Tech Support Guy banner
  • IMPORTANT: Only authorized members may reply to threads in this forum due to the complexity of the malware removal process. Authorized members include Malware Specialists and Trainees, Administrators, Moderators, and Trusted Advisors. Regular members are not permitted to reply, and any such posts will be deleted without notice or further explanation. Notice
Status
Not open for further replies.
1 - 20 of 33 Posts

·
Registered
Joined
·
18 Posts
Discussion Starter · #1 ·
I'm running Windows XP and I am constantly getting pop-ups of a fake Windows Security Center under the name 'Windows Antivirus Pro'. It blocks me from opening programs, unless I terminate the 'Windows Antivirus Pro' process, though it returns seconds later.

Here is my hijackthis log -

Logfile of HijackThis v1.99.1
Scan saved at 1:53:26 AM, on 8/14/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\svchast.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Dell\MediaDirect\PCMService.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Documents and Settings\Sof\Local Settings\Application Data\Autobahn\autobahn.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
C:\Program Files\Opera\opera.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Documents and Settings\Sof\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=2071129
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=2071129
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=2071129
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: ICQSys (IE PlugIn) - {F54AF7DE-6038-4026-8433-CC30E3F17212} - C:\WINDOWS\system32\dddesot.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [NVHotkey] rundll32.exe nvHotkey.dll,Start
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [KADxMain] C:\WINDOWS\system32\KADxMain.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe"
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\MediaDirect\PCMService.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [ECenter] C:\Dell\E-Center\EULALauncher.exe
O4 - HKLM\..\Run: [dscactivate] "%ProgramFiles%\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [VX3000] C:\WINDOWS\vVX3000.exe
O4 - HKLM\..\Run: [Adobe_ID0EYTHM] C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
O4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [EA Core] C:\Program Files\Electronic Arts\EADM\Core.exe -silent
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: autobahn.lnk = C:\Documents and Settings\Sof\Local Settings\Application Data\Autobahn\autobahn.exe
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe Version Cue CS3 - Unknown owner - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe" -win32service (file missing)
O23 - Service: AntipyPro_12 (AntipPro2009_12) - Unknown owner - C:\WINDOWS\svchast.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: digiSPTIService - Digidesign, A Division of Avid Technology, Inc. - C:\Program Files\Digidesign\Pro Tools\digiSPTIService.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Desktop Manager 5.7.806.10245 (GoogleDesktopManager-061008-081103) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel(R) Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

Thanks so much!
 

·
Super Moderator
Joined
·
37,537 Posts
Hiya and welcome to Tech Support Guy :)

Are you still having this problem? If so, do the following:

Download TFC by OldTimer to your desktop
  • Please double-click TFC.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
  • It will close all programs when run, so make sure you have saved all your work before you begin.
  • Click the Start button to begin the process. Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two. Let it run uninterrupted to completion.
  • Once it's finished it should reboot your machine. If it does not, please manually reboot the machine yourself to ensure a complete clean.

Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

Download and scan with SUPERAntiSpyware Free for Home Users
  • Double-click SUPERAntiSpyware.exe and use the default settings for installation.
  • An icon will be created on your desktop. Double-click that icon to launch the program.
  • If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download and unzip them from here.)
  • Under "Configuration and Preferences", click the Preferences button.
  • Click the Scanning Control tab.
  • Under Scanner Options make sure the following are checked (leave all others unchecked):
    • Close browsers before scanning.
    • Scan for tracking cookies.
    • Terminate memory threats before quarantining.
  • Click the "Close" button to leave the control center screen.
  • Back on the main screen, under "Scan for Harmful Software" click Scan your computer.
  • On the left, make sure you check C:\Fixed Drive.
  • On the right, under "Complete Scan", choose Perform Complete Scan.
  • Click "Next" to start the scan. Please be patient while it scans your computer.
  • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
  • Make sure everything has a checkmark next to it and click "Next".
  • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
  • If asked if you want to reboot, click "Yes".
  • To retrieve the removal information after reboot, launch SUPERAntispyware again.
    • Click Preferences, then click the Statistics/Logs tab.
    • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
    • Please copy and paste the Scan Log results in your next reply.
  • Click Close to exit the program.

We Need to check for Rootkits with RootRepeal
  1. Download RootRepeal from the following location and save it to your desktop.
  2. Extract RootRepeal.exe from the archive.
  3. Open
    on your desktop.
  4. Click the
    tab.
  5. Click the
    button.
  6. Check all seven boxes:
  7. Push Ok
  8. Check the box for your main system drive (Usually C:), and press Ok.
  9. Allow RootRepeal to run a scan of your system. This may take some time.
  10. Once the scan completes, push the
    button. Save the log to your desktop, using a distinctive name, such as RootRepeal.txt. Include this report in your next reply, please.

Click on the Go Advanced button for the uploading options at the bottom of this page (in the picture below ;) ) [/list]



  • In there, at the bottom, click on the button Manage Attachments (in the picture below ;) .
  • A window will appear, and then Browse to RSReport.zip on your Desktop.
  • Click Upload, and when uploaded click Close this Window
  • Then, in the previous window, click on Add Reply



==========

Also, the version of HijackThis you're running is out of date. Delete it, and run this one:

Click here to download HJTInstall.exe
  • Save HJTInstall.exe to your desktop.
  • Doubleclick on the HJTInstall.exe icon on your desktop.
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed, it will launch Hijackthis.
  • Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
  • Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

Please include the MBAM log, SAS log, RootRepeal.txt and a fresh HijackThis log in your next reply

Regards

eddie
 

·
Registered
Joined
·
18 Posts
Discussion Starter · #3 ·
Hi. Thanks for the reply! Before your response I was able to get Malwarebytes to update and scan, which cleaned out some of my computer, enough to stop the constant pop-ups, but now when I try to click a link on google it redirects me to various ad sites, which tells me that my computer is still infected in some way. I ran Malwarebytes a couple of times and it would come up with 2 problems. I would fix them, but they would still be there the next time I scanned. Also, since I got this infection, when I insert a blank DVD into the DVD drive it reads it as a CD and won't let me burn anything onto it. Could that problem be related to the infection? Thank you so much for the help!

Here is my MBAM log:

Malwarebytes' Anti-Malware 1.40
Database version: 2667
Windows 5.1.2600 Service Pack 3

8/20/2009 2:37:33 PM
mbam-log-2009-08-20 (14-37-33).txt

Scan type: Quick Scan
Objects scanned: 92255
Time elapsed: 4 minute(s), 9 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 2
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.Agent) -> Data: c:\windows\system32\userinit.exe -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.Agent) -> Data: system32\userinit.exe -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
 

·
Registered
Joined
·
18 Posts
Discussion Starter · #4 ·
Here is the SAS log:
SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 08/20/2009 at 04:38 PM

Application Version : 4.27.1002

Core Rules Database Version : 4065
Trace Rules Database Version: 2005

Scan type : Complete Scan
Total Scan Time : 01:52:28

Memory items scanned : 484
Memory threats detected : 0
Registry items scanned : 6747
Registry threats detected : 7
File items scanned : 142153
File threats detected : 415

Adware.Tracking Cookie
C:\Documents and Settings\Sof\Cookies\[email protected][2].txt
C:\Documents and Settings\Sof\Cookies\[email protected][2].txt
C:\Documents and Settings\Sof\Cookies\[email protected][1].txt
C:\Documents and Settings\Sof\Cookies\[email protected][2].txt
C:\Documents and Settings\Sof\Cookies\[email protected][2].txt
C:\Documents and Settings\Sof\Cookies\[email protected][2].txt
C:\Documents and Settings\Sof\Cookies\[email protected][1].txt
C:\Documents and Settings\Sof\Cookies\[email protected][1].txt
C:\Documents and Settings\Sof\Cookies\[email protected][1].txt
C:\Documents and Settings\Sof\Cookies\[email protected][1].txt
C:\Documents and Settings\Sof\Cookies\[email protected][1].txt
C:\Documents and Settings\Sof\Cookies\[email protected][1].txt
C:\Documents and Settings\Sof\Cookies\[email protected][2].txt
C:\Documents and Settings\Sof\Cookies\[email protected][2].txt
C:\Documents and Settings\Sof\Cookies\[email protected][2].txt
C:\Documents and Settings\Sof\Cookies\[email protected][1].txt
C:\Documents and Settings\Sof\Cookies\[email protected][2].txt
C:\Documents and Settings\Sof\Cookies\[email protected][2].txt
C:\Documents and Settings\Sof\Cookies\[email protected][2].txt
C:\Documents and Settings\Sof\Cookies\[email protected][2].txt
C:\Documents and Settings\Sof\Cookies\[email protected][2].txt
C:\Documents and Settings\Sof\Cookies\[email protected][1].txt
C:\Documents and Settings\Sof\Cookies\[email protected]_[2].txt
C:\Documents and Settings\Sof\Cookies\[email protected][2].txt
C:\Documents and Settings\Sof\Cookies\[email protected][1].txt
C:\Documents and Settings\Sof\Cookies\[email protected][1].txt
C:\Documents and Settings\Sof\Cookies\[email protected][1].txt
C:\Documents and Settings\Sof\Cookies\[email protected][1].txt
C:\Documents and Settings\Sof\Cookies\[email protected][2].txt
C:\Documents and Settings\Sof\Cookies\[email protected][1].txt
C:\Documents and Settings\Sof\Cookies\[email protected][1].txt
C:\Documents and Settings\Sof\Cookies\[email protected][1].txt
C:\Documents and Settings\Sof\Cookies\[email protected][2].txt
C:\Documents and Settings\Sof\Cookies\[email protected][2].txt
C:\Documents and Settings\Sof\Cookies\[email protected][2].txt
C:\Documents and Settings\Sof\Cookies\[email protected][1].txt
C:\Documents and Settings\Sof\Cookies\[email protected][2].txt
C:\Documents and Settings\Sof\Cookies\[email protected][2].txt
C:\Documents and Settings\Sof\Cookies\[email protected][2].txt
C:\Documents and Settings\Sof\Cookies\[email protected][2].txt
C:\Documents and Settings\Sof\Cookies\[email protected][2].txt
C:\Documents and Settings\Sof\Cookies\[email protected][1].txt
C:\Documents and Settings\Sof\Cookies\[email protected][2].txt
C:\Documents and Settings\Sof\Cookies\[email protected][2].txt
C:\Documents and Settings\Sof\Cookies\[email protected][2].txt
C:\Documents and Settings\Sof\Cookies\[email protected][2].txt
C:\Documents and Settings\Sof\Cookies\[email protected][1].txt
C:\Documents and Settings\Sof\Cookies\[email protected][1].txt
 

·
Registered
Joined
·
18 Posts
Discussion Starter · #5 ·
.atdmt.com [ C:\Documents and Settings\Sof\Application Data\Mozilla\Firefox\Profiles\shcc8dqs.default\cookies.txt ]
.advertising.com [ C:\Documents and Settings\Sof\Application Data\Mozilla\Firefox\Profiles\shcc8dqs.default\cookies.txt ]
.advertising.com [ C:\Documents and Settings\Sof\Application Data\Mozilla\Firefox\Profiles\shcc8dqs.default\cookies.txt ]
.atdmt.com [ C:\Documents and Settings\Sof\Application Data\Mozilla\Firefox\Profiles\shcc8dqs.default\cookies.txt ]
.view.atdmt.com [ C:\Documents and Settings\Sof\Application Data\Mozilla\Firefox\Profiles\shcc8dqs.default\cookies.txt ]
.overture.com [ C:\Documents and Settings\Sof\Application Data\Mozilla\Firefox\Profiles\shcc8dqs.default\cookies.txt ]
.overture.com [ C:\Documents and Settings\Sof\Application Data\Mozilla\Firefox\Profiles\shcc8dqs.default\cookies.txt ]
.overture.com [ C:\Documents and Settings\Sof\Application Data\Mozilla\Firefox\Profiles\shcc8dqs.default\cookies.txt ]
.overture.com [ C:\Documents and Settings\Sof\Application Data\Mozilla\Firefox\Profiles\shcc8dqs.default\cookies.txt ]
.doubleclick.net [ C:\Documents and Settings\Sof\Application Data\Mozilla\Firefox\Profiles\shcc8dqs.default\cookies.txt ]
.doubleclick.net [ C:\Documents and Settings\Sof\Application Data\Mozilla\Firefox\Profiles\shcc8dqs.default\cookies.txt ]
.viacom.adbureau.net [ C:\Documents and Settings\Sof\Application Data\Mozilla\Firefox\Profiles\shcc8dqs.default\cookies.txt ]
.viacom.adbureau.net [ C:\Documents and Settings\Sof\Application Data\Mozilla\Firefox\Profiles\shcc8dqs.default\cookies.txt ]
.viacom.adbureau.net [ C:\Documents and Settings\Sof\Application Data\Mozilla\Firefox\Profiles\shcc8dqs.default\cookies.txt ]
.viacom.adbureau.net [ C:\Documents and Settings\Sof\Application Data\Mozilla\Firefox\Profiles\shcc8dqs.default\cookies.txt ]
.viacom.adbureau.net [ C:\Documents and Settings\Sof\Application Data\Mozilla\Firefox\Profiles\shcc8dqs.default\cookies.txt ]
.viacom.adbureau.net [ C:\Documents and Settings\Sof\Application Data\Mozilla\Firefox\Profiles\shcc8dqs.default\cookies.txt ]
.viacom.adbureau.net [ C:\Documents and Settings\Sof\Application Data\Mozilla\Firefox\Profiles\shcc8dqs.default\cookies.txt ]
.advertising.com [ C:\Documents and Settings\Sof\Application Data\Mozilla\Firefox\Profiles\shcc8dqs.default\cookies.txt ]
.advertising.com [ C:\Documents and Settings\Sof\Application Data\Mozilla\Firefox\Profiles\shcc8dqs.default\cookies.txt ]
.advertising.com [ C:\Documents and Settings\Sof\Application Data\Mozilla\Firefox\Profiles\shcc8dqs.default\cookies.txt ]
.advertising.com [ C:\Documents and Settings\Sof\Application Data\Mozilla\Firefox\Profiles\shcc8dqs.default\cookies.txt ]
.zedo.com [ C:\Documents and Settings\Sof\Application Data\Mozilla\Firefox\Profiles\shcc8dqs.default\cookies.txt ]
.zedo.com [ C:\Documents and Settings\Sof\Application Data\Mozilla\Firefox\Profiles\shcc8dqs.default\cookies.txt ]
.zedo.com [ C:\Documents and Settings\Sof\Application Data\Mozilla\Firefox\Profiles\shcc8dqs.default\cookies.txt ]
.zedo.com [ C:\Documents and Settings\Sof\Application Data\Mozilla\Firefox\Profiles\shcc8dqs.default\cookies.txt ]
.zedo.com [ C:\Documents and Settings\Sof\Application Data\Mozilla\Firefox\Profiles\shcc8dqs.default\cookies.txt ]
.ad.yieldmanager.com [ C:\Documents and Settings\Sof\Application Data\Mozilla\Firefox\Profiles\shcc8dqs.default\cookies.txt ]
.zedo.com [ C:\Documents and Settings\Sof\Application Data\Mozilla\Firefox\Profiles\shcc8dqs.default\cookies.txt ]
.zedo.com [ C:\Documents and Settings\Sof\Application Data\Mozilla\Firefox\Profiles\shcc8dqs.default\cookies.txt ]
.zedo.com [ C:\Documents and Settings\Sof\Application Data\Mozilla\Firefox\Profiles\shcc8dqs.default\cookies.txt ]
.zedo.com [ C:\Documents and Settings\Sof\Application Data\Mozilla\Firefox\Profiles\shcc8dqs.default\cookies.txt ]
ad.yieldmanager.com [ C:\Documents and Settings\Sof\Application Data\Mozilla\Firefox\Profiles\shcc8dqs.default\cookies.txt ]
ad.yieldmanager.com [ C:\Documents and Settings\Sof\Application Data\Mozilla\Firefox\Profiles\shcc8dqs.default\cookies.txt ]
ad.yieldmanager.com [ C:\Documents and Settings\Sof\Application Data\Mozilla\Firefox\Profiles\shcc8dqs.default\cookies.txt ]
ad.yieldmanager.com [ C:\Documents and Settings\Sof\Application Data\Mozilla\Firefox\Profiles\shcc8dqs.default\cookies.txt ]
ad.yieldmanager.com [ C:\Documents and Settings\Sof\Application Data\Mozilla\Firefox\Profiles\shcc8dqs.default\cookies.txt ]
ad.yieldmanager.com [ C:\Documents and Settings\Sof\Application Data\Mozilla\Firefox\Profiles\shcc8dqs.default\cookies.txt ]
ad.yieldmanager.com [ C:\Documents and Settings\Sof\Application Data\Mozilla\Firefox\Profiles\shcc8dqs.default\cookies.txt ]
.zedo.com [ C:\Documents and Settings\Sof\Application Data\Mozilla\Firefox\Profiles\shcc8dqs.default\cookies.txt ]
.zedo.com [ C:\Documents and Settings\Sof\Application Data\Mozilla\Firefox\Profiles\shcc8dqs.default\cookies.txt ]
.zedo.com [ C:\Documents and Settings\Sof\Application Data\Mozilla\Firefox\Profiles\shcc8dqs.default\cookies.txt ]
.yieldmanager.com [ C:\Documents and Settings\Sof\Application Data\Mozilla\Firefox\Profiles\shcc8dqs.default\cookies.txt ]
.adbrite.com [ C:\Documents and Settings\Sof\Application Data\Mozilla\Firefox\Profiles\shcc8dqs.default\cookies.txt ]
.adbrite.com [ C:\Documents and Settings\Sof\Application Data\Mozilla\Firefox\Profiles\shcc8dqs.default\cookies.txt ]
.adbrite.com [ C:\Documents and Settings\Sof\Application Data\Mozilla\Firefox\Profiles\shcc8dqs.default\cookies.txt ]
.adbrite.com [ C:\Documents and Settings\Sof\Application Data\Mozilla\Firefox\Profiles\shcc8dqs.default\cookies.txt ]
.adbrite.com [ C:\Documents and Settings\Sof\Application Data\Mozilla\Firefox\Profiles\shcc8dqs.default\cookies.txt ]
adopt.euroclick.com [ C:\Documents and Settings\Sof\Application Data\Mozilla\Firefox\Profiles\shcc8dqs.default\cookies.txt ]
.adopt.euroclick.com [ C:\Documents and Settings\Sof\Application Data\Mozilla\Firefox\Profiles\shcc8dqs.default\cookies.txt ]
.adopt.euroclick.com [ C:\Documents and Settings\Sof\Application Data\Mozilla\Firefox\Profiles\shcc8dqs.default\cookies.txt ]
.adopt.euroclick.com [ C:\Documents and Settings\Sof\Application Data\Mozilla\Firefox\Profiles\shcc8dqs.default\cookies.txt ]
.adopt.euroclick.com [ C:\Documents and Settings\Sof\Application Data\Mozilla\Firefox\Profiles\shcc8dqs.default\cookies.txt ]
.adopt.euroclick.com [ C:\Documents and Settings\Sof\Application Data\Mozilla\Firefox\Profiles\shcc8dqs.default\cookies.txt ]
.2o7.net [ C:\Documents and Settings\Sof\Application Data\Mozilla\Firefox\Profiles\shcc8dqs.default\cookies.txt ]
.2o7.net [ C:\Documents and Settings\Sof\Application Data\Mozilla\Firefox\Profiles\shcc8dqs.default\cookies.txt ]
.2o7.net [ C:\Documents and Settings\Sof\Application Data\Mozilla\Firefox\Profiles\shcc8dqs.default\cookies.txt ]
.2o7.net [ C:\Documents and Settings\Sof\Application Data\Mozilla\Firefox\Profiles\shcc8dqs.default\cookies.txt ]
.2o7.net [ C:\Documents and Settings\Sof\Application Data\Mozilla\Firefox\Profiles\shcc8dqs.default\cookies.txt ]
.2o7.net [ C:\Documents and Settings\Sof\Application Data\Mozilla\Firefox\Profiles\shcc8dqs.default\cookies.txt ]
.2o7.net [ C:\Documents and Settings\Sof\Application Data\Mozilla\Firefox\Profiles\shcc8dqs.default\cookies.txt ]
.2o7.net [ C:\Documents and Settings\Sof\Application Data\Mozilla\Firefox\Profiles\shcc8dqs.default\cookies.txt ]
.2o7.net [ C:\Documents and Settings\Sof\Application Data\Mozilla\Firefox\Profiles\shcc8dqs.default\cookies.txt ]
.2o7.net [ C:\Documents and Settings\Sof\Application Data\Mozilla\Firefox\Profiles\shcc8dqs.default\cookies.txt ]
.2o7.net [ C:\Documents and Settings\Sof\Application Data\Mozilla\Firefox\Profiles\shcc8dqs.default\cookies.txt ]
.2o7.net [ C:\Documents and Settings\Sof\Application Data\Mozilla\Firefox\Profiles\shcc8dqs.default\cookies.txt ]
.2o7.net [ C:\Documents and Settings\Sof\Application Data\Mozilla\Firefox\Profiles\shcc8dqs.default\cookies.txt ]
.2o7.net [ C:\Documents and Settings\Sof\Application Data\Mozilla\Firefox\Profiles\shcc8dqs.default\cookies.txt ]
.2o7.net [ C:\Documents and Settings\Sof\Application Data\Mozilla\Firefox\Profiles\shcc8dqs.default\cookies.txt ]
.112.2o7.net [ C:\Documents and Settings\Sof\Application Data\Mozilla\Firefox\Profiles\shcc8dqs.default\cookies.txt ]
.2o7.net [ C:\Documents and Settings\Sof\Application Data\Mozilla\Firefox\Profiles\shcc8dqs.default\cookies.txt ]
.2o7.net [ C:\Documents and Settings\Sof\Application Data\Mozilla\Firefox\Profiles\shcc8dqs.default\cookies.txt ]
.2o7.net [ C:\Documents and Settings\Sof\Application Data\Mozilla\Firefox\Profiles\shcc8dqs.default\cookies.txt ]
.2o7.net [ C:\Documents and Settings\Sof\Application Data\Mozilla\Firefox\Profiles\shcc8dqs.default\cookies.txt ]
.2o7.net [ C:\Documents and Settings\Sof\Application Data\Mozilla\Firefox\Profiles\shcc8dqs.default\cookies.txt ]
.2o7.net [ C:\Documents and Settings\Sof\Application Data\Mozilla\Firefox\Profiles\shcc8dqs.default\cookies.txt ]
.2o7.net [ C:\Documents and Settings\Sof\Application Data\Mozilla\Firefox\Profiles\shcc8dqs.default\cookies.txt ]
.2o7.net [ C:\Documents and Settings\Sof\Application Data\Mozilla\Firefox\Profiles\shcc8dqs.default\cookies.txt ]
.2o7.net [ C:\Documents and Settings\Sof\Application Data\Mozilla\Firefox\Profiles\shcc8dqs.default\cookies.txt ]
.2o7.net [ C:\Documents and Settings\Sof\Application Data\Mozilla\Firefox\Profiles\shcc8dqs.default\cookies.txt ]
.imrworldwide.com [ C:\Documents and Settings\Sof\Application Data\Mozilla\Firefox\Profiles\shcc8dqs.default\cookies.txt ]
.imrworldwide.com [ C:\Documents and Settings\Sof\Application Data\Mozilla\Firefox\Profiles\shcc8dqs.default\cookies.txt ]
.hulu.112.2o7.net [ C:\Documents and Settings\Sof\Application Data\Mozilla\Firefox\Profiles\shcc8dqs.default\cookies.txt ]
.revsci.net [ C:\Documents and Settings\Sof\Application Data\Mozilla\Firefox\Profiles\shcc8dqs.default\cookies.txt ]
.revsci.net [ C:\Documents and Settings\Sof\Application Data\Mozilla\Firefox\Profiles\shcc8dqs.default\cookies.txt ]
.revsci.net [ C:\Documents and Settings\Sof\Application Data\Mozilla\Firefox\Profiles\shcc8dqs.default\cookies.txt ]
.revsci.net [ C:\Documents and Settings\Sof\Application Data\Mozilla\Firefox\Profiles\shcc8dqs.default\cookies.txt ]
.revsci.net [ C:\Documents and Settings\Sof\Application Data\Mozilla\Firefox\Profiles\shcc8dqs.default\cookies.txt ]
.revsci.net [ C:\Documents and Settings\Sof\Application Data\Mozilla\Firefox\Profiles\shcc8dqs.default\cookies.txt ]
.revsci.net [ C:\Documents and Settings\Sof\Application Data\Mozilla\Firefox\Profiles\shcc8dqs.default\cookies.txt ]
.revsci.net [ C:\Documents and Settings\Sof\Application Data\Mozilla\Firefox\Profiles\shcc8dqs.default\cookies.txt ]
.googleadservices.com [ C:\Documents and Settings\Sof\Application Data\Mozilla\Firefox\Profiles\shcc8dqs.default\cookies.txt ]
.revsci.net [ C:\Documents and Settings\Sof\Application Data\Mozilla\Firefox\Profiles\shcc8dqs.default\cookies.txt ]
.revsci.net [ C:\Documents and Settings\Sof\Application Data\Mozilla\Firefox\Profiles\shcc8dqs.default\cookies.txt ]
.revsci.net [ C:\Documents and Settings\Sof\Application Data\Mozilla\Firefox\Profiles\shcc8dqs.default\cookies.txt ]
.revsci.net [ C:\Documents and Settings\Sof\Application Data\Mozilla\Firefox\Profiles\shcc8dqs.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Sof\Application Data\Mozilla\Firefox\Profiles\shcc8dqs.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Sof\Application Data\Mozilla\Firefox\Profiles\shcc8dqs.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Sof\Application Data\Mozilla\Firefox\Profiles\shcc8dqs.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Sof\Application Data\Mozilla\Firefox\Profiles\shcc8dqs.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Sof\Application Data\Mozilla\Firefox\Profiles\shcc8dqs.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Sof\Application Data\Mozilla\Firefox\Profiles\shcc8dqs.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Sof\Application Data\Mozilla\Firefox\Profiles\shcc8dqs.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Sof\Application Data\Mozilla\Firefox\Profiles\shcc8dqs.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Sof\Application Data\Mozilla\Firefox\Profiles\shcc8dqs.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Sof\Application Data\Mozilla\Firefox\Profiles\shcc8dqs.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Sof\Application Data\Mozilla\Firefox\Profiles\shcc8dqs.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Sof\Application Data\Mozilla\Firefox\Profiles\shcc8dqs.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Sof\Application Data\Mozilla\Firefox\Profiles\shcc8dqs.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Sof\Application Data\Mozilla\Firefox\Profiles\shcc8dqs.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Sof\Application Data\Mozilla\Firefox\Profiles\shcc8dqs.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Sof\Application Data\Mozilla\Firefox\Profiles\shcc8dqs.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Sof\Application Data\Mozilla\Firefox\Profiles\shcc8dqs.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Sof\Application Data\Mozilla\Firefox\Profiles\shcc8dqs.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Sof\Application Data\Mozilla\Firefox\Profiles\shcc8dqs.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Sof\Application Data\Mozilla\Firefox\Profiles\shcc8dqs.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Sof\Application Data\Mozilla\Firefox\Profiles\shcc8dqs.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Sof\Application Data\Mozilla\Firefox\Profiles\shcc8dqs.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Sof\Application Data\Mozilla\Firefox\Profiles\shcc8dqs.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Sof\Application Data\Mozilla\Firefox\Profiles\shcc8dqs.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Sof\Application Data\Mozilla\Firefox\Profiles\shcc8dqs.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Sof\Application Data\Mozilla\Firefox\Profiles\shcc8dqs.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Sof\Application Data\Mozilla\Firefox\Profiles\shcc8dqs.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Sof\Application Data\Mozilla\Firefox\Profiles\shcc8dqs.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Sof\Application Data\Mozilla\Firefox\Profiles\shcc8dqs.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Sof\Application Data\Mozilla\Firefox\Profiles\shcc8dqs.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Sof\Application Data\Mozilla\Firefox\Profiles\shcc8dqs.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Sof\Application Data\Mozilla\Firefox\Profiles\shcc8dqs.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Sof\Application Data\Mozilla\Firefox\Profiles\shcc8dqs.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Sof\Application Data\Mozilla\Firefox\Profiles\shcc8dqs.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Sof\Application Data\Mozilla\Firefox\Profiles\shcc8dqs.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Sof\Application Data\Mozilla\Firefox\Profiles\shcc8dqs.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Sof\Application Data\Mozilla\Firefox\Profiles\shcc8dqs.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Sof\Application Data\Mozilla\Firefox\Profiles\shcc8dqs.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Sof\Application Data\Mozilla\Firefox\Profiles\shcc8dqs.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Sof\Application Data\Mozilla\Firefox\Profiles\shcc8dqs.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Sof\Application Data\Mozilla\Firefox\Profiles\shcc8dqs.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Sof\Application Data\Mozilla\Firefox\Profiles\shcc8dqs.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Sof\Application Data\Mozilla\Firefox\Profiles\shcc8dqs.default\cookies.txt ]
stats.fgn-guild.com [ C:\Documents and Settings\Sof\Application Data\Mozilla\Firefox\Profiles\shcc8dqs.default\cookies.txt ]
 

·
Registered
Joined
·
18 Posts
Discussion Starter · #6 ·
.casalemedia.com [ C:\Documents and Settings\Sof\Application Data\Mozilla\Firefox\Profiles\shcc8dqs.default\cookies.txt ]
.casalemedia.com [ C:\Documents and Settings\Sof\Application Data\Mozilla\Firefox\Profiles\shcc8dqs.default\cookies.txt ]
.casalemedia.com [ C:\Documents and Settings\Sof\Application Data\Mozilla\Firefox\Profiles\shcc8dqs.default\cookies.txt ]
.casalemedia.com [ C:\Documents and Settings\Sof\Application Data\Mozilla\Firefox\Profiles\shcc8dqs.default\cookies.txt ]
.casalemedia.com [ C:\Documents and Settings\Sof\Application Data\Mozilla\Firefox\Profiles\shcc8dqs.default\cookies.txt ]
.casalemedia.com [ C:\Documents and Settings\Sof\Application Data\Mozilla\Firefox\Profiles\shcc8dqs.default\cookies.txt ]
.casalemedia.com [ C:\Documents and Settings\Sof\Application Data\Mozilla\Firefox\Profiles\shcc8dqs.default\cookies.txt ]
.casalemedia.com [ C:\Documents and Settings\Sof\Application Data\Mozilla\Firefox\Profiles\shcc8dqs.default\cookies.txt ]
.casalemedia.com [ C:\Documents and Settings\Sof\Application Data\Mozilla\Firefox\Profiles\shcc8dqs.default\cookies.txt ]
.casalemedia.com [ C:\Documents and Settings\Sof\Application Data\Mozilla\Firefox\Profiles\shcc8dqs.default\cookies.txt ]
.tribalfusion.com [ C:\Documents and Settings\Sof\Application Data\Mozilla\Firefox\Profiles\shcc8dqs.default\cookies.txt ]
.tribalfusion.com [ C:\Documents and Settings\Sof\Application Data\Mozilla\Firefox\Profiles\shcc8dqs.default\cookies.txt ]
.tribalfusion.com [ C:\Documents and Settings\Sof\Application Data\Mozilla\Firefox\Profiles\shcc8dqs.default\cookies.txt ]
.tribalfusion.com [ C:\Documents and Settings\Sof\Application Data\Mozilla\Firefox\Profiles\shcc8dqs.default\cookies.txt ]
.questionmarket.com [ C:\Documents and Settings\Sof\Application Data\Mozilla\Firefox\Profiles\shcc8dqs.default\cookies.txt ]
.questionmarket.com [ C:\Documents and Settings\Sof\Application Data\Mozilla\Firefox\Profiles\shcc8dqs.default\cookies.txt ]
.questionmarket.com [ C:\Documents and Settings\Sof\Application Data\Mozilla\Firefox\Profiles\shcc8dqs.default\cookies.txt ]
.couponmountain.com [ C:\Documents and Settings\Sof\Application Data\Mozilla\Firefox\Profiles\shcc8dqs.default\cookies.txt ]
.adtech.de [ C:\Documents and Settings\Sof\Application Data\Mozilla\Firefox\Profiles\shcc8dqs.default\cookies.txt ]
.interclick.com [ C:\Documents and Settings\Sof\Application Data\Mozilla\Firefox\Profiles\shcc8dqs.default\cookies.txt ]
.interclick.com [ C:\Documents and Settings\Sof\Application Data\Mozilla\Firefox\Profiles\shcc8dqs.default\cookies.txt ]
.interclick.com [ C:\Documents and Settings\Sof\Application Data\Mozilla\Firefox\Profiles\shcc8dqs.default\cookies.txt ]
.interclick.com [ C:\Documents and Settings\Sof\Application Data\Mozilla\Firefox\Profiles\shcc8dqs.default\cookies.txt ]
.interclick.com [ C:\Documents and Settings\Sof\Application Data\Mozilla\Firefox\Profiles\shcc8dqs.default\cookies.txt ]
.interclick.com [ C:\Documents and Settings\Sof\Application Data\Mozilla\Firefox\Profiles\shcc8dqs.default\cookies.txt ]
.interclick.com [ C:\Documents and Settings\Sof\Application Data\Mozilla\Firefox\Profiles\shcc8dqs.default\cookies.txt ]
.interclick.com [ C:\Documents and Settings\Sof\Application Data\Mozilla\Firefox\Profiles\shcc8dqs.default\cookies.txt ]
.interclick.com [ C:\Documents and Settings\Sof\Application Data\Mozilla\Firefox\Profiles\shcc8dqs.default\cookies.txt ]
.interclick.com [ C:\Documents and Settings\Sof\Application Data\Mozilla\Firefox\Profiles\shcc8dqs.default\cookies.txt ]
.interclick.com [ C:\Documents and Settings\Sof\Application Data\Mozilla\Firefox\Profiles\shcc8dqs.default\cookies.txt ]
.interclick.com [ C:\Documents and Settings\Sof\Application Data\Mozilla\Firefox\Profiles\shcc8dqs.default\cookies.txt ]
.interclick.com [ C:\Documents and Settings\Sof\Application Data\Mozilla\Firefox\Profiles\shcc8dqs.default\cookies.txt ]
.interclick.com [ C:\Documents and Settings\Sof\Application Data\Mozilla\Firefox\Profiles\shcc8dqs.default\cookies.txt ]
.trafficmp.com [ C:\Documents and Settings\Sof\Application Data\Mozilla\Firefox\Profiles\shcc8dqs.default\cookies.txt ]
.trafficmp.com [ C:\Documents and Settings\Sof\Application Data\Mozilla\Firefox\Profiles\shcc8dqs.default\cookies.txt ]
.trafficmp.com [ C:\Documents and Settings\Sof\Application Data\Mozilla\Firefox\Profiles\shcc8dqs.default\cookies.txt ]
cache.trafficmp.com [ C:\Documents and Settings\Sof\Application Data\Mozilla\Firefox\Profiles\shcc8dqs.default\cookies.txt ]
.trafficmp.com [ C:\Documents and Settings\Sof\Application Data\Mozilla\Firefox\Profiles\shcc8dqs.default\cookies.txt ]
.trafficmp.com [ C:\Documents and Settings\Sof\Application Data\Mozilla\Firefox\Profiles\shcc8dqs.default\cookies.txt ]
cache.trafficmp.com [ C:\Documents and Settings\Sof\Application Data\Mozilla\Firefox\Profiles\shcc8dqs.default\cookies.txt ]
.realmedia.com [ C:\Documents and Settings\Sof\Application Data\Mozilla\Firefox\Profiles\shcc8dqs.default\cookies.txt ]
.realmedia.com [ C:\Documents and Settings\Sof\Application Data\Mozilla\Firefox\Profiles\shcc8dqs.default\cookies.txt ]
.network.realmedia.com [ C:\Documents and Settings\Sof\Application Data\Mozilla\Firefox\Profiles\shcc8dqs.default\cookies.txt ]
.realmedia.com [ C:\Documents and Settings\Sof\Application Data\Mozilla\Firefox\Profiles\shcc8dqs.default\cookies.txt ]
.realmedia.com [ C:\Documents and Settings\Sof\Application Data\Mozilla\Firefox\Profiles\shcc8dqs.default\cookies.txt ]
.realmedia.com [ C:\Documents and Settings\Sof\Application Data\Mozilla\Firefox\Profiles\shcc8dqs.default\cookies.txt ]
.realmedia.com [ C:\Documents and Settings\Sof\Application Data\Mozilla\Firefox\Profiles\shcc8dqs.default\cookies.txt ]
.realmedia.com [ C:\Documents and Settings\Sof\Application Data\Mozilla\Firefox\Profiles\shcc8dqs.default\cookies.txt ]
.realmedia.com [ C:\Documents and Settings\Sof\Application Data\Mozilla\Firefox\Profiles\shcc8dqs.default\cookies.txt ]
.realmedia.com [ C:\Documents and Settings\Sof\Application Data\Mozilla\Firefox\Profiles\shcc8dqs.default\cookies.txt ]
.realmedia.com [ C:\Documents and Settings\Sof\Application Data\Mozilla\Firefox\Profiles\shcc8dqs.default\cookies.txt ]
.realmedia.com [ C:\Documents and Settings\Sof\Application Data\Mozilla\Firefox\Profiles\shcc8dqs.default\cookies.txt ]
.realmedia.com [ C:\Documents and Settings\Sof\Application Data\Mozilla\Firefox\Profiles\shcc8dqs.default\cookies.txt ]
.realmedia.com [ C:\Documents and Settings\Sof\Application Data\Mozilla\Firefox\Profiles\shcc8dqs.default\cookies.txt ]
.realmedia.com [ C:\Documents and Settings\Sof\Application Data\Mozilla\Firefox\Profiles\shcc8dqs.default\cookies.txt ]
.realmedia.com [ C:\Documents and Settings\Sof\Application Data\Mozilla\Firefox\Profiles\shcc8dqs.default\cookies.txt ]
.realmedia.com [ C:\Documents and Settings\Sof\Application Data\Mozilla\Firefox\Profiles\shcc8dqs.default\cookies.txt ]
.realmedia.com [ C:\Documents and Settings\Sof\Application Data\Mozilla\Firefox\Profiles\shcc8dqs.default\cookies.txt ]
.fastclick.net [ C:\Documents and Settings\Sof\Application Data\Mozilla\Firefox\Profiles\shcc8dqs.default\cookies.txt ]
.fastclick.net [ C:\Documents and Settings\Sof\Application Data\Mozilla\Firefox\Profiles\shcc8dqs.default\cookies.txt ]
.fastclick.net [ C:\Documents and Settings\Sof\Application Data\Mozilla\Firefox\Profiles\shcc8dqs.default\cookies.txt ]
.fastclick.net [ C:\Documents and Settings\Sof\Application Data\Mozilla\Firefox\Profiles\shcc8dqs.default\cookies.txt ]
.fastclick.net [ C:\Documents and Settings\Sof\Application Data\Mozilla\Firefox\Profiles\shcc8dqs.default\cookies.txt ]
.fastclick.net [ C:\Documents and Settings\Sof\Application Data\Mozilla\Firefox\Profiles\shcc8dqs.default\cookies.txt ]
.fastclick.net [ C:\Documents and Settings\Sof\Application Data\Mozilla\Firefox\Profiles\shcc8dqs.default\cookies.txt ]
.fastclick.net [ C:\Documents and Settings\Sof\Application Data\Mozilla\Firefox\Profiles\shcc8dqs.default\cookies.txt ]
.media.fastclick.net [ C:\Documents and Settings\Sof\Application Data\Mozilla\Firefox\Profiles\shcc8dqs.default\cookies.txt ]
.bluestreak.com [ C:\Documents and Settings\Sof\Application Data\Mozilla\Firefox\Profiles\shcc8dqs.default\cookies.txt ]
.mediaplex.com [ C:\Documents and Settings\Sof\Application Data\Mozilla\Firefox\Profiles\shcc8dqs.default\cookies.txt ]
.mediaplex.com [ C:\Documents and Settings\Sof\Application Data\Mozilla\Firefox\Profiles\shcc8dqs.default\cookies.txt ]
media.mtvnservices.com [ C:\Documents and Settings\Sof\Application Data\Mozilla\Firefox\Profiles\shcc8dqs.default\cookies.txt ]
media.mtvnservices.com [ C:\Documents and Settings\Sof\Application Data\Mozilla\Firefox\Profiles\shcc8dqs.default\cookies.txt ]
.burstnet.com [ C:\Documents and Settings\Sof\Application Data\Mozilla\Firefox\Profiles\shcc8dqs.default\cookies.txt ]
.burstnet.com [ C:\Documents and Settings\Sof\Application Data\Mozilla\Firefox\Profiles\shcc8dqs.default\cookies.txt ]
.burstnet.com [ C:\Documents and Settings\Sof\Application Data\Mozilla\Firefox\Profiles\shcc8dqs.default\cookies.txt ]
www.burstnet.com [ C:\Documents and Settings\Sof\Application Data\Mozilla\Firefox\Profiles\shcc8dqs.default\cookies.txt ]
.serving-sys.com [ C:\Documents and Settings\Sof\Application Data\Mozilla\Firefox\Profiles\shcc8dqs.default\cookies.txt ]
.serving-sys.com [ C:\Documents and Settings\Sof\Application Data\Mozilla\Firefox\Profiles\shcc8dqs.default\cookies.txt ]
.serving-sys.com [ C:\Documents and Settings\Sof\Application Data\Mozilla\Firefox\Profiles\shcc8dqs.default\cookies.txt ]
.serving-sys.com [ C:\Documents and Settings\Sof\Application Data\Mozilla\Firefox\Profiles\shcc8dqs.default\cookies.txt ]
.serving-sys.com [ C:\Documents and Settings\Sof\Application Data\Mozilla\Firefox\Profiles\shcc8dqs.default\cookies.txt ]
.serving-sys.com [ C:\Documents and Settings\Sof\Application Data\Mozilla\Firefox\Profiles\shcc8dqs.default\cookies.txt ]
.bs.serving-sys.com [ C:\Documents and Settings\Sof\Application Data\Mozilla\Firefox\Profiles\shcc8dqs.default\cookies.txt ]
.collective-media.net [ C:\Documents and Settings\Sof\Application Data\Mozilla\Firefox\Profiles\shcc8dqs.default\cookies.txt ]
.collective-media.net [ C:\Documents and Settings\Sof\Application Data\Mozilla\Firefox\Profiles\shcc8dqs.default\cookies.txt ]
.collective-media.net [ C:\Documents and Settings\Sof\Application Data\Mozilla\Firefox\Profiles\shcc8dqs.default\cookies.txt ]
.collective-media.net [ C:\Documents and Settings\Sof\Application Data\Mozilla\Firefox\Profiles\shcc8dqs.default\cookies.txt ]
.247realmedia.com [ C:\Documents and Settings\Sof\Application Data\Mozilla\Firefox\Profiles\shcc8dqs.default\cookies.txt ]
.247realmedia.com [ C:\Documents and Settings\Sof\Application Data\Mozilla\Firefox\Profiles\shcc8dqs.default\cookies.txt ]
.247realmedia.com [ C:\Documents and Settings\Sof\Application Data\Mozilla\Firefox\Profiles\shcc8dqs.default\cookies.txt ]
.247realmedia.com [ C:\Documents and Settings\Sof\Application Data\Mozilla\Firefox\Profiles\shcc8dqs.default\cookies.txt ]
.statcounter.com [ C:\Documents and Settings\Sof\Application Data\Mozilla\Firefox\Profiles\shcc8dqs.default\cookies.txt ]
.statcounter.com [ C:\Documents and Settings\Sof\Application Data\Mozilla\Firefox\Profiles\shcc8dqs.default\cookies.txt ]
.statcounter.com [ C:\Documents and Settings\Sof\Application Data\Mozilla\Firefox\Profiles\shcc8dqs.default\cookies.txt ]
.statcounter.com [ C:\Documents and Settings\Sof\Application Data\Mozilla\Firefox\Profiles\shcc8dqs.default\cookies.txt ]
.statcounter.com [ C:\Documents and Settings\Sof\Application Data\Mozilla\Firefox\Profiles\shcc8dqs.default\cookies.txt ]
.statcounter.com [ C:\Documents and Settings\Sof\Application Data\Mozilla\Firefox\Profiles\shcc8dqs.default\cookies.txt ]
.statcounter.com [ C:\Documents and Settings\Sof\Application Data\Mozilla\Firefox\Profiles\shcc8dqs.default\cookies.txt ]
.statcounter.com [ C:\Documents and Settings\Sof\Application Data\Mozilla\Firefox\Profiles\shcc8dqs.default\cookies.txt ]
.statcounter.com [ C:\Documents and Settings\Sof\Application Data\Mozilla\Firefox\Profiles\shcc8dqs.default\cookies.txt ]
.statcounter.com [ C:\Documents and Settings\Sof\Application Data\Mozilla\Firefox\Profiles\shcc8dqs.default\cookies.txt ]
.statcounter.com [ C:\Documents and Settings\Sof\Application Data\Mozilla\Firefox\Profiles\shcc8dqs.default\cookies.txt ]
.statcounter.com [ C:\Documents and Settings\Sof\Application Data\Mozilla\Firefox\Profiles\shcc8dqs.default\cookies.txt ]
.statcounter.com [ C:\Documents and Settings\Sof\Application Data\Mozilla\Firefox\Profiles\shcc8dqs.default\cookies.txt ]
.statcounter.com [ C:\Documents and Settings\Sof\Application Data\Mozilla\Firefox\Profiles\shcc8dqs.default\cookies.txt ]
.statcounter.com [ C:\Documents and Settings\Sof\Application Data\Mozilla\Firefox\Profiles\shcc8dqs.default\cookies.txt ]
.statcounter.com [ C:\Documents and Settings\Sof\Application Data\Mozilla\Firefox\Profiles\shcc8dqs.default\cookies.txt ]
.statcounter.com [ C:\Documents and Settings\Sof\Application Data\Mozilla\Firefox\Profiles\shcc8dqs.default\cookies.txt ]
.statcounter.com [ C:\Documents and Settings\Sof\Application Data\Mozilla\Firefox\Profiles\shcc8dqs.default\cookies.txt ]
.statcounter.com [ C:\Documents and Settings\Sof\Application Data\Mozilla\Firefox\Profiles\shcc8dqs.default\cookies.txt ]
.statcounter.com [ C:\Documents and Settings\Sof\Application Data\Mozilla\Firefox\Profiles\shcc8dqs.default\cookies.txt ]
.statcounter.com [ C:\Documents and Settings\Sof\Application Data\Mozilla\Firefox\Profiles\shcc8dqs.default\cookies.txt ]
.statcounter.com [ C:\Documents and Settings\Sof\Application Data\Mozilla\Firefox\Profiles\shcc8dqs.default\cookies.txt ]
.statcounter.com [ C:\Documents and Settings\Sof\Application Data\Mozilla\Firefox\Profiles\shcc8dqs.default\cookies.txt ]
.statcounter.com [ C:\Documents and Settings\Sof\Application Data\Mozilla\Firefox\Profiles\shcc8dqs.default\cookies.txt ]
.statcounter.com [ C:\Documents and Settings\Sof\Application Data\Mozilla\Firefox\Profiles\shcc8dqs.default\cookies.txt ]
.statcounter.com [ C:\Documents and Settings\Sof\Application Data\Mozilla\Firefox\Profiles\shcc8dqs.default\cookies.txt ]
.statcounter.com [ C:\Documents and Settings\Sof\Application Data\Mozilla\Firefox\Profiles\shcc8dqs.default\cookies.txt ]
.statcounter.com [ C:\Documents and Settings\Sof\Application Data\Mozilla\Firefox\Profiles\shcc8dqs.default\cookies.txt ]
.statcounter.com [ C:\Documents and Settings\Sof\Application Data\Mozilla\Firefox\Profiles\shcc8dqs.default\cookies.txt ]
.trvlnet.adbureau.net [ C:\Documents and Settings\Sof\Application Data\Mozilla\Firefox\Profiles\shcc8dqs.default\cookies.txt ]
.chitika.net [ C:\Documents and Settings\Sof\Application Data\Mozilla\Firefox\Profiles\shcc8dqs.default\cookies.txt ]
.tracking.dsmmadvantage.com [ C:\Documents and Settings\Sof\Application Data\Mozilla\Firefox\Profiles\shcc8dqs.default\cookies.txt ]
tagiq.clickforensics.com [ C:\Documents and Settings\Sof\Application Data\Mozilla\Firefox\Profiles\shcc8dqs.default\cookies.txt ]
.precisionclick.com [ C:\Documents and Settings\Sof\Application Data\Mozilla\Firefox\Profiles\shcc8dqs.default\cookies.txt ]
.precisionclick.com [ C:\Documents and Settings\Sof\Application Data\Mozilla\Firefox\Profiles\shcc8dqs.default\cookies.txt ]
.adserver.easyad.info [ C:\Documents and Settings\Sof\Application Data\Mozilla\Firefox\Profiles\shcc8dqs.default\cookies.txt ]
.serw.clicksor.com [ C:\Documents and Settings\Sof\Application Data\Mozilla\Firefox\Profiles\shcc8dqs.default\cookies.txt ]
.myroitracking.com [ C:\Documents and Settings\Sof\Application Data\Mozilla\Firefox\Profiles\shcc8dqs.default\cookies.txt ]
.media6degrees.com [ C:\Documents and Settings\Sof\Application Data\Mozilla\Firefox\Profiles\shcc8dqs.default\cookies.txt ]
.media6degrees.com [ C:\Documents and Settings\Sof\Application Data\Mozilla\Firefox\Profiles\shcc8dqs.default\cookies.txt ]
.media6degrees.com [ C:\Documents and Settings\Sof\Application Data\Mozilla\Firefox\Profiles\shcc8dqs.default\cookies.txt ]
.media6degrees.com [ C:\Documents and Settings\Sof\Application Data\Mozilla\Firefox\Profiles\shcc8dqs.default\cookies.txt ]
.farecastcom.122.2o7.net [ C:\Documents and Settings\Sof\Application Data\Mozilla\Firefox\Profiles\shcc8dqs.default\cookies.txt ]
.atwola.com [ C:\Documents and Settings\Sof\Application Data\Mozilla\Firefox\Profiles\shcc8dqs.default\cookies.txt ]
.at.atwola.com [ C:\Documents and Settings\Sof\Application Data\Mozilla\Firefox\Profiles\shcc8dqs.default\cookies.txt ]
.at.atwola.com [ C:\Documents and Settings\Sof\Application Data\Mozilla\Firefox\Profiles\shcc8dqs.default\cookies.txt ]
.tacoda.net [ C:\Documents and Settings\Sof\Application Data\Mozilla\Firefox\Profiles\shcc8dqs.default\cookies.txt ]
.tacoda.net [ C:\Documents and Settings\Sof\Application Data\Mozilla\Firefox\Profiles\shcc8dqs.default\cookies.txt ]
.tacoda.net [ C:\Documents and Settings\Sof\Application Data\Mozilla\Firefox\Profiles\shcc8dqs.default\cookies.txt ]
.tacoda.net [ C:\Documents and Settings\Sof\Application Data\Mozilla\Firefox\Profiles\shcc8dqs.default\cookies.txt ]
.tacoda.net [ C:\Documents and Settings\Sof\Application Data\Mozilla\Firefox\Profiles\shcc8dqs.default\cookies.txt ]
.specificclick.net [ C:\Documents and Settings\Sof\Application Data\Mozilla\Firefox\Profiles\shcc8dqs.default\cookies.txt ]
.pro-market.net [ C:\Documents and Settings\Sof\Application Data\Mozilla\Firefox\Profiles\shcc8dqs.default\cookies.txt ]
.specificclick.net [ C:\Documents and Settings\Sof\Application Data\Mozilla\Firefox\Profiles\shcc8dqs.default\cookies.txt ]
.pro-market.net [ C:\Documents and Settings\Sof\Application Data\Mozilla\Firefox\Profiles\shcc8dqs.default\cookies.txt ]
.specificclick.net [ C:\Documents and Settings\Sof\Application Data\Mozilla\Firefox\Profiles\shcc8dqs.default\cookies.txt ]
.specificclick.net [ C:\Documents and Settings\Sof\Application Data\Mozilla\Firefox\Profiles\shcc8dqs.default\cookies.txt ]
.specificclick.net [ C:\Documents and Settings\Sof\Application Data\Mozilla\Firefox\Profiles\shcc8dqs.default\cookies.txt ]
.specificclick.net [ C:\Documents and Settings\Sof\Application Data\Mozilla\Firefox\Profiles\shcc8dqs.default\cookies.txt ]
.pro-market.net [ C:\Documents and Settings\Sof\Application Data\Mozilla\Firefox\Profiles\shcc8dqs.default\cookies.txt ]
.specificclick.net [ C:\Documents and Settings\Sof\Application Data\Mozilla\Firefox\Profiles\shcc8dqs.default\cookies.txt ]
.specificclick.net [ C:\Documents and Settings\Sof\Application Data\Mozilla\Firefox\Profiles\shcc8dqs.default\cookies.txt ]
.specificclick.net [ C:\Documents and Settings\Sof\Application Data\Mozilla\Firefox\Profiles\shcc8dqs.default\cookies.txt ]
.specificclick.net [ C:\Documents and Settings\Sof\Application Data\Mozilla\Firefox\Profiles\shcc8dqs.default\cookies.txt ]
.specificclick.net [ C:\Documents and Settings\Sof\Application Data\Mozilla\Firefox\Profiles\shcc8dqs.default\cookies.txt ]
.specificclick.net [ C:\Documents and Settings\Sof\Application Data\Mozilla\Firefox\Profiles\shcc8dqs.default\cookies.txt ]
.specificclick.net [ C:\Documents and Settings\Sof\Application Data\Mozilla\Firefox\Profiles\shcc8dqs.default\cookies.txt ]
.specificclick.net [ C:\Documents and Settings\Sof\Application Data\Mozilla\Firefox\Profiles\shcc8dqs.default\cookies.txt ]
.specificclick.net [ C:\Documents and Settings\Sof\Application Data\Mozilla\Firefox\Profiles\shcc8dqs.default\cookies.txt ]
.specificclick.net [ C:\Documents and Settings\Sof\Application Data\Mozilla\Firefox\Profiles\shcc8dqs.default\cookies.txt ]
.specificclick.net [ C:\Documents and Settings\Sof\Application Data\Mozilla\Firefox\Profiles\shcc8dqs.default\cookies.txt ]
.edge.ru4.com [ C:\Documents and Settings\Sof\Application Data\Mozilla\Firefox\Profiles\shcc8dqs.default\cookies.txt ]
.edge.ru4.com [ C:\Documents and Settings\Sof\Application Data\Mozilla\Firefox\Profiles\shcc8dqs.default\cookies.txt ]
.edge.ru4.com [ C:\Documents and Settings\Sof\Application Data\Mozilla\Firefox\Profiles\shcc8dqs.default\cookies.txt ]
.edge.ru4.com [ C:\Documents and Settings\Sof\Application Data\Mozilla\Firefox\Profiles\shcc8dqs.default\cookies.txt ]
.edge.ru4.com [ C:\Documents and Settings\Sof\Application Data\Mozilla\Firefox\Profiles\shcc8dqs.default\cookies.txt ]
.edge.ru4.com [ C:\Documents and Settings\Sof\Application Data\Mozilla\Firefox\Profiles\shcc8dqs.default\cookies.txt ]
.hitbox.com [ C:\Documents and Settings\Sof\Application Data\Mozilla\Firefox\Profiles\shcc8dqs.default\cookies.txt ]
.hitbox.com [ C:\Documents and Settings\Sof\Application Data\Mozilla\Firefox\Profiles\shcc8dqs.default\cookies.txt ]
.ehg-chartercommunications.hitbox.com [ C:\Documents and Settings\Sof\Application Data\Mozilla\Firefox\Profiles\shcc8dqs.default\cookies.txt ]
.ads.pointroll.com [ C:\Documents and Settings\Sof\Application Data\Mozilla\Firefox\Profiles\shcc8dqs.default\cookies.txt ]
.ads.pointroll.com [ C:\Documents and Settings\Sof\Application Data\Mozilla\Firefox\Profiles\shcc8dqs.default\cookies.txt ]
.ads.pointroll.com [ C:\Documents and Settings\Sof\Application Data\Mozilla\Firefox\Profiles\shcc8dqs.default\cookies.txt ]
.ads.pointroll.com [ C:\Documents and Settings\Sof\Application Data\Mozilla\Firefox\Profiles\shcc8dqs.default\cookies.txt ]
.ads.pointroll.com [ C:\Documents and Settings\Sof\Application Data\Mozilla\Firefox\Profiles\shcc8dqs.default\cookies.txt ]
.ads.pointroll.com [ C:\Documents and Settings\Sof\Application Data\Mozilla\Firefox\Profiles\shcc8dqs.default\cookies.txt ]
.ads.pointroll.com [ C:\Documents and Settings\Sof\Application Data\Mozilla\Firefox\Profiles\shcc8dqs.default\cookies.txt ]
www.findstuff.com [ C:\Documents and Settings\Sof\Application Data\Mozilla\Firefox\Profiles\shcc8dqs.default\cookies.txt ]
.richmedia.yahoo.com [ C:\Documents and Settings\Sof\Application Data\Mozilla\Firefox\Profiles\shcc8dqs.default\cookies.txt ]
media.adrevolver.com [ C:\Documents and Settings\Sof\Application Data\Mozilla\Firefox\Profiles\shcc8dqs.default\cookies.txt ]
.adrevolver.com [ C:\Documents and Settings\Sof\Application Data\Mozilla\Firefox\Profiles\shcc8dqs.default\cookies.txt ]
.adrevolver.com [ C:\Documents and Settings\Sof\Application Data\Mozilla\Firefox\Profiles\shcc8dqs.default\cookies.txt ]
.adrevolver.com [ C:\Documents and Settings\Sof\Application Data\Mozilla\Firefox\Profiles\shcc8dqs.default\cookies.txt ]
.adrevolver.com [ C:\Documents and Settings\Sof\Application Data\Mozilla\Firefox\Profiles\shcc8dqs.default\cookies.txt ]
.adrevolver.com [ C:\Documents and Settings\Sof\Application Data\Mozilla\Firefox\Profiles\shcc8dqs.default\cookies.txt ]
.adrevolver.com [ C:\Documents and Settings\Sof\Application Data\Mozilla\Firefox\Profiles\shcc8dqs.default\cookies.txt ]
.adrevolver.com [ C:\Documents and Settings\Sof\Application Data\Mozilla\Firefox\Profiles\shcc8dqs.default\cookies.txt ]
media.adrevolver.com [ C:\Documents and Settings\Sof\Application Data\Mozilla\Firefox\Profiles\shcc8dqs.default\cookies.txt ]
media.adrevolver.com [ C:\Documents and Settings\Sof\Application Data\Mozilla\Firefox\Profiles\shcc8dqs.default\cookies.txt ]
media.adrevolver.com [ C:\Documents and Settings\Sof\Application Data\Mozilla\Firefox\Profiles\shcc8dqs.default\cookies.txt ]
media.adrevolver.com [ C:\Documents and Settings\Sof\Application Data\Mozilla\Firefox\Profiles\shcc8dqs.default\cookies.txt ]
media.adrevolver.com [ C:\Documents and Settings\Sof\Application Data\Mozilla\Firefox\Profiles\shcc8dqs.default\cookies.txt ]
.adopt.specificclick.net [ C:\Documents and Settings\Sof\Application Data\Mozilla\Firefox\Profiles\shcc8dqs.default\cookies.txt ]
.adopt.specificclick.net [ C:\Documents and Settings\Sof\Application Data\Mozilla\Firefox\Profiles\shcc8dqs.default\cookies.txt ]
.specificmedia.com [ C:\Documents and Settings\Sof\Application Data\Mozilla\Firefox\Profiles\shcc8dqs.default\cookies.txt ]
.specificmedia.com [ C:\Documents and Settings\Sof\Application Data\Mozilla\Firefox\Profiles\shcc8dqs.default\cookies.txt ]
.adopt.specificclick.net [ C:\Documents and Settings\Sof\Application Data\Mozilla\Firefox\Profiles\shcc8dqs.default\cookies.txt ]
.adopt.specificclick.net [ C:\Documents and Settings\Sof\Application Data\Mozilla\Firefox\Profiles\shcc8dqs.default\cookies.txt ]
.adopt.specificclick.net [ C:\Documents and Settings\Sof\Application Data\Mozilla\Firefox\Profiles\shcc8dqs.default\cookies.txt ]
.dynamic.media.adrevolver.com [ C:\Documents and Settings\Sof\Application Data\Mozilla\Firefox\Profiles\shcc8dqs.default\cookies.txt ]
.trafficregenerator.com [ C:\Documents and Settings\Sof\Application Data\Mozilla\Firefox\Profiles\shcc8dqs.default\cookies.txt ]
www.gotrackthis.com [ C:\Documents and Settings\Sof\Application Data\Mozilla\Firefox\Profiles\shcc8dqs.default\cookies.txt ]
www.gotrackthis.com [ C:\Documents and Settings\Sof\Application Data\Mozilla\Firefox\Profiles\shcc8dqs.default\cookies.txt ]
bridge1.admarketplace.net [ C:\Documents and Settings\Sof\Application Data\Mozilla\Firefox\Profiles\shcc8dqs.default\cookies.txt ]
.admarketplace.net [ C:\Documents and Settings\Sof\Application Data\Mozilla\Firefox\Profiles\shcc8dqs.default\cookies.txt ]
te.kontera.com [ C:\Documents and Settings\Sof\Application Data\Mozilla\Firefox\Profiles\shcc8dqs.default\cookies.txt ]
te.kontera.com [ C:\Documents and Settings\Sof\Application Data\Mozilla\Firefox\Profiles\shcc8dqs.default\cookies.txt ]
te.kontera.com [ C:\Documents and Settings\Sof\Application Data\Mozilla\Firefox\Profiles\shcc8dqs.default\cookies.txt ]
te.kontera.com [ C:\Documents and Settings\Sof\Application Data\Mozilla\Firefox\Profiles\shcc8dqs.default\cookies.txt ]
te.kontera.com [ C:\Documents and Settings\Sof\Application Data\Mozilla\Firefox\Profiles\shcc8dqs.default\cookies.txt ]
te.kontera.com [ C:\Documents and Settings\Sof\Application Data\Mozilla\Firefox\Profiles\shcc8dqs.default\cookies.txt ]
.kontera.com [ C:\Documents and Settings\Sof\Application Data\Mozilla\Firefox\Profiles\shcc8dqs.default\cookies.txt ]
.kontera.com [ C:\Documents and Settings\Sof\Application Data\Mozilla\Firefox\Profiles\shcc8dqs.default\cookies.txt ]
.kontera.com [ C:\Documents and Settings\Sof\Application Data\Mozilla\Firefox\Profiles\shcc8dqs.default\cookies.txt ]
.kontera.com [ C:\Documents and Settings\Sof\Application Data\Mozilla\Firefox\Profiles\shcc8dqs.default\cookies.txt ]
.adlegend.com [ C:\Documents and Settings\Sof\Application Data\Mozilla\Firefox\Profiles\shcc8dqs.default\cookies.txt ]
.adlegend.com [ C:\Documents and Settings\Sof\Application Data\Mozilla\Firefox\Profiles\shcc8dqs.default\cookies.txt ]
www.burstbeacon.com [ C:\Documents and Settings\Sof\Application Data\Mozilla\Firefox\Profiles\shcc8dqs.default\cookies.txt ]
.topspot.112.2o7.net [ C:\Documents and Settings\Sof\Application Data\Mozilla\Firefox\Profiles\shcc8dqs.default\cookies.txt ]
.indextools.com [ C:\Documents and Settings\Sof\Application Data\Mozilla\Firefox\Profiles\shcc8dqs.default\cookies.txt ]
.dmtracker.com [ C:\Documents and Settings\Sof\Application Data\Mozilla\Firefox\Profiles\shcc8dqs.default\cookies.txt ]
C:\Documents and Settings\Sof\Cookies\[email protected][1].txt

Rogue.Component/Trace
HKLM\Software\Microsoft\E0E734C8
HKLM\Software\Microsoft\E0E734C8#e0e734c8
HKLM\Software\Microsoft\E0E734C8#Version
HKLM\Software\Microsoft\E0E734C8#e0e79948
HKLM\Software\Microsoft\E0E734C8#e0e7f0ad
HKU\S-1-5-21-1641531315-1652825798-2463224931-1006\Software\Microsoft\FIAS4018
HKU\S-1-5-21-1641531315-1652825798-2463224931-1006\Software\Microsoft\FIAS4057

Trojan.Unknown Origin
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\G5MVCDQF\WINLOGON[1].HTM

Rogue.FakeAlert/Wallpaper
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\WLYN0LEJ\WARNING[1].GIF

Trojan.Dropper/Sys-NV
C:\WINDOWS\SYSTEM32\K9261108.EXE

Trojan.Dropper/UserInit-Fake
C:\WINDOWS\SYSTEM32\USERINIT.EXE
 

·
Registered
Joined
·
18 Posts
Discussion Starter · #7 ·
Here is Root Repeal:

ROOTREPEAL (c) AD, 2007-2009
==================================================
Scan Start Time: 2009/08/20 16:48
Program Version: Version 1.3.5.0
Windows Version: Windows XP SP3
==================================================

Drivers
-------------------
Name: dump_atapi.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys
Address: 0xB6B59000 Size: 98304 File Visible: No Signed: -
Status: -

Name: dump_WMILIB.SYS
Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS
Address: 0xBA622000 Size: 8192 File Visible: No Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xB3BF3000 Size: 49152 File Visible: No Signed: -
Status: -

Name: SKYNETrupuogpo.sys
Image Path: C:\WINDOWS\system32\drivers\SKYNETrupuogpo.sys
Address: 0xB74B5000 Size: 151552 File Visible: - Signed: -
Status: Hidden from the Windows API!

Hidden/Locked Files
-------------------
Path: C:\hiberfil.sys
Status: Locked to the Windows API!

Path: C:\WINDOWS\system32\SKYNEThliotklr.dat
Status: Invisible to the Windows API!

Path: C:\WINDOWS\system32\SKYNETofgxuxac.dll
Status: Invisible to the Windows API!

Path: C:\WINDOWS\system32\SKYNETppxduxrs.dat
Status: Invisible to the Windows API!

Path: C:\WINDOWS\system32\SKYNETsrrsmjdn.dll
Status: Invisible to the Windows API!

Path: C:\WINDOWS\system32\drivers\SKYNETrupuogpo.sys
Status: Invisible to the Windows API!

Stealth Objects
-------------------
Object: Hidden Module [Name: SKYNETofgxuxac.dll]
Process: winlogon.exe (PID: 864) Address: 0x10000000 Size: 32768

Object: Hidden Module [Name: SKYNETofgxuxac.dll]
Process: services.exe (PID: 912) Address: 0x10000000 Size: 32768

Object: Hidden Module [Name: SKYNETofgxuxac.dll]
Process: lsass.exe (PID: 924) Address: 0x10000000 Size: 32768

Object: Hidden Module [Name: SKYNETofgxuxac.dll]
Process: svchost.exe (PID: 1112) Address: 0x10000000 Size: 32768

Object: Hidden Module [Name: SKYNETsrrsmjdn.dll]
Process: svchost.exe (PID: 1112) Address: 0x007f0000 Size: 53248

Object: Hidden Module [Name: SKYNETofgxuxac.dll]
Process: svchost.exe (PID: 1200) Address: 0x10000000 Size: 32768

Object: Hidden Module [Name: SKYNETofgxuxac.dll]
Process: svchost.exe (PID: 1268) Address: 0x10000000 Size: 32768

Object: Hidden Module [Name: SKYNETofgxuxac.dll]
Process: S24EvMon.exe (PID: 1364) Address: 0x00bd0000 Size: 32768

Object: Hidden Module [Name: SKYNETofgxuxac.dll]
Process: svchost.exe (PID: 1476) Address: 0x10000000 Size: 32768

Object: Hidden Module [Name: SKYNETofgxuxac.dll]
Process: svchost.exe (PID: 1648) Address: 0x10000000 Size: 32768

Object: Hidden Module [Name: SKYNETofgxuxac.dll]
Process: Explorer.EXE (PID: 1696) Address: 0x10000000 Size: 32768

Object: Hidden Module [Name: SKYNETofgxuxac.dll]
Process: spoolsv.exe (PID: 1904) Address: 0x10000000 Size: 32768

Object: Hidden Module [Name: SKYNETofgxuxac.dll]
Process: AppleMobileDeviceService.exe (PID: 2008) Address: 0x10000000 Size: 32768

Object: Hidden Module [Name: SKYNETofgxuxac.dll]
Process: mDNSResponder.exe (PID: 2024) Address: 0x10000000 Size: 32768

Object: Hidden Module [Name: SKYNETofgxuxac.dll]
Process: EvtEng.exe (PID: 160) Address: 0x00be0000 Size: 32768

Object: Hidden Module [Name: SKYNETofgxuxac.dll]
Process: jqs.exe (PID: 252) Address: 0x10000000 Size: 32768

Object: Hidden Module [Name: SKYNETofgxuxac.dll]
Process: MSCamS32.exe (PID: 372) Address: 0x10000000 Size: 32768

Object: Hidden Module [Name: SKYNETofgxuxac.dll]
Process: nvsvc32.exe (PID: 468) Address: 0x10000000 Size: 32768

Object: Hidden Module [Name: SKYNETofgxuxac.dll]
Process: RegSrvc.exe (PID: 504) Address: 0x10000000 Size: 32768

Object: Hidden Module [Name: SKYNETofgxuxac.dll]
Process: svchost.exe (PID: 664) Address: 0x10000000 Size: 32768

Object: Hidden Module [Name: SKYNETofgxuxac.dll]
Process: WLKeeper.exe (PID: 1324) Address: 0x00ed0000 Size: 32768

Object: Hidden Module [Name: SKYNETofgxuxac.dll]
Process: CALMAIN.exe (PID: 1840) Address: 0x10000000 Size: 32768

Object: Hidden Module [Name: SKYNETofgxuxac.dll]
Process: alg.exe (PID: 2468) Address: 0x10000000 Size: 32768

Object: Hidden Module [Name: SKYNETofgxuxac.dll]
Process: wscntfy.exe (PID: 2648) Address: 0x10000000 Size: 32768

Object: Hidden Module [Name: SKYNETofgxuxac.dll]
Process: SynTPEnh.exe (PID: 2696) Address: 0x10000000 Size: 32768

Object: Hidden Module [Name: SKYNETofgxuxac.dll]
Process: rundll32.exe (PID: 2728) Address: 0x10000000 Size: 32768

Object: Hidden Module [Name: SKYNETofgxuxac.dll]
Process: RUNDLL32.EXE (PID: 2736) Address: 0x10000000 Size: 32768

Object: Hidden Module [Name: SKYNETofgxuxac.dll]
Process: quickset.exe (PID: 2744) Address: 0x00d70000 Size: 32768

Object: Hidden Module [Name: SKYNETofgxuxac.dll]
Process: ZCfgSvc.exe (PID: 2780) Address: 0x00e80000 Size: 32768

Object: Hidden Module [Name: SKYNETofgxuxac.dll]
Process: ifrmewrk.exe (PID: 2796) Address: 0x00da0000 Size: 32768

Object: Hidden Module [Name: SKYNETofgxuxac.dll]
Process: stsystra.exe (PID: 2804) Address: 0x00980000 Size: 32768

Object: Hidden Module [Name: SKYNETofgxuxac.dll]
Process: KADxMain.exe (PID: 2852) Address: 0x00980000 Size: 32768

Object: Hidden Module [Name: SKYNETofgxuxac.dll]
Process: issch.exe (PID: 2992) Address: 0x10000000 Size: 32768

Object: Hidden Module [Name: SKYNETofgxuxac.dll]
Process: PCMService.exe (PID: 3016) Address: 0x10000000 Size: 32768

Object: Hidden Module [Name: SKYNETofgxuxac.dll]
Process: vVX3000.exe (PID: 3104) Address: 0x10000000 Size: 32768

Object: Hidden Module [Name: SKYNETofgxuxac.dll]
Process: jusched.exe (PID: 3172) Address: 0x10000000 Size: 32768

Object: Hidden Module [Name: SKYNETofgxuxac.dll]
Process: ctfmon.exe (PID: 3196) Address: 0x10000000 Size: 32768

Object: Hidden Module [Name: SKYNETofgxuxac.dll]
Process: GoogleToolbarNotifier.exe (PID: 3240) Address: 0x10000000 Size: 32768

Object: Hidden Module [Name: SKYNETofgxuxac.dll]
Process: TeaTimer.exe (PID: 3256) Address: 0x10000000 Size: 32768

Object: Hidden Module [Name: SKYNETofgxuxac.dll]
Process: SUPERAntiSpyware.exe (PID: 3276) Address: 0x04cb0000 Size: 32768

Object: Hidden Module [Name: SKYNETofgxuxac.dll]
Process: DLG.exe (PID: 3376) Address: 0x009d0000 Size: 32768

Object: Hidden Module [Name: SKYNETofgxuxac.dll]
Process: hpohmr08.exe (PID: 3444) Address: 0x10000000 Size: 32768

Object: Hidden Module [Name: SKYNETofgxuxac.dll]
Process: hpotdd01.exe (PID: 3456) Address: 0x10000000 Size: 32768

Object: Hidden Module [Name: SKYNETofgxuxac.dll]
Process: wmiprvse.exe (PID: 3708) Address: 0x10000000 Size: 32768

Object: Hidden Module [Name: SKYNETofgxuxac.dll]
Process: hpoevm08.exe (PID: 4072) Address: 0x10000000 Size: 32768

Object: Hidden Module [Name: SKYNETofgxuxac.dll]
Process: hpoSTS08.exe (PID: 2832) Address: 0x00960000 Size: 32768

Object: Hidden Module [Name: SKYNETofgxuxac.dll]
Process: Dot1XCfg.exe (PID: 3156) Address: 0x00c30000 Size: 32768

Object: Hidden Module [Name: SKYNETofgxuxac.dll]
Process: firefox.exe (PID: 4036) Address: 0x10000000 Size: 32768

Object: Hidden Module [Name: SKYNETofgxuxac.dll]
Process: RootRepeal.exe (PID: 772) Address: 0x10000000 Size: 32768

Object: Hidden Module [Name: SKYNETofgxuxac.dll]
Process: logon.scr (PID: 3480) Address: 0x10000000 Size: 32768

Object: Hidden Module [Name: SKYNETofgxuxac.dll]
Process: rundll32.exe (PID: 2452) Address: 0x10000000 Size: 32768

==EOF==

And here is the new HJT log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:27:01 PM, on 8/20/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\stsystra.exe
C:\WINDOWS\system32\KADxMain.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Dell\MediaDirect\PCMService.exe
C:\WINDOWS\vVX3000.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Sof\Desktop\RootRepeal.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Microsoft Office\Office12\WINWORD.EXE
C:\Documents and Settings\Sof\Desktop\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=2071129
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=2071129
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=2071129
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [NVHotkey] rundll32.exe nvHotkey.dll,Start
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [KADxMain] C:\WINDOWS\system32\KADxMain.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\MediaDirect\PCMService.exe"
O4 - HKLM\..\Run: [dscactivate] "%ProgramFiles%\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [VX3000] C:\WINDOWS\vVX3000.exe
O4 - HKLM\..\Run: [Adobe_ID0EYTHM] C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
O4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [ECenter] C:\Dell\E-Center\EULALauncher.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-18\..\Run: [msiexec.exe] msiconf.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [msiexec.exe] msiconf.exe (User 'Default user')
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Adobe Version Cue CS3 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: digiSPTIService - Digidesign, A Division of Avid Technology, Inc. - C:\Program Files\Digidesign\Pro Tools\digiSPTIService.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Desktop Manager 5.7.806.10245 (GoogleDesktopManager-061008-081103) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel(R) Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

--
End of file - 10915 bytes

I couldn't find RSReport.zip on my desktop. I'm sorry! Also, when the Root Repeal scan finished it said, "Could not read system registry". Is that a problem?

Your help is very much appreciated!
 

·
Super Moderator
Joined
·
37,537 Posts
At work at the moment, so will go thru this fully at home.

In the meantime, can you do the following:

Please download GooredFix from one of the locations below and save it to your Desktop
Download Mirror #1
Download Mirror #2
  • Ensure all Firefox windows are closed.
  • To run the tool, double-click it (XP), or right-click and select Run As Administrator (Vista).
  • When prompted to run the scan, click Yes.
  • GooredFix will check for infections, and then a log will appear. Please post the contents of that log in your next reply (it can also be found on your desktop, called GooredFix.txt).

--------

Download ComboFix from one of these locations:

Link 1
Link 2
Link 3

* IMPORTANT !!! Save ComboFix.exe to your Desktop

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:



Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

Thanks

eddie
 

·
Registered
Joined
·
18 Posts
Discussion Starter · #9 ·
Thank you so much for your time.

Here is the GooredFix log:

GooredFix by jpshortstuff (12.07.09)
Log created at 23:43 on 20/08/2009 (Sof)
Firefox version 3.0.13 (en-US)

========== GooredScan ==========

Deleting HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions\\{F62F6545-EB72-4C0B-93EF-873FACB2AABE} -> Success!
Deleting C:\Documents and Settings\Sof\Local Settings\Application Data\{F62F6545-EB72-4C0B-93EF-873FACB2AABE} -> Success!
Deleting HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions\\{CFCC8815-94BC-409D-A555-2EB78323DC7F} -> Success!
Deleting C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\{CFCC8815-94BC-409D-A555-2EB78323DC7F} -> Success!

C:\Program Files\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd} [05:03 23/09/2008]
{B13721C7-F507-4982-B2E5-502A71474FED} [18:47 07/12/2007]
{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} [21:51 19/08/2009]

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"[email protected]"="C:\Program Files\Java\jre6\lib\deploy\jqs\ff" [21:51 19/08/2009]

-=E.O.F=-

Here is the combofix log:

ComboFix 09-08-20.03 - Sof 08/21/2009 0:01.1.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2046.1796 [GMT -7:00]
Running from: c:\documents and settings\Sof\Desktop\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
c:\windows\system32\drivers\SKYNETrupuogpo.sys
c:\windows\system32\images
c:\windows\system32\images\i1.gif
c:\windows\system32\images\i2.gif
c:\windows\system32\images\i3.gif
c:\windows\system32\images\j1.gif
c:\windows\system32\images\j2.gif
c:\windows\system32\images\j3.gif
c:\windows\system32\images\jj1.gif
c:\windows\system32\images\jj2.gif
c:\windows\system32\images\jj3.gif
c:\windows\system32\images\l1.gif
c:\windows\system32\images\l2.gif
c:\windows\system32\images\l3.gif
c:\windows\system32\images\pix.gif
c:\windows\system32\images\t1.gif
c:\windows\system32\images\t2.gif
c:\windows\system32\images\up1.gif
c:\windows\system32\images\up2.gif
c:\windows\system32\images\w1.gif
c:\windows\system32\images\w11.gif
c:\windows\system32\images\w2.gif
c:\windows\system32\images\w3.gif
c:\windows\system32\images\w3.jpg
c:\windows\system32\images\wt1.gif
c:\windows\system32\images\wt2.gif
c:\windows\system32\images\wt3.gif
c:\windows\system32\nesilifo.exe
c:\windows\system32\SKYNEThliotklr.dat
c:\windows\system32\SKYNETofgxuxac.dll
c:\windows\system32\SKYNETppxduxrs.dat
c:\windows\system32\SKYNETsrrsmjdn.dll

----- BITS: Possible infected sites -----

hxxp://updates.swarmcast.net
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_SKYNETjejixdoy
-------\Legacy_SKYNETjejixdoy

((((((((((((((((((((((((( Files Created from 2009-07-21 to 2009-08-21 )))))))))))))))))))))))))))))))
.

2009-08-20 21:41 . 2009-08-21 07:12 117760 ----a-w- c:\documents and settings\Sof\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-08-20 21:40 . 2009-08-20 21:40 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-08-20 21:40 . 2009-08-20 21:40 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-08-20 21:40 . 2009-08-20 21:40 -------- d-----w- c:\documents and settings\Sof\Application Data\SUPERAntiSpyware.com
2009-08-20 03:33 . 2009-08-20 03:33 -------- d-----w- c:\documents and settings\Sof\Application Data\Neopets Toolbar
2009-08-20 03:32 . 2009-08-20 03:32 -------- d-----w- c:\documents and settings\Sof\Local Settings\Application Data\Neopets
2009-08-19 21:52 . 2009-08-19 21:52 -------- d-sh--w- c:\documents and settings\Sof\PrivacIE
2009-08-19 21:51 . 2009-08-19 21:51 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-08-19 21:44 . 2009-08-19 21:44 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2009-08-19 21:43 . 2009-08-19 21:43 -------- d-sh--w- c:\documents and settings\Sof\IETldCache
2009-08-19 21:37 . 2009-08-19 21:37 -------- dc-h--w- c:\windows\ie8
2009-08-19 21:22 . 2009-08-19 21:25 -------- d-----w- c:\documents and settings\Sof\.SunDownloadManager
2009-08-19 19:37 . 2009-08-19 19:37 -------- d-----w- c:\program files\TVAnts
2009-08-16 14:47 . 2009-08-16 14:47 -------- d-----w- c:\documents and settings\Sof\Local Settings\Application Data\TVU Networks
2009-08-16 14:47 . 2009-08-16 14:47 -------- d-----w- c:\documents and settings\All Users\Application Data\TVU Networks
2009-08-16 14:47 . 2009-08-16 14:47 -------- d-----w- c:\documents and settings\Sof\LocalLow
2009-08-16 14:47 . 2009-08-16 14:47 -------- d-----w- c:\program files\TVUPlayer
2009-08-14 18:07 . 2009-08-03 20:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-14 18:07 . 2009-08-14 18:07 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-08-14 18:07 . 2009-08-03 20:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-08-11 07:05 . 2009-08-11 07:05 45344 ----a-w- c:\windows\system32\drivers\fob839b.sys
2009-08-06 05:11 . 2009-08-06 05:11 2492728 ----a-w- c:\documents and settings\Sof\Application Data\Mozilla\Firefox\Profiles\shcc8dqs.default\extensions\[email protected]\plugins\npTVUAx.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-21 04:48 . 2009-01-05 09:22 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-08-21 04:48 . 2009-01-05 09:22 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-08-20 21:40 . 2008-03-04 13:49 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-08-20 04:06 . 2009-01-05 06:04 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-08-20 04:03 . 2008-06-24 10:10 2004 -c--a-w- c:\windows\system32\ealregsnapshot1.reg
2009-08-19 21:51 . 2007-11-29 01:37 -------- d-----w- c:\program files\Java
2009-08-15 04:52 . 2007-12-08 23:23 -------- d-----w- c:\documents and settings\Sof\Application Data\Skype
2009-08-14 20:16 . 2007-12-08 23:24 -------- d-----w- c:\documents and settings\Sof\Application Data\skypePM
2009-08-14 19:02 . 2007-12-28 00:28 -------- d-----w- c:\documents and settings\Sof\Application Data\DVD Flick
2009-08-11 07:12 . 2009-01-05 20:14 664 ----a-w- c:\windows\system32\d3d9caps.dat
2008-11-08 04:00 . 2008-11-08 04:00 122880 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\opera\program\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\opera\program\plugins\ssldivx.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-11-29 68856]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-08-05 1830128]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-07-10 851968]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-06-06 8429568]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-06-06 81920]
"Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2007-07-03 1228800]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2007-07-25 823296]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2007-07-25 974848]
"KADxMain"="c:\windows\system32\KADxMain.exe" [2006-11-02 282624]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2006-10-03 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2006-10-03 81920]
"PCMService"="c:\program files\Dell\MediaDirect\PCMService.exe" [2007-04-16 184320]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-10-10 16384]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2007-11-15 286720]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-12 39792]
"VX3000"="c:\windows\vVX3000.exe" [2006-10-13 707376]
"LifeCam"="c:\program files\Microsoft LifeCam\LifeExp.exe" [2006-10-13 277296]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-08-19 149280]
"ECenter"="c:\dell\E-Center\EULALauncher.exe" [2007-05-24 17920]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2007-06-06 1626112]
"NVHotkey"="nvHotkey.dll" - c:\windows\system32\nvhotkey.dll [2007-06-06 67584]
"SigmatelSysTrayApp"="stsystra.exe" - c:\windows\stsystra.exe [2007-07-10 405504]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2007-11-28 50688]
hp psc 1000 series.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe [2003-4-6 147456]
hpoddt01.exe.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [2003-4-6 28672]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSetActiveDesktop"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 19:05 356352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKLM\~\startupfolder\C:^Documents and Settings^Sof^Start Menu^Programs^Startup^autobahn.lnk]
path=c:\documents and settings\Sof\Start Menu\Programs\Startup\autobahn.lnk
backup=c:\windows\pss\autobahn.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Sof^Start Menu^Programs^Startup^Webshots.lnk]
path=c:\documents and settings\Sof\Start Menu\Programs\Startup\Webshots.lnk
backup=c:\windows\pss\Webshots.lnkStartup

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Dell\\MediaDirect\\PCMService.exe"=
"c:\\Program Files\\BitLord\\BitLord.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeExp.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Common Files\\Adobe\\Adobe Version Cue CS3\\Server\\bin\\VersionCueCS3.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeCam.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3703:TCP"= 3703:TCP:Adobe Version Cue CS3 Server
"3704:TCP"= 3704:TCP:Adobe Version Cue CS3 Server
"50900:TCP"= 50900:TCP:Adobe Version Cue CS3 Server
"50901:TCP"= 50901:TCP:Adobe Version Cue CS3 Server

R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [8/5/2009 4:06 PM 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [8/5/2009 4:06 PM 74480]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [8/5/2009 4:06 PM 7408]
S1 df2b5479.sys;df2b5479.sys;\??\c:\windows\System32\drivers\df2b5479.sys --> c:\windows\System32\drivers\df2b5479.sys [?]
S1 fob839b;fob839b;c:\windows\system32\drivers\fob839b.sys [8/11/2009 12:05 AM 45344]
S3 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [11/28/2007 6:53 PM 29744]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2009-04-05 c:\windows\Tasks\FRU Task 2003-04-06 08:52ewlett-Packard2003-04-06 08:52p psc 1200 series5E771253C1676EBED677BF361FDFC537825E15B8230936710.job
- c:\program files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe [2003-04-06 08:52]
.
- - - - ORPHANS REMOVED - - - -

HKU-Default-Run-msiexec.exe - msiconf.exe

.
------- Supplementary Scan -------
.
uStart Page = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=2071129
uInternet Connection Wizard,ShellNext = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=2071129
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Sof\Application Data\Mozilla\Firefox\Profiles\shcc8dqs.default\
FF - prefs.js: keyword.URL - hxxp://www.ask.com/web?o=101447&l=dis&q=
FF - component: c:\program files\Mozilla Firefox\components\GoogleDesktopMozilla.dll
FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
FF - plugin: c:\documents and settings\Sof\Application Data\Mozilla\Firefox\Profiles\shcc8dqs.default\extensions\[email protected]\plugins\npTVUAx.dll
FF - plugin: c:\program files\Opera\program\plugins\npdivx32.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-21 00:12
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(864)
c:\program files\SUPERAntiSpyware\SASWINLO.dll

- - - - - - - > 'explorer.exe'(3632)
c:\windows\system32\ieframe.dll
c:\windows\system32\OneX.DLL
c:\windows\system32\eappprxy.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Roxio\Drag-to-Disc\Shellex.dll
c:\windows\system32\DLAAPI_W.DLL
c:\windows\system32\CDRTC.DLL
c:\program files\Roxio\Drag-to-Disc\ShellRes.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Intel\Wireless\Bin\S24EvMon.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Microsoft LifeCam\MSCamS32.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\program files\Intel\Wireless\Bin\WLKEEPER.exe
c:\program files\Canon\CAL\CALMAIN.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\rundll32.exe
c:\program files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
c:\program files\Hewlett-Packard\Digital Imaging\bin\hposts08.exe
c:\program files\Intel\Wireless\Bin\Dot1XCfg.exe
.
**************************************************************************
.
Completion time: 2009-08-21 0:21 - machine was rebooted
ComboFix-quarantined-files.txt 2009-08-21 07:21

Pre-Run: 30,532,296,704 bytes free
Post-Run: 30,323,245,056 bytes free

239 --- E O F --- 2009-01-04 09:37

Thanks!
 

·
Super Moderator
Joined
·
37,537 Posts
Not sure why the dvd drive is acting as a cd drive, but we can look at that once you're clear.

Now, you do have a rootkit installed, so lets get rid of that.

----------------

Run the first program, as mentioned below, then run ComboFix again, but don't do anything else inbetween.

Also, when you run ComboFix you haven't installed the Windows recovery program, so do this first, before running the Sophos and ComboFix programs:

With malware infections being as they are today, it's strongly recommended to have the Windows Recovery Console pre-installed on your machine before doing any malware removal.

The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.

Go to Microsoft's website => http://support.microsoft.com/kb/310994

Select the download that's appropriate for your Operating System



Download the file & save it as it's originally named.

---------------------

Now, run this program first:

Download Sophos Anti-Rootkit & save it to your desktop after filling out the questionaire and reading the EULA.

Note: You will need to enter your name, e-mail address and location in order to access the download page.
  • Double-click sarsfx.exe to extract the files.
  • Click the Accept button at the EULA, then Install to the default directory
  • At the next prompt, click Yes to start the program
  • Make sure the following are checked:

    • [*]Running processes
      [*]Windows Registry
      [*]Local Hard Drives
  • Click the "Start Scan" button.
  • Allow the program to scan your computer - please be patient as it may take some time
  • Once the scan has completed a window will pop-up with the results of the scan - click OK to this
  • In the main window, you will see each of the entries found by the scan (if any)
    • If the scanner generated any warning messages, please click on each warning and copy and paste the text of it into this thread for me to review
    • Once you have posted any warning messages here, you can close the scanner and wait for me to get back to you
  • If you have not had any warnings, any entries which can be cleaned up by the scanner will have a box with a green checkmark in it next to the entry
  • To clean up these entries click on the Clean up checked items button
  • If you accidentally check a file NOT recommended for clean up, you will get a warning message and if necessary can re-select the entries you want to clean up
  • Once you have cleaned the selected files, you will be prompted to re-boot your computer - please do so

---------------

Then, before you run ComboFix as you previously did, do this first:

  • Drag the setup package onto ComboFix.exe and drop it.
  • Follow the prompts to start ComboFix and when prompted, agree to the End-User License Agreement to install the Microsoft Recovery Console.


  • At the next prompt, click 'Yes' to run the full ComboFix scan.
  • When the tool is finished, it will produce a report for you.
Please post the C:\ComboFix.txt in your next reply.

==============

At the end, post the contents of the Sophos scan and the new ComboFix.txt

eddie
 

·
Registered
Joined
·
18 Posts
Discussion Starter · #11 ·
Hi! Thanks for the reply.

I ran Sophos. It gave me 8 entries, but none with a green check mark and no log file.

Here is my ComboFix log:

ComboFix 09-08-20.07 - Sof 08/21/2009 16:53.2.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2046.1573 [GMT -7:00]
Running from: c:\documents and settings\Sof\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Sof\Desktop\WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
.

((((((((((((((((((((((((( Files Created from 2009-07-21 to 2009-08-21 )))))))))))))))))))))))))))))))
.

2009-08-21 20:51 . 2009-08-21 20:51 -------- d-----w- c:\program files\Sophos
2009-08-21 07:51 . 2009-08-21 07:51 -------- d-----w- c:\windows\ie8updates
2009-08-21 07:39 . 2009-03-06 14:22 284160 ------w- c:\windows\system32\dllcache\pdh.dll
2009-08-21 07:39 . 2009-02-09 12:10 401408 ------w- c:\windows\system32\dllcache\rpcss.dll
2009-08-21 07:39 . 2009-02-09 12:10 729088 ------w- c:\windows\system32\dllcache\lsasrv.dll
2009-08-21 07:39 . 2009-02-09 12:10 714752 ------w- c:\windows\system32\dllcache\ntdll.dll
2009-08-21 07:39 . 2009-02-09 12:10 617472 ------w- c:\windows\system32\dllcache\advapi32.dll
2009-08-21 07:39 . 2009-02-09 12:10 473600 ------w- c:\windows\system32\dllcache\fastprox.dll
2009-08-21 07:39 . 2009-02-09 12:10 453120 ------w- c:\windows\system32\dllcache\wmiprvsd.dll
2009-08-21 07:39 . 2009-02-06 11:11 110592 ------w- c:\windows\system32\dllcache\services.exe
2009-08-21 07:39 . 2009-02-06 10:10 227840 ------w- c:\windows\system32\dllcache\wmiprvse.exe
2009-08-21 07:28 . 2009-07-03 17:09 12800 ------w- c:\windows\system32\dllcache\xpshims.dll
2009-08-21 07:28 . 2009-07-03 17:09 594432 ------w- c:\windows\system32\dllcache\msfeeds.dll
2009-08-21 07:28 . 2009-07-03 17:09 55296 ------w- c:\windows\system32\dllcache\msfeedsbs.dll
2009-08-21 07:28 . 2009-07-03 17:09 246272 ------w- c:\windows\system32\dllcache\ieproxy.dll
2009-08-21 07:28 . 2009-07-03 17:09 1985536 ------w- c:\windows\system32\dllcache\iertutil.dll
2009-08-21 07:18 . 2008-05-03 11:55 2560 ------w- c:\windows\system32\xpsp4res.dll
2009-08-21 07:18 . 2008-04-21 12:08 215552 ------w- c:\windows\system32\dllcache\wordpad.exe
2009-08-20 21:41 . 2009-08-21 20:40 117760 ----a-w- c:\documents and settings\Sof\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-08-20 21:40 . 2009-08-20 21:40 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-08-20 21:40 . 2009-08-20 21:40 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-08-20 21:40 . 2009-08-20 21:40 -------- d-----w- c:\documents and settings\Sof\Application Data\SUPERAntiSpyware.com
2009-08-20 03:33 . 2009-08-20 03:33 -------- d-----w- c:\documents and settings\Sof\Application Data\Neopets Toolbar
2009-08-20 03:32 . 2009-08-20 03:32 -------- d-----w- c:\documents and settings\Sof\Local Settings\Application Data\Neopets
2009-08-19 21:52 . 2009-08-19 21:52 -------- d-sh--w- c:\documents and settings\Sof\PrivacIE
2009-08-19 21:51 . 2009-08-19 21:51 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-08-19 21:44 . 2009-08-19 21:44 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2009-08-19 21:43 . 2009-08-19 21:43 -------- d-sh--w- c:\documents and settings\Sof\IETldCache
2009-08-19 21:37 . 2009-08-19 21:37 -------- dc-h--w- c:\windows\ie8
2009-08-19 21:22 . 2009-08-19 21:25 -------- d-----w- c:\documents and settings\Sof\.SunDownloadManager
2009-08-19 19:37 . 2009-08-19 19:37 -------- d-----w- c:\program files\TVAnts
2009-08-16 14:47 . 2009-08-16 14:47 -------- d-----w- c:\documents and settings\Sof\Local Settings\Application Data\TVU Networks
2009-08-16 14:47 . 2009-08-16 14:47 -------- d-----w- c:\documents and settings\All Users\Application Data\TVU Networks
2009-08-16 14:47 . 2009-08-16 14:47 -------- d-----w- c:\documents and settings\Sof\LocalLow
2009-08-16 14:47 . 2009-08-16 14:47 -------- d-----w- c:\program files\TVUPlayer
2009-08-14 18:07 . 2009-08-03 20:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-14 18:07 . 2009-08-14 18:07 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-08-14 18:07 . 2009-08-03 20:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-08-11 07:05 . 2009-08-11 07:05 45344 ----a-w- c:\windows\system32\drivers\fob839b.sys
2009-08-06 05:11 . 2009-08-06 05:11 2492728 ----a-w- c:\documents and settings\Sof\Application Data\Mozilla\Firefox\Profiles\shcc8dqs.default\extensions\[email protected]\plugins\npTVUAx.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-21 07:54 . 2007-11-29 01:48 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-08-21 04:48 . 2009-01-05 09:22 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-08-21 04:48 . 2009-01-05 09:22 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-08-20 21:40 . 2008-03-04 13:49 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-08-20 04:06 . 2009-01-05 06:04 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-08-20 04:03 . 2008-06-24 10:10 2004 -c--a-w- c:\windows\system32\ealregsnapshot1.reg
2009-08-19 21:51 . 2007-11-29 01:37 -------- d-----w- c:\program files\Java
2009-08-15 04:52 . 2007-12-08 23:23 -------- d-----w- c:\documents and settings\Sof\Application Data\Skype
2009-08-14 20:16 . 2007-12-08 23:24 -------- d-----w- c:\documents and settings\Sof\Application Data\skypePM
2009-08-14 19:02 . 2007-12-28 00:28 -------- d-----w- c:\documents and settings\Sof\Application Data\DVD Flick
2009-08-11 07:12 . 2009-01-05 20:14 664 ----a-w- c:\windows\system32\d3d9caps.dat
2009-08-05 09:01 . 2004-08-10 18:51 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-07-29 04:37 . 2004-08-10 18:51 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-07-29 04:37 . 2004-08-10 18:51 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-07-17 19:01 . 2004-08-10 18:50 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-14 06:43 . 2004-08-10 18:51 286208 ----a-w- c:\windows\system32\wmpdxm.dll
2009-07-03 17:09 . 2004-08-10 18:51 915456 ----a-w- c:\windows\system32\wininet.dll
2009-06-12 12:31 . 2004-08-10 18:51 76288 ----a-w- c:\windows\system32\telnet.exe
2009-06-10 16:19 . 2004-08-10 19:01 2066432 ----a-w- c:\windows\system32\mstscax.dll
2009-06-10 14:13 . 2004-08-10 18:50 84992 ----a-w- c:\windows\system32\avifil32.dll
2009-06-10 06:14 . 2004-08-10 18:51 132096 ----a-w- c:\windows\system32\wkssvc.dll
2009-06-03 19:09 . 2004-08-10 18:51 1291264 ----a-w- c:\windows\system32\quartz.dll
2008-11-08 04:00 . 2008-11-08 04:00 122880 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\opera\program\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\opera\program\plugins\ssldivx.dll
.

((((((((((((((((((((((((((((( [email protected]_07.12.32 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-12 02:41 . 2009-07-12 02:41 97280 c:\windows\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_473666fd\ATL80.dll
+ 2009-08-21 20:40 . 2009-08-21 20:40 16384 c:\windows\Temp\Perflib_Perfdata_e0.dat
+ 2004-08-10 18:51 . 2009-02-03 19:59 56832 c:\windows\system32\secur32.dll
+ 2004-08-10 18:51 . 2009-02-06 10:39 35328 c:\windows\system32\sc.exe
- 2004-08-10 18:51 . 2009-08-13 18:15 72382 c:\windows\system32\perfc009.dat
+ 2004-08-10 18:51 . 2009-08-21 16:52 72382 c:\windows\system32\perfc009.dat
- 2004-08-10 19:01 . 2008-04-14 00:12 91648 c:\windows\system32\mtxoci.dll
+ 2004-08-10 19:01 . 2008-06-12 14:23 91648 c:\windows\system32\mtxoci.dll
- 2004-08-10 18:51 . 2008-04-14 00:12 66560 c:\windows\system32\mtxclu.dll
+ 2004-08-10 18:51 . 2008-06-12 14:23 66560 c:\windows\system32\mtxclu.dll
+ 2009-03-08 11:31 . 2009-07-03 17:09 55296 c:\windows\system32\msfeedsbs.dll
- 2009-03-08 11:31 . 2009-03-08 11:31 55296 c:\windows\system32\msfeedsbs.dll
- 2004-08-10 19:01 . 2008-04-14 00:11 58880 c:\windows\system32\msdtclog.dll
+ 2004-08-10 19:01 . 2008-06-12 14:23 58880 c:\windows\system32\msdtclog.dll
+ 2004-08-10 18:51 . 2009-07-03 17:09 25600 c:\windows\system32\jsproxy.dll
- 2004-08-10 18:51 . 2009-03-08 11:33 25600 c:\windows\system32\jsproxy.dll
+ 2004-08-10 18:51 . 2009-06-12 12:31 76288 c:\windows\system32\dllcache\telnet.exe
+ 2009-02-03 19:59 . 2009-02-03 19:59 56832 c:\windows\system32\dllcache\secur32.dll
+ 2004-08-10 18:51 . 2009-02-06 10:39 35328 c:\windows\system32\dllcache\sc.exe
+ 2004-08-10 19:01 . 2008-06-12 14:23 91648 c:\windows\system32\dllcache\mtxoci.dll
- 2004-08-10 19:01 . 2008-04-14 00:12 91648 c:\windows\system32\dllcache\mtxoci.dll
+ 2008-06-12 14:23 . 2008-06-12 14:23 66560 c:\windows\system32\dllcache\mtxclu.dll
+ 2004-08-10 19:01 . 2008-06-12 14:23 58880 c:\windows\system32\dllcache\msdtclog.dll
- 2004-08-10 19:01 . 2008-04-14 00:11 58880 c:\windows\system32\dllcache\msdtclog.dll
- 2009-03-08 11:33 . 2009-03-08 11:33 25600 c:\windows\system32\dllcache\jsproxy.dll
+ 2009-03-08 11:33 . 2009-07-03 17:09 25600 c:\windows\system32\dllcache\jsproxy.dll
+ 2004-08-10 18:51 . 2009-07-29 04:37 81920 c:\windows\system32\dllcache\fontsub.dll
+ 2009-06-10 14:13 . 2009-06-10 14:13 84992 c:\windows\system32\dllcache\avifil32.dll
+ 2009-07-17 19:01 . 2009-07-17 19:01 58880 c:\windows\system32\dllcache\atl.dll
- 2007-11-29 01:50 . 2008-12-11 11:02 35088 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\oisicon.exe
+ 2007-11-29 01:50 . 2009-08-21 07:54 35088 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\oisicon.exe
- 2007-11-29 01:50 . 2008-12-11 11:02 18704 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\mspicons.exe
+ 2007-11-29 01:50 . 2009-08-21 07:54 18704 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\mspicons.exe
- 2007-11-29 01:50 . 2008-12-11 11:02 20240 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\cagicon.exe
+ 2007-11-29 01:50 . 2009-08-21 07:54 20240 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\cagicon.exe
+ 2006-10-27 03:13 . 2006-10-27 03:13 72472 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\XL12CNVP.DLL
+ 2009-08-21 07:51 . 2009-03-08 11:33 12288 c:\windows\ie8updates\KB972260-IE8\xpshims.dll
+ 2009-08-21 07:51 . 2009-03-08 11:31 55296 c:\windows\ie8updates\KB972260-IE8\msfeedsbs.dll
+ 2009-08-21 07:51 . 2009-03-08 11:33 25600 c:\windows\ie8updates\KB972260-IE8\jsproxy.dll
+ 2004-08-10 18:51 . 2008-12-16 12:30 354304 c:\windows\system32\winhttp.dll
- 2004-08-10 18:51 . 2008-04-14 00:12 354304 c:\windows\system32\winhttp.dll
+ 2004-08-10 19:01 . 2009-02-06 10:10 227840 c:\windows\system32\wbem\wmiprvse.exe
+ 2004-08-10 19:01 . 2009-02-09 12:10 453120 c:\windows\system32\wbem\wmiprvsd.dll
+ 2004-08-10 19:01 . 2009-02-09 12:10 473600 c:\windows\system32\wbem\fastprox.dll
+ 2004-08-10 18:51 . 2009-02-06 11:11 110592 c:\windows\system32\services.exe
+ 2004-08-10 18:51 . 2008-12-05 06:54 144896 c:\windows\system32\schannel.dll
+ 2004-08-10 18:51 . 2009-02-09 12:10 401408 c:\windows\system32\rpcss.dll
+ 2004-08-10 18:51 . 2009-04-15 14:51 585216 c:\windows\system32\rpcrt4.dll
+ 2004-08-10 18:51 . 2009-08-21 16:52 443534 c:\windows\system32\perfh009.dat
- 2004-08-10 18:51 . 2009-08-13 18:15 443534 c:\windows\system32\perfh009.dat
- 2004-08-10 18:51 . 2008-04-14 00:12 284160 c:\windows\system32\pdh.dll
+ 2004-08-10 18:51 . 2009-03-06 14:22 284160 c:\windows\system32\pdh.dll
+ 2004-08-10 18:51 . 2009-07-03 17:09 206848 c:\windows\system32\occache.dll
+ 2004-08-10 18:51 . 2009-02-09 12:10 714752 c:\windows\system32\ntdll.dll
- 2009-03-08 11:32 . 2009-03-08 11:32 594432 c:\windows\system32\msfeeds.dll
+ 2009-03-08 11:32 . 2009-07-03 17:09 594432 c:\windows\system32\msfeeds.dll
- 2004-08-10 19:01 . 2008-04-14 00:11 161792 c:\windows\system32\msdtcuiu.dll
+ 2004-08-10 19:01 . 2008-06-12 14:23 161792 c:\windows\system32\msdtcuiu.dll
+ 2004-08-10 19:01 . 2008-06-12 14:23 956928 c:\windows\system32\msdtctm.dll
- 2004-08-10 19:01 . 2008-04-14 00:11 956928 c:\windows\system32\msdtctm.dll
+ 2004-08-10 19:01 . 2008-06-12 14:23 428032 c:\windows\system32\msdtcprx.dll
+ 2004-08-10 18:51 . 2009-02-09 12:10 729088 c:\windows\system32\lsasrv.dll
+ 2004-08-10 18:51 . 2009-05-07 15:32 345600 c:\windows\system32\localspl.dll
+ 2004-08-10 18:51 . 2009-03-21 14:06 989696 c:\windows\system32\kernel32.dll
- 2004-08-10 18:51 . 2008-04-14 00:11 989696 c:\windows\system32\kernel32.dll
+ 2004-08-10 18:51 . 2009-07-03 17:09 184320 c:\windows\system32\iepeers.dll
+ 2004-08-10 18:51 . 2009-07-03 17:09 386048 c:\windows\system32\iedkcs32.dll
- 2004-08-10 18:51 . 2009-03-08 11:32 173056 c:\windows\system32\ie4uinit.exe
+ 2004-08-10 18:51 . 2009-07-03 11:01 173056 c:\windows\system32\ie4uinit.exe
+ 2004-08-10 18:51 . 2008-12-11 10:57 333952 c:\windows\system32\drivers\srv.sys
+ 2004-08-10 18:51 . 2009-07-14 06:43 286208 c:\windows\system32\dllcache\wmpdxm.dll
+ 2009-06-10 06:14 . 2009-06-10 06:14 132096 c:\windows\system32\dllcache\wkssvc.dll
+ 2008-04-21 06:44 . 2009-07-03 17:09 915456 c:\windows\system32\dllcache\wininet.dll
+ 2008-12-16 12:30 . 2008-12-16 12:30 354304 c:\windows\system32\dllcache\winhttp.dll
+ 2004-08-10 18:51 . 2009-07-29 04:37 119808 c:\windows\system32\dllcache\t2embed.dll
+ 2008-10-16 04:44 . 2008-12-11 10:57 333952 c:\windows\system32\dllcache\srv.sys
+ 2008-12-05 06:54 . 2008-12-05 06:54 144896 c:\windows\system32\dllcache\schannel.dll
+ 2009-04-15 14:51 . 2009-04-15 14:51 585216 c:\windows\system32\dllcache\rpcrt4.dll
+ 2009-03-08 11:34 . 2009-07-03 17:09 206848 c:\windows\system32\dllcache\occache.dll
+ 2004-08-10 18:51 . 2009-08-05 09:01 204800 c:\windows\system32\dllcache\mswebdvd.dll
+ 2004-08-10 19:01 . 2008-06-12 14:23 161792 c:\windows\system32\dllcache\msdtcuiu.dll
- 2004-08-10 19:01 . 2008-04-14 00:11 161792 c:\windows\system32\dllcache\msdtcuiu.dll
+ 2004-08-10 19:01 . 2008-06-12 14:23 956928 c:\windows\system32\dllcache\msdtctm.dll
- 2004-08-10 19:01 . 2008-04-14 00:11 956928 c:\windows\system32\dllcache\msdtctm.dll
+ 2004-08-10 19:01 . 2008-06-12 14:23 428032 c:\windows\system32\dllcache\msdtcprx.dll
+ 2009-05-07 15:32 . 2009-05-07 15:32 345600 c:\windows\system32\dllcache\localspl.dll
+ 2009-03-21 14:06 . 2009-03-21 14:06 989696 c:\windows\system32\dllcache\kernel32.dll
+ 2004-08-10 18:51 . 2009-07-03 17:09 184320 c:\windows\system32\dllcache\iepeers.dll
+ 2004-08-10 18:51 . 2009-07-03 17:09 386048 c:\windows\system32\dllcache\iedkcs32.dll
+ 2004-08-10 18:51 . 2009-07-03 11:01 173056 c:\windows\system32\dllcache\ie4uinit.exe
- 2004-08-10 18:51 . 2009-03-08 11:32 173056 c:\windows\system32\dllcache\ie4uinit.exe
- 2004-08-10 18:50 . 2008-04-14 00:11 617472 c:\windows\system32\advapi32.dll
+ 2004-08-10 18:50 . 2009-02-09 12:10 617472 c:\windows\system32\advapi32.dll
+ 2009-05-27 01:53 . 2009-05-27 01:53 579072 c:\windows\Installer\21d9cd.msp
+ 2009-08-21 07:48 . 2009-08-21 07:48 248832 c:\windows\Installer\21d9bd.msi
- 2007-11-29 01:50 . 2008-12-11 11:02 888080 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\wordicon.exe
+ 2007-11-29 01:50 . 2009-08-21 07:54 888080 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\wordicon.exe
+ 2007-11-29 01:50 . 2009-08-21 07:54 922384 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\pptico.exe
- 2007-11-29 01:50 . 2008-12-11 11:02 922384 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\pptico.exe
+ 2007-11-29 01:50 . 2009-08-21 07:54 217864 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\misc.exe
- 2007-11-29 01:50 . 2008-12-11 11:02 217864 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\misc.exe
- 2007-11-29 01:50 . 2008-12-11 11:02 184080 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\joticon.exe
+ 2007-11-29 01:50 . 2009-08-21 07:54 184080 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\joticon.exe
+ 2009-08-21 07:51 . 2009-03-08 11:34 914944 c:\windows\ie8updates\KB972260-IE8\wininet.dll
+ 2009-08-21 07:51 . 2009-05-26 11:40 382840 c:\windows\ie8updates\KB972260-IE8\spuninst\updspapi.dll
+ 2009-08-21 07:51 . 2009-05-26 11:40 231288 c:\windows\ie8updates\KB972260-IE8\spuninst\spuninst.exe
+ 2009-08-21 07:51 . 2009-03-08 11:34 109568 c:\windows\ie8updates\KB972260-IE8\occache.dll
+ 2009-08-21 07:51 . 2009-03-08 11:32 594432 c:\windows\ie8updates\KB972260-IE8\msfeeds.dll
+ 2009-08-21 07:51 . 2009-03-08 11:33 246784 c:\windows\ie8updates\KB972260-IE8\ieproxy.dll
+ 2009-08-21 07:51 . 2009-03-08 11:31 183808 c:\windows\ie8updates\KB972260-IE8\iepeers.dll
+ 2009-08-21 07:51 . 2009-03-08 21:09 391536 c:\windows\ie8updates\KB972260-IE8\iedkcs32.dll
+ 2009-08-21 07:51 . 2009-03-08 11:32 173056 c:\windows\ie8updates\KB972260-IE8\ie4uinit.exe
+ 2009-08-21 07:52 . 2009-08-21 07:52 350064 c:\windows\assembly\GAC\Microsoft.Office.Interop.PowerPoint\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.PowerPoint.dll
+ 2009-08-21 07:29 . 2008-04-15 17:47 1724416 c:\windows\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.2600.5581_x-ww_dfbc4fc4\GdiPlus.dll
+ 2004-08-10 18:51 . 2009-04-17 12:26 1847168 c:\windows\system32\win32k.sys
+ 2004-08-10 18:51 . 2009-07-03 17:09 1208832 c:\windows\system32\urlmon.dll
- 2004-08-10 18:51 . 2008-04-14 00:12 8461312 c:\windows\system32\shell32.dll
+ 2004-08-10 18:51 . 2008-06-17 19:02 8461312 c:\windows\system32\shell32.dll
- 2004-08-10 18:51 . 2008-08-14 10:09 2145280 c:\windows\system32\ntoskrnl.exe
+ 2004-08-10 18:51 . 2009-02-06 11:06 2145280 c:\windows\system32\ntoskrnl.exe
+ 2004-08-04 04:59 . 2009-02-06 10:32 2023936 c:\windows\system32\ntkrnlpa.exe
- 2004-08-04 04:59 . 2008-08-14 09:33 2023936 c:\windows\system32\ntkrnlpa.exe
- 2004-08-10 18:51 . 2009-03-08 11:41 5937152 c:\windows\system32\mshtml.dll
+ 2004-08-10 18:51 . 2009-07-19 13:18 5937152 c:\windows\system32\mshtml.dll
+ 2009-03-08 11:32 . 2009-07-03 17:09 1985536 c:\windows\system32\iertutil.dll
+ 2004-08-10 18:57 . 2009-08-21 16:15 1493520 c:\windows\system32\FNTCACHE.DAT
- 2004-08-10 18:57 . 2008-10-17 16:21 1493520 c:\windows\system32\FNTCACHE.DAT
+ 2008-10-16 04:44 . 2009-04-17 12:26 1847168 c:\windows\system32\dllcache\win32k.sys
+ 2008-06-26 08:15 . 2009-07-03 17:09 1208832 c:\windows\system32\dllcache\urlmon.dll
+ 2008-06-17 19:02 . 2008-06-17 19:02 8461312 c:\windows\system32\dllcache\shell32.dll
+ 2008-05-07 05:12 . 2009-06-03 19:09 1291264 c:\windows\system32\dllcache\quartz.dll
+ 2008-10-16 04:44 . 2009-02-06 11:08 2189056 c:\windows\system32\dllcache\ntoskrnl.exe
- 2008-10-16 04:44 . 2008-08-14 09:33 2023936 c:\windows\system32\dllcache\ntkrpamp.exe
+ 2008-10-16 04:44 . 2009-02-06 10:32 2023936 c:\windows\system32\dllcache\ntkrpamp.exe
+ 2008-10-16 04:44 . 2009-02-08 02:02 2066048 c:\windows\system32\dllcache\ntkrnlpa.exe
- 2008-10-16 04:44 . 2008-08-14 09:33 2066048 c:\windows\system32\dllcache\ntkrnlpa.exe
+ 2008-10-16 04:44 . 2009-02-06 11:06 2145280 c:\windows\system32\dllcache\ntkrnlmp.exe
- 2008-10-16 04:44 . 2008-08-14 10:09 2145280 c:\windows\system32\dllcache\ntkrnlmp.exe
+ 2009-06-10 16:19 . 2009-06-10 16:19 2066432 c:\windows\system32\dllcache\mstscax.dll
+ 2004-08-10 19:02 . 2009-07-10 13:27 1315328 c:\windows\system32\dllcache\msoe.dll
+ 2008-04-21 06:44 . 2009-07-19 13:18 5937152 c:\windows\system32\dllcache\mshtml.dll
- 2008-04-21 06:44 . 2009-03-08 11:41 5937152 c:\windows\system32\dllcache\mshtml.dll
+ 2009-05-04 14:46 . 2009-05-04 14:46 8299008 c:\windows\Installer\21da27.msp
+ 2009-05-04 14:47 . 2009-05-04 14:47 9124864 c:\windows\Installer\21da15.msp
+ 2009-04-24 19:30 . 2009-04-24 19:30 2583552 c:\windows\Installer\21da03.msp
+ 2009-02-26 02:08 . 2009-02-26 02:08 8311808 c:\windows\Installer\21d9f0.msp
+ 2009-04-24 19:28 . 2009-04-24 19:28 4450816 c:\windows\Installer\21d9e0.msp
+ 2009-04-24 19:29 . 2009-04-24 19:29 9013760 c:\windows\Installer\21d9b7.msp
+ 2007-11-29 01:50 . 2009-08-21 07:54 1172240 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\xlicons.exe
- 2007-11-29 01:50 . 2008-12-11 11:02 1172240 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\xlicons.exe
+ 2009-08-21 07:51 . 2009-03-08 11:34 1206784 c:\windows\ie8updates\KB972260-IE8\urlmon.dll
+ 2009-08-21 07:51 . 2009-03-08 11:41 5937152 c:\windows\ie8updates\KB972260-IE8\mshtml.dll
+ 2009-08-21 07:51 . 2009-03-08 11:32 1985024 c:\windows\ie8updates\KB972260-IE8\iertutil.dll
+ 2008-10-16 04:44 . 2009-02-06 11:08 2189056 c:\windows\Driver Cache\i386\ntoskrnl.exe
+ 2008-10-16 04:44 . 2009-02-06 10:32 2023936 c:\windows\Driver Cache\i386\ntkrpamp.exe
- 2008-10-16 04:44 . 2008-08-14 09:33 2023936 c:\windows\Driver Cache\i386\ntkrpamp.exe
+ 2008-10-16 04:44 . 2009-02-08 02:02 2066048 c:\windows\Driver Cache\i386\ntkrnlpa.exe
- 2008-10-16 04:44 . 2008-08-14 09:33 2066048 c:\windows\Driver Cache\i386\ntkrnlpa.exe
+ 2008-10-16 04:44 . 2009-02-06 11:06 2145280 c:\windows\Driver Cache\i386\ntkrnlmp.exe
- 2008-10-16 04:44 . 2008-08-14 10:09 2145280 c:\windows\Driver Cache\i386\ntkrnlmp.exe
+ 2004-08-10 18:51 . 2009-07-14 06:43 10841088 c:\windows\system32\wmp.dll
+ 2009-08-21 07:49 . 2009-07-30 00:49 24281536 c:\windows\system32\MRT.exe
+ 2009-03-08 11:39 . 2009-07-20 01:48 11067392 c:\windows\system32\ieframe.dll
+ 2004-08-10 18:51 . 2009-07-14 06:43 10841088 c:\windows\system32\dllcache\wmp.dll
+ 2009-07-20 01:48 . 2009-07-20 01:48 11067392 c:\windows\system32\dllcache\ieframe.dll
+ 2009-08-21 07:51 . 2009-03-08 11:39 11063808 c:\windows\ie8updates\KB972260-IE8\ieframe.dll
.
-- Snapshot reset to current date --
 

·
Registered
Joined
·
18 Posts
Discussion Starter · #12 ·
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-11-29 68856]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-08-05 1830128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-07-10 851968]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-06-06 8429568]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-06-06 81920]
"Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2007-07-03 1228800]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2007-07-25 823296]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2007-07-25 974848]
"KADxMain"="c:\windows\system32\KADxMain.exe" [2006-11-02 282624]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2006-10-03 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2006-10-03 81920]
"PCMService"="c:\program files\Dell\MediaDirect\PCMService.exe" [2007-04-16 184320]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-10-10 16384]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2007-11-15 286720]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-12 39792]
"VX3000"="c:\windows\vVX3000.exe" [2006-10-13 707376]
"LifeCam"="c:\program files\Microsoft LifeCam\LifeExp.exe" [2006-10-13 277296]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-08-19 149280]
"ECenter"="c:\dell\E-Center\EULALauncher.exe" [2007-05-24 17920]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2007-06-06 1626112]
"NVHotkey"="nvHotkey.dll" - c:\windows\system32\nvhotkey.dll [2007-06-06 67584]
"SigmatelSysTrayApp"="stsystra.exe" - c:\windows\stsystra.exe [2007-07-10 405504]

c:\documents and settings\Sof\Start Menu\Programs\Startup\
Webshots.lnk - c:\program files\Webshots\Launcher.exe [2008-6-26 157000]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2007-11-28 50688]
hp psc 1000 series.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe [2003-4-6 147456]
hpoddt01.exe.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [2003-4-6 28672]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSetActiveDesktop"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 19:05 356352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKLM\~\startupfolder\C:^Documents and Settings^Sof^Start Menu^Programs^Startup^autobahn.lnk]
path=c:\documents and settings\Sof\Start Menu\Programs\Startup\autobahn.lnk
backup=c:\windows\pss\autobahn.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Sof^Start Menu^Programs^Startup^Webshots.lnk]
path=c:\documents and settings\Sof\Start Menu\Programs\Startup\Webshots.lnk
backup=c:\windows\pss\Webshots.lnkStartup

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Dell\\MediaDirect\\PCMService.exe"=
"c:\\Program Files\\BitLord\\BitLord.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeExp.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Common Files\\Adobe\\Adobe Version Cue CS3\\Server\\bin\\VersionCueCS3.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeCam.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3703:TCP"= 3703:TCP:Adobe Version Cue CS3 Server
"3704:TCP"= 3704:TCP:Adobe Version Cue CS3 Server
"50900:TCP"= 50900:TCP:Adobe Version Cue CS3 Server
"50901:TCP"= 50901:TCP:Adobe Version Cue CS3 Server

R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [8/5/2009 4:06 PM 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [8/5/2009 4:06 PM 74480]
R3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\2F.tmp --> c:\windows\system32\2F.tmp [?]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [8/5/2009 4:06 PM 7408]
S1 df2b5479.sys;df2b5479.sys;\??\c:\windows\System32\drivers\df2b5479.sys --> c:\windows\System32\drivers\df2b5479.sys [?]
S1 fob839b;fob839b;c:\windows\system32\drivers\fob839b.sys [8/11/2009 12:05 AM 45344]
S3 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [11/28/2007 6:53 PM 29744]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - MEMSWEEP2

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2009-04-05 c:\windows\Tasks\FRU Task 2003-04-06 08:52ewlett-Packard2003-04-06 08:52p psc 1200 series5E771253C1676EBED677BF361FDFC537825E15B8230936710.job
- c:\program files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe [2003-04-06 08:52]
.
.
------- Supplementary Scan -------
.
uStart Page = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=2071129
uInternet Connection Wizard,ShellNext = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=2071129
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Sof\Application Data\Mozilla\Firefox\Profiles\shcc8dqs.default\
FF - prefs.js: keyword.URL - hxxp://www.ask.com/web?o=101447&l=dis&q=
FF - component: c:\program files\Mozilla Firefox\components\GoogleDesktopMozilla.dll
FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
FF - plugin: c:\documents and settings\Sof\Application Data\Mozilla\Firefox\Profiles\shcc8dqs.default\extensions\[email protected]\plugins\npTVUAx.dll
FF - plugin: c:\program files\Opera\program\plugins\npdivx32.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-21 16:56
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MEMSWEEP2]
"ImagePath"="\??\c:\windows\system32\2F.tmp"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(864)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\WININET.dll

- - - - - - - > 'explorer.exe'(3452)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2009-08-21 16:59
ComboFix-quarantined-files.txt 2009-08-21 23:59
ComboFix2.txt 2009-08-21 07:21

Pre-Run: 29,453,004,800 bytes free
Post-Run: 29,464,461,312 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

384 --- E O F --- 2009-08-21 07:54

Thank you!
 

·
Super Moderator
Joined
·
37,537 Posts
Download SDFix and save it to your Desktop.

Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)

Please then reboot your computer in Safe Mode by doing the following :
  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
  • Instead of Windows loading as normal, the Advanced Options Menu should appear;
  • Select the first option, to run Windows in Safe Mode, then press Enter.
  • Choose your usual account.
  • Open the extracted SDFix folder and double click RunThis.bat to start the script.
  • Type Y to begin the cleanup process.
  • It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
  • Press any Key and it will restart the PC.
  • When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
  • Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
    (Report.txt will also be copied to Clipboard ready for posting back on the forum).
  • Finally paste the contents of the Report.txt back on the forum with a new HijackThis log

==============

  • Please go to VirSCAN.org FREE on-line scan service
  • Copy and paste the following file path into the "Suspicious files to scan"box on the top of the page:
    • c:\windows\system32\drivers\fob839b.sys
  • Click on the Upload button
  • Once the Scan is completed, click on the "Copy to Clipboard" button. This will copy the link of the report into the Clipboard.
  • Paste the contents of the Clipboard in your next reply.

Also, do the same for this one:

c:\windows\system32\2F.tmp

Thanks :)

eddie
 

·
Registered
Joined
·
18 Posts
Discussion Starter · #14 ·
Hi!

Here is the SDFix report:

SDFix: Version 1.240
Run by Sof on Sat 08/22/2009 at 12:07 PM

Microsoft Windows XP [Version 5.1.2600]
Running From: C:\SDFix

Checking Services :

Restoring Default Security Values
Restoring Default Hosts File

Rebooting

Checking Files :

No Trojan Files Found

Removing Temp Files

ADS Check :

Final Check :

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-22 12:18:13
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0

Remaining Services :

Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:mad:xpsp2res.dll,-22019"
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\\Program Files\\Dell\\MediaDirect\\PCMService.exe"="C:\\Program Files\\Dell\\MediaDirect\\PCMService.exe:*:Enabled:CyberLink PowerCinema Resident Program"
"C:\\Program Files\\BitLord\\BitLord.exe"="C:\\Program Files\\BitLord\\BitLord.exe:*:Enabled:BitLord"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Program Files\\Microsoft LifeCam\\LifeExp.exe"="C:\\Program Files\\Microsoft LifeCam\\LifeExp.exe:*:Enabled:LifeExp.exe"
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\\Program Files\\Common Files\\Adobe\\Adobe Version Cue CS3\\Server\\bin\\VersionCueCS3.exe"="C:\\Program Files\\Common Files\\Adobe\\Adobe Version Cue CS3\\Server\\bin\\VersionCueCS3.exe:*:Enabled:Adobe Version Cue CS3 Server"
"C:\\Program Files\\Microsoft LifeCam\\LifeCam.exe"="C:\\Program Files\\Microsoft LifeCam\\LifeCam.exe:*:Enabled:LifeCam.exe"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:mad:xpsp3res.dll,-20000"
"C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:mad:xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:mad:xpsp3res.dll,-20000"

Remaining Files :

Files with Hidden Attributes :

Tue 28 Jul 2009 1,548,120 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\advcheck.dll"
Mon 15 Sep 2008 1,562,960 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SDHelper.dll"
Wed 6 Feb 2008 12,944 ...H. --- "C:\Documents and Settings\Sof\My Documents\~WRL0003.tmp"
Thu 27 Dec 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"

Finished!

And here is the hijackthis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:33:29 PM, on 8/22/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\stsystra.exe
C:\WINDOWS\system32\KADxMain.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Dell\MediaDirect\PCMService.exe
C:\WINDOWS\vVX3000.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Webshots\webshots.scr
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Sof\Desktop\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=2071129
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=2071129
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [NVHotkey] rundll32.exe nvHotkey.dll,Start
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [KADxMain] C:\WINDOWS\system32\KADxMain.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\MediaDirect\PCMService.exe"
O4 - HKLM\..\Run: [dscactivate] "%ProgramFiles%\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [VX3000] C:\WINDOWS\vVX3000.exe
O4 - HKLM\..\Run: [Adobe_ID0EYTHM] C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
O4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [ECenter] C:\Dell\E-Center\EULALauncher.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Adobe Version Cue CS3 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: digiSPTIService - Digidesign, A Division of Avid Technology, Inc. - C:\Program Files\Digidesign\Pro Tools\digiSPTIService.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Desktop Manager 5.7.806.10245 (GoogleDesktopManager-061008-081103) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel(R) Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

--
End of file - 10008 bytes
 

·
Registered
Joined
·
18 Posts
Discussion Starter · #15 ·
Here is the virScan result for the first file:

File information
File Name : fob839b.sys
File Size : 45344 byte
File Type : data
MD5 : ead9317ccad7f60f04c04ce1ec49453d
SHA1 : a09748c862262851f0322f25986dfe7cc0103a0e

Scanner results
Scanner results : All Scanners reported not find malware!
Time : 2009/08/22 13:26:20 (MDT)
Scanner ↓ Engine Ver Sig Ver Sig Date Scan result Time
a-squared 4.5.0.8 20090822190221 2009-08-22
-
0.321
AhnLab V3 2009.08.22.00 2009.08.22 2009-08-22
-
0.783
AntiVir 8.2.1.3 7.1.5.149 2009-08-21
-
0.318
Antiy 2.0.18 20090822.2725226 2009-08-22
-
0.119
Arcavir 2009 200908221405 2009-08-22
-
0.016
Authentium 5.1.1 200908221121 2009-08-22
-
1.151
AVAST! 4.7.4 090822-0 2009-08-22
-
0.003
AVG 8.5.288 270.13.64/2319 2009-08-22
-
0.306
BitDefender 7.81008.3912091 7.27291 2009-08-23
-
3.384
CA (VET) 9.0.0.143 31.6.6693 2009-08-21
-
7.703
ClamAV 0.95.2 9726 2009-08-22
-
0.005
Comodo 3.10 2060 2009-08-22
-
0.709
CP Secure 1.1.0.715 2009.08.22 2009-08-22
-
12.031
Dr.Web 4.44.0.9170 2009.08.22 2009-08-22
-
5.186
F-Prot 4.4.4.56 20090822 2009-08-22
-
1.146
F-Secure 7.02.73807 2009.08.21.10 2009-08-21
-
7.815
Fortinet 2.81-3.120 10.745 2009-08-22
-
0.161
GData 19.7306/19.447 20090822 2009-08-22
-
4.588
Ikarus T3.1.01.68 2009.08.22.73334 2009-08-22
-
3.557
JiangMin 11.0.800 2009.08.21 2009-08-21
-
3.442
Kaspersky 5.5.10 2009.08.22 2009-08-22
-
0.021
KingSoft 2009.2.5.15 2009.8.22.21 2009-08-22
-
0.465
McAfee 5.3.00 5716 2009-08-21
-
3.096
Microsoft 1.4903 2009.08.22 2009-08-22
-
5.583
Norman 6.01.09 6.01.00 2009-08-21
-
4.007
nProtect 20090818.01 5093763 2009-08-18
-
6.175
Panda 9.05.01 2009.08.22 2009-08-22
-
1.662
Quick Heal 10.00 2009.08.22 2009-08-22
-
1.163
Rising 20.0 21.43.44.00 2009-08-21
-
0.266
Sophos 2.89.1 4.44 2009-08-23
-
3.238
Sunbelt 5350 5350 2009-08-22
-
1.232
Symantec 1.3.0.24 20090822.004 2009-08-22
-
0.230
The Hacker 6.3.4.3 v00385 2009-08-21
-
0.668
Trend Micro 8.700-1004 6.388.02 2009-08-22
-
0.039
VBA32 3.12.10.9 20090821.1536 2009-08-21
-
1.864
ViRobot 20090822 2009.08.22 2009-08-22
-
0.412
VirusBuster 4.5.11.10 10.112.12/1801360 2009-08-21
-
2.216
Note: this file has been scanned before. Therefore, this file's scan result will not be stored in the database


When I went to upload the second item,c:\windows\system32\2F.tmp, it said 'file not found'


Thanks for all the help!
 

·
Super Moderator
Joined
·
37,537 Posts
Download OTS to your Desktop
  • Double-click on OTS.exe to start the program. Make sure you close all other programs and don't use the PC while the scan runs.
  • Now click the Run Scan button on the toolbar. Make sure not to use the PC while the program is running or it will freeze.
  • When the scan is complete Notepad will open with the report file loaded in it.
  • Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.
Use the Go Advanced button and post the information back here in an attachment. I will review it when it comes in. The last line is < End of Report >, so make sure that is the last line in the attached report.

Make sure you attach the report in your reply. If it is too big to upload, then zip the text file and upload it that way
 

·
Registered
Joined
·
18 Posts
Discussion Starter · #18 ·
Hi! I'm sorry about your computer. I hope everything is working now. You deserve lots of good computer karma :).

I ran OTS and have hopefully attached the report correctly.

Thank you!
 

Attachments

·
Super Moderator
Joined
·
37,537 Posts
What a week or two :(

Firstly, I was having problems with the internet. Then, work was hell and belive me when I say that at times I was close to telling them to stick their job. Now, searching all over to just get out.

Then, at the beginning of last week I was typing a reply at TSG, and then Blue screen of death, and it wasn't a good one. Lost everything, so had to re-install everything again.

Spent this weekend driving all over, visiting agencies for job recruitment, and now I'm back....


But off on holiday next Saturday for a week to Poland, and then when back, moving out of home to a rented house.....and then no internet for a few days.


What a fortnight :eek:


So, just to let you know I had not forgotten you. I have never given up on a thread at TSG since I joined nearly 10 years ago, and this will not be my first ;)


So, give me a few mins to re-read, and away we go.

By the way, I had done backups of the malware that was in this thread, so just need to track that down, and we're good to go again :)

Back soon

eddie
 

·
Super Moderator
Joined
·
37,537 Posts
Start OTS. Copy/Paste the information in the quotebox below into the panel where it says "Paste fix here" and then click the Run Fix button.

[Kill Explorer]
[Unregister Dlls]
[Files/Folders - Created Within 30 Days]
NY -> PEV.exe -> C:\WINDOWS\PEV.exe
[Purity]
[Empty Temp Folders]
[Start Explorer]
[Reboot]
The fix should only take a very short time. When the fix is completed a message box will popup telling you that it is finished. Click the Ok button and Notepad will open with a log of actions taken during the fix. Post that information back here

I will review the information when it comes back in.
 
1 - 20 of 33 Posts
Status
Not open for further replies.
Top