Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Awola, Kukkakreck, Etc. And Other Villains


  • This topic is locked This topic is locked
15 replies to this topic

#1 Thom T

Thom T

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:02:17 AM

Posted 13 December 2007 - 03:30 PM

Had a recent problem with malware. The main culprits seemed to be Awola, Security Toolbar, Kukkakreck taking over my home page with numerous pop-ups and slow performance. Followed your nine step program and am greatly appreciative for the concise advice. Most of my problems seemed to be solved but I will post the log and hope for the best. Thank you in advance.


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:24:34 PM, on 12/14/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Network Associates\McAfee Desktop Firewall for Windows XP\FireSvc.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\Program Files\Sygate\SEA\smc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Sygate\SEA\smcgui.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mmtask.exe
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Kuma Games\hcsystray\hc_tray.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\AOL\Loader\aolload.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = actsvr.comcastonline.com:8100
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = cdn
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [SoundMAXPnP] "C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe"
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [mmtask] "C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mmtask.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: hc_tray.lnk = C:\Program Files\Kuma Games\hcsystray\hc_tray.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.musicmatch.com
O15 - Trusted Zone: *.musicmatch.com (HKLM)
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {1EF9F042-C2EB-4293-8213-474CAEEF531D} (TmHcmsX Control) - http://www.trendsecure.com/service_compone...vex/TmHcmsX.CAB
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: McAfee Desktop Firewall Service (FireSvc) - Networks Associates Technology, Inc. - C:\Program Files\Network Associates\McAfee Desktop Firewall for Windows XP\FireSvc.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Sygate Enforcement Agent 5.0 (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SEA\smc.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe

--
End of file - 8221 bytes

BC AdBot (Login to Remove)

 


m

#2 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:07:17 AM

Posted 14 December 2007 - 10:06 AM

Welcome to the BleepingComputer HijackThis Logs and Analysis forum Thom T
My name is Richie and i'll be helping you to fix your problems.

Please disable Spybot S&Ds protection,or it will interfere.
You can enable it after you're clean.

Open Spybot and click on 'Mode' and check 'Advanced Mode'.
Click on 'Tools' in bottom left hand corner.
Click on the 'System Startup' icon.
Uncheck 'Teatimer' box and/or uncheck 'Resident'.
Click the 'Allow Change' box.
Then, check next to the computer clock to see if the icon for Spybot is still there.
If it is, right click it and choose 'exit Spybot-S&D Resident'.
Restart the computer.
If you find you're experiencing problems disabling Spybot's Tea-Timer,follow the info in the link below:
http://www.russelltexas.com/malware/teatimer.htm


Viewpoint Manager is considered as foistware instead of malware since it is installed without users approval but doesn't spy or do anything "bad".
This will change from what we know in 2006 read this article:
http://www.clickz.com/news/article.php/3561546

You are well advised to remove the program now.
Go to Start > Settings > Control Panel > Add/Remove Programs and remove the following programs if present,then restart your pc:
Viewpoint
Viewpoint Manager
Viewpoint Media Player



Your version of Sun Java is out of date.
Older versions have vulnerabilities that malware can use to infect your system.
Please follow these steps to remove older versions of Sun Java,and then update.
1. Download the latest version of Java Runtime Environment (JRE)
2. Scroll down to where it says 'Java Runtime Environment (JRE) 6 update 3'.
3. Click the "Download" button to the right.
4. Check the box that says: "Accept License Agreement".
5. The page will refresh.
6. Click on the link to download 'Windows Offline Installation, Multi-language' and save to your desktop.
7. Close any programs you may have running - especially your web browser.
8. Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
9. Check any item with Java Runtime Environment (JRE or J2SE) in the name.
10. Click the Change/Remove button.
11. Repeat as many times as necessary to remove each Java version.
12. Reboot your computer once all Java components are removed.
13. Then from your desktop double-click on jre-6u3-windows-i586-p.exe to install the newest version.


If you have previously downloaded ComboFix,please delete that version now.
Warning
You should NOT use Combofix unless you have been instructed to do so by a Malware Removal Expert.
It is intended by its creator to be used under the guidance and supervision of an expert,not for private use.
Using this tool incorrectly could render your system/pc inoperable.

Now download Combofix and save to your desktop:
Note
It is important that it is saved directly to your desktop

Close any open browsers.
Disconnect from the Internet.
Double click on combofix.exe and follow the prompts.
When it's finished it will produce a log.
Post the entire contents of C:\ComboFix.txt into your next reply.
Note
Do not mouseclick combofix's window while it's running.
That may cause the program to freeze/hang.

Do NOT post the ComboFix-quarantined-files.txt unless I ask.
Note
In case your Antivirus or any other realtime scanner is displaying an alert after you downloaded Combofix or while you use Combofix,please disable your scanner and redownload Combofix again.
Some scanners may see some combofix related components as suspicious and block or delete them while there's nothing wrong with them.

Also post a new Hijackthis log please.
Posted Image
Posted Image

#3 Thom T

Thom T
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:02:17 AM

Posted 14 December 2007 - 08:26 PM

Richie,

Thanks for your prompt attention in this matter. It's good to know there are people out there willing to help inexperienced people like me avert disaster.

The only problem I had was with Java. There were two file choices with the same name- one significantly larger than the other. It seems as if I downloaded the wrong one as the file will not open and install.

Anyhow, here are the logs.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:22:58 PM, on 12/15/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Network Associates\McAfee Desktop Firewall for Windows XP\FireSvc.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\Program Files\Sygate\SEA\smc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Sygate\SEA\smcgui.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mmtask.exe
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Kuma Games\hcsystray\hc_tray.exe
C:\Program Files\Common Files\AOL\Loader\aolload.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = actsvr.comcastonline.com:8100
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = cdn
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [SoundMAXPnP] "C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe"
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [mmtask] "C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mmtask.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Startup: hc_tray.lnk = C:\Program Files\Kuma Games\hcsystray\hc_tray.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.musicmatch.com
O15 - Trusted Zone: *.musicmatch.com (HKLM)
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {1EF9F042-C2EB-4293-8213-474CAEEF531D} (TmHcmsX Control) - http://www.trendsecure.com/service_compone...vex/TmHcmsX.CAB
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: McAfee Desktop Firewall Service (FireSvc) - Networks Associates Technology, Inc. - C:\Program Files\Network Associates\McAfee Desktop Firewall for Windows XP\FireSvc.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Sygate Enforcement Agent 5.0 (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SEA\smc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe

--
End of file - 7603 bytes


ComboFix 07-12-15.1 - Thomas Tracy 2007-12-15 20:07:58.2 - NTFSx86
Running from: C:\Documents and Settings\Thomas Tracy\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((( Files Created from 2007-11-16 to 2007-12-16 )))))))))))))))))))))))))))))))
.

2007-12-15 18:56 . 2007-12-15 18:56 <DIR> d-------- C:\Program Files\ZoneAlarmSB
2007-12-15 17:48 . 2007-12-15 20:14 194,592 --ahs---- C:\WINDOWS\SYSTEM32\DRIVERS\fidbox.dat
2007-12-15 17:48 . 2007-12-15 19:55 4,532 --ahs---- C:\WINDOWS\SYSTEM32\DRIVERS\fidbox.idx
2007-12-14 15:23 . 2007-12-14 15:23 <DIR> d-------- C:\Program Files\Trend Micro
2007-12-14 15:15 . 2007-12-14 15:15 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\MailFrontier
2007-12-14 15:15 . 2007-11-14 16:05 75,248 --a------ C:\WINDOWS\zllsputility.exe
2007-12-14 15:15 . 2004-04-27 04:40 11,264 --a------ C:\WINDOWS\SYSTEM32\SpOrder.dll
2007-12-14 15:15 . 2007-12-15 18:58 4,212 ---h----- C:\WINDOWS\SYSTEM32\zllictbl.dat
2007-12-14 15:13 . 2007-12-15 19:07 <DIR> d-------- C:\WINDOWS\SYSTEM32\ZoneLabs
2007-12-14 15:13 . 2007-11-14 16:05 1,086,952 --a------ C:\WINDOWS\SYSTEM32\zpeng24.dll
2007-12-14 15:13 . 2007-12-15 19:58 353,365 --a------ C:\WINDOWS\SYSTEM32\vsconfig.xml
2007-12-14 15:12 . 2007-12-15 19:45 <DIR> d-------- C:\WINDOWS\Internet Logs
2007-12-14 12:34 . 2007-12-14 14:03 <DIR> d-------- C:\WINDOWS\BDOSCAN8
2007-12-14 12:12 . 2007-12-14 12:10 102,664 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\tmcomm.sys
2007-12-14 11:15 . 2007-12-14 12:02 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-12-14 09:47 . 2007-12-14 09:47 <DIR> d-------- C:\Program Files\Lavasoft
2007-12-14 09:47 . 2007-12-14 09:47 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2007-12-14 09:46 . 2007-12-14 09:46 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-12-14 08:25 . 2007-12-14 08:25 0 --ahs---- C:\Documents and Settings\Thomas Tracy\Application Data\GDIPFONTCACHEV1ed7a88e92ece8feccb6d82b98f757348.dat
2007-12-13 18:41 . 2007-12-13 18:42 <DIR> d-------- C:\Documents and Settings\Thomas Tracy\Application Data\AdwareAlert
2007-12-13 03:06 . 2007-12-13 03:06 118 --a------ C:\WINDOWS\SYSTEM32\MRT.INI
2007-12-12 23:11 . 2007-12-12 23:11 490,496 --a------ C:\Documents and Settings\Thomas Tracy\load.exe
2007-12-12 22:24 . 2007-12-13 22:16 883,750 --ahs---- C:\WINDOWS\SYSTEM32\gqnsdwpl.ini
2007-12-12 19:33 . 2007-12-14 11:51 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2007-12-12 19:33 . 2007-12-12 19:33 12,800 --a------ C:\info.exe
2007-12-12 19:33 . 2007-12-12 19:33 12,800 --a------ C:\Documents and Settings\Thomas Tracy\Application Data\eimxamm.exe
2007-12-12 19:33 . 2007-12-12 19:33 1,409 --a------ C:\WINDOWS\QTFont.for
2007-12-12 18:53 . 2007-09-05 23:22 289,144 --a------ C:\WINDOWS\SYSTEM32\VCCLSID.exe
2007-12-12 18:53 . 2006-04-27 16:49 288,417 --a------ C:\WINDOWS\SYSTEM32\SrchSTS.exe
2007-12-12 18:53 . 2003-06-05 20:13 53,248 --a------ C:\WINDOWS\SYSTEM32\Process.exe
2007-12-12 18:53 . 2004-07-31 17:50 51,200 --a------ C:\WINDOWS\SYSTEM32\dumphive.exe
2007-12-12 18:53 . 2007-10-03 23:36 25,600 --a------ C:\WINDOWS\SYSTEM32\WS2Fix.exe
2007-12-12 18:10 . 2007-12-12 18:55 3,906 --a------ C:\WINDOWS\SYSTEM32\tmp.reg
2007-12-12 02:22 . 2007-12-12 23:21 <DIR> d-------- C:\Program Files\Common Files\mwim
2007-12-11 22:23 . 2007-12-12 22:23 991,504 --ahs---- C:\WINDOWS\SYSTEM32\rklwmbgi.ini
2007-12-10 14:59 . 2007-12-11 22:20 858,944 --ahs---- C:\WINDOWS\SYSTEM32\whepdwcp.ini
2007-12-10 12:02 . 2007-12-10 12:02 4,286 --a------ C:\WINDOWS\SYSTEM32\everybodybets.32x32.4.ico
2007-12-05 17:59 . 2007-12-05 18:38 <DIR> d-------- C:\WINDOWS\SxsCaPendDel

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-16 00:50 --------- d-----w C:\Program Files\Java
2007-12-15 22:46 --------- d-----w C:\Program Files\Viewpoint
2007-12-14 15:22 --------- d-----w C:\Program Files\BearShare Applications
2007-12-13 04:14 --------- d-----w C:\Program Files\Kaneva
2007-12-05 23:43 --------- d-----w C:\Program Files\Citrix
2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-10-30 23:42 3,590,656 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\mshtml.dll
2007-10-29 22:43 1,287,680 ----a-w C:\WINDOWS\SYSTEM32\quartz.dll
2007-10-29 22:43 1,287,680 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\quartz.dll
2007-10-27 22:40 227,328 ----a-w C:\WINDOWS\SYSTEM32\wmasf.dll
2007-10-27 22:40 227,328 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\wmasf.dll
2007-10-26 03:34 8,460,288 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\shell32.dll
2007-10-25 15:26 53,248 ----a-w C:\WINDOWS\bdoscandel.exe
2007-10-18 19:49 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL OCP
2007-10-18 19:47 --------- d-----w C:\Program Files\AIM6
2007-10-10 23:56 824,832 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\wininet.dll
2007-10-10 23:56 232,960 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\webcheck.dll
2007-10-10 23:56 1,159,680 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\urlmon.dll
2007-10-10 23:55 671,232 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\mstime.dll
2007-10-10 23:55 63,488 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\icardie.dll
2007-10-10 23:55 6,065,664 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\ieframe.dll
2007-10-10 23:55 52,224 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\msfeedsbs.dll
2007-10-10 23:55 478,208 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\mshtmled.dll
2007-10-10 23:55 459,264 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\msfeeds.dll
2007-10-10 23:55 44,544 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\iernonce.dll
2007-10-10 23:55 384,512 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\iedkcs32.dll
2007-10-10 23:55 383,488 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\ieapfltr.dll
2007-10-10 23:55 27,648 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\jsproxy.dll
2007-10-10 23:55 267,776 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\iertutil.dll
2007-10-10 23:55 230,400 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\ieaksie.dll
2007-10-10 23:55 214,528 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\dxtrans.dll
2007-10-10 23:55 193,024 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\msrating.dll
2007-10-10 23:55 153,088 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\ieakeng.dll
2007-10-10 23:55 132,608 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\extmgr.dll
2007-10-10 23:55 124,928 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\advpack.dll
2007-10-10 23:55 105,984 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\url.dll
2007-10-10 23:55 102,400 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\occache.dll
2007-10-10 10:59 70,656 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\ie4uinit.exe
2007-10-10 10:59 625,152 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\iexplore.exe
2007-10-10 10:59 13,824 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\ieudinit.exe
2007-10-10 05:46 161,792 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\ieakui.dll
2007-02-28 21:55 952 --sha-w C:\WINDOWS\SYSTEM32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((( snapshot@2007-12-14_ 9.12.04.31 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-12-14 17:34:46 45,056 ----a-w C:\WINDOWS\BDOSCAN8\avxdisk.dll
+ 2007-12-14 17:34:46 10,240 ----a-w C:\WINDOWS\BDOSCAN8\avxs.dll
+ 2007-12-14 17:34:46 27,136 ----a-w C:\WINDOWS\BDOSCAN8\avxt.dll
+ 2007-12-14 17:34:50 181,760 ----a-w C:\WINDOWS\BDOSCAN8\bdcore.dll
+ 2007-10-25 15:26:48 118,784 ----a-w C:\WINDOWS\BDOSCAN8\bdupd.dll
+ 2007-10-25 15:26:48 53,248 ----a-w C:\WINDOWS\BDOSCAN8\ipsupd.dll
+ 2007-12-14 17:34:51 142,848 ----a-w C:\WINDOWS\BDOSCAN8\libfn.dll
+ 2007-12-14 17:34:47 86,016 ----a-w C:\WINDOWS\BDOSCAN8\librtvr.dll
+ 2007-10-25 15:26:48 118,784 ----a-w C:\WINDOWS\Downloaded Program Files\bdupd.dll
+ 2007-10-25 15:26:48 53,248 ----a-w C:\WINDOWS\Downloaded Program Files\ipsupd.dll
+ 2007-12-14 14:48:29 1,038,336 ----a-r C:\WINDOWS\Installer\{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}\Icon0E6AB9FC.exe
+ 2007-12-14 14:48:29 178,688 ----a-r C:\WINDOWS\Installer\{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}\Icon0E6AB9FC1.exe
+ 2007-12-14 14:48:29 171,008 ----a-r C:\WINDOWS\Installer\{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}\IconDED53B0B.exe
+ 2007-12-14 14:48:29 8,704 ----a-r C:\WINDOWS\Installer\{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}\IconDED53B0B1.exe
+ 2007-07-11 18:37:26 6,272 ----a-w C:\WINDOWS\SYSTEM32\DRIVERS\AWRTPD.sys
+ 2007-08-07 17:58:08 8,320 ----a-w C:\WINDOWS\SYSTEM32\DRIVERS\AWRTRD.sys
+ 2007-07-19 20:10:28 127,768 ----a-w C:\WINDOWS\SYSTEM32\DRIVERS\klif.sys
+ 2007-08-07 17:56:58 9,344 ----a-w C:\WINDOWS\SYSTEM32\DRIVERS\NSDriver.sys
- 2007-03-15 22:19:28 1,476,992 ----a-w C:\WINDOWS\SYSTEM32\LegitCheckControl.dll
+ 2007-10-11 19:12:48 1,468,968 ----a-w C:\WINDOWS\SYSTEM32\LegitCheckControl.dll
+ 2007-09-06 21:13:58 796,048 ----a-w C:\WINDOWS\SYSTEM32\libeay32_0.9.6l.dll
+ 2007-04-13 19:19:52 7,680 ----a-w C:\WINDOWS\SYSTEM32\lsdelete.exe
- 2007-12-14 13:40:24 53,436 ----a-w C:\WINDOWS\SYSTEM32\PERFC009.DAT
+ 2007-12-16 01:01:28 53,436 ----a-w C:\WINDOWS\SYSTEM32\PERFC009.DAT
- 2007-12-14 13:40:24 381,692 ----a-w C:\WINDOWS\SYSTEM32\PERFH009.DAT
+ 2007-12-16 01:01:28 381,692 ----a-w C:\WINDOWS\SYSTEM32\PERFH009.DAT
- 2006-12-10 18:10:02 14,640 ----a-w C:\WINDOWS\SYSTEM32\spmsg.dll
+ 2007-10-08 19:46:18 14,640 ------w C:\WINDOWS\SYSTEM32\spmsg.dll
- 2007-07-22 23:39:27 279,552 ----a-w C:\WINDOWS\SYSTEM32\swreg.exe
+ 2007-12-14 02:26:50 156,160 ----a-w C:\WINDOWS\SYSTEM32\swreg.exe
+ 2007-11-14 21:04:52 83,432 ----a-w C:\WINDOWS\SYSTEM32\vsdata.dll
+ 2007-11-14 21:05:16 394,952 ----a-w C:\WINDOWS\SYSTEM32\vsdatant.sys
+ 2007-11-14 21:04:52 157,160 ----a-w C:\WINDOWS\SYSTEM32\vsinit.dll
+ 2007-11-14 21:04:52 103,912 ----a-w C:\WINDOWS\SYSTEM32\vsmonapi.dll
+ 2007-11-14 21:04:52 275,944 ----a-w C:\WINDOWS\SYSTEM32\vspubapi.dll
+ 2007-11-14 21:04:52 71,144 ----a-w C:\WINDOWS\SYSTEM32\vsregexp.dll
+ 2007-11-14 21:04:54 472,552 ----a-w C:\WINDOWS\SYSTEM32\vsutil.dll
+ 2007-11-14 21:04:54 46,568 ----a-w C:\WINDOWS\SYSTEM32\vswmi.dll
+ 2007-11-14 21:04:54 99,816 ----a-w C:\WINDOWS\SYSTEM32\vsxml.dll
+ 2007-11-14 21:04:56 83,432 ----a-w C:\WINDOWS\SYSTEM32\zlcomm.dll
+ 2007-11-14 21:04:56 71,144 ----a-w C:\WINDOWS\SYSTEM32\zlcommdb.dll
+ 2007-11-14 21:04:44 370,208 ----a-w C:\WINDOWS\SYSTEM32\ZoneLabs\av.dll
+ 2007-05-31 05:03:30 65,248 ----a-w C:\WINDOWS\SYSTEM32\ZoneLabs\avsys\bases\aphish.dat
+ 2006-06-30 19:47:36 21,568 ----a-w C:\WINDOWS\SYSTEM32\ZoneLabs\avsys\bases\avcmhk4.dll
+ 2007-05-31 05:03:16 77,824 ----a-w C:\WINDOWS\SYSTEM32\ZoneLabs\avsys\CKAHComm.dll
+ 2007-05-31 05:03:16 110,592 ----a-w C:\WINDOWS\SYSTEM32\ZoneLabs\avsys\CKAHrule.dll
+ 2007-05-31 05:03:16 331,776 ----a-w C:\WINDOWS\SYSTEM32\ZoneLabs\avsys\CKAHUM.dll
+ 2007-05-31 05:03:16 38,400 ----a-w C:\WINDOWS\SYSTEM32\ZoneLabs\avsys\FSSync.dll
+ 2007-07-19 20:10:32 110,360 ----a-w C:\WINDOWS\SYSTEM32\ZoneLabs\avsys\instdrivers\w2kxp32\kl1.sys
+ 2007-07-19 20:10:32 186,128 ----a-w C:\WINDOWS\SYSTEM32\ZoneLabs\avsys\instdrivers\w2kxp32\klif.sys
+ 2007-05-31 05:03:48 110,360 ----a-w C:\WINDOWS\SYSTEM32\ZoneLabs\avsys\instdrivers\x32\kl1.sys
+ 2007-07-19 20:10:28 127,768 ----a-w C:\WINDOWS\SYSTEM32\ZoneLabs\avsys\instdrivers\x32\klif.sys
+ 2007-05-31 05:03:50 45,056 ----a-w C:\WINDOWS\SYSTEM32\ZoneLabs\avsys\instdrivers\x32\regcat.exe
+ 2006-09-20 04:12:14 208,960 ----a-w C:\WINDOWS\SYSTEM32\ZoneLabs\avsys\inv.dll
+ 2007-09-12 02:09:16 274,432 ----a-w C:\WINDOWS\SYSTEM32\ZoneLabs\avsys\kave.dll
+ 2006-12-19 23:13:52 1,093,632 ----a-w C:\WINDOWS\SYSTEM32\ZoneLabs\avsys\libeay32.dll
+ 2007-05-31 05:03:20 548,864 ----a-w C:\WINDOWS\SYSTEM32\ZoneLabs\avsys\msvcp80.dll
+ 2007-05-31 05:03:20 626,688 ----a-w C:\WINDOWS\SYSTEM32\ZoneLabs\avsys\msvcr80.dll
+ 2007-05-31 05:03:18 184,320 ----a-w C:\WINDOWS\SYSTEM32\ZoneLabs\avsys\prloader.dll
+ 2007-05-31 05:03:22 90,112 ----a-w C:\WINDOWS\SYSTEM32\ZoneLabs\avsys\prremote.dll
+ 2007-09-12 02:09:16 135,168 ----a-w C:\WINDOWS\SYSTEM32\ZoneLabs\avsys\ScanningProcess.exe
+ 2006-12-19 23:13:52 200,704 ----a-w C:\WINDOWS\SYSTEM32\ZoneLabs\avsys\ssleay32.dll
+ 2007-11-14 21:04:44 99,816 ----a-w C:\WINDOWS\SYSTEM32\ZoneLabs\camupd.dll
+ 2004-01-30 17:35:08 813,568 ----a-w C:\WINDOWS\SYSTEM32\ZoneLabs\dbghelp.dll
+ 2007-11-14 21:04:46 128,480 ----a-w C:\WINDOWS\SYSTEM32\ZoneLabs\fbl.dll
+ 2007-11-14 21:04:46 38,376 ----a-w C:\WINDOWS\SYSTEM32\ZoneLabs\featuremap.dll
+ 2007-11-14 21:04:46 321,016 ----a-w C:\WINDOWS\SYSTEM32\ZoneLabs\imsecure.dll
+ 2007-11-14 21:05:18 288,144 ----a-w C:\WINDOWS\SYSTEM32\ZoneLabs\lib\ConfigWizard.zip.dll
+ 2007-11-14 21:05:18 152,976 ----a-w C:\WINDOWS\SYSTEM32\ZoneLabs\lib\licenseui.zip.dll
+ 2007-11-14 21:05:18 26,000 ----a-w C:\WINDOWS\SYSTEM32\ZoneLabs\lib\zlsvc.zip.dll
+ 2007-11-14 21:05:18 1,361,296 ----a-w C:\WINDOWS\SYSTEM32\ZoneLabs\lib\zpy.zip.dll
+ 2007-11-14 21:05:20 71,056 ----a-w C:\WINDOWS\SYSTEM32\ZoneLabs\lib\zui.zip.dll
+ 2007-11-14 21:06:34 30,184 ----a-w C:\WINDOWS\SYSTEM32\ZoneLabs\plugins\rpc_server\rpc_server.dll
+ 2007-11-14 21:06:36 30,216 ----a-w C:\WINDOWS\SYSTEM32\ZoneLabs\plugins\vsmon_plugin\vsmon_plugin.dll
+ 2007-10-19 01:18:38 714,208 ----a-w C:\WINDOWS\SYSTEM32\ZoneLabs\qrbase.dll
+ 2007-10-19 01:18:38 787,936 ----a-w C:\WINDOWS\SYSTEM32\ZoneLabs\qrsrecl.dll
+ 2007-11-14 21:04:48 173,544 ----a-w C:\WINDOWS\SYSTEM32\ZoneLabs\scheduler.dll
+ 2007-01-11 16:12:08 2,432,259 ----a-w C:\WINDOWS\SYSTEM32\ZoneLabs\spyware.dat
+ 2007-10-19 01:18:40 1,500,640 ----a-w C:\WINDOWS\SYSTEM32\ZoneLabs\srescan.dll
+ 2007-10-19 01:18:44 51,176 ----a-w C:\WINDOWS\SYSTEM32\ZoneLabs\srescan.sys
+ 2007-11-14 21:04:50 456,168 ----a-w C:\WINDOWS\SYSTEM32\ZoneLabs\ssleay32.dll
+ 2007-11-14 21:06:36 214,528 ----a-w C:\WINDOWS\SYSTEM32\ZoneLabs\streamapi\httpblocker\httpblocker.dll
+ 2007-11-14 21:06:36 3,266,040 ----a-w C:\WINDOWS\SYSTEM32\ZoneLabs\streamapi\imslsp\imslsp.dll
+ 2006-09-05 01:59:14 503,875 ----a-w C:\WINDOWS\SYSTEM32\ZoneLabs\upd_core.dll
+ 2007-10-11 21:50:32 832,984 ----a-w C:\WINDOWS\SYSTEM32\ZoneLabs\updating.dll
+ 2007-11-14 21:05:06 144,936 ----a-w C:\WINDOWS\SYSTEM32\ZoneLabs\updclient.exe
+ 2007-01-11 22:31:06 286,787 ----a-w C:\WINDOWS\SYSTEM32\ZoneLabs\updtrsdk.dll
+ 2007-11-14 21:04:52 108,008 ----a-w C:\WINDOWS\SYSTEM32\ZoneLabs\vsavpro.dll
+ 2007-11-14 21:04:52 83,432 ----a-w C:\WINDOWS\SYSTEM32\ZoneLabs\vsdb.dll
+ 2007-11-14 21:05:06 75,304 ----a-w C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
+ 2007-11-14 21:04:52 2,029,032 ----a-w C:\WINDOWS\SYSTEM32\ZoneLabs\vsmondll.dll
+ 2007-11-14 21:04:54 1,361,384 ----a-w C:\WINDOWS\SYSTEM32\ZoneLabs\vsruledb.dll
+ 2007-11-14 21:04:54 239,080 ----a-w C:\WINDOWS\SYSTEM32\ZoneLabs\vsvault.dll
+ 2007-01-11 16:12:08 2,432,259 ----a-w C:\WINDOWS\SYSTEM32\ZoneLabs\zlasdbup.dat
+ 2007-11-14 21:04:56 177,640 ----a-w C:\WINDOWS\SYSTEM32\ZoneLabs\zlparser.dll
+ 2007-11-14 21:04:56 79,344 ----a-w C:\WINDOWS\SYSTEM32\ZoneLabs\zlquarantine.dll
+ 2007-11-14 21:04:58 382,440 ----a-w C:\WINDOWS\SYSTEM32\ZoneLabs\zlsre.dll
+ 2007-11-14 21:04:58 120,296 ----a-w C:\WINDOWS\SYSTEM32\ZoneLabs\zlupdate.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 06:00]
"Aim6"="C:\Program Files\AIM6\aim6.exe" [2007-09-29 15:22]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 11:24]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-06-30 14:33]
"UpdateManager"="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [2004-01-07 02:01]
"McAfeeUpdaterUI"="C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" [2005-08-31 15:50]
"ShStatEXE"="C:\Program Files\Network Associates\VirusScan\SHSTAT.exe" [2004-09-22 19:00]
"mmtask"="C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mmtask.exe" [2004-10-08 07:49]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2007-05-12 19:23]
"MMTray"="C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe" [2004-10-08 07:49]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-04-27 08:41]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-11-14 16:05]

C:\Documents and Settings\Thomas Tracy\Start Menu\Programs\Startup\
hc_tray.lnk - C:\Program Files\Kuma Games\hcsystray\hc_tray.exe [2007-04-26 12:49:20]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk]
backup=C:\WINDOWS\pss\Adobe Reader Synchronizer.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^McAfee Desktop Firewall Tray.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\McAfee Desktop Firewall Tray.lnk
backup=C:\WINDOWS\pss\McAfee Desktop Firewall Tray.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^NWePO.lnk]
backup=C:\WINDOWS\pss\NWePO.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Thomas Tracy^Start Menu^Programs^Startup^TrueAssistant.lnk]
backup=C:\WINDOWS\pss\TrueAssistant.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeUpdater]
2007-03-01 10:37 2321600 -ra------ C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
C:\Program Files\Common Files\AOL\Launch\AOLLaunch.exe /d locale=en-US ee://aol/imApp

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BoostSpeed]
C:\Program Files\AusLogics BoostSpeed\BoostSpeed.exe /Q

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]
C:\Program Files\DellSupport\DSAgnt.exe /startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dla]
2004-11-16 01:05 127035 --a------ C:\WINDOWS\system32\dla\tfswctrl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
2006-05-09 19:24 50760 --a------ C:\Program Files\Common Files\AOL\1160614004\ee\AOLSoftware.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd]
2005-09-20 09:32 77824 --a------ C:\WINDOWS\system32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers]
2005-09-20 09:36 114688 --a------ C:\WINDOWS\system32\igfxpers.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxtray]
2005-09-20 09:35 94208 --a------ C:\WINDOWS\system32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IPHSend]
2006-02-17 11:59 124520 --a------ C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2007-04-27 10:25 257088 --a------ C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MMTray]
2004-10-08 07:49 131072 --a------ C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
C:\Program Files\Messenger\msmsgs.exe /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\qttask.exe -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpySweeper]
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe /startintray

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

R0 FirePM;McAfee Desktop Firewall Policy Manager Driver;C:\WINDOWS\system32\Drivers\FirePM.sys
R1 FireTDI;McAfee Desktop Firewall TDI Driver;\??\C:\WINDOWS\system32\Drivers\FireTDI.sys
R1 NaiAvTdi1;NaiAvTdi1;C:\WINDOWS\system32\drivers\mvstdi5x.sys
R2 FireHook;McAfee Desktop Firewall Network Driver;C:\WINDOWS\system32\DRIVERS\firehook.sys
R3 Eacfilt;Eacfilt Miniport;C:\WINDOWS\system32\DRIVERS\eacfilt.sys
R3 firelm01;firelm01;\??\C:\WINDOWS\system32\drivers\firelm01.sys
R3 IPSECSHM;Nortel IPSECSHM Adapter;C:\WINDOWS\system32\DRIVERS\ipsecw2k.sys
S2 IPSECEXT;Nortel Extranet Access Protocol;C:\WINDOWS\system32\DRIVERS\ipsecw2k.sys

.
Contents of the 'Scheduled Tasks' folder
"2007-12-15 08:00:00 C:\WINDOWS\Tasks\AdwareAlert Scheduled Scan.job"
- C:\Program Files\AdwareAlert\AdwareAlert.exe
- C:\Program Files\AdwareAlert
"2007-12-15 23:08:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-15 20:15:07
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-12-15 20:17:12
C:\ComboFix2.txt ... 2007-12-14 09:13
.
2007-12-13 08:06:39 --- E O F ---

#4 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:07:17 AM

Posted 14 December 2007 - 09:10 PM

Please download OTMoveIt by OldTimer,save it to your desktop:
http://download.bleepingcomputer.com/oldtimer/OTMoveIt2.exe
Please double-click OTMoveIt.exe to run it.
Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose 'Copy'):
C:\WINDOWS\SYSTEM32\gqnsdwpl.ini
C:\WINDOWS\SYSTEM32\rklwmbgi.ini
C:\WINDOWS\SYSTEM32\whepdwcp.ini
C:\WINDOWS\SYSTEM32\everybodybets.32x32.4.ico
C:\Program Files\Viewpoint

Return to OTMoveIt, right click on the "Paste List of Files/Folders to be moved" window and choose Paste.
Click the red Moveit! button Posted Image
Copy everything on the 'Results' window to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose 'Copy'), and paste it into your next reply.
Close OTMoveIt.
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process.
If you are asked to reboot the machine choose Yes.

I now need you to do the following if you will:

Go here:http://virusscan.jotti.org/
Using the 'Browse' button,browse to:
C:\Documents and Settings\Thomas Tracy\load.exe
Then press the 'Submit' button.
Wait while the file is scanned.
Post the results into your next reply.

If Jotti's too busy,try here:
http://www.virustotal.com/en/virustotalf.html
Click on the 'Analysis' tab.
Using the 'Browse' button,browse to:
C:\Documents and Settings\Thomas Tracy\load.exe
Then click on 'Send File'.
Post the results into your next reply.

Then do exactly the same with the following file:
C:\info.exe
Post all the results into your next reply please.

Also post a new Hijackthis log.
Posted Image
Posted Image

#5 Thom T

Thom T
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:02:17 AM

Posted 15 December 2007 - 02:18 PM

MoveIt

C:\WINDOWS\SYSTEM32\gqnsdwpl.ini moved successfully.
C:\WINDOWS\SYSTEM32\rklwmbgi.ini moved successfully.
C:\WINDOWS\SYSTEM32\whepdwcp.ini moved successfully.
C:\WINDOWS\SYSTEM32\everybodybets.32x32.4.ico moved successfully.
C:\Program Files\Viewpoint\Viewpoint Manager moved successfully.
C:\Program Files\Viewpoint moved successfully.

Created on 12162007_103047


Scan taken on 15 Dec 2007 15:41:31 (GMT)
A-Squared Found nothing
AntiVir Found HEUR/Malware
ArcaVir Found nothing
Avast Found nothing
AVG Antivirus Found Downloader.Small.60.AK
BitDefender Found nothing
ClamAV Found nothing
CPsecure Found nothing
Dr.Web Found Trojan.Fakealert.391
F-Prot Antivirus Found nothing
F-Secure Anti-Virus Found nothing
Fortinet Found nothing
Ikarus Found nothing
Kaspersky Anti-Virus Found nothing
NOD32 Found probably unknown NewHeur_PE (probable variant)
Norman Virus Control Found nothing
Panda Antivirus Found nothing
Rising Antivirus Found nothing
Sophos Antivirus Found Mal/Emogen-G
VirusBuster Found nothing
VBA32 Found nothing

Antivirus Version Last Update Result
AhnLab-V3 2007.12.15.10 2007.12.14 -
AntiVir 7.6.0.45 2007.12.14 -
Authentium 4.93.8 2007.12.15 -
Avast 4.7.1098.0 2007.12.15 -
AVG 7.5.0.503 2007.12.15 SHeur.AESQ
BitDefender 7.2 2007.12.15 -
CAT-QuickHeal 9.00 2007.12.15 -
ClamAV 0.91.2 2007.12.15 -
DrWeb 4.44.0.09170 2007.12.15 -
eSafe 7.0.15.0 2007.12.13 suspicious Trojan/Worm
eTrust-Vet 31.3.5377 2007.12.15 -
Ewido 4.0 2007.12.15 -
FileAdvisor 1 2007.12.15 -
Fortinet 3.14.0.0 2007.12.15 -
F-Prot 4.4.2.54 2007.12.14 -
F-Secure 6.70.13030.0 2007.12.14 -
Ikarus T3.1.1.15 2007.12.15 -
Kaspersky 7.0.0.125 2007.12.15 not-a-virus:FraudTool.Win32.Avola.b
McAfee 5186 2007.12.14 -
Microsoft 1.3109 2007.12.15 Program:Win32/Awola
NOD32v2 2723 2007.12.14 -
Norman 5.80.02 2007.12.13 -
Panda 9.0.0.4 2007.12.15 -
Prevx1 V2 2007.12.15 Heuristic: Suspicious File With Persistence
Rising 20.22.41.00 2007.12.14 -
Sophos 4.24.0 2007.12.15 -
Sunbelt 2.2.907.0 2007.12.15 -
Symantec 10 2007.12.15 -
TheHacker 6.2.9.160 2007.12.14 -
VBA32 3.12.2.5 2007.12.15 -
VirusBuster 4.3.26:9 2007.12.14 -
Webwasher-Gateway 6.6.2 2007.12.15 -
Additional information
File size: 490496 bytes
MD5: 80902919bf6146be2636b58c8eba5bac
SHA1: 3efe267f436d25a386f3ed3c71db78edb4a216fd
PEiD: UPX 2.90 [LZMA] -> Markus Oberhumer, Laszlo Molnar & John Reiser
packers: UPX
packers: UPX
packers: PE_Patch.UPX, UPX, UPX
Prevx info: http://info.prevx.com/aboutprogramtext.asp...A9B4300DDE8DF93

File info.exe received on 12.11.2007 01:00:36 (CET)
Current status: Loading ... queued waiting scanning finished NOT FOUND STOPPED


Result: 8/32 (25%)
Loading server information...
Your file is queued in position: ___.
Estimated start time is between ___ and ___ .
Do not close the window until scan is complete.
The scanner that was processing your file is stopped at this moment, we are going to wait a few seconds to try to recover your result.
If you are waiting for more than five minutes you have to resend your file.
Your file is being scanned by VirusTotal in this moment,
results will be shown as they're generated.
Compact Print results
Your file has expired or does not exists.
Service is stopped in this moments, your file is waiting to be scanned (position: ) for an undefined time.

You can wait for web response (automatic reload) or type your email in the form below and click "request" so the system sends you a notification when the scan is finished.
Email:


Antivirus Version Last Update Result
AhnLab-V3 - - -
AntiVir - - HEUR/Malware
Authentium - - -
Avast - - -
AVG - - -
BitDefender - - -
CAT-QuickHeal - - -
ClamAV - - -
DrWeb - - -
eSafe - - suspicious Trojan/Worm
eTrust-Vet - - -
Ewido - - -
FileAdvisor - - -
Fortinet - - -
F-Prot - - -
F-Secure - - -
Ikarus - - -
Kaspersky - - -
McAfee - - -
Microsoft - - TrojanDownloader:Win32/Renos.gen!A
NOD32v2 - - probably unknown NewHeur_PE virus
Norman - - -
Panda - - Suspicious file
Prevx1 - - Heuristic: Suspicious File With Outbound Communications
Rising - - -
Sophos - - Mal/Emogen-G
Sunbelt - - -
Symantec - - -
TheHacker - - -
VBA32 - - -
VirusBuster - - -
Webwasher-Gateway - - Heuristic.Malware
Additional information
MD5: ce1de12d7636728899006567b468e98e

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:20:18 PM, on 12/16/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Network Associates\McAfee Desktop Firewall for Windows XP\FireSvc.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\Program Files\Sygate\SEA\smc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Sygate\SEA\smcgui.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mmtask.exe
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Kuma Games\hcsystray\hc_tray.exe
C:\Program Files\Common Files\AOL\Loader\aolload.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\WINDOWS\explorer.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = actsvr.comcastonline.com:8100
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = cdn
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [SoundMAXPnP] "C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe"
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [mmtask] "C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mmtask.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Startup: hc_tray.lnk = C:\Program Files\Kuma Games\hcsystray\hc_tray.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.musicmatch.com
O15 - Trusted Zone: *.musicmatch.com (HKLM)
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {1EF9F042-C2EB-4293-8213-474CAEEF531D} (TmHcmsX Control) - http://www.trendsecure.com/service_compone...vex/TmHcmsX.CAB
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: McAfee Desktop Firewall Service (FireSvc) - Networks Associates Technology, Inc. - C:\Program Files\Network Associates\McAfee Desktop Firewall for Windows XP\FireSvc.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Sygate Enforcement Agent 5.0 (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SEA\smc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe

--
End of file - 7619 bytes

#6 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:07:17 AM

Posted 15 December 2007 - 03:46 PM

Please double-click OTMoveIt.exe to run it.
Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose 'Copy'):
C:\info.exe
C:\Documents and Settings\Thomas Tracy\load.exe

Return to OTMoveIt, right click on the "Paste List of Files/Folders to be moved" window and choose Paste.
Click the red Moveit! button Posted Image
Copy everything on the 'Results' window to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose 'Copy'), and paste it into your next reply.
Close OTMoveIt.
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process.
If you are asked to reboot the machine choose Yes.

Have Hijack This fix the following by placing a check in the appropriate boxes and selecting 'Fix checked'.
Make sure all browser and all Windows Explorer windows are closed before fixing:
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
Exit Hijackthis.

You have the following firewalls active on your pc:
McAfee Desktop Firewall
Sygate Enforcement Agent 5.0
ZoneAlarm Personal Firewall

Its definitely not a good idea to have more than one firewall installed on your computer.
It could lead to system slowdowns,connection problems and other problems within the operating system,due to them conflicting with each other.
You should remove/uninstall two of them now,then restart your pc.

Download\install 'SuperAntiSpyware Home Edition Free Version' from here:
http://www.superantispyware.com/downloadfi...ANTISPYWAREFREE

Launch SuperAntiSpyware and click on 'Check for updates'.
Once the updates have been installed,on the main screen click on 'Scan your computer'.
Check: 'Perform Complete Scan'.
Click 'Next' to start the scan.

Superantispyware will now scan your computer,when it's finished it will list all/any infections found.
Make sure everything found has a checkmark next to it,then press 'Next'.
Click on 'Finish' when you've done.

It's possible that the program will ask you to reboot in order to delete some files.

Obtain the SuperAntiSpyware log as follows:
Click on 'Preferences'.
Click on the 'Statistics/Logs' tab.
Under 'Scanner Logs' double click on 'SuperAntiSpyware Scan Log'.
It will then open in your default text editor,such as Notepad.
Copy and paste the contents of that report into your next reply.

Run this online virus/spyware scan using Internet Explorer:
Kaspersky WebScanner
Next click Kaspersky Online Scanner
You will be prompted to install an ActiveX component from Kaspersky, Click Yes.
The program will launch and then begin downloading the latest definition files:
Once the files have been downloaded click on NEXT
Now click on Scan Settings
In the scan settings make that the following are selected:
Scan using the following Anti-Virus database:
Standard
Scan Options:
Scan Archives
Scan Mail Bases
Click OK
Now under select a target to scan:
Select My Computer
This will start the program and scan your system.
The scan will take a while so be patient and let it run.
Once the scan is complete it will display if your system has been infected.
Now click on the Save as Text button:
Save the file to your desktop.
Copy and paste the contents of that file into your next reply.

Also post a new Hijackthis log,let me know how your pc is running now.
Posted Image
Posted Image

#7 Thom T

Thom T
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:02:17 AM

Posted 17 December 2007 - 09:25 PM

Richie,

I apologize for my absence. I am posting from my laptop as my desktop, the machine which we've been working on, has been unable to connect to the internet. I keep getting a "Network Cable Unplugged" message even though I've checked the connections several times. My router and cable modem appear fine as I am connecting from my home network with my laptop. When it rains, it pours. Hopefully I'll get it sorted out and continue with the process.

Thanks,

Thom

#8 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:07:17 AM

Posted 18 December 2007 - 05:13 AM

Download and run WinSock XP Fix:
http://www.snapfiles.com/get/winsockxpfix.html

********************************

Click on Start/Run,type CMD then press Ok.
At the command prompt copy and paste the following bold text,then press Enter:
NETSH WINSOCK RESET
Then type EXIT press Enter again,then restart your pc.

********************************

Download/install Dial-a-Fix from here:
http://djlizard.net/software/Dial-a-fix-v0.60.0.24.zip
Launch the program,place a check in ALL the boxes.
Then click on 'GO' at the bottom.
Restart your pc when Dial-a-Fix has done.

********************************

If you have the MS Windows XP install disk.
Click Start>Run,type sfc /scannow then press Ok.
Leave a space in between sfc and /scannow
Reboot when you've done.

Let me know how you get on.
Posted Image
Posted Image

#9 Thom T

Thom T
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:02:17 AM

Posted 18 December 2007 - 03:48 PM

Richie,

Thanks. The problem remains that I cannot connect to the internet to download these fixes for the "Network Connection Unplugged" message. Is it possible to copy them to a disc on my laptop and run them on my desktop? My laptop connects at home from a router/cable modem wired to the infected desktop. The router/modem seem to be working normally because I can still connect through the router.

Thom

#10 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:07:17 AM

Posted 18 December 2007 - 04:07 PM

Is it possible to copy them to a disc on my laptop and run them on my desktop?

Yes,you can do that :thumbsup:
Posted Image
Posted Image

#11 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:07:17 AM

Posted 18 December 2007 - 04:30 PM

If the above doesn't help you might want to look through the info in the links below;

Fixing Network Cable Unplugged Errors in Windows:
http://compnetworking.about.com/od/windows...leunplugged.htm
How to troubleshoot the following message in Windows XP: "A network cable is unplugged":
http://support.microsoft.com/kb/910389
Google search:
http://www.google.com/search?q=network+cab...GGGL_en___GB230
Posted Image
Posted Image

#12 Thom T

Thom T
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:02:17 AM

Posted 18 December 2007 - 04:38 PM

Great! Thanks.

We should be back to business soon.

#13 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:07:17 AM

Posted 18 December 2007 - 05:04 PM

Lets hope so :thumbsup:
Posted Image
Posted Image

#14 Thom T

Thom T
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:02:17 AM

Posted 18 December 2007 - 07:27 PM

The MS fix worked. Had to reconfigure the LAN/Link Speed & Duplex.

#15 Thom T

Thom T
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:02:17 AM

Posted 18 December 2007 - 10:45 PM

I would say the machine is running a lot better. Certainly light years better than where it was last week.

C:\info.exe moved successfully.
C:\Documents and Settings\Thomas Tracy\load.exe moved successfully.

Created on 12192007_193121

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 12/19/2007 at 08:34 PM

Application Version : 3.9.1008

Core Rules Database Version : 3363
Trace Rules Database Version: 1362

Scan type : Complete Scan
Total Scan Time : 00:50:38

Memory items scanned : 495
Memory threats detected : 0
Registry items scanned : 5249
Registry threats detected : 0
File items scanned : 39596
File threats detected : 363

Adware.Tracking Cookie
C:\Documents and Settings\Thomas Tracy\Cookies\thomas_tracy@5.go.globaladsales[1].txt
C:\Documents and Settings\Thomas Tracy\Cookies\thomas_tracy@advertising[2].txt
C:\Documents and Settings\Thomas Tracy\Cookies\thomas_tracy@tracking.foxnews[2].txt
C:\Documents and Settings\Thomas Tracy\Cookies\thomas_tracy@tacoda[2].txt
C:\Documents and Settings\Thomas Tracy\Cookies\thomas_tracy@anad.tacoda[1].txt
C:\Documents and Settings\Thomas Tracy\Cookies\thomas_tracy@s.clickability[1].txt
C:\Documents and Settings\Thomas Tracy\Cookies\thomas_tracy@hitbox[2].txt
C:\Documents and Settings\Thomas Tracy\Cookies\thomas_tracy@bannerads.zwire[2].txt
C:\Documents and Settings\Thomas Tracy\Cookies\thomas_tracy@superstats[1].txt
C:\Documents and Settings\Thomas Tracy\Cookies\thomas_tracy@atdmt[4].txt
C:\Documents and Settings\Thomas Tracy\Cookies\thomas_tracy@edge.ru4[1].txt
C:\Documents and Settings\Thomas Tracy\Cookies\thomas_tracy@imrworldwide[2].txt
C:\Documents and Settings\Thomas Tracy\Cookies\thomas_tracy@emedia.citizensvoice[1].txt
C:\Documents and Settings\Thomas Tracy\Cookies\thomas_tracy@trafficmp[2].txt
C:\Documents and Settings\Thomas Tracy\Cookies\thomas_tracy@bannerads.zwire[1].txt
C:\Documents and Settings\Thomas Tracy\Cookies\thomas_tracy@adsby.zwoops[1].txt
C:\Documents and Settings\Thomas Tracy\Cookies\thomas_tracy@collective-media[2].txt
C:\Documents and Settings\Thomas Tracy\Cookies\thomas_tracy@mediaplex[3].txt
C:\Documents and Settings\Thomas Tracy\Cookies\thomas_tracy@2o7[2].txt
C:\Documents and Settings\Thomas Tracy\Cookies\thomas_tracy@precisionclick[10].txt
C:\Documents and Settings\Thomas Tracy\Cookies\thomas_tracy@specificclick[4].txt
C:\Documents and Settings\Thomas Tracy\Cookies\thomas_tracy@atwola[1].txt
C:\Documents and Settings\Thomas Tracy\Cookies\thomas_tracy@overture[1].txt
C:\Documents and Settings\Thomas Tracy\Cookies\thomas_tracy@wilkesbarre.112.2o7[1].txt
C:\Documents and Settings\Thomas Tracy\Cookies\thomas_tracy@ads.cnn[1].txt
C:\Documents and Settings\Thomas Tracy\Cookies\thomas_tracy@mediapromoter[1].txt
C:\Documents and Settings\Thomas Tracy\Cookies\thomas_tracy@adserver.easyad[1].txt
C:\Documents and Settings\Thomas Tracy\Cookies\thomas_tracy@statse.webtrendslive[1].txt
C:\Documents and Settings\Thomas Tracy\Cookies\thomas_tracy@rotator.adjuggler[1].txt
C:\Documents and Settings\Thomas Tracy\Cookies\thomas_tracy@adbrite[3].txt
C:\Documents and Settings\Thomas Tracy\Cookies\thomas_tracy@questionmarket[2].txt
C:\Documents and Settings\Thomas Tracy\Cookies\thomas_tracy@bs.serving-sys[1].txt
C:\Documents and Settings\Thomas Tracy\Cookies\thomas_tracy@revsci[2].txt
C:\Documents and Settings\Thomas Tracy\Cookies\thomas_tracy@adopt.euroclick[1].txt
C:\Documents and Settings\Thomas Tracy\Cookies\thomas_tracy@apmebf[1].txt
C:\Documents and Settings\Thomas Tracy\Cookies\thomas_tracy@ar.atwola[1].txt
C:\Documents and Settings\Thomas Tracy\Cookies\thomas_tracy@saxosouthbend.122.2o7[1].txt
C:\Documents and Settings\Thomas Tracy\Cookies\thomas_tracy@ehg-dig.hitbox[1].txt
C:\Documents and Settings\Thomas Tracy\Cookies\thomas_tracy@server.iad.liveperson[1].txt
C:\Documents and Settings\Thomas Tracy\Cookies\thomas_tracy@fastclick[1].txt
C:\Documents and Settings\Thomas Tracy\Cookies\thomas_tracy@emedia.thetimes-tribune[2].txt
C:\Documents and Settings\Thomas Tracy\Cookies\thomas_tracy@nextag[2].txt
C:\Documents and Settings\Thomas Tracy\Cookies\thomas_tracy@prospect.adbureau[2].txt
C:\Documents and Settings\Thomas Tracy\Cookies\thomas_tracy@serving-sys[3].txt
C:\Documents and Settings\Thomas Tracy\Cookies\thomas_tracy@citi.bridgetrack[2].txt
C:\Documents and Settings\Thomas Tracy\Cookies\thomas_tracy@interclick[2].txt
C:\Documents and Settings\Thomas Tracy\Cookies\thomas_tracy@brightcove.112.2o7[1].txt
C:\Documents and Settings\Thomas Tracy\Cookies\thomas_tracy@ads.pointroll[1].txt
C:\Documents and Settings\Thomas Tracy\Cookies\thomas_tracy@adopt.specificclick[2].txt
C:\Documents and Settings\Thomas Tracy\Cookies\thomas_tracy@redorbit[1].txt
C:\Documents and Settings\Thomas Tracy\Cookies\thomas_tracy@realmedia[1].txt
C:\Documents and Settings\Thomas Tracy\Cookies\thomas_tracy@tribalfusion[1].txt
C:\Documents and Settings\Thomas Tracy\Cookies\thomas_tracy@msnportal.112.2o7[1].txt
C:\Documents and Settings\Thomas Tracy\Cookies\thomas_tracy@247realmedia[1].txt
C:\Documents and Settings\Thomas Tracy\Cookies\thomas_tracy@ehg-foxsports.hitbox[1].txt
C:\Documents and Settings\Thomas Tracy\Cookies\thomas_tracy@ad.outerinfoads[1].txt
C:\Documents and Settings\Thomas Tracy\Cookies\thomas_tracy@adbrite[2].txt
C:\Documents and Settings\Thomas Tracy\Cookies\thomas_tracy@adinterax[2].txt
C:\Documents and Settings\Thomas Tracy\Cookies\thomas_tracy@adopt.euroclick[2].txt
C:\Documents and Settings\Thomas Tracy\Cookies\thomas_tracy@adrevolver[2].txt
C:\Documents and Settings\Thomas Tracy\Cookies\thomas_tracy@ads.adengage[2].txt
C:\Documents and Settings\Thomas Tracy\Cookies\thomas_tracy@ads.domainsuite[1].txt
C:\Documents and Settings\Thomas Tracy\Cookies\thomas_tracy@advertising[1].txt
C:\Documents and Settings\Thomas Tracy\Cookies\thomas_tracy@apmebf[2].txt
C:\Documents and Settings\Thomas Tracy\Cookies\thomas_tracy@atdmt[1].txt
C:\Documents and Settings\Thomas Tracy\Cookies\thomas_tracy@atdmt[2].txt
C:\Documents and Settings\Thomas Tracy\Cookies\thomas_tracy@azjmp[2].txt
C:\Documents and Settings\Thomas Tracy\Cookies\thomas_tracy@bs.serving-sys[2].txt
C:\Documents and Settings\Thomas Tracy\Cookies\thomas_tracy@burstnet[1].txt
C:\Documents and Settings\Thomas Tracy\Cookies\thomas_tracy@casalemedia[2].txt
C:\Documents and Settings\Thomas Tracy\Cookies\thomas_tracy@classifiedventures1.112.2o7[2].txt
C:\Documents and Settings\Thomas Tracy\Cookies\thomas_tracy@enhance[1].txt
C:\Documents and Settings\Thomas Tracy\Cookies\thomas_tracy@findwhat[1].txt
C:\Documents and Settings\Thomas Tracy\Cookies\thomas_tracy@goclick[2].txt
C:\Documents and Settings\Thomas Tracy\Cookies\thomas_tracy@media.adrevolver[3].txt
C:\Documents and Settings\Thomas Tracy\Cookies\thomas_tracy@mediaplex[1].txt
C:\Documents and Settings\Thomas Tracy\Cookies\thomas_tracy@mediatraffic[2].txt
C:\Documents and Settings\Thomas Tracy\Cookies\thomas_tracy@precisionclick[11].txt
C:\Documents and Settings\Thomas Tracy\Cookies\thomas_tracy@precisionclick[1].txt
C:\Documents and Settings\Thomas Tracy\Cookies\thomas_tracy@precisionclick[2].txt
C:\Documents and Settings\Thomas Tracy\Cookies\thomas_tracy@precisionclick[3].txt
C:\Documents and Settings\Thomas Tracy\Cookies\thomas_tracy@precisionclick[4].txt
C:\Documents and Settings\Thomas Tracy\Cookies\thomas_tracy@precisionclick[5].txt
C:\Documents and Settings\Thomas Tracy\Cookies\thomas_tracy@precisionclick[6].txt
C:\Documents and Settings\Thomas Tracy\Cookies\thomas_tracy@precisionclick[7].txt
C:\Documents and Settings\Thomas Tracy\Cookies\thomas_tracy@precisionclick[8].txt
C:\Documents and Settings\Thomas Tracy\Cookies\thomas_tracy@redirect.clickshield[1].txt
C:\Documents and Settings\Thomas Tracy\Cookies\thomas_tracy@revsci[1].txt
C:\Documents and Settings\Thomas Tracy\Cookies\thomas_tracy@serving-sys[1].txt
C:\Documents and Settings\Thomas Tracy\Cookies\thomas_tracy@specificclick[1].txt
C:\Documents and Settings\Thomas Tracy\Cookies\thomas_tracy@specificclick[2].txt
C:\Documents and Settings\Thomas Tracy\Cookies\thomas_tracy@specificclick[3].txt
C:\Documents and Settings\Thomas Tracy\Cookies\thomas_tracy@tracking.offerstrategy[1].txt
C:\Documents and Settings\Thomas Tracy\Cookies\thomas_tracy@tribalfusion[2].txt
C:\Documents and Settings\Thomas Tracy\Cookies\thomas_tracy@www.burstbeacon[1].txt
C:\Documents and Settings\Thomas Tracy\Cookies\thomas_tracy@www.burstnet[2].txt
C:\Documents and Settings\Thomas Tracy\Cookies\thomas_tracy@zedo[2].txt
C:\Documents and Settings\Thomas Tracy\Desktop\TbackupFromOld\Documents and Settings\Thomas\Cookies\thomas@a.websponsors[2].txt
C:\Documents and Settings\Thomas Tracy\Desktop\TbackupFromOld\Documents and Settings\Thomas\Cookies\thomas@ad.musicmatch[2].txt
C:\Documents and Settings\Thomas Tracy\Desktop\TbackupFromOld\Documents and Settings\Thomas\Cookies\thomas@ad.reunion[1].txt
C:\Documents and Settings\Thomas Tracy\Desktop\TbackupFromOld\Documents and Settings\Thomas\Cookies\thomas@adinterax[1].txt
C:\Documents and Settings\Thomas Tracy\Desktop\TbackupFromOld\Documents and Settings\Thomas\Cookies\thomas@adknowledge[2].txt
C:\Documents and Settings\Thomas Tracy\Desktop\TbackupFromOld\Documents and Settings\Thomas\Cookies\thomas@adlegend[1].txt
C:\Documents and Settings\Thomas Tracy\Desktop\TbackupFromOld\Documents and Settings\Thomas\Cookies\thomas@adq.nextag[1].txt
C:\Documents and Settings\Thomas Tracy\Desktop\TbackupFromOld\Documents and Settings\Thomas\Cookies\thomas@ads.active[1].txt
C:\Documents and Settings\Thomas Tracy\Desktop\TbackupFromOld\Documents and Settings\Thomas\Cookies\thomas@ads.addesktop[2].txt
C:\Documents and Settings\Thomas Tracy\Desktop\TbackupFromOld\Documents and Settings\Thomas\Cookies\thomas@ads.as4x.tmcs.ticketmaster[1].txt
C:\Documents and Settings\Thomas Tracy\Desktop\TbackupFromOld\Documents and Settings\Thomas\Cookies\thomas@ads.as4x.tmcs[1].txt
C:\Documents and Settings\Thomas Tracy\Desktop\TbackupFromOld\Documents and Settings\Thomas\Cookies\thomas@ads.expedia[1].txt
C:\Documents and Settings\Thomas Tracy\Desktop\TbackupFromOld\Documents and Settings\Thomas\Cookies\thomas@ads.monster[2].txt
C:\Documents and Settings\Thomas Tracy\Desktop\TbackupFromOld\Documents and Settings\Thomas\Cookies\thomas@ads.op-design[1].txt
C:\Documents and Settings\Thomas Tracy\Desktop\TbackupFromOld\Documents and Settings\Thomas\Cookies\thomas@ads.pointroll[4].txt
C:\Documents and Settings\Thomas Tracy\Desktop\TbackupFromOld\Documents and Settings\Thomas\Cookies\thomas@ads.searchextreme[1].txt
C:\Documents and Settings\Thomas Tracy\Desktop\TbackupFromOld\Documents and Settings\Thomas\Cookies\thomas@ads.thestar[1].txt
C:\Documents and Settings\Thomas Tracy\Desktop\TbackupFromOld\Documents and Settings\Thomas\Cookies\thomas@ads2.drivelinemedia[1].txt
C:\Documents and Settings\Thomas Tracy\Desktop\TbackupFromOld\Documents and Settings\Thomas\Cookies\thomas@adserver[1].txt
C:\Documents and Settings\Thomas Tracy\Desktop\TbackupFromOld\Documents and Settings\Thomas\Cookies\thomas@adv.webmd[1].txt
C:\Documents and Settings\Thomas Tracy\Desktop\TbackupFromOld\Documents and Settings\Thomas\Cookies\thomas@advert.runescape[1].txt
C:\Documents and Settings\Thomas Tracy\Desktop\TbackupFromOld\Documents and Settings\Thomas\Cookies\thomas@advert[1].txt
C:\Documents and Settings\Thomas Tracy\Desktop\TbackupFromOld\Documents and Settings\Thomas\Cookies\thomas@advert[2].txt
C:\Documents and Settings\Thomas Tracy\Desktop\TbackupFromOld\Documents and Settings\Thomas\Cookies\thomas@advert[3].txt
C:\Documents and Settings\Thomas Tracy\Desktop\TbackupFromOld\Documents and Settings\Thomas\Cookies\thomas@advert[4].txt
C:\Documents and Settings\Thomas Tracy\Desktop\TbackupFromOld\Documents and Settings\Thomas\Cookies\thomas@advert[5].txt
C:\Documents and Settings\Thomas Tracy\Desktop\TbackupFromOld\Documents and Settings\Thomas\Cookies\thomas@advert[7].txt
C:\Documents and Settings\Thomas Tracy\Desktop\TbackupFromOld\Documents and Settings\Thomas\Cookies\thomas@ar.atwola[1].txt
C:\Documents and Settings\Thomas Tracy\Desktop\TbackupFromOld\Documents and Settings\Thomas\Cookies\thomas@atwola[2].txt
C:\Documents and Settings\Thomas Tracy\Desktop\TbackupFromOld\Documents and Settings\Thomas\Cookies\thomas@bannerads.adquest3d[1].txt
C:\Documents and Settings\Thomas Tracy\Desktop\TbackupFromOld\Documents and Settings\Thomas\Cookies\thomas@bannerads.zwire[1].txt
C:\Documents and Settings\Thomas Tracy\Desktop\TbackupFromOld\Documents and Settings\Thomas\Cookies\thomas@bannerads[10].txt
C:\Documents and Settings\Thomas Tracy\Desktop\TbackupFromOld\Documents and Settings\Thomas\Cookies\thomas@bannerads[11].txt
C:\Documents and Settings\Thomas Tracy\Desktop\TbackupFromOld\Documents and Settings\Thomas\Cookies\thomas@bannerads[12].txt
C:\Documents and Settings\Thomas Tracy\Desktop\TbackupFromOld\Documents and Settings\Thomas\Cookies\thomas@bannerads[13].txt
C:\Documents and Settings\Thomas Tracy\Desktop\TbackupFromOld\Documents and Settings\Thomas\Cookies\thomas@bannerads[14].txt
C:\Documents and Settings\Thomas Tracy\Desktop\TbackupFromOld\Documents and Settings\Thomas\Cookies\thomas@bannerads[1].txt
C:\Documents and Settings\Thomas Tracy\Desktop\TbackupFromOld\Documents and Settings\Thomas\Cookies\thomas@bannerads[2].txt
C:\Documents and Settings\Thomas Tracy\Desktop\TbackupFromOld\Documents and Settings\Thomas\Cookies\thomas@bannerads[3].txt
C:\Documents and Settings\Thomas Tracy\Desktop\TbackupFromOld\Documents and Settings\Thomas\Cookies\thomas@bannerads[4].txt
C:\Documents and Settings\Thomas Tracy\Desktop\TbackupFromOld\Documents and Settings\Thomas\Cookies\thomas@bannerads[5].txt
C:\Documents and Settings\Thomas Tracy\Desktop\TbackupFromOld\Documents and Settings\Thomas\Cookies\thomas@bannerads[6].txt
C:\Documents and Settings\Thomas Tracy\Desktop\TbackupFromOld\Documents and Settings\Thomas\Cookies\thomas@bannerads[7].txt
C:\Documents and Settings\Thomas Tracy\Desktop\TbackupFromOld\Documents and Settings\Thomas\Cookies\thomas@bannerads[8].txt
C:\Documents and Settings\Thomas Tracy\Desktop\TbackupFromOld\Documents and Settings\Thomas\Cookies\thomas@bannerads[9].txt
C:\Documents and Settings\Thomas Tracy\Desktop\TbackupFromOld\Documents and Settings\Thomas\Cookies\thomas@banner[1].txt
C:\Documents and Settings\Thomas Tracy\Desktop\TbackupFromOld\Documents and Settings\Thomas\Cookies\thomas@belnk[1].txt
C:\Documents and Settings\Thomas Tracy\Desktop\TbackupFromOld\Documents and Settings\Thomas\Cookies\thomas@bizrate[1].txt
C:\Documents and Settings\Thomas Tracy\Desktop\TbackupFromOld\Documents and Settings\Thomas\Cookies\thomas@click-fr[1].txt
C:\Documents and Settings\Thomas Tracy\Desktop\TbackupFromOld\Documents and Settings\Thomas\Cookies\thomas@click.cashengines[1].txt
C:\Documents and Settings\Thomas Tracy\Desktop\TbackupFromOld\Documents and Settings\Thomas\Cookies\thomas@clickability[1].txt
C:\Documents and Settings\Thomas Tracy\Desktop\TbackupFromOld\Documents and Settings\Thomas\Cookies\thomas@counter.surfcounters[2].txt
C:\Documents and Settings\Thomas Tracy\Desktop\TbackupFromOld\Documents and Settings\Thomas\Cookies\thomas@dist.belnk[2].txt
C:\Documents and Settings\Thomas Tracy\Desktop\TbackupFromOld\Documents and Settings\Thomas\Cookies\thomas@entrepreneur[2].txt
C:\Documents and Settings\Thomas Tracy\Desktop\TbackupFromOld\Documents and Settings\Thomas\Cookies\thomas@ez-tracks[1].txt
C:\Documents and Settings\Thomas Tracy\Desktop\TbackupFromOld\Documents and Settings\Thomas\Cookies\thomas@findarticles[2].txt
C:\Documents and Settings\Thomas Tracy\Desktop\TbackupFromOld\Documents and Settings\Thomas\Cookies\thomas@furniturefind[1].txt
C:\Documents and Settings\Thomas Tracy\Desktop\TbackupFromOld\Documents and Settings\Thomas\Cookies\thomas@geo.precisionclick[1].txt
C:\Documents and Settings\Thomas Tracy\Desktop\TbackupFromOld\Documents and Settings\Thomas\Cookies\thomas@icc.intellisrv[1].txt
C:\Documents and Settings\Thomas Tracy\Desktop\TbackupFromOld\Documents and Settings\Thomas\Cookies\thomas@iipd.furniturefind[1].txt
C:\Documents and Settings\Thomas Tracy\Desktop\TbackupFromOld\Documents and Settings\Thomas\Cookies\thomas@indextools[2].txt
C:\Documents and Settings\Thomas Tracy\Desktop\TbackupFromOld\Documents and Settings\Thomas\Cookies\thomas@insurancejournal.freestats[2].txt
C:\Documents and Settings\Thomas Tracy\Desktop\TbackupFromOld\Documents and Settings\Thomas\Cookies\thomas@interclick[1].txt
C:\Documents and Settings\Thomas Tracy\Desktop\TbackupFromOld\Documents and Settings\Thomas\Cookies\thomas@jamster[1].txt
C:\Documents and Settings\Thomas Tracy\Desktop\TbackupFromOld\Documents and Settings\Thomas\Cookies\thomas@kanoodle[2].txt
C:\Documents and Settings\Thomas Tracy\Desktop\TbackupFromOld\Documents and Settings\Thomas\Cookies\thomas@m1.webstats4u[1].txt
C:\Documents and Settings\Thomas Tracy\Desktop\TbackupFromOld\Documents and Settings\Thomas\Cookies\thomas@media.hotels[1].txt
C:\Documents and Settings\Thomas Tracy\Desktop\TbackupFromOld\Documents and Settings\Thomas\Cookies\thomas@medianewsgroup[2].txt
C:\Documents and Settings\Thomas Tracy\Desktop\TbackupFromOld\Documents and Settings\Thomas\Cookies\thomas@nandomedia[1].txt
C:\Documents and Settings\Thomas Tracy\Desktop\TbackupFromOld\Documents and Settings\Thomas\Cookies\thomas@nextag[1].txt
C:\Documents and Settings\Thomas Tracy\Desktop\TbackupFromOld\Documents and Settings\Thomas\Cookies\thomas@offeroptimizer[1].txt
C:\Documents and Settings\Thomas Tracy\Desktop\TbackupFromOld\Documents and Settings\Thomas\Cookies\thomas@offeroptimizer[2].txt
C:\Documents and Settings\Thomas Tracy\Desktop\TbackupFromOld\Documents and Settings\Thomas\Cookies\thomas@offeroptimizer[3].txt
C:\Documents and Settings\Thomas Tracy\Desktop\TbackupFromOld\Documents and Settings\Thomas\Cookies\thomas@onlinerewardcenter[2].txt
C:\Documents and Settings\Thomas Tracy\Desktop\TbackupFromOld\Documents and Settings\Thomas\Cookies\thomas@pagetrack.iomega[1].txt
C:\Documents and Settings\Thomas Tracy\Desktop\TbackupFromOld\Documents and Settings\Thomas\Cookies\thomas@partner2profit[1].txt
C:\Documents and Settings\Thomas Tracy\Desktop\TbackupFromOld\Documents and Settings\Thomas\Cookies\thomas@partner2profit[2].txt
C:\Documents and Settings\Thomas Tracy\Desktop\TbackupFromOld\Documents and Settings\Thomas\Cookies\thomas@qnsr[1].txt
C:\Documents and Settings\Thomas Tracy\Desktop\TbackupFromOld\Documents and Settings\Thomas\Cookies\thomas@revsci[2].txt
C:\Documents and Settings\Thomas Tracy\Desktop\TbackupFromOld\Documents and Settings\Thomas\Cookies\thomas@roiservice[1].txt
C:\Documents and Settings\Thomas Tracy\Desktop\TbackupFromOld\Documents and Settings\Thomas\Cookies\thomas@s.clickability[2].txt
C:\Documents and Settings\Thomas Tracy\Desktop\TbackupFromOld\Documents and Settings\Thomas\Cookies\thomas@server.cpmstar[1].txt
C:\Documents and Settings\Thomas Tracy\Desktop\TbackupFromOld\Documents and Settings\Thomas\Cookies\thomas@serving-sys[3].txt
C:\Documents and Settings\Thomas Tracy\Desktop\TbackupFromOld\Documents and Settings\Thomas\Cookies\thomas@smileycentral[1].txt
C:\Documents and Settings\Thomas Tracy\Desktop\TbackupFromOld\Documents and Settings\Thomas\Cookies\thomas@tacoda[1].txt
C:\Documents and Settings\Thomas Tracy\Desktop\TbackupFromOld\Documents and Settings\Thomas\Cookies\thomas@tacoda[2].txt
C:\Documents and Settings\Thomas Tracy\Desktop\TbackupFromOld\Documents and Settings\Thomas\Cookies\thomas@tacoda[3].txt
C:\Documents and Settings\Thomas Tracy\Desktop\TbackupFromOld\Documents and Settings\Thomas\Cookies\thomas@tacoda[4].txt
C:\Documents and Settings\Thomas Tracy\Desktop\TbackupFromOld\Documents and Settings\Thomas\Cookies\thomas@tacoda[5].txt
C:\Documents and Settings\Thomas Tracy\Desktop\TbackupFromOld\Documents and Settings\Thomas\Cookies\thomas@tracking.foxnews[1].txt
C:\Documents and Settings\Thomas Tracy\Desktop\TbackupFromOld\Documents and Settings\Thomas\Cookies\thomas@traffic[1].txt
C:\Documents and Settings\Thomas Tracy\Desktop\TbackupFromOld\Documents and Settings\Thomas\Cookies\thomas@vhost.oddcast[2].txt
C:\Documents and Settings\Thomas Tracy\Desktop\TbackupFromOld\Documents and Settings\Thomas\Cookies\thomas@windowsmedia[1].txt
C:\Documents and Settings\Thomas Tracy\Desktop\TbackupFromOld\Documents and Settings\Thomas\Cookies\thomas@wTracker[2].txt
C:\Documents and Settings\Thomas Tracy\Desktop\TbackupFromOld\Documents and Settings\Thomas\Cookies\thomas@www.bobo-porno[2].txt
C:\Documents and Settings\Thomas Tracy\Desktop\TbackupFromOld\Documents and Settings\Thomas\Cookies\thomas@www.ez-tracks[1].txt
C:\Documents and Settings\Thomas Tracy\Desktop\TbackupFromOld\Documents and Settings\Thomas\Cookies\thomas@www.findarticles[2].txt
C:\Documents and Settings\Thomas Tracy\Desktop\TbackupFromOld\Documents and Settings\Thomas\Cookies\thomas@www.furniturefind[1].txt
C:\Documents and Settings\Thomas Tracy\Desktop\TbackupFromOld\Documents and Settings\Thomas\Cookies\thomas@xiti[2].txt
C:\Documents and Settings\Thomas Tracy\Desktop\TbackupFromOld\Documents and Settings\Thomas\Local Settings\Temp\Cookies\thomas@a.websponsors[1].txt
C:\Documents and Settings\Thomas Tracy\Desktop\TbackupFromOld\Documents and Settings\Thomas\Local Settings\Temp\Cookies\thomas@a.websponsors[2].txt
C:\Documents and Settings\Thomas Tracy\Desktop\TbackupFromOld\Documents and Settings\Thomas\Local Settings\Temp\Cookies\thomas@a.websponsors[3].txt
C:\Documents and Settings\Thomas Tracy\Desktop\TbackupFromOld\Documents and Settings\Thomas\Local Settings\Temp\Cookies\thomas@a.websponsors[4].txt
C:\Documents and Settings\Thomas Tracy\Desktop\TbackupFromOld\Documents and Settings\Thomas\Local Settings\Temp\Cookies\thomas@ads.addynamix[1].txt
C:\Documents and Settings\Thomas Tracy\Desktop\TbackupFromOld\Documents and Settings\Thomas\Local Settings\Temp\Cookies\thomas@ads.monster[1].txt
C:\Documents and Settings\Thomas Tracy\Desktop\TbackupFromOld\Documents and Settings\Thomas\Local Settings\Temp\Cookies\thomas@advertising[3].txt
C:\Documents and Settings\Thomas Tracy\Desktop\TbackupFromOld\Documents and Settings\Thomas\Local Settings\Temp\Cookies\thomas@atdmt[1].txt
C:\Documents and Settings\Thomas Tracy\Desktop\TbackupFromOld\Documents and Settings\Thomas\Local Settings\Temp\Cookies\thomas@atdmt[4].txt
C:\Documents and Settings\Thomas Tracy\Desktop\TbackupFromOld\Documents and Settings\Thomas\Local Settings\Temp\Cookies\thomas@atwola[1].txt
C:\Documents and Settings\Thomas Tracy\Desktop\TbackupFromOld\Documents and Settings\Thomas\Local Settings\Temp\Cookies\thomas@bannerads.zwire[1].txt
C:\Documents and Settings\Thomas Tracy\Desktop\TbackupFromOld\Documents and Settings\Thomas\Local Settings\Temp\Cookies\thomas@bannerads[1].txt
C:\Documents and Settings\Thomas Tracy\Desktop\TbackupFromOld\Documents and Settings\Thomas\Local Settings\Temp\Cookies\thomas@bannerads[2].txt
C:\Documents and Settings\Thomas Tracy\Desktop\TbackupFromOld\Documents and Settings\Thomas\Local Settings\Temp\Cookies\thomas@bannerads[3].txt
C:\Documents and Settings\Thomas Tracy\Desktop\TbackupFromOld\Documents and Settings\Thomas\Local Settings\Temp\Cookies\thomas@bannerads[4].txt
C:\Documents and Settings\Thomas Tracy\Desktop\TbackupFromOld\Documents and Settings\Thomas\Local Settings\Temp\Cookies\thomas@bannerads[5].txt
C:\Documents and Settings\Thomas Tracy\Desktop\TbackupFromOld\Documents and Settings\Thomas\Local Settings\Temp\Cookies\thomas@bannerads[7].txt
C:\Documents and Settings\Thomas Tracy\Desktop\TbackupFromOld\Documents and Settings\Thomas\Local Settings\Temp\Cookies\thomas@belnk[1].txt
C:\Documents and Settings\Thomas Tracy\Desktop\TbackupFromOld\Documents and Settings\Thomas\Local Settings\Temp\Cookies\thomas@dist.belnk[2].txt
C:\Documents and Settings\Thomas Tracy\Desktop\TbackupFromOld\Documents and Settings\Thomas\Local Settings\Temp\Cookies\thomas@ehg-knightridder.hitbox[1].txt
C:\Documents and Settings\Thomas Tracy\Desktop\TbackupFromOld\Documents and Settings\Thomas\Local Settings\Temp\Cookies\thomas@ehg-knightridder.hitbox[4].txt
C:\Documents and Settings\Thomas Tracy\Desktop\TbackupFromOld\Documents and Settings\Thomas\Local Settings\Temp\Cookies\thomas@icc.intellisrv[2].txt
C:\Documents and Settings\Thomas Tracy\Desktop\TbackupFromOld\Documents and Settings\Thomas\Local Settings\Temp\Cookies\thomas@partner2profit[2].txt
C:\Documents and Settings\Thomas Tracy\Desktop\TbackupFromOld\Documents and Settings\Thomas\Local Settings\Temp\Cookies\thomas@poweronemedia.122.2o7[2].txt
C:\Documents and Settings\Thomas Tracy\Desktop\TbackupFromOld\Documents and Settings\Thomas\Local Settings\Temp\Cookies\thomas@tacoda[1].txt
C:\Documents and Settings\Thomas Tracy\Desktop\TbackupFromOld\Documents and Settings\Thomas\Local Settings\Temp\Cookies\thomas@tacoda[3].txt
C:\Documents and Settings\Thomas Tracy\Desktop\TbackupFromOld\Documents and Settings\Thomas\Local Settings\Temp\Cookies\thomas@tacoda[4].txt
C:\Documents and Settings\Thomas Tracy\Desktop\TbackupFromOld\Documents and Settings\Thomas\Local Settings\Temp\Cookies\thomas@zedo[1].txt
C:\Documents and Settings\Thomas Tracy\Desktop\TbackupFromOld\Documents and Settings\Thomas\Local Settings\Temp\Cookies\thomas@zedo[3].txt
C:\Documents and Settings\Thomas Tracy\Desktop\TbackupFromOld\Documents and Settings\Thomas\Local Settings\Temp\Cookies\thomas@zedo[5].txt
C:\Documents and Settings\Thomas Tracy\Desktop\TbackupFromOld\Documents and Settings\Thomas\Local Settings\Temp\Cookies\thomas@zedo[7].txt
E:\TbackupFromOld\Documents and Settings\Thomas\Cookies\thomas@a.websponsors[2].txt
E:\TbackupFromOld\Documents and Settings\Thomas\Cookies\thomas@ad.musicmatch[2].txt
E:\TbackupFromOld\Documents and Settings\Thomas\Cookies\thomas@ad.reunion[1].txt
E:\TbackupFromOld\Documents and Settings\Thomas\Cookies\thomas@adinterax[1].txt
E:\TbackupFromOld\Documents and Settings\Thomas\Cookies\thomas@adknowledge[2].txt
E:\TbackupFromOld\Documents and Settings\Thomas\Cookies\thomas@adlegend[1].txt
E:\TbackupFromOld\Documents and Settings\Thomas\Cookies\thomas@adq.nextag[1].txt
E:\TbackupFromOld\Documents and Settings\Thomas\Cookies\thomas@ads.active[1].txt
E:\TbackupFromOld\Documents and Settings\Thomas\Cookies\thomas@ads.addesktop[2].txt
E:\TbackupFromOld\Documents and Settings\Thomas\Cookies\thomas@ads.as4x.tmcs.ticketmaster[1].txt
E:\TbackupFromOld\Documents and Settings\Thomas\Cookies\thomas@ads.as4x.tmcs[1].txt
E:\TbackupFromOld\Documents and Settings\Thomas\Cookies\thomas@ads.expedia[1].txt
E:\TbackupFromOld\Documents and Settings\Thomas\Cookies\thomas@ads.monster[2].txt
E:\TbackupFromOld\Documents and Settings\Thomas\Cookies\thomas@ads.op-design[1].txt
E:\TbackupFromOld\Documents and Settings\Thomas\Cookies\thomas@ads.pointroll[4].txt
E:\TbackupFromOld\Documents and Settings\Thomas\Cookies\thomas@ads.searchextreme[1].txt
E:\TbackupFromOld\Documents and Settings\Thomas\Cookies\thomas@ads.thestar[1].txt
E:\TbackupFromOld\Documents and Settings\Thomas\Cookies\thomas@ads2.drivelinemedia[1].txt
E:\TbackupFromOld\Documents and Settings\Thomas\Cookies\thomas@adserver[1].txt
E:\TbackupFromOld\Documents and Settings\Thomas\Cookies\thomas@adv.webmd[1].txt
E:\TbackupFromOld\Documents and Settings\Thomas\Cookies\thomas@advert.runescape[1].txt
E:\TbackupFromOld\Documents and Settings\Thomas\Cookies\thomas@advert[1].txt
E:\TbackupFromOld\Documents and Settings\Thomas\Cookies\thomas@advert[2].txt
E:\TbackupFromOld\Documents and Settings\Thomas\Cookies\thomas@advert[3].txt
E:\TbackupFromOld\Documents and Settings\Thomas\Cookies\thomas@advert[4].txt
E:\TbackupFromOld\Documents and Settings\Thomas\Cookies\thomas@advert[5].txt
E:\TbackupFromOld\Documents and Settings\Thomas\Cookies\thomas@advert[7].txt
E:\TbackupFromOld\Documents and Settings\Thomas\Cookies\thomas@ar.atwola[1].txt
E:\TbackupFromOld\Documents and Settings\Thomas\Cookies\thomas@atwola[2].txt
E:\TbackupFromOld\Documents and Settings\Thomas\Cookies\thomas@bannerads.adquest3d[1].txt
E:\TbackupFromOld\Documents and Settings\Thomas\Cookies\thomas@bannerads.zwire[1].txt
E:\TbackupFromOld\Documents and Settings\Thomas\Cookies\thomas@bannerads[10].txt
E:\TbackupFromOld\Documents and Settings\Thomas\Cookies\thomas@bannerads[11].txt
E:\TbackupFromOld\Documents and Settings\Thomas\Cookies\thomas@bannerads[12].txt
E:\TbackupFromOld\Documents and Settings\Thomas\Cookies\thomas@bannerads[13].txt
E:\TbackupFromOld\Documents and Settings\Thomas\Cookies\thomas@bannerads[14].txt
E:\TbackupFromOld\Documents and Settings\Thomas\Cookies\thomas@bannerads[1].txt
E:\TbackupFromOld\Documents and Settings\Thomas\Cookies\thomas@bannerads[2].txt
E:\TbackupFromOld\Documents and Settings\Thomas\Cookies\thomas@bannerads[3].txt
E:\TbackupFromOld\Documents and Settings\Thomas\Cookies\thomas@bannerads[4].txt
E:\TbackupFromOld\Documents and Settings\Thomas\Cookies\thomas@bannerads[5].txt
E:\TbackupFromOld\Documents and Settings\Thomas\Cookies\thomas@bannerads[6].txt
E:\TbackupFromOld\Documents and Settings\Thomas\Cookies\thomas@bannerads[7].txt
E:\TbackupFromOld\Documents and Settings\Thomas\Cookies\thomas@bannerads[8].txt
E:\TbackupFromOld\Documents and Settings\Thomas\Cookies\thomas@bannerads[9].txt
E:\TbackupFromOld\Documents and Settings\Thomas\Cookies\thomas@banner[1].txt
E:\TbackupFromOld\Documents and Settings\Thomas\Cookies\thomas@belnk[1].txt
E:\TbackupFromOld\Documents and Settings\Thomas\Cookies\thomas@bizrate[1].txt
E:\TbackupFromOld\Documents and Settings\Thomas\Cookies\thomas@click-fr[1].txt
E:\TbackupFromOld\Documents and Settings\Thomas\Cookies\thomas@click.cashengines[1].txt
E:\TbackupFromOld\Documents and Settings\Thomas\Cookies\thomas@clickability[1].txt
E:\TbackupFromOld\Documents and Settings\Thomas\Cookies\thomas@counter.surfcounters[2].txt
E:\TbackupFromOld\Documents and Settings\Thomas\Cookies\thomas@dist.belnk[2].txt
E:\TbackupFromOld\Documents and Settings\Thomas\Cookies\thomas@entrepreneur[2].txt
E:\TbackupFromOld\Documents and Settings\Thomas\Cookies\thomas@ez-tracks[1].txt
E:\TbackupFromOld\Documents and Settings\Thomas\Cookies\thomas@findarticles[2].txt
E:\TbackupFromOld\Documents and Settings\Thomas\Cookies\thomas@furniturefind[1].txt
E:\TbackupFromOld\Documents and Settings\Thomas\Cookies\thomas@geo.precisionclick[1].txt
E:\TbackupFromOld\Documents and Settings\Thomas\Cookies\thomas@icc.intellisrv[1].txt
E:\TbackupFromOld\Documents and Settings\Thomas\Cookies\thomas@iipd.furniturefind[1].txt
E:\TbackupFromOld\Documents and Settings\Thomas\Cookies\thomas@indextools[2].txt
E:\TbackupFromOld\Documents and Settings\Thomas\Cookies\thomas@insurancejournal.freestats[2].txt
E:\TbackupFromOld\Documents and Settings\Thomas\Cookies\thomas@interclick[1].txt
E:\TbackupFromOld\Documents and Settings\Thomas\Cookies\thomas@jamster[1].txt
E:\TbackupFromOld\Documents and Settings\Thomas\Cookies\thomas@kanoodle[2].txt
E:\TbackupFromOld\Documents and Settings\Thomas\Cookies\thomas@m1.webstats4u[1].txt
E:\TbackupFromOld\Documents and Settings\Thomas\Cookies\thomas@media.hotels[1].txt
E:\TbackupFromOld\Documents and Settings\Thomas\Cookies\thomas@medianewsgroup[2].txt
E:\TbackupFromOld\Documents and Settings\Thomas\Cookies\thomas@nandomedia[1].txt
E:\TbackupFromOld\Documents and Settings\Thomas\Cookies\thomas@nextag[1].txt
E:\TbackupFromOld\Documents and Settings\Thomas\Cookies\thomas@offeroptimizer[1].txt
E:\TbackupFromOld\Documents and Settings\Thomas\Cookies\thomas@offeroptimizer[2].txt
E:\TbackupFromOld\Documents and Settings\Thomas\Cookies\thomas@offeroptimizer[3].txt
E:\TbackupFromOld\Documents and Settings\Thomas\Cookies\thomas@onlinerewardcenter[2].txt
E:\TbackupFromOld\Documents and Settings\Thomas\Cookies\thomas@pagetrack.iomega[1].txt
E:\TbackupFromOld\Documents and Settings\Thomas\Cookies\thomas@partner2profit[1].txt
E:\TbackupFromOld\Documents and Settings\Thomas\Cookies\thomas@partner2profit[2].txt
E:\TbackupFromOld\Documents and Settings\Thomas\Cookies\thomas@qnsr[1].txt
E:\TbackupFromOld\Documents and Settings\Thomas\Cookies\thomas@revsci[2].txt
E:\TbackupFromOld\Documents and Settings\Thomas\Cookies\thomas@roiservice[1].txt
E:\TbackupFromOld\Documents and Settings\Thomas\Cookies\thomas@s.clickability[2].txt
E:\TbackupFromOld\Documents and Settings\Thomas\Cookies\thomas@server.cpmstar[1].txt
E:\TbackupFromOld\Documents and Settings\Thomas\Cookies\thomas@serving-sys[3].txt
E:\TbackupFromOld\Documents and Settings\Thomas\Cookies\thomas@smileycentral[1].txt
E:\TbackupFromOld\Documents and Settings\Thomas\Cookies\thomas@tacoda[1].txt
E:\TbackupFromOld\Documents and Settings\Thomas\Cookies\thomas@tacoda[2].txt
E:\TbackupFromOld\Documents and Settings\Thomas\Cookies\thomas@tacoda[3].txt
E:\TbackupFromOld\Documents and Settings\Thomas\Cookies\thomas@tacoda[4].txt
E:\TbackupFromOld\Documents and Settings\Thomas\Cookies\thomas@tacoda[5].txt
E:\TbackupFromOld\Documents and Settings\Thomas\Cookies\thomas@tracking.foxnews[1].txt
E:\TbackupFromOld\Documents and Settings\Thomas\Cookies\thomas@traffic[1].txt
E:\TbackupFromOld\Documents and Settings\Thomas\Cookies\thomas@vhost.oddcast[2].txt
E:\TbackupFromOld\Documents and Settings\Thomas\Cookies\thomas@windowsmedia[1].txt
E:\TbackupFromOld\Documents and Settings\Thomas\Cookies\thomas@wTracker[2].txt
E:\TbackupFromOld\Documents and Settings\Thomas\Cookies\thomas@www.bobo-porno[2].txt
E:\TbackupFromOld\Documents and Settings\Thomas\Cookies\thomas@www.ez-tracks[1].txt
E:\TbackupFromOld\Documents and Settings\Thomas\Cookies\thomas@www.findarticles[2].txt
E:\TbackupFromOld\Documents and Settings\Thomas\Cookies\thomas@www.furniturefind[1].txt
E:\TbackupFromOld\Documents and Settings\Thomas\Cookies\thomas@xiti[2].txt
E:\TbackupFromOld\Documents and Settings\Thomas\Local Settings\Temp\Cookies\thomas@a.websponsors[1].txt
E:\TbackupFromOld\Documents and Settings\Thomas\Local Settings\Temp\Cookies\thomas@a.websponsors[2].txt
E:\TbackupFromOld\Documents and Settings\Thomas\Local Settings\Temp\Cookies\thomas@a.websponsors[3].txt
E:\TbackupFromOld\Documents and Settings\Thomas\Local Settings\Temp\Cookies\thomas@a.websponsors[4].txt
E:\TbackupFromOld\Documents and Settings\Thomas\Local Settings\Temp\Cookies\thomas@ads.addynamix[1].txt
E:\TbackupFromOld\Documents and Settings\Thomas\Local Settings\Temp\Cookies\thomas@ads.monster[1].txt
E:\TbackupFromOld\Documents and Settings\Thomas\Local Settings\Temp\Cookies\thomas@advertising[3].txt
E:\TbackupFromOld\Documents and Settings\Thomas\Local Settings\Temp\Cookies\thomas@atdmt[1].txt
E:\TbackupFromOld\Documents and Settings\Thomas\Local Settings\Temp\Cookies\thomas@atdmt[4].txt
E:\TbackupFromOld\Documents and Settings\Thomas\Local Settings\Temp\Cookies\thomas@atwola[1].txt
E:\TbackupFromOld\Documents and Settings\Thomas\Local Settings\Temp\Cookies\thomas@bannerads.zwire[1].txt
E:\TbackupFromOld\Documents and Settings\Thomas\Local Settings\Temp\Cookies\thomas@bannerads[1].txt
E:\TbackupFromOld\Documents and Settings\Thomas\Local Settings\Temp\Cookies\thomas@bannerads[2].txt
E:\TbackupFromOld\Documents and Settings\Thomas\Local Settings\Temp\Cookies\thomas@bannerads[3].txt
E:\TbackupFromOld\Documents and Settings\Thomas\Local Settings\Temp\Cookies\thomas@bannerads[4].txt
E:\TbackupFromOld\Documents and Settings\Thomas\Local Settings\Temp\Cookies\thomas@bannerads[5].txt
E:\TbackupFromOld\Documents and Settings\Thomas\Local Settings\Temp\Cookies\thomas@bannerads[7].txt
E:\TbackupFromOld\Documents and Settings\Thomas\Local Settings\Temp\Cookies\thomas@belnk[1].txt
E:\TbackupFromOld\Documents and Settings\Thomas\Local Settings\Temp\Cookies\thomas@dist.belnk[2].txt
E:\TbackupFromOld\Documents and Settings\Thomas\Local Settings\Temp\Cookies\thomas@ehg-knightridder.hitbox[1].txt
E:\TbackupFromOld\Documents and Settings\Thomas\Local Settings\Temp\Cookies\thomas@ehg-knightridder.hitbox[4].txt
E:\TbackupFromOld\Documents and Settings\Thomas\Local Settings\Temp\Cookies\thomas@icc.intellisrv[2].txt
E:\TbackupFromOld\Documents and Settings\Thomas\Local Settings\Temp\Cookies\thomas@partner2profit[2].txt
E:\TbackupFromOld\Documents and Settings\Thomas\Local Settings\Temp\Cookies\thomas@poweronemedia.122.2o7[2].txt
E:\TbackupFromOld\Documents and Settings\Thomas\Local Settings\Temp\Cookies\thomas@tacoda[1].txt
E:\TbackupFromOld\Documents and Settings\Thomas\Local Settings\Temp\Cookies\thomas@tacoda[3].txt
E:\TbackupFromOld\Documents and Settings\Thomas\Local Settings\Temp\Cookies\thomas@tacoda[4].txt
E:\TbackupFromOld\Documents and Settings\Thomas\Local Settings\Temp\Cookies\thomas@zedo[1].txt
E:\TbackupFromOld\Documents and Settings\Thomas\Local Settings\Temp\Cookies\thomas@zedo[3].txt
E:\TbackupFromOld\Documents and Settings\Thomas\Local Settings\Temp\Cookies\thomas@zedo[5].txt
E:\TbackupFromOld\Documents and Settings\Thomas\Local Settings\Temp\Cookies\thomas@zedo[7].txt
E:\Users\Tom\AppData\Roaming\Microsoft\Windows\Cookies\Low\tom@ads.espn.adsonar[2].txt
E:\Users\Tom\AppData\Roaming\Microsoft\Windows\Cookies\Low\tom@atwola[1].txt
E:\Users\Tom\AppData\Roaming\Microsoft\Windows\Cookies\Low\tom@interclick[2].txt
E:\Users\Tom\AppData\Roaming\Microsoft\Windows\Cookies\Low\tom@www.googleadservices[1].txt

Trojan.Unclassified/Fake Alert
C:\DOCUMENTS AND SETTINGS\THOMAS TRACY\APPLICATION DATA\EIMXAMM.EXE
C:\_OTMOVEIT\MOVEDFILES\12192007_193121\INFO.EXE

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Wednesday, December 19, 2007 10:43:12 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 19/12/2007
Kaspersky Anti-Virus database records: 455757
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: standard
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\
E:\
F:\

Scan Statistics:
Total number of scanned objects: 124939
Number of viruses found: 2
Number of infected objects: 2
Number of suspicious objects: 0
Duration of the scan process: 01:07:49

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Network Associates\Common Framework\Db\Agent_TRACYAGENCY1.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Network Associates\Common Framework\Db\PrdMgr_TRACYAGENCY1.log Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\INDEX.DAT Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Thomas Tracy\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SUPERANTISPYWARE.LOG Object is locked skipped
C:\Documents and Settings\Thomas Tracy\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Thomas Tracy\Local Settings\Application Data\AOL OCP\AIM\Storage\All Users\localStorage\common.cls Object is locked skipped
C:\Documents and Settings\Thomas Tracy\Local Settings\Application Data\AOL OCP\AIM\Storage\data\mchammer9998\localStorage\common.cls Object is locked skipped
C:\Documents and Settings\Thomas Tracy\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Thomas Tracy\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Thomas Tracy\Local Settings\History\History.IE5\INDEX.DAT Object is locked skipped
C:\Documents and Settings\Thomas Tracy\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
C:\Documents and Settings\Thomas Tracy\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Thomas Tracy\ntuser.dat Object is locked skipped
C:\Documents and Settings\Thomas Tracy\ntuser.dat.LOG Object is locked skipped
C:\Program Files\Sygate\SEA\debug.log Object is locked skipped
C:\Program Files\Sygate\SEA\processlog.log Object is locked skipped
C:\Program Files\Sygate\SEA\rawlog.log Object is locked skipped
C:\Program Files\Sygate\SEA\seclog.log Object is locked skipped
C:\Program Files\Sygate\SEA\syslog.log Object is locked skipped
C:\Program Files\Sygate\SEA\tralog.log Object is locked skipped
C:\qoobox\Quarantine\C\WINDOWS\b111.exe.vir Infected: Trojan-Downloader.Win32.Agent.fjv skipped
C:\qoobox\Quarantine\C\WINDOWS\b149.exe.vir Infected: Trojan-Dropper.Win32.Agent.ctu skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP7\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\Internet Logs\tvDebug.log Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\EventCache\{CDA207A7-6439-4C22-9822-18C03C19D512}.bin Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\SYSTEM32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\SYSTEM32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\AppEvent.Evt Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\Internet.evt Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SAM Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SAM.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SecEvent.Evt Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SECURITY Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SECURITY.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SysEvent.Evt Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\DRIVERS\fidbox.dat Object is locked skipped
C:\WINDOWS\SYSTEM32\DRIVERS\fidbox.idx Object is locked skipped
C:\WINDOWS\SYSTEM32\H323LOG.TXT Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\WIADEBUG.LOG Object is locked skipped
C:\WINDOWS\WIASERVC.LOG Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
E:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
F:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

Scan process completed.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:45:40 PM, on 12/19/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\Program Files\Sygate\SEA\smc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Sygate\SEA\smcgui.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mmtask.exe
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Kuma Games\hcsystray\hc_tray.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\internet explorer\iexplore.exe
C:\DOCUME~1\THOMAS~1\LOCALS~1\Temp\zauninst.exe
C:\DOCUME~1\THOMAS~1\LOCALS~1\Temp\GLB22.tmp
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = actsvr.comcastonline.com:8100
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = cdn
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O4 - HKLM\..\Run: [SoundMAXPnP] "C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe"
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [mmtask] "C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mmtask.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Startup: hc_tray.lnk = C:\Program Files\Kuma Games\hcsystray\hc_tray.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.musicmatch.com
O15 - Trusted Zone: *.musicmatch.com (HKLM)
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/u...can_unicode.cab
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {1EF9F042-C2EB-4293-8213-474CAEEF531D} (TmHcmsX Control) - http://www.trendsecure.com/service_compone...vex/TmHcmsX.CAB
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Sygate Enforcement Agent 5.0 (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SEA\smc.exe

--
End of file - 7406 bytes




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users