Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Megaclick On Firefox


  • Please log in to reply
14 replies to this topic

#1 dhamal

dhamal

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:06:11 PM

Posted 25 May 2008 - 02:38 PM

When I came back from school for summer it turns out my sister and mom had installed various questionable programs and while I could uninstall many (if not most) programs I could not seem to get this megaclick lander out of Firefox. Here is my DSS log.


Deckard's System Scanner v20071014.68
Run by Neelam on 2008-05-25 14:25:48
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
81: 2008-05-25 19:25:56 UTC - RP159 - Deckard's System Scanner Restore Point
80: 2008-05-24 19:02:08 UTC - RP158 - System Checkpoint
79: 2008-05-23 17:16:38 UTC - RP157 - System Checkpoint
78: 2008-05-22 04:29:22 UTC - RP156 - Installed SUPERAntiSpyware Free Edition
77: 2008-05-21 10:39:19 UTC - RP155 - System Checkpoint


-- First Restore Point --
1: 2008-02-25 20:43:38 UTC - RP79 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as Neelam.exe) ----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:27:02 PM, on 5/25/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
d:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
D:\WINDOWS\Explorer.EXE
D:\WINDOWS\system32\RUNDLL32.EXE
D:\Program Files\Analog Devices\Core\smax4pnp.exe
D:\Program Files\Analog Devices\SoundMAX\Smax4.exe
D:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
D:\WINDOWS\system32\LVCOMSX.EXE
D:\Program Files\Common Files\Real\Update_OB\realsched.exe
D:\Program Files\iTunes\iTunesHelper.exe
D:\Program Files\UltraMon\UltraMon.exe
D:\WINDOWS\system32\ctfmon.exe
D:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
D:\Program Files\UltraMon\UltraMonTaskbar.exe
D:\Program Files\Microsoft LifeCam\MSCamS32.exe
D:\WINDOWS\system32\nvsvc32.exe
D:\Program Files\uTorrent\uTorrent.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\ZuneBusEnum.exe
D:\Program Files\iPod\bin\iPodService.exe
D:\Program Files\Mozilla Firefox\firefox.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\rundll32.exe
D:\Documents and Settings\Neelam\My Documents\spystuff\ZonedOut\ZonedOut.exe
D:\Documents and Settings\Neelam\Desktop\dss.exe
D:\PROGRA~1\TRENDM~1\HIJACK~1\Neelam.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: (no name) - {4BC8D8A1-CBC6-4BBB-B136-E66ECB1860BD} - D:\WINDOWS\system32\dskquou.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE D:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [SoundMAXPnP] D:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] "D:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [LVCOMSX] D:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [Zune Launcher] "D:\Program Files\Zune\ZuneLauncher.exe"
O4 - HKLM\..\Run: [LifeCam] "D:\Program Files\Microsoft LifeCam\LifeExp.exe"
O4 - HKLM\..\Run: [TkBellExe] "D:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "D:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [UltraMon] "D:\Program Files\UltraMon\UltraMon.exe" /auto
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [MsnMsgr] "D:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] D:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: d:\windows\system32\nwprovau.dll
O20 - Winlogon Notify: !SASWinLogon - D:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: iPod Service - Apple Inc. - D:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - d:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\system32\nvsvc32.exe

--
End of file - 5277 bytes

-- HijackThis Fixed Entries (D:\PROGRA~1\TRENDM~1\HIJACK~1\backups\) -----------

backup-20080312-214230-116 O4 - HKLM\..\Run: [iTunesHelper] "D:\Program Files\iTunes\iTunesHelper.exe"
backup-20080312-214614-110 O4 - HKCU\..\Run: [SpyShredder] D:\Program Files\SpyShredder\SpyShredder.exe
backup-20080312-214614-287 O4 - HKCU\..\Run: [DW4] "D:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe"
backup-20080312-214614-298 O4 - HKLM\..\Run: [WatchDog] D:\Program Files\mobile PhoneTools\WatchDog.exe
backup-20080312-214614-377 O4 - Startup: OpenOffice.org 2.3.lnk = D:\Program Files\OpenOffice.org 2.3\program\quickstart.exe
backup-20080312-214614-473 O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\QTTask.exe" -atboottime
backup-20080312-214614-526 O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - D:\Program Files\Yahoo!\Common\yiesrvc.dll
backup-20080312-214614-858 O8 - Extra context menu item: &Search - ?p=ZCxdm450YYUS
backup-20080312-214742-362 O4 - HKCU\..\Run: [MSI Configuration] msiconf.exe
backup-20080312-214742-378 O23 - Service: Bonjour Service - Apple Inc. - D:\Program Files\Bonjour\mDNSResponder.exe
backup-20080312-214742-653 O23 - Service: iPod Service - Apple Inc. - D:\Program Files\iPod\bin\iPodService.exe
backup-20080312-214742-792 O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - D:\Program Files\Yahoo!\Common\Yinsthelper.dll
backup-20080312-214742-823 O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - D:\Program Files\Yahoo!\Common\yiesrvc.dll
backup-20080312-214742-838 O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
backup-20080516-023317-645 O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
backup-20080516-023413-471 O8 - Extra context menu item: &Search - ?p=ZRfox000
backup-20080516-023534-279 O3 - Toolbar: (no name) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - (no file)
backup-20080516-023534-465 O2 - BHO: (no name) - {4BC8D8A1-CBC6-4BBB-B136-E66ECB1860BD} - D:\WINDOWS\system32\dskquou.dll
backup-20080516-023534-617 O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
backup-20080516-023549-744 O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
backup-20080516-023703-778 O2 - BHO: (no name) - {4BC8D8A1-CBC6-4BBB-B136-E66ECB1860BD} - D:\WINDOWS\system32\dskquou.dll
backup-20080516-024131-847 O2 - BHO: (no name) - {4BC8D8A1-CBC6-4BBB-B136-E66ECB1860BD} - D:\WINDOWS\system32\dskquou.dll
backup-20080516-024138-574 O2 - BHO: (no name) - {4BC8D8A1-CBC6-4BBB-B136-E66ECB1860BD} - D:\WINDOWS\system32\dskquou.dll

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 jwwvlpaz - d:\windows\system32\drivers\ndchixwz.dat
R2 UltraMonUtility (UltraMon Utility Driver) - d:\program files\common files\realtime soft\ultramonmirrordrv\x32\ultramonutility.sys <Not Verified; Realtime Soft; UltraMon>
R3 LVPrcMon (Logitech LVPrcMon Driver) - d:\windows\system32\drivers\lvprcmon.sys
R3 SASENUM - d:\program files\superantispyware\sasenum.sys <Not Verified; SuperAdBlocker, Inc.; SuperAntiSpyware>
R3 UltraMonMirror - d:\windows\system32\drivers\ultramonmirror.sys <Not Verified; Realtime Soft; UltraMon>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

S4 Bonjour Service - "d:\program files\bonjour\mdnsresponder.exe" <Not Verified; Apple Inc.; Bonjour>


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description:
Device ID: ACPI\ATK0110\1010110
Manufacturer:
Name:
PNP Device ID: ACPI\ATK0110\1010110
Service:

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: 1394 Net Adapter
Device ID: V1394\NIC1394\7D8CAD11D800
Manufacturer: Microsoft
Name: 1394 Net Adapter
PNP Device ID: V1394\NIC1394\7D8CAD11D800
Service: NIC1394


-- Files created between 2008-04-25 and 2008-05-25 -----------------------------

2008-05-25 14:23:35 0 d-------- D:\Program Files\SpywareBlaster
2008-05-21 23:30:01 0 d-------- D:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-05-21 23:29:24 0 d-------- D:\Program Files\SUPERAntiSpyware
2008-05-21 23:29:24 0 d-------- D:\Documents and Settings\Neelam\Application Data\SUPERAntiSpyware.com
2008-05-21 23:29:10 0 d-------- D:\Program Files\Common Files\Wise Installation Wizard
2008-05-18 00:54:19 0 d-------- D:\Documents and Settings\Neelam\Application Data\WinRAR
2008-05-15 21:10:27 0 d-------- D:\Program Files\uTorrent
2008-05-15 21:10:24 0 d-------- D:\Documents and Settings\Neelam\Application Data\uTorrent
2008-05-12 14:55:20 0 d-------- D:\Documents and Settings\Neelam\Application Data\Realtime Soft
2008-05-12 14:55:11 0 d-------- D:\Program Files\Common Files\Realtime Soft
2008-05-12 14:55:10 0 d-------- D:\Program Files\UltraMon
2008-05-12 14:55:10 0 d-------- D:\Documents and Settings\All Users\Application Data\Realtime Soft


-- Find3M Report ---------------------------------------------------------------

2008-05-25 14:09:53 0 d-------- D:\Program Files\The Learning Company
2008-05-24 02:12:48 0 d-------- D:\Documents and Settings\Neelam\Application Data\Move Networks
2008-05-21 23:29:10 0 d-------- D:\Program Files\Common Files
2008-05-15 15:00:25 0 d--h----- D:\Program Files\InstallShield Installation Information
2008-05-14 08:09:00 0 d-------- D:\Documents and Settings\Neelam\Application Data\Yahoo!
2008-05-14 08:07:46 0 d-------- D:\Program Files\Yahoo! Games
2008-05-14 08:06:46 0 d-------- D:\Program Files\Common Files\InstallShield
2008-05-14 08:05:08 0 d-------- D:\Program Files\Cloudbrain
2008-05-14 08:04:59 0 d-------- D:\Program Files\MP3-tag
2008-05-14 08:04:41 0 d-------- D:\Program Files\The Weather Channel FW
2008-05-13 01:27:59 0 d-------- D:\Documents and Settings\Neelam\Application Data\Apple Computer
2008-05-12 11:25:40 0 d-------- D:\Program Files\AIM6
2008-05-08 12:23:10 0 d-------- D:\Program Files\Yahoo!
2008-04-13 17:00:31 0 d-------- D:\Program Files\Java
2008-04-06 13:36:46 0 d-------- D:\Program Files\iTunes
2008-04-06 13:36:33 0 d-------- D:\Program Files\iPod
2008-04-06 13:35:35 0 d-------- D:\Program Files\QuickTime
2008-04-06 01:38:06 0 d-------- D:\Documents and Settings\Neelam\Application Data\Adobe
2008-04-06 01:37:33 681 --a------ D:\WINDOWS\mozver.dat
2008-03-28 19:36:13 0 d-------- D:\Documents and Settings\Neelam\Application Data\Real
2008-03-26 21:43:25 0 d-------- D:\Documents and Settings\Neelam\Application Data\Help
2008-03-26 18:55:30 0 d-------- D:\Documents and Settings\Neelam\Application Data\OpenOffice.org2
2008-03-10 22:29:24 2132 --a------ D:\WINDOWS\system32\tmp.reg
2008-03-10 02:01:05 71168 --a------ D:\WINDOWS\system32\msiconf.exe
2008-03-09 01:25:32 98048 --a------ D:\WINDOWS\system32\dskquou.dll
2008-03-09 01:15:33 86528 --a------ D:\WINDOWS\system32\VACFix.exe <Not Verified; S!Ri.URZ; VACFix>
2008-03-05 22:29:16 82432 --a------ D:\WINDOWS\system32\IEDFix.exe <Not Verified; S!Ri.URZ; IEDFix>


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4BC8D8A1-CBC6-4BBB-B136-E66ECB1860BD}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="D:\WINDOWS\system32\NvCpl.dll" [12/10/2005 04:31 AM]
"nwiz"="nwiz.exe" [12/10/2005 04:31 AM D:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="D:\WINDOWS\system32\NvMcTray.dll" [12/10/2005 04:31 AM]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [10/27/2004 05:21 PM D:\WINDOWS\system32\HdAShCut.exe]
"SoundMAXPnP"="D:\Program Files\Analog Devices\Core\smax4pnp.exe" [05/20/2005 11:11 AM]
"SoundMAX"="D:\Program Files\Analog Devices\SoundMAX\Smax4.exe" [09/07/2005 05:35 PM]
"SunJavaUpdateSched"="D:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [02/22/2008 04:25 AM]
"LVCOMSX"="D:\WINDOWS\system32\LVCOMSX.EXE" [12/09/2005 05:32 PM]
"Zune Launcher"="D:\Program Files\Zune\ZuneLauncher.exe" [01/11/2008 06:54 PM]
"LifeCam"="D:\Program Files\Microsoft LifeCam\LifeExp.exe" [10/13/2006 06:01 PM]
"TkBellExe"="D:\Program Files\Common Files\Real\Update_OB\realsched.exe" [03/07/2008 05:02 PM]
"QuickTime Task"="D:\Program Files\QuickTime\QTTask.exe" [03/28/2008 11:37 PM]
"iTunesHelper"="D:\Program Files\iTunes\iTunesHelper.exe" [03/30/2008 10:36 AM]
"UltraMon"="D:\Program Files\UltraMon\UltraMon.exe" [10/12/2006 09:27 PM]
"KernelFaultCheck"="D:\WINDOWS\system32\dumprep 0 -k" []

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Aim6"="" []
"MsnMsgr"="D:\Program Files\Windows Live\Messenger\MsnMsgr.exe" []
"ctfmon.exe"="D:\WINDOWS\system32\ctfmon.exe" [08/04/2004 07:00 AM]
"SUPERAntiSpyware"="D:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [05/22/2008 01:34 AM]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= D:\Program Files\SUPERAntiSpyware\SASSEH.DLL [05/22/2008 01:34 AM 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
D:\Program Files\SUPERAntiSpyware\SASWINLO.dll 04/19/2007 12:41 PM 294912 D:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 nwprovau




-- End of Deckard's System Scanner: finished at 2008-05-25 14:27:42 ------------

Attached Files



BC AdBot (Login to Remove)

 


#2 bamajim

bamajim

  • Members
  • 894 posts
  • OFFLINE
  •  
  • Local time:06:11 PM

Posted 02 June 2008 - 02:32 PM

dhamal

Sorry for the delay

First Copy and paste the following into NotePad (Not Wordpad)sc stop jwwvlpaz
sc delete jwwvlpaz

Click File ->>Save as ->>type in cmd.batUnder "Save as type" Select "all files" ->>Save it to your Desktop
Close Notepad
The cmd.bat file should now appear on your Desktop (if it saved properly it should appear as a blue box with a gear in the middle of it)
Double Click that file (It will appear that nothing has happened, but that's o.k.)
2. Please download the Killbox.1)Save it to the desktop
2) Rt Click->>Extract all->.Extract it to your Desktop
3) Double Click Killbox.exe to run it
4)Select "Delete on Reboot", and then select "All files".
5) Copy the file names below to the clipboard by highlighting them and pressing Control-C:

D:\WINDOWS\system32\msiconf.exe
D:\WINDOWS\system32\dskquou.dll
d:\windows\system32\drivers\ndchixwz.dat


6) Return to Killbox, go to the File menu, and choose "Paste from Clipboard".
7) Click the red-and-white "Delete File" button.  Click "Yes" at the Delete on Reboot prompt.
3. Rerun Hijackthis (scan only) and place checks beside the following entryO2 - BHO: (no name) - {4BC8D8A1-CBC6-4BBB-B136-E66ECB1860BD} - D:\WINDOWS\system32\dskquou.dll
Close all other open windows except Hijackthis and Select "Fix checked"

Close Hijackthis ->> Reboot your PC ->> Rerun Hijackthis and post a fresh Hijackthis log
Posted Image
Microsoft MVP - Windows Security

#3 dhamal

dhamal
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:06:11 PM

Posted 04 June 2008 - 01:35 AM

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:34:35 AM, on 6/4/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
d:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
D:\Program Files\Microsoft LifeCam\MSCamS32.exe
D:\WINDOWS\system32\nvsvc32.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\ZuneBusEnum.exe
D:\WINDOWS\Explorer.EXE
D:\WINDOWS\system32\RUNDLL32.EXE
D:\Program Files\Analog Devices\Core\smax4pnp.exe
D:\Program Files\Analog Devices\SoundMAX\Smax4.exe
D:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
D:\WINDOWS\system32\LVCOMSX.EXE
D:\WINDOWS\System32\svchost.exe
D:\Program Files\Zune\ZuneLauncher.exe
D:\Program Files\Common Files\Real\Update_OB\realsched.exe
D:\Program Files\iTunes\iTunesHelper.exe
D:\Program Files\UltraMon\UltraMon.exe
D:\WINDOWS\system32\ctfmon.exe
D:\Program Files\UltraMon\UltraMonTaskbar.exe
D:\Program Files\iPod\bin\iPodService.exe
D:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
D:\Program Files\Trend Micro\HijackThis\HijackThis.exe
D:\Program Files\Mozilla Firefox\firefox.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: (no name) - {4BC8D8A1-CBC6-4BBB-B136-E66ECB1860BD} - D:\WINDOWS\system32\dskquou.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE D:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [SoundMAXPnP] D:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] "D:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [LVCOMSX] D:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [Zune Launcher] "D:\Program Files\Zune\ZuneLauncher.exe"
O4 - HKLM\..\Run: [LifeCam] "D:\Program Files\Microsoft LifeCam\LifeExp.exe"
O4 - HKLM\..\Run: [TkBellExe] "D:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "D:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [UltraMon] "D:\Program Files\UltraMon\UltraMon.exe" /auto
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [MsnMsgr] "D:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] D:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: d:\windows\system32\nwprovau.dll
O20 - Winlogon Notify: !SASWinLogon - D:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: iPod Service - Apple Inc. - D:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - d:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\system32\nvsvc32.exe

--
End of file - 5128 bytes

#4 bamajim

bamajim

  • Members
  • 894 posts
  • OFFLINE
  •  
  • Local time:06:11 PM

Posted 04 June 2008 - 08:03 AM

dlhamal

Not the results I was looking for

Please download Combofix and save to your desktop:Note: It is important that it is saved directly to your desktop
Close any open browsers.
Double click on combofix.exe and follow the prompts.
When it's finished it will produce a log.
Post the contents of the C:\ComboFix.txt into your next reply.
Note: Do not mouseclick combofix's window whilst it's running.
That may cause the program to freeze/hang.

Posted Image
Microsoft MVP - Windows Security

#5 dhamal

dhamal
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:06:11 PM

Posted 05 June 2008 - 07:00 AM

ComboFix 08-06-04.1 - Neelam 2008-06-04 18:53:49.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.503 [GMT -5:00]
Running from: D:\Documents and Settings\Neelam\Desktop\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

D:\WINDOWS\system32\cscdl.dll
D:\WINDOWS\system32\dbnetli.dll

.
((((((((((((((((((((((((( Files Created from 2008-05-04 to 2008-06-04 )))))))))))))))))))))))))))))))
.

2008-06-04 01:18 . 2008-06-04 01:31 <DIR> d-------- D:\!KillBox
2008-06-03 21:29 . 2008-06-03 21:29 <DIR> d-------- D:\Program Files\Active Data Recovery Software
2008-05-29 23:36 . 2008-05-29 23:36 <DIR> d-------- D:\Program Files\YouSendIt
2008-05-29 23:36 . 2008-05-29 23:36 <DIR> d-------- D:\Documents and Settings\Neelam\Application Data\YouSendIt
2008-05-29 23:34 . 2008-05-29 23:34 <DIR> d-------- D:\WINDOWS\Downloaded Installations
2008-05-28 00:16 . 2008-05-28 00:16 <DIR> d-------- D:\Program Files\DAMN NFO Viewer
2008-05-25 14:25 . 2008-05-25 14:25 <DIR> d-------- D:\Deckard
2008-05-25 14:23 . 2008-05-25 14:23 <DIR> d-------- D:\Program Files\SpywareBlaster
2008-05-25 14:23 . 2005-08-25 18:19 115,920 --a------ D:\WINDOWS\system32\MSINET.OCX
2008-05-21 23:30 . 2008-05-21 23:30 <DIR> d-------- D:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-05-21 23:29 . 2008-06-04 01:23 <DIR> d-------- D:\Program Files\SUPERAntiSpyware
2008-05-21 23:29 . 2008-05-21 23:29 <DIR> d-------- D:\Program Files\Common Files\Wise Installation Wizard
2008-05-21 23:29 . 2008-05-21 23:29 <DIR> d-------- D:\Documents and Settings\Neelam\Application Data\SUPERAntiSpyware.com
2008-05-17 20:59 . 2008-03-01 08:06 6,066,176 -----c--- D:\WINDOWS\system32\dllcache\ieframe.dll
2008-05-17 20:59 . 2007-04-17 04:32 2,455,488 -----c--- D:\WINDOWS\system32\dllcache\ieapfltr.dat
2008-05-17 20:59 . 2007-03-08 00:10 991,232 -----c--- D:\WINDOWS\system32\dllcache\ieframe.dll.mui
2008-05-17 20:59 . 2008-03-01 08:06 459,264 -----c--- D:\WINDOWS\system32\dllcache\msfeeds.dll
2008-05-17 20:59 . 2008-03-01 08:06 383,488 -----c--- D:\WINDOWS\system32\dllcache\ieapfltr.dll
2008-05-17 20:59 . 2008-03-01 08:06 267,776 -----c--- D:\WINDOWS\system32\dllcache\iertutil.dll
2008-05-17 20:59 . 2008-03-01 08:06 63,488 -----c--- D:\WINDOWS\system32\dllcache\icardie.dll
2008-05-17 20:59 . 2008-03-01 08:06 52,224 -----c--- D:\WINDOWS\system32\dllcache\msfeedsbs.dll
2008-05-17 20:59 . 2008-02-22 05:00 13,824 -----c--- D:\WINDOWS\system32\dllcache\ieudinit.exe
2008-05-15 21:10 . 2008-06-04 13:26 <DIR> d-------- D:\Program Files\uTorrent
2008-05-15 21:10 . 2008-06-04 18:25 <DIR> d-------- D:\Documents and Settings\Neelam\Application Data\uTorrent
2008-05-12 14:55 . 2008-05-12 14:55 <DIR> d-------- D:\Program Files\UltraMon
2008-05-12 14:55 . 2008-05-12 14:55 <DIR> d-------- D:\Program Files\Common Files\Realtime Soft
2008-05-12 14:55 . 2008-05-12 14:55 <DIR> d-------- D:\Documents and Settings\Neelam\Application Data\Realtime Soft
2008-05-12 14:55 . 2008-05-12 14:55 <DIR> d-------- D:\Documents and Settings\All Users\Application Data\Realtime Soft

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-04 23:36 --------- d-----w D:\Documents and Settings\Neelam\Application Data\Move Networks
2008-05-30 06:27 --------- d-----w D:\Documents and Settings\Neelam\Application Data\DVD Flick
2008-05-30 04:36 --------- d--h--w D:\Program Files\InstallShield Installation Information
2008-05-28 04:52 --------- d---a-w D:\Documents and Settings\All Users\Application Data\TEMP
2008-05-25 19:09 --------- d-----w D:\Program Files\The Learning Company
2008-05-16 07:35 --------- d-----w D:\Program Files\Spybot - Search & Destroy
2008-05-14 13:09 --------- d-----w D:\Documents and Settings\Neelam\Application Data\Yahoo!
2008-05-14 13:09 --------- d-----w D:\Documents and Settings\All Users\Application Data\Yahoo!
2008-05-14 13:07 --------- d-----w D:\Program Files\Yahoo! Games
2008-05-14 13:06 --------- d-----w D:\Program Files\Common Files\InstallShield
2008-05-14 13:05 --------- d-----w D:\Program Files\Cloudbrain
2008-05-14 13:04 --------- d-----w D:\Program Files\MP3-tag
2008-05-13 06:27 --------- d-----w D:\Documents and Settings\Neelam\Application Data\Apple Computer
2008-05-12 16:25 --------- d-----w D:\Program Files\AIM6
2008-05-12 16:25 --------- d-----w D:\Documents and Settings\All Users\Application Data\Viewpoint
2008-05-08 17:23 --------- d-----w D:\Program Files\Yahoo!
2008-04-13 22:00 --------- d-----w D:\Program Files\Java
2008-04-06 18:36 --------- d-----w D:\Program Files\iTunes
2008-04-06 18:36 --------- d-----w D:\Program Files\iPod
2008-04-06 18:35 --------- d-----w D:\Program Files\QuickTime
2008-04-06 01:54 --------- d-----w D:\Documents and Settings\All Users\Application Data\IncrediMail
2008-04-06 01:54 --------- d-----w D:\Documents and Settings\All Users\Application Data\IM
.
<pre>
----a-w		 2,328,733 2007-01-06 03:13:15  D:\My Documents2\Downloads\WinXMedia DVD AVI MP3 MP4 MPEG iPod PSP Video Audio Converter Ripper\WinXMedia DVD Audio Ripper\WinXMedia DVD Audio Ripper .exe
</pre>


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4BC8D8A1-CBC6-4BBB-B136-E66ECB1860BD}]
2008-03-09 01:25 98048 --a------ D:\WINDOWS\system32\dskquou.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Aim6"="" []
"MsnMsgr"="D:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [ ]
"ctfmon.exe"="D:\WINDOWS\system32\ctfmon.exe" [2004-08-04 07:00 15360]
"SUPERAntiSpyware"="D:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-06-04 01:23 1506544]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="D:\WINDOWS\system32\NvCpl.dll" [2005-12-10 04:31 7196672]
"nwiz"="nwiz.exe" [2005-12-10 04:31 1519616 D:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="D:\WINDOWS\system32\NvMcTray.dll" [2005-12-10 04:31 86016]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2004-10-27 17:21 61952 D:\WINDOWS\system32\HdAShCut.exe]
"SoundMAXPnP"="D:\Program Files\Analog Devices\Core\smax4pnp.exe" [2005-05-20 11:11 925696]
"SunJavaUpdateSched"="D:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"LVCOMSX"="D:\WINDOWS\system32\LVCOMSX.EXE" [2005-12-09 17:32 225280]
"Zune Launcher"="D:\Program Files\Zune\ZuneLauncher.exe" [2008-01-11 18:54 166304]
"LifeCam"="D:\Program Files\Microsoft LifeCam\LifeExp.exe" [2006-10-13 18:01 277296]
"TkBellExe"="D:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-03-07 17:02 185896]
"QuickTime Task"="D:\Program Files\QuickTime\QTTask.exe" [2008-03-28 23:37 413696]
"iTunesHelper"="D:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048]
"UltraMon"="D:\Program Files\UltraMon\UltraMon.exe" [2006-10-12 21:27 304640]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= D:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-22 01:34 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
D:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 12:41 294912 D:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 nwprovau

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"D:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"D:\\Program Files\\xchat\\xchat.exe"=
"D:\\Program Files\\AIM6\\aim6.exe"=
"D:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"D:\\Program Files\\Microsoft LifeCam\\LifeExp.exe"=
"D:\\Program Files\\Microsoft LifeCam\\LifeCam.exe"=
"D:\\Program Files\\iTunes\\iTunes.exe"=
"D:\\Program Files\\uTorrent\\uTorrent.exe"=

R0 jwwvlpaz;jwwvlpaz;D:\WINDOWS\system32\drivers\ndchixwz.dat []
R2 MSCamSvc;MSCamSvc;"D:\Program Files\Microsoft LifeCam\MSCamS32.exe" [2006-10-13 18:01]
R2 UltraMonUtility;UltraMon Utility Driver;D:\Program Files\Common Files\Realtime Soft\UltraMonMirrorDrv\x32\UltraMonUtility.sys [2006-09-24 21:22]
R2 zumbus;Zune Bus Enumerator Driver;D:\WINDOWS\system32\DRIVERS\zumbus.sys [2008-01-11 18:39]
R2 ZuneBusEnum;Zune Bus Enumerator;D:\WINDOWS\system32\ZuneBusEnum.exe [2008-01-11 18:54]
R3 LVPrcMon;Logitech LVPrcMon Driver;D:\WINDOWS\system32\drivers\LVPrcMon.sys [2005-12-09 17:37]
R3 UltraMonMirror;UltraMonMirror;D:\WINDOWS\system32\DRIVERS\UltraMonMirror.sys [2006-09-24 21:23]
S3 MSHUSBVideo;NX6000 Filter Driver;D:\WINDOWS\system32\Drivers\nx6000.sys [2006-10-13 18:01]
S3 ZuneWlanCfgSvc;Zune Wireless Configuration Service;D:\WINDOWS\system32\ZuneWlanCfgSvc.exe [2008-01-11 18:54]

.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-04 18:58:05
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

D:\WINDOWS\explorer.exe [332] 0x8509F788

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\jwwvlpaz]
"ImagePath"="system32\drivers\ndchixwz.dat"
.
------------------------ Other Running Processes ------------------------
.
D:\Program Files\Common Files\Logitech\LVMVFM\LVPrcSrv.exe
D:\WINDOWS\system32\nvsvc32.exe
D:\WINDOWS\system32\rundll32.exe
D:\Program Files\UltraMon\UltraMonTaskbar.exe
.
**************************************************************************
.
Completion time: 2008-06-04 19:01:20 - machine was rebooted
ComboFix-quarantined-files.txt 2008-06-05 00:01:17

Pre-Run: 76,626,550,784 bytes free
Post-Run: 76,917,919,744 bytes free

151 --- E O F --- 2008-05-28 07:00:00

#6 bamajim

bamajim

  • Members
  • 894 posts
  • OFFLINE
  •  
  • Local time:06:11 PM

Posted 05 June 2008 - 11:40 AM

dhamal

1. Open NotePad (not wordpad). Copy and paste the following into Notepad (Not the word code)
File::
D:\WINDOWS\system32\dskquou.dll
D:\WINDOWS\system32\drivers\ndchixwz.dat

RENV::
D:\My Documents2\Downloads\WinXMedia DVD AVI MP3 MP4 MPEG iPod PSP Video Audio Converter Ripper\WinXMedia DVD Audio Ripper\WinXMedia DVD Audio Ripper .exe

Driver::
jwwvlpaz

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4BC8D8A1-CBC6-4BBB-B136-E66ECB1860BD}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Aim6"=-
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\jwwvlpaz]
"ImagePath"=-
[-HKEY_LOCAL_MACHINE\System\ControlSet001\Services\jwwvlpaz]
Save the File as CFScript(exactly as shown no spaces) ->> Save it to your Desktop

Using the Image as a reference, drag CFScript into ComboFix.exe
Posted ImageYou will be prompted to run Combofix again, Do so
Following the same rules as indicated in my first post
Then post the contents of the C:\ComboFix.txt log in your reply

Posted Image
Microsoft MVP - Windows Security

#7 dhamal

dhamal
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:06:11 PM

Posted 05 June 2008 - 07:27 PM

ComboFix 08-06-04.1 - Neelam 2008-06-05 12:15:47.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.548 [GMT -5:00]
Running from: D:\Documents and Settings\Neelam\Desktop\ComboFix.exe
Command switches used :: D:\Documents and Settings\Neelam\Desktop\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
D:\WINDOWS\system32\drivers\ndchixwz.dat
D:\WINDOWS\system32\dskquou.dll
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

D:\WINDOWS\system32\drivers\ndchixwz.dat
D:\WINDOWS\system32\dskquou.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_JWWVLPAZ
-------\Service_jwwvlpaz


((((((((((((((((((((((((( Files Created from 2008-05-06 to 2008-06-06 )))))))))))))))))))))))))))))))
.

2008-06-04 01:18 . 2008-06-04 01:31 <DIR> d-------- D:\!KillBox
2008-06-03 21:29 . 2008-06-03 21:29 <DIR> d-------- D:\Program Files\Active Data Recovery Software
2008-05-29 23:36 . 2008-05-29 23:36 <DIR> d-------- D:\Program Files\YouSendIt
2008-05-29 23:36 . 2008-05-29 23:36 <DIR> d-------- D:\Documents and Settings\Neelam\Application Data\YouSendIt
2008-05-29 23:34 . 2008-05-29 23:34 <DIR> d-------- D:\WINDOWS\Downloaded Installations
2008-05-28 00:16 . 2008-05-28 00:16 <DIR> d-------- D:\Program Files\DAMN NFO Viewer
2008-05-25 14:25 . 2008-05-25 14:25 <DIR> d-------- D:\Deckard
2008-05-25 14:23 . 2008-05-25 14:23 <DIR> d-------- D:\Program Files\SpywareBlaster
2008-05-25 14:23 . 2005-08-25 18:19 115,920 --a------ D:\WINDOWS\system32\MSINET.OCX
2008-05-21 23:30 . 2008-05-21 23:30 <DIR> d-------- D:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-05-21 23:29 . 2008-06-04 01:23 <DIR> d-------- D:\Program Files\SUPERAntiSpyware
2008-05-21 23:29 . 2008-05-21 23:29 <DIR> d-------- D:\Program Files\Common Files\Wise Installation Wizard
2008-05-21 23:29 . 2008-05-21 23:29 <DIR> d-------- D:\Documents and Settings\Neelam\Application Data\SUPERAntiSpyware.com
2008-05-17 20:59 . 2008-03-01 08:06 6,066,176 -----c--- D:\WINDOWS\system32\dllcache\ieframe.dll
2008-05-17 20:59 . 2007-04-17 04:32 2,455,488 -----c--- D:\WINDOWS\system32\dllcache\ieapfltr.dat
2008-05-17 20:59 . 2007-03-08 00:10 991,232 -----c--- D:\WINDOWS\system32\dllcache\ieframe.dll.mui
2008-05-17 20:59 . 2008-03-01 08:06 459,264 -----c--- D:\WINDOWS\system32\dllcache\msfeeds.dll
2008-05-17 20:59 . 2008-03-01 08:06 383,488 -----c--- D:\WINDOWS\system32\dllcache\ieapfltr.dll
2008-05-17 20:59 . 2008-03-01 08:06 267,776 -----c--- D:\WINDOWS\system32\dllcache\iertutil.dll
2008-05-17 20:59 . 2008-03-01 08:06 63,488 -----c--- D:\WINDOWS\system32\dllcache\icardie.dll
2008-05-17 20:59 . 2008-03-01 08:06 52,224 -----c--- D:\WINDOWS\system32\dllcache\msfeedsbs.dll
2008-05-17 20:59 . 2008-02-22 05:00 13,824 -----c--- D:\WINDOWS\system32\dllcache\ieudinit.exe
2008-05-15 21:10 . 2008-06-04 13:26 <DIR> d-------- D:\Program Files\uTorrent
2008-05-15 21:10 . 2008-06-05 12:18 <DIR> d-------- D:\Documents and Settings\Neelam\Application Data\uTorrent
2008-05-12 14:55 . 2008-05-12 14:55 <DIR> d-------- D:\Program Files\UltraMon
2008-05-12 14:55 . 2008-05-12 14:55 <DIR> d-------- D:\Program Files\Common Files\Realtime Soft
2008-05-12 14:55 . 2008-05-12 14:55 <DIR> d-------- D:\Documents and Settings\Neelam\Application Data\Realtime Soft
2008-05-12 14:55 . 2008-05-12 14:55 <DIR> d-------- D:\Documents and Settings\All Users\Application Data\Realtime Soft

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-04 23:36 --------- d-----w D:\Documents and Settings\Neelam\Application Data\Move Networks
2008-05-30 06:27 --------- d-----w D:\Documents and Settings\Neelam\Application Data\DVD Flick
2008-05-30 04:36 --------- d--h--w D:\Program Files\InstallShield Installation Information
2008-05-28 04:52 --------- d---a-w D:\Documents and Settings\All Users\Application Data\TEMP
2008-05-25 19:09 --------- d-----w D:\Program Files\The Learning Company
2008-05-16 07:35 --------- d-----w D:\Program Files\Spybot - Search & Destroy
2008-05-14 13:09 --------- d-----w D:\Documents and Settings\Neelam\Application Data\Yahoo!
2008-05-14 13:09 --------- d-----w D:\Documents and Settings\All Users\Application Data\Yahoo!
2008-05-14 13:07 --------- d-----w D:\Program Files\Yahoo! Games
2008-05-14 13:06 --------- d-----w D:\Program Files\Common Files\InstallShield
2008-05-14 13:05 --------- d-----w D:\Program Files\Cloudbrain
2008-05-14 13:04 --------- d-----w D:\Program Files\MP3-tag
2008-05-13 06:27 --------- d-----w D:\Documents and Settings\Neelam\Application Data\Apple Computer
2008-05-12 16:25 --------- d-----w D:\Program Files\AIM6
2008-05-12 16:25 --------- d-----w D:\Documents and Settings\All Users\Application Data\Viewpoint
2008-05-08 17:23 --------- d-----w D:\Program Files\Yahoo!
2008-04-13 22:00 --------- d-----w D:\Program Files\Java
2008-04-06 18:36 --------- d-----w D:\Program Files\iTunes
2008-04-06 18:36 --------- d-----w D:\Program Files\iPod
2008-04-06 18:35 --------- d-----w D:\Program Files\QuickTime
2008-04-06 01:54 --------- d-----w D:\Documents and Settings\All Users\Application Data\IncrediMail
2008-04-06 01:54 --------- d-----w D:\Documents and Settings\All Users\Application Data\IM
.

((((((((((((((((((((((((((((( snapshot@2008-06-04_19.01.06.64 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-06-04 23:57:26 2,048 --s-a-w D:\WINDOWS\bootstat.dat
+ 2008-06-05 17:19:45 2,048 --s-a-w D:\WINDOWS\bootstat.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="D:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [ ]
"ctfmon.exe"="D:\WINDOWS\system32\ctfmon.exe" [2004-08-04 07:00 15360]
"SUPERAntiSpyware"="D:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-06-04 01:23 1506544]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="D:\WINDOWS\system32\NvCpl.dll" [2005-12-10 04:31 7196672]
"nwiz"="nwiz.exe" [2005-12-10 04:31 1519616 D:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="D:\WINDOWS\system32\NvMcTray.dll" [2005-12-10 04:31 86016]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2004-10-27 17:21 61952 D:\WINDOWS\system32\HdAShCut.exe]
"SoundMAXPnP"="D:\Program Files\Analog Devices\Core\smax4pnp.exe" [2005-05-20 11:11 925696]
"SunJavaUpdateSched"="D:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"LVCOMSX"="D:\WINDOWS\system32\LVCOMSX.EXE" [2005-12-09 17:32 225280]
"Zune Launcher"="D:\Program Files\Zune\ZuneLauncher.exe" [2008-01-11 18:54 166304]
"LifeCam"="D:\Program Files\Microsoft LifeCam\LifeExp.exe" [2006-10-13 18:01 277296]
"TkBellExe"="D:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-03-07 17:02 185896]
"QuickTime Task"="D:\Program Files\QuickTime\QTTask.exe" [2008-03-28 23:37 413696]
"iTunesHelper"="D:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048]
"UltraMon"="D:\Program Files\UltraMon\UltraMon.exe" [2006-10-12 21:27 304640]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= D:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-22 01:34 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
D:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 12:41 294912 D:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 nwprovau

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"D:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"D:\\Program Files\\xchat\\xchat.exe"=
"D:\\Program Files\\AIM6\\aim6.exe"=
"D:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"D:\\Program Files\\Microsoft LifeCam\\LifeExp.exe"=
"D:\\Program Files\\Microsoft LifeCam\\LifeCam.exe"=
"D:\\Program Files\\iTunes\\iTunes.exe"=
"D:\\Program Files\\uTorrent\\uTorrent.exe"=

R2 MSCamSvc;MSCamSvc;"D:\Program Files\Microsoft LifeCam\MSCamS32.exe" [2006-10-13 18:01]
R2 UltraMonUtility;UltraMon Utility Driver;D:\Program Files\Common Files\Realtime Soft\UltraMonMirrorDrv\x32\UltraMonUtility.sys [2006-09-24 21:22]
R2 zumbus;Zune Bus Enumerator Driver;D:\WINDOWS\system32\DRIVERS\zumbus.sys [2008-01-11 18:39]
R2 ZuneBusEnum;Zune Bus Enumerator;D:\WINDOWS\system32\ZuneBusEnum.exe [2008-01-11 18:54]
R3 LVPrcMon;Logitech LVPrcMon Driver;D:\WINDOWS\system32\drivers\LVPrcMon.sys [2005-12-09 17:37]
R3 UltraMonMirror;UltraMonMirror;D:\WINDOWS\system32\DRIVERS\UltraMonMirror.sys [2006-09-24 21:23]
S3 MSHUSBVideo;NX6000 Filter Driver;D:\WINDOWS\system32\Drivers\nx6000.sys [2006-10-13 18:01]
S3 ZuneWlanCfgSvc;Zune Wireless Configuration Service;D:\WINDOWS\system32\ZuneWlanCfgSvc.exe [2008-01-11 18:54]

.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-05 19:22:17
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
D:\Program Files\Common Files\Logitech\LVMVFM\LVPrcSrv.exe
D:\WINDOWS\system32\nvsvc32.exe
D:\WINDOWS\system32\rundll32.exe
D:\Program Files\UltraMon\UltraMonTaskbar.exe
.
**************************************************************************
.
Completion time: 2008-06-05 19:26:10 - machine was rebooted
ComboFix-quarantined-files.txt 2008-06-06 00:26:07
ComboFix2.txt 2008-06-05 00:01:21

Pre-Run: 73,306,660,864 bytes free
Post-Run: 72,567,390,208 bytes free

155 --- E O F --- 2008-05-28 07:00:00

#8 dhamal

dhamal
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:06:11 PM

Posted 05 June 2008 - 07:32 PM

ComboFix 08-06-04.1 - Neelam 2008-06-05 12:15:47.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.548 [GMT -5:00]
Running from: D:\Documents and Settings\Neelam\Desktop\ComboFix.exe
Command switches used :: D:\Documents and Settings\Neelam\Desktop\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
D:\WINDOWS\system32\drivers\ndchixwz.dat
D:\WINDOWS\system32\dskquou.dll
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

D:\WINDOWS\system32\drivers\ndchixwz.dat
D:\WINDOWS\system32\dskquou.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_JWWVLPAZ
-------\Service_jwwvlpaz


((((((((((((((((((((((((( Files Created from 2008-05-06 to 2008-06-06 )))))))))))))))))))))))))))))))
.

2008-06-04 01:18 . 2008-06-04 01:31 <DIR> d-------- D:\!KillBox
2008-06-03 21:29 . 2008-06-03 21:29 <DIR> d-------- D:\Program Files\Active Data Recovery Software
2008-05-29 23:36 . 2008-05-29 23:36 <DIR> d-------- D:\Program Files\YouSendIt
2008-05-29 23:36 . 2008-05-29 23:36 <DIR> d-------- D:\Documents and Settings\Neelam\Application Data\YouSendIt
2008-05-29 23:34 . 2008-05-29 23:34 <DIR> d-------- D:\WINDOWS\Downloaded Installations
2008-05-28 00:16 . 2008-05-28 00:16 <DIR> d-------- D:\Program Files\DAMN NFO Viewer
2008-05-25 14:25 . 2008-05-25 14:25 <DIR> d-------- D:\Deckard
2008-05-25 14:23 . 2008-05-25 14:23 <DIR> d-------- D:\Program Files\SpywareBlaster
2008-05-25 14:23 . 2005-08-25 18:19 115,920 --a------ D:\WINDOWS\system32\MSINET.OCX
2008-05-21 23:30 . 2008-05-21 23:30 <DIR> d-------- D:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-05-21 23:29 . 2008-06-04 01:23 <DIR> d-------- D:\Program Files\SUPERAntiSpyware
2008-05-21 23:29 . 2008-05-21 23:29 <DIR> d-------- D:\Program Files\Common Files\Wise Installation Wizard
2008-05-21 23:29 . 2008-05-21 23:29 <DIR> d-------- D:\Documents and Settings\Neelam\Application Data\SUPERAntiSpyware.com
2008-05-17 20:59 . 2008-03-01 08:06 6,066,176 -----c--- D:\WINDOWS\system32\dllcache\ieframe.dll
2008-05-17 20:59 . 2007-04-17 04:32 2,455,488 -----c--- D:\WINDOWS\system32\dllcache\ieapfltr.dat
2008-05-17 20:59 . 2007-03-08 00:10 991,232 -----c--- D:\WINDOWS\system32\dllcache\ieframe.dll.mui
2008-05-17 20:59 . 2008-03-01 08:06 459,264 -----c--- D:\WINDOWS\system32\dllcache\msfeeds.dll
2008-05-17 20:59 . 2008-03-01 08:06 383,488 -----c--- D:\WINDOWS\system32\dllcache\ieapfltr.dll
2008-05-17 20:59 . 2008-03-01 08:06 267,776 -----c--- D:\WINDOWS\system32\dllcache\iertutil.dll
2008-05-17 20:59 . 2008-03-01 08:06 63,488 -----c--- D:\WINDOWS\system32\dllcache\icardie.dll
2008-05-17 20:59 . 2008-03-01 08:06 52,224 -----c--- D:\WINDOWS\system32\dllcache\msfeedsbs.dll
2008-05-17 20:59 . 2008-02-22 05:00 13,824 -----c--- D:\WINDOWS\system32\dllcache\ieudinit.exe
2008-05-15 21:10 . 2008-06-04 13:26 <DIR> d-------- D:\Program Files\uTorrent
2008-05-15 21:10 . 2008-06-05 12:18 <DIR> d-------- D:\Documents and Settings\Neelam\Application Data\uTorrent
2008-05-12 14:55 . 2008-05-12 14:55 <DIR> d-------- D:\Program Files\UltraMon
2008-05-12 14:55 . 2008-05-12 14:55 <DIR> d-------- D:\Program Files\Common Files\Realtime Soft
2008-05-12 14:55 . 2008-05-12 14:55 <DIR> d-------- D:\Documents and Settings\Neelam\Application Data\Realtime Soft
2008-05-12 14:55 . 2008-05-12 14:55 <DIR> d-------- D:\Documents and Settings\All Users\Application Data\Realtime Soft

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-04 23:36 --------- d-----w D:\Documents and Settings\Neelam\Application Data\Move Networks
2008-05-30 06:27 --------- d-----w D:\Documents and Settings\Neelam\Application Data\DVD Flick
2008-05-30 04:36 --------- d--h--w D:\Program Files\InstallShield Installation Information
2008-05-28 04:52 --------- d---a-w D:\Documents and Settings\All Users\Application Data\TEMP
2008-05-25 19:09 --------- d-----w D:\Program Files\The Learning Company
2008-05-16 07:35 --------- d-----w D:\Program Files\Spybot - Search & Destroy
2008-05-14 13:09 --------- d-----w D:\Documents and Settings\Neelam\Application Data\Yahoo!
2008-05-14 13:09 --------- d-----w D:\Documents and Settings\All Users\Application Data\Yahoo!
2008-05-14 13:07 --------- d-----w D:\Program Files\Yahoo! Games
2008-05-14 13:06 --------- d-----w D:\Program Files\Common Files\InstallShield
2008-05-14 13:05 --------- d-----w D:\Program Files\Cloudbrain
2008-05-14 13:04 --------- d-----w D:\Program Files\MP3-tag
2008-05-13 06:27 --------- d-----w D:\Documents and Settings\Neelam\Application Data\Apple Computer
2008-05-12 16:25 --------- d-----w D:\Program Files\AIM6
2008-05-12 16:25 --------- d-----w D:\Documents and Settings\All Users\Application Data\Viewpoint
2008-05-08 17:23 --------- d-----w D:\Program Files\Yahoo!
2008-04-13 22:00 --------- d-----w D:\Program Files\Java
2008-04-06 18:36 --------- d-----w D:\Program Files\iTunes
2008-04-06 18:36 --------- d-----w D:\Program Files\iPod
2008-04-06 18:35 --------- d-----w D:\Program Files\QuickTime
2008-04-06 01:54 --------- d-----w D:\Documents and Settings\All Users\Application Data\IncrediMail
2008-04-06 01:54 --------- d-----w D:\Documents and Settings\All Users\Application Data\IM
.

((((((((((((((((((((((((((((( snapshot@2008-06-04_19.01.06.64 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-06-04 23:57:26 2,048 --s-a-w D:\WINDOWS\bootstat.dat
+ 2008-06-05 17:19:45 2,048 --s-a-w D:\WINDOWS\bootstat.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="D:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [ ]
"ctfmon.exe"="D:\WINDOWS\system32\ctfmon.exe" [2004-08-04 07:00 15360]
"SUPERAntiSpyware"="D:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-06-04 01:23 1506544]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="D:\WINDOWS\system32\NvCpl.dll" [2005-12-10 04:31 7196672]
"nwiz"="nwiz.exe" [2005-12-10 04:31 1519616 D:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="D:\WINDOWS\system32\NvMcTray.dll" [2005-12-10 04:31 86016]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2004-10-27 17:21 61952 D:\WINDOWS\system32\HdAShCut.exe]
"SoundMAXPnP"="D:\Program Files\Analog Devices\Core\smax4pnp.exe" [2005-05-20 11:11 925696]
"SunJavaUpdateSched"="D:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"LVCOMSX"="D:\WINDOWS\system32\LVCOMSX.EXE" [2005-12-09 17:32 225280]
"Zune Launcher"="D:\Program Files\Zune\ZuneLauncher.exe" [2008-01-11 18:54 166304]
"LifeCam"="D:\Program Files\Microsoft LifeCam\LifeExp.exe" [2006-10-13 18:01 277296]
"TkBellExe"="D:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-03-07 17:02 185896]
"QuickTime Task"="D:\Program Files\QuickTime\QTTask.exe" [2008-03-28 23:37 413696]
"iTunesHelper"="D:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048]
"UltraMon"="D:\Program Files\UltraMon\UltraMon.exe" [2006-10-12 21:27 304640]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= D:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-22 01:34 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
D:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 12:41 294912 D:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 nwprovau

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"D:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"D:\\Program Files\\xchat\\xchat.exe"=
"D:\\Program Files\\AIM6\\aim6.exe"=
"D:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"D:\\Program Files\\Microsoft LifeCam\\LifeExp.exe"=
"D:\\Program Files\\Microsoft LifeCam\\LifeCam.exe"=
"D:\\Program Files\\iTunes\\iTunes.exe"=
"D:\\Program Files\\uTorrent\\uTorrent.exe"=

R2 MSCamSvc;MSCamSvc;"D:\Program Files\Microsoft LifeCam\MSCamS32.exe" [2006-10-13 18:01]
R2 UltraMonUtility;UltraMon Utility Driver;D:\Program Files\Common Files\Realtime Soft\UltraMonMirrorDrv\x32\UltraMonUtility.sys [2006-09-24 21:22]
R2 zumbus;Zune Bus Enumerator Driver;D:\WINDOWS\system32\DRIVERS\zumbus.sys [2008-01-11 18:39]
R2 ZuneBusEnum;Zune Bus Enumerator;D:\WINDOWS\system32\ZuneBusEnum.exe [2008-01-11 18:54]
R3 LVPrcMon;Logitech LVPrcMon Driver;D:\WINDOWS\system32\drivers\LVPrcMon.sys [2005-12-09 17:37]
R3 UltraMonMirror;UltraMonMirror;D:\WINDOWS\system32\DRIVERS\UltraMonMirror.sys [2006-09-24 21:23]
S3 MSHUSBVideo;NX6000 Filter Driver;D:\WINDOWS\system32\Drivers\nx6000.sys [2006-10-13 18:01]
S3 ZuneWlanCfgSvc;Zune Wireless Configuration Service;D:\WINDOWS\system32\ZuneWlanCfgSvc.exe [2008-01-11 18:54]

.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-05 19:22:17
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
D:\Program Files\Common Files\Logitech\LVMVFM\LVPrcSrv.exe
D:\WINDOWS\system32\nvsvc32.exe
D:\WINDOWS\system32\rundll32.exe
D:\Program Files\UltraMon\UltraMonTaskbar.exe
.
**************************************************************************
.
Completion time: 2008-06-05 19:26:10 - machine was rebooted
ComboFix-quarantined-files.txt 2008-06-06 00:26:07
ComboFix2.txt 2008-06-05 00:01:21

Pre-Run: 73,306,660,864 bytes free
Post-Run: 72,567,390,208 bytes free

155 --- E O F --- 2008-05-28 07:00:00

#9 bamajim

bamajim

  • Members
  • 894 posts
  • OFFLINE
  •  
  • Local time:06:11 PM

Posted 06 June 2008 - 08:41 AM

dhamal

Good work.

I don't see any signs of a working Resident Anti Virus Program on your PC.

Go HERE and download and install AVG8 (Free version)

Update it, and do a full system scan. Allow it to fix what ever it finds.

Once Done; Reboot your PC ->> Rerun Hiajckthis and post a fresh Hijackthis log.
Posted Image
Microsoft MVP - Windows Security

#10 dhamal

dhamal
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:06:11 PM

Posted 07 June 2008 - 03:03 PM

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:02:26 PM, on 6/7/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
D:\Program Files\Alwil Software\Avast4\ashServ.exe
D:\WINDOWS\system32\spoolsv.exe
d:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
D:\Program Files\Microsoft LifeCam\MSCamS32.exe
D:\WINDOWS\system32\nvsvc32.exe
D:\WINDOWS\Explorer.EXE
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\ZuneBusEnum.exe
D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
D:\Program Files\Alwil Software\Avast4\ashWebSv.exe
D:\WINDOWS\system32\RUNDLL32.EXE
D:\Program Files\Analog Devices\Core\smax4pnp.exe
D:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
D:\WINDOWS\system32\LVCOMSX.EXE
D:\Program Files\Zune\ZuneLauncher.exe
D:\Program Files\Common Files\Real\Update_OB\realsched.exe
D:\Program Files\UltraMon\UltraMon.exe
D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
D:\WINDOWS\system32\ctfmon.exe
D:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
D:\WINDOWS\system32\msiexec.exe
D:\Program Files\UltraMon\UltraMonTaskbar.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\wuauclt.exe
D:\Program Files\Mozilla Firefox\firefox.exe
D:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE D:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [SoundMAXPnP] D:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [LVCOMSX] D:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [Zune Launcher] "D:\Program Files\Zune\ZuneLauncher.exe"
O4 - HKLM\..\Run: [LifeCam] "D:\Program Files\Microsoft LifeCam\LifeExp.exe"
O4 - HKLM\..\Run: [TkBellExe] "D:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "D:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [UltraMon] "D:\Program Files\UltraMon\UltraMon.exe" /auto
O4 - HKLM\..\Run: [avast!] D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [MsnMsgr] "D:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] D:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: d:\windows\system32\nwprovau.dll
O20 - Winlogon Notify: !SASWinLogon - D:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - D:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - D:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - d:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\system32\nvsvc32.exe

--
End of file - 5476 bytes


Thank you so much for your help!
:thumbsup:

#11 bamajim

bamajim

  • Members
  • 894 posts
  • OFFLINE
  •  
  • Local time:06:11 PM

Posted 08 June 2008 - 06:08 AM

dhamal

You are most welcome.

I see you chose Avast! Good choice.

Did it find anything?
Posted Image
Microsoft MVP - Windows Security

#12 dhamal

dhamal
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:06:11 PM

Posted 08 June 2008 - 10:06 PM

It found some of the dskquou.dll and msiconfig that got left behind.

#13 bamajim

bamajim

  • Members
  • 894 posts
  • OFFLINE
  •  
  • Local time:06:11 PM

Posted 09 June 2008 - 08:31 AM

dhamal

Good work. Let's do an online to make sure it's clear.

Please perform an Ewido Online Malware Scan
  • When a dialog box appears asking you if you would like to download and install the ewido anti-spyware online scanner please click Yes to allow the download.
  • Click on Start Scan.
  • after the scan completes it will produce a log for you, copy and paste the results of that scan as a reply to this thread
  • If any infections are found, (After you save the logfile), Click on Remove Infections.

Posted Image
Microsoft MVP - Windows Security

#14 dhamal

dhamal
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:06:11 PM

Posted 15 June 2008 - 12:50 PM

Sorry it took me so long (I was buying a car).__________________________________________________
ewido anti-spyware online scanner
http://www.ewido.net
__________________________________________________


Name: TrackingCookie.2o7
Path: D:\Documents and Settings\Neelam\Cookies\neelam@2o7[1].txt
Risk: Medium

Name: TrackingCookie.Yieldmanager
Path: D:\Documents and Settings\Neelam\Cookies\neelam@ad.yieldmanager[2].txt
Risk: Medium

Name: TrackingCookie.Euroclick
Path: D:\Documents and Settings\Neelam\Cookies\neelam@adopt.euroclick[1].txt
Risk: Medium

Name: TrackingCookie.Adrevolver
Path: D:\Documents and Settings\Neelam\Cookies\neelam@adrevolver[2].txt
Risk: Medium

Name: TrackingCookie.Pointroll
Path: D:\Documents and Settings\Neelam\Cookies\neelam@ads.pointroll[1].txt
Risk: Medium

Name: TrackingCookie.Advertising
Path: D:\Documents and Settings\Neelam\Cookies\neelam@advertising[1].txt
Risk: Medium

Name: TrackingCookie.Atdmt
Path: D:\Documents and Settings\Neelam\Cookies\neelam@atdmt[2].txt
Risk: Medium

Name: TrackingCookie.Valueclick
Path: D:\Documents and Settings\Neelam\Cookies\neelam@bfm.valueclick[1].txt
Risk: Medium

Name: TrackingCookie.Serving-sys
Path: D:\Documents and Settings\Neelam\Cookies\neelam@bs.serving-sys[1].txt
Risk: Medium

Name: TrackingCookie.Casalemedia
Path: D:\Documents and Settings\Neelam\Cookies\neelam@casalemedia[1].txt
Risk: Medium

Name: TrackingCookie.Hitslink
Path: D:\Documents and Settings\Neelam\Cookies\neelam@counter.hitslink[1].txt
Risk: Medium

Name: TrackingCookie.Doubleclick
Path: D:\Documents and Settings\Neelam\Cookies\neelam@doubleclick[1].txt
Risk: Medium

Name: TrackingCookie.Adrevolver
Path: D:\Documents and Settings\Neelam\Cookies\neelam@dynamic.media.adrevolver[1].txt
Risk: Medium

Name: TrackingCookie.Hitbox
Path: D:\Documents and Settings\Neelam\Cookies\neelam@ehg-dig.hitbox[2].txt
Risk: Medium

Name: TrackingCookie.Hitbox
Path: D:\Documents and Settings\Neelam\Cookies\neelam@ehg.hitbox[1].txt
Risk: Medium

Name: TrackingCookie.Fastclick
Path: D:\Documents and Settings\Neelam\Cookies\neelam@fastclick[1].txt
Risk: Medium

Name: TrackingCookie.Hitbox
Path: D:\Documents and Settings\Neelam\Cookies\neelam@hitbox[1].txt
Risk: Medium

Name: TrackingCookie.2o7
Path: D:\Documents and Settings\Neelam\Cookies\neelam@ice.112.2o7[1].txt
Risk: Medium

Name: TrackingCookie.Adrevolver
Path: D:\Documents and Settings\Neelam\Cookies\neelam@media.adrevolver[2].txt
Risk: Medium

Name: TrackingCookie.Mediaplex
Path: D:\Documents and Settings\Neelam\Cookies\neelam@mediaplex[2].txt
Risk: Medium

Name: TrackingCookie.Overture
Path: D:\Documents and Settings\Neelam\Cookies\neelam@overture[1].txt
Risk: Medium

Name: TrackingCookie.2o7
Path: D:\Documents and Settings\Neelam\Cookies\neelam@paypal.112.2o7[1].txt
Risk: Medium

Name: TrackingCookie.Questionmarket
Path: D:\Documents and Settings\Neelam\Cookies\neelam@questionmarket[1].txt
Risk: Medium

Name: TrackingCookie.Realmedia
Path: D:\Documents and Settings\Neelam\Cookies\neelam@realmedia[2].txt
Risk: Medium

Name: TrackingCookie.Revsci
Path: D:\Documents and Settings\Neelam\Cookies\neelam@revsci[1].txt
Risk: Medium

Name: TrackingCookie.Valueclick
Path: D:\Documents and Settings\Neelam\Cookies\neelam@scot.valueclick[2].txt
Risk: Medium

Name: TrackingCookie.Liveperson
Path: D:\Documents and Settings\Neelam\Cookies\neelam@server.iad.liveperson[1].txt
Risk: Medium

Name: TrackingCookie.Serving-sys
Path: D:\Documents and Settings\Neelam\Cookies\neelam@serving-sys[1].txt
Risk: Medium

Name: TrackingCookie.Netflame
Path: D:\Documents and Settings\Neelam\Cookies\neelam@ssl-hints.netflame[2].txt
Risk: Medium

Name: TrackingCookie.Dealtime
Path: D:\Documents and Settings\Neelam\Cookies\neelam@stat.dealtime[2].txt
Risk: Medium

Name: TrackingCookie.Tribalfusion
Path: D:\Documents and Settings\Neelam\Cookies\neelam@tribalfusion[2].txt
Risk: Medium

Name: TrackingCookie.Valueclick
Path: D:\Documents and Settings\Neelam\Cookies\neelam@valueclick[1].txt
Risk: Medium

Name: TrackingCookie.Zedo
Path: D:\Documents and Settings\Neelam\Cookies\neelam@zedo[1].txt
Risk: Medium

Name: TrackingCookie.Valueclick
Path: :mozilla.35:D:\Documents and Settings\Neelam\Application Data\Mozilla\Firefox\Profiles\lu3ikt03.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Valueclick
Path: :mozilla.36:D:\Documents and Settings\Neelam\Application Data\Mozilla\Firefox\Profiles\lu3ikt03.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Valueclick
Path: :mozilla.50:D:\Documents and Settings\Neelam\Application Data\Mozilla\Firefox\Profiles\lu3ikt03.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Valueclick
Path: :mozilla.52:D:\Documents and Settings\Neelam\Application Data\Mozilla\Firefox\Profiles\lu3ikt03.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Imrworldwide
Path: :mozilla.92:D:\Documents and Settings\Neelam\Application Data\Mozilla\Firefox\Profiles\lu3ikt03.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Imrworldwide
Path: :mozilla.93:D:\Documents and Settings\Neelam\Application Data\Mozilla\Firefox\Profiles\lu3ikt03.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Doubleclick
Path: :mozilla.94:D:\Documents and Settings\Neelam\Application Data\Mozilla\Firefox\Profiles\lu3ikt03.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Doubleclick
Path: :mozilla.95:D:\Documents and Settings\Neelam\Application Data\Mozilla\Firefox\Profiles\lu3ikt03.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Atdmt
Path: :mozilla.98:D:\Documents and Settings\Neelam\Application Data\Mozilla\Firefox\Profiles\lu3ikt03.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Mediaplex
Path: :mozilla.101:D:\Documents and Settings\Neelam\Application Data\Mozilla\Firefox\Profiles\lu3ikt03.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Mediaplex
Path: :mozilla.102:D:\Documents and Settings\Neelam\Application Data\Mozilla\Firefox\Profiles\lu3ikt03.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Advertising
Path: :mozilla.115:D:\Documents and Settings\Neelam\Application Data\Mozilla\Firefox\Profiles\lu3ikt03.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Advertising
Path: :mozilla.116:D:\Documents and Settings\Neelam\Application Data\Mozilla\Firefox\Profiles\lu3ikt03.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Advertising
Path: :mozilla.117:D:\Documents and Settings\Neelam\Application Data\Mozilla\Firefox\Profiles\lu3ikt03.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Advertising
Path: :mozilla.118:D:\Documents and Settings\Neelam\Application Data\Mozilla\Firefox\Profiles\lu3ikt03.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Advertising
Path: :mozilla.119:D:\Documents and Settings\Neelam\Application Data\Mozilla\Firefox\Profiles\lu3ikt03.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Advertising
Path: :mozilla.120:D:\Documents and Settings\Neelam\Application Data\Mozilla\Firefox\Profiles\lu3ikt03.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Advertising
Path: :mozilla.121:D:\Documents and Settings\Neelam\Application Data\Mozilla\Firefox\Profiles\lu3ikt03.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Advertising
Path: :mozilla.122:D:\Documents and Settings\Neelam\Application Data\Mozilla\Firefox\Profiles\lu3ikt03.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Advertising
Path: :mozilla.123:D:\Documents and Settings\Neelam\Application Data\Mozilla\Firefox\Profiles\lu3ikt03.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Euroclick
Path: :mozilla.140:D:\Documents and Settings\Neelam\Application Data\Mozilla\Firefox\Profiles\lu3ikt03.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Euroclick
Path: :mozilla.141:D:\Documents and Settings\Neelam\Application Data\Mozilla\Firefox\Profiles\lu3ikt03.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Euroclick
Path: :mozilla.142:D:\Documents and Settings\Neelam\Application Data\Mozilla\Firefox\Profiles\lu3ikt03.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Euroclick
Path: :mozilla.143:D:\Documents and Settings\Neelam\Application Data\Mozilla\Firefox\Profiles\lu3ikt03.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Euroclick
Path: :mozilla.144:D:\Documents and Settings\Neelam\Application Data\Mozilla\Firefox\Profiles\lu3ikt03.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Tribalfusion
Path: :mozilla.173:D:\Documents and Settings\Neelam\Application Data\Mozilla\Firefox\Profiles\lu3ikt03.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Tribalfusion
Path: :mozilla.174:D:\Documents and Settings\Neelam\Application Data\Mozilla\Firefox\Profiles\lu3ikt03.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Tribalfusion
Path: :mozilla.175:D:\Documents and Settings\Neelam\Application Data\Mozilla\Firefox\Profiles\lu3ikt03.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Tribalfusion
Path: :mozilla.176:D:\Documents and Settings\Neelam\Application Data\Mozilla\Firefox\Profiles\lu3ikt03.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Yieldmanager
Path: :mozilla.177:D:\Documents and Settings\Neelam\Application Data\Mozilla\Firefox\Profiles\lu3ikt03.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Adrevolver
Path: :mozilla.178:D:\Documents and Settings\Neelam\Application Data\Mozilla\Firefox\Profiles\lu3ikt03.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Yieldmanager
Path: :mozilla.179:D:\Documents and Settings\Neelam\Application Data\Mozilla\Firefox\Profiles\lu3ikt03.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Yieldmanager
Path: :mozilla.180:D:\Documents and Settings\Neelam\Application Data\Mozilla\Firefox\Profiles\lu3ikt03.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Yieldmanager
Path: :mozilla.181:D:\Documents and Settings\Neelam\Application Data\Mozilla\Firefox\Profiles\lu3ikt03.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Adrevolver
Path: :mozilla.182:D:\Documents and Settings\Neelam\Application Data\Mozilla\Firefox\Profiles\lu3ikt03.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Adrevolver
Path: :mozilla.183:D:\Documents and Settings\Neelam\Application Data\Mozilla\Firefox\Profiles\lu3ikt03.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Adrevolver
Path: :mozilla.184:D:\Documents and Settings\Neelam\Application Data\Mozilla\Firefox\Profiles\lu3ikt03.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Adrevolver
Path: :mozilla.185:D:\Documents and Settings\Neelam\Application Data\Mozilla\Firefox\Profiles\lu3ikt03.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Adrevolver
Path: :mozilla.186:D:\Documents and Settings\Neelam\Application Data\Mozilla\Firefox\Profiles\lu3ikt03.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Adrevolver
Path: :mozilla.187:D:\Documents and Settings\Neelam\Application Data\Mozilla\Firefox\Profiles\lu3ikt03.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Adrevolver
Path: :mozilla.188:D:\Documents and Settings\Neelam\Application Data\Mozilla\Firefox\Profiles\lu3ikt03.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Adrevolver
Path: :mozilla.189:D:\Documents and Settings\Neelam\Application Data\Mozilla\Firefox\Profiles\lu3ikt03.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Adrevolver
Path: :mozilla.190:D:\Documents and Settings\Neelam\Application Data\Mozilla\Firefox\Profiles\lu3ikt03.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Adrevolver
Path: :mozilla.191:D:\Documents and Settings\Neelam\Application Data\Mozilla\Firefox\Profiles\lu3ikt03.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Adrevolver
Path: :mozilla.192:D:\Documents and Settings\Neelam\Application Data\Mozilla\Firefox\Profiles\lu3ikt03.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Tacoda
Path: :mozilla.202:D:\Documents and Settings\Neelam\Application Data\Mozilla\Firefox\Profiles\lu3ikt03.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Tacoda
Path: :mozilla.203:D:\Documents and Settings\Neelam\Application Data\Mozilla\Firefox\Profiles\lu3ikt03.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Tacoda
Path: :mozilla.204:D:\Documents and Settings\Neelam\Application Data\Mozilla\Firefox\Profiles\lu3ikt03.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Tacoda
Path: :mozilla.205:D:\Documents and Settings\Neelam\Application Data\Mozilla\Firefox\Profiles\lu3ikt03.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Tacoda
Path: :mozilla.206:D:\Documents and Settings\Neelam\Application Data\Mozilla\Firefox\Profiles\lu3ikt03.default\cookies.txt
Risk: Medium

Name: TrackingCookie.2o7
Path: :mozilla.207:D:\Documents and Settings\Neelam\Application Data\Mozilla\Firefox\Profiles\lu3ikt03.default\cookies.txt
Risk: Medium

Name: TrackingCookie.2o7
Path: :mozilla.208:D:\Documents and Settings\Neelam\Application Data\Mozilla\Firefox\Profiles\lu3ikt03.default\cookies.txt
Risk: Medium

Name: TrackingCookie.2o7
Path: :mozilla.209:D:\Documents and Settings\Neelam\Application Data\Mozilla\Firefox\Profiles\lu3ikt03.default\cookies.txt
Risk: Medium

Name: TrackingCookie.2o7
Path: :mozilla.210:D:\Documents and Settings\Neelam\Application Data\Mozilla\Firefox\Profiles\lu3ikt03.default\cookies.txt
Risk: Medium

Name: TrackingCookie.2o7
Path: :mozilla.211:D:\Documents and Settings\Neelam\Application Data\Mozilla\Firefox\Profiles\lu3ikt03.default\cookies.txt
Risk: Medium

Name: TrackingCookie.2o7
Path: :mozilla.212:D:\Documents and Settings\Neelam\Application Data\Mozilla\Firefox\Profiles\lu3ikt03.default\cookies.txt
Risk: Medium

Name: TrackingCookie.2o7
Path: :mozilla.213:D:\Documents and Settings\Neelam\Application Data\Mozilla\Firefox\Profiles\lu3ikt03.default\cookies.txt
Risk: Medium

Name: TrackingCookie.2o7
Path: :mozilla.214:D:\Documents and Settings\Neelam\Application Data\Mozilla\Firefox\Profiles\lu3ikt03.default\cookies.txt
Risk: Medium

Name: TrackingCookie.2o7
Path: :mozilla.215:D:\Documents and Settings\Neelam\Application Data\Mozilla\Firefox\Profiles\lu3ikt03.default\cookies.txt
Risk: Medium

Name: TrackingCookie.2o7
Path: :mozilla.216:D:\Documents and Settings\Neelam\Application Data\Mozilla\Firefox\Profiles\lu3ikt03.default\cookies.txt
Risk: Medium

Name: TrackingCookie.2o7
Path: :mozilla.217:D:\Documents and Settings\Neelam\Application Data\Mozilla\Firefox\Profiles\lu3ikt03.default\cookies.txt
Risk: Medium

Name: TrackingCookie.2o7
Path: :mozilla.218:D:\Documents and Settings\Neelam\Application Data\Mozilla\Firefox\Profiles\lu3ikt03.default\cookies.txt
Risk: Medium

Name: TrackingCookie.2o7
Path: :mozilla.219:D:\Documents and Settings\Neelam\Application Data\Mozilla\Firefox\Profiles\lu3ikt03.default\cookies.txt
Risk: Medium

Name: TrackingCookie.2o7
Path: :mozilla.220:D:\Documents and Settings\Neelam\Application Data\Mozilla\Firefox\Profiles\lu3ikt03.default\cookies.txt
Risk: Medium

Name: TrackingCookie.2o7
Path: :mozilla.221:D:\Documents and Settings\Neelam\Application Data\Mozilla\Firefox\Profiles\lu3ikt03.default\cookies.txt
Risk: Medium

Name: TrackingCookie.2o7
Path: :mozilla.222:D:\Documents and Settings\Neelam\Application Data\Mozilla\Firefox\Profiles\lu3ikt03.default\cookies.txt
Risk: Medium

Name: TrackingCookie.2o7
Path: :mozilla.223:D:\Documents and Settings\Neelam\Application Data\Mozilla\Firefox\Profiles\lu3ikt03.default\cookies.txt
Risk: Medium

Name: TrackingCookie.2o7
Path: :mozilla.224:D:\Documents and Settings\Neelam\Application Data\Mozilla\Firefox\Profiles\lu3ikt03.default\cookies.txt
Risk: Medium

Name: TrackingCookie.2o7
Path: :mozilla.225:D:\Documents and Settings\Neelam\Application Data\Mozilla\Firefox\Profiles\lu3ikt03.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Revsci
Path: :mozilla.226:D:\Documents and Settings\Neelam\Application Data\Mozilla\Firefox\Profiles\lu3ikt03.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Revsci
Path: :mozilla.227:D:\Documents and Settings\Neelam\Application Data\Mozilla\Firefox\Profiles\lu3ikt03.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Revsci
Path: :mozilla.228:D:\Documents and Settings\Neelam\Application Data\Mozilla\Firefox\Profiles\lu3ikt03.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Revsci
Path: :mozilla.229:D:\Documents and Settings\Neelam\Application Data\Mozilla\Firefox\Profiles\lu3ikt03.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Revsci
Path: :mozilla.230:D:\Documents and Settings\Neelam\Application Data\Mozilla\Firefox\Profiles\lu3ikt03.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Revsci
Path: :mozilla.231:D:\Documents and Settings\Neelam\Application Data\Mozilla\Firefox\Profiles\lu3ikt03.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Revsci
Path: :mozilla.232:D:\Documents and Settings\Neelam\Application Data\Mozilla\Firefox\Profiles\lu3ikt03.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Revsci
Path: :mozilla.233:D:\Documents and Settings\Neelam\Application Data\Mozilla\Firefox\Profiles\lu3ikt03.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Revsci
Path: :mozilla.234:D:\Documents and Settings\Neelam\Application Data\Mozilla\Firefox\Profiles\lu3ikt03.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Revsci
Path: :mozilla.235:D:\Documents and Settings\Neelam\Application Data\Mozilla\Firefox\Profiles\lu3ikt03.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Revsci
Path: :mozilla.236:D:\Documents and Settings\Neelam\Application Data\Mozilla\Firefox\Profiles\lu3ikt03.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Revsci
Path: :mozilla.237:D:\Documents and Settings\Neelam\Application Data\Mozilla\Firefox\Profiles\lu3ikt03.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Revsci
Path: :mozilla.238:D:\Documents and Settings\Neelam\Application Data\Mozilla\Firefox\Profiles\lu3ikt03.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Tacoda
Path: :mozilla.239:D:\Documents and Settings\Neelam\Application Data\Mozilla\Firefox\Profiles\lu3ikt03.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Tacoda
Path: :mozilla.240:D:\Documents and Settings\Neelam\Application Data\Mozilla\Firefox\Profiles\lu3ikt03.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Zedo
Path: :mozilla.242:D:\Documents and Settings\Neelam\Application Data\Mozilla\Firefox\Profiles\lu3ikt03.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Zedo
Path: :mozilla.243:D:\Documents and Settings\Neelam\Application Data\Mozilla\Firefox\Profiles\lu3ikt03.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Zedo
Path: :mozilla.244:D:\Documents and Settings\Neelam\Application Data\Mozilla\Firefox\Profiles\lu3ikt03.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Zedo
Path: :mozilla.245:D:\Documents and Settings\Neelam\Application Data\Mozilla\Firefox\Profiles\lu3ikt03.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Zedo
Path: :mozilla.246:D:\Documents and Settings\Neelam\Application Data\Mozilla\Firefox\Profiles\lu3ikt03.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Questionmarket
Path: :mozilla.276:D:\Documents and Settings\Neelam\Application Data\Mozilla\Firefox\Profiles\lu3ikt03.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Questionmarket
Path: :mozilla.277:D:\Documents and Settings\Neelam\Application Data\Mozilla\Firefox\Profiles\lu3ikt03.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Adrevolver
Path: :mozilla.305:D:\Documents and Settings\Neelam\Application Data\Mozilla\Firefox\Profiles\lu3ikt03.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Adrevolver
Path: :mozilla.306:D:\Documents and Settings\Neelam\Application Data\Mozilla\Firefox\Profiles\lu3ikt03.default\cookies.txt
Risk: Medium

Name: TrackingCookie.247realmedia
Path: :mozilla.317:D:\Documents and Settings\Neelam\Application Data\Mozilla\Firefox\Profiles\lu3ikt03.default\cookies.txt
Risk: Medium

Name: TrackingCookie.247realmedia
Path: :mozilla.318:D:\Documents and Settings\Neelam\Application Data\Mozilla\Firefox\Profiles\lu3ikt03.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Overture
Path: :mozilla.319:D:\Documents and Settings\Neelam\Application Data\Mozilla\Firefox\Profiles\lu3ikt03.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Fastclick
Path: :mozilla.350:D:\Documents and Settings\Neelam\Application Data\Mozilla\Firefox\Profiles\lu3ikt03.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Fastclick
Path: :mozilla.351:D:\Documents and Settings\Neelam\Application Data\Mozilla\Firefox\Profiles\lu3ikt03.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Fastclick
Path: :mozilla.352:D:\Documents and Settings\Neelam\Application Data\Mozilla\Firefox\Profiles\lu3ikt03.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Fastclick
Path: :mozilla.353:D:\Documents and Settings\Neelam\Application Data\Mozilla\Firefox\Profiles\lu3ikt03.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Casalemedia
Path: :mozilla.354:D:\Documents and Settings\Neelam\Application Data\Mozilla\Firefox\Profiles\lu3ikt03.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Casalemedia
Path: :mozilla.355:D:\Documents and Settings\Neelam\Application Data\Mozilla\Firefox\Profiles\lu3ikt03.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Casalemedia
Path: :mozilla.356:D:\Documents and Settings\Neelam\Application Data\Mozilla\Firefox\Profiles\lu3ikt03.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Casalemedia
Path: :mozilla.357:D:\Documents and Settings\Neelam\Application Data\Mozilla\Firefox\Profiles\lu3ikt03.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Casalemedia
Path: :mozilla.358:D:\Documents and Settings\Neelam\Application Data\Mozilla\Firefox\Profiles\lu3ikt03.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Casalemedia
Path: :mozilla.359:D:\Documents and Settings\Neelam\Application Data\Mozilla\Firefox\Profiles\lu3ikt03.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Casalemedia
Path: :mozilla.360:D:\Documents and Settings\Neelam\Application Data\Mozilla\Firefox\Profiles\lu3ikt03.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Casalemedia
Path: :mozilla.361:D:\Documents and Settings\Neelam\Application Data\Mozilla\Firefox\Profiles\lu3ikt03.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Hitbox
Path: :mozilla.377:D:\Documents and Settings\Neelam\Application Data\Mozilla\Firefox\Profiles\lu3ikt03.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Hitbox
Path: :mozilla.378:D:\Documents and Settings\Neelam\Application Data\Mozilla\Firefox\Profiles\lu3ikt03.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Hitbox
Path: :mozilla.379:D:\Documents and Settings\Neelam\Application Data\Mozilla\Firefox\Profiles\lu3ikt03.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Hitbox
Path: :mozilla.380:D:\Documents and Settings\Neelam\Application Data\Mozilla\Firefox\Profiles\lu3ikt03.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Hitbox
Path: :mozilla.381:D:\Documents and Settings\Neelam\Application Data\Mozilla\Firefox\Profiles\lu3ikt03.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Hitbox
Path: :mozilla.382:D:\Documents and Settings\Neelam\Application Data\Mozilla\Firefox\Profiles\lu3ikt03.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Webtrends
Path: :mozilla.386:D:\Documents and Settings\Neelam\Application Data\Mozilla\Firefox\Profiles\lu3ikt03.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Burstbeacon
Path: :mozilla.391:D:\Documents and Settings\Neelam\Application Data\Mozilla\Firefox\Profiles\lu3ikt03.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Burstnet
Path: :mozilla.392:D:\Documents and Settings\Neelam\Application Data\Mozilla\Firefox\Profiles\lu3ikt03.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Burstnet
Path: :mozilla.394:D:\Documents and Settings\Neelam\Application Data\Mozilla\Firefox\Profiles\lu3ikt03.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Burstnet
Path: :mozilla.395:D:\Documents and Settings\Neelam\Application Data\Mozilla\Firefox\Profiles\lu3ikt03.default\cookies.txt
Risk: Medium

Name: TrackingCookie.2o7
Path: :mozilla.406:D:\Documents and Settings\Neelam\Application Data\Mozilla\Firefox\Profiles\lu3ikt03.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Pointroll
Path: :mozilla.431:D:\Documents and Settings\Neelam\Application Data\Mozilla\Firefox\Profiles\lu3ikt03.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Pointroll
Path: :mozilla.432:D:\Documents and Settings\Neelam\Application Data\Mozilla\Firefox\Profiles\lu3ikt03.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Pointroll
Path: :mozilla.433:D:\Documents and Settings\Neelam\Application Data\Mozilla\Firefox\Profiles\lu3ikt03.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Pointroll
Path: :mozilla.434:D:\Documents and Settings\Neelam\Application Data\Mozilla\Firefox\Profiles\lu3ikt03.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Pointroll
Path: :mozilla.435:D:\Documents and Settings\Neelam\Application Data\Mozilla\Firefox\Profiles\lu3ikt03.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Pointroll
Path: :mozilla.436:D:\Documents and Settings\Neelam\Application Data\Mozilla\Firefox\Profiles\lu3ikt03.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Pointroll
Path: :mozilla.437:D:\Documents and Settings\Neelam\Application Data\Mozilla\Firefox\Profiles\lu3ikt03.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Pointroll
Path: :mozilla.438:D:\Documents and Settings\Neelam\Application Data\Mozilla\Firefox\Profiles\lu3ikt03.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Pointroll
Path: :mozilla.439:D:\Documents and Settings\Neelam\Application Data\Mozilla\Firefox\Profiles\lu3ikt03.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Pointroll
Path: :mozilla.440:D:\Documents and Settings\Neelam\Application Data\Mozilla\Firefox\Profiles\lu3ikt03.default\cookies.txt
Risk: Medium

Name: TrackingCookie.2o7
Path: :mozilla.441:D:\Documents and Settings\Neelam\Application Data\Mozilla\Firefox\Profiles\lu3ikt03.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Statcounter
Path: :mozilla.442:D:\Documents and Settings\Neelam\Application Data\Mozilla\Firefox\Profiles\lu3ikt03.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Statcounter
Path: :mozilla.448:D:\Documents and Settings\Neelam\Application Data\Mozilla\Firefox\Profiles\lu3ikt03.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Statcounter
Path: :mozilla.449:D:\Documents and Settings\Neelam\Application Data\Mozilla\Firefox\Profiles\lu3ikt03.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Statcounter
Path: :mozilla.450:D:\Documents and Settings\Neelam\Application Data\Mozilla\Firefox\Profiles\lu3ikt03.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Statcounter
Path: :mozilla.451:D:\Documents and Settings\Neelam\Application Data\Mozilla\Firefox\Profiles\lu3ikt03.default\cookies.txt
Risk: Medium

Name: TrackingCookie.2o7
Path: :mozilla.456:D:\Documents and Settings\Neelam\Application Data\Mozilla\Firefox\Profiles\lu3ikt03.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Webtrendslive
Path: :mozilla.509:D:\Documents and Settings\Neelam\Application Data\Mozilla\Firefox\Profiles\lu3ikt03.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Adbrite
Path: :mozilla.514:D:\Documents and Settings\Neelam\Application Data\Mozilla\Firefox\Profiles\lu3ikt03.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Adbrite
Path: :mozilla.515:D:\Documents and Settings\Neelam\Application Data\Mozilla\Firefox\Profiles\lu3ikt03.default\cookies.txt
Risk: Medium

Name: TrackingCookie.2o7
Path: :mozilla.577:D:\Documents and Settings\Neelam\Application Data\Mozilla\Firefox\Profiles\lu3ikt03.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Paycounter
Path: :mozilla.662:D:\Documents and Settings\Neelam\Application Data\Mozilla\Firefox\Profiles\lu3ikt03.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Pro-market
Path: :mozilla.680:D:\Documents and Settings\Neelam\Application Data\Mozilla\Firefox\Profiles\lu3ikt03.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Pro-market
Path: :mozilla.681:D:\Documents and Settings\Neelam\Application Data\Mozilla\Firefox\Profiles\lu3ikt03.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Pro-market
Path: :mozilla.682:D:\Documents and Settings\Neelam\Application Data\Mozilla\Firefox\Profiles\lu3ikt03.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Pro-market
Path: :mozilla.683:D:\Documents and Settings\Neelam\Application Data\Mozilla\Firefox\Profiles\lu3ikt03.default\cookies.txt
Risk: Medium

Name: TrackingCookie.2o7
Path: :mozilla.708:D:\Documents and Settings\Neelam\Application Data\Mozilla\Firefox\Profiles\lu3ikt03.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Realmedia
Path: :mozilla.721:D:\Documents and Settings\Neelam\Application Data\Mozilla\Firefox\Profiles\lu3ikt03.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Realmedia
Path: :mozilla.722:D:\Documents and Settings\Neelam\Application Data\Mozilla\Firefox\Profiles\lu3ikt03.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Spylog
Path: :mozilla.821:D:\Documents and Settings\Neelam\Application Data\Mozilla\Firefox\Profiles\lu3ikt03.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Hotlog
Path: :mozilla.822:D:\Documents and Settings\Neelam\Application Data\Mozilla\Firefox\Profiles\lu3ikt03.default\cookies.txt
Risk: Medium

Name: TrackingCookie.7search
Path: :mozilla.889:D:\Documents and Settings\Neelam\Application Data\Mozilla\Firefox\Profiles\lu3ikt03.default\cookies.txt
Risk: Medium

Name: TrackingCookie.7search
Path: :mozilla.890:D:\Documents and Settings\Neelam\Application Data\Mozilla\Firefox\Profiles\lu3ikt03.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Sitestat
Path: :mozilla.898:D:\Documents and Settings\Neelam\Application Data\Mozilla\Firefox\Profiles\lu3ikt03.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Sitestat
Path: :mozilla.899:D:\Documents and Settings\Neelam\Application Data\Mozilla\Firefox\Profiles\lu3ikt03.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Ivwbox
Path: :mozilla.900:D:\Documents and Settings\Neelam\Application Data\Mozilla\Firefox\Profiles\lu3ikt03.default\cookies.txt
Risk: Medium

Name: Not-A-Virus.Adware.Virtumonde
Path: D:\Documents and Settings\Neelam\Local Settings\Temp\removalfile.bat
Risk: Low

Name: Not-A-Virus.PUP.SpywareDetector
Path: D:\My Documents2\Downloads\AVI WMV WMA MPEG Video Movie DVD SVCD VCD iPOD PSP TOMTOM Allok Cucusoft Plato WinxMedia Xilisoft Converter Ripper Media Studio\Cucusoft MPEG AVI to DVD VCD SVCD Converter Pro.exe
Risk: Low

Name: Not-A-Virus.PUP.SpywareDetector
Path: D:\My Documents2\Downloads\AVI WMV WMA MPEG Video Movie DVD SVCD VCD iPOD PSP TOMTOM Allok Cucusoft Plato WinxMedia Xilisoft Converter Ripper Media Studio\Cucusoft MPEG AVI to VCD DVD SVCD Converter Lite.exe
Risk: Low

Name: Not-A-Virus.PUP.SpywareDetector
Path: D:\My Documents2\Downloads\AVI WMV WMA MPEG Video Movie DVD SVCD VCD iPOD PSP TOMTOM Allok Cucusoft Plato WinxMedia Xilisoft Converter Ripper Media Studio\PSP Movie Creator.exe
Risk: Low

Name: Not-A-Virus.PUP.SpywareDetector
Path: D:\My Documents2\Downloads\AVI WMV WMA MPEG Video Movie DVD SVCD VCD iPOD PSP TOMTOM Allok Cucusoft Plato WinxMedia Xilisoft Converter Ripper Media Studio\WinXMedia AVI MPEG iPod Converter.exe
Risk: Low

Name: Not-A-Virus.PUP.SpywareDetector
Path: D:\My Documents2\Downloads\AVI WMV WMA MPEG Video Movie DVD SVCD VCD iPOD PSP TOMTOM Allok Cucusoft Plato WinxMedia Xilisoft Converter Ripper Media Studio\WinXMedia AVI WMV PSP Converter.exe
Risk: Low

Name: Not-A-Virus.PUP.SpywareDetector
Path: D:\My Documents2\Downloads\AVI WMV WMA MPEG Video Movie DVD SVCD VCD iPOD PSP TOMTOM Allok Cucusoft Plato WinxMedia Xilisoft Converter Ripper Media Studio\Xilisoft AVI MPEG Converter.exe
Risk: Low

Name: Not-A-Virus.PUP.SpywareDetector
Path: D:\My Documents2\Downloads\AVI WMV WMA MPEG Video Movie DVD SVCD VCD iPOD PSP TOMTOM Allok Cucusoft Plato WinxMedia Xilisoft Converter Ripper Media Studio\Xilisoft iPod Video Converter.exe
Risk: Low

Name: Not-A-Virus.PUP.SpywareDetector
Path: D:\My Documents2\Downloads\AVI WMV WMA MPEG Video Movie DVD SVCD VCD iPOD PSP TOMTOM Allok Cucusoft Plato WinxMedia Xilisoft Converter Ripper Media Studio\Xilisoft PSP Video Converter.exe
Risk: Low

Name: Not-A-Virus.PUP.SpywareDetector
Path: D:\My Documents2\Downloads\WinXMedia DVD AVI MP3 MP4 MPEG iPod PSP Video Audio Converter Ripper\WinXMedia AVI MPEG iPod Converter\WinXMedia AVI MPEG iPod Converter.exe
Risk: Low

Name: Not-A-Virus.PUP.SpywareDetector
Path: D:\My Documents2\Downloads\WinXMedia DVD AVI MP3 MP4 MPEG iPod PSP Video Audio Converter Ripper\WinXMedia AVI WMV 3GP Converter\WinXMedia AVI WMV 3GP Converter.exe
Risk: Low

Name: Not-A-Virus.PUP.SpywareDetector
Path: D:\My Documents2\Downloads\WinXMedia DVD AVI MP3 MP4 MPEG iPod PSP Video Audio Converter Ripper\WinXMedia AVI WMV MP4 Converter\WinXMedia AVI WMV MP4 Converter.exe
Risk: Low

Name: Not-A-Virus.PUP.SpywareDetector
Path: D:\My Documents2\Downloads\WinXMedia DVD AVI MP3 MP4 MPEG iPod PSP Video Audio Converter Ripper\WinXMedia AVI WMV PSP Converter\WinXMedia AVI WMV PSP Converter.exe
Risk: Low

Name: Not-A-Virus.PUP.SpywareDetector
Path: D:\My Documents2\Downloads\WinXMedia DVD AVI MP3 MP4 MPEG iPod PSP Video Audio Converter Ripper\WinXMedia CD MP3 WAV WMA Converter\WinXMedia CD MP3 WAV WMA Converter.exe
Risk: Low

Name: Not-A-Virus.PUP.SpywareDetector
Path: D:\My Documents2\Downloads\WinXMedia DVD AVI MP3 MP4 MPEG iPod PSP Video Audio Converter Ripper\WinXMedia DVD Audio Ripper\WinXMedia DVD Audio Ripper.exe
Risk: Low

Name: Not-A-Virus.PUP.SpywareDetector
Path: D:\My Documents2\Downloads\WinXMedia DVD AVI MP3 MP4 MPEG iPod PSP Video Audio Converter Ripper\WinXMedia DVD iPod Video Converter\WinXMedia DVD iPod Video Converter.exe
Risk: Low

Name: Not-A-Virus.PUP.SpywareDetector
Path: D:\My Documents2\Downloads\WinXMedia DVD AVI MP3 MP4 MPEG iPod PSP Video Audio Converter Ripper\WinXMedia DVD MP4 Video Converter\WinXMedia DVD MP4 Video Converter.exe
Risk: Low

Name: Not-A-Virus.PUP.SpywareDetector
Path: D:\My Documents2\Downloads\WinXMedia DVD AVI MP3 MP4 MPEG iPod PSP Video Audio Converter Ripper\WinXMedia DVD MPEG AVI Audio Converter\WinXMedia DVD MPEGAVIAudio Converter.exe
Risk: Low

Name: Not-A-Virus.PUP.SpywareDetector
Path: D:\My Documents2\Downloads\WinXMedia DVD AVI MP3 MP4 MPEG iPod PSP Video Audio Converter Ripper\WinXMedia DVD Ripper\WinXMedia DVD Ripper.exe
Risk: Low

Name: Not-A-Virus.PUP.SpywareDetector
Path: D:\My Documents2\Downloads\Xilisoft AVI MPEG PSP Video iPod WAV MP3 MOV CD Audio Video Converter Ripper\Xilisoft Audio Converter\Xilisoft Audio Converter.exe
Risk: Low

Name: Not-A-Virus.PUP.SpywareDetector
Path: D:\My Documents2\Downloads\Xilisoft AVI MPEG PSP Video iPod WAV MP3 MOV CD Audio Video Converter Ripper\Xilisoft AVI MPEG Converter\Xilisoft AVI MPEG Converter.exe
Risk: Low

Name: Not-A-Virus.PUP.SpywareDetector
Path: D:\My Documents2\Downloads\Xilisoft AVI MPEG PSP Video iPod WAV MP3 MOV CD Audio Video Converter Ripper\Xilisoft CD Ripper\Xilisoft CD Ripper.exe
Risk: Low

Name: Not-A-Virus.PUP.SpywareDetector
Path: D:\My Documents2\Downloads\Xilisoft AVI MPEG PSP Video iPod WAV MP3 MOV CD Audio Video Converter Ripper\Xilisoft iPod Video Converter\Xilisoft iPod Video Converter.exe
Risk: Low

Name: Not-A-Virus.PUP.SpywareDetector
Path: D:\My Documents2\Downloads\Xilisoft AVI MPEG PSP Video iPod WAV MP3 MOV CD Audio Video Converter Ripper\Xilisoft MOV Converter\Xilisoft MOV Converter.exe
Risk: Low

Name: Not-A-Virus.PUP.SpywareDetector
Path: D:\My Documents2\Downloads\Xilisoft AVI MPEG PSP Video iPod WAV MP3 MOV CD Audio Video Converter Ripper\Xilisoft MP3 WAV Converter\Xilisoft MP3 WAV Converter.exe
Risk: Low

Name: Not-A-Virus.PUP.SpywareDetector
Path: D:\My Documents2\Downloads\Xilisoft AVI MPEG PSP Video iPod WAV MP3 MOV CD Audio Video Converter Ripper\Xilisoft PSP Video Converter\Xilisoft PSP Video Converter.exe
Risk: Low

Name: Not-A-Virus.PUP.SpywareDetector
Path: D:\My Documents2\Downloads\Xilisoft AVI MPEG PSP Video iPod WAV MP3 MOV CD Audio Video Converter Ripper\Xilisoft RM Converter\Xilisoft RM Converter.exe
Risk: Low

Name: Not-A-Virus.PUP.SpywareDetector
Path: D:\My Documents2\Downloads\Xilisoft AVI MPEG PSP Video iPod WAV MP3 MOV CD Audio Video Converter Ripper\Xilisoft Video to Audio Converter\Xilisoft Video to Audio Converter.exe
Risk: Low

Name: Not-A-Virus.PUP.SpywareDetector
Path: D:\My Documents2\Downloads\Xilisoft AVI MPEG PSP Video iPod WAV MP3 MOV CD Audio Video Converter Ripper\Xilisoft WMA MP3 Converter\Xilisoft WMA MP3 Converter.exe
Risk: Low

#15 bamajim

bamajim

  • Members
  • 894 posts
  • OFFLINE
  •  
  • Local time:06:11 PM

Posted 16 June 2008 - 07:50 AM

dhamal

Congrats on the new car.

Rerun Hijackthis and post a fresh Hijackthis log.

And in your reply give me an update on how your PC is running now
Posted Image
Microsoft MVP - Windows Security




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users