Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Extremely slow start up and random pop ups [CLOSED]


  • This topic is locked This topic is locked

#1
venomousdarts

venomousdarts

    Member

  • Member
  • PipPip
  • 12 posts
hi...I followed the steps in the "You Must Read This Before Posting A Hijackthis Log" section and in the process I identified smitfraud-C and removed it successfully(I think)...But my computer still runs considerably slow...It takes 17mins just to start up which used to take me just 2 mins...and I cant even run multiple programs at the same time unlike before due to the how slow it has gotten...I get random pop ups that pop up at any given time directing me to windantivirus website sometimes and others sites as well...I know how my computer is capable of running and I know there must be some kind of malware undetected...any help is greatly appreciated since i need my computer for my job...thank you in advance heres my hijackthislog

Logfile of HijackThis v1.99.1
Scan saved at 11:49:33 AM, on 2/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ACS.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Apache Software Foundation\Apache2.2\bin\httpd.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\WINDOWS\system32\DVDRAMSV.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Apache Software Foundation\Apache2.2\bin\httpd.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\MySQL\MySQL Server 5.0\bin\mysqld-nt.exe
C:\WINDOWS\system32\ZoneLabs\isafe.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
C:\WINDOWS\system32\TPSMain.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\Program Files\ltmoh\Ltmoh.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Adobe\Adobe Version Cue\ControlPanel\VersionCueTray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\Program Files\CyberLink DVD Solution\Multimedia Launcher\PowerBar.exe
C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Adobe\Adobe Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\Apache Software Foundation\Apache2.2\bin\ApacheMonitor.exe
C:\WINDOWS\system32\RAMASST.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Rainlendar\Rainlendar.exe
C:\Program Files\Azureus\Azureus.exe
C:\Program Files\Java\jre1.5.0_06\bin\javaw.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Java\jre1.5.0_06\bin\jucheck.exe
C:\HJT\HJT.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 212.66.15.22:80
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Adobe Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {68D5CF1D-EC5C-4bdd-A9EF-F0E517565D50} - C:\WINDOWS\system32\hukihqbr.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {A9CB8FDD-B26B-422C-8E24-E0C8E64E918A} - C:\WINDOWS\system32\qomkjii.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Adobe Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: (no name) - {B76F4C6D-2C48-4CA2-B526-FACF9BE8055F} - C:\WINDOWS\system32\tuvtssq.dll
O2 - BHO: (no name) - {ED78F4FA-A4C9-4067-B993-51BB74914423} - C:\WINDOWS\system32\vtsts.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Adobe Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: (no name) - {62999427-33FC-4baf-9C9C-BCE6BD127F08} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
O4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
O4 - HKLM\..\Run: [THotkey] C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [CFSServ.exe] CFSServ.exe -NoClient
O4 - HKLM\..\Run: [AdobeVersionCue] C:\Program Files\Adobe\Adobe Version Cue\ControlPanel\VersionCueTray.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [CloneCDElbyCDFL] "C:\Program Files\Elaborate Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Openwares LiveUpdate] C:\Program Files\LiveUpdate\LiveUpdate.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [{10EB2D25-0B75-1033-0910-040405130001}] "C:\Program Files\Common Files\{10EB2D25-0B75-1033-0910-040405130001}\Update.exe" mc-110-12-0000272
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R
O4 - HKCU\..\Run: [PowerBar] "C:\Program Files\CyberLink DVD Solution\Multimedia Launcher\PowerBar.exe" /AtBootTime
O4 - HKCU\..\Run: [SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
O4 - Startup: Rainlendar.lnk = C:\Program Files\Rainlendar\Rainlendar.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Adobe Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Monitor Apache Servers.lnk = C:\Program Files\Apache Software Foundation\Apache2.2\bin\ApacheMonitor.exe
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\PROGRA~1\DAP\dapextie2.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O11 - Options group: [INTERNATIONAL] International*
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1120073271703
O16 - DPF: {9D190AE6-C81E-4039-8061-978EBAD10073} (F-Secure Online Scanner 3.0) - http://support.f-sec...m/ols/fscax.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zon...ro.cab47946.cab
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zon...ss.cab31267.cab
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: tuvtssq - C:\WINDOWS\SYSTEM32\tuvtssq.dll
O20 - Winlogon Notify: vtsts - C:\WINDOWS\system32\vtsts.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: winbfi32 - C:\WINDOWS\
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\ACS.exe
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AdobeVersionCue - Adobe Sytems - C:\Program Files\Adobe\Adobe Version Cue\service\VersionCue.exe
O23 - Service: Apache2.2 - Unknown owner - C:\Program Files\Apache Software Foundation\Apache2.2\bin\httpd.exe" -k runservice (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: CA ISafe (CAISafe) - Computer Associates International, Inc. - C:\WINDOWS\system32\ZoneLabs\isafe.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: COM+ Messages - Unknown owner - C:\WINDOWS\system32\svchosts.exe" -e mc-110-12-0000272 (file missing)
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: MySQL - Unknown owner - C:\Program.exe (file missing)
O23 - Service: Apache Tomcat (Tomcat5) - Unknown owner - C:\Program Files\Apache Software Foundation\Tomcat 5.0\bin\tomcat5.exe" //RS//Tomcat5 (file missing)
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
  • 0

Advertisements


#2
Thunderbird1988

Thunderbird1988

    Member 2k

  • Member
  • PipPipPipPipPip
  • 2,416 posts
Hello venoumousdarts,

I am Thunderbird1988 and I have helped you with your previous log.

I am currently analysing your log and formulating a fix for your computer.

Thunderbird1988

Edited by Thunderbird1988, 12 February 2007 - 12:36 PM.

  • 0

#3
venomousdarts

venomousdarts

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
thank you very much thunderbird...my last post was closed becuase i wasnt able to reply in time...sorry about that
  • 0

#4
Thunderbird1988

Thunderbird1988

    Member 2k

  • Member
  • PipPipPipPipPip
  • 2,416 posts
Hello Venomousdarts,

Download SDFix and save it to your Desktop.
Please download VundoFix.exe to your desktop.
Download ComboFix.exe using either of these links:

BleepingComputer

Techsupportforum.com



Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)

Please then reboot your computer in Safe Mode by doing the following :
  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
  • Instead of Windows loading as normal, the Advanced Options Menu should appear;
  • Select the first option, to run Windows in Safe Mode, then press Enter.
  • Choose your usual account.
  • Open the extracted SDFix folder and double click RunThis.bat to start the script.
  • Type Y to begin the cleanup process.
  • It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
  • Press any Key and it will restart the PC.
  • When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
  • Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
    (Report.txt will also be copied to Clipboard ready for posting back on the forum).
  • Double-click VundoFix.exe to run it.
  • Click the Scan for Vundo button.
  • Once it's done scanning, click the Remove Vundo button.
  • You will receive a prompt asking if you want to remove the files, click YES
  • Once you click yes, your desktop will go blank as it starts removing Vundo.
  • When completed, it will prompt that it will reboot your computer, click OK.
Note: It is possible that VundoFix encountered a file it could not remove. In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button" when VundoFix appears upon rebooting.


1. Double click on combofix.exe & follow the prompts to allow the tool to run.

2. When it has finished, it will produce a log for you. Post that log. the contents of C:/SDfix/report.txt, the contents of C:/vundofix.txt and a fresh HJT log in your next reply

Note:
Do not mouseclick combofix's window while it's running. That may cause it to stall.

Thunderbird1988
  • 0

#5
venomousdarts

venomousdarts

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
SDFix: Version 1.64

Run by: Administrator - Tue 02/13/2007 @ 13:57:32.00

Microsoft Windows XP [Version 5.1.2600]

Running From: C:\SDFix

Safe Mode:
Checking Services:

Name:
COM+ Messages

Path:
"C:\WINDOWS\system32\svchosts.exe" -e mc-110-12-0000272

COM+ Messages Deleted

Restoring Windows Registry Entries
Restoring Default Hosts File


Rebooting...

Normal Mode:
Checking Files:

Below files will be copied to Backups folder then removed:

C:\WINDOWS\system32\unsvchosts.lzma - Deleted
C:\WINDOWS\Temp\removalfile.bat - Deleted



ADS Check:

C:\WINDOWS\system32
No streams found.

Final Check:


Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Labtam\\SSHPro\\xwppeg.exe"="C:\\Program Files\\Labtam\\SSHPro\\xwppeg.exe:*:Enabled:xwppeg"
"C:\\Program Files\\mIRC\\mirc.exe"="C:\\Program Files\\mIRC\\mirc.exe:*:Enabled:mIRC"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Program Files\\FlashFXP\\flashfxp.exe"="C:\\Program Files\\FlashFXP\\flashfxp.exe:*:Enabled:FlashFXP v3"
"C:\\Program Files\\Java\\j2re1.4.2_05\\bin\\javaw.exe"="C:\\Program Files\\Java\\j2re1.4.2_05\\bin\\javaw.exe:*:Enabled:javaw"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:MSN Messenger 7.5"
"C:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"="C:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe:*:Enabled:Remote Assistance - Windows Messenger and Voice"
"C:\\WINDOWS\\TEMP\\win47.tmp.exe"="C:\\WINDOWS\\TEMP\\win47.tmp.exe:*:Enabled:win47.tmp"
"C:\\WINDOWS\\TEMP\\winCD.tmp.exe"="C:\\WINDOWS\\TEMP\\winCD.tmp.exe:*:Enabled:winCD.tmp"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"


[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\FlashFXP\\flashfxp.exe"="C:\\Program Files\\FlashFXP\\flashfxp.exe:*:Enabled:FlashFXP v3"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:MSN Messenger 7.5"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"


Remaining Files:
---------------

Backups Folder: - C:\SDFix\backups\backups.zip


Checking For Files with Hidden Attributes :

C:\Documents and Settings\All Users\Documents\My Music\Lost Boyz[httphiphopfourlife.blogspot.com] (Forever) c2005\AlbumArtSmall.jpg
C:\Documents and Settings\All Users\Documents\My Music\Lost Boyz[httphiphopfourlife.blogspot.com] (Forever) c2005\AlbumArt_{F4B68289-157B-4A18-A275-CA012CFCF2C2}_Large.jpg
C:\Documents and Settings\All Users\Documents\My Music\Lost Boyz[httphiphopfourlife.blogspot.com] (Forever) c2005\AlbumArt_{F4B68289-157B-4A18-A275-CA012CFCF2C2}_Small.jpg
C:\Documents and Settings\All Users\Documents\My Music\Lost Boyz[httphiphopfourlife.blogspot.com] (Forever) c2005\desktop.ini
C:\Documents and Settings\All Users\Documents\My Music\Lost Boyz[httphiphopfourlife.blogspot.com] (Forever) c2005\Folder.jpg
C:\Documents and Settings\All Users\Documents\My Music\Mariah Carey\Butterfly - thethrowbacks.blogspot.com\AlbumArtSmall.jpg
C:\Documents and Settings\All Users\Documents\My Music\Mariah Carey\Butterfly - thethrowbacks.blogspot.com\AlbumArt_{E1326736-03E3-45E9-9E0B-906D3E9B563A}_Large.jpg
C:\Documents and Settings\All Users\Documents\My Music\Mariah Carey\Butterfly - thethrowbacks.blogspot.com\AlbumArt_{E1326736-03E3-45E9-9E0B-906D3E9B563A}_Small.jpg
C:\Documents and Settings\All Users\Documents\My Music\Mariah Carey\Butterfly - thethrowbacks.blogspot.com\desktop.ini
C:\Documents and Settings\All Users\Documents\My Music\Mariah Carey\Butterfly - thethrowbacks.blogspot.com\Folder.jpg
C:\Documents and Settings\All Users\Documents\My Music\Mariah Carey\Butterfly - thethrowbacks.blogspot.com\Thumbs.db
C:\Documents and Settings\All Users\Documents\My Music\Mariah Carey_MTVUnplugged-thethrowbacks.blogspot.com\desktop.ini
C:\Documents and Settings\All Users\Documents\My Music\Mariah Carey_MTVUnplugged-thethrowbacks.blogspot.com\MTV Unplugged [EP]\AlbumArtSmall.jpg
C:\Documents and Settings\All Users\Documents\My Music\Mariah Carey_MTVUnplugged-thethrowbacks.blogspot.com\MTV Unplugged [EP]\AlbumArt_{1504C278-64BD-4350-8F78-0A19D724A957}_Large.jpg
C:\Documents and Settings\All Users\Documents\My Music\Mariah Carey_MTVUnplugged-thethrowbacks.blogspot.com\MTV Unplugged [EP]\AlbumArt_{1504C278-64BD-4350-8F78-0A19D724A957}_Small.jpg
C:\Documents and Settings\All Users\Documents\My Music\Mariah Carey_MTVUnplugged-thethrowbacks.blogspot.com\MTV Unplugged [EP]\desktop.ini
C:\Documents and Settings\All Users\Documents\My Music\Mariah Carey_MTVUnplugged-thethrowbacks.blogspot.com\MTV Unplugged [EP]\Folder.jpg
C:\Documents and Settings\All Users\Documents\My Music\Mariah Carey_MTVUnplugged-thethrowbacks.blogspot.com\MTV Unplugged [EP]\Thumbs.db
C:\Documents and Settings\All Users\Documents\My Music\mc-mb_thethrowbacks.blogspot.com\desktop.ini
C:\Documents and Settings\All Users\Documents\My Music\mc-mb_thethrowbacks.blogspot.com\Music Box\AlbumArtSmall.jpg
C:\Documents and Settings\All Users\Documents\My Music\mc-mb_thethrowbacks.blogspot.com\Music Box\AlbumArt_{B0A784A6-7CAB-4EBA-8281-8A2262197EDD}_Large.jpg
C:\Documents and Settings\All Users\Documents\My Music\mc-mb_thethrowbacks.blogspot.com\Music Box\AlbumArt_{B0A784A6-7CAB-4EBA-8281-8A2262197EDD}_Small.jpg
C:\Documents and Settings\All Users\Documents\My Music\mc-mb_thethrowbacks.blogspot.com\Music Box\desktop.ini
C:\Documents and Settings\All Users\Documents\My Music\mc-mb_thethrowbacks.blogspot.com\Music Box\Folder.jpg
C:\Documents and Settings\All Users\Documents\My Music\mc-mb_thethrowbacks.blogspot.com\Music Box\Thumbs.db
C:\Documents and Settings\All Users\Documents\My Music\thethrowbacks.blogspot.com-Mariah Carey\desktop.ini
C:\Documents and Settings\All Users\Documents\My Music\thethrowbacks.blogspot.com-Mariah Carey\Mariah Carey\AlbumArtSmall.jpg
C:\Documents and Settings\All Users\Documents\My Music\thethrowbacks.blogspot.com-Mariah Carey\Mariah Carey\AlbumArt_{B1BE457E-9E08-42CE-98F6-9B9EE0966405}_Large.jpg
C:\Documents and Settings\All Users\Documents\My Music\thethrowbacks.blogspot.com-Mariah Carey\Mariah Carey\AlbumArt_{B1BE457E-9E08-42CE-98F6-9B9EE0966405}_Small.jpg
C:\Documents and Settings\All Users\Documents\My Music\thethrowbacks.blogspot.com-Mariah Carey\Mariah Carey\desktop.ini
C:\Documents and Settings\All Users\Documents\My Music\thethrowbacks.blogspot.com-Mariah Carey\Mariah Carey\Folder.jpg
C:\WINDOWS\system32\qomkjii.dll
C:\WINDOWS\system32\tuvtssq.dll
C:\WINDOWS\system32\vtsts.dll
C:\Documents and Settings\All Users\Application Data\Microsoft\visualstudio\7.1\vs000223.tmp
C:\Documents and Settings\All Users\DRM\Cache\Indiv02.tmp
C:\Documents and Settings\Herbert\My Documents\~WRL0003.tmp

Finished
  • 0

#6
venomousdarts

venomousdarts

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
#######################################################
VundoFix V6.3.6

Checking Java version...

Java version is 1.4.2.5

Java version is 1.5.0.6

Scan started at 2:37:06 PM 2/13/2007

Listing files found while scanning....

C:\WINDOWS\system32\hukihqbr.dll
C:\WINDOWS\system32\pcxgiewu.dll
C:\WINDOWS\system32\qomkjii.dll
C:\WINDOWS\system32\ststv.bak1
C:\WINDOWS\system32\ststv.bak2
C:\WINDOWS\system32\ststv.ini
C:\WINDOWS\system32\ststv.ini2
C:\WINDOWS\system32\tuvtssq.dll
C:\WINDOWS\system32\vtsts.dll

Beginning removal...

Attempting to delete C:\WINDOWS\system32\hukihqbr.dll
C:\WINDOWS\system32\hukihqbr.dll Could not be deleted.

Attempting to delete C:\WINDOWS\system32\qomkjii.dll
C:\WINDOWS\system32\qomkjii.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\ststv.bak1
C:\WINDOWS\system32\ststv.bak1 Has been deleted!

Attempting to delete C:\WINDOWS\system32\ststv.bak2
C:\WINDOWS\system32\ststv.bak2 Has been deleted!

Attempting to delete C:\WINDOWS\system32\ststv.ini
C:\WINDOWS\system32\ststv.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\ststv.ini2
C:\WINDOWS\system32\ststv.ini2 Has been deleted!

Attempting to delete C:\WINDOWS\system32\tuvtssq.dll
C:\WINDOWS\system32\tuvtssq.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\vtsts.dll
C:\WINDOWS\system32\vtsts.dll Has been deleted!

Performing Repairs to the registry.
Done!

Beginning removal...

Attempting to delete C:\WINDOWS\system32\hukihqbr.dll
C:\WINDOWS\system32\hukihqbr.dll Has been deleted!

Performing Repairs to the registry.
Done!

VundoFix V6.3.6

Checking Java version...

Java version is 1.4.2.5

Java version is 1.5.0.6

Scan started at 6:22:04 PM 2/13/2007

Listing files found while scanning....

C:\WINDOWS\system32\hukihqbr.dll
C:\WINDOWS\system32\pcxgiewu.dll

Beginning removal...

Performing Repairs to the registry.
Done!



#########################################################



"Herbert" - 07-02-13 21:07:35 Service Pack 2
ComboFix 07-02-11 - Running from: "C:\Documents and Settings\Herbert\Desktop"

(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\system32\W007T32W.DLL
C:\Program Files\Common Files\{10EB2~1
C:\Program Files\Common Files\{30EB2~1
C:\Program Files\VSAdd-in


((((((((((((((((((((((((((((((( Files Created from 2007-01-13 to 2007-02-13 ))))))))))))))))))))))))))))))))))


2007-02-13 14:37 <DIR> d-------- C:\VundoFix Backups
2007-02-13 13:49 <DIR> d-------- C:\SDFix
2007-02-12 11:48 <DIR> d-------- C:\HJT
2007-02-08 00:38 76,412 --a------ C:\WINDOWS\system32\kfvktbmt.dll
2007-02-05 00:47 <DIR> d-------- C:\WMR Recordings
2007-02-05 00:40 737,280 --a------ C:\WINDOWS\iun6002.exe
2007-02-05 00:40 <DIR> d-------- C:\Program Files\WM Recorder 10.2
2007-02-01 00:02 76,412 --a------ C:\WINDOWS\system32\txxxmdiv.dll
2007-01-23 15:38 76,412 --a------ C:\WINDOWS\system32\kqxpgeim.dll
2007-01-20 03:23 <DIR> d-------- C:\Program Files\Yahoo!
2007-01-18 23:52 76,412 --a------ C:\WINDOWS\system32\divekafj.dll
2007-01-14 15:36 <DIR> d-------- C:\WINDOWS\CAVTemp
2007-01-13 19:54 1,021,504 --a------ C:\WINDOWS\system32\vete.dll
2007-01-13 19:19 4,212 ---h----- C:\WINDOWS\system32\zllictbl.dat
2007-01-13 19:17 77,824 --a------ C:\WINDOWS\system32\driverif.dll
2007-01-13 19:17 75,776 --a------ C:\WINDOWS\zllsputility.exe
2007-01-13 19:17 645,904 --a------ C:\WINDOWS\system32\drivers\vetmonnt.sys
2007-01-13 19:17 21,605 --a------ C:\WINDOWS\system32\drivers\vet-filt.sys
2007-01-13 19:17 15,668 --a------ C:\WINDOWS\system32\drivers\vet-rec.sys
2007-01-13 19:17 12,288 --a------ C:\WINDOWS\system32\vetntmsg.dll
2007-01-13 19:17 115,088 --a------ C:\WINDOWS\system32\drivers\vetfddnt.sys
2007-01-13 19:17 11,264 --a------ C:\WINDOWS\system32\SpOrder.dll
2007-01-13 19:16 <DIR> d-------- C:\WINDOWS\system32\ZoneLabs
2007-01-13 19:14 <DIR> d-------- C:\WINDOWS\Internet Logs


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2007-02-13 21:01 -------- d-------- C:\DOCUME~1\Herbert\Application Data\azureus
2007-02-13 18:30 -------- d-------- C:\Program Files\mozilla firefox
2007-02-13 15:30 -------- d-------- C:\Program Files\pokerstars.net
2007-02-11 19:08 -------- d-------- C:\DOCUME~1\Herbert\Application Data\adobe
2007-01-29 00:23 -------- d-------- C:\Program Files\pokerstars
2007-01-28 03:20 -------- d-------- C:\Program Files\mirc
2007-01-23 20:09 -------- d-------- C:\Program Files\symantec
2007-01-23 20:09 -------- d-------- C:\Program Files\Common Files\symantec shared
2007-01-23 15:31 -------- d-------- C:\Program Files\norton internet security
2007-01-22 01:11 -------- d-------- C:\DOCUME~1\Herbert\Application Data\adobeum
2007-01-13 22:57 -------- d-------- C:\DOCUME~1\Herbert\Application Data\macromedia
2007-01-11 23:41 5132 --a------ C:\WINDOWS\system32\tmp.reg
2007-01-06 05:07 -------- d-------- C:\Program Files\windows media connect 2
2007-01-06 04:44 -------- d-------- C:\Program Files\messenger
2007-01-05 20:51 -------- d-------- C:\Program Files\super dvd creator 8.5
2007-01-05 03:36 33920 --a------ C:\WINDOWS\system32\drivers\oreans32.sys
2007-01-05 03:34 -------- d-------- C:\Program Files\magiciso
2007-01-05 03:22 -------- d-------- C:\DOCUME~1\Herbert\Application Data\symantec
2007-01-04 23:54 -------- d-------- C:\Program Files\aqua dock
2007-01-01 18:59 -------- d-------- C:\Program Files\xoftspyse
2006-12-31 14:11 9216 --a------ C:\WINDOWS\system32\evndyrze.exe
2006-12-27 21:40 -------- d-------- C:\Program Files\sdp multimedia
2006-12-23 03:22 0 --a------ C:\WINDOWS\system32\asgp32.dll
2006-12-23 03:21 15360 --a------ C:\WINDOWS\system32\intr32.dll
2006-11-27 03:45 60416 --------- C:\WINDOWS\system32\tzchange.exe
2006-11-13 01:02 36352 --------- C:\WINDOWS\system32\tsgqec.dll
2006-11-13 01:02 288768 --------- C:\WINDOWS\system32\rhttpaa.dll
2006-11-13 01:02 1866240 --a------ C:\WINDOWS\system32\mstscax.dll
2006-11-13 01:02 116736 --------- C:\WINDOWS\system32\aaclient.dll


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"TOSCDSPD"="C:\\Program Files\\TOSHIBA\\TOSCDSPD\\toscdspd.exe"
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"Creative Detector"="C:\\Program Files\\Creative\\MediaSource\\Detector\\CTDetect.exe /R"
"PowerBar"="\"C:\\Program Files\\CyberLink DVD Solution\\Multimedia Launcher\\PowerBar.exe\" /AtBootTime"
"SweetIM"="C:\\Program Files\\Macrogaming\\SweetIM\\SweetIM.exe"
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="\"C:\\Program Files\\Common Files\\Ahead\\lib\\NMBgMonitor.exe\""
"swg"="C:\\Program Files\\Google\\GoogleToolbarNotifier\\1.2.908.5008\\GoogleToolbarNotifier.exe"
"WMPNSCFG"="C:\\Program Files\\Windows Media Player\\WMPNSCFG.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"ATIPTA"="C:\\Program Files\\ATI Technologies\\ATI Control Panel\\atiptaxx.exe"
"AGRSMMSG"="AGRSMMSG.exe"
"NDSTray.exe"="NDSTray.exe"
"dla"="C:\\WINDOWS\\system32\\dla\\tfswctrl.exe"
"SmoothView"="C:\\Program Files\\TOSHIBA\\TOSHIBA Zooming Utility\\SmoothView.exe"
"PadTouch"="C:\\Program Files\\TOSHIBA\\Touch and Launch\\PadExe.exe"
"THotkey"="C:\\Program Files\\Toshiba\\Toshiba Applet\\thotkey.exe"
"TPSMain"="TPSMain.exe"
"SynTPLpr"="C:\\Program Files\\Synaptics\\SynTP\\SynTPLpr.exe"
"SynTPEnh"="C:\\Program Files\\Synaptics\\SynTP\\SynTPEnh.exe"
"LtMoh"="C:\\Program Files\\ltmoh\\Ltmoh.exe"
"TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"CFSServ.exe"="CFSServ.exe -NoClient"
"AdobeVersionCue"="C:\\Program Files\\Adobe\\Adobe Version Cue\\ControlPanel\\VersionCueTray.exe"
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"RemoteControl"="\"C:\\Program Files\\CyberLink DVD Solution\\PowerDVD\\PDVDServ.exe\""
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"CloneCDElbyCDFL"="\"C:\\Program Files\\Elaborate Bytes\\CloneCD\\ElbyCheck.exe\" /L ElbyCDFL"
"NWEReboot"=""
"NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"Openwares LiveUpdate"="C:\\Program Files\\LiveUpdate\\LiveUpdate.exe"
"SunJavaUpdateSched"="C:\\Program Files\\Java\\jre1.5.0_06\\bin\\jusched.exe"
"{10EB2D25-0B75-1033-0910-040405130001}"="\"C:\\Program Files\\Common Files\\{10EB2D25-0B75-1033-0910-040405130001}\\Update.exe\" mc-110-12-0000272"
"Zone Labs Client"="\"C:\\Program Files\\Zone Labs\\ZoneAlarm\\zlclient.exe\""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"


[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{54D9498B-CF93-414F-8984-8CE7FDE0D391}"="ewido shell guard"
"{B76F4C6D-2C48-4CA2-B526-FACF9BE8055F}"=""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"UPnPMonitor"="{e57ce738-33e8-4c51-8354-bb4de9d215d1}"
"WPDShServiceObj"="{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoCDBurning"=dword:00000000

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoActiveDesktop"=dword:00000000

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\run]

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winbfi32

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
WudfServiceGroup REG_MULTI_SZ WUDFSvc\0\0



********************************************************************

catchme 0.1 W2K/XP - userland rootkit detector by Gmer, 17 October 2006
http://www.gmer.net

scanning hidden processes ...

scanning hidden services ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0

********************************************************************

Completion time: 07-02-13 22:00:01



################################################################



Logfile of HijackThis v1.99.1
Scan saved at 10:04:33 PM, on 2/13/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ACS.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Apache Software Foundation\Apache2.2\bin\httpd.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files\Apache Software Foundation\Apache2.2\bin\httpd.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\WINDOWS\system32\DVDRAMSV.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\MySQL\MySQL Server 5.0\bin\mysqld-nt.exe
C:\WINDOWS\system32\ZoneLabs\isafe.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
C:\WINDOWS\system32\TPSMain.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ltmoh\Ltmoh.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Adobe\Adobe Version Cue\ControlPanel\VersionCueTray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\Program Files\CyberLink DVD Solution\Multimedia Launcher\PowerBar.exe
C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Adobe\Adobe Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\Apache Software Foundation\Apache2.2\bin\ApacheMonitor.exe
C:\WINDOWS\system32\RAMASST.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Rainlendar\Rainlendar.exe
C:\Program Files\Java\jre1.5.0_06\bin\jucheck.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\HJT\HJT.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 212.66.15.22:80
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Adobe Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {68D5CF1D-EC5C-4bdd-A9EF-F0E517565D50} - C:\WINDOWS\system32\hukihqbr.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {A9CB8FDD-B26B-422C-8E24-E0C8E64E918A} - C:\WINDOWS\system32\qomkjii.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Adobe Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: (no name) - {B76F4C6D-2C48-4CA2-B526-FACF9BE8055F} - C:\WINDOWS\system32\tuvtssq.dll (file missing)
O2 - BHO: (no name) - {C10FF884-59D4-478B-AA3B-74E934EB7868} - C:\WINDOWS\system32\vtsts.dll (file missing)
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Adobe Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: (no name) - {62999427-33FC-4baf-9C9C-BCE6BD127F08} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
O4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
O4 - HKLM\..\Run: [THotkey] C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [CFSServ.exe] CFSServ.exe -NoClient
O4 - HKLM\..\Run: [AdobeVersionCue] C:\Program Files\Adobe\Adobe Version Cue\ControlPanel\VersionCueTray.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [CloneCDElbyCDFL] "C:\Program Files\Elaborate Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Openwares LiveUpdate] C:\Program Files\LiveUpdate\LiveUpdate.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [{10EB2D25-0B75-1033-0910-040405130001}] "C:\Program Files\Common Files\{10EB2D25-0B75-1033-0910-040405130001}\Update.exe" mc-110-12-0000272
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R
O4 - HKCU\..\Run: [PowerBar] "C:\Program Files\CyberLink DVD Solution\Multimedia Launcher\PowerBar.exe" /AtBootTime
O4 - HKCU\..\Run: [SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
O4 - Startup: Rainlendar.lnk = C:\Program Files\Rainlendar\Rainlendar.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Adobe Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Monitor Apache Servers.lnk = C:\Program Files\Apache Software Foundation\Apache2.2\bin\ApacheMonitor.exe
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\PROGRA~1\DAP\dapextie2.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O11 - Options group: [INTERNATIONAL] International*
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1120073271703
O16 - DPF: {9D190AE6-C81E-4039-8061-978EBAD10073} (F-Secure Online Scanner 3.0) - http://support.f-sec...m/ols/fscax.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zon...ro.cab47946.cab
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zon...ss.cab31267.cab
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: winbfi32 - C:\WINDOWS\
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\ACS.exe
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AdobeVersionCue - Adobe Sytems - C:\Program Files\Adobe\Adobe Version Cue\service\VersionCue.exe
O23 - Service: Apache2.2 - Unknown owner - C:\Program Files\Apache Software Foundation\Apache2.2\bin\httpd.exe" -k runservice (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: CA ISafe (CAISafe) - Computer Associates International, Inc. - C:\WINDOWS\system32\ZoneLabs\isafe.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: MySQL - Unknown owner - C:\Program.exe (file missing)
O23 - Service: Apache Tomcat (Tomcat5) - Unknown owner - C:\Program Files\Apache Software Foundation\Tomcat 5.0\bin\tomcat5.exe" //RS//Tomcat5 (file missing)
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
  • 0

#7
Thunderbird1988

Thunderbird1988

    Member 2k

  • Member
  • PipPipPipPipPip
  • 2,416 posts
Hello venomousdarts,

Please re-open HiJackThis and scan. Check the boxes next to all the entries listed below.

O2 - BHO: (no name) - {68D5CF1D-EC5C-4bdd-A9EF-F0E517565D50} - C:\WINDOWS\system32\hukihqbr.dll (file missing)
O2 - BHO: (no name) - {A9CB8FDD-B26B-422C-8E24-E0C8E64E918A} - C:\WINDOWS\system32\qomkjii.dll (file missing
O2 - BHO: (no name) - {B76F4C6D-2C48-4CA2-B526-FACF9BE8055F} - C:\WINDOWS\system32\tuvtssq.dll (file missing)
O2 - BHO: (no name) - {C10FF884-59D4-478B-AA3B-74E934EB7868} - C:\WINDOWS\system32\vtsts.dll (file missing)
O3 - Toolbar: (no name) - {62999427-33FC-4baf-9C9C-BCE6BD127F08} - (no file)
O20 - Winlogon Notify: winbfi32 - C:\WINDOWS\


Now close all windows other than HiJackThis, then click Fix Checked. Close HiJackThis. Reboot into safe mode.

Restart your computer and as soon as it starts booting up again continuously tap F8. A menu should come up where you will be given the option to enter Safe Mode.

Please go to Start > Control Panel > Add/Remove Programs and remove the following (if present):

pokerstars and/or pokerstars.net
Ewido Security Suite (This program is not bad but outdated.)


Please note any other programs that you dont recognize in that list in your next response
Reboot.

Please download the Killbox by Option^Explicit.

Note: In the event you already have Killbox, this is a new version that I need you to download.

After that, Reboot.
  • Save it to your desktop.
  • Please double-click Killbox.exe to run it.
  • Select:
    • Delete on Reboot
    • then Click on the All Files button.
  • Please copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):

    C:\WINDOWS\system32\kfvktbmt.dll
    C:\WINDOWS\iun6002.exe
    C:\WINDOWS\system32\txxxmdiv.dll
    C:\WINDOWS\system32\kqxpgeim.dll
    C:\WINDOWS\system32\divekafj.dll
    C:\WINDOWS\system32\drivers\oreans32.sys
    C:\WINDOWS\system32\evndyrze.exe
    C:\WINDOWS\system32\asgp32.dll
    C:\WINDOWS\system32\intr32.dll
    C:\Program Files\pokerstars.net
    C:\Program Files\pokerstars

  • Return to Killbox, go to the File menu, and choose Paste from Clipboard.
  • Click the red-and-white Delete File button. Click Yes at the Delete on Reboot prompt. Click OK at any PendingFileRenameOperations prompt (and please let me know if you receive this message!).
If your computer does not restart automatically, please restart it manually.

If you receive a message such as: "Component 'MsComCtl.ocx' or one of its dependencies not correctly registered: a file is missing or invalid." when trying to run Killbox, click here to download and run missingfilesetup.exe. Then try Killbox again.
  • Please go to <a href="http://virusscan.jotti.org/" target="_blank" rel="nofollow">http://virusscan.jotti.org/</a>
  • Copy and paste the following file path into the "File to upload & scan" box on the top of the page:
    C:\Program.exe
  • Click on the submit button
  • Please post the results and a new Hijackthislog in your next reply.
Thunderbird1988

Edited by Thunderbird1988, 14 February 2007 - 02:00 PM.

  • 0

#8
venomousdarts

venomousdarts

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
hey thunderbird,

before I do this, is it necessary to remove pokerstars?? is it a virus???
  • 0

#9
Thunderbird1988

Thunderbird1988

    Member 2k

  • Member
  • PipPipPipPipPip
  • 2,416 posts
Hello venomousdarts,

Well, its not really a virus. However the reputation of such programs is doubtful. And sometimes, computerowners are not aware they have such programs installed. But now I will leave it up to you to decide to keep it or remove it. But I would recommand you to remove it. If you decide to keep, then please don't copy the last two lines when using Killbox.

Thunderbird1988
  • 0

#10
venomousdarts

venomousdarts

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
cool...I actually installed the pokerstars myself and use it frequently so Ill leave it maybe remove one of them...but thanks for the info...im gonna get on it now...will reply as soon as possible
  • 0

Advertisements


#11
venomousdarts

venomousdarts

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
the file C:\progam.exe mysteriously disappeared by the time I tried to scan it and as a result I got this message from the scan

The file you uploaded is 0 bytes. It is very likely a firewall or a piece of malware is prohibiting you from uploading this file


##############################################

Logfile of HijackThis v1.99.1
Scan saved at 4:25:04 PM, on 2/17/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ACS.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Apache Software Foundation\Apache2.2\bin\httpd.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\WINDOWS\system32\DVDRAMSV.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\MySQL\MySQL Server 5.0\bin\mysqld-nt.exe
C:\Program Files\Apache Software Foundation\Apache2.2\bin\httpd.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ZoneLabs\isafe.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
C:\WINDOWS\system32\TPSMain.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ltmoh\Ltmoh.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\Program Files\Adobe\Adobe Version Cue\ControlPanel\VersionCueTray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\Program Files\CyberLink DVD Solution\Multimedia Launcher\PowerBar.exe
C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Adobe\Adobe Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\Apache Software Foundation\Apache2.2\bin\ApacheMonitor.exe
C:\WINDOWS\system32\RAMASST.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Rainlendar\Rainlendar.exe
C:\HJT\HJT.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 212.66.15.22:80
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Adobe Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Adobe Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Adobe Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
O4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
O4 - HKLM\..\Run: [THotkey] C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [CFSServ.exe] CFSServ.exe -NoClient
O4 - HKLM\..\Run: [AdobeVersionCue] C:\Program Files\Adobe\Adobe Version Cue\ControlPanel\VersionCueTray.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [CloneCDElbyCDFL] "C:\Program Files\Elaborate Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Openwares LiveUpdate] C:\Program Files\LiveUpdate\LiveUpdate.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [{10EB2D25-0B75-1033-0910-040405130001}] "C:\Program Files\Common Files\{10EB2D25-0B75-1033-0910-040405130001}\Update.exe" mc-110-12-0000272
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R
O4 - HKCU\..\Run: [PowerBar] "C:\Program Files\CyberLink DVD Solution\Multimedia Launcher\PowerBar.exe" /AtBootTime
O4 - HKCU\..\Run: [SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
O4 - Startup: Rainlendar.lnk = C:\Program Files\Rainlendar\Rainlendar.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Adobe Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Monitor Apache Servers.lnk = C:\Program Files\Apache Software Foundation\Apache2.2\bin\ApacheMonitor.exe
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\PROGRA~1\DAP\dapextie2.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O11 - Options group: [INTERNATIONAL] International*
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1120073271703
O16 - DPF: {9D190AE6-C81E-4039-8061-978EBAD10073} (F-Secure Online Scanner 3.0) - http://support.f-sec...m/ols/fscax.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zon...ro.cab47946.cab
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zon...ss.cab31267.cab
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\ACS.exe
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AdobeVersionCue - Adobe Sytems - C:\Program Files\Adobe\Adobe Version Cue\service\VersionCue.exe
O23 - Service: Apache2.2 - Unknown owner - C:\Program Files\Apache Software Foundation\Apache2.2\bin\httpd.exe" -k runservice (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: CA ISafe (CAISafe) - Computer Associates International, Inc. - C:\WINDOWS\system32\ZoneLabs\isafe.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: MySQL - Unknown owner - C:\Program.exe (file missing)
O23 - Service: Apache Tomcat (Tomcat5) - Unknown owner - C:\Program Files\Apache Software Foundation\Tomcat 5.0\bin\tomcat5.exe" //RS//Tomcat5 (file missing)
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
  • 0

#12
Thunderbird1988

Thunderbird1988

    Member 2k

  • Member
  • PipPipPipPipPip
  • 2,416 posts
If you haven't done already, please delete Combofix. There has been found a dangerous bug in it.

Please download ATF Cleaner by Atribune.
This program is for XP and Windows 2000 onlyDouble-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.

First download AVG Anti-Spyware from HERE and save that file to your desktop.
This is a 30 day trial of the program
  • Once you have downloaded AVG Anti-Spyware, locate the icon on the desktop and double-click it to launch the set up program.
  • Once the setup is complete you will need run AVG Anti-Spyware and update the definition files.
  • On the main screen select the icon "Update" then select the "Update now" link.
    • Next select the "Start Update" button, the update will start and a progress bar will show the updates being installed.
  • Once the update has completed select the "Scanner" icon at the top of the screen, then select the "Settings" tab.
  • Once in the Settings screen click on "Recommended actions" and then select "Quarantine".
  • Under "Reports"
    • Select "Automatically generate report after every scan"
    • Un-Select "Only if threats were found"
Close AVG Anti-Spyware, Do Not run a scan just yet, we will shortly.

Please re-open HiJackThis and scan. Check the boxes next to all the entries listed below.

O4 - HKLM\..\Run: [{10EB2D25-0B75-1033-0910-040405130001}] "C:\Program Files\Common Files\{10EB2D25-0B75-1033-0910-040405130001}\Update.exe" mc-110-12-0000272


Now close all windows other than HiJackThis, then click Fix Checked. Close HiJackThis. Reboot into safe mode.

Using Windows Explorer (to get there right-click your Start button and go to "Explore"), please delete these folders (if present):

C:\Program Files\Common Files\{10EB2D25-0B75-1033-0910-040405130001}

  • Lauch AVG Anti-Spyware by double-clicking the icon on your desktop.

    IMPORTANT: Do not open any other windows or programs while AVG Anti-Spyware is scanning, it may interfere with the scanning proccess:

  • Select the "Scanner" icon at the top and then the "Scan" tab then click on "Complete System Scan".
  • AVG Anti-Spyware will now begin the scanning process, be patient this may take a little time.
    Once the scan is complete do the following:
  • If you have any infections you will prompted, then select "Apply all actions"
  • Next select the "Reports" icon at the top.
  • Select the "Save report as" button in the lower left hand of the screen and save it to a text file on your system (make sure to remember where you saved that file, this is important).
  • Close AVG Anti-Spyware and reboot your system back into Normal Mode and post the results of the AVG Anti-Spyware report scan and a new Hijackthislog.

  • 0

#13
venomousdarts

venomousdarts

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 11:28:53 PM 2/23/2007

+ Scan result:



C:\System Volume Information\_restore{BB5E3B55-1ACF-4257-8A37-D2EE7A31D62A}\RP400\A0119846.dll -> Adware.MaxSearch : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{BB5E3B55-1ACF-4257-8A37-D2EE7A31D62A}\RP400\A0119796.dll -> Adware.Virtumonde : Cleaned with backup (quarantined).
C:\VundoFix Backups\qomkjii.dll.bad -> Adware.Virtumonde : Cleaned with backup (quarantined).
C:\WINDOWS\ime\smss\schedsvc32.exe -> Backdoor.Iroffer.13b11 : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{BB5E3B55-1ACF-4257-8A37-D2EE7A31D62A}\RP400\A0119797.dll -> Downloader.ConHook.nab : Cleaned with backup (quarantined).
C:\VundoFix Backups\tuvtssq.dll.bad -> Downloader.ConHook.nab : Cleaned with backup (quarantined).
C:\!KillBox\evndyrze.exe -> Downloader.Small : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{BB5E3B55-1ACF-4257-8A37-D2EE7A31D62A}\RP402\A0121341.exe -> Downloader.Small : Cleaned with backup (quarantined).
:mozilla.452:C:\Documents and Settings\Herbert\Application Data\Mozilla\Firefox\Profiles\zkpth3hr.default\cookies.txt -> TrackingCookie.247realmedia : Cleaned.
:mozilla.453:C:\Documents and Settings\Herbert\Application Data\Mozilla\Firefox\Profiles\zkpth3hr.default\cookies.txt -> TrackingCookie.247realmedia : Cleaned.
:mozilla.454:C:\Documents and Settings\Herbert\Application Data\Mozilla\Firefox\Profiles\zkpth3hr.default\cookies.txt -> TrackingCookie.247realmedia : Cleaned.
:mozilla.455:C:\Documents and Settings\Herbert\Application Data\Mozilla\Firefox\Profiles\zkpth3hr.default\cookies.txt -> TrackingCookie.247realmedia : Cleaned.
:mozilla.456:C:\Documents and Settings\Herbert\Application Data\Mozilla\Firefox\Profiles\zkpth3hr.default\cookies.txt -> TrackingCookie.247realmedia : Cleaned.
:mozilla.457:C:\Documents and Settings\Herbert\Application Data\Mozilla\Firefox\Profiles\zkpth3hr.default\cookies.txt -> TrackingCookie.247realmedia : Cleaned.
:mozilla.168:C:\Documents and Settings\Herbert\Application Data\Mozilla\Firefox\Profiles\zkpth3hr.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.169:C:\Documents and Settings\Herbert\Application Data\Mozilla\Firefox\Profiles\zkpth3hr.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.170:C:\Documents and Settings\Herbert\Application Data\Mozilla\Firefox\Profiles\zkpth3hr.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.171:C:\Documents and Settings\Herbert\Application Data\Mozilla\Firefox\Profiles\zkpth3hr.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.172:C:\Documents and Settings\Herbert\Application Data\Mozilla\Firefox\Profiles\zkpth3hr.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.173:C:\Documents and Settings\Herbert\Application Data\Mozilla\Firefox\Profiles\zkpth3hr.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.174:C:\Documents and Settings\Herbert\Application Data\Mozilla\Firefox\Profiles\zkpth3hr.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.175:C:\Documents and Settings\Herbert\Application Data\Mozilla\Firefox\Profiles\zkpth3hr.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.176:C:\Documents and Settings\Herbert\Application Data\Mozilla\Firefox\Profiles\zkpth3hr.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.177:C:\Documents and Settings\Herbert\Application Data\Mozilla\Firefox\Profiles\zkpth3hr.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.178:C:\Documents and Settings\Herbert\Application Data\Mozilla\Firefox\Profiles\zkpth3hr.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.179:C:\Documents and Settings\Herbert\Application Data\Mozilla\Firefox\Profiles\zkpth3hr.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.180:C:\Documents and Settings\Herbert\Application Data\Mozilla\Firefox\Profiles\zkpth3hr.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.181:C:\Documents and Settings\Herbert\Application Data\Mozilla\Firefox\Profiles\zkpth3hr.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.182:C:\Documents and Settings\Herbert\Application Data\Mozilla\Firefox\Profiles\zkpth3hr.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.183:C:\Documents and Settings\Herbert\Application Data\Mozilla\Firefox\Profiles\zkpth3hr.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.184:C:\Documents and Settings\Herbert\Application Data\Mozilla\Firefox\Profiles\zkpth3hr.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.185:C:\Documents and Settings\Herbert\Application Data\Mozilla\Firefox\Profiles\zkpth3hr.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.186:C:\Documents and Settings\Herbert\Application Data\Mozilla\Firefox\Profiles\zkpth3hr.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.187:C:\Documents and Settings\Herbert\Application Data\Mozilla\Firefox\Profiles\zkpth3hr.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.188:C:\Documents and Settings\Herbert\Application Data\Mozilla\Firefox\Profiles\zkpth3hr.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.189:C:\Documents and Settings\Herbert\Application Data\Mozilla\Firefox\Profiles\zkpth3hr.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.190:C:\Documents and Settings\Herbert\Application Data\Mozilla\Firefox\Profiles\zkpth3hr.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.191:C:\Documents and Settings\Herbert\Application Data\Mozilla\Firefox\Profiles\zkpth3hr.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.192:C:\Documents and Settings\Herbert\Application Data\Mozilla\Firefox\Profiles\zkpth3hr.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.193:C:\Documents and Settings\Herbert\Application Data\Mozilla\Firefox\Profiles\zkpth3hr.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.194:C:\Documents and Settings\Herbert\Application Data\Mozilla\Firefox\Profiles\zkpth3hr.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.195:C:\Documents and Settings\Herbert\Application Data\Mozilla\Firefox\Profiles\zkpth3hr.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.196:C:\Documents and Settings\Herbert\Application Data\Mozilla\Firefox\Profiles\zkpth3hr.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.197:C:\Documents and Settings\Herbert\Application Data\Mozilla\Firefox\Profiles\zkpth3hr.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.198:C:\Documents and Settings\Herbert\Application Data\Mozilla\Firefox\Profiles\zkpth3hr.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.199:C:\Documents and Settings\Herbert\Application Data\Mozilla\Firefox\Profiles\zkpth3hr.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.200:C:\Documents and Settings\Herbert\Application Data\Mozilla\Firefox\Profiles\zkpth3hr.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.201:C:\Documents and Settings\Herbert\Application Data\Mozilla\Firefox\Profiles\zkpth3hr.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.202:C:\Documents and Settings\Herbert\Application Data\Mozilla\Firefox\Profiles\zkpth3hr.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.203:C:\Documents and Settings\Herbert\Application Data\Mozilla\Firefox\Profiles\zkpth3hr.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.204:C:\Documents and Settings\Herbert\Application Data\Mozilla\Firefox\Profiles\zkpth3hr.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.205:C:\Documents and Settings\Herbert\Application Data\Mozilla\Firefox\Profiles\zkpth3hr.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.206:C:\Documents and Settings\Herbert\Application Data\Mozilla\Firefox\Profiles\zkpth3hr.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.207:C:\Documents and Settings\Herbert\Application Data\Mozilla\Firefox\Profiles\zkpth3hr.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.208:C:\Documents and Settings\Herbert\Application Data\Mozilla\Firefox\Profiles\zkpth3hr.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.209:C:\Documents and Settings\Herbert\Application Data\Mozilla\Firefox\Profiles\zkpth3hr.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.210:C:\Documents and Settings\Herbert\Application Data\Mozilla\Firefox\Profiles\zkpth3hr.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.211:C:\Documents and Settings\Herbert\Application Data\Mozilla\Firefox\Profiles\zkpth3hr.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.212:C:\Documents and Settings\Herbert\Application Data\Mozilla\Firefox\Profiles\zkpth3hr.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.213:C:\Documents and Settings\Herbert\Application Data\Mozilla\Firefox\Profiles\zkpth3hr.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.214:C:\Documents and Settings\Herbert\Application Data\Mozilla\Firefox\Profiles\zkpth3hr.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.215:C:\Documents and Settings\Herbert\Application Data\Mozilla\Firefox\Profiles\zkpth3hr.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.216:C:\Documents and Settings\Herbert\Application Data\Mozilla\Firefox\Profiles\zkpth3hr.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.217:C:\Documents and Settings\Herbert\Application Data\Mozilla\Firefox\Profiles\zkpth3hr.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.513:C:\Documents and Settings\Herbert\Application Data\Mozilla\Firefox\Profiles\zkpth3hr.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.532:C:\Documents and Settings\Herbert\Application Data\Mozilla\Firefox\Profiles\zkpth3hr.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.631:C:\Documents and Settings\Herbert\Application Data\Mozilla\Firefox\Profiles\zkpth3hr.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.693:C:\Documents and Settings\Herbert\Application Data\Mozilla\Firefox\Profiles\zkpth3hr.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.878:C:\Documents and Settings\Herbert\Application Data\Mozilla\Firefox\Profiles\zkpth3hr.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.147:C:\Documents and Settings\Herbert\Application Data\Mozilla\Firefox\Profiles\zkpth3hr.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.148:C:\Documents and Settings\Herbert\Application Data\Mozilla\Firefox\Profiles\zkpth3hr.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.149:C:\Documents and Settings\Herbert\Application Data\Mozilla\Firefox\Profiles\zkpth3hr.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.339:C:\Documents and Settings\Herbert\Application Data\Mozilla\Firefox\Profiles\zkpth3hr.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.70:C:\Documents and Settings\Herbert\Application Data\Mozilla\Firefox\Profiles\zkpth3hr.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.71:C:\Documents and Settings\Herbert\Application Data\Mozilla\Firefox\Profiles\zkpth3hr.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.72:C:\Documents and Settings\Herbert\Application Data\Mozilla\Firefox\Profiles\zkpth3hr.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.73:C:\Documents and Settings\Herbert\Application Data\Mozilla\Firefox\Profiles\zkpth3hr.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.74:C:\Documents and Settings\Herbert\Application Data\Mozilla\Firefox\Profiles\zkpth3hr.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.76:C:\Documents and Settings\Herbert\Application Data\Mozilla\Firefox\Profiles\zkpth3hr.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.77:C:\Documents and Settings\Herbert\Application Data\Mozilla\Firefox\Profiles\zkpth3hr.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.78:C:\Documents and Settings\Herbert\Application Data\Mozilla\Firefox\Profiles\zkpth3hr.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.79:C:\Documents and Settings\Herbert\Application Data\Mozilla\Firefox\Profiles\zkpth3hr.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.619:C:\Documents and Settings\Herbert\Application Data\Mozilla\Firefox\Profiles\zkpth3hr.default\cookies.txt -> TrackingCookie.Adjuggler : Cleaned.
:mozilla.620:C:\Documents and Settings\Herbert\Application Data\Mozilla\Firefox\Profiles\zkpth3hr.default\cookies.txt -> TrackingCookie.Adjuggler : Cleaned.
:mozilla.428:C:\Documents and Settings\Herbert\Application Data\Mozilla\Firefox\Profiles\zkpth3hr.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.429:C:\Documents and Settings\Herbert\Application Data\Mozilla\Firefox\Profiles\zkpth3hr.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.773:C:\Documents and Settings\Herbert\Application Data\Mozilla\Firefox\Profiles\zkpth3hr.default\cookies.txt -> TrackingCookie.Adtech : Cleaned.
:mozilla.774:C:\Documents and Settings\Herbert\Application Data\Mozilla\Firefox\Profiles\zkpth3hr.default\cookies.txt -> TrackingCookie.Adtech : Cleaned.
:mozilla.441:C:\Documents and Settings\Herbert\Application Data\Mozilla\Firefox\Profiles\zkpth3hr.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.442:C:\Documents and Settings\Herbert\Application Data\Mozilla\Firefox\Profiles\zkpth3hr.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.443:C:\Documents and Settings\Herbert\Application Data\Mozilla\Firefox\Profiles\zkpth3hr.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.444:C:\Documents and Settings\Herbert\Application Data\Mozilla\Firefox\Profiles\zkpth3hr.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.445:C:\Documents and Settings\Herbert\Application Data\Mozilla\Firefox\Profiles\zkpth3hr.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.20:C:\Documents and Settings\Herbert\Application Data\Mozilla\Firefox\Profiles\zkpth3hr.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
:mozilla.632:C:\Documents and Settings\Herbert\Application Data\Mozilla\Firefox\Profiles\zkpth3hr.default\cookies.txt -> TrackingCookie.Bluestreak : Cleaned.
:mozilla.36:C:\Documents and Settings\Herbert\Application Data\Mozilla\Firefox\Profiles\zkpth3hr.default\cookies.txt -> TrackingCookie.Bridgetrack : Cleaned.
:mozilla.37:C:\Documents and Settings\Herbert\Application Data\Mozilla\Firefox\Profiles\zkpth3hr.default\cookies.txt -> TrackingCookie.Bridgetrack : Cleaned.
:mozilla.829:C:\Documents and Settings\Herbert\Application Data\Mozilla\Firefox\Profiles\zkpth3hr.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.459:C:\Documents and Settings\Herbert\Application Data\Mozilla\Firefox\Profiles\zkpth3hr.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.460:C:\Documents and Settings\Herbert\Application Data\Mozilla\Firefox\Profiles\zkpth3hr.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.461:C:\Documents and Settings\Herbert\Application Data\Mozilla\Firefox\Profiles\zkpth3hr.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.462:C:\Documents and Settings\Herbert\Application Data\Mozilla\Firefox\Profiles\zkpth3hr.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.463:C:\Documents and Settings\Herbert\Application Data\Mozilla\Firefox\Profiles\zkpth3hr.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.464:C:\Documents and Settings\Herbert\Application Data\Mozilla\Firefox\Profiles\zkpth3hr.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.465:C:\Documents and Settings\Herbert\Application Data\Mozilla\Firefox\Profiles\zkpth3hr.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.466:C:\Documents and Settings\Herbert\Application Data\Mozilla\Firefox\Profiles\zkpth3hr.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.594:C:\Documents and Settings\Herbert\Application Data\Mozilla\Firefox\Profiles\zkpth3hr.default\cookies.txt -> TrackingCookie.Clickbank : Cleaned.
:mozilla.234:C:\Documents and Settings\Herbert\Application Data\Mozilla\Firefox\Profiles\zkpth3hr.default\cookies.txt -> TrackingCookie.Cpvfeed : Cleaned.
:mozilla.235:C:\Documents and Settings\Herbert\Application Data\Mozilla\Firefox\Profiles\zkpth3hr.default\cookies.txt -> TrackingCookie.Cpvfeed : Cleaned.
:mozilla.236:C:\Documents and Settings\Herbert\Application Data\Mozilla\Firefox\Profiles\zkpth3hr.default\cookies.txt -> TrackingCookie.Cpvfeed : Cleaned.
:mozilla.237:C:\Documents and Settings\Herbert\Application Data\Mozilla\Firefox\Profiles\zkpth3hr.default\cookies.txt -> TrackingCookie.Cpvfeed : Cleaned.
:mozilla.361:C:\Documents and Settings\Herbert\Application Data\Mozilla\Firefox\Profiles\zkpth3hr.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.956:C:\Documents and Settings\Herbert\Application Data\Mozilla\Firefox\Profiles\zkpth3hr.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.75:C:\Documents and Settings\Herbert\Application Data\Mozilla\Firefox\Profiles\zkpth3hr.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.772:C:\Documents and Settings\Herbert\Application Data\Mozilla\Firefox\Profiles\zkpth3hr.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.116:C:\Documents and Settings\Herbert\Application Data\Mozilla\Firefox\Profiles\zkpth3hr.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.117:C:\Documents and Settings\Herbert\Application Data\Mozilla\Firefox\Profiles\zkpth3hr.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.118:C:\Documents and Settings\Herbert\Application Data\Mozilla\Firefox\Profiles\zkpth3hr.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.119:C:\Documents and Settings\Herbert\Application Data\Mozilla\Firefox\Profiles\zkpth3hr.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.120:C:\Documents and Settings\Herbert\Application Data\Mozilla\Firefox\Profiles\zkpth3hr.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.121:C:\Documents and Settings\Herbert\Application Data\Mozilla\Firefox\Profiles\zkpth3hr.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.719:C:\Documents and Settings\Herbert\Application Data\Mozilla\Firefox\Profiles\zkpth3hr.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.868:C:\Documents and Settings\Herbert\Application Data\Mozilla\Firefox\Profiles\zkpth3hr.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.686:C:\Documents and Settings\Herbert\Application Data\Mozilla\Firefox\Profiles\zkpth3hr.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.687:C:\Documents and Settings\Herbert\Application Data\Mozilla\Firefox\Profiles\zkpth3hr.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.688:C:\Documents and Settings\Herbert\Application Data\Mozilla\Firefox\Profiles\zkpth3hr.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.689:C:\Documents and Settings\Herbert\Application Data\Mozilla\Firefox\Profiles\zkpth3hr.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.390:C:\Documents and Settings\Herbert\Application Data\Mozilla\Firefox\Profiles\zkpth3hr.default\cookies.txt -> TrackingCookie.Hitslink : Cleaned.
:mozilla.830:C:\Documents and Settings\Herbert\Application Data\Mozilla\Firefox\Profiles\zkpth3hr.default\cookies.txt -> TrackingCookie.Hotlog : Cleaned.
:mozilla.841:C:\Documents and Settings\Herbert\Application Data\Mozilla\Firefox\Profiles\zkpth3hr.default\cookies.txt -> TrackingCookie.Information : Cleaned.
:mozilla.522:C:\Documents and Settings\Herbert\Application Data\Mozilla\Firefox\Profiles\zkpth3hr.default\cookies.txt -> TrackingCookie.Linksynergy : Cleaned.
:mozilla.523:C:\Documents and Settings\Herbert\Application Data\Mozilla\Firefox\Profiles\zkpth3hr.default\cookies.txt -> TrackingCookie.Linksynergy : Cleaned.
:mozilla.597:C:\Documents and Settings\Herbert\Application Data\Mozilla\Firefox\Profiles\zkpth3hr.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.598:C:\Documents and Settings\Herbert\Application Data\Mozilla\Firefox\Profiles\zkpth3hr.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.599:C:\Documents and Settings\Herbert\Application Data\Mozilla\Firefox\Profiles\zkpth3hr.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.602:C:\Documents and Settings\Herbert\Application Data\Mozilla\Firefox\Profiles\zkpth3hr.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.603:C:\Documents and Settings\Herbert\Application Data\Mozilla\Firefox\Profiles\zkpth3hr.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.604:C:\Documents and Settings\Herbert\Application Data\Mozilla\Firefox\Profiles\zkpth3hr.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.84:C:\Documents and Settings\Herbert\Application Data\Mozilla\Firefox\Profiles\zkpth3hr.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.519:C:\Documents and Settings\Herbert\Application Data\Mozilla\Firefox\Profiles\zkpth3hr.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.520:C:\Documents and Settings\Herbert\Application Data\Mozilla\Firefox\Profiles\zkpth3hr.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.521:C:\Documents and Settings\Herbert\Application Data\Mozilla\Firefox\Profiles\zkpth3hr.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.638:C:\Documents and Settings\Herbert\Application Data\Mozilla\Firefox\Profiles\zkpth3hr.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.485:C:\Documents and Settings\Herbert\Application Data\Mozilla\Firefox\Profiles\zkpth3hr.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.486:C:\Documents and Settings\Herbert\Application Data\Mozilla\Firefox\Profiles\zkpth3hr.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.487:C:\Documents and Settings\Herbert\Application Data\Mozilla\Firefox\Profiles\zkpth3hr.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.577:C:\Documents and Settings\Herbert\Application Data\Mozilla\Firefox\Profiles\zkpth3hr.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.578:C:\Documents and Settings\Herbert\Application Data\Mozilla\Firefox\Profiles\zkpth3hr.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.579:C:\Documents and Settings\Herbert\Application Data\Mozilla\Firefox\Profiles\zkpth3hr.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.580:C:\Documents and Settings\Herbert\Application Data\Mozilla\Firefox\Profiles\zkpth3hr.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.581:C:\Documents and Settings\Herbert\Application Data\Mozilla\Firefox\Profiles\zkpth3hr.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.582:C:\Documents and Settings\Herbert\Application Data\Mozilla\Firefox\Profiles\zkpth3hr.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.583:C:\Documents and Settings\Herbert\Application Data\Mozilla\Firefox\Profiles\zkpth3hr.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.746:C:\Documents and Settings\Herbert\Application Data\Mozilla\Firefox\Profiles\zkpth3hr.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.747:C:\Documents and Settings\Herbert\Application Data\Mozilla\Firefox\Profiles\zkpth3hr.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.748:C:\Documents and Settings\Herbert\Application Data\Mozilla\Firefox\Profiles\zkpth3hr.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.749:C:\Documents and Settings\Herbert\Application Data\Mozilla\Firefox\Profiles\zkpth3hr.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.751:C:\Documents and Settings\Herbert\Application Data\Mozilla\Firefox\Profiles\zkpth3hr.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.752:C:\Documents and Settings\Herbert\Application Data\Mozilla\Firefox\Profiles\zkpth3hr.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.753:C:\Documents and Settings\Herbert\Application Data\Mozilla\Firefox\Profiles\zkpth3hr.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.755:C:\Documents and Settings\Herbert\Application Data\Mozilla\Firefox\Profiles\zkpth3hr.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.839:C:\Documents and Settings\Herbert\Application Data\Mozilla\Firefox\Profiles\zkpth3hr.default\cookies.txt -> TrackingCookie.Revenue : Cleaned.
:mozilla.840:C:\Documents and Settings\Herbert\Application Data\Mozilla\Firefox\Profiles\zkpth3hr.default\cookies.txt -> TrackingCookie.Revenue : Cleaned.
:mozilla.353:C:\Documents and Settings\Herbert\Application Data\Mozilla\Firefox\Profiles\zkpth3hr.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.354:C:\Documents and Settings\Herbert\Application Data\Mozilla\Firefox\Profiles\zkpth3hr.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.355:C:\Documents and Settings\Herbert\Application Data\Mozilla\Firefox\Profiles\zkpth3hr.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.356:C:\Documents and Settings\Herbert\Application Data\Mozilla\Firefox\Profiles\zkpth3hr.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.357:C:\Documents and Settings\Herbert\Application Data\Mozilla\Firefox\Profiles\zkpth3hr.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.358:C:\Documents and Settings\Herbert\Application Data\Mozilla\Firefox\Profiles\zkpth3hr.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.929:C:\Documents and Settings\Herbert\Application Data\Mozilla\Firefox\Profiles\zkpth3hr.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.930:C:\Documents and Settings\Herbert\Application Data\Mozilla\Firefox\Profiles\zkpth3hr.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.831:C:\Documents and Settings\Herbert\Application Data\Mozilla\Firefox\Profiles\zkpth3hr.default\cookies.txt -> TrackingCookie.Spylog : Cleaned.
:mozilla.365:C:\Documents and Settings\Herbert\Application Data\Mozilla\Firefox\Profiles\zkpth3hr.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.366:C:\Documents and Settings\Herbert\Application Data\Mozilla\Firefox\Profiles\zkpth3hr.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.367:C:\Documents and Settings\Herbert\Application Data\Mozilla\Firefox\Profiles\zkpth3hr.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.368:C:\Documents and Settings\Herbert\Application Data\Mozilla\Firefox\Profiles\zkpth3hr.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.369:C:\Documents and Settings\Herbert\Application Data\Mozilla\Firefox\Profiles\zkpth3hr.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.370:C:\Documents and Settings\Herbert\Application Data\Mozilla\Firefox\Profiles\zkpth3hr.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.371:C:\Documents and Settings\Herbert\Application Data\Mozilla\Firefox\Profiles\zkpth3hr.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.372:C:\Documents and Settings\Herbert\Application Data\Mozilla\Firefox\Profiles\zkpth3hr.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.373:C:\Documents and Settings\Herbert\Application Data\Mozilla\Firefox\Profiles\zkpth3hr.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.374:C:\Documents and Settings\Herbert\Application Data\Mozilla\Firefox\Profiles\zkpth3hr.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.375:C:\Documents and Settings\Herbert\Application Data\Mozilla\Firefox\Profiles\zkpth3hr.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.376:C:\Documents and Settings\Herbert\Application Data\Mozilla\Firefox\Profiles\zkpth3hr.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.377:C:\Documents and Settings\Herbert\Application Data\Mozilla\Firefox\Profiles\zkpth3hr.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.501:C:\Documents and Settings\Herbert\Application Data\Mozilla\Firefox\Profiles\zkpth3hr.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.502:C:\Documents and Settings\Herbert\Application Data\Mozilla\Firefox\Profiles\zkpth3hr.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.503:C:\Documents and Settings\Herbert\Application Data\Mozilla\Firefox\Profiles\zkpth3hr.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.240:C:\Documents and Settings\Herbert\Application Data\Mozilla\Firefox\Profiles\zkpth3hr.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.241:C:\Documents and Settings\Herbert\Application Data\Mozilla\Firefox\Profiles\zkpth3hr.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.242:C:\Documents and Settings\Herbert\Application Data\Mozilla\Firefox\Profiles\zkpth3hr.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.243:C:\Documents and Settings\Herbert\Application Data\Mozilla\Firefox\Profiles\zkpth3hr.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.244:C:\Documents and Settings\Herbert\Application Data\Mozilla\Firefox\Profiles\zkpth3hr.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.245:C:\Documents and Settings\Herbert\Application Data\Mozilla\Firefox\Profiles\zkpth3hr.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.246:C:\Documents and Settings\Herbert\Application Data\Mozilla\Firefox\Profiles\zkpth3hr.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.389:C:\Documents and Settings\Herbert\Application Data\Mozilla\Firefox\Profiles\zkpth3hr.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.584:C:\Documents and Settings\Herbert\Application Data\Mozilla\Firefox\Profiles\zkpth3hr.default\cookies.txt -> TrackingCookie.Valuead : Cleaned.
:mozilla.585:C:\Documents and Settings\Herbert\Application Data\Mozilla\Firefox\Profiles\zkpth3hr.default\cookies.txt -> TrackingCookie.Valuead : Cleaned.
:mozilla.586:C:\Documents and Settings\Herbert\Application Data\Mozilla\Firefox\Profiles\zkpth3hr.default\cookies.txt -> TrackingCookie.Valuead : Cleaned.
:mozilla.587:C:\Documents and Settings\Herbert\Application Data\Mozilla\Firefox\Profiles\zkpth3hr.default\cookies.txt -> TrackingCookie.Valuead : Cleaned.
:mozilla.588:C:\Documents and Settings\Herbert\Application Data\Mozilla\Firefox\Profiles\zkpth3hr.default\cookies.txt -> TrackingCookie.Valuead : Cleaned.
:mozilla.589:C:\Documents and Settings\Herbert\Application Data\Mozilla\Firefox\Profiles\zkpth3hr.default\cookies.txt -> TrackingCookie.Valuead : Cleaned.
:mozilla.129:C:\Documents and Settings\Herbert\Application Data\Mozilla\Firefox\Profiles\zkpth3hr.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.130:C:\Documents and Settings\Herbert\Application Data\Mozilla\Firefox\Profiles\zkpth3hr.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.131:C:\Documents and Settings\Herbert\Application Data\Mozilla\Firefox\Profiles\zkpth3hr.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.132:C:\Documents and Settings\Herbert\Application Data\Mozilla\Firefox\Profiles\zkpth3hr.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.133:C:\Documents and Settings\Herbert\Application Data\Mozilla\Firefox\Profiles\zkpth3hr.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.134:C:\Documents and Settings\Herbert\Application Data\Mozilla\Firefox\Profiles\zkpth3hr.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.572:C:\Documents and Settings\Herbert\Application Data\Mozilla\Firefox\Profiles\zkpth3hr.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.573:C:\Documents and Settings\Herbert\Application Data\Mozilla\Firefox\Profiles\zkpth3hr.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.574:C:\Documents and Settings\Herbert\Application Data\Mozilla\Firefox\Profiles\zkpth3hr.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
C:\!KillBox\intr32.dll -> Trojan.AntiSpySoldier.a : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{BB5E3B55-1ACF-4257-8A37-D2EE7A31D62A}\RP402\A0121343.dll -> Trojan.AntiSpySoldier.a : Cleaned with backup (quarantined).


::Report end

####################################################################


Logfile of HijackThis v1.99.1
Scan saved at 11:39:35 PM, on 2/23/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ACS.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Apache Software Foundation\Apache2.2\bin\httpd.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files\Apache Software Foundation\Apache2.2\bin\httpd.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\WINDOWS\system32\DVDRAMSV.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\MySQL\MySQL Server 5.0\bin\mysqld-nt.exe
C:\WINDOWS\system32\ZoneLabs\isafe.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
C:\WINDOWS\system32\TPSMain.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ltmoh\Ltmoh.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Adobe\Adobe Version Cue\ControlPanel\VersionCueTray.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\Program Files\CyberLink DVD Solution\Multimedia Launcher\PowerBar.exe
C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Adobe\Adobe Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\Apache Software Foundation\Apache2.2\bin\ApacheMonitor.exe
C:\WINDOWS\system32\RAMASST.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Rainlendar\Rainlendar.exe
C:\HJT\HJT.exe
C:\Program Files\Mozilla Firefox\firefox.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 212.66.15.22:80
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Adobe Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Adobe Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Adobe Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
O4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
O4 - HKLM\..\Run: [THotkey] C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [CFSServ.exe] CFSServ.exe -NoClient
O4 - HKLM\..\Run: [AdobeVersionCue] C:\Program Files\Adobe\Adobe Version Cue\ControlPanel\VersionCueTray.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [CloneCDElbyCDFL] "C:\Program Files\Elaborate Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Openwares LiveUpdate] C:\Program Files\LiveUpdate\LiveUpdate.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R
O4 - HKCU\..\Run: [PowerBar] "C:\Program Files\CyberLink DVD Solution\Multimedia Launcher\PowerBar.exe" /AtBootTime
O4 - HKCU\..\Run: [SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
O4 - Startup: Rainlendar.lnk = C:\Program Files\Rainlendar\Rainlendar.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Adobe Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Monitor Apache Servers.lnk = C:\Program Files\Apache Software Foundation\Apache2.2\bin\ApacheMonitor.exe
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\PROGRA~1\DAP\dapextie2.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O11 - Options group: [INTERNATIONAL] International*
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1120073271703
O16 - DPF: {9D190AE6-C81E-4039-8061-978EBAD10073} (F-Secure Online Scanner 3.0) - http://support.f-sec...m/ols/fscax.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zon...ro.cab47946.cab
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zon...ss.cab31267.cab
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\ACS.exe
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AdobeVersionCue - Adobe Sytems - C:\Program Files\Adobe\Adobe Version Cue\service\VersionCue.exe
O23 - Service: Apache2.2 - Unknown owner - C:\Program Files\Apache Software Foundation\Apache2.2\bin\httpd.exe" -k runservice (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: CA ISafe (CAISafe) - Computer Associates International, Inc. - C:\WINDOWS\system32\ZoneLabs\isafe.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: MySQL - Unknown owner - C:\Program.exe (file missing)
O23 - Service: Apache Tomcat (Tomcat5) - Unknown owner - C:\Program Files\Apache Software Foundation\Tomcat 5.0\bin\tomcat5.exe" //RS//Tomcat5 (file missing)
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
  • 0

#14
Thunderbird1988

Thunderbird1988

    Member 2k

  • Member
  • PipPipPipPipPip
  • 2,416 posts
Hello Venomousdarts,

Please remove Combofix if you haven't done already, a dangerous bug has been found in it.

Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version of Java components and upgrade the application. Beware it is NOT supported for use in 9x or ME and probably will not install in those systems

Ugrading Java:
  • Download the latest version of Java Runtime Environment (JRE) 6.
  • Scroll down to where it says "The J2SE Runtime Environment (JRE) allows end-users to run Java applications".
  • Click the "Download" button to the right.
  • Check the box that says: "Accept License Agreement".
  • The page will refresh.
  • Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel, double-click on Add/Remove programs and remove all older versions of Java.
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java version.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on the download to install the newest version.
After you have installed the new version, please post a new Hijackthislog and tell me how your system is running.

Thunderbird1988
  • 0

#15
venomousdarts

venomousdarts

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
It is a lot better in terms of speed...I ran a couple of virus scans and zonealarm keeps on finding viruses everytime...This leads me to believe that there might be a virus that keeps installing more viruses...do you know any way of finding a virus installer? Heres the log


Logfile of HijackThis v1.99.1
Scan saved at 3:26:37 PM, on 3/5/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ACS.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\WINDOWS\system32\DVDRAMSV.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\ZoneLabs\isafe.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
C:\WINDOWS\system32\TPSMain.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ltmoh\Ltmoh.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Adobe\Adobe Version Cue\ControlPanel\VersionCueTray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Java\jre1.6.0\bin\jusched.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\Program Files\CyberLink DVD Solution\Multimedia Launcher\PowerBar.exe
C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Adobe\Adobe Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\Apache Software Foundation\Apache2.2\bin\ApacheMonitor.exe
C:\WINDOWS\system32\RAMASST.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Rainlendar\Rainlendar.exe
C:\HJT\HJT.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 212.66.15.22:80
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Adobe Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Adobe Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Adobe Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
O4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
O4 - HKLM\..\Run: [THotkey] C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [CFSServ.exe] CFSServ.exe -NoClient
O4 - HKLM\..\Run: [AdobeVersionCue] C:\Program Files\Adobe\Adobe Version Cue\ControlPanel\VersionCueTray.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [CloneCDElbyCDFL] "C:\Program Files\Elaborate Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Openwares LiveUpdate] C:\Program Files\LiveUpdate\LiveUpdate.exe
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R
O4 - HKCU\..\Run: [PowerBar] "C:\Program Files\CyberLink DVD Solution\Multimedia Launcher\PowerBar.exe" /AtBootTime
O4 - HKCU\..\Run: [SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
O4 - Startup: Rainlendar.lnk = C:\Program Files\Rainlendar\Rainlendar.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Adobe Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Monitor Apache Servers.lnk = C:\Program Files\Apache Software Foundation\Apache2.2\bin\ApacheMonitor.exe
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\PROGRA~1\DAP\dapextie2.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O11 - Options group: [INTERNATIONAL] International*
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1120073271703
O16 - DPF: {9D190AE6-C81E-4039-8061-978EBAD10073} (F-Secure Online Scanner 3.0) - http://support.f-sec...m/ols/fscax.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zon...ro.cab47946.cab
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zon...ss.cab31267.cab
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\ACS.exe
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AdobeVersionCue - Adobe Sytems - C:\Program Files\Adobe\Adobe Version Cue\service\VersionCue.exe
O23 - Service: Apache2.2 - Unknown owner - C:\Program Files\Apache Software Foundation\Apache2.2\bin\httpd.exe" -k runservice (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: CA ISafe (CAISafe) - Computer Associates International, Inc. - C:\WINDOWS\system32\ZoneLabs\isafe.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: MySQL - Unknown owner - C:\Program.exe (file missing)
O23 - Service: Apache Tomcat (Tomcat5) - Unknown owner - C:\Program Files\Apache Software Foundation\Tomcat 5.0\bin\tomcat5.exe" //RS//Tomcat5 (file missing)
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP