Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Hijackthis Logfile


  • Please log in to reply
8 replies to this topic

#1 averice12

averice12

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:05:07 AM

Posted 12 August 2007 - 11:17 PM

I need some help with the analysis of this logfile


Thanks





Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:13:25 AM, on 8/13/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\fbmxisch.exe
C:\WINDOWS\system32\DVDRAMSV.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
C:\Program Files\ltmoh\Ltmoh.exe

C:\Program Files\Synaptics\SynTP\Toshiba.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\Toshiba\Tvs\TvsTray.exe
C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\toshiba\ivp\ism\pinger.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\McAfee.com\VSO\mcvsshld.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\McAfee.com\VSO\oasclnt.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Adobe\Adobe Photoshop Lightroom\apdproxy.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\RAMASST.exe
c:\progra~1\common~1\instal~1\update~1\isuspm.exe
C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\agent.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.toshibadirect.com/dpdstart
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toshibadirect.com/dpdstart
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [THotkey] C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [Tvs] C:\Program Files\Toshiba\Tvs\TvsTray.exe
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
O4 - HKLM\..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [CFSServ.exe] CFSServ.exe -NoClient
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Adobe Photoshop Lightroom\apdproxy.exe"
O4 - HKLM\..\Run: [Turtle Beach Audio Advantage Amigo] "C:\Program Files\Turtle Beach\AudioAdvantageAmigo\tbaa.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [SystemOptimizer] rundll32.exe "C:\WINDOWS\system32\annubggh.dll",forkonce
O4 - HKLM\..\RunOnce: [SpybotDeletingA8422] command /c del "C:\WINDOWS\system32\mljjg.dll_tobedeleted"
O4 - HKLM\..\RunOnce: [SpybotDeletingC3483] cmd /c del "C:\WINDOWS\system32\mljjg.dll_tobedeleted"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\RunOnce: [SpybotDeletingB1925] command /c del "C:\WINDOWS\system32\mljjg.dll_tobedeleted"
O4 - HKCU\..\RunOnce: [SpybotDeletingD2027] cmd /c del "C:\WINDOWS\system32\mljjg.dll_tobedeleted"
O4 - Startup: Yahoo! Widget Engine.lnk = C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: (no name) - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.toshibadirect.com/dpdstart
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: DomainService - - C:\WINDOWS\system32\fbmxisch.exe
O23 - Service: DVD-RAM_Service - Matsubleepa Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Imapi Helper - Alex Feinman - C:\Program Files\Alex Feinman\ISO Recorder\ImapiHelper.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Swupdtmr - Unknown owner - c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
O23 - Service: TOSHIBA Application Service (TAPPSRV) - TOSHIBA Corp. - C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe

--
End of file - 9716 bytes

BC AdBot (Login to Remove)

 


#2 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:10:07 AM

Posted 13 August 2007 - 09:57 AM

Welcome to the BleepingComputer HijackThis Logs and Analysis forum averice12 :thumbsup:
My name is Richie and i'll be helping you to fix your problems.

Download Combofix and save to your desktop:
Note:
It is important that it is saved directly to your desktop

Close any open browsers.
Double click on combofix.exe and follow the prompts.
When it's finished it will produce a log.
Post the entire contents of C:\ComboFix.txt into your next reply.
Note:
Do not mouseclick combofix's window while it's running.
That may cause the program to freeze/hang.

Do NOT post the ComboFix-quarantined-files.txt unless I ask.

Now go to:
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
Right click on Hijackthis.exe and select 'Rename', rename it to abc.bat
Double click on abc.bat(which is still Hijackthis.exe),post that log into your next reply please.
Posted Image
Posted Image

#3 averice12

averice12
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:05:07 AM

Posted 14 August 2007 - 10:00 PM

Here is the log

from the checker
out of curiosity why am I making hijack this into a batch file?

ComboFix 07-08-14.6 - "Kristin" 2007-08-14 14:31:22.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.110 [GMT -4:00]
* Created a new restore point


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\system32\ahbteyam.dll
C:\WINDOWS\system32\ankbipfl.exe
C:\WINDOWS\system32\annubggh.dll
C:\WINDOWS\system32\avhyhcgo.dll
C:\WINDOWS\system32\axuyejrm.exe
C:\WINDOWS\system32\bbvllvqv.exe
C:\WINDOWS\system32\bgcodmgu.exe
C:\WINDOWS\system32\bpwbfmrj.exe
C:\WINDOWS\system32\bryvepuv.exe
C:\WINDOWS\system32\bszip.dll
C:\WINDOWS\system32\byxuvwt.dll
C:\WINDOWS\system32\clejevja.dll
C:\WINDOWS\system32\clytrnyc.exe
C:\WINDOWS\system32\cyyvybnp.exe
C:\WINDOWS\system32\deaougvu.exe
C:\WINDOWS\system32\dmcmhirq.exe
C:\WINDOWS\system32\dtkwddau.dll
C:\WINDOWS\system32\dxeondle.exe
C:\WINDOWS\system32\edkpxtsd.exe
C:\WINDOWS\system32\eynhxmbw.exe
C:\WINDOWS\system32\fbmxisch.exe
C:\WINDOWS\system32\ffdgjirm.exe
C:\WINDOWS\system32\fhlfdwiw.exe
C:\WINDOWS\system32\flltwihs.dll
C:\WINDOWS\system32\fvbdvjos.dll
C:\WINDOWS\system32\gjjlm.bak1
C:\WINDOWS\system32\gjjlm.bak2
C:\WINDOWS\system32\gjjlm.ini
C:\WINDOWS\system32\gjjlm.ini2
C:\WINDOWS\system32\gjjlm.tmp
C:\WINDOWS\system32\gmmfqfbr.dll
C:\WINDOWS\system32\gpdaptih.exe
C:\WINDOWS\system32\gpucyjex.dll
C:\WINDOWS\system32\gwnarxsr.dll
C:\WINDOWS\system32\hggbunna.ini
C:\WINDOWS\system32\hnnsveql.exe
C:\WINDOWS\system32\huedgotk.exe
C:\WINDOWS\system32\icihrqpv.exe
C:\WINDOWS\system32\ihfrivbt.exe
C:\WINDOWS\system32\ioiovvej.dll
C:\WINDOWS\system32\iswfcoon.dll
C:\WINDOWS\system32\itpmjqpo.exe
C:\WINDOWS\system32\iybytyjm.exe
C:\WINDOWS\system32\jcjsgcki.exe
C:\WINDOWS\system32\jcopcasb.exe
C:\WINDOWS\system32\jfuolyin.dll
C:\WINDOWS\system32\joknxucx.dll
C:\WINDOWS\system32\jstchiaw.exe
C:\WINDOWS\system32\keqjdqqd.dll
C:\WINDOWS\system32\kibbfqav.exe
C:\WINDOWS\system32\kjsgxvho.exe
C:\WINDOWS\system32\kqglvrgp.exe
C:\WINDOWS\system32\lcrrcice.exe
C:\WINDOWS\system32\lfobtivw.dll
C:\WINDOWS\system32\lrmrvhch.exe
C:\WINDOWS\system32\mfknefuc.exe
C:\WINDOWS\system32\mknfmxyp.exe
C:\WINDOWS\system32\mljjg.dll
C:\WINDOWS\system32\naevgwsy.exe
C:\WINDOWS\system32\nihecwjm.exe
C:\WINDOWS\system32\niyloufj.ini
C:\WINDOWS\system32\nngcvcbl.exe
C:\WINDOWS\system32\nwdoybda.exe
C:\WINDOWS\system32\nyssmdid.dll
C:\WINDOWS\system32\omxjmhdv.exe
C:\WINDOWS\system32\osrwdtyx.ini
C:\WINDOWS\system32\pfngsaca.exe
C:\WINDOWS\system32\phybymft.exe
C:\WINDOWS\system32\ptrgaole.exe
C:\WINDOWS\system32\qdjhvacu.exe
C:\WINDOWS\system32\qsiqvslt.exe
C:\WINDOWS\system32\rakrnwti.dll
C:\WINDOWS\system32\rlsravtm.exe
C:\WINDOWS\system32\rqqpmkhs.exe
C:\WINDOWS\system32\rrqltoyh.exe
C:\WINDOWS\system32\rsxranwg.ini
C:\WINDOWS\system32\sojvdbvf.ini
C:\WINDOWS\system32\tramwvqx.exe
C:\WINDOWS\system32\uaddwktd.ini
C:\WINDOWS\system32\udvuqyel.dll
C:\WINDOWS\system32\uflkxaid.exe
C:\WINDOWS\system32\uhgscsni.exe
C:\WINDOWS\system32\ukwvgepi.dll
C:\WINDOWS\system32\uowhwiux.ini
C:\WINDOWS\system32\veybohty.dll
C:\WINDOWS\system32\vqecmetx.exe
C:\WINDOWS\system32\wnqmevxk.exe
C:\WINDOWS\system32\wvitbofl.ini
C:\WINDOWS\system32\x.exe
C:\WINDOWS\system32\xoappgxr.exe
C:\WINDOWS\system32\xuiwhwou.dll
C:\WINDOWS\system32\xytdwrso.dll
C:\WINDOWS\system32\yqkapsxo.exe
C:\WINDOWS\system32\ythobyev.ini


((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))


-------\LEGACY_DOMAINSERVICE
-------\DomainService


((((((((((((((((((((((((( Files Created from 2007-07-14 to 2007-08-14 )))))))))))))))))))))))))))))))


2007-08-14 15:48 <DIR> d-------- C:\WINDOWS\LastGood
2007-08-14 14:27 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-08-10 13:33 <DIR> d-------- C:\DOCUME~1\Kristin\APPLIC~1\Viewpoint
2007-08-10 03:28 <DIR> d-------- C:\Program Files\DivX
2007-08-08 12:06 <DIR> d-------- C:\Program Files\MediaMonkey
2007-08-08 11:28 22,528 --a------ C:\WINDOWS\system32\WNASPI32.DLL
2007-08-08 11:28 16,512 --a------ C:\WINDOWS\system32\drivers\ASPI32.SYS
2007-08-08 11:27 <DIR> d-------- C:\Program Files\4Musics FLAC to MP3 Converter
2007-07-30 23:21 <DIR> d-------- C:\Program Files\Garritan Personal Orchestra
2007-07-28 15:32 <DIR> d-------- C:\Program Files\Common Files\Voyetra
2007-07-28 15:11 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\InstallShield
2007-07-28 15:10 98,304 --a------ C:\WINDOWS\system32\cmudau.dll
2007-07-28 15:10 917,504 --a------ C:\WINDOWS\system\cmds3du.dll
2007-07-28 15:10 86,016 --a------ C:\WINDOWS\CMedia.dll
2007-07-28 15:10 712,704 --a------ C:\WINDOWS\system32\a3dpropu.dll
2007-07-28 15:10 712,704 --a------ C:\WINDOWS\system32\a3d.dll
2007-07-28 15:10 61,440 --a------ C:\WINDOWS\system\cmsnxeye.exe
2007-07-28 15:10 32,768 --a------ C:\WINDOWS\system32\cmdrvrmu.dll
2007-07-28 15:10 28,672 --a------ C:\WINDOWS\CmiUSB2Uninstall.exe
2007-07-28 15:10 229,376 --a------ C:\WINDOWS\system32\cmdrvrmu.exe
2007-07-28 15:10 14,848 --a------ C:\WINDOWS\system32\cmpropu.dll
2007-07-28 15:10 1,333,632 --a------ C:\WINDOWS\system32\drivers\cmudau.sys
2007-07-28 15:10 <DIR> d-------- C:\Program Files\Turtle Beach
2007-07-28 12:59 <DIR> d-------- C:\DOCUME~1\Kristin\APPLIC~1\Help
2007-07-27 17:18 <DIR> d-------- C:\Program Files\Common Files\Digidesign
2007-07-27 16:48 <DIR> d-------- C:\Program Files\Bonjour
2007-07-27 15:55 <DIR> d-------- C:\Program Files\VirtualDJ
2007-07-26 13:16 <DIR> d-------- C:\Program Files\Trend Micro
2007-07-25 23:06 144,704 --a------ C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2007-07-25 22:53 524,288 --a------ C:\WINDOWS\system32\DivXsm.exe
2007-07-25 22:53 3,596,288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2007-07-25 22:53 200,704 --a------ C:\WINDOWS\system32\ssldivx.dll
2007-07-25 22:53 1,044,480 --a------ C:\WINDOWS\system32\libdivx.dll
2007-07-25 22:50 823,296 --a------ C:\WINDOWS\system32\divx_xx0c.dll
2007-07-25 22:50 823,296 --a------ C:\WINDOWS\system32\divx_xx07.dll
2007-07-25 22:50 81,920 --a------ C:\WINDOWS\system32\dpl100.dll
2007-07-25 22:50 802,816 --a------ C:\WINDOWS\system32\divx_xx11.dll
2007-07-25 22:50 740,442 --a------ C:\WINDOWS\system32\DivX.dll
2007-07-25 22:50 593,920 --a------ C:\WINDOWS\system32\dpuGUI11.dll
2007-07-25 22:50 57,344 --a------ C:\WINDOWS\system32\dpv11.dll
2007-07-25 22:50 53,248 --a------ C:\WINDOWS\system32\dpuGUI10.dll
2007-07-25 22:50 344,064 --a------ C:\WINDOWS\system32\dpus11.dll
2007-07-25 22:50 294,912 --a------ C:\WINDOWS\system32\dpu11.dll
2007-07-25 22:50 294,912 --a------ C:\WINDOWS\system32\dpu10.dll
2007-07-25 22:50 196,608 --a------ C:\WINDOWS\system32\dtu100.dll
2007-07-25 22:49 12,288 --a------ C:\WINDOWS\system32\DivXWMPExtType.dll
2007-07-24 13:29 32,592 --a------ C:\WINDOWS\system32\msonpmon.dll
2007-07-24 13:05 <DIR> d-------- C:\Program Files\MSBuild
2007-07-24 13:03 <DIR> d-------- C:\Program Files\Microsoft.NET
2007-07-24 12:52 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft Help
2007-07-23 13:39 <DIR> d-------- C:\test
2007-07-23 13:26 2,956 --a------ C:\WINDOWS\mozver.dat
2007-07-22 12:36 <DIR> d-------- C:\Program Files\ASIO4ALL v2
2007-07-22 12:31 <DIR> d-------- C:\WINDOWS\pss
2007-07-21 14:05 <DIR> d-------- C:\Temp
2007-07-21 14:05 <DIR> d-------- C:\DOCUME~1\Kristin\APPLIC~1\Syntrillium
2007-07-21 14:03 665,424 --a------ C:\WINDOWS\system32\wmv8dmoe.dll
2007-07-21 14:03 572,752 --a------ C:\WINDOWS\system32\wmvdmoe.dll
2007-07-21 14:03 438,608 --a------ C:\WINDOWS\system32\wmv8dmod.dll
2007-07-21 14:03 1,683,792 --a------ C:\WINDOWS\system32\wmvcore2.dll
2007-07-20 12:24 <DIR> d-------- C:\DOCUME~1\Kristin\APPLIC~1\Sonic
2007-07-19 14:08 <DIR> d-------- C:\Program Files\Netflix
2007-07-18 14:46 <DIR> d-------- C:\Program Files\PowerISO
2007-07-17 22:41 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\FLEXnet
2007-07-17 21:03 <DIR> d-------- C:\Program Files\Common Files\Macrovision Shared
2007-07-15 02:57 52,736 --a------ C:\WINDOWS\ipuninst.exe
2007-07-15 02:57 <DIR> d-------- C:\Program Files\BlackIsle
2007-07-15 02:37 <DIR> d-------- C:\Program Files\Alex Feinman


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-08-09 12:58 --------- d-------- C:\Program Files\Wyzo
2007-08-08 12:04 --------- d-------- C:\Program Files\Yahoo!
2007-07-30 19:19 73 --a------ C:\WINDOWS\system32\ssprs.dll
2007-07-30 19:19 205 --a------ C:\WINDOWS\system32\lsprst7.dll
2007-07-29 23:02 --------- d-------- C:\Program Files\Google
2007-07-28 21:09 --------- d-------- C:\Program Files\Quicken
2007-07-28 20:40 --------- d--h----- C:\Program Files\InstallShield Installation Information
2007-07-28 20:40 --------- d-------- C:\Program Files\TOSHIBA
2007-07-28 15:10 --------- d-------- C:\Program Files\Common Files\InstallShield
2007-07-28 12:49 --------- d-------- C:\DOCUME~1\Kristin\APPLIC~1\Wyzo
2007-07-27 17:18 --------- d-------- C:\Program Files\Native Instruments
2007-07-27 16:16 --------- d-------- C:\DOCUME~1\Kristin\APPLIC~1\AdobeUM
2007-07-24 13:06 --------- d-------- C:\Program Files\Microsoft Works
2007-07-22 01:49 --------- d-------- C:\Program Files\Ableton
2007-07-15 02:28 --------- d-------- C:\Program Files\iGetter
2007-07-12 18:55 --------- d-------- C:\DOCUME~1\Kristin\APPLIC~1\Apple Computer
2007-07-12 17:56 --------- d-------- C:\Program Files\MagicISO
2007-07-12 15:40 --------- d-------- C:\Program Files\DOSBox-0.70
2007-07-12 13:52 --------- d-------- C:\Program Files\Dink Smallwood
2007-07-11 14:23 --------- d-------- C:\Program Files\eMule
2007-07-11 12:45 --------- d-------- C:\Program Files\VSTplugins
2007-07-11 12:25 --------- d-------- C:\DOCUME~1\Kristin\APPLIC~1\Ableton
2007-07-11 11:44 --------- d-------- C:\DOCUME~1\Kristin\APPLIC~1\.wyzo
2007-07-11 03:42 --------- d-------- C:\Program Files\Waves
2007-07-11 03:03 --------- d-------- C:\DOCUME~1\Kristin\APPLIC~1\iGetter
2007-07-11 01:35 --------- d-------- C:\Program Files\Digidesign
2007-07-10 15:03 1025 --a------ C:\WINDOWS\system32\sysprs7.dll
2007-07-10 15:03 1025 --a------ C:\WINDOWS\system32\clauth2.dll
2007-07-10 15:03 1025 --a------ C:\WINDOWS\system32\clauth1.dll
2007-07-10 14:33 --------- d-------- C:\Program Files\Arturia
2007-07-10 12:05 --------- d-------- C:\Program Files\TCWorks
2007-07-10 12:02 --------- d-------- C:\DOCUME~1\Kristin\APPLIC~1\WinRAR
2007-07-10 11:55 --------- d-------- C:\Program Files\Image-Line
2007-07-10 11:47 --------- d-------- C:\DOCUME~1\Kristin\APPLIC~1\Sony
2007-07-10 11:47 --------- d-------- C:\DOCUME~1\Kristin\APPLIC~1\Publish Providers
2007-07-10 11:44 --------- d-------- C:\Program Files\Sony Setup
2007-07-10 11:38 --------- d-------- C:\Program Files\7-Zip
2007-07-09 14:31 --------- d-------- C:\Program Files\Picasa2
2007-07-09 12:04 153 --a------ C:\DelUS.bat
2007-07-09 12:00 --------- d-------- C:\Program Files\AIM
2007-07-09 11:59 --------- d-------- C:\Program Files\Common Files\AOL
2007-07-09 11:59 --------- d-------- C:\DOCUME~1\Kristin\APPLIC~1\Aim
2007-07-08 14:46 --------- d-------- C:\Program Files\Pure Networks
2007-07-08 14:41 --------- d-------- C:\DOCUME~1\Kristin\APPLIC~1\AOL
2007-07-08 14:29 --------- d-------- C:\Program Files\MSXML 4.0
2007-05-16 11:12 86528 -----c--- C:\WINDOWS\system32\dllcache\directdb.dll
2007-05-16 11:12 85504 -----c--- C:\WINDOWS\system32\dllcache\wabimp.dll
2007-05-16 11:12 683520 --a------ C:\WINDOWS\system32\inetcomm.dll
2007-05-16 11:12 683520 -----c--- C:\WINDOWS\system32\dllcache\inetcomm.dll
2007-05-16 11:12 510976 -----c--- C:\WINDOWS\system32\dllcache\wab32.dll
2007-05-16 11:12 1314816 -----c--- C:\WINDOWS\system32\dllcache\msoe.dll


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-11-28 01:55]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-11-28 01:52]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-11-28 01:55]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2005-12-16 20:32]
"THotkey"="C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe" [2006-01-05 18:02]
"LtMoh"="C:\Program Files\ltmoh\Ltmoh.exe" [2004-08-18 07:37]
"AGRSMMSG"="AGRSMMSG.exe" [2005-10-15 10:29 C:\WINDOWS\agrsmmsg.exe]
"NDSTray.exe"="NDSTray.exe" []
"Tvs"="C:\Program Files\Toshiba\Tvs\TvsTray.exe" [2005-11-30 16:25]
"TFncKy"="TFncKy.exe" []
"TPSMain"="TPSMain.exe" [2005-06-01 01:00 C:\WINDOWS\system32\TPSMain.exe]
"SmoothView"="C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe" [2005-04-26 20:13]
"Pinger"="c:\toshiba\ivp\ism\pinger.exe" [2005-03-17 21:37]
"DLA"="C:\WINDOWS\System32\DLA\DLACTRLW.EXE" [2005-10-06 09:20]
"IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [2005-12-05 15:37]
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2005-11-28 14:41]
"PWRISOVM.EXE"="C:\Program Files\PowerISO\PWRISOVM.EXE" [2007-04-09 08:23]
"MCUpdateExe"="c:\PROGRA~1\mcafee.com\agent\mcupdate.exe" [2006-01-11 15:05]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 00:47]
"VSOCheckTask"="C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" [2005-07-08 21:18]
"VirusScan Online"="C:\Program Files\McAfee.com\VSO\mcvsshld.exe" [2005-08-10 16:49]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-08-02 22:02]
"Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2007-06-15 19:15]
"OASClnt"="C:\Program Files\McAfee.com\VSO\oasclnt.exe" [2005-08-12 02:02]
"MCAgentExe"="c:\PROGRA~1\mcafee.com\agent\mcagent.exe" [2005-09-22 21:29]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2006-06-14 19:24]
"CFSServ.exe"="CFSServ.exe" []
"Adobe Photo Downloader"="C:\Program Files\Adobe\Adobe Photoshop Lightroom\apdproxy.exe" [2007-02-06 16:30]
"Turtle Beach Audio Advantage Amigo"="C:\Program Files\Turtle Beach\AudioAdvantageAmigo\tbaa.exe" [2005-10-28 12:40]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2004-04-17 11:41]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2004-04-13 05:07]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 08:00]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 12:24]

C:\Documents and Settings\Kristin\Start Menu\Programs\Startup\
Yahoo! Widget Engine.lnk - C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe [2007-07-20 13:57:16]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
RAMASST.lnk - C:\WINDOWS\system32\RAMASST.exe [2006-01-18 23:59:32]


R0 KR10N;KR10N;C:\WINDOWS\system32\drivers\KR10N.sys
S3 ASPI;Advanced SCSI Programming Interface Driver;\??\C:\WINDOWS\System32\DRIVERS\ASPI32.sys
S3 cmudau;Audio Advantage Amigo Interface;C:\WINDOWS\system32\drivers\cmudau.sys
S3 tosrfec;Bluetooth ACPI from TOSHIBA;C:\WINDOWS\system32\DRIVERS\tosrfec.sys


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9b974f6a-2c95-11dc-9181-00038a000015}]
AutoRun\command- E:\setupSNK.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c56bc043-ffe0-11da-9156-00038a000015}]
AutoRun\command- F:\LaunchU3.exe


**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-08-14 18:53:53
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-08-14 18:54:49 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-08-14 18:54

--- E O F ---

#4 averice12

averice12
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:05:07 AM

Posted 14 August 2007 - 10:04 PM

anywho this is the new abc.bat logfile



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:03:18 PM, on 8/14/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\DVDRAMSV.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
C:\Program Files\ltmoh\Ltmoh.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Synaptics\SynTP\Toshiba.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\Toshiba\Tvs\TvsTray.exe
C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\toshiba\ivp\ism\pinger.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\WINDOWS\system32\TPSBattM.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\McAfee.com\VSO\mcvsshld.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
c:\program files\mcafee.com\agent\mcagent.exe
C:\Program Files\McAfee.com\VSO\oasclnt.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Adobe\Adobe Photoshop Lightroom\apdproxy.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Turtle Beach\AudioAdvantageAmigo\tbaa.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\RAMASST.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\abc.bat.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.toshibadirect.com/dpdstart
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toshibadirect.com/dpdstart
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [THotkey] C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [Tvs] C:\Program Files\Toshiba\Tvs\TvsTray.exe
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
O4 - HKLM\..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [CFSServ.exe] CFSServ.exe -NoClient
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Adobe Photoshop Lightroom\apdproxy.exe"
O4 - HKLM\..\Run: [Turtle Beach Audio Advantage Amigo] "C:\Program Files\Turtle Beach\AudioAdvantageAmigo\tbaa.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Startup: Yahoo! Widget Engine.lnk = C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: (no name) - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.toshibadirect.com/dpdstart
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: DVD-RAM_Service - Matsubleepa Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Imapi Helper - Alex Feinman - C:\Program Files\Alex Feinman\ISO Recorder\ImapiHelper.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Swupdtmr - Unknown owner - c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
O23 - Service: TOSHIBA Application Service (TAPPSRV) - TOSHIBA Corp. - C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe

--
End of file - 9706 bytes

#5 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:10:07 AM

Posted 15 August 2007 - 08:29 AM

Download/install AVG Anti-Spyware 7.5.

Please follow these instructions very carefully.

Launch/start up AVG Anti-Spyware.
On the main page click the 'Update' tab,and then 'Start Update'.
Note:
If you have any problems running the update process prior to running the scan,download/install the 'Full Database' from here:
http://download.ewido.net/avgas-signatures-full-current.exe

Once the updates have been installed,do the following:
Select the 'Scanner' icon at the top of the screen, then select the 'Settings' tab.
Once in the 'Settings' screen,under 'How to act?',then under 'Set default action for detected malware to:', click on 'Recommended actions',then click on 'Quarantine'.
Under 'Reports' select 'Automatically generate report after every scan' and unselect 'Only if threats were found'.

Now run AVG Anti-Spyware.
Click the 'Scanner' icon at the top.
To start the scan click on 'Complete System Scan'.
Please be patient,it takes a while for the scan to finish.

1) Once the scan is complete,do the following.
If AVG Anti-Spyware detected any infected objects:,click on 'Apply All Actions'.

2) Next click on 'Save Report'.
Copy and paste that report into your next reply.
The report can be found under the 'Reports' tab at the top.
Close AVG Anti-Spyware when you've done,then restart your pc.

Also post a new Hijackthis log.
Let me know how your pc is running now.

Edited by RichieUK, 15 August 2007 - 08:30 AM.

Posted Image
Posted Image

#6 averice12

averice12
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:05:07 AM

Posted 15 August 2007 - 05:11 PM

AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 6:10:07 PM 8/15/2007

+ Scan result:



C:\Program Files\eMule\Incoming\! ableton live 6 crack.zip/ableton live 6 crack.exe -> Adware.Stud : Ignored.
C:\System Volume Information\_restore{E5F689B9-8C88-425A-878C-812257CD29D2}\RP36\A0015159.exe -> Backdoor.Rbot : Cleaned with backup (quarantined).
C:\WINDOWS\system32\TDispVol.dll -> Not-A-Virus.Monitor.Win32.AKL.25 : Ignored.
:mozilla.291:C:\Documents and Settings\Kristin\Application Data\Mozilla\Firefox\Profiles\vqhynn56.default\cookies.txt -> TrackingCookie.247realmedia : Cleaned.
:mozilla.133:C:\Documents and Settings\Kristin\Application Data\Wyzo\Data\Profiles\6lytmido.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.134:C:\Documents and Settings\Kristin\Application Data\Wyzo\Data\Profiles\6lytmido.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.135:C:\Documents and Settings\Kristin\Application Data\Wyzo\Data\Profiles\6lytmido.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.136:C:\Documents and Settings\Kristin\Application Data\Wyzo\Data\Profiles\6lytmido.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.137:C:\Documents and Settings\Kristin\Application Data\Wyzo\Data\Profiles\6lytmido.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.138:C:\Documents and Settings\Kristin\Application Data\Wyzo\Data\Profiles\6lytmido.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.165:C:\Documents and Settings\Kristin\Application Data\Mozilla\Firefox\Profiles\vqhynn56.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.166:C:\Documents and Settings\Kristin\Application Data\Mozilla\Firefox\Profiles\vqhynn56.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.167:C:\Documents and Settings\Kristin\Application Data\Mozilla\Firefox\Profiles\vqhynn56.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.168:C:\Documents and Settings\Kristin\Application Data\Mozilla\Firefox\Profiles\vqhynn56.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.169:C:\Documents and Settings\Kristin\Application Data\Mozilla\Firefox\Profiles\vqhynn56.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.170:C:\Documents and Settings\Kristin\Application Data\Mozilla\Firefox\Profiles\vqhynn56.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.171:C:\Documents and Settings\Kristin\Application Data\Mozilla\Firefox\Profiles\vqhynn56.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.172:C:\Documents and Settings\Kristin\Application Data\Mozilla\Firefox\Profiles\vqhynn56.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.173:C:\Documents and Settings\Kristin\Application Data\Mozilla\Firefox\Profiles\vqhynn56.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.174:C:\Documents and Settings\Kristin\Application Data\Mozilla\Firefox\Profiles\vqhynn56.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.363:C:\Documents and Settings\Kristin\Application Data\Mozilla\Firefox\Profiles\vqhynn56.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.482:C:\Documents and Settings\Kristin\Application Data\Mozilla\Firefox\Profiles\vqhynn56.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.496:C:\Documents and Settings\Kristin\Application Data\Mozilla\Firefox\Profiles\vqhynn56.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.561:C:\Documents and Settings\Kristin\Application Data\Mozilla\Firefox\Profiles\vqhynn56.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Kristin\Cookies\kristin@2o7[2].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Kristin\Cookies\kristin@buycom.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Kristin\Cookies\kristin@buzznet.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Kristin\Cookies\kristin@cbs.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Kristin\Cookies\kristin@cochranfirm.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Kristin\Cookies\kristin@educationmanagementllc.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Kristin\Cookies\kristin@evite.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Kristin\Cookies\kristin@heavycom.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Kristin\Cookies\kristin@nielsen.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Kristin\Cookies\kristin@pch.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Kristin\Cookies\kristin@aavalue[1].txt -> TrackingCookie.Aavalue : Cleaned.
C:\Documents and Settings\Kristin\Cookies\kristin@arn.aavalue[1].txt -> TrackingCookie.Aavalue : Cleaned.
:mozilla.338:C:\Documents and Settings\Kristin\Application Data\Wyzo\Data\Profiles\6lytmido.default\cookies.txt -> TrackingCookie.Abcsearch : Cleaned.
C:\Documents and Settings\Kristin\Cookies\kristin@www.abcsearch[1].txt -> TrackingCookie.Abcsearch : Cleaned.
:mozilla.144:C:\Documents and Settings\Kristin\Application Data\Wyzo\Data\Profiles\6lytmido.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.145:C:\Documents and Settings\Kristin\Application Data\Wyzo\Data\Profiles\6lytmido.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.191:C:\Documents and Settings\Kristin\Application Data\Mozilla\Firefox\Profiles\vqhynn56.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.192:C:\Documents and Settings\Kristin\Application Data\Mozilla\Firefox\Profiles\vqhynn56.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.193:C:\Documents and Settings\Kristin\Application Data\Mozilla\Firefox\Profiles\vqhynn56.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.310:C:\Documents and Settings\Kristin\Application Data\Mozilla\Firefox\Profiles\vqhynn56.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.606:C:\Documents and Settings\Kristin\Application Data\Mozilla\Firefox\Profiles\vqhynn56.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.607:C:\Documents and Settings\Kristin\Application Data\Mozilla\Firefox\Profiles\vqhynn56.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
C:\Documents and Settings\Kristin\Cookies\kristin@3.adbrite[1].txt -> TrackingCookie.Adbrite : Cleaned.
C:\Documents and Settings\Kristin\Cookies\kristin@4.adbrite[1].txt -> TrackingCookie.Adbrite : Cleaned.
C:\Documents and Settings\Kristin\Cookies\kristin@adbrite[1].txt -> TrackingCookie.Adbrite : Cleaned.
C:\Documents and Settings\Kristin\Cookies\kristin@adbrite[2].txt -> TrackingCookie.Adbrite : Cleaned.
C:\Documents and Settings\Kristin\Cookies\kristin@ads.adbrite[1].txt -> TrackingCookie.Adbrite : Cleaned.
C:\Documents and Settings\Kristin\Cookies\kristin@ads.adbrite[2].txt -> TrackingCookie.Adbrite : Cleaned.
C:\Documents and Settings\Kristin\Cookies\kristin@ads.addynamix[1].txt -> TrackingCookie.Addynamix : Cleaned.
:mozilla.100:C:\Documents and Settings\Kristin\Application Data\Mozilla\Firefox\Profiles\vqhynn56.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.101:C:\Documents and Settings\Kristin\Application Data\Mozilla\Firefox\Profiles\vqhynn56.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.102:C:\Documents and Settings\Kristin\Application Data\Mozilla\Firefox\Profiles\vqhynn56.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.103:C:\Documents and Settings\Kristin\Application Data\Mozilla\Firefox\Profiles\vqhynn56.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.103:C:\Documents and Settings\Kristin\Application Data\Wyzo\Data\Profiles\6lytmido.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.104:C:\Documents and Settings\Kristin\Application Data\Mozilla\Firefox\Profiles\vqhynn56.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.106:C:\Documents and Settings\Kristin\Application Data\Wyzo\Data\Profiles\6lytmido.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.107:C:\Documents and Settings\Kristin\Application Data\Wyzo\Data\Profiles\6lytmido.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.108:C:\Documents and Settings\Kristin\Application Data\Wyzo\Data\Profiles\6lytmido.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.109:C:\Documents and Settings\Kristin\Application Data\Wyzo\Data\Profiles\6lytmido.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.110:C:\Documents and Settings\Kristin\Application Data\Wyzo\Data\Profiles\6lytmido.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.112:C:\Documents and Settings\Kristin\Application Data\Wyzo\Data\Profiles\6lytmido.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.113:C:\Documents and Settings\Kristin\Application Data\Wyzo\Data\Profiles\6lytmido.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.385:C:\Documents and Settings\Kristin\Application Data\Wyzo\Data\Profiles\6lytmido.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.99:C:\Documents and Settings\Kristin\Application Data\Mozilla\Firefox\Profiles\vqhynn56.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.40:C:\Documents and Settings\Kristin\Application Data\Wyzo\Data\Profiles\6lytmido.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.42:C:\Documents and Settings\Kristin\Application Data\Wyzo\Data\Profiles\6lytmido.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.47:C:\Documents and Settings\Kristin\Application Data\Wyzo\Data\Profiles\6lytmido.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.48:C:\Documents and Settings\Kristin\Application Data\Wyzo\Data\Profiles\6lytmido.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.49:C:\Documents and Settings\Kristin\Application Data\Wyzo\Data\Profiles\6lytmido.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.70:C:\Documents and Settings\Kristin\Application Data\Mozilla\Firefox\Profiles\vqhynn56.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.71:C:\Documents and Settings\Kristin\Application Data\Mozilla\Firefox\Profiles\vqhynn56.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.72:C:\Documents and Settings\Kristin\Application Data\Mozilla\Firefox\Profiles\vqhynn56.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.73:C:\Documents and Settings\Kristin\Application Data\Mozilla\Firefox\Profiles\vqhynn56.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.74:C:\Documents and Settings\Kristin\Application Data\Mozilla\Firefox\Profiles\vqhynn56.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
C:\Documents and Settings\Kristin\Cookies\kristin@advertising[1].txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.100:C:\Documents and Settings\Kristin\Application Data\Wyzo\Data\Profiles\6lytmido.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
:mozilla.61:C:\Documents and Settings\Kristin\Application Data\Mozilla\Firefox\Profiles\vqhynn56.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
C:\Documents and Settings\Kristin\Cookies\kristin@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned.
:mozilla.763:C:\Documents and Settings\Kristin\Application Data\Mozilla\Firefox\Profiles\vqhynn56.default\cookies.txt -> TrackingCookie.Burstbeacon : Cleaned.
:mozilla.339:C:\Documents and Settings\Kristin\Application Data\Wyzo\Data\Profiles\6lytmido.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.340:C:\Documents and Settings\Kristin\Application Data\Mozilla\Firefox\Profiles\vqhynn56.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.340:C:\Documents and Settings\Kristin\Application Data\Wyzo\Data\Profiles\6lytmido.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.341:C:\Documents and Settings\Kristin\Application Data\Mozilla\Firefox\Profiles\vqhynn56.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
C:\Documents and Settings\Kristin\Cookies\kristin@burstnet[1].txt -> TrackingCookie.Burstnet : Cleaned.
C:\Documents and Settings\Kristin\Cookies\kristin@www.burstnet[1].txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.182:C:\Documents and Settings\Kristin\Application Data\Mozilla\Firefox\Profiles\vqhynn56.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.183:C:\Documents and Settings\Kristin\Application Data\Mozilla\Firefox\Profiles\vqhynn56.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.184:C:\Documents and Settings\Kristin\Application Data\Mozilla\Firefox\Profiles\vqhynn56.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.185:C:\Documents and Settings\Kristin\Application Data\Mozilla\Firefox\Profiles\vqhynn56.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.186:C:\Documents and Settings\Kristin\Application Data\Mozilla\Firefox\Profiles\vqhynn56.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.187:C:\Documents and Settings\Kristin\Application Data\Mozilla\Firefox\Profiles\vqhynn56.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.188:C:\Documents and Settings\Kristin\Application Data\Mozilla\Firefox\Profiles\vqhynn56.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.189:C:\Documents and Settings\Kristin\Application Data\Mozilla\Firefox\Profiles\vqhynn56.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.190:C:\Documents and Settings\Kristin\Application Data\Mozilla\Firefox\Profiles\vqhynn56.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.256:C:\Documents and Settings\Kristin\Application Data\Wyzo\Data\Profiles\6lytmido.default\cookies.txt -> TrackingCookie.Clickhype : Cleaned.
:mozilla.156:C:\Documents and Settings\Kristin\Application Data\Wyzo\Data\Profiles\6lytmido.default\cookies.txt -> TrackingCookie.Com : Cleaned.
:mozilla.346:C:\Documents and Settings\Kristin\Application Data\Mozilla\Firefox\Profiles\vqhynn56.default\cookies.txt -> TrackingCookie.Com : Cleaned.
C:\Documents and Settings\Kristin\Cookies\kristin@connextra[1].txt -> TrackingCookie.Connextra : Cleaned.
:mozilla.247:C:\Documents and Settings\Kristin\Application Data\Wyzo\Data\Profiles\6lytmido.default\cookies.txt -> TrackingCookie.Cpvfeed : Cleaned.
:mozilla.248:C:\Documents and Settings\Kristin\Application Data\Wyzo\Data\Profiles\6lytmido.default\cookies.txt -> TrackingCookie.Cpvfeed : Cleaned.
:mozilla.249:C:\Documents and Settings\Kristin\Application Data\Wyzo\Data\Profiles\6lytmido.default\cookies.txt -> TrackingCookie.Cpvfeed : Cleaned.
:mozilla.250:C:\Documents and Settings\Kristin\Application Data\Wyzo\Data\Profiles\6lytmido.default\cookies.txt -> TrackingCookie.Cpvfeed : Cleaned.
C:\Documents and Settings\Kristin\Cookies\kristin@cpvfeed[2].txt -> TrackingCookie.Cpvfeed : Cleaned.
C:\Documents and Settings\Kristin\Cookies\kristin@cpvfeed[3].txt -> TrackingCookie.Cpvfeed : Cleaned.
C:\Documents and Settings\Kristin\Cookies\kristin@cpvfeed[4].txt -> TrackingCookie.Cpvfeed : Cleaned.
C:\Documents and Settings\Kristin\Cookies\kristin@stat.dealtime[1].txt -> TrackingCookie.Dealtime : Cleaned.
:mozilla.46:C:\Documents and Settings\Kristin\Application Data\Wyzo\Data\Profiles\6lytmido.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.51:C:\Documents and Settings\Kristin\Application Data\Mozilla\Firefox\Profiles\vqhynn56.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.315:C:\Documents and Settings\Kristin\Application Data\Mozilla\Firefox\Profiles\vqhynn56.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
C:\Documents and Settings\Kristin\Cookies\kristin@adopt.euroclick[2].txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.51:C:\Documents and Settings\Kristin\Application Data\Wyzo\Data\Profiles\6lytmido.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.52:C:\Documents and Settings\Kristin\Application Data\Wyzo\Data\Profiles\6lytmido.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.53:C:\Documents and Settings\Kristin\Application Data\Wyzo\Data\Profiles\6lytmido.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.86:C:\Documents and Settings\Kristin\Application Data\Mozilla\Firefox\Profiles\vqhynn56.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.87:C:\Documents and Settings\Kristin\Application Data\Mozilla\Firefox\Profiles\vqhynn56.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.88:C:\Documents and Settings\Kristin\Application Data\Mozilla\Firefox\Profiles\vqhynn56.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.89:C:\Documents and Settings\Kristin\Application Data\Mozilla\Firefox\Profiles\vqhynn56.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.90:C:\Documents and Settings\Kristin\Application Data\Mozilla\Firefox\Profiles\vqhynn56.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.91:C:\Documents and Settings\Kristin\Application Data\Mozilla\Firefox\Profiles\vqhynn56.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.92:C:\Documents and Settings\Kristin\Application Data\Mozilla\Firefox\Profiles\vqhynn56.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.93:C:\Documents and Settings\Kristin\Application Data\Mozilla\Firefox\Profiles\vqhynn56.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
C:\Documents and Settings\Kristin\Cookies\kristin@findwhat[1].txt -> TrackingCookie.Findwhat : Cleaned.
:mozilla.780:C:\Documents and Settings\Kristin\Application Data\Mozilla\Firefox\Profiles\vqhynn56.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.464:C:\Documents and Settings\Kristin\Application Data\Mozilla\Firefox\Profiles\vqhynn56.default\cookies.txt -> TrackingCookie.Hotlog : Cleaned.
:mozilla.123:C:\Documents and Settings\Kristin\Application Data\Wyzo\Data\Profiles\6lytmido.default\cookies.txt -> TrackingCookie.Imrworldwide : Cleaned.
:mozilla.124:C:\Documents and Settings\Kristin\Application Data\Wyzo\Data\Profiles\6lytmido.default\cookies.txt -> TrackingCookie.Imrworldwide : Cleaned.
:mozilla.476:C:\Documents and Settings\Kristin\Application Data\Mozilla\Firefox\Profiles\vqhynn56.default\cookies.txt -> TrackingCookie.Imrworldwide : Cleaned.
:mozilla.477:C:\Documents and Settings\Kristin\Application Data\Mozilla\Firefox\Profiles\vqhynn56.default\cookies.txt -> TrackingCookie.Imrworldwide : Cleaned.
C:\Documents and Settings\Kristin\Cookies\kristin@intelli-direct[1].txt -> TrackingCookie.Intelli-direct : Cleaned.
:mozilla.732:C:\Documents and Settings\Kristin\Application Data\Mozilla\Firefox\Profiles\vqhynn56.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.733:C:\Documents and Settings\Kristin\Application Data\Mozilla\Firefox\Profiles\vqhynn56.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.735:C:\Documents and Settings\Kristin\Application Data\Mozilla\Firefox\Profiles\vqhynn56.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.736:C:\Documents and Settings\Kristin\Application Data\Mozilla\Firefox\Profiles\vqhynn56.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
C:\Documents and Settings\Kristin\Cookies\kristin@sales.liveperson[1].txt -> TrackingCookie.Liveperson : Cleaned.
C:\Documents and Settings\Kristin\Cookies\kristin@server.iad.liveperson[2].txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.153:C:\Documents and Settings\Kristin\Application Data\Mozilla\Firefox\Profiles\vqhynn56.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.154:C:\Documents and Settings\Kristin\Application Data\Mozilla\Firefox\Profiles\vqhynn56.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.164:C:\Documents and Settings\Kristin\Application Data\Wyzo\Data\Profiles\6lytmido.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.729:C:\Documents and Settings\Kristin\Application Data\Mozilla\Firefox\Profiles\vqhynn56.default\cookies.txt -> TrackingCookie.Msn : Cleaned.
:mozilla.730:C:\Documents and Settings\Kristin\Application Data\Mozilla\Firefox\Profiles\vqhynn56.default\cookies.txt -> TrackingCookie.Msn : Cleaned.
:mozilla.731:C:\Documents and Settings\Kristin\Application Data\Mozilla\Firefox\Profiles\vqhynn56.default\cookies.txt -> TrackingCookie.Msn : Cleaned.
C:\Documents and Settings\Kristin\Cookies\kristin@auto.search.msn[2].txt -> TrackingCookie.Msn : Cleaned.
:mozilla.605:C:\Documents and Settings\Kristin\Application Data\Mozilla\Firefox\Profiles\vqhynn56.default\cookies.txt -> TrackingCookie.Netflame : Cleaned.
C:\Documents and Settings\Kristin\Cookies\kristin@ssl-hints.netflame[1].txt -> TrackingCookie.Netflame : Cleaned.
:mozilla.203:C:\Documents and Settings\Kristin\Application Data\Wyzo\Data\Profiles\6lytmido.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.552:C:\Documents and Settings\Kristin\Application Data\Mozilla\Firefox\Profiles\vqhynn56.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.553:C:\Documents and Settings\Kristin\Application Data\Mozilla\Firefox\Profiles\vqhynn56.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
C:\Documents and Settings\Kristin\Cookies\kristin@data3.perf.overture[2].txt -> TrackingCookie.Overture : Cleaned.
C:\Documents and Settings\Kristin\Cookies\kristin@overture[2].txt -> TrackingCookie.Overture : Cleaned.
:mozilla.349:C:\Documents and Settings\Kristin\Application Data\Wyzo\Data\Profiles\6lytmido.default\cookies.txt -> TrackingCookie.Paypal : Cleaned.
:mozilla.75:C:\Documents and Settings\Kristin\Application Data\Mozilla\Firefox\Profiles\vqhynn56.default\cookies.txt -> TrackingCookie.Paypal : Cleaned.
:mozilla.224:C:\Documents and Settings\Kristin\Application Data\Mozilla\Firefox\Profiles\vqhynn56.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.225:C:\Documents and Settings\Kristin\Application Data\Mozilla\Firefox\Profiles\vqhynn56.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.226:C:\Documents and Settings\Kristin\Application Data\Mozilla\Firefox\Profiles\vqhynn56.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.227:C:\Documents and Settings\Kristin\Application Data\Mozilla\Firefox\Profiles\vqhynn56.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.228:C:\Documents and Settings\Kristin\Application Data\Mozilla\Firefox\Profiles\vqhynn56.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.229:C:\Documents and Settings\Kristin\Application Data\Mozilla\Firefox\Profiles\vqhynn56.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.230:C:\Documents and Settings\Kristin\Application Data\Mozilla\Firefox\Profiles\vqhynn56.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.231:C:\Documents and Settings\Kristin\Application Data\Mozilla\Firefox\Profiles\vqhynn56.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.232:C:\Documents and Settings\Kristin\Application Data\Mozilla\Firefox\Profiles\vqhynn56.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.372:C:\Documents and Settings\Kristin\Application Data\Wyzo\Data\Profiles\6lytmido.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.373:C:\Documents and Settings\Kristin\Application Data\Wyzo\Data\Profiles\6lytmido.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.374:C:\Documents and Settings\Kristin\Application Data\Wyzo\Data\Profiles\6lytmido.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.375:C:\Documents and Settings\Kristin\Application Data\Wyzo\Data\Profiles\6lytmido.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.376:C:\Documents and Settings\Kristin\Application Data\Wyzo\Data\Profiles\6lytmido.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.377:C:\Documents and Settings\Kristin\Application Data\Wyzo\Data\Profiles\6lytmido.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.378:C:\Documents and Settings\Kristin\Application Data\Wyzo\Data\Profiles\6lytmido.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
C:\Documents and Settings\Kristin\Cookies\kristin@ads.pointroll[2].txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.229:C:\Documents and Settings\Kristin\Application Data\Wyzo\Data\Profiles\6lytmido.default\cookies.txt -> TrackingCookie.Pro-market : Cleaned.
:mozilla.230:C:\Documents and Settings\Kristin\Application Data\Wyzo\Data\Profiles\6lytmido.default\cookies.txt -> TrackingCookie.Pro-market : Cleaned.
:mozilla.232:C:\Documents and Settings\Kristin\Application Data\Wyzo\Data\Profiles\6lytmido.default\cookies.txt -> TrackingCookie.Pro-market : Cleaned.
C:\Documents and Settings\Kristin\Cookies\kristin@pro-market[1].txt -> TrackingCookie.Pro-market : Cleaned.
:mozilla.316:C:\Documents and Settings\Kristin\Application Data\Wyzo\Data\Profiles\6lytmido.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.317:C:\Documents and Settings\Kristin\Application Data\Wyzo\Data\Profiles\6lytmido.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.562:C:\Documents and Settings\Kristin\Application Data\Mozilla\Firefox\Profiles\vqhynn56.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.563:C:\Documents and Settings\Kristin\Application Data\Mozilla\Firefox\Profiles\vqhynn56.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.564:C:\Documents and Settings\Kristin\Application Data\Mozilla\Firefox\Profiles\vqhynn56.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
C:\Documents and Settings\Kristin\Cookies\kristin@questionmarket[1].txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.184:C:\Documents and Settings\Kristin\Application Data\Wyzo\Data\Profiles\6lytmido.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.185:C:\Documents and Settings\Kristin\Application Data\Wyzo\Data\Profiles\6lytmido.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.34:C:\Documents and Settings\Kristin\Application Data\Mozilla\Firefox\Profiles\vqhynn56.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.35:C:\Documents and Settings\Kristin\Application Data\Mozilla\Firefox\Profiles\vqhynn56.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.36:C:\Documents and Settings\Kristin\Application Data\Mozilla\Firefox\Profiles\vqhynn56.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.37:C:\Documents and Settings\Kristin\Application Data\Mozilla\Firefox\Profiles\vqhynn56.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.38:C:\Documents and Settings\Kristin\Application Data\Mozilla\Firefox\Profiles\vqhynn56.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
C:\Documents and Settings\Kristin\Cookies\kristin@realmedia[2].txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.133:C:\Documents and Settings\Kristin\Application Data\Mozilla\Firefox\Profiles\vqhynn56.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.134:C:\Documents and Settings\Kristin\Application Data\Mozilla\Firefox\Profiles\vqhynn56.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.135:C:\Documents and Settings\Kristin\Application Data\Mozilla\Firefox\Profiles\vqhynn56.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.136:C:\Documents and Settings\Kristin\Application Data\Mozilla\Firefox\Profiles\vqhynn56.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.137:C:\Documents and Settings\Kristin\Application Data\Mozilla\Firefox\Profiles\vqhynn56.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.138:C:\Documents and Settings\Kristin\Application Data\Mozilla\Firefox\Profiles\vqhynn56.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.54:C:\Documents and Settings\Kristin\Application Data\Wyzo\Data\Profiles\6lytmido.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.55:C:\Documents and Settings\Kristin\Application Data\Wyzo\Data\Profiles\6lytmido.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.56:C:\Documents and Settings\Kristin\Application Data\Wyzo\Data\Profiles\6lytmido.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.57:C:\Documents and Settings\Kristin\Application Data\Wyzo\Data\Profiles\6lytmido.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.58:C:\Documents and Settings\Kristin\Application Data\Wyzo\Data\Profiles\6lytmido.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
C:\Documents and Settings\Kristin\Cookies\kristin@revsci[1].txt -> TrackingCookie.Revsci : Cleaned.
C:\Documents and Settings\Kristin\Cookies\kristin@revsci[2].txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.207:C:\Documents and Settings\Kristin\Application Data\Wyzo\Data\Profiles\6lytmido.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.208:C:\Documents and Settings\Kristin\Application Data\Wyzo\Data\Profiles\6lytmido.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.391:C:\Documents and Settings\Kristin\Application Data\Mozilla\Firefox\Profiles\vqhynn56.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.392:C:\Documents and Settings\Kristin\Application Data\Mozilla\Firefox\Profiles\vqhynn56.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.393:C:\Documents and Settings\Kristin\Application Data\Mozilla\Firefox\Profiles\vqhynn56.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.394:C:\Documents and Settings\Kristin\Application Data\Mozilla\Firefox\Profiles\vqhynn56.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.395:C:\Documents and Settings\Kristin\Application Data\Mozilla\Firefox\Profiles\vqhynn56.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.396:C:\Documents and Settings\Kristin\Application Data\Mozilla\Firefox\Profiles\vqhynn56.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.397:C:\Documents and Settings\Kristin\Application Data\Mozilla\Firefox\Profiles\vqhynn56.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.398:C:\Documents and Settings\Kristin\Application Data\Mozilla\Firefox\Profiles\vqhynn56.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.399:C:\Documents and Settings\Kristin\Application Data\Mozilla\Firefox\Profiles\vqhynn56.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.400:C:\Documents and Settings\Kristin\Application Data\Mozilla\Firefox\Profiles\vqhynn56.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
C:\Documents and Settings\Kristin\Cookies\kristin@edge.ru4[1].txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.157:C:\Documents and Settings\Kristin\Application Data\Wyzo\Data\Profiles\6lytmido.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.165:C:\Documents and Settings\Kristin\Application Data\Wyzo\Data\Profiles\6lytmido.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.166:C:\Documents and Settings\Kristin\Application Data\Wyzo\Data\Profiles\6lytmido.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.167:C:\Documents and Settings\Kristin\Application Data\Wyzo\Data\Profiles\6lytmido.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.168:C:\Documents and Settings\Kristin\Application Data\Wyzo\Data\Profiles\6lytmido.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.169:C:\Documents and Settings\Kristin\Application Data\Wyzo\Data\Profiles\6lytmido.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.337:C:\Documents and Settings\Kristin\Application Data\Mozilla\Firefox\Profiles\vqhynn56.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.590:C:\Documents and Settings\Kristin\Application Data\Mozilla\Firefox\Profiles\vqhynn56.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.591:C:\Documents and Settings\Kristin\Application Data\Mozilla\Firefox\Profiles\vqhynn56.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.592:C:\Documents and Settings\Kristin\Application Data\Mozilla\Firefox\Profiles\vqhynn56.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.593:C:\Documents and Settings\Kristin\Application Data\Mozilla\Firefox\Profiles\vqhynn56.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.594:C:\Documents and Settings\Kristin\Application Data\Mozilla\Firefox\Profiles\vqhynn56.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
C:\Documents and Settings\Kristin\Cookies\kristin@bs.serving-sys[1].txt -> TrackingCookie.Serving-sys : Cleaned.
C:\Documents and Settings\Kristin\Cookies\kristin@serving-sys[2].txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.209:C:\Documents and Settings\Kristin\Application Data\Mozilla\Firefox\Profiles\vqhynn56.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.210:C:\Documents and Settings\Kristin\Application Data\Mozilla\Firefox\Profiles\vqhynn56.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.211:C:\Documents and Settings\Kristin\Application Data\Mozilla\Firefox\Profiles\vqhynn56.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.212:C:\Documents and Settings\Kristin\Application Data\Mozilla\Firefox\Profiles\vqhynn56.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.213:C:\Documents and Settings\Kristin\Application Data\Mozilla\Firefox\Profiles\vqhynn56.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.214:C:\Documents and Settings\Kristin\Application Data\Mozilla\Firefox\Profiles\vqhynn56.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.215:C:\Documents and Settings\Kristin\Application Data\Mozilla\Firefox\Profiles\vqhynn56.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.216:C:\Documents and Settings\Kristin\Application Data\Mozilla\Firefox\Profiles\vqhynn56.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.217:C:\Documents and Settings\Kristin\Application Data\Mozilla\Firefox\Profiles\vqhynn56.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.218:C:\Documents and Settings\Kristin\Application Data\Mozilla\Firefox\Profiles\vqhynn56.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.219:C:\Documents and Settings\Kristin\Application Data\Mozilla\Firefox\Profiles\vqhynn56.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.220:C:\Documents and Settings\Kristin\Application Data\Mozilla\Firefox\Profiles\vqhynn56.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.297:C:\Documents and Settings\Kristin\Application Data\Wyzo\Data\Profiles\6lytmido.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.298:C:\Documents and Settings\Kristin\Application Data\Wyzo\Data\Profiles\6lytmido.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.299:C:\Documents and Settings\Kristin\Application Data\Wyzo\Data\Profiles\6lytmido.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.300:C:\Documents and Settings\Kristin\Application Data\Wyzo\Data\Profiles\6lytmido.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
C:\Documents and Settings\Kristin\Cookies\kristin@adopt.specificclick[1].txt -> TrackingCookie.Specificclick : Cleaned.
C:\Documents and Settings\Kristin\Cookies\kristin@specificclick[2].txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.126:C:\Documents and Settings\Kristin\Application Data\Wyzo\Data\Profiles\6lytmido.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.127:C:\Documents and Settings\Kristin\Application Data\Wyzo\Data\Profiles\6lytmido.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.128:C:\Documents and Settings\Kristin\Application Data\Wyzo\Data\Profiles\6lytmido.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.129:C:\Documents and Settings\Kristin\Application Data\Wyzo\Data\Profiles\6lytmido.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.130:C:\Documents and Settings\Kristin\Application Data\Wyzo\Data\Profiles\6lytmido.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.615:C:\Documents and Settings\Kristin\Application Data\Mozilla\Firefox\Profiles\vqhynn56.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.616:C:\Documents and Settings\Kristin\Application Data\Mozilla\Firefox\Profiles\vqhynn56.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.617:C:\Documents and Settings\Kristin\Application Data\Mozilla\Firefox\Profiles\vqhynn56.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.691:C:\Documents and Settings\Kristin\Application Data\Mozilla\Firefox\Profiles\vqhynn56.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
C:\Documents and Settings\Kristin\Cookies\kristin@anad.tacoda[2].txt -> TrackingCookie.Tacoda : Cleaned.
C:\Documents and Settings\Kristin\Cookies\kristin@anat.tacoda[2].txt -> TrackingCookie.Tacoda : Cleaned.
C:\Documents and Settings\Kristin\Cookies\kristin@tacoda[1].txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.379:C:\Documents and Settings\Kristin\Application Data\Wyzo\Data\Profiles\6lytmido.default\cookies.txt -> TrackingCookie.Toplist : Cleaned.
C:\Documents and Settings\Kristin\Cookies\kristin@login.tracking101[1].txt -> TrackingCookie.Tracking101 : Cleaned.
:mozilla.52:C:\Documents and Settings\Kristin\Application Data\Mozilla\Firefox\Profiles\vqhynn56.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.53:C:\Documents and Settings\Kristin\Application Data\Mozilla\Firefox\Profiles\vqhynn56.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.54:C:\Documents and Settings\Kristin\Application Data\Mozilla\Firefox\Profiles\vqhynn56.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.55:C:\Documents and Settings\Kristin\Application Data\Mozilla\Firefox\Profiles\vqhynn56.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.56:C:\Documents and Settings\Kristin\Application Data\Mozilla\Firefox\Profiles\vqhynn56.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.57:C:\Documents and Settings\Kristin\Application Data\Mozilla\Firefox\Profiles\vqhynn56.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.58:C:\Documents and Settings\Kristin\Application Data\Mozilla\Firefox\Profiles\vqhynn56.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.66:C:\Documents and Settings\Kristin\Application Data\Wyzo\Data\Profiles\6lytmido.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.67:C:\Documents and Settings\Kristin\Application Data\Wyzo\Data\Profiles\6lytmido.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.68:C:\Documents and Settings\Kristin\Application Data\Wyzo\Data\Profiles\6lytmido.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.69:C:\Documents and Settings\Kristin\Application Data\Wyzo\Data\Profiles\6lytmido.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.70:C:\Documents and Settings\Kristin\Application Data\Wyzo\Data\Profiles\6lytmido.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.71:C:\Documents and Settings\Kristin\Application Data\Wyzo\Data\Profiles\6lytmido.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.72:C:\Documents and Settings\Kristin\Application Data\Wyzo\Data\Profiles\6lytmido.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.80:C:\Documents and Settings\Kristin\Application Data\Wyzo\Data\Profiles\6lytmido.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
C:\Documents and Settings\Kristin\Cookies\kristin@trafficmp[2].txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.179:C:\Documents and Settings\Kristin\Application Data\Wyzo\Data\Profiles\6lytmido.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.42:C:\Documents and Settings\Kristin\Application Data\Mozilla\Firefox\Profiles\vqhynn56.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
C:\Documents and Settings\Kristin\Cookies\kristin@tribalfusion[2].txt -> TrackingCookie.Tribalfusion : Cleaned.
C:\Documents and Settings\Kristin\Cookies\kristin@reduxads.valuead[1].txt -> TrackingCookie.Valuead : Cleaned.
:mozilla.719:C:\Documents and Settings\Kristin\Application Data\Mozilla\Firefox\Profiles\vqhynn56.default\cookies.txt -> TrackingCookie.Webtrends : Cleaned.
:mozilla.118:C:\Documents and Settings\Kristin\Application Data\Wyzo\Data\Profiles\6lytmido.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned.
C:\Documents and Settings\Kristin\Cookies\kristin@statse.webtrendslive[1].txt -> TrackingCookie.Webtrendslive : Cleaned.
C:\Documents and Settings\Kristin\Cookies\kristin@statse.webtrendslive[2].txt -> TrackingCookie.Webtrendslive : Cleaned.
C:\Documents and Settings\Kristin\Cookies\kristin@statse.webtrendslive[3].txt -> TrackingCookie.Webtrendslive : Cleaned.
C:\Documents and Settings\Kristin\Cookies\kristin@statse.webtrendslive[4].txt -> TrackingCookie.Webtrendslive : Cleaned.
:mozilla.36:C:\Documents and Settings\Kristin\Application Data\Wyzo\Data\Profiles\6lytmido.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.37:C:\Documents and Settings\Kristin\Application Data\Wyzo\Data\Profiles\6lytmido.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.38:C:\Documents and Settings\Kristin\Application Data\Wyzo\Data\Profiles\6lytmido.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.39:C:\Documents and Settings\Kristin\Application Data\Wyzo\Data\Profiles\6lytmido.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.45:C:\Documents and Settings\Kristin\Application Data\Mozilla\Firefox\Profiles\vqhynn56.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.46:C:\Documents and Settings\Kristin\Application Data\Mozilla\Firefox\Profiles\vqhynn56.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.47:C:\Documents and Settings\Kristin\Application Data\Mozilla\Firefox\Profiles\vqhynn56.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.48:C:\Documents and Settings\Kristin\Application Data\Mozilla\Firefox\Profiles\vqhynn56.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.49:C:\Documents and Settings\Kristin\Application Data\Mozilla\Firefox\Profiles\vqhynn56.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.50:C:\Documents and Settings\Kristin\Application Data\Mozilla\Firefox\Profiles\vqhynn56.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.175:C:\Documents and Settings\Kristin\Application Data\Mozilla\Firefox\Profiles\vqhynn56.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.177:C:\Documents and Settings\Kristin\Application Data\Mozilla\Firefox\Profiles\vqhynn56.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.178:C:\Documents and Settings\Kristin\Application Data\Mozilla\Firefox\Profiles\vqhynn56.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.179:C:\Documents and Settings\Kristin\Application Data\Mozilla\Firefox\Profiles\vqhynn56.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.180:C:\Documents and Settings\Kristin\Application Data\Mozilla\Firefox\Profiles\vqhynn56.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.181:C:\Documents and Settings\Kristin\Application Data\Mozilla\Firefox\Profiles\vqhynn56.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.264:C:\Documents and Settings\Kristin\Application Data\Wyzo\Data\Profiles\6lytmido.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.265:C:\Documents and Settings\Kristin\Application Data\Wyzo\Data\Profiles\6lytmido.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.266:C:\Documents and Settings\Kristin\Application Data\Wyzo\Data\Profiles\6lytmido.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
C:\Documents and Settings\Kristin\Complete\2007 dvdrip.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\Kristin\Complete\die hard 4.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\Kristin\Complete\die hard.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\Kristin\Complete\dvd rip.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\Kristin\Complete\dvdrip 2007.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\Kristin\Complete\dvdrip french.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\Kristin\Complete\family guy.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\Kristin\Complete\fantastic four.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\Kristin\Complete\french dvdrip.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\Kristin\Complete\games pc.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\Kristin\Complete\harry potter.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\Kristin\Complete\knocked up.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\Kristin\Complete\music 2007.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\Kristin\Complete\oceans 13.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\Kristin\Complete\pc games.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\Kristin\Complete\prison break.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\Kristin\Complete\shrek 3.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\Kristin\Complete\shrek the third.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\Kristin\Complete\spiderman 3.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\Kristin\Complete\windows xp.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\Kristin\Complete\xbox 360.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\Kristin\Shared\Ableton Live 6.0.7 FUL2L.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).


::Report end

#7 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:10:07 AM

Posted 16 August 2007 - 07:28 AM

Also post a new Hijackthis log.
Let me know how your pc is running now.

Could you do the above as requested please.
Posted Image
Posted Image

#8 averice12

averice12
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:05:07 AM

Posted 17 August 2007 - 02:00 AM

sorry right busy lately
the computer is running much much more smoothly
thank you
very much

#9 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:10:07 AM

Posted 17 August 2007 - 04:17 AM

AVG Anti-Spyware removed C:\System Volume Information\_restore{E5F689B9-8C88-425A-878C-812257CD29D2}\RP36\A0015159.exe -> Backdoor.Rbot
A Backdoor is a software program that gives an attacker unauthorized access to a machine and the means for remotely controlling the machine without the user's knowledge. A Backdoor compromises system integrity by making changes to the system that allow it to by used by the attacker for malicious purposes unknown to the user.

They are typically installed without user interaction through security exploits, and may allow an attacker to remotely control the infected machine. Such risks may allow the attacker to install additional malware and use the compromised machine to participate in denial of service attacks, spamming, and bot nets, or to transmit sensitive data to a remote server. The malware may be cloaked and not visible to the user. These risks severely compromise the system by lowering security settings, installing 'backdoors,' infecting system files, or spreading to other networked machines.

If your computer was used for online banking or has credit card information on it, all passwords should be changed immediately to include those used for email, eBay and forums.
You should consider them to be compromised.
They should be changed by using a different computer and not the infected one,if not an attacker may get the new passwords and transaction information. Banking and credit card institutions should be notified of the possible security breech.

Since your computer was compromised read:
How to report ID theft, fraud, drive-by installs, hijacking and malware:
http://www.dslreports.com/faq/10451

--------------------------------------------------------

You chose to ignore:
C:\Program Files\eMule\Incoming\! ableton live 6 crack.zip/ableton live 6 crack.exe -> Adware.Stud : Ignored.

Please delete:
C:\Program Files\eMule\Incoming\! ableton live 6 crack.zip

--------------------------------------------------------

Restart your pc,post a fresh Hijackthis log in your next reply.
Posted Image
Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users