Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Popups


  • Please log in to reply
9 replies to this topic

#1 DanTycoon

DanTycoon

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Location:Burlington, Connecticut, USA
  • Local time:06:45 PM

Posted 06 November 2006 - 05:30 PM

Logfile of HijackThis v1.99.1
Scan saved at 5:26:08 PM, on 11/6/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Autodesk\3dsMax8\mentalray\satellite\raysat_3dsmax8server.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\oodag.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\UAService7.exe
C:\Program Files\VMware\VMware Player\vmware-authd.exe
C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
C:\WINDOWS\system32\vmnat.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\vmnetdhcp.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\BCMSMMSG.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Dell AIO Printer A940\dlbabmgr.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Dell AIO Printer A940\dlbabmon.exe
C:\WINDOWS\system32\lexpps.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Gaim\gaim.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
c:\progra~1\intern~1\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\DllHost.exe
C:\WINDOWS\Explorer.EXE
C:\Documents and Settings\Daniel\Desktop\Folders\hijack\Hello.exe

O2 - BHO: DAPHelper Class - {0000CC75-ACF3-4cac-A0A9-DD3868E06852} - C:\Program Files\DAP\dapbho.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [BCMSMMSG] "BCMSMMSG.exe"
O4 - HKLM\..\Run: [dla] "C:\WINDOWS\system32\dla\tfswctrl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [NeroFilterCheck] "C:\WINDOWS\system32\NeroCheck.exe"
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [Dell AIO Printer A940] "C:\Program Files\Dell AIO Printer A940\dlbabmgr.exe"
O4 - HKLM\..\Run: [SoundMAXPnP] "C:\Program Files\Analog Devices\Core\smax4pnp.exe"
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [Windows Media Connect 2] "C:\Program Files\Windows Media Connect 2\WMCCFG.exe" /StartQuiet
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [jumpbolt] C:\DOCUME~1\Daniel\APPLIC~1\GRAMBU~1\MpegFlap.exe
O4 - HKCU\..\Run: [Gaim] C:\Program Files\Gaim\gaim.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Startup: Folding@Home 5.03.lnk = ?
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O16 - DPF: {2AF5BD25-90C5-4EEC-88C5-B44DC2905D8B} (DownloadManager Control) - http://dlmanager.akamaitools.com.edgesuite...vex-2.0.6.0.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.0.97.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/m...01/mcinsctl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1157300986070
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1159219546564
O16 - DPF: {82774781-8F4E-11D1-AB1C-0000F8773BF0} (DLC Class) - https://transfers.ds.microsoft.com/FTM/Tran...ransferCtrl.cab
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/shared/m...,26/mcgdmgr.cab
O16 - DPF: {D8AA889B-2C65-47C3-8C16-3DCD4EF76A47} (Invoke Solutions Participant Control(MR)) - http://online.invokesolutions.com/events/b...7207/MILive.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://www.driveragent.com/files/driveragent.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{698DE69A-709E-4707-BF74-CAC23A121C48}: NameServer = 68.87.71.226,68.87.73.242
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WB - C:\PROGRA~1\Stardock\OBJECT~2\WINDOW~1\fastload.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Connected Agent Service (AgentSrv) - Unknown owner - C:\Program Files\BackUp Solutions\AgentSrv.EXE (file missing)
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Macromedia Licensing Service - Macromedia - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: RaySat_3dsmax8 Server (mi-raysat_3dsmax8) - Unknown owner - C:\Program Files\Autodesk\3dsMax8\mentalray\satellite\raysat_3dsmax8server.exe
O23 - Service: mental ray 3.5 Satellite (32-bit) (mi-raysat_3dsmax9_32) - Unknown owner - G:\Applications\3dsmax9\mentalray\satellite\raysat_3dsmax9_32server.exe
O23 - Service: MSSQL$SONY_MEDIAMGR - Unknown owner - C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: SQLAgent$SONY_MEDIAMGR - Unknown owner - C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlagent.EXE (file missing)
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Sony DADC Austria AG. - C:\WINDOWS\system32\UAService7.exe
O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Program Files\VMware\VMware Player\vmware-authd.exe
O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\WINDOWS\system32\vmnetdhcp.exe
O23 - Service: VMware Virtual Mount Manager Extended (vmount2) - VMware, Inc. - C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
O23 - Service: VMware NAT Service - VMware, Inc. - C:\WINDOWS\system32\vmnat.exe

BC AdBot (Login to Remove)

 


#2 Mr_JAk3

Mr_JAk3

    HJT Team Member


  • Members
  • 527 posts
  • OFFLINE
  •  
  • Location:Finland
  • Local time:12:45 AM

Posted 07 November 2006 - 04:22 AM

Hi DanTycoon :thumbsup:

You got some infections there...

Disable Windows Defender's realtime protection.
  • Open Windows Defender
  • Click on "Tools"
  • Click on "General Settings"
  • Scroll down to "Real-time protection options"
  • Uncheck "Turn on Real-time protection (recommended)"
  • Click "Save"
  • Exit the program.
Please Download NoLop to your desktop from one of the links below...
Link 1
Link 2
Link 3
  • First close any other programs you have running as this will require a reboot
  • Double click NoLop.exe to run it
  • Now click the button labelled "Search and Destroy"
    <<your computer will now be scanned for infected files>>
  • When scanning is finished you will be prompted to reboot only if infected, Click OK
  • Now click the "REBOOT" Button.
  • A Message should popup from NoLop. If not, double click the program again and it will finish Please Post the contents of C:\NoLop.log along with a fresh HijackThis log
--If you receive an error, "mscomctl.ocx or one of its dependencies are not correctly registered," please download mscomctl.ocx to your system32 folder then rerun the program.--
UNITE & ASAP member since 2006
Posted Image
Posted Image

#3 DanTycoon

DanTycoon
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Location:Burlington, Connecticut, USA
  • Local time:06:45 PM

Posted 07 November 2006 - 03:20 PM

NoLop! Log by Skate_Punk_21

Fix running from: C:\Documents and Settings\Daniel\Desktop
[11/7/2006]
[3:09:31 PM]

---Infection Files Found/Removed---
C:\WINDOWS\tasks\B83CC8939B437D97.job

Beginning Removal...
Rebooting...
Removing Lop's Leftover Files/Folders...
Editing Registry...
**Fix Complete!**

---Listing AppData sub directories---

C:\Documents and Settings\Administrator\Application Data\.gaim
C:\Documents and Settings\Administrator\Application Data\Gtek
C:\Documents and Settings\Administrator\Application Data\Identities
C:\Documents and Settings\Administrator\Application Data\Microsoft
C:\Documents and Settings\Administrator\Application Data\Opera
C:\Documents and Settings\All Users\Application Data\Adobe
C:\Documents and Settings\All Users\Application Data\Adobe Systems
C:\Documents and Settings\All Users\Application Data\Ahead
C:\Documents and Settings\All Users\Application Data\Aol
C:\Documents and Settings\All Users\Application Data\Aol Downloads
C:\Documents and Settings\All Users\Application Data\Apple Computer
C:\Documents and Settings\All Users\Application Data\Autodesk
C:\Documents and Settings\All Users\Application Data\Avg7 -- EMPTY Directory
C:\Documents and Settings\All Users\Application Data\Gtek
C:\Documents and Settings\All Users\Application Data\Insight Software Solutions
C:\Documents and Settings\All Users\Application Data\Macromedia
C:\Documents and Settings\All Users\Application Data\Mcafee
C:\Documents and Settings\All Users\Application Data\Mcafee.com
C:\Documents and Settings\All Users\Application Data\Meowburnkeepsize
C:\Documents and Settings\All Users\Application Data\Microsoft
C:\Documents and Settings\All Users\Application Data\Microsoft Help
C:\Documents and Settings\All Users\Application Data\Msn Messenger 6.2.0137
C:\Documents and Settings\All Users\Application Data\Msn6
C:\Documents and Settings\All Users\Application Data\Mvt
C:\Documents and Settings\All Users\Application Data\Mvtlogs
C:\Documents and Settings\All Users\Application Data\Napster
C:\Documents and Settings\All Users\Application Data\Nvidia
C:\Documents and Settings\All Users\Application Data\Nview_profiles -- EMPTY Directory
C:\Documents and Settings\All Users\Application Data\Protexis
C:\Documents and Settings\All Users\Application Data\Quicktime
C:\Documents and Settings\All Users\Application Data\River Past G4
C:\Documents and Settings\All Users\Application Data\Securom
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
C:\Documents and Settings\All Users\Application Data\Support.com
C:\Documents and Settings\All Users\Application Data\Trymedia
C:\Documents and Settings\All Users\Application Data\Tuneup Software
C:\Documents and Settings\All Users\Application Data\Viewpoint
C:\Documents and Settings\All Users\Application Data\Vmware
C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
C:\Documents and Settings\Daniel\Application Data\.bittornado
C:\Documents and Settings\Daniel\Application Data\.bittorrent
C:\Documents and Settings\Daniel\Application Data\.gaim
C:\Documents and Settings\Daniel\Application Data\Acccore
C:\Documents and Settings\Daniel\Application Data\Adobe
C:\Documents and Settings\Daniel\Application Data\Adobeum
C:\Documents and Settings\Daniel\Application Data\Ahead
C:\Documents and Settings\Daniel\Application Data\Aim -- EMPTY Directory
C:\Documents and Settings\Daniel\Application Data\Allume Systems
C:\Documents and Settings\Daniel\Application Data\Apple Computer
C:\Documents and Settings\Daniel\Application Data\Atari -- EMPTY Directory
C:\Documents and Settings\Daniel\Application Data\Attnaturalvoices
C:\Documents and Settings\Daniel\Application Data\Azureus
C:\Documents and Settings\Daniel\Application Data\Bpftp
C:\Documents and Settings\Daniel\Application Data\Configuration -- EMPTY Directory
C:\Documents and Settings\Daniel\Application Data\Corel
C:\Documents and Settings\Daniel\Application Data\Dev-cpp -- EMPTY Directory
C:\Documents and Settings\Daniel\Application Data\Dmcache -- EMPTY Directory
C:\Documents and Settings\Daniel\Application Data\Download Manager -- EMPTY Directory
C:\Documents and Settings\Daniel\Application Data\Drms
C:\Documents and Settings\Daniel\Application Data\Emulators
C:\Documents and Settings\Daniel\Application Data\Farstone
C:\Documents and Settings\Daniel\Application Data\Flock -- EMPTY Directory
C:\Documents and Settings\Daniel\Application Data\Fltk.org
C:\Documents and Settings\Daniel\Application Data\Google
C:\Documents and Settings\Daniel\Application Data\Gram Burn Copy
C:\Documents and Settings\Daniel\Application Data\Gtek
C:\Documents and Settings\Daniel\Application Data\Hap_temp
C:\Documents and Settings\Daniel\Application Data\Help
C:\Documents and Settings\Daniel\Application Data\Ibp
C:\Documents and Settings\Daniel\Application Data\Identities
C:\Documents and Settings\Daniel\Application Data\Ign_dlm
C:\Documents and Settings\Daniel\Application Data\Lavasoft -- EMPTY Directory
C:\Documents and Settings\Daniel\Application Data\Leadertech
C:\Documents and Settings\Daniel\Application Data\Lionhead Studios -- EMPTY Directory
C:\Documents and Settings\Daniel\Application Data\Macromedia
C:\Documents and Settings\Daniel\Application Data\Mcafee
C:\Documents and Settings\Daniel\Application Data\Microsoft
C:\Documents and Settings\Daniel\Application Data\Microsoft Corporation
C:\Documents and Settings\Daniel\Application Data\Mozilla
C:\Documents and Settings\Daniel\Application Data\Msn6
C:\Documents and Settings\Daniel\Application Data\Msninstaller
C:\Documents and Settings\Daniel\Application Data\My Games
C:\Documents and Settings\Daniel\Application Data\Nasa
C:\Documents and Settings\Daniel\Application Data\Netmedia Providers -- EMPTY Directory
C:\Documents and Settings\Daniel\Application Data\Opera
C:\Documents and Settings\Daniel\Application Data\Publish Providers -- EMPTY Directory
C:\Documents and Settings\Daniel\Application Data\Real
C:\Documents and Settings\Daniel\Application Data\Realviz
C:\Documents and Settings\Daniel\Application Data\Red Chair Software
C:\Documents and Settings\Daniel\Application Data\Roxio
C:\Documents and Settings\Daniel\Application Data\Securom
C:\Documents and Settings\Daniel\Application Data\Shareaza
C:\Documents and Settings\Daniel\Application Data\Smartftp
C:\Documents and Settings\Daniel\Application Data\Sonic
C:\Documents and Settings\Daniel\Application Data\Sony
C:\Documents and Settings\Daniel\Application Data\Sun
C:\Documents and Settings\Daniel\Application Data\Systweak
C:\Documents and Settings\Daniel\Application Data\Talkback
C:\Documents and Settings\Daniel\Application Data\Thq
C:\Documents and Settings\Daniel\Application Data\Thunderbird
C:\Documents and Settings\Daniel\Application Data\Tuneup Software
C:\Documents and Settings\Daniel\Application Data\Uk.co.planetside
C:\Documents and Settings\Daniel\Application Data\Utorrent
C:\Documents and Settings\Daniel\Application Data\Vlc
C:\Documents and Settings\Daniel\Application Data\Vmware
C:\Documents and Settings\Daniel\Application Data\Webroot -- EMPTY Directory
C:\Documents and Settings\Daniel\Application Data\Xfire
C:\Documents and Settings\Daniel\Application Data\Zen Puzzle Garden
C:\Documents and Settings\Default User\Application Data\Gtek
C:\Documents and Settings\Default User\Application Data\Microsoft
C:\Documents and Settings\Empty\Application Data\.gaim
C:\Documents and Settings\Empty\Application Data\Adobe
C:\Documents and Settings\Empty\Application Data\Adobeum -- EMPTY Directory
C:\Documents and Settings\Empty\Application Data\Flock
C:\Documents and Settings\Empty\Application Data\Gtek
C:\Documents and Settings\Empty\Application Data\Help -- EMPTY Directory
C:\Documents and Settings\Empty\Application Data\Identities
C:\Documents and Settings\Empty\Application Data\Macromedia
C:\Documents and Settings\Empty\Application Data\Microsoft
C:\Documents and Settings\Empty\Application Data\Mozilla -- EMPTY Directory
C:\Documents and Settings\Empty\Application Data\Opera
C:\Documents and Settings\Empty\Application Data\Sun
C:\Documents and Settings\Empty\Application Data\Utorrent
C:\Documents and Settings\Localservice\Application Data\Azureus
C:\Documents and Settings\Localservice\Application Data\Gram Burn Copy -- EMPTY Directory
C:\Documents and Settings\Localservice\Application Data\Help
C:\Documents and Settings\Localservice\Application Data\Macromedia
C:\Documents and Settings\Localservice\Application Data\Microsoft
C:\Documents and Settings\Localservice\Application Data\Opera
C:\Documents and Settings\Localservice\Application Data\Vmware -- EMPTY Directory
C:\Documents and Settings\Networkservice\Application Data\Microsoft


Logfile of HijackThis v1.99.1
Scan saved at 3:17:27 PM, on 11/7/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Autodesk\3dsMax8\mentalray\satellite\raysat_3dsmax8server.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\oodag.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\UAService7.exe
C:\Program Files\VMware\VMware Player\vmware-authd.exe
C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
C:\WINDOWS\system32\vmnat.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\vmnetdhcp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\DllHost.exe
C:\WINDOWS\BCMSMMSG.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Dell AIO Printer A940\dlbabmgr.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Dell AIO Printer A940\dlbabmon.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Gaim\gaim.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\iPod\bin\iPodService.exe
c:\progra~1\intern~1\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Opera\Opera.exe
C:\Documents and Settings\Daniel\Desktop\Folders\hijack\Hello.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
O2 - BHO: DAPHelper Class - {0000CC75-ACF3-4cac-A0A9-DD3868E06852} - C:\Program Files\DAP\dapbho.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [BCMSMMSG] "BCMSMMSG.exe"
O4 - HKLM\..\Run: [dla] "C:\WINDOWS\system32\dla\tfswctrl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [NeroFilterCheck] "C:\WINDOWS\system32\NeroCheck.exe"
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [Dell AIO Printer A940] "C:\Program Files\Dell AIO Printer A940\dlbabmgr.exe"
O4 - HKLM\..\Run: [SoundMAXPnP] "C:\Program Files\Analog Devices\Core\smax4pnp.exe"
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [Windows Media Connect 2] "C:\Program Files\Windows Media Connect 2\WMCCFG.exe" /StartQuiet
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [jumpbolt] C:\DOCUME~1\Daniel\APPLIC~1\GRAMBU~1\MpegFlap.exe
O4 - HKCU\..\Run: [Gaim] C:\Program Files\Gaim\gaim.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Startup: Folding@Home 5.03.lnk = ?
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O16 - DPF: {2AF5BD25-90C5-4EEC-88C5-B44DC2905D8B} (DownloadManager Control) - http://dlmanager.akamaitools.com.edgesuite...vex-2.0.6.0.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.0.97.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/m...01/mcinsctl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1157300986070
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1159219546564
O16 - DPF: {82774781-8F4E-11D1-AB1C-0000F8773BF0} (DLC Class) - https://transfers.ds.microsoft.com/FTM/Tran...ransferCtrl.cab
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/shared/m...,26/mcgdmgr.cab
O16 - DPF: {D8AA889B-2C65-47C3-8C16-3DCD4EF76A47} (Invoke Solutions Participant Control(MR)) - http://online.invokesolutions.com/events/b...7207/MILive.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://www.driveragent.com/files/driveragent.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{698DE69A-709E-4707-BF74-CAC23A121C48}: NameServer = 68.87.71.226,68.87.73.242
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WB - C:\PROGRA~1\Stardock\OBJECT~2\WINDOW~1\fastload.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Connected Agent Service (AgentSrv) - Unknown owner - C:\Program Files\BackUp Solutions\AgentSrv.EXE (file missing)
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Macromedia Licensing Service - Macromedia - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: RaySat_3dsmax8 Server (mi-raysat_3dsmax8) - Unknown owner - C:\Program Files\Autodesk\3dsMax8\mentalray\satellite\raysat_3dsmax8server.exe
O23 - Service: mental ray 3.5 Satellite (32-bit) (mi-raysat_3dsmax9_32) - Unknown owner - G:\Applications\3dsmax9\mentalray\satellite\raysat_3dsmax9_32server.exe
O23 - Service: MSSQL$SONY_MEDIAMGR - Unknown owner - C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: SQLAgent$SONY_MEDIAMGR - Unknown owner - C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlagent.EXE (file missing)
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Sony DADC Austria AG. - C:\WINDOWS\system32\UAService7.exe
O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Program Files\VMware\VMware Player\vmware-authd.exe
O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\WINDOWS\system32\vmnetdhcp.exe
O23 - Service: VMware Virtual Mount Manager Extended (vmount2) - VMware, Inc. - C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
O23 - Service: VMware NAT Service - VMware, Inc. - C:\WINDOWS\system32\vmnat.exe

#4 DanTycoon

DanTycoon
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Location:Burlington, Connecticut, USA
  • Local time:06:45 PM

Posted 07 November 2006 - 07:46 PM

I swear I'm getting dumber. I just installed more spyware :thumbsup: GO ME!

Updated HJT Log:

Logfile of HijackThis v1.99.1
Scan saved at 7:42:25 PM, on 11/7/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Autodesk\3dsMax8\mentalray\satellite\raysat_3dsmax8server.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\oodag.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\UAService7.exe
C:\Program Files\VMware\VMware Player\vmware-authd.exe
C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
C:\WINDOWS\system32\vmnat.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\vmnetdhcp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\DllHost.exe
C:\WINDOWS\BCMSMMSG.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Dell AIO Printer A940\dlbabmgr.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Dell AIO Printer A940\dlbabmon.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Gaim\gaim.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\iPod\bin\iPodService.exe
c:\progra~1\intern~1\iexplore.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Opera\Opera.exe
C:\Documents and Settings\Daniel\Desktop\Folders\hijack\Hello.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
O2 - BHO: DAPHelper Class - {0000CC75-ACF3-4cac-A0A9-DD3868E06852} - C:\Program Files\DAP\dapbho.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {274c0420-ebe0-4f1d-b473-edd1aa9b85dd} - C:\Program Files\iVideoCodec\isaddon.dll (file missing)
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [BCMSMMSG] "BCMSMMSG.exe"
O4 - HKLM\..\Run: [dla] "C:\WINDOWS\system32\dla\tfswctrl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [NeroFilterCheck] "C:\WINDOWS\system32\NeroCheck.exe"
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [Dell AIO Printer A940] "C:\Program Files\Dell AIO Printer A940\dlbabmgr.exe"
O4 - HKLM\..\Run: [SoundMAXPnP] "C:\Program Files\Analog Devices\Core\smax4pnp.exe"
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [Windows Media Connect 2] "C:\Program Files\Windows Media Connect 2\WMCCFG.exe" /StartQuiet
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [jumpbolt] C:\DOCUME~1\Daniel\APPLIC~1\GRAMBU~1\MpegFlap.exe
O4 - HKCU\..\Run: [Gaim] C:\Program Files\Gaim\gaim.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Startup: Folding@Home 5.03.lnk = ?
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O16 - DPF: {2AF5BD25-90C5-4EEC-88C5-B44DC2905D8B} (DownloadManager Control) - http://dlmanager.akamaitools.com.edgesuite...vex-2.0.6.0.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.0.97.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/m...01/mcinsctl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1157300986070
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1159219546564
O16 - DPF: {82774781-8F4E-11D1-AB1C-0000F8773BF0} (DLC Class) - https://transfers.ds.microsoft.com/FTM/Tran...ransferCtrl.cab
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/shared/m...,26/mcgdmgr.cab
O16 - DPF: {D8AA889B-2C65-47C3-8C16-3DCD4EF76A47} (Invoke Solutions Participant Control(MR)) - http://online.invokesolutions.com/events/b...7207/MILive.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://www.driveragent.com/files/driveragent.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{698DE69A-709E-4707-BF74-CAC23A121C48}: NameServer = 68.87.71.226,68.87.73.242
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WB - C:\PROGRA~1\Stardock\OBJECT~2\WINDOW~1\fastload.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Connected Agent Service (AgentSrv) - Unknown owner - C:\Program Files\BackUp Solutions\AgentSrv.EXE (file missing)
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Macromedia Licensing Service - Macromedia - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: RaySat_3dsmax8 Server (mi-raysat_3dsmax8) - Unknown owner - C:\Program Files\Autodesk\3dsMax8\mentalray\satellite\raysat_3dsmax8server.exe
O23 - Service: mental ray 3.5 Satellite (32-bit) (mi-raysat_3dsmax9_32) - Unknown owner - G:\Applications\3dsmax9\mentalray\satellite\raysat_3dsmax9_32server.exe
O23 - Service: MSSQL$SONY_MEDIAMGR - Unknown owner - C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: SQLAgent$SONY_MEDIAMGR - Unknown owner - C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlagent.EXE (file missing)
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Sony DADC Austria AG. - C:\WINDOWS\system32\UAService7.exe
O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Program Files\VMware\VMware Player\vmware-authd.exe
O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\WINDOWS\system32\vmnetdhcp.exe
O23 - Service: VMware Virtual Mount Manager Extended (vmount2) - VMware, Inc. - C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
O23 - Service: VMware NAT Service - VMware, Inc. - C:\WINDOWS\system32\vmnat.exe

#5 Mr_JAk3

Mr_JAk3

    HJT Team Member


  • Members
  • 527 posts
  • OFFLINE
  •  
  • Location:Finland
  • Local time:12:45 AM

Posted 08 November 2006 - 08:44 AM

Hi :thumbsup:

You're rigth, you got some new infections there...

Please download SmitfraudFix (by S!Ri)
Extract the content (a folder named SmitfraudFix) to your Desktop.

Open the SmitfraudFix folder and double-click smitfraudfix.cmd
Select option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).
Please copy/paste the content of that report into your next reply.

Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.
http://www.beyondlogic.org/consulting/proc...processutil.htm

NOTE: Do not run any other options from SmitfraudFix until I tell you to do so!
UNITE & ASAP member since 2006
Posted Image
Posted Image

#6 DanTycoon

DanTycoon
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Location:Burlington, Connecticut, USA
  • Local time:06:45 PM

Posted 08 November 2006 - 02:57 PM

SmitFraudFix v2.119

Scan done at 14:52:19.59, Wed 11/08/2006
Run from C:\Documents and Settings\Daniel\Desktop\Computer Helpers\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
Fix run in normal mode

C:\


C:\WINDOWS


C:\WINDOWS\system


C:\WINDOWS\Web


C:\WINDOWS\system32

C:\WINDOWS\system32\okkmtv.dll FOUND !

C:\WINDOWS\system32\LogFiles


C:\Documents and Settings\Daniel


C:\Documents and Settings\Daniel\Application Data


Start Menu

C:\DOCUME~1\ALLUSE~1\STARTM~1\Online Security Guide.url FOUND !
C:\DOCUME~1\ALLUSE~1\STARTM~1\Security Troubleshooting.url FOUND !

C:\DOCUME~1\Daniel\FAVORI~1


Desktop


C:\Program Files

C:\Program Files\iVideoCodec\ FOUND !
C:\Program Files\VirusBursters\ FOUND !

Corrupted keys


Desktop Components

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="http://my.livecard.net/h3/DanTycoon9900.png"
"SubscribedURL"="http://my.livecard.net/h3/DanTycoon9900.png"
"FriendlyName"=""


Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{11853d5f-f894-4cc7-bbc3-fc7a9dcfd896}"="bonspells"



AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""


pe386-msguard-lzx32


Scanning wininet.dll infection


End


What's worse is, I thought it was spyware but I installed it anyways. Someone shoot me.

#7 Mr_JAk3

Mr_JAk3

    HJT Team Member


  • Members
  • 527 posts
  • OFFLINE
  •  
  • Location:Finland
  • Local time:12:45 AM

Posted 09 November 2006 - 05:40 AM

Hi again, we'll continue :thumbsup:

You are using DAP which is not technically malware, but it may include malware and allow it into your system. You can find Safer Alternatives. We'll remove it.

You should print these instructions or save these to a text file. Follow these instructions carefully.

Please download AVG Anti-Spyware to your Desktop or to your usual Download Folder.
http://www.ewido.net/en/download/
  • Install AVG Anti-Spyware by double clicking the installer.
  • Follow the prompts. Make sure that Launch AVG Anti-Spyware is checked.
  • On the main screen under Your Computer's security.
    • Click on Change state next to Resident shield. It should now change to inactive.
    • Click on Change state next to Automatic updates. It should now change to inactive.
    • Next to Last Update, click on Update now. (You will need an active internet connection to perform this)
    • Wait until you see the Update succesfull message.
  • Right-click the AVG Anti-Spyware Tray Icon and uncheck Start with Windows.
  • Right-click the AVG Anti-Spyware Tray Icon and select Exit. Confirm by clicking Yes.
If you are having problems with the updater, you can use this link to manually update ewido.
AVG Anti-Spyware manual updates.
Download the Full database to your Desktop or to your usual Download Folder and install it by double clicking the file. Make sure that AVG Anti-Spyware is closed before installing the update.

Download ATF Cleaner by Atribune to your desktop.
Do NOT run yet.

Then, make your hidden files visible:
  • Go to My Computer
  • Select the Tools menu and click Folder Options
  • Click the View tab.
  • Checkmark the "Display the contents of system folders"
  • Under the Hidden files and folders select "Show hidden files and folders"
  • Uncheck "Hide protected operating system files"
  • Click Apply and then the OK and close My Computer.
==================

Open Control Panel -> Add/Remove programs -> Remove all the of the following programs if found:

DAP


Run HijackThis, click Do a system scan only, and check the box next to each of these entries if still present. Close all other windows and press Fix checked. If something isn't there, please continue with the next entry in the list.

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
O2 - BHO: DAPHelper Class - {0000CC75-ACF3-4cac-A0A9-DD3868E06852} - C:\Program Files\DAP\dapbho.dll
O2 - BHO: (no name) - {274c0420-ebe0-4f1d-b473-edd1aa9b85dd} - C:\Program Files\iVideoCodec\isaddon.dll (file missing)
O4 - HKCU\..\Run: [jumpbolt] C:\DOCUME~1\Daniel\APPLIC~1\GRAMBU~1\MpegFlap.exe
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm


Restart your computer to the safe mode:
  • Restart your computer
  • Start tapping the F8 key when the computer restarts.
  • When the start menu opens, choose Safe mode
  • Press Enter. The computer then begins to start in Safe mode.
Go to the My Computer and delete the following folders (if present):
C:\Program Files\DAP
C:\Documents and Settings\All Users\Application Data\Meowburnkeepsize
C:\Documents and Settings\Daniel\Application Data\Attnaturalvoices
C:\Documents and Settings\Daniel\Application Data\Gram Burn Copy
C:\Documents and Settings\Localservice\Application Data\Gram Burn Copy

Once in Safe Mode, open the SmitfraudFix folder again and double-click smitfraudfix.cmd
Select option #2 - Clean by typing 2 and press "Enter" to delete infected files.

You will be prompted : "Registry cleaning - Do you want to clean the registry ?"; answer "Yes" by typing Y and press "Enter" in order to remove the Desktop background and clean registry keys associated with the infection.

The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found); answer "Yes" by typing Y and press "Enter".

The tool may need to restart your computer to finish the cleaning process; if it doesn't, please restart it into Normal Windows.
A text file will appear onscreen, with results from the cleaning process; please copy/paste the content of that report into your next reply.
The report can also be found at the root of the system drive, usually at C:\rapport.txt

Warning : running option #2 on a non infected computer will remove your Desktop background.

Restart to the safe mode again.

Run ATF Cleaner Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.

Close ALL open Windows / Programs / Folders. Please start AVG Anti-Spyware and run a full scan.
  • Click on Scanner on the toolbar.
  • Click on the Settings tab.
    • Under How to act?
      • Click on Recommended Action and choose Quarantine from the popup menu.
    • Under How to scan?
      • All checkboxes should be ticked.
    • Under Possibly unwanted software:
      • All checkboxes should be ticked.
    • Under Reports:
      • Select Automatically generate report after every scan and uncheck Only if threats were found.
    • Under What to scan?
      • Select Scan every file.
  • Click on the Scan tab.
  • Click on Complete System Scan to start the scan process.
  • Let the program scan the machine.
  • When the scan has finished, follow the instructions below.
    IMPORTANT : Don't click on the "Save Scan Report" button before you did hit the "Apply all Actions" button.
    • Make sure that Set all elements to: shows Quarantine (1), if not click on the link and choose Quarantine from the popup menu. (2)
    • At the bottom of the window click on the Apply all Actions button. (3)
      Posted Image
  • When done, click the Save Scan Report button. (4)
    • Click the Save Report as button.
    • Save the report to your Desktop.
  • Right-click the AVG Anti-Spyware Tray Icon and select Exit. Confirm by clicking Yes.
Reboot in Normal Mode.

================

When you're ready, post the following logs to here:
- AVG's report
- a fresh HijackThis log
- contents of C:\Rapport.txt
UNITE & ASAP member since 2006
Posted Image
Posted Image

#8 DanTycoon

DanTycoon
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Location:Burlington, Connecticut, USA
  • Local time:06:45 PM

Posted 09 November 2006 - 05:12 PM

Sorry if this throws you off, but it appears I can't follow directions. Couple of things that may or may not throw you off:

1. I switched to IE 7
2. In your directions I didn't Empty all on Main on the ATF Cleaner untill after the AVG Spyware was half an hour into the scan. I didn't want to restart it, so I just did it in the middle...oops. So the results from AVG may have some stuff that ATF cleaned out while the scan was paused.

I'm really sorry if this thows you off at all. The logs:

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 4:48:30 PM 11/9/2006

+ Scan result:



HKU\S-1-5-21-448539723-725345543-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F7D40011-29BB-43EB-9C97-875CE89E9E36} -> Adware.Generic : Cleaned with backup (quarantined).
C:\Program Files\Common Files\Real\WeatherBug\MiniBugTransporter.dll -> Adware.Minibug : Cleaned with backup (quarantined).
HKU\S-1-5-21-448539723-725345543-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{4A2AACF3-ADF6-11D5-98A9-00E018981B9E} -> Adware.NewDotNet : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{BF44F1E7-DF90-4C82-9177-8FCBB5942706}\RP1202\A0236696.dll -> Not-A-Virus.Hoax.Win32.Renos.gb : Cleaned with backup (quarantined).
:mozilla.23:C:\Documents and Settings\empty\Application Data\Flock\Browser\Profiles\0udfo5i7.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.24:C:\Documents and Settings\empty\Application Data\Flock\Browser\Profiles\0udfo5i7.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.25:C:\Documents and Settings\empty\Application Data\Flock\Browser\Profiles\0udfo5i7.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.31:C:\Documents and Settings\empty\Application Data\Flock\Browser\Profiles\0udfo5i7.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.32:C:\Documents and Settings\empty\Application Data\Flock\Browser\Profiles\0udfo5i7.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.33:C:\Documents and Settings\Daniel\Application Data\Mozilla\Flock\Profiles\aoscsk06.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.33:C:\Documents and Settings\empty\Application Data\Flock\Browser\Profiles\0udfo5i7.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.34:C:\Documents and Settings\Daniel\Application Data\Mozilla\Flock\Profiles\aoscsk06.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.35:C:\Documents and Settings\Daniel\Application Data\Mozilla\Flock\Profiles\aoscsk06.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.36:C:\Documents and Settings\Daniel\Application Data\Mozilla\Flock\Profiles\aoscsk06.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.37:C:\Documents and Settings\Daniel\Application Data\Mozilla\Flock\Profiles\aoscsk06.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.38:C:\Documents and Settings\Daniel\Application Data\Mozilla\Flock\Profiles\aoscsk06.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.39:C:\Documents and Settings\Daniel\Application Data\Mozilla\Flock\Profiles\aoscsk06.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.40:C:\Documents and Settings\Daniel\Application Data\Mozilla\Flock\Profiles\aoscsk06.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.41:C:\Documents and Settings\Daniel\Application Data\Mozilla\Flock\Profiles\aoscsk06.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.42:C:\Documents and Settings\Daniel\Application Data\Mozilla\Flock\Profiles\aoscsk06.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.43:C:\Documents and Settings\Daniel\Application Data\Mozilla\Flock\Profiles\aoscsk06.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.44:C:\Documents and Settings\Daniel\Application Data\Mozilla\Flock\Profiles\aoscsk06.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.45:C:\Documents and Settings\Daniel\Application Data\Mozilla\Flock\Profiles\aoscsk06.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.46:C:\Documents and Settings\Daniel\Application Data\Mozilla\Flock\Profiles\aoscsk06.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.47:C:\Documents and Settings\Daniel\Application Data\Mozilla\Flock\Profiles\aoscsk06.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.48:C:\Documents and Settings\Daniel\Application Data\Mozilla\Flock\Profiles\aoscsk06.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.49:C:\Documents and Settings\Daniel\Application Data\Mozilla\Flock\Profiles\aoscsk06.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.50:C:\Documents and Settings\Daniel\Application Data\Mozilla\Flock\Profiles\aoscsk06.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.51:C:\Documents and Settings\Daniel\Application Data\Mozilla\Flock\Profiles\aoscsk06.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.52:C:\Documents and Settings\Daniel\Application Data\Mozilla\Flock\Profiles\aoscsk06.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.53:C:\Documents and Settings\Daniel\Application Data\Mozilla\Flock\Profiles\aoscsk06.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.54:C:\Documents and Settings\Daniel\Application Data\Mozilla\Flock\Profiles\aoscsk06.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.55:C:\Documents and Settings\Daniel\Application Data\Mozilla\Flock\Profiles\aoscsk06.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.56:C:\Documents and Settings\Daniel\Application Data\Mozilla\Flock\Profiles\aoscsk06.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.57:C:\Documents and Settings\Daniel\Application Data\Mozilla\Flock\Profiles\aoscsk06.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.58:C:\Documents and Settings\Daniel\Application Data\Mozilla\Flock\Profiles\aoscsk06.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.59:C:\Documents and Settings\Daniel\Application Data\Mozilla\Flock\Profiles\aoscsk06.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.60:C:\Documents and Settings\Daniel\Application Data\Mozilla\Flock\Profiles\aoscsk06.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.61:C:\Documents and Settings\Daniel\Application Data\Mozilla\Flock\Profiles\aoscsk06.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.62:C:\Documents and Settings\Daniel\Application Data\Mozilla\Flock\Profiles\aoscsk06.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.632:C:\Documents and Settings\Daniel\Application Data\Mozilla\Flock\Profiles\aoscsk06.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.63:C:\Documents and Settings\Daniel\Application Data\Mozilla\Flock\Profiles\aoscsk06.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.649:C:\Documents and Settings\Daniel\Application Data\Mozilla\Flock\Profiles\aoscsk06.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.64:C:\Documents and Settings\Daniel\Application Data\Mozilla\Flock\Profiles\aoscsk06.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.656:C:\Documents and Settings\Daniel\Application Data\Mozilla\Flock\Profiles\aoscsk06.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.65:C:\Documents and Settings\Daniel\Application Data\Mozilla\Flock\Profiles\aoscsk06.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.66:C:\Documents and Settings\Daniel\Application Data\Mozilla\Flock\Profiles\aoscsk06.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.67:C:\Documents and Settings\Daniel\Application Data\Mozilla\Flock\Profiles\aoscsk06.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.68:C:\Documents and Settings\Daniel\Application Data\Mozilla\Flock\Profiles\aoscsk06.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.69:C:\Documents and Settings\Daniel\Application Data\Mozilla\Flock\Profiles\aoscsk06.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.70:C:\Documents and Settings\Daniel\Application Data\Mozilla\Flock\Profiles\aoscsk06.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.713:C:\Documents and Settings\Daniel\Application Data\Mozilla\Flock\Profiles\aoscsk06.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.71:C:\Documents and Settings\Daniel\Application Data\Mozilla\Flock\Profiles\aoscsk06.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.781:C:\Documents and Settings\Daniel\Application Data\Mozilla\Flock\Profiles\aoscsk06.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\empty\Cookies\empty@tcompany.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
V:\Users\Daniel\AppData\Roaming\Microsoft\Windows\Cookies\Low\daniel@2o7[2].txt -> TrackingCookie.2o7 : Cleaned.
V:\Users\Daniel\AppData\Roaming\Microsoft\Windows\Cookies\Low\daniel@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.552:C:\Documents and Settings\Daniel\Application Data\Mozilla\Flock\Profiles\aoscsk06.default\cookies.txt -> TrackingCookie.Abcsearch : Cleaned.
:mozilla.554:C:\Documents and Settings\Daniel\Application Data\Mozilla\Flock\Profiles\aoscsk06.default\cookies.txt -> TrackingCookie.Abcsearch : Cleaned.
:mozilla.569:C:\Documents and Settings\Daniel\Application Data\Mozilla\Flock\Profiles\aoscsk06.default\cookies.txt -> TrackingCookie.Admarketplace : Cleaned.
:mozilla.27:C:\Documents and Settings\empty\Application Data\Flock\Browser\Profiles\0udfo5i7.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.28:C:\Documents and Settings\empty\Application Data\Flock\Browser\Profiles\0udfo5i7.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.29:C:\Documents and Settings\empty\Application Data\Flock\Browser\Profiles\0udfo5i7.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.30:C:\Documents and Settings\empty\Application Data\Flock\Browser\Profiles\0udfo5i7.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.34:C:\Documents and Settings\empty\Application Data\Flock\Browser\Profiles\0udfo5i7.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.256:C:\Documents and Settings\Daniel\Application Data\Mozilla\Flock\Profiles\aoscsk06.default\cookies.txt -> TrackingCookie.Adserver : Cleaned.
:mozilla.257:C:\Documents and Settings\Daniel\Application Data\Mozilla\Flock\Profiles\aoscsk06.default\cookies.txt -> TrackingCookie.Adserver : Cleaned.
:mozilla.258:C:\Documents and Settings\Daniel\Application Data\Mozilla\Flock\Profiles\aoscsk06.default\cookies.txt -> TrackingCookie.Adserver : Cleaned.
:mozilla.259:C:\Documents and Settings\Daniel\Application Data\Mozilla\Flock\Profiles\aoscsk06.default\cookies.txt -> TrackingCookie.Adserver : Cleaned.
:mozilla.260:C:\Documents and Settings\Daniel\Application Data\Mozilla\Flock\Profiles\aoscsk06.default\cookies.txt -> TrackingCookie.Adserver : Cleaned.
:mozilla.261:C:\Documents and Settings\Daniel\Application Data\Mozilla\Flock\Profiles\aoscsk06.default\cookies.txt -> TrackingCookie.Adserver : Cleaned.
:mozilla.323:C:\Documents and Settings\Daniel\Application Data\Mozilla\Flock\Profiles\aoscsk06.default\cookies.txt -> TrackingCookie.Adtech : Cleaned.
:mozilla.324:C:\Documents and Settings\Daniel\Application Data\Mozilla\Flock\Profiles\aoscsk06.default\cookies.txt -> TrackingCookie.Adtech : Cleaned.
:mozilla.195:C:\Documents and Settings\Daniel\Application Data\Mozilla\Flock\Profiles\aoscsk06.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.196:C:\Documents and Settings\Daniel\Application Data\Mozilla\Flock\Profiles\aoscsk06.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.197:C:\Documents and Settings\Daniel\Application Data\Mozilla\Flock\Profiles\aoscsk06.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.198:C:\Documents and Settings\Daniel\Application Data\Mozilla\Flock\Profiles\aoscsk06.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.199:C:\Documents and Settings\Daniel\Application Data\Mozilla\Flock\Profiles\aoscsk06.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.39:C:\Documents and Settings\empty\Application Data\Flock\Browser\Profiles\0udfo5i7.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.40:C:\Documents and Settings\empty\Application Data\Flock\Browser\Profiles\0udfo5i7.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.41:C:\Documents and Settings\empty\Application Data\Flock\Browser\Profiles\0udfo5i7.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.112:C:\Documents and Settings\Daniel\Application Data\Mozilla\Flock\Profiles\aoscsk06.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
:mozilla.113:C:\Documents and Settings\Daniel\Application Data\Mozilla\Flock\Profiles\aoscsk06.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
:mozilla.114:C:\Documents and Settings\Daniel\Application Data\Mozilla\Flock\Profiles\aoscsk06.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
:mozilla.115:C:\Documents and Settings\Daniel\Application Data\Mozilla\Flock\Profiles\aoscsk06.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
:mozilla.116:C:\Documents and Settings\Daniel\Application Data\Mozilla\Flock\Profiles\aoscsk06.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
:mozilla.117:C:\Documents and Settings\Daniel\Application Data\Mozilla\Flock\Profiles\aoscsk06.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
:mozilla.118:C:\Documents and Settings\Daniel\Application Data\Mozilla\Flock\Profiles\aoscsk06.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
:mozilla.119:C:\Documents and Settings\Daniel\Application Data\Mozilla\Flock\Profiles\aoscsk06.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
:mozilla.120:C:\Documents and Settings\Daniel\Application Data\Mozilla\Flock\Profiles\aoscsk06.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
:mozilla.124:C:\Documents and Settings\Daniel\Application Data\Mozilla\Flock\Profiles\aoscsk06.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
:mozilla.37:C:\Documents and Settings\empty\Application Data\Flock\Browser\Profiles\0udfo5i7.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
V:\Users\Daniel\AppData\Roaming\Microsoft\Windows\Cookies\Low\daniel@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned.
:mozilla.642:C:\Documents and Settings\Daniel\Application Data\Mozilla\Flock\Profiles\aoscsk06.default\cookies.txt -> TrackingCookie.Bfast : Cleaned.
:mozilla.643:C:\Documents and Settings\Daniel\Application Data\Mozilla\Flock\Profiles\aoscsk06.default\cookies.txt -> TrackingCookie.Bfast : Cleaned.
:mozilla.677:C:\Documents and Settings\Daniel\Application Data\Mozilla\Flock\Profiles\aoscsk06.default\cookies.txt -> TrackingCookie.Bluestreak : Cleaned.
:mozilla.813:C:\Documents and Settings\Daniel\Application Data\Mozilla\Flock\Profiles\aoscsk06.default\cookies.txt -> TrackingCookie.Bridgetrack : Cleaned.
:mozilla.814:C:\Documents and Settings\Daniel\Application Data\Mozilla\Flock\Profiles\aoscsk06.default\cookies.txt -> TrackingCookie.Bridgetrack : Cleaned.
:mozilla.815:C:\Documents and Settings\Daniel\Application Data\Mozilla\Flock\Profiles\aoscsk06.default\cookies.txt -> TrackingCookie.Bridgetrack : Cleaned.
:mozilla.816:C:\Documents and Settings\Daniel\Application Data\Mozilla\Flock\Profiles\aoscsk06.default\cookies.txt -> TrackingCookie.Bridgetrack : Cleaned.
:mozilla.121:C:\Documents and Settings\Daniel\Application Data\Mozilla\Flock\Profiles\aoscsk06.default\cookies.txt -> TrackingCookie.Burstbeacon : Cleaned.
:mozilla.122:C:\Documents and Settings\Daniel\Application Data\Mozilla\Flock\Profiles\aoscsk06.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.123:C:\Documents and Settings\Daniel\Application Data\Mozilla\Flock\Profiles\aoscsk06.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.104:C:\Documents and Settings\empty\Application Data\Flock\Browser\Profiles\0udfo5i7.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.105:C:\Documents and Settings\empty\Application Data\Flock\Browser\Profiles\0udfo5i7.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.106:C:\Documents and Settings\empty\Application Data\Flock\Browser\Profiles\0udfo5i7.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.366:C:\Documents and Settings\Daniel\Application Data\Mozilla\Flock\Profiles\aoscsk06.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.367:C:\Documents and Settings\Daniel\Application Data\Mozilla\Flock\Profiles\aoscsk06.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.368:C:\Documents and Settings\Daniel\Application Data\Mozilla\Flock\Profiles\aoscsk06.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.369:C:\Documents and Settings\Daniel\Application Data\Mozilla\Flock\Profiles\aoscsk06.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.370:C:\Documents and Settings\Daniel\Application Data\Mozilla\Flock\Profiles\aoscsk06.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.371:C:\Documents and Settings\Daniel\Application Data\Mozilla\Flock\Profiles\aoscsk06.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.305:C:\Documents and Settings\Daniel\Application Data\Mozilla\Flock\Profiles\aoscsk06.default\cookies.txt -> TrackingCookie.Com : Cleaned.
:mozilla.306:C:\Documents and Settings\Daniel\Application Data\Mozilla\Flock\Profiles\aoscsk06.default\cookies.txt -> TrackingCookie.Com : Cleaned.
:mozilla.325:C:\Documents and Settings\Daniel\Application Data\Mozilla\Flock\Profiles\aoscsk06.default\cookies.txt -> TrackingCookie.Com : Cleaned.
V:\Users\Daniel\AppData\Roaming\Microsoft\Windows\Cookies\Low\daniel@com[1].txt -> TrackingCookie.Com : Cleaned.
:mozilla.596:C:\Documents and Settings\Daniel\Application Data\Mozilla\Flock\Profiles\aoscsk06.default\cookies.txt -> TrackingCookie.Coremetrics : Cleaned.
:mozilla.748:C:\Documents and Settings\Daniel\Application Data\Mozilla\Flock\Profiles\aoscsk06.default\cookies.txt -> TrackingCookie.Coremetrics : Cleaned.
:mozilla.171:C:\Documents and Settings\Daniel\Application Data\Mozilla\Flock\Profiles\aoscsk06.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.172:C:\Documents and Settings\Daniel\Application Data\Mozilla\Flock\Profiles\aoscsk06.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.36:C:\Documents and Settings\empty\Application Data\Flock\Browser\Profiles\0udfo5i7.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.
V:\Users\Daniel\AppData\Roaming\Microsoft\Windows\Cookies\Low\daniel@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.824:C:\Documents and Settings\Daniel\Application Data\Mozilla\Flock\Profiles\aoscsk06.default\cookies.txt -> TrackingCookie.Estat : Cleaned.
:mozilla.102:C:\Documents and Settings\empty\Application Data\Flock\Browser\Profiles\0udfo5i7.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.103:C:\Documents and Settings\empty\Application Data\Flock\Browser\Profiles\0udfo5i7.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
C:\Documents and Settings\Daniel\Cookies\daniel@adopt.euroclick[2].txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.139:C:\Documents and Settings\Daniel\Application Data\Mozilla\Flock\Profiles\aoscsk06.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.140:C:\Documents and Settings\Daniel\Application Data\Mozilla\Flock\Profiles\aoscsk06.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.141:C:\Documents and Settings\Daniel\Application Data\Mozilla\Flock\Profiles\aoscsk06.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.142:C:\Documents and Settings\Daniel\Application Data\Mozilla\Flock\Profiles\aoscsk06.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.143:C:\Documents and Settings\Daniel\Application Data\Mozilla\Flock\Profiles\aoscsk06.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.144:C:\Documents and Settings\Daniel\Application Data\Mozilla\Flock\Profiles\aoscsk06.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.641:C:\Documents and Settings\Daniel\Application Data\Mozilla\Flock\Profiles\aoscsk06.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.191:C:\Documents and Settings\Daniel\Application Data\Mozilla\Flock\Profiles\aoscsk06.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.192:C:\Documents and Settings\Daniel\Application Data\Mozilla\Flock\Profiles\aoscsk06.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.193:C:\Documents and Settings\Daniel\Application Data\Mozilla\Flock\Profiles\aoscsk06.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.194:C:\Documents and Settings\Daniel\Application Data\Mozilla\Flock\Profiles\aoscsk06.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.68:C:\Documents and Settings\empty\Application Data\Flock\Browser\Profiles\0udfo5i7.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.553:C:\Documents and Settings\Daniel\Application Data\Mozilla\Flock\Profiles\aoscsk06.default\cookies.txt -> TrackingCookie.Findwhat : Cleaned.
:mozilla.479:C:\Documents and Settings\Daniel\Application Data\Mozilla\Flock\Profiles\aoscsk06.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.500:C:\Documents and Settings\Daniel\Application Data\Mozilla\Flock\Profiles\aoscsk06.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.567:C:\Documents and Settings\Daniel\Application Data\Mozilla\Flock\Profiles\aoscsk06.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.627:C:\Documents and Settings\Daniel\Application Data\Mozilla\Flock\Profiles\aoscsk06.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.652:C:\Documents and Settings\Daniel\Application Data\Mozilla\Flock\Profiles\aoscsk06.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.932:C:\Documents and Settings\Daniel\Application Data\Mozilla\Flock\Profiles\aoscsk06.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.963:C:\Documents and Settings\Daniel\Application Data\Mozilla\Flock\Profiles\aoscsk06.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.975:C:\Documents and Settings\Daniel\Application Data\Mozilla\Flock\Profiles\aoscsk06.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.241:C:\Documents and Settings\Daniel\Application Data\Mozilla\Flock\Profiles\aoscsk06.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.242:C:\Documents and Settings\Daniel\Application Data\Mozilla\Flock\Profiles\aoscsk06.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.243:C:\Documents and Settings\Daniel\Application Data\Mozilla\Flock\Profiles\aoscsk06.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.244:C:\Documents and Settings\Daniel\Application Data\Mozilla\Flock\Profiles\aoscsk06.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.284:C:\Documents and Settings\Daniel\Application Data\Mozilla\Flock\Profiles\aoscsk06.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.285:C:\Documents and Settings\Daniel\Application Data\Mozilla\Flock\Profiles\aoscsk06.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.286:C:\Documents and Settings\Daniel\Application Data\Mozilla\Flock\Profiles\aoscsk06.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.287:C:\Documents and Settings\Daniel\Application Data\Mozilla\Flock\Profiles\aoscsk06.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.288:C:\Documents and Settings\Daniel\Application Data\Mozilla\Flock\Profiles\aoscsk06.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.289:C:\Documents and Settings\Daniel\Application Data\Mozilla\Flock\Profiles\aoscsk06.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.290:C:\Documents and Settings\Daniel\Application Data\Mozilla\Flock\Profiles\aoscsk06.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.291:C:\Documents and Settings\Daniel\Application Data\Mozilla\Flock\Profiles\aoscsk06.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.292:C:\Documents and Settings\Daniel\Application Data\Mozilla\Flock\Profiles\aoscsk06.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.336:C:\Documents and Settings\Daniel\Application Data\Mozilla\Flock\Profiles\aoscsk06.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.378:C:\Documents and Settings\Daniel\Application Data\Mozilla\Flock\Profiles\aoscsk06.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.381:C:\Documents and Settings\Daniel\Application Data\Mozilla\Flock\Profiles\aoscsk06.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.682:C:\Documents and Settings\Daniel\Application Data\Mozilla\Flock\Profiles\aoscsk06.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.726:C:\Documents and Settings\Daniel\Application Data\Mozilla\Flock\Profiles\aoscsk06.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.727:C:\Documents and Settings\Daniel\Application Data\Mozilla\Flock\Profiles\aoscsk06.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.765:C:\Documents and Settings\Daniel\Application Data\Mozilla\Flock\Profiles\aoscsk06.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.857:C:\Documents and Settings\Daniel\Application Data\Mozilla\Flock\Profiles\aoscsk06.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.858:C:\Documents and Settings\Daniel\Application Data\Mozilla\Flock\Profiles\aoscsk06.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.859:C:\Documents and Settings\Daniel\Application Data\Mozilla\Flock\Profiles\aoscsk06.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.868:C:\Documents and Settings\Daniel\Application Data\Mozilla\Flock\Profiles\aoscsk06.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.870:C:\Documents and Settings\Daniel\Application Data\Mozilla\Flock\Profiles\aoscsk06.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.871:C:\Documents and Settings\Daniel\Application Data\Mozilla\Flock\Profiles\aoscsk06.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.879:C:\Documents and Settings\Daniel\Application Data\Mozilla\Flock\Profiles\aoscsk06.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.913:C:\Documents and Settings\Daniel\Application Data\Mozilla\Flock\Profiles\aoscsk06.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.914:C:\Documents and Settings\Daniel\Application Data\Mozilla\Flock\Profiles\aoscsk06.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.934:C:\Documents and Settings\Daniel\Application Data\Mozilla\Flock\Profiles\aoscsk06.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.953:C:\Documents and Settings\Daniel\Application Data\Mozilla\Flock\Profiles\aoscsk06.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.769:C:\Documents and Settings\Daniel\Application Data\Mozilla\Flock\Profiles\aoscsk06.default\cookies.txt -> TrackingCookie.Hitslink : Cleaned.
:mozilla.770:C:\Documents and Settings\Daniel\Application Data\Mozilla\Flock\Profiles\aoscsk06.default\cookies.txt -> TrackingCookie.Hitslink : Cleaned.
:mozilla.771:C:\Documents and Settings\Daniel\Application Data\Mozilla\Flock\Profiles\aoscsk06.default\cookies.txt -> TrackingCookie.Hitslink : Cleaned.
:mozilla.772:C:\Documents and Settings\Daniel\Application Data\Mozilla\Flock\Profiles\aoscsk06.default\cookies.txt -> TrackingCookie.Hitslink : Cleaned.
:mozilla.471:C:\Documents and Settings\Daniel\Application Data\Mozilla\Flock\Profiles\aoscsk06.default\cookies.txt -> TrackingCookie.Hotlog : Cleaned.
:mozilla.15:C:\Documents and Settings\empty\Application Data\Flock\Browser\Profiles\0udfo5i7.default\cookies.txt -> TrackingCookie.Linksynergy : Cleaned.
:mozilla.16:C:\Documents and Settings\empty\Application Data\Flock\Browser\Profiles\0udfo5i7.default\cookies.txt -> TrackingCookie.Linksynergy : Cleaned.
:mozilla.17:C:\Documents and Settings\empty\Application Data\Flock\Browser\Profiles\0udfo5i7.default\cookies.txt -> TrackingCookie.Linksynergy : Cleaned.
:mozilla.602:C:\Documents and Settings\Daniel\Application Data\Mozilla\Flock\Profiles\aoscsk06.default\cookies.txt -> TrackingCookie.Linksynergy : Cleaned.
:mozilla.603:C:\Documents and Settings\Daniel\Application Data\Mozilla\Flock\Profiles\aoscsk06.default\cookies.txt -> TrackingCookie.Linksynergy : Cleaned.
:mozilla.589:C:\Documents and Settings\Daniel\Application Data\Mozilla\Flock\Profiles\aoscsk06.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.590:C:\Documents and Settings\Daniel\Application Data\Mozilla\Flock\Profiles\aoscsk06.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.591:C:\Documents and Settings\Daniel\Application Data\Mozilla\Flock\Profiles\aoscsk06.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.819:C:\Documents and Settings\Daniel\Application Data\Mozilla\Flock\Profiles\aoscsk06.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
C:\Documents and Settings\empty\Cookies\empty@server.iad.liveperson[1].txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.731:C:\Documents and Settings\Daniel\Application Data\Mozilla\Flock\Profiles\aoscsk06.default\cookies.txt -> TrackingCookie.Masterstats : Cleaned.
:mozilla.320:C:\Documents and Settings\Daniel\Application Data\Mozilla\Flock\Profiles\aoscsk06.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned.
C:\Documents and Settings\empty\Cookies\empty@mediaplex[1].txt -> TrackingCookie.Mediaplex : Cleaned.
C:\Documents and Settings\empty\Cookies\empty@www.myaffiliateprogram[1].txt -> TrackingCookie.Myaffiliateprogram : Cleaned.
:mozilla.464:C:\Documents and Settings\Daniel\Application Data\Mozilla\Flock\Profiles\aoscsk06.default\cookies.txt -> TrackingCookie.Onestat : Cleaned.
:mozilla.465:C:\Documents and Settings\Daniel\Application Data\Mozilla\Flock\Profiles\aoscsk06.default\cookies.txt -> TrackingCookie.Onestat : Cleaned.
:mozilla.466:C:\Documents and Settings\Daniel\Application Data\Mozilla\Flock\Profiles\aoscsk06.default\cookies.txt -> TrackingCookie.Onestat : Cleaned.
:mozilla.467:C:\Documents and Settings\Daniel\Application Data\Mozilla\Flock\Profiles\aoscsk06.default\cookies.txt -> TrackingCookie.Onestat : Cleaned.
:mozilla.468:C:\Documents and Settings\Daniel\Application Data\Mozilla\Flock\Profiles\aoscsk06.default\cookies.txt -> TrackingCookie.Onestat : Cleaned.
:mozilla.440:C:\Documents and Settings\Daniel\Application Data\Mozilla\Flock\Profiles\aoscsk06.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.81:C:\Documents and Settings\Daniel\Application Data\Mozilla\Flock\Profiles\aoscsk06.default\cookies.txt -> TrackingCookie.Paycounter : Cleaned.
:mozilla.297:C:\Documents and Settings\Daniel\Application Data\Mozilla\Flock\Profiles\aoscsk06.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.298:C:\Documents and Settings\Daniel\Application Data\Mozilla\Flock\Profiles\aoscsk06.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.299:C:\Documents and Settings\Daniel\Application Data\Mozilla\Flock\Profiles\aoscsk06.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.300:C:\Documents and Settings\Daniel\Application Data\Mozilla\Flock\Profiles\aoscsk06.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.301:C:\Documents and Settings\Daniel\Application Data\Mozilla\Flock\Profiles\aoscsk06.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.302:C:\Documents and Settings\Daniel\Application Data\Mozilla\Flock\Profiles\aoscsk06.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.303:C:\Documents and Settings\Daniel\Application Data\Mozilla\Flock\Profiles\aoscsk06.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.492:C:\Documents and Settings\Daniel\Application Data\Mozilla\Flock\Profiles\aoscsk06.default\cookies.txt -> TrackingCookie.Qksrv : Cleaned.
:mozilla.498:C:\Documents and Settings\Daniel\Application Data\Mozilla\Flock\Profiles\aoscsk06.default\cookies.txt -> TrackingCookie.Qksrv : Cleaned.
:mozilla.278:C:\Documents and Settings\Daniel\Application Data\Mozilla\Flock\Profiles\aoscsk06.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.87:C:\Documents and Settings\empty\Application Data\Flock\Browser\Profiles\0udfo5i7.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
C:\Documents and Settings\empty\Cookies\empty@stats1.reliablestats[1].txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.964:C:\Documents and Settings\Daniel\Application Data\Mozilla\Flock\Profiles\aoscsk06.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.965:C:\Documents and Settings\Daniel\Application Data\Mozilla\Flock\Profiles\aoscsk06.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.966:C:\Documents and Settings\Daniel\Application Data\Mozilla\Flock\Profiles\aoscsk06.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.967:C:\Documents and Settings\Daniel\Application Data\Mozilla\Flock\Profiles\aoscsk06.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.968:C:\Documents and Settings\Daniel\Application Data\Mozilla\Flock\Profiles\aoscsk06.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.969:C:\Documents and Settings\Daniel\Application Data\Mozilla\Flock\Profiles\aoscsk06.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.970:C:\Documents and Settings\Daniel\Application Data\Mozilla\Flock\Profiles\aoscsk06.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.971:C:\Documents and Settings\Daniel\Application Data\Mozilla\Flock\Profiles\aoscsk06.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.795:C:\Documents and Settings\Daniel\Application Data\Mozilla\Flock\Profiles\aoscsk06.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.796:C:\Documents and Settings\Daniel\Application Data\Mozilla\Flock\Profiles\aoscsk06.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.797:C:\Documents and Settings\Daniel\Application Data\Mozilla\Flock\Profiles\aoscsk06.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.798:C:\Documents and Settings\Daniel\Application Data\Mozilla\Flock\Profiles\aoscsk06.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.158:C:\Documents and Settings\Daniel\Application Data\Mozilla\Flock\Profiles\aoscsk06.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.159:C:\Documents and Settings\Daniel\Application Data\Mozilla\Flock\Profiles\aoscsk06.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.160:C:\Documents and Settings\Daniel\Application Data\Mozilla\Flock\Profiles\aoscsk06.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.161:C:\Documents and Settings\Daniel\Application Data\Mozilla\Flock\Profiles\aoscsk06.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.162:C:\Documents and Settings\Daniel\Application Data\Mozilla\Flock\Profiles\aoscsk06.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.472:C:\Documents and Settings\Daniel\Application Data\Mozilla\Flock\Profiles\aoscsk06.default\cookies.txt -> TrackingCookie.Spylog : Cleaned.
C:\Documents and Settings\empty\Cookies\empty@h.starware[2].txt -> TrackingCookie.Starware : Cleaned.
C:\Documents and Settings\empty\Cookies\empty@www.starware[1].txt -> TrackingCookie.Starware : Cleaned.
:mozilla.18:C:\Documents and Settings\Daniel\Application Data\Mozilla\Firefox\Profiles\6la8xpzh.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.393:C:\Documents and Settings\Daniel\Application Data\Mozilla\Flock\Profiles\aoscsk06.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.395:C:\Documents and Settings\Daniel\Application Data\Mozilla\Flock\Profiles\aoscsk06.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.396:C:\Documents and Settings\Daniel\Application Data\Mozilla\Flock\Profiles\aoscsk06.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.397:C:\Documents and Settings\Daniel\Application Data\Mozilla\Flock\Profiles\aoscsk06.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.398:C:\Documents and Settings\Daniel\Application Data\Mozilla\Flock\Profiles\aoscsk06.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.399:C:\Documents and Settings\Daniel\Application Data\Mozilla\Flock\Profiles\aoscsk06.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.400:C:\Documents and Settings\Daniel\Application Data\Mozilla\Flock\Profiles\aoscsk06.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.401:C:\Documents and Settings\Daniel\Application Data\Mozilla\Flock\Profiles\aoscsk06.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.402:C:\Documents and Settings\Daniel\Application Data\Mozilla\Flock\Profiles\aoscsk06.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.403:C:\Documents and Settings\Daniel\Application Data\Mozilla\Flock\Profiles\aoscsk06.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.404:C:\Documents and Settings\Daniel\Application Data\Mozilla\Flock\Profiles\aoscsk06.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.405:C:\Documents and Settings\Daniel\Application Data\Mozilla\Flock\Profiles\aoscsk06.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.406:C:\Documents and Settings\Daniel\Application Data\Mozilla\Flock\Profiles\aoscsk06.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.407:C:\Documents and Settings\Daniel\Application Data\Mozilla\Flock\Profiles\aoscsk06.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.408:C:\Documents and Settings\Daniel\Application Data\Mozilla\Flock\Profiles\aoscsk06.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.409:C:\Documents and Settings\Daniel\Application Data\Mozilla\Flock\Profiles\aoscsk06.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.410:C:\Documents and Settings\Daniel\Application Data\Mozilla\Flock\Profiles\aoscsk06.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.411:C:\Documents and Settings\Daniel\Application Data\Mozilla\Flock\Profiles\aoscsk06.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.412:C:\Documents and Settings\Daniel\Application Data\Mozilla\Flock\Profiles\aoscsk06.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.413:C:\Documents and Settings\Daniel\Application Data\Mozilla\Flock\Profiles\aoscsk06.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.414:C:\Documents and Settings\Daniel\Application Data\Mozilla\Flock\Profiles\aoscsk06.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.415:C:\Documents and Settings\Daniel\Application Data\Mozilla\Flock\Profiles\aoscsk06.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.416:C:\Documents and Settings\Daniel\Application Data\Mozilla\Flock\Profiles\aoscsk06.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.125:C:\Documents and Settings\Daniel\Application Data\Mozilla\Flock\Profiles\aoscsk06.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.126:C:\Documents and Settings\Daniel\Application Data\Mozilla\Flock\Profiles\aoscsk06.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.127:C:\Documents and Settings\Daniel\Application Data\Mozilla\Flock\Profiles\aoscsk06.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.128:C:\Documents and Settings\Daniel\Application Data\Mozilla\Flock\Profiles\aoscsk06.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
V:\Users\Daniel\AppData\Roaming\Microsoft\Windows\Cookies\Low\daniel@tacoda[1].txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.326:C:\Documents and Settings\Daniel\Application Data\Mozilla\Flock\Profiles\aoscsk06.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned.
:mozilla.327:C:\Documents and Settings\Daniel\Application Data\Mozilla\Flock\Profiles\aoscsk06.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned.
:mozilla.328:C:\Documents and Settings\Daniel\Application Data\Mozilla\Flock\Profiles\aoscsk06.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned.
:mozilla.329:C:\Documents and Settings\Daniel\Application Data\Mozilla\Flock\Profiles\aoscsk06.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned.
:mozilla.330:C:\Documents and Settings\Daniel\Application Data\Mozilla\Flock\Profiles\aoscsk06.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned.
:mozilla.174:C:\Documents and Settings\Daniel\Application Data\Mozilla\Flock\Profiles\aoscsk06.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.175:C:\Documents and Settings\Daniel\Application Data\Mozilla\Flock\Profiles\aoscsk06.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.176:C:\Documents and Settings\Daniel\Application Data\Mozilla\Flock\Profiles\aoscsk06.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.177:C:\Documents and Settings\Daniel\Application Data\Mozilla\Flock\Profiles\aoscsk06.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.183:C:\Documents and Settings\Daniel\Application Data\Mozilla\Flock\Profiles\aoscsk06.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.184:C:\Documents and Settings\Daniel\Application Data\Mozilla\Flock\Profiles\aoscsk06.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.185:C:\Documents and Settings\Daniel\Application Data\Mozilla\Flock\Profiles\aoscsk06.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.187:C:\Documents and Settings\Daniel\Application Data\Mozilla\Flock\Profiles\aoscsk06.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.188:C:\Documents and Settings\Daniel\Application Data\Mozilla\Flock\Profiles\aoscsk06.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.102:C:\Documents and Settings\Daniel\Application Data\Mozilla\Flock\Profiles\aoscsk06.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.103:C:\Documents and Settings\Daniel\Application Data\Mozilla\Flock\Profiles\aoscsk06.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.104:C:\Documents and Settings\Daniel\Application Data\Mozilla\Flock\Profiles\aoscsk06.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.105:C:\Documents and Settings\Daniel\Application Data\Mozilla\Flock\Profiles\aoscsk06.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.106:C:\Documents and Settings\Daniel\Application Data\Mozilla\Flock\Profiles\aoscsk06.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.53:C:\Documents and Settings\empty\Application Data\Flock\Browser\Profiles\0udfo5i7.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
C:\Documents and Settings\empty\Cookies\empty@tribalfusion[1].txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.207:C:\Documents and Settings\Daniel\Application Data\Mozilla\Flock\Profiles\aoscsk06.default\cookies.txt -> TrackingCookie.Valueclick : Cleaned.
:mozilla.211:C:\Documents and Settings\Daniel\Application Data\Mozilla\Flock\Profiles\aoscsk06.default\cookies.txt -> TrackingCookie.Valueclick : Cleaned.
:mozilla.565:C:\Documents and Settings\Daniel\Application Data\Mozilla\Flock\Profiles\aoscsk06.default\cookies.txt -> TrackingCookie.Valueclick : Cleaned.
:mozilla.826:C:\Documents and Settings\Daniel\Application Data\Mozilla\Flock\Profiles\aoscsk06.default\cookies.txt -> TrackingCookie.Weborama : Cleaned.
:mozilla.827:C:\Documents and Settings\Daniel\Application Data\Mozilla\Flock\Profiles\aoscsk06.default\cookies.txt -> TrackingCookie.Weborama : Cleaned.
:mozilla.828:C:\Documents and Settings\Daniel\Application Data\Mozilla\Flock\Profiles\aoscsk06.default\cookies.txt -> TrackingCookie.Weborama : Cleaned.
:mozilla.526:C:\Documents and Settings\Daniel\Application Data\Mozilla\Flock\Profiles\aoscsk06.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned.
:mozilla.876:C:\Documents and Settings\Daniel\Application Data\Mozilla\Flock\Profiles\aoscsk06.default\cookies.txt -> TrackingCookie.Yadro : Cleaned.
:mozilla.265:C:\Documents and Settings\Daniel\Application Data\Mozilla\Flock\Profiles\aoscsk06.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.266:C:\Documents and Settings\Daniel\Application Data\Mozilla\Flock\Profiles\aoscsk06.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.267:C:\Documents and Settings\Daniel\Application Data\Mozilla\Flock\Profiles\aoscsk06.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.268:C:\Documents and Settings\Daniel\Application Data\Mozilla\Flock\Profiles\aoscsk06.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.269:C:\Documents and Settings\Daniel\Application Data\Mozilla\Flock\Profiles\aoscsk06.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.270:C:\Documents and Settings\Daniel\Application Data\Mozilla\Flock\Profiles\aoscsk06.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.271:C:\Documents and Settings\Daniel\Application Data\Mozilla\Flock\Profiles\aoscsk06.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.272:C:\Documents and Settings\Daniel\Application Data\Mozilla\Flock\Profiles\aoscsk06.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.273:C:\Documents and Settings\Daniel\Application Data\Mozilla\Flock\Profiles\aoscsk06.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.274:C:\Documents and Settings\Daniel\Application Data\Mozilla\Flock\Profiles\aoscsk06.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.275:C:\Documents and Settings\Daniel\Application Data\Mozilla\Flock\Profiles\aoscsk06.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.276:C:\Documents and Settings\Daniel\Application Data\Mozilla\Flock\Profiles\aoscsk06.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.277:C:\Documents and Settings\Daniel\Application Data\Mozilla\Flock\Profiles\aoscsk06.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.92:C:\Documents and Settings\empty\Application Data\Flock\Browser\Profiles\0udfo5i7.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
C:\Documents and Settings\Daniel\Cookies\daniel@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Cleaned.
C:\Documents and Settings\empty\Cookies\empty@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.153:C:\Documents and Settings\Daniel\Application Data\Mozilla\Flock\Profiles\aoscsk06.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.154:C:\Documents and Settings\Daniel\Application Data\Mozilla\Flock\Profiles\aoscsk06.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.155:C:\Documents and Settings\Daniel\Application Data\Mozilla\Flock\Profiles\aoscsk06.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.156:C:\Documents and Settings\Daniel\Application Data\Mozilla\Flock\Profiles\aoscsk06.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.157:C:\Documents and Settings\Daniel\Application Data\Mozilla\Flock\Profiles\aoscsk06.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.164:C:\Documents and Settings\Daniel\Application Data\Mozilla\Flock\Profiles\aoscsk06.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.165:C:\Documents and Settings\Daniel\Application Data\Mozilla\Flock\Profiles\aoscsk06.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
C:\System Volume Information\_restore{BF44F1E7-DF90-4C82-9177-8FCBB5942706}\RP1167\A0233035.exe -> Trojan.Agent.wl : Cleaned with backup (quarantined).


::Report end


--- Post was cut off, look below ---

Edited by DanTycoon, 09 November 2006 - 05:14 PM.


#9 DanTycoon

DanTycoon
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Location:Burlington, Connecticut, USA
  • Local time:06:45 PM

Posted 09 November 2006 - 05:13 PM

Post got cut off I guess...

Logfile of HijackThis v1.99.1
Scan saved at 4:58:18 PM, on 11/9/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MSMPSVC.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Autodesk\3dsMax8\mentalray\satellite\raysat_3dsmax8server.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\oodag.exe
C:\WINDOWS\BCMSMMSG.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Dell AIO Printer A940\dlbabmgr.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Dell AIO Printer A940\dlbabmon.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\WINDOWS\system32\UAService7.exe
C:\Program Files\VMware\VMware Player\vmware-authd.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Gaim\gaim.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
C:\Program Files\Folding@Home\winFAH.exe
C:\WINDOWS\system32\vmnat.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Microsoft Windows OneCare Live\Firewall\msfwsvc.exe
C:\Program Files\Folding@Home\FahCore_82.exe
C:\WINDOWS\system32\vmnetdhcp.exe
C:\Program Files\Microsoft Windows OneCare Live\winss.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Opera\Opera.exe
C:\Documents and Settings\Daniel\Desktop\Folders\hijack\Hello.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: dlexpertclick Class - {A6927151-F5B4-11D4-AE7A-00D00925CF52} - C:\PROGRA~1\DLExpert\dll\iehelper.dll
O4 - HKLM\..\Run: [BCMSMMSG] "BCMSMMSG.exe"
O4 - HKLM\..\Run: [dla] "C:\WINDOWS\system32\dla\tfswctrl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [NeroFilterCheck] "C:\WINDOWS\system32\NeroCheck.exe"
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [Dell AIO Printer A940] "C:\Program Files\Dell AIO Printer A940\dlbabmgr.exe"
O4 - HKLM\..\Run: [SoundMAXPnP] "C:\Program Files\Analog Devices\Core\smax4pnp.exe"
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [Windows Media Connect 2] "C:\Program Files\Windows Media Connect 2\WMCCFG.exe" /StartQuiet
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [OneCareUI] "C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [jumpbolt] C:\DOCUME~1\Daniel\APPLIC~1\GRAMBU~1\MpegFlap.exe
O4 - HKCU\..\Run: [Gaim] C:\Program Files\Gaim\gaim.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Startup: Folding@Home 5.03.lnk = ?
O8 - Extra context menu item: &Download by DLExpert (Faster) - C:\Program Files\DLExpert\get.htm
O8 - Extra context menu item: Download &All by DLExpert (Faster) - C:\Program Files\DLExpert\getall.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: DLExpert - {4AB89EA8-E2B8-11d4-AE71-00D00925CF52} - C:\Program Files\DLExpert\DLExpert.exe
O9 - Extra 'Tools' menuitem: &DLExpert - {4AB89EA8-E2B8-11d4-AE71-00D00925CF52} - C:\Program Files\DLExpert\DLExpert.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {13EC55CF-D993-475B-9ACA-F4A384957956} (Controller Class) - https://beta.windowsonecare.com/install/cli...nSSWebAgent.CAB
O16 - DPF: {2AF5BD25-90C5-4EEC-88C5-B44DC2905D8B} (DownloadManager Control) - http://dlmanager.akamaitools.com.edgesuite...vex-2.0.6.0.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.0.97.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/m...01/mcinsctl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1157300986070
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1159219546564
O16 - DPF: {82774781-8F4E-11D1-AB1C-0000F8773BF0} (DLC Class) - https://transfers.ds.microsoft.com/FTM/Tran...ransferCtrl.cab
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/shared/m...,26/mcgdmgr.cab
O16 - DPF: {D8AA889B-2C65-47C3-8C16-3DCD4EF76A47} (Invoke Solutions Participant Control(MR)) - http://online.invokesolutions.com/events/b...7207/MILive.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://www.driveragent.com/files/driveragent.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{698DE69A-709E-4707-BF74-CAC23A121C48}: NameServer = 68.87.71.226,68.87.73.242
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WB - C:\PROGRA~1\Stardock\OBJECT~2\WINDOW~1\fastload.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Connected Agent Service (AgentSrv) - Unknown owner - C:\Program Files\BackUp Solutions\AgentSrv.EXE (file missing)
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Macromedia Licensing Service - Macromedia - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: RaySat_3dsmax8 Server (mi-raysat_3dsmax8) - Unknown owner - C:\Program Files\Autodesk\3dsMax8\mentalray\satellite\raysat_3dsmax8server.exe
O23 - Service: mental ray 3.5 Satellite (32-bit) (mi-raysat_3dsmax9_32) - Unknown owner - G:\Applications\3dsmax9\mentalray\satellite\raysat_3dsmax9_32server.exe
O23 - Service: MSMPSVC - Unknown owner - C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MSMPSVC.exe" -n 4 (file missing)
O23 - Service: MSSQL$SONY_MEDIAMGR - Unknown owner - C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: SQLAgent$SONY_MEDIAMGR - Unknown owner - C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlagent.EXE (file missing)
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Sony DADC Austria AG. - C:\WINDOWS\system32\UAService7.exe
O23 - Service: VDHQWASLN - Unknown owner - C:\DOCUME~1\Daniel\LOCALS~1\Temp\VDHQWASLN.exe (file missing)
O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Program Files\VMware\VMware Player\vmware-authd.exe
O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\WINDOWS\system32\vmnetdhcp.exe
O23 - Service: VMware Virtual Mount Manager Extended (vmount2) - VMware, Inc. - C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
O23 - Service: VMware NAT Service - VMware, Inc. - C:\WINDOWS\system32\vmnat.exe



SmitFraudFix v2.119

Scan done at 15:23:17.54, Thu 11/09/2006
Run from C:\Documents and Settings\Daniel\Desktop\Computer Helpers\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
Fix run in safe mode

Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{11853d5f-f894-4cc7-bbc3-fc7a9dcfd896}"="bonspells"


Killing process


Generic Renos Fix

GenericRenosFix by S!Ri


Deleting infected files

C:\WINDOWS\system32\okkmtv.dll Deleted
C:\Program Files\iVideoCodec\ Deleted
C:\Program Files\VirusBursters\ Deleted

Deleting Temp Files


Registry Cleaning

Registry Cleaning done.

After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


End

#10 Mr_JAk3

Mr_JAk3

    HJT Team Member


  • Members
  • 527 posts
  • OFFLINE
  •  
  • Location:Finland
  • Local time:12:45 AM

Posted 10 November 2006 - 10:32 AM

Hi again, it is looking clean now :thumbsup:
How is the computer running ?

Fix the following leftover with HijackThis:

O4 - HKCU\..\Run: [jumpbolt] C:\DOCUME~1\Daniel\APPLIC~1\GRAMBU~1\MpegFlap.exe

Reboot and scan again with HijackThis. The entry you just fixed should be gone now.

Now you can clean AVG's Quarantine:
  • Open AVG Anti-Spyware
  • Click Infections
  • Click Quarantine tab
  • Click Select all
  • Click Remove finally
  • Close the program
You can remove SmitFraudFix.

Then you should update your Java to the latest version (5.0 update 9)
  • Start
  • Control Panel
  • Add/Remove Programs
  • Delete the old Java, J2SE Runtime Environment 5.0 Update 6
  • Then we'll get the latest version of Java -> LINK
  • Scroll down to Java Runtime Environment (JRE) 5.0 Update 9
  • Download & install it
Now you can make your hidden files hidden again.
  • Go to My Computer
  • Select the Tools menu and click Folder Options
  • Click the View tab.
  • Checkmark the "Display the contents of system folders"
  • Under the Hidden files and folders select "Show hidden files and folders"
  • Check "Hide protected operating system files"
  • Click Apply and then the OK and close My Computer.
=============

Now that you are clean, please follow these simple steps in order to keep your computer clean and secure:
  • Clear your system restore
    This will clear the system restore folders from possible malware that was left behind during the cleaning process.
  • Use ATF Cleaner
    Download and install ATF Cleaner. Clean your temporary files & folders with it regularly.
  • Use Ad-Aware
    Download and install Ad-Aware. Update it and scan your computer regularly with it.
  • Use AVG Anti-Spyware
    Update it and scan your computer regularly with it.
  • Use Spybot S&D
    Download and install Spybot S&D. Update it and scan your computer regularly with it.
  • Install SpywareBlaster
    SpywareBlaster will prevent spyware from being installed.
  • Install MVPS Hosts file
    This prevents your computer from connecting to harmful sites.
  • Use Firefox browser
    Firefox is faster, safer and better browser than Internet Explorer.
  • Keep your systen up-to-date
    Visit Windows Update regularly.
  • Keep your antivirus and firewall up-to-date
    Scan your computer regularly with your antivirus.
  • Read this article by TonyKlein
    So how did I get infected in the first place?
  • Stand Up and Be Counted !
    The site offers people who have been (or are) victims of malware the opportunity to document their story and, in that way, launch a complaint against the malware and the makers of the malware.
Stay clean and be safe ;)
UNITE & ASAP member since 2006
Posted Image
Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users