\Documents and Settings\Sandy\Cookies\sandy@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned.
:mozilla.399:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lrueosh9.default\cookies.txt -> TrackingCookie.Bfast : Cleaned.
:mozilla.465:C:\Documents and Settings\Isidro\Application Data\Mozilla\Firefox\Profiles\4dyd557j.default\cookies.txt -> TrackingCookie.Bfast : Cleaned.
:mozilla.684:C:\Documents and Settings\Sandy\Application Data\Mozilla\Firefox\Profiles\raqyjw88.default\cookies.txt -> TrackingCookie.Bfast : Cleaned.
C:\Documents and Settings\Isidro\Cookies\isidro@bfast[2].txt -> TrackingCookie.Bfast : Cleaned.
C:\Documents and Settings\Miguel\Cookies\miguel@bfast[2].txt -> TrackingCookie.Bfast : Cleaned.
C:\Documents and Settings\Owner\Cookies\owner@bfast[2].txt -> TrackingCookie.Bfast : Cleaned.
C:\Documents and Settings\Sandy\Cookies\sandy@bfast[2].txt -> TrackingCookie.Bfast : Cleaned.
:mozilla.181:C:\Documents and Settings\Miguel\Application Data\Mozilla\Firefox\Profiles\6tm4hhd5.default\cookies-1.txt -> TrackingCookie.Bluestreak : Cleaned.
:mozilla.262:C:\Documents and Settings\Miguel\Application Data\Mozilla\Firefox\Profiles\6tm4hhd5.default\cookies.txt -> TrackingCookie.Bluestreak : Cleaned.
:mozilla.318:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lrueosh9.default\cookies.txt -> TrackingCookie.Bluestreak : Cleaned.
:mozilla.589:C:\Documents and Settings\Isidro\Application Data\Mozilla\Firefox\Profiles\4dyd557j.default\cookies.txt -> TrackingCookie.Bluestreak : Cleaned.
:mozilla.635:C:\Documents and Settings\Sandy\Application Data\Mozilla\Firefox\Profiles\raqyjw88.default\cookies.txt -> TrackingCookie.Bluestreak : Cleaned.
C:\Documents and Settings\Isidro\Cookies\isidro@bluestreak[2].txt -> TrackingCookie.Bluestreak : Cleaned.
C:\Documents and Settings\Owner\Cookies\owner@bluestreak[1].txt -> TrackingCookie.Bluestreak : Cleaned.
C:\Documents and Settings\Sandy\Cookies\sandy@bluestreak[2].txt -> TrackingCookie.Bluestreak : Cleaned.
:mozilla.766:C:\Documents and Settings\Sandy\Application Data\Mozilla\Firefox\Profiles\raqyjw88.default\cookies.txt -> TrackingCookie.Bridgetrack : Cleaned.
:mozilla.417:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lrueosh9.default\cookies.txt -> TrackingCookie.Burstbeacon : Cleaned.
C:\Documents and Settings\Isidro\Cookies\[email protected][1].txt -> TrackingCookie.Burstbeacon : Cleaned.
C:\Documents and Settings\Miguel\Cookies\[email protected][1].txt -> TrackingCookie.Burstbeacon : Cleaned.
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt -> TrackingCookie.Burstbeacon : Cleaned.
C:\Documents and Settings\Sandy\Cookies\[email protected][1].txt -> TrackingCookie.Burstbeacon : Cleaned.
:mozilla.413:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lrueosh9.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.414:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lrueosh9.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.455:C:\Documents and Settings\Isidro\Application Data\Mozilla\Firefox\Profiles\4dyd557j.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.456:C:\Documents and Settings\Isidro\Application Data\Mozilla\Firefox\Profiles\4dyd557j.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.457:C:\Documents and Settings\Isidro\Application Data\Mozilla\Firefox\Profiles\4dyd557j.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.632:C:\Documents and Settings\Sandy\Application Data\Mozilla\Firefox\Profiles\raqyjw88.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.633:C:\Documents and Settings\Sandy\Application Data\Mozilla\Firefox\Profiles\raqyjw88.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
C:\Documents and Settings\Isidro\Cookies\isidro@burstnet[1].txt -> TrackingCookie.Burstnet : Cleaned.
C:\Documents and Settings\Isidro\Cookies\[email protected][2].txt -> TrackingCookie.Burstnet : Cleaned.
C:\Documents and Settings\Miguel\Cookies\[email protected][2].txt -> TrackingCookie.Burstnet : Cleaned.
C:\Documents and Settings\Owner\Cookies\owner@burstnet[2].txt -> TrackingCookie.Burstnet : Cleaned.
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt -> TrackingCookie.Burstnet : Cleaned.
C:\Documents and Settings\Sandy\Cookies\[email protected][1].txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.100:C:\Documents and Settings\Miguel\Application Data\Mozilla\Firefox\Profiles\6tm4hhd5.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.101:C:\Documents and Settings\Miguel\Application Data\Mozilla\Firefox\Profiles\6tm4hhd5.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.102:C:\Documents and Settings\Miguel\Application Data\Mozilla\Firefox\Profiles\6tm4hhd5.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.103:C:\Documents and Settings\Miguel\Application Data\Mozilla\Firefox\Profiles\6tm4hhd5.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.104:C:\Documents and Settings\Miguel\Application Data\Mozilla\Firefox\Profiles\6tm4hhd5.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.105:C:\Documents and Settings\Miguel\Application Data\Mozilla\Firefox\Profiles\6tm4hhd5.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.106:C:\Documents and Settings\Miguel\Application Data\Mozilla\Firefox\Profiles\6tm4hhd5.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.106:C:\Documents and Settings\Sandy\Application Data\Mozilla\Firefox\Profiles\raqyjw88.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.107:C:\Documents and Settings\Miguel\Application Data\Mozilla\Firefox\Profiles\6tm4hhd5.default\cookies-1.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.107:C:\Documents and Settings\Sandy\Application Data\Mozilla\Firefox\Profiles\raqyjw88.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.108:C:\Documents and Settings\Miguel\Application Data\Mozilla\Firefox\Profiles\6tm4hhd5.default\cookies-1.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.108:C:\Documents and Settings\Sandy\Application Data\Mozilla\Firefox\Profiles\raqyjw88.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.109:C:\Documents and Settings\Miguel\Application Data\Mozilla\Firefox\Profiles\6tm4hhd5.default\cookies-1.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.109:C:\Documents and Settings\Sandy\Application Data\Mozilla\Firefox\Profiles\raqyjw88.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.110:C:\Documents and Settings\Sandy\Application Data\Mozilla\Firefox\Profiles\raqyjw88.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.111:C:\Documents and Settings\Sandy\Application Data\Mozilla\Firefox\Profiles\raqyjw88.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.112:C:\Documents and Settings\Sandy\Application Data\Mozilla\Firefox\Profiles\raqyjw88.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.113:C:\Documents and Settings\Sandy\Application Data\Mozilla\Firefox\Profiles\raqyjw88.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.114:C:\Documents and Settings\Sandy\Application Data\Mozilla\Firefox\Profiles\raqyjw88.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.115:C:\Documents and Settings\Sandy\Application Data\Mozilla\Firefox\Profiles\raqyjw88.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.45:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lrueosh9.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.46:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lrueosh9.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.47:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lrueosh9.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.51:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lrueosh9.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.56:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lrueosh9.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.57:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lrueosh9.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.58:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lrueosh9.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.59:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lrueosh9.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.69:C:\Documents and Settings\Isidro\Application Data\Mozilla\Firefox\Profiles\4dyd557j.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.70:C:\Documents and Settings\Isidro\Application Data\Mozilla\Firefox\Profiles\4dyd557j.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.71:C:\Documents and Settings\Isidro\Application Data\Mozilla\Firefox\Profiles\4dyd557j.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.72:C:\Documents and Settings\Isidro\Application Data\Mozilla\Firefox\Profiles\4dyd557j.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.73:C:\Documents and Settings\Isidro\Application Data\Mozilla\Firefox\Profiles\4dyd557j.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.74:C:\Documents and Settings\Isidro\Application Data\Mozilla\Firefox\Profiles\4dyd557j.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.75:C:\Documents and Settings\Isidro\Application Data\Mozilla\Firefox\Profiles\4dyd557j.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.76:C:\Documents and Settings\Isidro\Application Data\Mozilla\Firefox\Profiles\4dyd557j.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.77:C:\Documents and Settings\Isidro\Application Data\Mozilla\Firefox\Profiles\4dyd557j.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
C:\Documents and Settings\Isidro\Cookies\isidro@casalemedia[1].txt -> TrackingCookie.Casalemedia : Cleaned.
C:\Documents and Settings\Isidro\Cookies\isidro@casalemedia[2].txt -> TrackingCookie.Casalemedia : Cleaned.
C:\Documents and Settings\Isidro\Local Settings\Temp\Cookies\isidro@casalemedia[1].txt -> TrackingCookie.Casalemedia : Cleaned.
C:\Documents and Settings\Miguel\Cookies\miguel@casalemedia[1].txt -> TrackingCookie.Casalemedia : Cleaned.
C:\Documents and Settings\Owner\Cookies\owner@casalemedia[1].txt -> TrackingCookie.Casalemedia : Cleaned.
C:\Documents and Settings\Sandy\Cookies\sandy@casalemedia[1].txt -> TrackingCookie.Casalemedia : Cleaned.
C:\Documents and Settings\Isidro\Cookies\[email protected][1].txt -> TrackingCookie.Clickhype : Cleaned.
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt -> TrackingCookie.Clickhype : Cleaned.
C:\Documents and Settings\Sandy\Cookies\[email protected][2].txt -> TrackingCookie.Clickhype : Cleaned.
:mozilla.242:C:\Documents and Settings\Miguel\Application Data\Mozilla\Firefox\Profiles\6tm4hhd5.default\cookies-1.txt -> TrackingCookie.Com : Cleaned.
:mozilla.303:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lrueosh9.default\cookies.txt -> TrackingCookie.Com : Cleaned.
:mozilla.318:C:\Documents and Settings\Miguel\Application Data\Mozilla\Firefox\Profiles\6tm4hhd5.default\cookies.txt -> TrackingCookie.Com : Cleaned.
:mozilla.364:C:\Documents and Settings\Sandy\Application Data\Mozilla\Firefox\Profiles\raqyjw88.default\cookies.txt -> TrackingCookie.Com : Cleaned.
:mozilla.643:C:\Documents and Settings\Isidro\Application Data\Mozilla\Firefox\Profiles\4dyd557j.default\cookies.txt -> TrackingCookie.Com : Cleaned.
C:\Documents and Settings\Owner\Cookies\owner@com[1].txt -> TrackingCookie.Com : Cleaned.
:mozilla.172:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lrueosh9.default\cookies.txt -> TrackingCookie.Coremetrics : Cleaned.
:mozilla.222:C:\Documents and Settings\Miguel\Application Data\Mozilla\Firefox\Profiles\6tm4hhd5.default\cookies-1.txt -> TrackingCookie.Coremetrics : Cleaned.
:mozilla.298:C:\Documents and Settings\Miguel\Application Data\Mozilla\Firefox\Profiles\6tm4hhd5.default\cookies.txt -> TrackingCookie.Coremetrics : Cleaned.
:mozilla.597:C:\Documents and Settings\Sandy\Application Data\Mozilla\Firefox\Profiles\raqyjw88.default\cookies.txt -> TrackingCookie.Coremetrics : Cleaned.
:mozilla.626:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lrueosh9.default\cookies.txt -> TrackingCookie.Coremetrics : Cleaned.
:mozilla.807:C:\Documents and Settings\Isidro\Application Data\Mozilla\Firefox\Profiles\4dyd557j.default\cookies.txt -> TrackingCookie.Coremetrics : Cleaned.
C:\Documents and Settings\Isidro\Cookies\[email protected][1].txt -> TrackingCookie.Coremetrics : Cleaned.
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt -> TrackingCookie.Coremetrics : Cleaned.
C:\Documents and Settings\Sandy\Cookies\[email protected][1].txt -> TrackingCookie.Coremetrics : Cleaned.
:mozilla.461:C:\Documents and Settings\Isidro\Application Data\Mozilla\Firefox\Profiles\4dyd557j.default\cookies.txt -> TrackingCookie.Cpvfeed : Cleaned.
:mozilla.462:C:\Documents and Settings\Isidro\Application Data\Mozilla\Firefox\Profiles\4dyd557j.default\cookies.txt -> TrackingCookie.Cpv

take_warning410 · « **Reply #14 on:** January 17, 2007, 01:46:17 AM »

Owner - 07-01-16 22:40:14.03 Service Pack 2
ComboFix 06.11.27 - Running from: "C:\Documents and Settings\Owner\Desktop"

((((((((((((((((((((((((((((((( Files Created from 2006-12-16 to 2007-01-16 ))))))))))))))))))))))))))))))))))

2007-01-16   21:04   3,968   --a------   C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-01-16   21:04   <DIR>   d--------   C:\Program Files\Grisoft
2007-01-16   21:02   <DIR>   d--------   C:\Program Files\Common Files\Java
2007-01-13   19:37   <DIR>   d--------   C:\Program Files\Photo_Resizer_Pro
2007-01-10   19:33   <DIR>   d--------   C:\Documents and Settings\All Users\Application Data\nView_Profiles
2007-01-10   10:12   <DIR>   d--------   C:\VundoFix Backups
2007-01-08   18:11   81,684   --a------   C:\WINDOWS\system32\dvkenghk.dll
2007-01-08   16:54   81,684   --a------   C:\WINDOWS\system32\chheengb.dll
2007-01-05   12:33   81,684   --a------   C:\WINDOWS\system32\iovbdqgx.dll
2007-01-04   12:24   81,684   --a------   C:\WINDOWS\system32\vuvdkeaq.dll
2007-01-01   19:22   <DIR>   d--------   C:\HJT
2006-12-30   19:50   <DIR>   d--------   C:\Program Files\_ArcadeDownloadFolder
2006-12-29   19:10   <DIR>   d--------   C:\My Backup -- 06-12-29 0810PM
2006-12-29   10:40   81,684   --a------   C:\WINDOWS\system32\akjkuenm.dll
2006-12-28   10:05   44,060   --a------   C:\WINDOWS\system32\msbhmfow.dll
2006-12-28   10:04   81,684   --a------   C:\WINDOWS\system32\fcjbighr.dll
2006-12-27   17:25   44,060   --a------   C:\WINDOWS\system32\jqbargpy.dll
2006-12-27   16:21   44,060   --a------   C:\WINDOWS\system32\auwnjdkh.dll
2006-12-27   15:15   44,060   --a------   C:\WINDOWS\system32\lxfdvhnu.dll
2006-12-27   14:48   44,060   --a------   C:\WINDOWS\system32\pleqjput.dll
2006-12-22   22:45   81,684   --a------   C:\WINDOWS\system32\bkxdihgx.dll
2006-12-19   16:37   81,684   --a------   C:\WINDOWS\system32\nmypsyfy.dll

(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-01-16 22:26   --------   d--------   C:\Program Files\Mozilla Firefox
2007-01-16 21:02   --------   d--------   C:\Program Files\Java
2007-01-16 21:02   --------   d--------   C:\Program Files\Common Files
2007-01-16 20:55   382   --a------   C:\Documents and Settings\Owner\Application Data\internaldb1942.dat
2007-01-15 16:14   --------   d--------   C:\Program Files\Common Files\Symantec Shared
2007-01-10 14:12   2560   --a------   C:\WINDOWS\system32\BitCometRes.dll
2007-01-10 14:12   --------   d--------   C:\Program Files\BitComet
2007-01-10 10:04   69632   --a------   C:\Documents and Settings\Owner\Application Data\internaldb4827.dat
2007-01-10 10:04   151   --a------   C:\Documents and Settings\Owner\Application Data\internaldb9912.dat
2007-01-10 10:04   0   --a------   C:\Documents and Settings\Owner\Application Data\internaldb715.dat
2007-01-03 08:36   --------   d--------   C:\Program Files\LimeWire
2006-12-31 18:52   --------   d--------   C:\Program Files\Google
2006-12-31 15:54   --------   d--------   C:\Program Files\Common Files\Adobe
2006-12-31 15:54   --------   d--------   C:\Program Files\Adobe
2006-12-30 19:50   --------   d--------   C:\Program Files\_ArcadeDownloadFolder
2006-12-27 16:02   --------   d--------   C:\Program Files\VSAdd-in
2006-12-27 14:59   --------   d--------   C:\Program Files\Soulseek
2006-12-15 18:13   --------   d--------   C:\Program Files\Blubster
2006-12-15 14:18   --------   d--------   C:\Program Files\Internet Explorer
2006-12-15 10:18   --------   d--------   C:\Program Files\Common Files\System
2006-12-15 10:13   --------   d--------   C:\Program Files\Outlook Express
2006-12-14 16:28   118804   --a------   C:\WINDOWS\system32\lonxighk.dll
2006-12-14 15:02   118804   --a------   C:\WINDOWS\system32\ntfhowex.dll
2006-12-07 01:44   --------   d--------   C:\Documents and Settings\Owner\Application Data\CyberLink
2006-12-06 22:40   2362184   --a------   C:\WINDOWS\system32\wmvcore.dll
2006-11-28 09:54   --------   d--------   C:\Program Files\Pure Networks
2006-11-28 09:21   --------   d--------   C:\Program Files\BitTorrent
2006-11-28 09:17   --------   d--------   C:\Documents and Settings\Owner\Application Data\BitTorrent
2006-11-28 09:11   --------   d--------   C:\Program Files\Common Files\AOL
2006-11-28 09:10   --------   d--------   C:\Documents and Settings\Owner\Application Data\AOL
2006-11-26 20:31   --------   d--------   C:\Documents and Settings\Owner\Application Data\Adobe
2006-11-25 19:01   --------   d--------   C:\Documents and Settings\Owner\Application Data\Creative
2006-11-24 08:14   --------   d--------   C:\Program Files\Creative
2006-11-24 08:12   --------   d--h-----   C:\Program Files\InstallShield Installation Information
2006-11-24 08:05   --------   d--------   C:\Program Files\Windows Media Player
2006-11-22 18:03   --------   d--------   C:\Documents and Settings\Owner\Application Data\vlc
2006-11-20 20:37   --------   d--------   C:\Program Files\Common Files\Vbox
2006-11-20 20:23   --------   d--------   C:\Documents and Settings\Owner\Application Data\Leadertech
2006-11-20 20:05   --------   d--------   C:\Documents and Settings\Owner\Application Data\AdobeAUM
2006-11-19 19:37   --------   d--------   C:\Program Files\VideoLAN
2006-11-18 13:26   --------   d--------   C:\Program Files\MSXML 4.0
2006-11-17 18:34   0   --a------   C:\Documents and Settings\Owner\Application Data\internaldb5436.dat
2006-11-17 15:34   --------   d---s----   C:\Documents and Settings\Owner\Application Data\Microsoft
2006-11-15 15:54   0   --a------   C:\Documents and Settings\Owner\Application Data\internaldb4179.dat
2006-11-15 15:54   0   --a------   C:\Documents and Settings\Owner\Application Data\internaldb2391.dat
2006-11-15 15:54   0   --a------   C:\Documents and Settings\Owner\Application Data\internaldb1869.dat
2006-11-12 00:32   9216   --a------   C:\Documents and Settings\Owner\Application Data\internaldb8467.dat
2006-11-12 00:32   49   --a------   C:\Documents and Settings\Owner\Application Data\internaldb41.dat
2006-11-12 00:32   0   --a------   C:\Documents and Settings\Owner\Application Data\internaldb6334.dat
2006-11-12 00:31   365132   --a------   C:\WINDOWS\7-7c15eb3352bcc3049d7e9e974ad283bf.exe
2006-11-12 00:31   23   --a------   C:\Documents and Settings\Owner\Application Data\inifile41.ini
2006-11-07 21:06   679424   --a------   C:\WINDOWS\system32\inetcomm.dll
2006-11-04 14:14   1245696   --a------   C:\WINDOWS\system32\msxml4.dll
2006-10-19 20:09   0   --a------   C:\Documents and Settings\Owner\Application Data\wklnhst.dat
2006-10-19 05:56   713216   --a------   C:\WINDOWS\system32\sxs.dll

(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"Mercora"="\"C:\\Program Files\\Mercora\\MercoraClient.exe\" -min"
"MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"Torrent Finder"="\"C:\\Program Files\\Torrent Finder\\Torrent-Finder.exe\""
"updateMgr"="C:\\Program Files\\Adobe\\Acrobat 7.0\\Reader\\AdobeUpdateManager.exe AcRdB7_0_5 -reboot 1"
"Creative Detector"="\"C:\\Program Files\\Creative\\MediaSource\\Detector\\CTDetect.exe\" /R"
"BitTorrent"="\"C:\\Program Files\\BitTorrent\\bittorrent.exe\" --force_start_minimized"
"Power2GoExpress"=""
"swg"="C:\\Program Files\\Google\\GoogleToolbarNotifier\\1.2.1128.2480\\GoogleToolbarNotifier.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"RemoteControl"="\"C:\\Program Files\\CyberLink\\PowerDVD\\PDVDServ.exe\""
"SoundMan"="SOUNDMAN.EXE"
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"nwiz"="nwiz.exe /install"
"NvMediaCenter"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvMcTray.dll,NvTaskbarInit"
"Recguard"=hex(2):25,57,49,4e,44,49,52,25,5c,53,4d,49,4e,53,54,5c,52,45,43,47,\
55,41,52,44,2e,45,58,45,00
"Reminder"=hex(2):25,57,49,4e,44,49,52,25,5c,43,72,65,61,74,6f,72,5c,52,65,6d,\
69,6e,64,5f,58,50,2e,65,78,65,00
"ccApp"="\"C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\""
"osCheck"="\"C:\\Program Files\\Norton AntiVirus\\osCheck.exe\""
"D-Link AirPlus XtremeG"="C:\\Program Files\\D-Link\\AirPlus XtremeG\\AirPlusCFG.exe"
"ANIWZCS2Service"="C:\\Program Files\\ANI\\ANIWZCS2 Service\\WZCSLDR2.exe"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"AGEIA PhysX SysTray"="\"C:\\Program Files\\AGEIA Technologies\\TrayIcon.exe\""
"MSKDetectorExe"="C:\\Program Files\\McAfee\\SpamKiller\\MSKDetct.exe /uninstall"
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.6.0\\bin\\jusched.exe\""
"!AVG Anti-Spyware"="\"C:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000004

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,e2,02,00,00,ec,\
03,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=dword:40000004
"OriginalStateInfo"=hex:18,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,e2,02,\
00,00,04,00,00,40
"RestoredStateInfo"=hex:18,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,e2,02,\
00,00,01,00,00,00

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"Power2GoExpress"="NA"

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"Power2GoExpress"="NA"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
"CDRAutoRun"=dword:00000000

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
"CDRAutoRun"=dword:00000000

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\Norton AntiVirus - Run Full System Scan - Owner.job

Completion time: 07-01-16 22:43:02.10
C:\ComboFix.txt ... 07-01-16 22:43
C:\ComboFix2.txt ... 07-01-09 11:08

guestolo · « **Reply #15 on:** January 17, 2007, 09:00:51 PM »

Looking better, still some cleaning
Can you do the following

Download [color=\"#FF0000\"]The Avenger.zip[/color] by Swandog46 to your Desktop.

* Click on Avenger.zip to open the file
* Extract avenger.exe to your desktop

Copy ALL the text contained in [color=\"#0000FF\"]blue[/color] below to your Clipboard by highlighting it and pressing the (Ctrl+C) on your keyboard,

=============================================================
[color=\"#0000FF\"]
Files to delete:
C:\WINDOWS\system32\dvkenghk.dll
C:\WINDOWS\system32\chheengb.dll
C:\WINDOWS\system32\iovbdqgx.dll
C:\WINDOWS\system32\vuvdkeaq.dll
C:\WINDOWS\system32\akjkuenm.dll
C:\WINDOWS\system32\msbhmfow.dll
C:\WINDOWS\system32\fcjbighr.dll
C:\WINDOWS\system32\jqbargpy.dll
C:\WINDOWS\system32\auwnjdkh.dll
C:\WINDOWS\system32\lxfdvhnu.dll
C:\WINDOWS\system32\pleqjput.dll
C:\WINDOWS\system32\bkxdihgx.dll
C:\WINDOWS\system32\nmypsyfy.dll
C:\WINDOWS\system32\lonxighk.dll
C:\WINDOWS\system32\ntfhowex.dll
C:\Documents and Settings\Owner\Application Data\internaldb1942.dat
C:\Documents and Settings\Owner\Application Data\internaldb4827.dat
C:\Documents and Settings\Owner\Application Data\internaldb9912.dat
C:\Documents and Settings\Owner\Application Data\internaldb715.dat
C:\Documents and Settings\Owner\Application Data\internaldb5436.dat
C:\Documents and Settings\Owner\Application Data\internaldb4179.dat
C:\Documents and Settings\Owner\Application Data\internaldb2391.dat
C:\Documents and Settings\Owner\Application Data\internaldb1869.dat
C:\Documents and Settings\Owner\Application Data\internaldb8467.dat
C:\Documents and Settings\Owner\Application Data\internaldb41.dat
C:\Documents and Settings\Owner\Application Data\internaldb6334.dat
C:\WINDOWS\7-7c15eb3352bcc3049d7e9e974ad283bf.exe
C:\Documents and Settings\Owner\Application Data\inifile41.ini

Folders to delete:
C:\WINDOWS\system32\SmartShopper
C:\Program Files\VSAdd-in

Registry keys to delete:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{97D364E2-614A-4160-8127-CDE889EDA420}
[/color]

==========================================================================
Now, start The Avenger program by clicking on its icon on your desktop
OK the prompt

* Under "Script file to execute" choose "Input Script Manually".
* Now click on the Magnifying Glass icon which will open a new window titled "View/edit script"
* Paste the text copied to clipboard into this window by pressing (Ctrl+V).
* Click Done
* Now click on the [color=\"#00FF00\"]Green Light[/color] to begin execution of the script
* Answer "Yes" twice when prompted.

Avenger should now Reboot your computer

Back in Windows

1. Post a fresh hijackthis log
2. Post the log from Avenger>>C:\Avenger.txt

Keep me informed how things are running please

take_warning410 · « **Reply #16 on:** January 18, 2007, 03:22:38 PM »

Logfile of HijackThis v1.99.1
Scan saved at 12:21:53 PM, on 1/18/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\Explorer.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\D-Link\AirPlus XtremeG\AirPlusCFG.exe
C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\AGEIA Technologies\TrayIcon.exe
C:\Program Files\Java\jre1.6.0\bin\jusched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.2480\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\BigFix\bigfix.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\HJT\scanner.exe.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://sbc.yahoo.com/dsl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.gateway.com/g/startpage.html?Ch...DTP&M=D3123
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.com/g/startpage.html?Ch...DTP&M=D3123
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\windows\system32\BAE.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [Reminder] %WINDIR%\Creator\Remind_XP.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton AntiVirus\osCheck.exe"
O4 - HKLM\..\Run: [D-Link AirPlus XtremeG] C:\Program Files\D-Link\AirPlus XtremeG\AirPlusCFG.exe
O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AGEIA PhysX SysTray] "C:\Program Files\AGEIA Technologies\TrayIcon.exe"
O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [Mercora] "C:\Program Files\Mercora\MercoraClient.exe" -min
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Torrent Finder] "C:\Program Files\Torrent Finder\Torrent-Finder.exe"
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_5 -reboot 1
O4 - HKCU\..\Run: [Creative Detector] "C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.2480\GoogleToolbarNotifier.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\bigfix.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\common\yinsthelper.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe

take_warning410 · « **Reply #17 on:** January 18, 2007, 03:23:48 PM »

Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\epwpawyg

*******************

Script file located at: \??\C:\WINDOWS\system32\mrwbixri.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

File C:\WINDOWS\system32\dvkenghk.dll deleted successfully.
File C:\WINDOWS\system32\chheengb.dll deleted successfully.
File C:\WINDOWS\system32\iovbdqgx.dll deleted successfully.
File C:\WINDOWS\system32\vuvdkeaq.dll deleted successfully.
File C:\WINDOWS\system32\akjkuenm.dll deleted successfully.
File C:\WINDOWS\system32\msbhmfow.dll deleted successfully.
File C:\WINDOWS\system32\fcjbighr.dll deleted successfully.
File C:\WINDOWS\system32\jqbargpy.dll deleted successfully.
File C:\WINDOWS\system32\auwnjdkh.dll deleted successfully.
File C:\WINDOWS\system32\lxfdvhnu.dll deleted successfully.
File C:\WINDOWS\system32\pleqjput.dll deleted successfully.
File C:\WINDOWS\system32\bkxdihgx.dll deleted successfully.
File C:\WINDOWS\system32\nmypsyfy.dll deleted successfully.
File C:\WINDOWS\system32\lonxighk.dll deleted successfully.
File C:\WINDOWS\system32\ntfhowex.dll deleted successfully.
File C:\Documents and Settings\Owner\Application Data\internaldb1942.dat deleted successfully.
File C:\Documents and Settings\Owner\Application Data\internaldb4827.dat deleted successfully.
File C:\Documents and Settings\Owner\Application Data\internaldb9912.dat deleted successfully.
File C:\Documents and Settings\Owner\Application Data\internaldb715.dat deleted successfully.
File C:\Documents and Settings\Owner\Application Data\internaldb5436.dat deleted successfully.
File C:\Documents and Settings\Owner\Application Data\internaldb4179.dat deleted successfully.
File C:\Documents and Settings\Owner\Application Data\internaldb2391.dat deleted successfully.
File C:\Documents and Settings\Owner\Application Data\internaldb1869.dat deleted successfully.
File C:\Documents and Settings\Owner\Application Data\internaldb8467.dat deleted successfully.
File C:\Documents and Settings\Owner\Application Data\internaldb41.dat deleted successfully.
File C:\Documents and Settings\Owner\Application Data\internaldb6334.dat deleted successfully.
File C:\WINDOWS\7-7c15eb3352bcc3049d7e9e974ad283bf.exe deleted successfully.
File C:\Documents and Settings\Owner\Application Data\inifile41.ini deleted successfully.
Folder C:\WINDOWS\system32\SmartShopper deleted successfully.
Folder C:\Program Files\VSAdd-in deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{97D364E2-614A-4160-8127-CDE889EDA420} deleted successfully.

Completed script processing.

*******************

Finished! Terminate.

take_warning410 · « **Reply #18 on:** January 18, 2007, 03:32:52 PM »

thinga are doing better. the computer hasnt shut off unexpectedly. we have dsl and the network goes off a lot. i dont know if this is a computer problem or a problem with the provider. i dont think i have seen a lot of pop ups

guestolo · « **Reply #19 on:** January 18, 2007, 11:46:57 PM »

I don't see the below anti-spyware scanners installed on your computer
They are yours for free, please install and hold onto them, they are free tools

Download and Install
Ad-Aware SE Personal 1.06

Open Ad-Aware, ensure to click the check for updates now link and Connect to download the latest updates
Close out after it is updated, as we will need it later
Open Ad-Aware SE 1.06
Click START
Click the radio button to Perform a Full system scan then click NEXT
When it's finished scanning
At this point you should either right click on the screen and and choose the "Select All" Objects option or individually put a checkmark in each objects checkbox
click on the Next button. Ad-Aware SE will now present you with a confirmation box as to whether or not you would like to remove the objects you have just selected. Press the "OK" button

RESTART your computer to finish the cleaning process
===================================

Download and Install Spybot 1.4 from
HERE

After installation--Click the UPDATE button on the left
SEARCH FOR UPDATES on the right
Check, and then download all updates
Ensure all updates are successful, a GREEN check will indicate this
If you have an error updating, search for updates again and retry the download until all updates are successfully installed
After update is complete

Click the "Search & Destroy" button on the left
"Check for Problems"---When the Scan is complete
FIX all selected promblems in RED

RESTART the computer to finish any cleaning process

Back in windows

One more fresh hijackthis log please and let me know how things are running then

News:

Author Topic: virus? (Read 640 times)