Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

virtumonde, .dll problems [RESOLVED]


  • This topic is locked This topic is locked

#1
trouter

trouter

    Member

  • Member
  • PipPip
  • 22 posts
Hello,

Thought I might as well join the list here. Despite many scans and "fixes" with different programs (Spybot, Ad-awareSE, VundoFix, AVG, Spysweeper, SUPERAntispyware), I'm still getting some .dll files, IE popups,etc. that start up anew with a reboot. The computer runs faster after the scans, but Security task manager and Spysweeper still come up with the malicious-looking files.

Also - MS Money keeps wanting to install; the one time I let it, it couldn't.

anyway, thanks tons for your effort.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:55:37 PM, on 1/15/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\System32\CTsvcCDA.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\MsPMSPSv.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware .exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI .exe
C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposol08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Trevan\Desktop\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://news.bbc.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
F3 - REG:win.ini: load=C:\WINDOWS\system32\jkhhf.exe
F2 - REG:system.ini: UserInit=userinit.exe
N4 - Mozilla: user_pref("browser.startup.homepage", "http://www.google.com/"); (C:\Documents and Settings\TREVAN\Application Data\Mozilla\Profiles\default\8gfaju0c.slt\prefs.js)
N4 - Mozilla: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\TREVAN\Application Data\Mozilla\Profiles\default\8gfaju0c.slt\prefs.js)
O3 - Toolbar: Search - {EDC4BD66-0CD5-A8F9-D977-C996B6E74CD7} - C:\WINDOWS\Vwryxqbr.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [VirusScan Online] c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [a8f6cbb9] "rundll32.exe" "C:\WINDOWS\system32\htvowowq.dll",b
O4 - HKLM\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe /startintray
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1
O4 - HKCU\..\Run: [SpybotSD TeaTimer] "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] "C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe"
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
O4 - Global Startup: officejet 6100.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: ComcastHSI - {669B269B-0D4E-41FB-A3D8-FD67CA94F646} - http://www.comcast.net/ (file missing)
O9 - Extra button: Support - {8828075D-D097-4055-AA02-2DBFA9D85E8A} - http://www.comcastsupport.com/ (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Help - {97809617-3937-4F84-B335-9BB05EF1A8D4} - http://online.comcast.net/help/ (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www2.snapfish...fishActivia.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcaf...84/mcinsctl.cab
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://www.nick.com/.../GrooveAX27.cab
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.c.../cpcScanner.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcaf...,21/mcgdmgr.cab
O16 - DPF: {FE5B9F54-7764-4C01-89F0-4862601EE954} (DigWebHelper Class) - http://photos.msn.co....cab?10,0,910,0
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\SYSTEM32\ati2sgag.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Mcafee.com Corporation - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: Intel® NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

--
End of file - 8765 bytes


I tried to include the Hijack This uninstall list, but the program closes when I push the Save list... button.
  • 0

Advertisements


#2
Cookiegal

Cookiegal

    Visiting Consultant

  • Visiting Consultant
  • 887 posts
Hi and welcome to Geeks to Go!

Please close/disable all anti-virus and anti-malware programs so they do not interfere with the running of ComboFix and make sure you are disconnected from the Internet after downloading the program and before scanning.

  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix and remove some of its embedded files which may cause "unpredictable results".
  • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
  • Remember to re-enable the protection again afterwards before connecting to the Internet.

Download ComboFix and save it to your desktop.

**Note: In the event you already have ComboFix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

Close any open browsers and make sure you are disconnected from the net. Unplug the cable if need be before running ComboFix.
  • WARNING: IF you have not already done so ComboFix will disconnect your machine from the Internet when it starts.
  • Please do not re-connect your machine back to the Internet until ComboFix has completely finished.
  • If there is no Internet connection when Combofix has completely finished then restart your computer to restore the connection.

Double-click on combofix.exe and follow the prompts. When finished, it will produce a report for you. Please post the "C:\ComboFix.txt" along with a new HijackThis log for further review.

**Note: Do not mouseclick comboFix's window while it's running. That may cause it to stall**
  • 0

#3
trouter

trouter

    Member

  • Topic Starter
  • Member
  • PipPip
  • 22 posts
Thanks for your reply! I hope your evening is going well.
I tried to attach the combofix file since it's rather large (lots of temp files), but it seemed to take too long, so I'll just post the horribly long list.

ComboFix 08-01-17.3 - Trevan 2008-01-16 17:32:12.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.470 [GMT -8:00]
Running from: C:\Documents and Settings\Trevan\Desktop\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Teresa\Application Data\SpamBlockerUtility_Icons
C:\Documents and Settings\Teresa\Application Data\SpamBlockerUtility_Icons\Repair+System+Registry.ico
C:\Documents and Settings\Teresa\Application Data\SpamBlockerUtility_Icons\Software_Online_8.ico
C:\Documents and Settings\Teresa\Application Data\SpamBlockerUtility_Icons\wallpapere1.ico
C:\Documents and Settings\Teresa\Desktop\Free PC Wallpapers.lnk
C:\Documents and Settings\Trevan\Application Data\SpamBlockerUtility_Icons
C:\Documents and Settings\Trevan\Application Data\SpamBlockerUtility_Icons\Repair+System+Registry.ico
C:\Documents and Settings\Trevan\Application Data\SpamBlockerUtility_Icons\Software_Online_8.ico
C:\pos10.tmp
C:\pos100.tmp
C:\pos101.tmp
C:\pos102.tmp
C:\pos103.tmp
C:\pos104.tmp
C:\pos105.tmp
C:\pos106.tmp
C:\pos107.tmp
C:\pos108.tmp
C:\pos109.tmp
C:\pos10A.tmp
C:\pos10B.tmp
C:\pos10C.tmp
C:\pos10D.tmp
C:\pos10E.tmp
C:\pos10F.tmp
C:\pos11.tmp
C:\pos110.tmp
C:\pos111.tmp
C:\pos112.tmp
C:\pos113.tmp
C:\pos114.tmp
C:\pos115.tmp
C:\pos116.tmp
C:\pos117.tmp
C:\pos118.tmp
C:\pos119.tmp
C:\pos11A.tmp
C:\pos11B.tmp
C:\pos11C.tmp
C:\pos11D.tmp
C:\pos11E.tmp
C:\pos11F.tmp
C:\pos12.tmp
C:\pos120.tmp
C:\pos121.tmp
C:\pos122.tmp
C:\pos123.tmp
C:\pos124.tmp
C:\pos125.tmp
C:\pos126.tmp
C:\pos127.tmp
C:\pos128.tmp
C:\pos129.tmp
C:\pos12A.tmp
C:\pos12B.tmp
C:\pos12C.tmp
C:\pos12D.tmp
C:\pos12E.tmp
C:\pos12F.tmp
C:\pos13.tmp
C:\pos130.tmp
C:\pos131.tmp
C:\pos132.tmp
C:\pos133.tmp
C:\pos134.tmp
C:\pos135.tmp
C:\pos136.tmp
C:\pos137.tmp
C:\pos138.tmp
C:\pos139.tmp
C:\pos13A.tmp
C:\pos13B.tmp
C:\pos13C.tmp
C:\pos13D.tmp
C:\pos13E.tmp
C:\pos13F.tmp
C:\pos14.tmp
C:\pos140.tmp
C:\pos141.tmp
C:\pos142.tmp
C:\pos143.tmp
C:\pos144.tmp
C:\pos145.tmp
C:\pos146.tmp
C:\pos147.tmp
C:\pos148.tmp
C:\pos149.tmp
C:\pos14A.tmp
C:\pos14B.tmp
C:\pos14C.tmp
C:\pos14D.tmp
C:\pos14E.tmp
C:\pos14F.tmp
C:\pos15.tmp
C:\pos150.tmp
C:\pos151.tmp
C:\pos152.tmp
C:\pos153.tmp
C:\pos154.tmp
C:\pos155.tmp
C:\pos156.tmp
C:\pos157.tmp
C:\pos158.tmp
C:\pos159.tmp
C:\pos15A.tmp
C:\pos15B.tmp
C:\pos15C.tmp
C:\pos15D.tmp
C:\pos15E.tmp
C:\pos15F.tmp
C:\pos16.tmp
C:\pos160.tmp
C:\pos161.tmp
C:\pos162.tmp
C:\pos163.tmp
C:\pos164.tmp
C:\pos165.tmp
C:\pos166.tmp
C:\pos167.tmp
C:\pos168.tmp
C:\pos169.tmp
C:\pos16A.tmp
C:\pos16B.tmp
C:\pos16C.tmp
C:\pos16D.tmp
C:\pos16E.tmp
C:\pos16F.tmp
C:\pos17.tmp
C:\pos170.tmp
C:\pos171.tmp
C:\pos172.tmp
C:\pos173.tmp
C:\pos174.tmp
C:\pos175.tmp
C:\pos176.tmp
C:\pos177.tmp
C:\pos178.tmp
C:\pos179.tmp
C:\pos17A.tmp
C:\pos17B.tmp
C:\pos17C.tmp
C:\pos17D.tmp
C:\pos17E.tmp
C:\pos17F.tmp
C:\pos18.tmp
C:\pos180.tmp
C:\pos181.tmp
C:\pos182.tmp
C:\pos183.tmp
C:\pos184.tmp
C:\pos185.tmp
C:\pos186.tmp
C:\pos187.tmp
C:\pos188.tmp
C:\pos189.tmp
C:\pos18A.tmp
C:\pos18B.tmp
C:\pos18C.tmp
C:\pos18D.tmp
C:\pos18E.tmp
C:\pos18F.tmp
C:\pos19.tmp
C:\pos190.tmp
C:\pos191.tmp
C:\pos192.tmp
C:\pos193.tmp
C:\pos194.tmp
C:\pos195.tmp
C:\pos196.tmp
C:\pos197.tmp
C:\pos198.tmp
C:\pos199.tmp
C:\pos19A.tmp
C:\pos19B.tmp
C:\pos19C.tmp
C:\pos19D.tmp
C:\pos19E.tmp
C:\pos19F.tmp
C:\pos1A.tmp
C:\pos1A0.tmp
C:\pos1A1.tmp
C:\pos1A2.tmp
C:\pos1A3.tmp
C:\pos1A4.tmp
C:\pos1A5.tmp
C:\pos1A6.tmp
C:\pos1A7.tmp
C:\pos1A8.tmp
C:\pos1A9.tmp
C:\pos1AA.tmp
C:\pos1AB.tmp
C:\pos1AC.tmp
C:\pos1AD.tmp
C:\pos1AE.tmp
C:\pos1AF.tmp
C:\pos1B.tmp
C:\pos1B0.tmp
C:\pos1B1.tmp
C:\pos1B2.tmp
C:\pos1B3.tmp
C:\pos1B4.tmp
C:\pos1B5.tmp
C:\pos1B6.tmp
C:\pos1B7.tmp
C:\pos1B8.tmp
C:\pos1B9.tmp
C:\pos1BA.tmp
C:\pos1BB.tmp
C:\pos1BC.tmp
C:\pos1BD.tmp
C:\pos1BE.tmp
C:\pos1BF.tmp
C:\pos1C.tmp
C:\pos1C0.tmp
C:\pos1C1.tmp
C:\pos1C2.tmp
C:\pos1C3.tmp
C:\pos1C4.tmp
C:\pos1C5.tmp
C:\pos1C6.tmp
C:\pos1C7.tmp
C:\pos1C8.tmp
C:\pos1C9.tmp
C:\pos1CA.tmp
C:\pos1CB.tmp
C:\pos1CC.tmp
C:\pos1CD.tmp
C:\pos1CE.tmp
C:\pos1CF.tmp
C:\pos1D.tmp
C:\pos1D0.tmp
C:\pos1D1.tmp
C:\pos1D2.tmp
C:\pos1D3.tmp
C:\pos1D4.tmp
C:\pos1D5.tmp
C:\pos1D6.tmp
C:\pos1D7.tmp
C:\pos1D8.tmp
C:\pos1D9.tmp
C:\pos1DA.tmp
C:\pos1DB.tmp
C:\pos1DC.tmp
C:\pos1DD.tmp
C:\pos1DE.tmp
C:\pos1DF.tmp
C:\pos1E.tmp
C:\pos1E0.tmp
C:\pos1E1.tmp
C:\pos1E2.tmp
C:\pos1E3.tmp
C:\pos1E4.tmp
C:\pos1E5.tmp
C:\pos1E6.tmp
C:\pos1E7.tmp
C:\pos1E8.tmp
C:\pos1E9.tmp
C:\pos1EA.tmp
C:\pos1EB.tmp
C:\pos1EC.tmp
C:\pos1ED.tmp
C:\pos1EE.tmp
C:\pos1EF.tmp
C:\pos1F.tmp
C:\pos1F0.tmp
C:\pos1F1.tmp
C:\pos1F2.tmp
C:\pos1F3.tmp
C:\pos1F4.tmp
C:\pos1F5.tmp
C:\pos1F6.tmp
C:\pos1F7.tmp
C:\pos1F8.tmp
C:\pos1F9.tmp
C:\pos1FA.tmp
C:\pos1FB.tmp
C:\pos1FC.tmp
C:\pos1FD.tmp
C:\pos1FE.tmp
C:\pos1FF.tmp
C:\pos2.tmp
C:\pos20.tmp
C:\pos200.tmp
C:\pos201.tmp
C:\pos202.tmp
C:\pos203.tmp
C:\pos204.tmp
C:\pos205.tmp
C:\pos206.tmp
C:\pos207.tmp
C:\pos208.tmp
C:\pos209.tmp
C:\pos20A.tmp
C:\pos20B.tmp
C:\pos20C.tmp
C:\pos20D.tmp
C:\pos20F.tmp
C:\pos21.tmp
C:\pos210.tmp
C:\pos211.tmp
C:\pos212.tmp
C:\pos213.tmp
C:\pos214.tmp
C:\pos215.tmp
C:\pos216.tmp
C:\pos217.tmp
C:\pos218.tmp
C:\pos219.tmp
C:\pos21A.tmp
C:\pos21B.tmp
C:\pos21C.tmp
C:\pos21D.tmp
C:\pos21E.tmp
C:\pos21F.tmp
C:\pos22.tmp
C:\pos220.tmp
C:\pos221.tmp
C:\pos222.tmp
C:\pos223.tmp
C:\pos224.tmp
C:\pos225.tmp
C:\pos226.tmp
C:\pos227.tmp
C:\pos228.tmp
C:\pos229.tmp
C:\pos22A.tmp
C:\pos22B.tmp
C:\pos22C.tmp
C:\pos22D.tmp
C:\pos22E.tmp
C:\pos22F.tmp
C:\pos23.tmp
C:\pos230.tmp
C:\pos231.tmp
C:\pos232.tmp
C:\pos233.tmp
C:\pos234.tmp
C:\pos235.tmp
C:\pos236.tmp
C:\pos237.tmp
C:\pos238.tmp
C:\pos239.tmp
C:\pos23A.tmp
C:\pos23B.tmp
C:\pos23C.tmp
C:\pos23D.tmp
C:\pos23E.tmp
C:\pos23F.tmp
C:\pos24.tmp
C:\pos240.tmp
C:\pos241.tmp
C:\pos242.tmp
C:\pos243.tmp
C:\pos244.tmp
C:\pos245.tmp
C:\pos246.tmp
C:\pos247.tmp
C:\pos248.tmp
C:\pos249.tmp
C:\pos24A.tmp
C:\pos24B.tmp
C:\pos24C.tmp
C:\pos24D.tmp
C:\pos24E.tmp
C:\pos24F.tmp
C:\pos25.tmp
C:\pos250.tmp
C:\pos251.tmp
C:\pos252.tmp
C:\pos253.tmp
C:\pos254.tmp
C:\pos255.tmp
C:\pos256.tmp
C:\pos257.tmp
C:\pos258.tmp
C:\pos259.tmp
C:\pos25A.tmp
C:\pos25B.tmp
C:\pos25C.tmp
C:\pos25D.tmp
C:\pos25E.tmp
C:\pos25F.tmp
C:\pos26.tmp
C:\pos260.tmp
C:\pos261.tmp
C:\pos262.tmp
C:\pos263.tmp
C:\pos264.tmp
C:\pos265.tmp
C:\pos266.tmp
C:\pos267.tmp
C:\pos268.tmp
C:\pos269.tmp
C:\pos26A.tmp
C:\pos26B.tmp
C:\pos26C.tmp
C:\pos26D.tmp
C:\pos26E.tmp
C:\pos26F.tmp
C:\pos27.tmp
C:\pos270.tmp
C:\pos271.tmp
C:\pos272.tmp
C:\pos273.tmp
C:\pos274.tmp
C:\pos275.tmp
C:\pos276.tmp
C:\pos277.tmp
C:\pos278.tmp
C:\pos279.tmp
C:\pos27A.tmp
C:\pos27B.tmp
C:\pos27C.tmp
C:\pos27D.tmp
C:\pos27E.tmp
C:\pos27F.tmp
C:\pos28.tmp
C:\pos280.tmp
C:\pos281.tmp
C:\pos282.tmp
C:\pos283.tmp
C:\pos284.tmp
C:\pos285.tmp
C:\pos286.tmp
C:\pos287.tmp
C:\pos288.tmp
C:\pos289.tmp
C:\pos28A.tmp
C:\pos28B.tmp
C:\pos28C.tmp
C:\pos28D.tmp
C:\pos28E.tmp
C:\pos28F.tmp
C:\pos29.tmp
C:\pos290.tmp
C:\pos291.tmp
C:\pos292.tmp
C:\pos293.tmp
C:\pos294.tmp
C:\pos295.tmp
C:\pos296.tmp
C:\pos297.tmp
C:\pos298.tmp
C:\pos299.tmp
C:\pos29A.tmp
C:\pos29B.tmp
C:\pos29C.tmp
C:\pos29D.tmp
C:\pos29E.tmp
C:\pos29F.tmp
C:\pos2A.tmp
C:\pos2A0.tmp
C:\pos2A1.tmp
C:\pos2A2.tmp
C:\pos2A3.tmp
C:\pos2A4.tmp
C:\pos2A5.tmp
C:\pos2A6.tmp
C:\pos2A7.tmp
C:\pos2A8.tmp
C:\pos2A9.tmp
C:\pos2AA.tmp
C:\pos2AB.tmp
C:\pos2AC.tmp
C:\pos2AD.tmp
C:\pos2AE.tmp
C:\pos2AF.tmp
C:\pos2B.tmp
C:\pos2B0.tmp
C:\pos2B1.tmp
C:\pos2B2.tmp
C:\pos2B3.tmp
C:\pos2B4.tmp
C:\pos2B5.tmp
C:\pos2B6.tmp
C:\pos2B7.tmp
C:\pos2B8.tmp
C:\pos2B9.tmp
C:\pos2BA.tmp
C:\pos2BB.tmp
C:\pos2BC.tmp
C:\pos2BD.tmp
C:\pos2BE.tmp
C:\pos2BF.tmp
C:\pos2C.tmp
C:\pos2C0.tmp
C:\pos2C1.tmp
C:\pos2C2.tmp
C:\pos2C3.tmp
C:\pos2C4.tmp
C:\pos2C5.tmp
C:\pos2C6.tmp
C:\pos2C7.tmp
C:\pos2C8.tmp
C:\pos2C9.tmp
C:\pos2CA.tmp
C:\pos2CB.tmp
C:\pos2CC.tmp
C:\pos2CD.tmp
C:\pos2CE.tmp
C:\pos2CF.tmp
C:\pos2D.tmp
C:\pos2D0.tmp
C:\pos2D1.tmp
C:\pos2D2.tmp
C:\pos2D3.tmp
C:\pos2D4.tmp
C:\pos2D5.tmp
C:\pos2D6.tmp
C:\pos2D7.tmp
C:\pos2D8.tmp
C:\pos2D9.tmp
C:\pos2DA.tmp
C:\pos2DB.tmp
C:\pos2DC.tmp
C:\pos2DD.tmp
C:\pos2DE.tmp
C:\pos2DF.tmp
C:\pos2E.tmp
C:\pos2E0.tmp
C:\pos2E1.tmp
C:\pos2E2.tmp
C:\pos2E3.tmp
C:\pos2E4.tmp
C:\pos2E5.tmp
C:\pos2E6.tmp
C:\pos2E7.tmp
C:\pos2E8.tmp
C:\pos2E9.tmp
C:\pos2EA.tmp
C:\pos2EB.tmp
C:\pos2EC.tmp
C:\pos2ED.tmp
C:\pos2EE.tmp
C:\pos2EF.tmp
C:\pos2F.tmp
C:\pos2F0.tmp
C:\pos2F1.tmp
C:\pos2F2.tmp
C:\pos2F3.tmp
C:\pos2F4.tmp
C:\pos2F5.tmp
C:\pos2F6.tmp
C:\pos2F7.tmp
C:\pos2F8.tmp
C:\pos2F9.tmp
C:\pos2FA.tmp
C:\pos2FB.tmp
C:\pos2FC.tmp
C:\pos2FD.tmp
C:\pos2FE.tmp
C:\pos2FF.tmp
C:\pos3.tmp
C:\pos30.tmp
C:\pos300.tmp
C:\pos301.tmp
C:\pos302.tmp
C:\pos303.tmp
C:\pos304.tmp
C:\pos305.tmp
C:\pos306.tmp
C:\pos307.tmp
C:\pos308.tmp
C:\pos309.tmp
C:\pos30A.tmp
C:\pos30B.tmp
C:\pos30C.tmp
C:\pos30D.tmp
C:\pos30E.tmp
C:\pos30F.tmp
C:\pos31.tmp
C:\pos310.tmp
C:\pos311.tmp
C:\pos312.tmp
C:\pos313.tmp
C:\pos314.tmp
C:\pos315.tmp
C:\pos316.tmp
C:\pos317.tmp
C:\pos318.tmp
C:\pos319.tmp
C:\pos31A.tmp
C:\pos31B.tmp
C:\pos31C.tmp
C:\pos31D.tmp
C:\pos31E.tmp
C:\pos31F.tmp
C:\pos32.tmp
C:\pos320.tmp
C:\pos321.tmp
C:\pos322.tmp
C:\pos323.tmp
C:\pos324.tmp
C:\pos325.tmp
C:\pos326.tmp
C:\pos327.tmp
C:\pos328.tmp
C:\pos329.tmp
C:\pos32A.tmp
C:\pos32B.tmp
C:\pos32C.tmp
C:\pos32D.tmp
C:\pos32E.tmp
C:\pos32F.tmp
C:\pos33.tmp
C:\pos330.tmp
C:\pos331.tmp
C:\pos332.tmp
C:\pos333.tmp
C:\pos334.tmp
C:\pos335.tmp
C:\pos336.tmp
C:\pos337.tmp
C:\pos338.tmp
C:\pos339.tmp
C:\pos33A.tmp
C:\pos33B.tmp
C:\pos33C.tmp
C:\pos33D.tmp
C:\pos33E.tmp
C:\pos33F.tmp
C:\pos34.tmp
C:\pos340.tmp
C:\pos341.tmp
C:\pos342.tmp
C:\pos343.tmp
C:\pos344.tmp
C:\pos345.tmp
C:\pos346.tmp
C:\pos347.tmp
C:\pos348.tmp
C:\pos349.tmp
C:\pos34A.tmp
C:\pos34B.tmp
C:\pos34C.tmp
C:\pos34D.tmp
C:\pos34E.tmp
C:\pos34F.tmp
C:\pos35.tmp
C:\pos350.tmp
C:\pos351.tmp
C:\pos352.tmp
C:\pos353.tmp
C:\pos354.tmp
C:\pos355.tmp
C:\pos356.tmp
C:\pos357.tmp
C:\pos358.tmp
C:\pos359.tmp
C:\pos35A.tmp
C:\pos35B.tmp
C:\pos35C.tmp
C:\pos35D.tmp
C:\pos35E.tmp
C:\pos35F.tmp
C:\pos36.tmp
C:\pos360.tmp
C:\pos361.tmp
C:\pos362.tmp
C:\pos363.tmp
C:\pos364.tmp
C:\pos365.tmp
C:\pos366.tmp
C:\pos367.tmp
C:\pos368.tmp
C:\pos369.tmp
C:\pos36A.tmp
C:\pos36B.tmp
C:\pos36C.tmp
C:\pos36D.tmp
C:\pos36E.tmp
C:\pos36F.tmp
C:\pos37.tmp
C:\pos370.tmp
C:\pos371.tmp
C:\pos372.tmp
C:\pos373.tmp
C:\pos374.tmp
C:\pos375.tmp
C:\pos376.tmp
C:\pos377.tmp
C:\pos378.tmp
C:\pos379.tmp
C:\pos37A.tmp
C:\pos37B.tmp
C:\pos37C.tmp
C:\pos37D.tmp
C:\pos37E.tmp
C:\pos37F.tmp
C:\pos38.tmp
C:\pos380.tmp
C:\pos381.tmp
C:\pos382.tmp
C:\pos383.tmp
C:\pos384.tmp
C:\pos385.tmp
C:\pos386.tmp
C:\pos387.tmp
C:\pos388.tmp
C:\pos389.tmp
C:\pos38A.tmp
C:\pos38B.tmp
C:\pos38C.tmp
C:\pos38D.tmp
C:\pos38E.tmp
C:\pos38F.tmp
C:\pos39.tmp
C:\pos390.tmp
C:\pos391.tmp
C:\pos392.tmp
C:\pos393.tmp
C:\pos394.tmp
C:\pos395.tmp
C:\pos396.tmp
C:\pos397.tmp
C:\pos398.tmp
C:\pos399.tmp
C:\pos39A.tmp
C:\pos39B.tmp
C:\pos39C.tmp
C:\pos39D.tmp
C:\pos39E.tmp
C:\pos39F.tmp
C:\pos3A.tmp
C:\pos3A0.tmp
C:\pos3A1.tmp
C:\pos3A2.tmp
C:\pos3A3.tmp
C:\pos3A4.tmp
C:\pos3A5.tmp
C:\pos3A6.tmp
C:\pos3A7.tmp
C:\pos3A8.tmp
C:\pos3A9.tmp
C:\pos3AA.tmp
C:\pos3AB.tmp
C:\pos3AC.tmp
C:\pos3AD.tmp
C:\pos3AE.tmp
C:\pos3AF.tmp
C:\pos3B.tmp
C:\pos3B0.tmp
C:\pos3B1.tmp
C:\pos3B2.tmp
C:\pos3B3.tmp
C:\pos3B4.tmp
C:\pos3B5.tmp
C:\pos3B6.tmp
C:\pos3B7.tmp
C:\pos3B8.tmp
C:\pos3B9.tmp
C:\pos3BA.tmp
C:\pos3BB.tmp
C:\pos3BC.tmp
C:\pos3BD.tmp
C:\pos3BE.tmp
C:\pos3BF.tmp
C:\pos3C.tmp
C:\pos3C0.tmp
C:\pos3C1.tmp
C:\pos3C2.tmp
C:\pos3C3.tmp
C:\pos3C4.tmp
C:\pos3C5.tmp
C:\pos3C6.tmp
C:\pos3C7.tmp
C:\pos3C8.tmp
C:\pos3C9.tmp
C:\pos3CA.tmp
C:\pos3CB.tmp
C:\pos3CC.tmp
C:\pos3CD.tmp
C:\pos3CE.tmp
C:\pos3CF.tmp
C:\pos3D.tmp
C:\pos3D0.tmp
C:\pos3D1.tmp
C:\pos3D2.tmp
C:\pos3D3.tmp
C:\pos3D4.tmp
C:\pos3D5.tmp
C:\pos3D6.tmp
C:\pos3D7.tmp
C:\pos3D8.tmp
C:\pos3D9.tmp
C:\pos3DA.tmp
C:\pos3DB.tmp
C:\pos3DC.tmp
C:\pos3DD.tmp
C:\pos3DE.tmp
C:\pos3DF.tmp
C:\pos3E.tmp
C:\pos3E0.tmp
C:\pos3E1.tmp
C:\pos3E2.tmp
C:\pos3E3.tmp
C:\pos3E4.tmp
C:\pos3E5.tmp
C:\pos3E6.tmp
C:\pos3E7.tmp
C:\pos3E8.tmp
C:\pos3E9.tmp
C:\pos3EA.tmp
C:\pos3EB.tmp
C:\pos3EC.tmp
C:\pos3ED.tmp
C:\pos3EE.tmp
C:\pos3EF.tmp
C:\pos3F.tmp
C:\pos3F0.tmp
C:\pos3F1.tmp
C:\pos3F2.tmp
C:\pos3F3.tmp
C:\pos3F4.tmp
C:\pos3F5.tmp
C:\pos3F6.tmp
C:\pos3F7.tmp
C:\pos3F8.tmp
C:\pos3F9.tmp
C:\pos3FA.tmp
C:\pos3FB.tmp
C:\pos3FC.tmp
C:\pos3FD.tmp
C:\pos3FE.tmp
C:\pos3FF.tmp
C:\pos4.tmp
C:\pos40.tmp
C:\pos400.tmp
C:\pos401.tmp
C:\pos402.tmp
C:\pos403.tmp
C:\pos404.tmp
C:\pos405.tmp
C:\pos406.tmp
C:\pos407.tmp
C:\pos408.tmp
C:\pos409.tmp
C:\pos40A.tmp
C:\pos40B.tmp
C:\pos40C.tmp
C:\pos40D.tmp
C:\pos40E.tmp
C:\pos40F.tmp
C:\pos41.tmp
C:\pos410.tmp
C:\pos411.tmp
C:\pos412.tmp
C:\pos413.tmp
C:\pos414.tmp
C:\pos415.tmp
C:\pos416.tmp
C:\pos417.tmp
C:\pos418.tmp
C:\pos419.tmp
C:\pos41A.tmp
C:\pos41B.tmp
C:\pos41C.tmp
C:\pos41D.tmp
C:\pos41E.tmp
C:\pos41F.tmp
C:\pos42.tmp
C:\pos420.tmp
C:\pos421.tmp
C:\pos422.tmp
C:\pos423.tmp
C:\pos424.tmp
C:\pos425.tmp
C:\pos426.tmp
C:\pos427.tmp
C:\pos428.tmp
C:\pos429.tmp
C:\pos42A.tmp
C:\pos42B.tmp
C:\pos42C.tmp
C:\pos42D.tmp
C:\pos42E.tmp
C:\pos43.tmp
C:\pos430.tmp
C:\pos431.tmp
C:\pos432.tmp
C:\pos433.tmp
C:\pos434.tmp
C:\pos435.tmp
C:\pos436.tmp
C:\pos437.tmp
C:\pos438.tmp
C:\pos439.tmp
C:\pos43A.tmp
C:\pos43B.tmp
C:\pos43C.tmp
C:\pos43E.tmp
C:\pos43F.tmp
C:\pos44.tmp
C:\pos440.tmp
C:\pos441.tmp
C:\pos442.tmp
C:\pos443.tmp
C:\pos444.tmp
C:\pos445.tmp
C:\pos446.tmp
C:\pos447.tmp
C:\pos448.tmp
C:\pos449.tmp
C:\pos44A.tmp
C:\pos44B.tmp
C:\pos44C.tmp
C:\pos44D.tmp
C:\pos44E.tmp
C:\pos44F.tmp
C:\pos45.tmp
C:\pos450.tmp
C:\pos451.tmp
C:\pos452.tmp
C:\pos453.tmp
C:\pos454.tmp
C:\pos455.tmp
C:\pos456.tmp
C:\pos457.tmp
C:\pos458.tmp
C:\pos459.tmp
C:\pos45A.tmp
C:\pos45B.tmp
C:\pos45C.tmp
C:\pos45D.tmp
C:\pos45E.tmp
C:\pos45F.tmp
C:\pos46.tmp
C:\pos460.tmp
C:\pos461.tmp
C:\pos462.tmp
C:\pos463.tmp
C:\pos464.tmp
C:\pos465.tmp
C:\pos466.tmp
C:\pos467.tmp
C:\pos468.tmp
C:\pos469.tmp
C:\pos46A.tmp
C:\pos46B.tmp
C:\pos46C.tmp
C:\pos46D.tmp
C:\pos46E.tmp
C:\pos46F.tmp
C:\pos47.tmp
C:\pos470.tmp
C:\pos471.tmp
C:\pos472.tmp
C:\pos473.tmp
C:\pos474.tmp
C:\pos475.tmp
C:\pos476.tmp
C:\pos477.tmp
C:\pos478.tmp
C:\pos479.tmp
C:\pos47A.tmp
C:\pos47B.tmp
C:\pos47C.tmp
C:\pos47D.tmp
C:\pos47E.tmp
C:\pos47F.tmp
C:\pos48.tmp
C:\pos480.tmp
C:\pos481.tmp
C:\pos482.tmp
C:\pos483.tmp
C:\pos484.tmp
C:\pos485.tmp
C:\pos486.tmp
C:\pos487.tmp
C:\pos488.tmp
C:\pos489.tmp
C:\pos48A.tmp
C:\pos48B.tmp
C:\pos48C.tmp
C:\pos48D.tmp
C:\pos48E.tmp
C:\pos48F.tmp
C:\pos49.tmp
C:\pos490.tmp
C:\pos491.tmp
C:\pos492.tmp
C:\pos493.tmp
C:\pos494.tmp
C:\pos495.tmp
C:\pos496.tmp
C:\pos497.tmp
C:\pos498.tmp
C:\pos499.tmp
C:\pos49A.tmp
C:\pos49B.tmp
C:\pos49C.tmp
C:\pos49D.tmp
C:\pos49E.tmp
C:\pos49F.tmp
C:\pos4A.tmp
C:\pos4A0.tmp
C:\pos4A1.tmp
C:\pos4A2.tmp
C:\pos4A3.tmp
C:\pos4A4.tmp
C:\pos4A5.tmp
C:\pos4A6.tmp
C:\pos4A7.tmp
C:\pos4A8.tmp
C:\pos4A9.tmp
C:\pos4AA.tmp
C:\pos4AB.tmp
C:\pos4AC.tmp
C:\pos4AD.tmp
C:\pos4AE.tmp
C:\pos4AF.tmp
C:\pos4B.tmp
C:\pos4B0.tmp
C:\pos4B1.tmp
C:\pos4B2.tmp
C:\pos4B3.tmp
C:\pos4B4.tmp
C:\pos4B5.tmp
C:\pos4B6.tmp
C:\pos4B7.tmp
C:\pos4B8.tmp
C:\pos4B9.tmp
C:\pos4BA.tmp
C:\pos4BB.tmp
C:\pos4BC.tmp
C:\pos4BD.tmp
C:\pos4BE.tmp
C:\pos4BF.tmp
C:\pos4C.tmp
C:\pos4C0.tmp
C:\pos4C1.tmp
C:\pos4C2.tmp
C:\pos4C3.tmp
C:\pos4C4.tmp
C:\pos4C5.tmp
C:\pos4C6.tmp
C:\pos4C7.tmp
C:\pos4C8.tmp
C:\pos4C9.tmp
C:\pos4CA.tmp
C:\pos4CB.tmp
C:\pos4CC.tmp
C:\pos4CD.tmp
C:\pos4CE.tmp
C:\pos4CF.tmp
C:\pos4D.tmp
C:\pos4D0.tmp
C:\pos4D1.tmp
C:\pos4D2.tmp
C:\pos4D3.tmp
C:\pos4D4.tmp
C:\pos4D5.tmp
C:\pos4D6.tmp
C:\pos4D7.tmp
C:\pos4D8.tmp
C:\pos4D9.tmp
C:\pos4DA.tmp
C:\pos4DB.tmp
C:\pos4DC.tmp
C:\pos4DD.tmp
C:\pos4DE.tmp
C:\pos4DF.tmp
C:\pos4E.tmp
C:\pos4E0.tmp
C:\pos4E1.tmp
C:\pos4E2.tmp
C:\pos4E3.tmp
C:\pos4E4.tmp
C:\pos4E5.tmp
C:\pos4E6.tmp
C:\pos4E7.tmp
C:\pos4E8.tmp
C:\pos4E9.tmp
C:\pos4EA.tmp
C:\pos4EB.tmp
C:\pos4EC.tmp
C:\pos4ED.tmp
C:\pos4EE.tmp
C:\pos4EF.tmp
C:\pos4F.tmp
C:\pos4F0.tmp
C:\pos4F1.tmp
C:\pos4F2.tmp
C:\pos4F3.tmp
C:\pos4F4.tmp
C:\pos4F5.tmp
C:\pos4F6.tmp
C:\pos4F7.tmp
C:\pos4F8.tmp
C:\pos4F9.tmp
C:\pos4FA.tmp
C:\pos4FB.tmp
C:\pos4FC.tmp
C:\pos4FD.tmp
C:\pos4FE.tmp
C:\pos4FF.tmp
C:\pos5.tmp
C:\pos50.tmp
C:\pos500.tmp
C:\pos501.tmp
C:\pos502.tmp
C:\pos503.tmp
C:\pos504.tmp
C:\pos505.tmp
C:\pos506.tmp
C:\pos507.tmp
C:\pos508.tmp
C:\pos509.tmp
C:\pos50A.tmp
C:\pos50B.tmp
C:\pos50C.tmp
C:\pos50D.tmp
C:\pos50E.tmp
C:\pos50F.tmp
C:\pos51.tmp
C:\pos510.tmp
C:\pos511.tmp
C:\pos512.tmp
C:\pos513.tmp
C:\pos514.tmp
C:\pos515.tmp
C:\pos516.tmp
C:\pos517.tmp
C:\pos518.tmp
C:\pos519.tmp
C:\pos51A.tmp
C:\pos51B.tmp
C:\pos51C.tmp
C:\pos51D.tmp
C:\pos51E.tmp
C:\pos51F.tmp
C:\pos52.tmp
C:\pos520.tmp
C:\pos521.tmp
C:\pos522.tmp
C:\pos523.tmp
C:\pos524.tmp
C:\pos525.tmp
C:\pos526.tmp
C:\pos527.tmp
C:\pos528.tmp
C:\pos529.tmp
C:\pos52A.tmp
C:\pos52B.tmp
C:\pos52C.tmp
C:\pos52D.tmp
C:\pos52E.tmp
C:\pos52F.tmp
C:\pos53.tmp
C:\pos530.tmp
C:\pos531.tmp
C:\pos532.tmp
C:\pos533.tmp
C:\pos534.tmp
C:\pos535.tmp
C:\pos536.tmp
C:\pos537.tmp
C:\pos538.tmp
C:\pos539.tmp
C:\pos53A.tmp
C:\pos53B.tmp
C:\pos53C.tmp
C:\pos53D.tmp
C:\pos53E.tmp
C:\pos53F.tmp
C:\pos54.tmp
C:\pos540.tmp
C:\pos541.tmp
C:\pos542.tmp
C:\pos543.tmp
C:\pos544.tmp
C:\pos545.tmp
C:\pos546.tmp
C:\pos547.tmp
C:\pos548.tmp
C:\pos549.tmp
C:\pos54A.tmp
C:\pos54B.tmp
C:\pos54C.tmp
C:\pos54D.tmp
C:\pos54E.tmp
C:\pos54F.tmp
C:\pos55.tmp
C:\pos550.tmp
C:\pos551.tmp
C:\pos552.tmp
C:\pos553.tmp
C:\pos554.tmp
C:\pos555.tmp
C:\pos556.tmp
C:\pos557.tmp
C:\pos558.tmp
C:\pos559.tmp
C:\pos55A.tmp
C:\pos55B.tmp
C:\pos55C.tmp
C:\pos55D.tmp
C:\pos55E.tmp
C:\pos55F.tmp
C:\pos56.tmp
C:\pos560.tmp
C:\pos561.tmp
C:\pos562.tmp
C:\pos563.tmp
C:\pos564.tmp
C:\pos565.tmp
C:\pos566.tmp
C:\pos567.tmp
C:\pos568.tmp
C:\pos569.tmp
C:\pos56A.tmp
C:\pos56B.tmp
C:\pos56C.tmp
C:\pos56D.tmp
C:\pos56E.tmp
C:\pos56F.tmp
C:\pos57.tmp
C:\pos570.tmp
C:\pos571.tmp
C:\pos572.tmp
C:\pos573.tmp
C:\pos574.tmp
C:\pos575.tmp
C:\pos576.tmp
C:\pos577.tmp
C:\pos578.tmp
C:\pos579.tmp
C:\pos57A.tmp
C:\pos57B.tmp
C:\pos57C.tmp
C:\pos57D.tmp
C:\pos57E.tmp
C:\pos57F.tmp
C:\pos58.tmp
C:\pos580.tmp
C:\pos581.tmp
C:\pos582.tmp
C:\pos583.tmp
C:\pos584.tmp
C:\pos585.tmp
C:\pos586.tmp
C:\pos587.tmp
C:\pos588.tmp
C:\pos589.tmp
C:\pos58A.tmp
C:\pos58B.tmp
C:\pos58C.tmp
C:\pos58D.tmp
C:\pos58E.tmp
C:\pos58F.tmp
C:\pos59.tmp
C:\pos590.tmp
C:\pos591.tmp
C:\pos592.tmp
C:\pos593.tmp
C:\pos594.tmp
C:\pos595.tmp
C:\pos597.tmp
C:\pos598.tmp
C:\pos599.tmp
C:\pos59A.tmp
C:\pos59B.tmp
C:\pos59C.tmp
C:\pos59D.tmp
C:\pos59E.tmp
C:\pos5A.tmp
C:\pos5A0.tmp
C:\pos5A1.tmp
C:\pos5A2.tmp
C:\pos5A3.tmp
C:\pos5A4.tmp
C:\pos5A5.tmp
C:\pos5A7.tmp
C:\pos5A9.tmp
C:\pos5AA.tmp
C:\pos5AB.tmp
C:\pos5AC.tmp
C:\pos5AD.tmp
C:\pos5AE.tmp
C:\pos5AF.tmp
C:\pos5B.tmp
C:\pos5B0.tmp
C:\pos5B1.tmp
C:\pos5B2.tmp
C:\pos5B3.tmp
C:\pos5B4.tmp
C:\pos5B5.tmp
C:\pos5B6.tmp
C:\pos5B8.tmp
C:\pos5B9.tmp
C:\pos5BA.tmp
C:\pos5BB.tmp
C:\pos5BC.tmp
C:\pos5BD.tmp
C:\pos5BE.tmp
C:\pos5BF.tmp
C:\pos5C.tmp
C:\pos5C0.tmp
C:\pos5C1.tmp
C:\pos5C2.tmp
C:\pos5C3.tmp
C:\pos5C4.tmp
C:\pos5C5.tmp
C:\pos5C6.tmp
C:\pos5C7.tmp
C:\pos5C8.tmp
C:\pos5C9.tmp
C:\pos5CA.tmp
C:\pos5CB.tmp
C:\pos5CC.tmp
C:\pos5CD.tmp
C:\pos5CE.tmp
C:\pos5CF.tmp
C:\pos5D.tmp
C:\pos5D0.tmp
C:\pos5D1.tmp
C:\pos5D2.tmp
C:\pos5D3.tmp
C:\pos5D4.tmp
C:\pos5D5.tmp
C:\pos5D6.tmp
C:\pos5D7.tmp
C:\pos5D8.tmp
C:\pos5D9.tmp
C:\pos5DA.tmp
C:\pos5DB.tmp
C:\pos5DC.tmp
C:\pos5DD.tmp
C:\pos5DE.tmp
C:\pos5DF.tmp
C:\pos5E.tmp
C:\pos5E0.tmp
C:\pos5E1.tmp
C:\pos5E2.tmp
C:\pos5E3.tmp
C:\pos5E4.tmp
C:\pos5E5.tmp
C:\pos5F.tmp
C:\pos6.tmp
C:\pos60.tmp
C:\pos61.tmp
C:\pos62.tmp
C:\pos63.tmp
C:\pos64.tmp
C:\pos65.tmp
C:\pos66.tmp
C:\pos67.tmp
C:\pos68.tmp
C:\pos69.tmp
C:\pos6A.tmp
C:\pos6B.tmp
C:\pos6C.tmp
C:\pos6D.tmp
C:\pos6E.tmp
C:\pos6F.tmp
C:\pos7.tmp
C:\pos70.tmp
C:\pos71.tmp
C:\pos72.tmp
C:\pos73.tmp
C:\pos74.tmp
C:\pos75.tmp
C:\pos76.tmp
C:\pos77.tmp
C:\pos78.tmp
C:\pos79.tmp
C:\pos7A.tmp
C:\pos7B.tmp
C:\pos7C.tmp
C:\pos7D.tmp
C:\pos7E.tmp
C:\pos7F.tmp
C:\pos8.tmp
C:\pos80.tmp
C:\pos81.tmp
C:\pos82.tmp
C:\pos83.tmp
C:\pos84.tmp
C:\pos85.tmp
C:\pos86.tmp
C:\pos87.tmp
C:\pos88.tmp
C:\pos89.tmp
C:\pos8A.tmp
C:\pos8B.tmp
C:\pos8C.tmp
C:\pos8D.tmp
C:\pos8E.tmp
C:\pos8F.tmp
C:\pos9.tmp
C:\pos90.tmp
C:\pos91.tmp
C:\pos92.tmp
C:\pos93.tmp
C:\pos94.tmp
C:\pos95.tmp
C:\pos96.tmp
C:\pos97.tmp
C:\pos98.tmp
C:\pos99.tmp
C:\pos9A.tmp
C:\pos9B.tmp
C:\pos9C.tmp
C:\pos9D.tmp
C:\pos9E.tmp
C:\pos9F.tmp
C:\posA.tmp
C:\posA0.tmp
C:\posA1.tmp
C:\posA2.tmp
C:\posA3.tmp
C:\posA4.tmp
C:\posA5.tmp
C:\posA6.tmp
C:\posA7.tmp
C:\posA8.tmp
C:\posA9.tmp
C:\posAA.tmp
C:\posAB.tmp
C:\posAC.tmp
C:\posAD.tmp
C:\posAE.tmp
C:\posAF.tmp
C:\posB.tmp
C:\posB0.tmp
C:\posB1.tmp
C:\posB2.tmp
C:\posB3.tmp
C:\posB4.tmp
C:\posB5.tmp
C:\posB6.tmp
C:\posB7.tmp
C:\posB8.tmp
C:\posB9.tmp
C:\posBA.tmp
C:\posBB.tmp
C:\posBC.tmp
C:\posBD.tmp
C:\posBE.tmp
C:\posBF.tmp
C:\posC.tmp
C:\posC0.tmp
C:\posC1.tmp
C:\posC2.tmp
C:\posC3.tmp
C:\posC4.tmp
C:\posC5.tmp
C:\posC6.tmp
C:\posC7.tmp
C:\posC8.tmp
C:\posC9.tmp
C:\posCA.tmp
C:\posCB.tmp
C:\posCC.tmp
C:\posCD.tmp
C:\posCE.tmp
C:\posCF.tmp
C:\posD.tmp
C:\posD0.tmp
C:\posD1.tmp
C:\posD2.tmp
C:\posD3.tmp
C:\posD4.tmp
C:\posD5.tmp
C:\posD6.tmp
C:\posD7.tmp
C:\posD8.tmp
C:\posD9.tmp
C:\posDA.tmp
C:\posDB.tmp
C:\posDC.tmp
C:\posDD.tmp
C:\posDE.tmp
C:\posDF.tmp
C:\posE.tmp
C:\posE0.tmp
C:\posE1.tmp
C:\posE2.tmp
C:\posE3.tmp
C:\posE4.tmp
C:\posE5.tmp
C:\posE6.tmp
C:\posE7.tmp
C:\posE8.tmp
C:\posE9.tmp
C:\posEA.tmp
C:\posEB.tmp
C:\posEC.tmp
C:\posED.tmp
C:\posEE.tmp
C:\posEF.tmp
C:\posF.tmp
C:\posF0.tmp
C:\posF1.tmp
C:\posF2.tmp
C:\posF3.tmp
C:\posF4.tmp
C:\posF5.tmp
C:\posF6.tmp
C:\posF7.tmp
C:\posF8.tmp
C:\posF9.tmp
C:\posFA.tmp
C:\posFB.tmp
C:\posFC.tmp
C:\posFD.tmp
C:\posFE.tmp
C:\posFF.tmp
C:\Program Files\Common Files\asembl~1
C:\Program Files\Common Files\asembl~1\a?sembly\
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas .exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Temporary
C:\Program Files\Temporary\kernInst.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI .exe
C:\Temp\1cb
C:\Temp\1cb\syscheck.log
C:\temp\tn3
C:\WINDOWS\mcroso~1.net
C:\WINDOWS\system32\ctfmon.exe.tmp
C:\WINDOWS\SYSTEM32\fhhkj.ini
C:\WINDOWS\SYSTEM32\fhhkj.ini2
C:\WINDOWS\system32\jkhhf.dll
C:\WINDOWS\system32\jkhhf.exe
C:\WINDOWS\system32\pac.txt
C:\WINDOWS\SYSTEM32\snotrrtc.ini
C:\WINDOWS\system32\windows
C:\WINDOWS\system32\drivers\core.cache.dsk . . . . failed to delete

<pre>
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas  .exe ---> avgas.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware .exe ---> SUPERAntiSpyware.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI .exe ---> QooBox
</pre>
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_DOMAINSERVICE


((((((((((((((((((((((((( Files Created from 2007-12-17 to 2008-01-17 )))))))))))))))))))))))))))))))
.

2008-01-16 18:01 . 2008-01-16 18:01 <DIR> d-------- C:\Temp\tn3
2008-01-16 17:30 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2008-01-14 18:16 . 2008-01-16 17:59 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-01-14 18:16 . 2008-01-14 18:16 <DIR> d-------- C:\Documents and Settings\Trevan\Application Data\SUPERAntiSpyware.com
2008-01-14 18:16 . 2008-01-14 18:16 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-01-14 18:15 . 2008-01-14 18:15 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-01-14 17:08 . 2008-01-14 17:08 <DIR> d-------- C:\Documents and Settings\NetworkService\Application Data\Webroot
2008-01-14 16:02 . 2008-01-14 16:02 <DIR> d-------- C:\Program Files\Webroot
2008-01-14 16:02 . 2008-01-14 16:02 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\Webroot
2008-01-14 16:02 . 2008-01-04 20:56 1,526,640 --a------ C:\WINDOWS\WRSetup.dll
2008-01-14 16:02 . 2008-01-04 20:34 163,696 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\ssidrv.sys
2008-01-14 16:02 . 2008-01-04 20:34 23,920 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\sskbfd.sys
2008-01-14 16:02 . 2008-01-04 20:34 21,872 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\sshrmd.sys
2008-01-14 16:02 . 2008-01-04 20:34 20,336 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\SSFS0BB9.sys
2008-01-14 16:00 . 2008-01-14 16:00 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Webroot
2008-01-14 15:58 . 2008-01-14 15:58 <DIR> d-------- C:\Documents and Settings\Trevan\Application Data\Webroot
2008-01-14 14:16 . 2008-01-14 14:16 <DIR> d-------- C:\Documents and Settings\Teresa\Application Data\Grisoft
2008-01-13 18:42 . 2008-01-14 19:53 <DIR> d-------- C:\VundoFix Backups
2008-01-12 20:13 . 2008-01-12 20:13 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-01-12 11:46 . 2008-01-14 16:01 164 --a------ C:\install.dat
2008-01-12 10:35 . 2008-01-12 10:35 <DIR> d-------- C:\Program Files\Enigma Software Group
2008-01-11 16:27 . 2008-01-12 11:59 28,672 --a------ C:\WINDOWS\SYSTEM32\DSentry .exe
2008-01-11 13:25 . 2008-01-13 20:14 15,360 --a------ C:\WINDOWS\SYSTEM32\ctfmon .exe
2008-01-11 13:24 . 2008-01-12 11:59 90,112 --a------ C:\WINDOWS\UpdReg .EXE
2008-01-11 12:57 . 2008-01-11 20:09 <DIR> d-------- C:\Program Files\Dot1XCfg
2008-01-11 12:53 . 2008-01-12 20:13 <DIR> d-------- C:\WINDOWS\SYSTEM32\vt8
2008-01-11 12:53 . 2008-01-12 20:13 <DIR> d-------- C:\WINDOWS\SYSTEM32\mp2
2008-01-11 12:53 . 2008-01-11 13:23 <DIR> d-------- C:\WINDOWS\SYSTEM32\ez4
2008-01-11 12:53 . 2008-01-11 12:53 <DIR> d-------- C:\WINDOWS\SYSTEM32\che9
2008-01-11 12:53 . 2008-01-11 12:53 86,016 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\LHidUsbb.sys
2008-01-11 12:53 . 2008-01-16 17:59 932 --------- C:\WINDOWS\SYSTEM32\DRIVERS\core.cache.dsk
2008-01-11 12:52 . 2008-01-14 19:53 <DIR> d-------- C:\WINDOWS\SYSTEM32\edcA01
2008-01-11 12:52 . 2008-01-11 12:53 <DIR> d-------- C:\Temp\Ryuan1
2008-01-11 12:52 . 2008-01-16 18:01 <DIR> d-------- C:\Temp
2007-12-29 12:27 . 2007-12-29 12:27 <DIR> d-------- C:\WINDOWS\.jagex_cache_32

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-15 05:14 --------- d-----w C:\Documents and Settings\All Users\Application Data\SecTaskMan
2008-01-14 22:18 --------- d-----w C:\Program Files\Picasa2
2008-01-13 04:36 --------- d-----w C:\Program Files\Call of Duty Game of the Year Edition
2008-01-13 04:34 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-01-13 04:13 --------- d-----w C:\Program Files\QuickTime
2008-01-13 04:13 --------- d-----w C:\Program Files\EarthLink 5.0
2008-01-12 21:25 --------- d-----w C:\Program Files\Winamp
2008-01-12 21:25 --------- d-----w C:\Program Files\DellSupport
2008-01-12 16:36 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-12-13 05:53 --------- d-----w C:\Documents and Settings\All Users\Application Data\Knowledge Adventure
2007-12-02 22:34 --------- d--h--w C:\Program Files\InstallShield Installation Information
2004-11-16 16:01 57,352 ----a-w C:\Documents and Settings\Teresa\Application Data\GDIPFONTCACHEV1.DAT
2003-06-15 16:02 170 ---ha-w C:\Documents and Settings\Teresa\hpothb07.dat
2003-06-15 16:01 503 ---ha-w C:\Program Files\hpothb07.tif
2003-06-15 16:01 293 ---ha-w C:\Program Files\hpothb07.dat
2003-06-15 16:01 164 ---ha-w C:\Documents and Settings\All Users\hpothb07.dat
2003-05-10 21:18 707,072 ----a-w C:\Program Files\ws_ftple.exe
2003-05-02 15:10 251,600 ----a-w C:\Program Files\NSSetup.exe
.
<pre>
----a-w		   313,472 2008-01-12 20:00:55  C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager .exe
----a-w			28,672 2008-01-12 19:59:54  C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind .exe
----a-w		   135,264 2008-01-12 20:00:11  C:\Program Files\Creative\SBLive\Diagnostics\diagent .exe
----a-w		   460,784 2008-01-12 20:00:49  C:\Program Files\DellSupport\DSAgnt .exe
----a-w			68,856 2008-01-12 20:00:51  C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier .exe
----a-w			69,632 2008-01-12 19:59:56  C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd .exe
----a-w		   192,512 2008-01-12 19:59:39  C:\Program Files\McAfee.com\Agent\mcagent .exe
----a-w		   151,552 2008-01-12 15:29:38  C:\Program Files\McAfee.com\Agent\MCUPDA~2 .EXE
----a-w		   139,264 2008-01-12 19:59:51  C:\Program Files\McAfee.com\VSO\mcvsshld .exe
----a-w		 1,694,208 2008-01-12 20:00:46  C:\Program Files\Messenger\msmsgs .exe
----a-w		   200,767 2008-01-12 20:00:32  C:\Program Files\Microsoft Money\System\mnyexpr .exe
----a-w			90,112 2008-01-12 19:59:38  C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray .exe
----a-w		   684,032 2008-01-12 19:59:49  C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD .exe
----a-w		 1,460,560 2008-01-12 20:01:02  C:\Program Files\Spybot - Search & Destroy\TeaTimer .exe
----a-w		 1,544,192 2008-01-12 20:00:27  C:\Program Files\support.com\bin\tgcmd .exe
----a-w			12,288 2008-01-12 20:00:10  C:\Program Files\Winamp\Winampa .exe
----a-w			90,112 2008-01-12 19:59:33  C:\WINDOWS\UpdReg .EXE
----a-w			15,360 2008-01-14 04:14:44  C:\WINDOWS\SYSTEM32\ctfmon .exe
----a-w			28,672 2008-01-12 19:59:38  C:\WINDOWS\SYSTEM32\DSentry .exe
</pre>


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{76e34983-a9a3-4ece-97f5-77af83ee0892}]
C:\WINDOWS\system32\pgrrouhv.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{EDC4BD66-0CD5-A8F9-D977-C996B6E74CD7}
{2318C2B1-4965-11D4-9B18-009027A5CD4F}

[HKEY_CLASSES_ROOT\clsid\{edc4bd66-0cd5-a8f9-d977-c996b6e74cd7}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MoneyAgent"="C:\Program Files\Microsoft Money\System\mnyexpr.exe" [ ]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [ ]
"NvMediaCenter"="RUNDLL32.exe" [2004-08-03 23:56 33280 C:\WINDOWS\SYSTEM32\rundll32.exe]
"DellSupport"="C:\Program Files\DellSupport\DSAgnt.exe" [ ]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [ ]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [ ]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [ ]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [ ]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-01-16 17:01 1318912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="RUNDLL32.exe" [2004-08-03 23:56 33280 C:\WINDOWS\SYSTEM32\rundll32.exe]
"VirusScan Online"="c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe" [ ]
"nwiz"="nwiz.exe" [2003-10-06 14:16 741376 C:\WINDOWS\SYSTEM32\nwiz.exe]
"Logitech Utility"="Logi_MwX.Exe" [2003-03-04 01:50 19968 C:\WINDOWS\LOGI_MWX.EXE]
"a8f6cbb9"="rundll32.exe" [2004-08-03 23:56 33280 C:\WINDOWS\SYSTEM32\rundll32.exe]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26]
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2003-04-02 10:55:49]
hp psc 2000 Series.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe [2002-06-11 09:31:50]
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2004-03-26 10:15:39]
NkbMonitor.exe.lnk - C:\Program Files\Nikon\PictureProject\NkbMonitor.exe [2004-11-06 15:55:12]
officejet 6100.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposol08.exe [2002-06-11 09:32:22]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

R1 LHidUsbb;LHidUsbb;C:\WINDOWS\system32\drivers\LHidUsbb.sys [2008-01-11 12:53]
S3 NMSCFG;NIC Management Service Configuration Driver;C:\WINDOWS\system32\drivers\NMSCFG.SYS [2002-10-10 02:18]
S3 NMSSvc;Intel® NMS;C:\WINDOWS\System32\NMSSvc.exe [2002-10-10 02:18]

.
Contents of the 'Scheduled Tasks' folder
"2003-09-20 20:45:06 C:\WINDOWS\Tasks\FRU Task #Hewlett-Packard#hp psc 2100 series#1050264682.job"
- C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe4-I
"2005-09-30 22:26:24 C:\WINDOWS\Tasks\FRU Task #Hewlett-Packard#hp psc 2100 series#1127612217.job"
- C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe4-I
"2003-04-09 03:52:50 C:\WINDOWS\Tasks\ISP signup reminder 1.job"
- C:\WINDOWS\System32\OOBE\OOBEBALN.EXE
"2008-01-17 02:03:00 C:\WINDOWS\Tasks\McAfee.com Update Check (CORN-Teresa).job"
- C:\PROGRA~1\McAfee.com\Agent\mcupdate.ex
- C:\PROGRA~1\McAfee.com\Agent.TeresaXMcAfee.com SecurityCenter periodically checks for updates for your McAfee.com Services.
"2008-01-17 02:04:00 C:\WINDOWS\Tasks\McAfee.com Update Check (CORN-Trevan).job"
- C:\PROGRA~1\mcafee.com\agent\MCUPDA~2 .EX
- C:\PROGRA~1\mcafee.com\agent.TrevanXMcAfee.com SecurityCenter periodically checks for updates for your McAfee.com Services.
"2008-01-17 02:03:00 C:\WINDOWS\Tasks\McAfee.com Update Check (D3HN0N21-Owner).job"
- C:\PROGRA~1\McAfee.com\Agent\mcupdate.ex
- C:\PROGRA~1\McAfee.com\Agent
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-16 18:02:25
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-01-16 18:07:53 - machine was rebooted
ComboFix-quarantined-files.txt 2008-01-17 02:07:49
.
2008-01-09 05:12:10 --- E O F ---

and here's the new Hijack this...

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:11:54 PM, on 1/16/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\CTsvcCDA.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\System32\MsPMSPSv.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposol08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Trevan\Desktop\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://news.bbc.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
N4 - Mozilla: user_pref("browser.startup.homepage", "http://www.google.com/"); (C:\Documents and Settings\TREVAN\Application Data\Mozilla\Profiles\default\8gfaju0c.slt\prefs.js)
N4 - Mozilla: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\TREVAN\Application Data\Mozilla\Profiles\default\8gfaju0c.slt\prefs.js)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: {2980ee38-fa77-5f79-ece4-3a9a38943e67} - {76e34983-a9a3-4ece-97f5-77af83ee0892} - C:\WINDOWS\system32\pgrrouhv.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: Search - {EDC4BD66-0CD5-A8F9-D977-C996B6E74CD7} - C:\WINDOWS\Vwryxqbr.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [VirusScan Online] c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [a8f6cbb9] "rundll32.exe" "C:\WINDOWS\system32\htvowowq.dll",b
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1
O4 - HKCU\..\Run: [SpybotSD TeaTimer] "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] "C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe"
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
O4 - Global Startup: officejet 6100.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: ComcastHSI - {669B269B-0D4E-41FB-A3D8-FD67CA94F646} - http://www.comcast.net/ (file missing)
O9 - Extra button: Support - {8828075D-D097-4055-AA02-2DBFA9D85E8A} - http://www.comcastsupport.com/ (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Help - {97809617-3937-4F84-B335-9BB05EF1A8D4} - http://online.comcast.net/help/ (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www2.snapfish...fishActivia.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - Back to top -->

#4
Cookiegal

Cookiegal

    Visiting Consultant

  • Visiting Consultant
  • 887 posts
Open Notepad and copy and paste the text in the code box below into it:

File::
C:\WINDOWS\SYSTEM32\DRIVERS\LHidUsbb.sys
C:\WINDOWS\SYSTEM32\DRIVERS\core.cache.dsk
C:\WINDOWS\system32\pgrrouhv.dll
C:\WINDOWS\system32\htvowowq.dll

Folder::
C:\Temp\tn3
C:\WINDOWS\SYSTEM32\vt8
C:\WINDOWS\SYSTEM32\mp2
C:\WINDOWS\SYSTEM32\ez4
C:\WINDOWS\SYSTEM32\che9
C:\WINDOWS\SYSTEM32\edcA01
C:\Temp\Ryuan1

Driver::
LHidUsbb

DirLook::
C:\Temp
C:\Program Files\Dot1XCfg

RenV::
C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager .exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind .exe
C:\Program Files\Creative\SBLive\Diagnostics\diagent .exe
C:\Program Files\DellSupport\DSAgnt .exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier .exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd .exe
C:\Program Files\McAfee.com\Agent\mcagent .exe
C:\Program Files\McAfee.com\Agent\MCUPDA~2 .EXE
C:\Program Files\McAfee.com\VSO\mcvsshld .exe
C:\Program Files\Messenger\msmsgs .exe
C:\Program Files\Microsoft Money\System\mnyexpr .exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray .exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD .exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer .exe
C:\Program Files\support.com\bin\tgcmd .exe
C:\Program Files\Winamp\Winampa .exe
C:\WINDOWS\UpdReg .EXE
C:\WINDOWS\SYSTEM32\ctfmon .exe
C:\WINDOWS\SYSTEM32\DSentry .exe

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{76e34983-a9a3-4ece-97f5-77af83ee0892}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{EDC4BD66-0CD5-A8F9-D977-C996B6E74CD7}"=-
[-HKEY_CLASSES_ROOT\clsid\{edc4bd66-0cd5-a8f9-d977-c996b6e74cd7}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"a8f6cbb9"=-

Save the file to your desktop and name it CFScript.txt

Then drag the CFScript.txt into the ComboFix.exe as shown in the screenshot below.

Posted Image

This will start ComboFix again. It may ask to reboot. Post the contents of Combofix.txt in your next reply together with a new HijackThis log.
  • 0

#5
trouter

trouter

    Member

  • Topic Starter
  • Member
  • PipPip
  • 22 posts
thanks, here you go...

ComboFix 08-01-17.3 - Trevan 2008-01-17 21:11:53.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.462 [GMT -8:00]
Running from: C:\Documents and Settings\Trevan\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Trevan\Desktop\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE
C:\WINDOWS\SYSTEM32\DRIVERS\core.cache.dsk
C:\WINDOWS\SYSTEM32\DRIVERS\LHidUsbb.sys
C:\WINDOWS\system32\htvowowq.dll
C:\WINDOWS\system32\pgrrouhv.dll
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Temp\Ryuan1
C:\Temp\Ryuan1\tepU.log
C:\temp\tn3
C:\WINDOWS\SYSTEM32\che9
C:\WINDOWS\SYSTEM32\che9\farstadcom2.exe
C:\WINDOWS\system32\drivers\core.cache.dsk
C:\WINDOWS\SYSTEM32\DRIVERS\LHidUsbb.sys
C:\WINDOWS\SYSTEM32\edcA01
C:\WINDOWS\SYSTEM32\ez4
C:\WINDOWS\SYSTEM32\mp2
C:\WINDOWS\SYSTEM32\vt8

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_LHIDUSBB
-------\LHidUsbb


((((((((((((((((((((((((( Files Created from 2007-12-18 to 2008-01-18 )))))))))))))))))))))))))))))))
.

2008-01-17 21:18 . 2008-01-17 21:18 <DIR> d-------- C:\Temp\tn3
2008-01-16 17:30 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2008-01-14 18:16 . 2008-01-16 17:59 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-01-14 18:16 . 2008-01-14 18:16 <DIR> d-------- C:\Documents and Settings\Trevan\Application Data\SUPERAntiSpyware.com
2008-01-14 18:16 . 2008-01-14 18:16 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-01-14 18:15 . 2008-01-14 18:15 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-01-14 17:08 . 2008-01-14 17:08 <DIR> d-------- C:\Documents and Settings\NetworkService\Application Data\Webroot
2008-01-14 16:02 . 2008-01-14 16:02 <DIR> d-------- C:\Program Files\Webroot
2008-01-14 16:02 . 2008-01-14 16:02 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\Webroot
2008-01-14 16:02 . 2008-01-04 20:56 1,526,640 --a------ C:\WINDOWS\WRSetup.dll
2008-01-14 16:02 . 2008-01-04 20:34 163,696 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\ssidrv.sys
2008-01-14 16:02 . 2008-01-04 20:34 23,920 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\sskbfd.sys
2008-01-14 16:02 . 2008-01-04 20:34 21,872 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\sshrmd.sys
2008-01-14 16:02 . 2008-01-04 20:34 20,336 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\SSFS0BB9.sys
2008-01-14 16:00 . 2008-01-14 16:00 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Webroot
2008-01-14 15:58 . 2008-01-14 15:58 <DIR> d-------- C:\Documents and Settings\Trevan\Application Data\Webroot
2008-01-14 14:16 . 2008-01-14 14:16 <DIR> d-------- C:\Documents and Settings\Teresa\Application Data\Grisoft
2008-01-13 18:42 . 2008-01-14 19:53 <DIR> d-------- C:\VundoFix Backups
2008-01-12 20:13 . 2008-01-12 20:13 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-01-12 11:46 . 2008-01-14 16:01 164 --a------ C:\install.dat
2008-01-12 10:35 . 2008-01-12 10:35 <DIR> d-------- C:\Program Files\Enigma Software Group
2008-01-11 16:27 . 2008-01-12 11:59 28,672 --a------ C:\WINDOWS\SYSTEM32\DSentry.exe
2008-01-11 13:25 . 2008-01-13 20:14 15,360 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\ctfmon.exe
2008-01-11 13:25 . 2008-01-13 20:14 15,360 --a------ C:\WINDOWS\SYSTEM32\ctfmon.exe
2008-01-11 13:24 . 2008-01-12 11:59 90,112 --a------ C:\WINDOWS\UpdReg.EXE
2008-01-11 12:57 . 2008-01-11 20:09 <DIR> d-------- C:\Program Files\Dot1XCfg
2008-01-11 12:52 . 2008-01-17 21:18 <DIR> d-------- C:\Temp
2007-12-29 12:27 . 2007-12-29 12:27 <DIR> d-------- C:\WINDOWS\.jagex_cache_32

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-18 05:11 --------- d-----w C:\Program Files\Winamp
2008-01-18 05:11 --------- d-----w C:\Program Files\DellSupport
2008-01-15 05:14 --------- d-----w C:\Documents and Settings\All Users\Application Data\SecTaskMan
2008-01-14 22:18 --------- d-----w C:\Program Files\Picasa2
2008-01-13 04:36 --------- d-----w C:\Program Files\Call of Duty Game of the Year Edition
2008-01-13 04:34 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-01-13 04:13 --------- d-----w C:\Program Files\QuickTime
2008-01-13 04:13 --------- d-----w C:\Program Files\EarthLink 5.0
2008-01-12 16:36 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-12-13 05:53 --------- d-----w C:\Documents and Settings\All Users\Application Data\Knowledge Adventure
2007-12-02 22:34 --------- d--h--w C:\Program Files\InstallShield Installation Information
2004-11-16 16:01 57,352 ----a-w C:\Documents and Settings\Teresa\Application Data\GDIPFONTCACHEV1.DAT
2003-06-15 16:02 170 ---ha-w C:\Documents and Settings\Teresa\hpothb07.dat
2003-06-15 16:01 503 ---ha-w C:\Program Files\hpothb07.tif
2003-06-15 16:01 293 ---ha-w C:\Program Files\hpothb07.dat
2003-06-15 16:01 164 ---ha-w C:\Documents and Settings\All Users\hpothb07.dat
2003-05-10 21:18 707,072 ----a-w C:\Program Files\ws_ftple.exe
2003-05-02 15:10 251,600 ----a-w C:\Program Files\NSSetup.exe
.

(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.

---- Directory of C:\Program Files\Dot1XCfg ----


---- Directory of C:\Temp ----

2008-01-11 12:53 1858 --a------ C:\Temp\Ryuan1\tepU.log


((((((((((((((((((((((((((((( [email protected]_18.07.17.62 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-01-17 01:30:33 245,760 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000001\NTUSER.DAT
+ 2008-01-18 05:11:10 245,760 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000001\NTUSER.DAT
- 2008-01-17 01:30:33 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000002\UsrClass.dat
+ 2008-01-18 05:11:10 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000002\UsrClass.dat
- 2008-01-17 01:30:33 245,760 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000003\NTUSER.DAT
+ 2008-01-18 05:11:11 245,760 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000003\NTUSER.DAT
- 2008-01-17 01:30:33 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000004\UsrClass.dat
+ 2008-01-18 05:11:11 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000004\UsrClass.dat
- 2008-01-17 01:30:33 4,337,664 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000005\NTUSER.DAT
+ 2008-01-18 05:11:11 4,288,512 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000005\NTUser.dat
- 2008-01-17 01:30:33 12,288 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000006\UsrClass.dat
+ 2008-01-18 05:11:11 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000006\UsrClass.dat
+ 2008-01-18 05:11:11 4,337,664 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000007\NTUSER.DAT
+ 2008-01-18 05:11:11 12,288 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000008\UsrClass.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MoneyAgent"="C:\Program Files\Microsoft Money\System\mnyexpr.exe" [2008-01-12 12:00 200767]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2008-01-12 12:00 1694208]
"NvMediaCenter"="RUNDLL32.exe" [2004-08-03 23:56 33280 C:\WINDOWS\SYSTEM32\rundll32.exe]
"DellSupport"="C:\Program Files\DellSupport\DSAgnt.exe" [2008-01-12 12:00 460784]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-01-13 20:14 15360]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-01-12 12:00 68856]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2008-01-12 12:00 313472]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-12 12:01 1460560]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-01-16 17:01 1318912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="RUNDLL32.exe" [2004-08-03 23:56 33280 C:\WINDOWS\SYSTEM32\rundll32.exe]
"VirusScan Online"="c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe" [2008-01-12 11:59 139264]
"nwiz"="nwiz.exe" [2003-10-06 14:16 741376 C:\WINDOWS\SYSTEM32\nwiz.exe]
"Logitech Utility"="Logi_MwX.Exe" [2003-03-04 01:50 19968 C:\WINDOWS\LOGI_MWX.EXE]
"MCUpdateExe"="c:\PROGRA~1\mcafee.com\agent\McUpdate.exe" [ ]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26]
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2003-04-02 10:55:49]
hp psc 2000 Series.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe [2002-06-11 09:31:50]
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2004-03-26 10:15:39]
NkbMonitor.exe.lnk - C:\Program Files\Nikon\PictureProject\NkbMonitor.exe [2004-11-06 15:55:12]
officejet 6100.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposol08.exe [2002-06-11 09:32:22]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\khfebbx]

S3 NMSCFG;NIC Management Service Configuration Driver;C:\WINDOWS\system32\drivers\NMSCFG.SYS [2002-10-10 02:18]
S3 NMSSvc;Intel® NMS;C:\WINDOWS\System32\NMSSvc.exe [2002-10-10 02:18]

.
Contents of the 'Scheduled Tasks' folder
"2003-09-20 20:45:06 C:\WINDOWS\Tasks\FRU Task #Hewlett-Packard#hp psc 2100 series#1050264682.job"
- C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe4-I
"2005-09-30 22:26:24 C:\WINDOWS\Tasks\FRU Task #Hewlett-Packard#hp psc 2100 series#1127612217.job"
- C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe4-I
"2003-04-09 03:52:50 C:\WINDOWS\Tasks\ISP signup reminder 1.job"
- C:\WINDOWS\System32\OOBE\OOBEBALN.EXE
"2008-01-18 05:43:00 C:\WINDOWS\Tasks\McAfee.com Update Check (CORN-Teresa).job"
- C:\PROGRA~1\McAfee.com\Agent\mcupdate.ex
- C:\PROGRA~1\McAfee.com\Agent.TeresaXMcAfee.com SecurityCenter periodically checks for updates for your McAfee.com Services.
"2008-01-18 05:44:00 C:\WINDOWS\Tasks\McAfee.com Update Check (CORN-Trevan).job"
- C:\PROGRA~1\mcafee.com\agent\MCUPDA~2 .EX
- C:\PROGRA~1\mcafee.com\agent.TrevanXMcAfee.com SecurityCenter periodically checks for updates for your McAfee.com Services.
"2008-01-18 05:43:00 C:\WINDOWS\Tasks\McAfee.com Update Check (D3HN0N21-Owner).job"
- C:\PROGRA~1\McAfee.com\Agent\mcupdate.ex
- C:\PROGRA~1\McAfee.com\Agent
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-17 21:39:17
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-01-17 21:45:58 - machine was rebooted
ComboFix-quarantined-files.txt 2008-01-18 05:45:53
ComboFix2.txt 2008-01-17 02:07:53
.
2008-01-09 05:12:10 --- E O F ---


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:47:44 PM, on 1/17/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\CTsvcCDA.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\System32\MsPMSPSv.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Microsoft Money\System\mnyexpr.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposol08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\Documents and Settings\Trevan\Desktop\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://news.bbc.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
N4 - Mozilla: user_pref("browser.startup.homepage", "http://www.google.com/"); (C:\Documents and Settings\TREVAN\Application Data\Mozilla\Profiles\default\8gfaju0c.slt\prefs.js)
N4 - Mozilla: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\TREVAN\Application Data\Mozilla\Profiles\default\8gfaju0c.slt\prefs.js)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [VirusScan Online] c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1
O4 - HKCU\..\Run: [SpybotSD TeaTimer] "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] "C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe"
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
O4 - Global Startup: officejet 6100.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: ComcastHSI - {669B269B-0D4E-41FB-A3D8-FD67CA94F646} - http://www.comcast.net/ (file missing)
O9 - Extra button: Support - {8828075D-D097-4055-AA02-2DBFA9D85E8A} - http://www.comcastsupport.com/ (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Help - {97809617-3937-4F84-B335-9BB05EF1A8D4} - http://online.comcast.net/help/ (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www2.snapfish...fishActivia.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcaf...84/mcinsctl.cab
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://www.nick.com/.../GrooveAX27.cab
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.c.../cpcScanner.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcaf...,21/mcgdmgr.cab
O16 - DPF: {FE5B9F54-7764-4C01-89F0-4862601EE954} (DigWebHelper Class) - http://photos.msn.co....cab?10,0,910,0
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: khfebbx - C:\WINDOWS\
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\SYSTEM32\ati2sgag.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Mcafee.com Corporation - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: Intel® NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

--
End of file - 9150 bytes
  • 0

#6
Cookiegal

Cookiegal

    Visiting Consultant

  • Visiting Consultant
  • 887 posts
Open Notepad and copy and paste the text in the code box below into it:

Folder::
C:\Temp
C:\Program Files\Dot1XCfg

RenV::
C:\Program Files\McAfee.com\agent\McUpdate .EXE

Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\khfebbx]

Save the file to your desktop and name it CFScript.txt

Then drag the CFScript.txt into the ComboFix.exe as shown in the screenshot below.

Posted Image

This will start ComboFix again. It may ask to reboot. Post the contents of Combofix.txt in your next reply together with a new HijackThis log.
  • 0

#7
trouter

trouter

    Member

  • Topic Starter
  • Member
  • PipPip
  • 22 posts
ComboFix 08-01-17.3 - Trevan 2008-01-18 13:49:34.3 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.477 [GMT -8:00]
Running from: C:\Documents and Settings\Trevan\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Trevan\Desktop\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\Dot1XCfg
C:\Temp
C:\temp\tn3

.
((((((((((((((((((((((((( Files Created from 2007-12-18 to 2008-01-18 )))))))))))))))))))))))))))))))
.

2008-01-16 17:30 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2008-01-14 18:16 . 2008-01-16 17:59 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-01-14 18:16 . 2008-01-14 18:16 <DIR> d-------- C:\Documents and Settings\Trevan\Application Data\SUPERAntiSpyware.com
2008-01-14 18:16 . 2008-01-14 18:16 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-01-14 18:15 . 2008-01-14 18:15 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-01-14 17:08 . 2008-01-14 17:08 <DIR> d-------- C:\Documents and Settings\NetworkService\Application Data\Webroot
2008-01-14 16:02 . 2008-01-14 16:02 <DIR> d-------- C:\Program Files\Webroot
2008-01-14 16:02 . 2008-01-14 16:02 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\Webroot
2008-01-14 16:02 . 2008-01-04 20:56 1,526,640 --a------ C:\WINDOWS\WRSetup.dll
2008-01-14 16:02 . 2008-01-04 20:34 163,696 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\ssidrv.sys
2008-01-14 16:02 . 2008-01-04 20:34 23,920 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\sskbfd.sys
2008-01-14 16:02 . 2008-01-04 20:34 21,872 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\sshrmd.sys
2008-01-14 16:02 . 2008-01-04 20:34 20,336 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\SSFS0BB9.sys
2008-01-14 16:00 . 2008-01-14 16:00 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Webroot
2008-01-14 15:58 . 2008-01-14 15:58 <DIR> d-------- C:\Documents and Settings\Trevan\Application Data\Webroot
2008-01-14 14:16 . 2008-01-14 14:16 <DIR> d-------- C:\Documents and Settings\Teresa\Application Data\Grisoft
2008-01-13 18:42 . 2008-01-14 19:53 <DIR> d-------- C:\VundoFix Backups
2008-01-12 20:13 . 2008-01-12 20:13 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-01-12 11:46 . 2008-01-14 16:01 164 --a------ C:\install.dat
2008-01-12 10:35 . 2008-01-12 10:35 <DIR> d-------- C:\Program Files\Enigma Software Group
2008-01-11 16:27 . 2008-01-12 11:59 28,672 --a------ C:\WINDOWS\SYSTEM32\DSentry.exe
2008-01-11 13:25 . 2008-01-13 20:14 15,360 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\ctfmon.exe
2008-01-11 13:25 . 2008-01-13 20:14 15,360 --a------ C:\WINDOWS\SYSTEM32\ctfmon.exe
2008-01-11 13:24 . 2008-01-12 11:59 90,112 --a------ C:\WINDOWS\UpdReg.EXE
2007-12-29 12:27 . 2007-12-29 12:27 <DIR> d-------- C:\WINDOWS\.jagex_cache_32

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-18 05:11 --------- d-----w C:\Program Files\Winamp
2008-01-18 05:11 --------- d-----w C:\Program Files\DellSupport
2008-01-15 05:14 --------- d-----w C:\Documents and Settings\All Users\Application Data\SecTaskMan
2008-01-14 22:18 --------- d-----w C:\Program Files\Picasa2
2008-01-13 04:36 --------- d-----w C:\Program Files\Call of Duty Game of the Year Edition
2008-01-13 04:34 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-01-13 04:34 107,832 ----a-w C:\WINDOWS\SYSTEM32\PnkBstrB.exe
2008-01-13 04:13 --------- d-----w C:\Program Files\QuickTime
2008-01-13 04:13 --------- d-----w C:\Program Files\EarthLink 5.0
2008-01-12 16:36 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-12-13 05:53 --------- d-----w C:\Documents and Settings\All Users\Application Data\Knowledge Adventure
2007-12-02 22:34 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-11-07 09:26 721,920 ----a-w C:\WINDOWS\SYSTEM32\lsasrv.dll
2007-11-07 09:26 721,920 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\lsasrv.dll
2007-10-30 23:42 3,590,656 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\mshtml.dll
2007-10-30 17:20 360,064 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\tcpip.sys
2007-10-29 22:43 1,287,680 ----a-w C:\WINDOWS\SYSTEM32\quartz.dll
2007-10-29 22:43 1,287,680 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\quartz.dll
2007-10-28 01:40 222,720 ----a-w C:\WINDOWS\SYSTEM32\wmasf.dll
2007-10-28 01:40 222,720 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\wmasf.dll
2007-10-26 03:34 8,460,288 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\shell32.dll
2004-11-16 16:01 57,352 ----a-w C:\Documents and Settings\Teresa\Application Data\GDIPFONTCACHEV1.DAT
2003-06-15 16:02 170 ---ha-w C:\Documents and Settings\Teresa\hpothb07.dat
2003-06-15 16:01 503 ---ha-w C:\Program Files\hpothb07.tif
2003-06-15 16:01 293 ---ha-w C:\Program Files\hpothb07.dat
2003-06-15 16:01 164 ---ha-w C:\Documents and Settings\All Users\hpothb07.dat
2003-05-10 21:18 707,072 ----a-w C:\Program Files\ws_ftple.exe
2003-05-02 15:10 251,600 ----a-w C:\Program Files\NSSetup.exe
.

((((((((((((((((((((((((((((( [email protected]_18.07.17.62 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-01-17 01:30:33 245,760 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000001\NTUSER.DAT
+ 2008-01-18 21:49:23 245,760 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000001\NTUSER.DAT
- 2008-01-17 01:30:33 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000002\UsrClass.dat
+ 2008-01-18 21:49:23 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000002\UsrClass.dat
- 2008-01-17 01:30:33 245,760 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000003\NTUSER.DAT
+ 2008-01-18 21:49:24 245,760 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000003\NTUSER.DAT
- 2008-01-17 01:30:33 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000004\UsrClass.dat
+ 2008-01-18 21:49:24 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000004\UsrClass.dat
- 2008-01-17 01:30:33 4,337,664 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000005\NTUSER.DAT
+ 2008-01-18 21:49:24 4,337,664 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000005\NTUSER.DAT
- 2008-01-17 01:30:33 12,288 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000006\UsrClass.dat
+ 2008-01-18 21:49:24 12,288 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000006\UsrClass.dat
+ 2008-01-18 21:49:24 4,288,512 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000007\NTUser.dat
+ 2008-01-18 21:49:24 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000008\UsrClass.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MoneyAgent"="C:\Program Files\Microsoft Money\System\mnyexpr.exe" [2008-01-12 12:00 200767]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2008-01-12 12:00 1694208]
"NvMediaCenter"="RUNDLL32.exe" [2004-08-03 23:56 33280 C:\WINDOWS\SYSTEM32\rundll32.exe]
"DellSupport"="C:\Program Files\DellSupport\DSAgnt.exe" [2008-01-12 12:00 460784]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-01-13 20:14 15360]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-01-12 12:00 68856]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2008-01-12 12:00 313472]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-12 12:01 1460560]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-01-16 17:01 1318912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="RUNDLL32.exe" [2004-08-03 23:56 33280 C:\WINDOWS\SYSTEM32\rundll32.exe]
"VirusScan Online"="c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe" [2008-01-12 11:59 139264]
"nwiz"="nwiz.exe" [2003-10-06 14:16 741376 C:\WINDOWS\SYSTEM32\nwiz.exe]
"Logitech Utility"="Logi_MwX.Exe" [2003-03-04 01:50 19968 C:\WINDOWS\LOGI_MWX.EXE]
"MCUpdateExe"="c:\PROGRA~1\mcafee.com\agent\McUpdate.exe" [ ]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26]
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2003-04-02 10:55:49]
hp psc 2000 Series.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe [2002-06-11 09:31:50]
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2004-03-26 10:15:39]
NkbMonitor.exe.lnk - C:\Program Files\Nikon\PictureProject\NkbMonitor.exe [2004-11-06 15:55:12]
officejet 6100.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposol08.exe [2002-06-11 09:32:22]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

S3 NMSCFG;NIC Management Service Configuration Driver;C:\WINDOWS\system32\drivers\NMSCFG.SYS [2002-10-10 02:18]
S3 NMSSvc;Intel® NMS;C:\WINDOWS\System32\NMSSvc.exe [2002-10-10 02:18]

.
Contents of the 'Scheduled Tasks' folder
"2003-09-20 20:45:06 C:\WINDOWS\Tasks\FRU Task #Hewlett-Packard#hp psc 2100 series#1050264682.job"
- C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe
"2005-09-30 22:26:24 C:\WINDOWS\Tasks\FRU Task #Hewlett-Packard#hp psc 2100 series#1127612217.job"
- C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe4-I
"2003-04-09 03:52:50 C:\WINDOWS\Tasks\ISP signup reminder 1.job"
- C:\WINDOWS\System32\OOBE\OOBEBALN.EXE
"2008-01-18 21:53:00 C:\WINDOWS\Tasks\McAfee.com Update Check (CORN-Teresa).job"
- C:\PROGRA~1\McAfee.com\Agent\mcupdate.ex
- C:\PROGRA~1\McAfee.com\Agent.TeresaXMcAfee.com SecurityCenter periodically checks for updates for your McAfee.com Services.
"2008-01-18 21:54:00 C:\WINDOWS\Tasks\McAfee.com Update Check (CORN-Trevan).job"
- C:\PROGRA~1\mcafee.com\agent\MCUPDA~2 .EX
- C:\PROGRA~1\mcafee.com\agent.TrevanXMcAfee.com SecurityCenter periodically checks for updates for your McAfee.com Services.
"2008-01-18 21:53:00 C:\WINDOWS\Tasks\McAfee.com Update Check (D3HN0N21-Owner).job"
- C:\PROGRA~1\McAfee.com\Agent\mcupdate.ex
- C:\PROGRA~1\McAfee.com\Agent
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-18 13:56:08
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-01-18 13:57:34
ComboFix-quarantined-files.txt 2008-01-18 21:57:18
ComboFix2.txt 2008-01-18 05:45:58
ComboFix3.txt 2008-01-17 02:07:53
.
2008-01-09 05:12:10 --- E O F ---





Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:59:15 PM, on 1/18/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\Program Files\Microsoft Money\System\mnyexpr.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\WINDOWS\System32\CTsvcCDA.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposol08.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\System32\MsPMSPSv.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Trevan\Desktop\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://news.bbc.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
N4 - Mozilla: user_pref("browser.startup.homepage", "http://www.google.com/"); (C:\Documents and Settings\TREVAN\Application Data\Mozilla\Profiles\default\8gfaju0c.slt\prefs.js)
N4 - Mozilla: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\TREVAN\Application Data\Mozilla\Profiles\default\8gfaju0c.slt\prefs.js)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [VirusScan Online] c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1
O4 - HKCU\..\Run: [SpybotSD TeaTimer] "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] "C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe"
O4 - HKUS\S-1-5-21-2636047257-599916522-239062445-1007\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User 'Teresa')
O4 - HKUS\S-1-5-21-2636047257-599916522-239062445-1007\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe" (User 'Teresa')
O4 - HKUS\S-1-5-21-2636047257-599916522-239062445-1007\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup (User 'Teresa')
O4 - HKUS\S-1-5-21-2636047257-599916522-239062445-1007\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_5 -reboot 1 (User 'Teresa')
O4 - HKUS\S-1-5-21-2636047257-599916522-239062445-1007\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Teresa')
O4 - HKUS\S-1-5-21-2636047257-599916522-239062445-1007\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'Teresa')
O4 - HKUS\S-1-5-21-2636047257-599916522-239062445-1007\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'Teresa')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
O4 - Global Startup: officejet 6100.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: ComcastHSI - {669B269B-0D4E-41FB-A3D8-FD67CA94F646} - http://www.comcast.net/ (file missing)
O9 - Extra button: Support - {8828075D-D097-4055-AA02-2DBFA9D85E8A} - http://www.comcastsupport.com/ (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Help - {97809617-3937-4F84-B335-9BB05EF1A8D4} - http://online.comcast.net/help/ (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www2.snapfish...fishActivia.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcaf...84/mcinsctl.cab
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://www.nick.com/.../GrooveAX27.cab
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.c.../cpcScanner.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcaf...,21/mcgdmgr.cab
O16 - DPF: {FE5B9F54-7764-4C01-89F0-4862601EE954} (DigWebHelper Class) - http://photos.msn.co....cab?10,0,910,0
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\SYSTEM32\ati2sgag.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Mcafee.com Corporation - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: Intel® NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

--
End of file - 9975 bytes


thanks!
  • 0

#8
Cookiegal

Cookiegal

    Visiting Consultant

  • Visiting Consultant
  • 887 posts
Your McAfee program (its updater Mcupdate.exe) was infected and we were not able to clean it so this component will not work properly. I would suggest uninstalling and reinstalling McAfee to be sure all of its components are working properly but only once we're finished with the clean up. In the meantime, please perform manual definitions updates every day.


Run Kaspersky online virus scan Kaspersky Online Scanner.

After the updates have downloaded, click on the "Scan Settings" button.
Choose the "Extended database" for the scan.
Under "Please select a target to scan", click "My Computer".
When the scan is finished, Save the results from the scan!

Note: You have to use Internet Explorer to do the online scan.

Post a new HiJackThis log along with the results from the Kaspersky scan
  • 0

#9
trouter

trouter

    Member

  • Topic Starter
  • Member
  • PipPip
  • 22 posts
Thanks for the info. Would it be sufficient to uninstall the McAfee and instead use some anti-viral freeware? The McAfee came with the computer and I'm not sure where the disks are.


-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Saturday, January 19, 2008 1:14:03 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 19/01/2008
Kaspersky Anti-Virus database records: 523972
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\
E:\

Scan Statistics:
Total number of scanned objects: 92302
Number of viruses found: 25
Number of infected objects: 110
Number of suspicious objects: 2
Duration of the scan process: 01:41:23

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\Microsoft\Dr Watson\user.dmp Object is locked skipped
C:\Documents and Settings\All Users\Application Data\SecTaskMan\Dot1XCfg .exe.q_A9DF000_q Infected: Trojan-Downloader.Win32.Adload.pr skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WebBuyingAssistant.zip/v1.8.6/wbuninst.exe Suspicious: Password-protected-EXE skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WebBuyingAssistant.zip ZIP: suspicious - 1 skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Data\settings.dat Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\INDEX.DAT Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\INDEX.DAT Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\INDEX.DAT Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Teresa\.jpi_cache\jar\1.0\count.jar-f2473c1-5c360342.zip/BlackBox.class Infected: Exploit.Java.ByteVerify skipped
C:\Documents and Settings\Teresa\.jpi_cache\jar\1.0\count.jar-f2473c1-5c360342.zip/VerifierBug.class Infected: Exploit.Java.ByteVerify skipped
C:\Documents and Settings\Teresa\.jpi_cache\jar\1.0\count.jar-f2473c1-5c360342.zip/Beyond.class Infected: Trojan-Downloader.Java.OpenConnection.aa skipped
C:\Documents and Settings\Teresa\.jpi_cache\jar\1.0\count.jar-f2473c1-5c360342.zip ZIP: infected - 3 skipped
C:\Documents and Settings\Trevan\.jpi_cache\jar\1.0\ar2.jar-585dc65d-49a3c12b.zip/B.class Infected: Trojan.Java.ClassLoader.Dummy.e skipped
C:\Documents and Settings\Trevan\.jpi_cache\jar\1.0\ar2.jar-585dc65d-49a3c12b.zip/V.class Infected: Trojan.Java.ClassLoader.a skipped
C:\Documents and Settings\Trevan\.jpi_cache\jar\1.0\ar2.jar-585dc65d-49a3c12b.zip/Dummy.class Infected: Trojan.Java.ClassLoader.Dummy.c skipped
C:\Documents and Settings\Trevan\.jpi_cache\jar\1.0\ar2.jar-585dc65d-49a3c12b.zip/A.class Infected: Trojan-Dropper.Java.Xideo.b skipped
C:\Documents and Settings\Trevan\.jpi_cache\jar\1.0\ar2.jar-585dc65d-49a3c12b.zip ZIP: infected - 4 skipped
C:\Documents and Settings\Trevan\.jpi_cache\jar\1.0\archive.jar-487b52a0-7c0195ec.zip/BlackBox.class Infected: Trojan-Dropper.Java.Beyond.g skipped
C:\Documents and Settings\Trevan\.jpi_cache\jar\1.0\archive.jar-487b52a0-7c0195ec.zip/Beyond.class Infected: Trojan-Dropper.Java.Beyond.g skipped
C:\Documents and Settings\Trevan\.jpi_cache\jar\1.0\archive.jar-487b52a0-7c0195ec.zip/rundll32.exe Infected: Trojan.Win32.StartPage.aq skipped
C:\Documents and Settings\Trevan\.jpi_cache\jar\1.0\archive.jar-487b52a0-7c0195ec.zip ZIP: infected - 3 skipped
C:\Documents and Settings\Trevan\.jpi_cache\jar\1.0\count.jar-4d094f49-62615f61.zip/BlackBox.class Infected: Trojan.Java.ClassLoader.Dummy.e skipped
C:\Documents and Settings\Trevan\.jpi_cache\jar\1.0\count.jar-4d094f49-62615f61.zip/VerifierBug.class Infected: Trojan.Java.ClassLoader.g skipped
C:\Documents and Settings\Trevan\.jpi_cache\jar\1.0\count.jar-4d094f49-62615f61.zip/Dummy.class Infected: Trojan.Java.ClassLoader.Dummy.c skipped
C:\Documents and Settings\Trevan\.jpi_cache\jar\1.0\count.jar-4d094f49-62615f61.zip/Beyond.class Infected: Trojan.Java.StartPage.h skipped
C:\Documents and Settings\Trevan\.jpi_cache\jar\1.0\count.jar-4d094f49-62615f61.zip ZIP: infected - 4 skipped
C:\Documents and Settings\Trevan\.jpi_cache\jar\1.0\count.jar-6f603a77-170b1986.zip/Beyond.class Infected: Trojan.Java.Needy.c skipped
C:\Documents and Settings\Trevan\.jpi_cache\jar\1.0\count.jar-6f603a77-170b1986.zip/BlackBox.class Infected: Trojan.Java.Needy.c skipped
C:\Documents and Settings\Trevan\.jpi_cache\jar\1.0\count.jar-6f603a77-170b1986.zip/VerifierBug.class Infected: Trojan.Java.Needy.c skipped
C:\Documents and Settings\Trevan\.jpi_cache\jar\1.0\count.jar-6f603a77-170b1986.zip ZIP: infected - 3 skipped
C:\Documents and Settings\Trevan\.jpi_cache\jar\1.0\count.jar-6f603a77-693ad66d.zip/Beyond.class Infected: Trojan.Java.Needy.c skipped
C:\Documents and Settings\Trevan\.jpi_cache\jar\1.0\count.jar-6f603a77-693ad66d.zip/BlackBox.class Infected: Exploit.Java.ByteVerify skipped
C:\Documents and Settings\Trevan\.jpi_cache\jar\1.0\count.jar-6f603a77-693ad66d.zip/VerifierBug.class Infected: Exploit.Java.ByteVerify skipped
C:\Documents and Settings\Trevan\.jpi_cache\jar\1.0\count.jar-6f603a77-693ad66d.zip ZIP: infected - 3 skipped
C:\Documents and Settings\Trevan\.jpi_cache\jar\1.0\count.jar-6f603a78-3327dc8a.zip/Beyond.class Infected: Trojan.Java.Needy.c skipped
C:\Documents and Settings\Trevan\.jpi_cache\jar\1.0\count.jar-6f603a78-3327dc8a.zip/BlackBox.class Infected: Trojan.Java.Needy.c skipped
C:\Documents and Settings\Trevan\.jpi_cache\jar\1.0\count.jar-6f603a78-3327dc8a.zip/VerifierBug.class Infected: Trojan.Java.Needy.c skipped
C:\Documents and Settings\Trevan\.jpi_cache\jar\1.0\count.jar-6f603a78-3327dc8a.zip ZIP: infected - 3 skipped
C:\Documents and Settings\Trevan\.jpi_cache\jar\1.0\count.jar-bb80bfb-24180444.zip/BlackBox.class Infected: Exploit.Java.ByteVerify skipped
C:\Documents and Settings\Trevan\.jpi_cache\jar\1.0\count.jar-bb80bfb-24180444.zip/VerifierBug.class Infected: Exploit.Java.ByteVerify skipped
C:\Documents and Settings\Trevan\.jpi_cache\jar\1.0\count.jar-bb80bfb-24180444.zip/Beyond.class Infected: Trojan-Downloader.Java.OpenConnection.aa skipped
C:\Documents and Settings\Trevan\.jpi_cache\jar\1.0\count.jar-bb80bfb-24180444.zip ZIP: infected - 3 skipped
C:\Documents and Settings\Trevan\.jpi_cache\jar\1.0\count1.jar-27bc085e-3a83aec0.zip/Beyond.class Infected: Exploit.Java.ByteVerify skipped
C:\Documents and Settings\Trevan\.jpi_cache\jar\1.0\count1.jar-27bc085e-3a83aec0.zip/BlackBox.class Infected: Trojan.Java.ClassLoader.m skipped
C:\Documents and Settings\Trevan\.jpi_cache\jar\1.0\count1.jar-27bc085e-3a83aec0.zip/VerifierBug.class Infected: Trojan.Java.Needy.c skipped
C:\Documents and Settings\Trevan\.jpi_cache\jar\1.0\count1.jar-27bc085e-3a83aec0.zip ZIP: infected - 3 skipped
C:\Documents and Settings\Trevan\.jpi_cache\jar\1.0\count1.jar-5e1a93af-4f9b98d7.zip/Beyond.class Infected: Exploit.Java.ByteVerify skipped
C:\Documents and Settings\Trevan\.jpi_cache\jar\1.0\count1.jar-5e1a93af-4f9b98d7.zip/BlackBox.class Infected: Exploit.Java.ByteVerify skipped
C:\Documents and Settings\Trevan\.jpi_cache\jar\1.0\count1.jar-5e1a93af-4f9b98d7.zip/VerifierBug.class Infected: Exploit.Java.ByteVerify skipped
C:\Documents and Settings\Trevan\.jpi_cache\jar\1.0\count1.jar-5e1a93af-4f9b98d7.zip ZIP: infected - 3 skipped
C:\Documents and Settings\Trevan\.jpi_cache\jar\1.0\count1.jar-5e2deec6-2c74200c.zip/Beyond.class Infected: Trojan.Java.Needy.c skipped
C:\Documents and Settings\Trevan\.jpi_cache\jar\1.0\count1.jar-5e2deec6-2c74200c.zip/BlackBox.class Infected: Exploit.Java.ByteVerify skipped
C:\Documents and Settings\Trevan\.jpi_cache\jar\1.0\count1.jar-5e2deec6-2c74200c.zip/VerifierBug.class Infected: Exploit.Java.ByteVerify skipped
C:\Documents and Settings\Trevan\.jpi_cache\jar\1.0\count1.jar-5e2deec6-2c74200c.zip ZIP: infected - 3 skipped
C:\Documents and Settings\Trevan\.jpi_cache\jar\1.0\javainstaller.jar-4514e5ea-53294b99.zip/javainstaller/InstallerApplet.class Infected: Trojan-Downloader.Java.OpenStream.u skipped
C:\Documents and Settings\Trevan\.jpi_cache\jar\1.0\javainstaller.jar-4514e5ea-53294b99.zip ZIP: infected - 1 skipped
C:\Documents and Settings\Trevan\Application Data\GTek\GTUpdate\AUpdate\DellSupport\DSAgnt.log Object is locked skipped
C:\Documents and Settings\Trevan\Application Data\GTek\GTUpdate\AUpdate\DellSupport\DSAgnt_GTActions.log Object is locked skipped
C:\Documents and Settings\Trevan\Application Data\GTek\GTUpdate\AUpdate\DellSupport\gdql_d_DSAgnt.log Object is locked skipped
C:\Documents and Settings\Trevan\Application Data\GTek\GTUpdate\AUpdate\DellSupport\glog.log Object is locked skipped
C:\Documents and Settings\Trevan\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 01-14-2008 - 19-52-43\{2915307C-FF9F-4DA5-AF05-499B8FB8A17C} Infected: Trojan-Downloader.Win32.Agent.gwe skipped
C:\Documents and Settings\Trevan\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 01-14-2008 - 19-52-43\{38D2CAF4-CA69-46A8-9E28-F412610BFF24} Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\Documents and Settings\Trevan\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 01-14-2008 - 19-52-43\{3FD0F1D8-E85C-419E-96F0-76D0FDDCDB41} Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\Documents and Settings\Trevan\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 01-14-2008 - 19-52-43\{447711E5-1524-43E1-9E7C-06795D3B32C1} Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\Documents and Settings\Trevan\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 01-14-2008 - 19-52-43\{48968133-2CF3-4227-B250-402D9BE9EEB7} Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\Documents and Settings\Trevan\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 01-14-2008 - 19-52-43\{491ED91F-4205-475F-9BCC-B403B2CF28DF} Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\Documents and Settings\Trevan\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 01-14-2008 - 19-52-43\{4FE63CA3-B57C-4087-80BB-D1AE85F760B6} Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\Documents and Settings\Trevan\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 01-14-2008 - 19-52-43\{5B936FB7-643C-4574-BB29-B477C0FDC49D} Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\Documents and Settings\Trevan\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 01-14-2008 - 19-52-43\{5B9ED28A-B506-4F74-A714-2E308690DD3E} Infected: Trojan-Clicker.HTML.IFrame.dn skipped
C:\Documents and Settings\Trevan\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 01-14-2008 - 19-52-43\{5D6180CB-7D75-42EE-97BD-2585EFDF742D} Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\Documents and Settings\Trevan\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 01-14-2008 - 19-52-43\{5FA94C56-4CB5-4948-8A9B-02820D12F85B} Infected: not-a-virus:AdWare.Win32.Virtumonde.dqi skipped
C:\Documents and Settings\Trevan\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 01-14-2008 - 19-52-43\{626C20CD-5D6C-4929-8C78-C773B1809A17} Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\Documents and Settings\Trevan\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 01-14-2008 - 19-52-43\{6D95657E-076B-4767-AFE5-FFCA2BF9AAE7} Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\Documents and Settings\Trevan\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 01-14-2008 - 19-52-43\{949A6604-8422-4975-BDB8-C7338DF9404A} Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\Documents and Settings\Trevan\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 01-14-2008 - 19-52-43\{966DECF9-ECB0-4B19-987D-937EEBEEC806} Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\Documents and Settings\Trevan\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 01-14-2008 - 19-52-43\{9ABC63CE-115A-46B6-B111-3F41584AC739} Infected: not-a-virus:AdWare.Win32.Virtumonde.dqi skipped
C:\Documents and Settings\Trevan\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 01-14-2008 - 19-52-43\{BD648AFE-C0B0-4837-A97E-CAB5F558AD7B} Infected: Trojan-Downloader.Win32.Agent.gwe skipped
C:\Documents and Settings\Trevan\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 01-14-2008 - 19-52-43\{C1A11BB2-B39B-4781-80E4-657C49093BE6} Infected: not-a-virus:AdWare.Win32.Virtumonde.dnk skipped
C:\Documents and Settings\Trevan\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 01-14-2008 - 19-52-43\{C1EC6080-A8D1-413A-BB90-C6F61659A63F} Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\Documents and Settings\Trevan\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 01-14-2008 - 19-52-43\{C2CEC244-8069-4B1D-B820-451603406EF2} Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\Documents and Settings\Trevan\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 01-14-2008 - 19-52-43\{C76164E0-6CC6-4BF9-B2CC-6392F5AD9870} Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\Documents and Settings\Trevan\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 01-14-2008 - 19-52-43\{C881B0DB-B296-4104-B033-2585C1DEC3B5} Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\Documents and Settings\Trevan\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 01-14-2008 - 19-52-43\{CA5423CE-6135-4048-9C8A-644C60C59703} Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\Documents and Settings\Trevan\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 01-14-2008 - 19-52-43\{CEFA1FFC-D3F1-4294-BCE2-C4375685949C} Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\Documents and Settings\Trevan\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 01-14-2008 - 19-52-43\{D36755AA-7C48-4AE6-8F7F-06A0E1AE32A5} Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\Documents and Settings\Trevan\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 01-14-2008 - 19-52-43\{D97FDDE2-A29A-4E59-8FE5-4F2F0E512E43} Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\Documents and Settings\Trevan\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 01-14-2008 - 19-52-43\{DF909D7D-6AD4-466E-AFC9-D70BD65AD998} Infected: not-a-virus:AdWare.Win32.Virtumonde.dnk skipped
C:\Documents and Settings\Trevan\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 01-14-2008 - 19-52-43\{F0D43BA9-9B71-4D0D-AF8B-0057889EBFE3} Infected: Trojan-Downloader.Win32.Agent.gwe skipped
C:\Documents and Settings\Trevan\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 01-14-2008 - 19-52-43\{F99EC897-BF17-496A-AFE3-007FA2D95F74} Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\Documents and Settings\Trevan\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 01-14-2008 - 19-52-43\{FC9901EC-1984-4077-8431-2662617CD926} Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\Documents and Settings\Trevan\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 01-14-2008 - 19-52-43\{FDD36147-9904-455D-A44B-8B82E745958D} Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\Documents and Settings\Trevan\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SUPERANTISPYWARE.LOG Object is locked skipped
C:\Documents and Settings\Trevan\Cookies\INDEX.DAT Object is locked skipped
C:\Documents and Settings\Trevan\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat Object is locked skipped
C:\Documents and Settings\Trevan\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Trevan\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Trevan\Local Settings\History\History.IE5\INDEX.DAT Object is locked skipped
C:\Documents and Settings\Trevan\Local Settings\History\History.IE5\MSHist012008011920080120\index.dat Object is locked skipped
C:\Documents and Settings\Trevan\Local Settings\Temp\~DFC517.tmp Object is locked skipped
C:\Documents and Settings\Trevan\Local Settings\Temp\~DFC543.tmp Object is locked skipped
C:\Documents and Settings\Trevan\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
C:\Documents and Settings\Trevan\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Trevan\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Trevan\ntuser.dat.LOG Object is locked skipped
C:\Program Files\Webroot\Spy Sweeper\Masters\masters.bak Object is locked skipped
C:\Program Files\Webroot\Spy Sweeper\Masters\Masters.const Object is locked skipped
C:\Program Files\Webroot\Spy Sweeper\Masters\masters.mst Object is locked skipped
C:\Program Files\Webroot\Spy Sweeper\Masters.base Object is locked skipped
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\QooBox\Quarantine\C\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas .exe.vir Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\QooBox\Quarantine\C\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe.vir Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\QooBox\Quarantine\C\Program Files\Temporary\kernInst.exe.vir Infected: Trojan.Win32.Agent.dwb skipped
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\ctfmon.exe.tmp.vir Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\jkhhf.exe.vir Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\windows.vir Infected: Trojan.Win32.Zapchast.dt skipped
C:\QooBox\Quarantine\catchme2008-01-16_180148.67.zip/jkhhf.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.dqi skipped
C:\QooBox\Quarantine\catchme2008-01-16_180148.67.zip ZIP: infected - 1 skipped
C:\QooBox\Quarantine\catchme2008-01-17_213754.96.zip/LHidUsbb.sys Infected: Rootkit.Win32.Agent.to skipped
C:\QooBox\Quarantine\catchme2008-01-17_213754.96.zip ZIP: infected - 1 skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1683\A0071248.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1683\A0071249.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1684\A0071261.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1684\A0071262.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1684\A0071263.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1685\A0071271.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1685\A0071272.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1686\A0071275.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1686\A0071277.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1686\A0071278.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1686\A0071279.exe Infected: Trojan.Win32.Agent.dwb skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1686\A0071289.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.dqi skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1689\change.log Object is locked skipped
C:\VundoFix Backups\ctfmon.exe.bad Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\VundoFix Backups\htvowowq.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.din skipped
C:\VundoFix Backups\jkhhf.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.dqi skipped
C:\VundoFix Backups\mllmj.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.dnk skipped
C:\VundoFix Backups\nnxlwxpy.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.dnn skipped
C:\VundoFix Backups\ynyvwtvf.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.dnn skipped
C:\VundoFix Backups\zonijlus.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.dnn skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\SYSTEM32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\SYSTEM32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\ACEEvent.evt Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\AppEvent.Evt Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\Internet.evt Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SAM Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SAM.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SecEvent.Evt Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SECURITY Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SECURITY.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SysEvent.Evt Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\H323LOG.TXT Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\WIADEBUG.LOG Object is locked skipped
C:\WINDOWS\WIASERVC.LOG Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped

Scan process completed.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:16:08 PM, on 1/19/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\CTsvcCDA.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\Program Files\Microsoft Money\System\mnyexpr.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposol08.exe
C:\Program Files\internet explorer\iexplore.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Trevan\Desktop\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://news.bbc.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
N4 - Mozilla: user_pref("browser.startup.homepage", "http://www.google.com/"); (C:\Documents and Settings\TREVAN\Application Data\Mozilla\Profiles\default\8gfaju0c.slt\prefs.js)
N4 - Mozilla: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\TREVAN\Application Data\Mozilla\Profiles\default\8gfaju0c.slt\prefs.js)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [VirusScan Online] c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1
O4 - HKCU\..\Run: [SpybotSD TeaTimer] "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] "C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe"
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
O4 - Global Startup: officejet 6100.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: ComcastHSI - {669B269B-0D4E-41FB-A3D8-FD67CA94F646} - http://www.comcast.net/ (file missing)
O9 - Extra button: Support - {8828075D-D097-4055-AA02-2DBFA9D85E8A} - http://www.comcastsupport.com/ (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Help - {97809617-3937-4F84-B335-9BB05EF1A8D4} - http://online.comcast.net/help/ (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www2.snapfish...fishActivia.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcaf...84/mcinsctl.cab
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://www.nick.com/.../GrooveAX27.cab
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.c.../cpcScanner.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcaf...,21/mcgdmgr.cab
O16 - DPF: {FE5B9F54-7764-4C01-89F0-4862601EE954} (DigWebHelper Class) - http://photos.msn.co....cab?10,0,910,0
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: khfebbx - C:\WINDOWS\
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\SYSTEM32\ati2sgag.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Mcafee.com Corporation - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: Intel® NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

--
End of file - 9344 bytes
  • 0

#10
Cookiegal

Cookiegal

    Visiting Consultant

  • Visiting Consultant
  • 887 posts
Open Notepad and copy and paste the text in the code box below into it:

File::
C:\Documents and Settings\All Users\Application Data\SecTaskMan\Dot1XCfg .exe.q_A9DF000_q
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\Documents and Settings\Teresa\.jpi_cache\jar\1.0\count.jar-f2473c1-5c360342.zip
C:\Documents and Settings\Trevan\.jpi_cache\jar\1.0\ar2.jar-585dc65d-49a3c12b.zip
C:\Documents and Settings\Trevan\.jpi_cache\jar\1.0\archive.jar-487b52a0-7c0195ec.zip
C:\Documents and Settings\Trevan\.jpi_cache\jar\1.0\count.jar-4d094f49-62615f61.zip
C:\Documents and Settings\Trevan\.jpi_cache\jar\1.0\count.jar-6f603a77-170b1986.zip
C:\Documents and Settings\Trevan\.jpi_cache\jar\1.0\count.jar-6f603a77-693ad66d.zip
C:\Documents and Settings\Trevan\.jpi_cache\jar\1.0\count.jar-6f603a78-3327dc8a.zip
C:\Documents and Settings\Trevan\.jpi_cache\jar\1.0\count.jar-bb80bfb-24180444.zip
C:\Documents and Settings\Trevan\.jpi_cache\jar\1.0\count1.jar-27bc085e-3a83aec0.zip
C:\Documents and Settings\Trevan\.jpi_cache\jar\1.0\count1.jar-5e1a93af-4f9b98d7.zip
C:\Documents and Settings\Trevan\.jpi_cache\jar\1.0\count1.jar-5e2deec6-2c74200c.zip
C:\Documents and Settings\Trevan\.jpi_cache\jar\1.0\javainstaller.jar-4514e5ea-53294b99.zip

Save the file to your desktop and name it CFScript.txt

Then drag the CFScript.txt into the ComboFix.exe as shown in the screenshot below.

Posted Image

This will start ComboFix again. It may ask to reboot. Post the contents of Combofix.txt in your next reply together with a new HijackThis log.
  • 0

Advertisements


#11
trouter

trouter

    Member

  • Topic Starter
  • Member
  • PipPip
  • 22 posts
thanks for your continuing help...

ComboFix 08-01-17.3 - Trevan 2008-01-20 12:11:47.4 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.433 [GMT -8:00]
Running from: C:\Documents and Settings\Trevan\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Trevan\Desktop\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE
C:\Documents and Settings\All Users\Application Data\SecTaskMan\Dot1XCfg .exe.q_A9DF000_q
C:\Documents and Settings\Teresa\.jpi_cache\jar\1.0\count.jar-f2473c1-5c360342.zip
C:\Documents and Settings\Trevan\.jpi_cache\jar\1.0\ar2.jar-585dc65d-49a3c12b.zip
C:\Documents and Settings\Trevan\.jpi_cache\jar\1.0\archive.jar-487b52a0-7c0195ec.zip
C:\Documents and Settings\Trevan\.jpi_cache\jar\1.0\count.jar-4d094f49-62615f61.zip
C:\Documents and Settings\Trevan\.jpi_cache\jar\1.0\count.jar-6f603a77-170b1986.zip
C:\Documents and Settings\Trevan\.jpi_cache\jar\1.0\count.jar-6f603a77-693ad66d.zip
C:\Documents and Settings\Trevan\.jpi_cache\jar\1.0\count.jar-6f603a78-3327dc8a.zip
C:\Documents and Settings\Trevan\.jpi_cache\jar\1.0\count.jar-bb80bfb-24180444.zip
C:\Documents and Settings\Trevan\.jpi_cache\jar\1.0\count1.jar-27bc085e-3a83aec0.zip
C:\Documents and Settings\Trevan\.jpi_cache\jar\1.0\count1.jar-5e1a93af-4f9b98d7.zip
C:\Documents and Settings\Trevan\.jpi_cache\jar\1.0\count1.jar-5e2deec6-2c74200c.zip
C:\Documents and Settings\Trevan\.jpi_cache\jar\1.0\javainstaller.jar-4514e5ea-53294b99.zip
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Application Data\SecTaskMan\Dot1XCfg .exe.q_A9DF000_q
C:\Documents and Settings\Teresa\.jpi_cache\jar\1.0\count.jar-f2473c1-5c360342.zip
C:\Documents and Settings\Trevan\.jpi_cache\jar\1.0\ar2.jar-585dc65d-49a3c12b.zip
C:\Documents and Settings\Trevan\.jpi_cache\jar\1.0\archive.jar-487b52a0-7c0195ec.zip
C:\Documents and Settings\Trevan\.jpi_cache\jar\1.0\count.jar-4d094f49-62615f61.zip
C:\Documents and Settings\Trevan\.jpi_cache\jar\1.0\count.jar-6f603a77-170b1986.zip
C:\Documents and Settings\Trevan\.jpi_cache\jar\1.0\count.jar-6f603a77-693ad66d.zip
C:\Documents and Settings\Trevan\.jpi_cache\jar\1.0\count.jar-6f603a78-3327dc8a.zip
C:\Documents and Settings\Trevan\.jpi_cache\jar\1.0\count.jar-bb80bfb-24180444.zip
C:\Documents and Settings\Trevan\.jpi_cache\jar\1.0\count1.jar-27bc085e-3a83aec0.zip
C:\Documents and Settings\Trevan\.jpi_cache\jar\1.0\count1.jar-5e1a93af-4f9b98d7.zip
C:\Documents and Settings\Trevan\.jpi_cache\jar\1.0\count1.jar-5e2deec6-2c74200c.zip
C:\Documents and Settings\Trevan\.jpi_cache\jar\1.0\javainstaller.jar-4514e5ea-53294b99.zip
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe

.
((((((((((((((((((((((((( Files Created from 2007-12-20 to 2008-01-20 )))))))))))))))))))))))))))))))
.

2008-01-19 11:19 . 2008-01-19 11:19 <DIR> d-------- C:\WINDOWS\SYSTEM32\Kaspersky Lab
2008-01-19 11:19 . 2008-01-19 11:19 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-01-16 17:30 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2008-01-14 18:16 . 2008-01-16 17:59 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-01-14 18:16 . 2008-01-14 18:16 <DIR> d-------- C:\Documents and Settings\Trevan\Application Data\SUPERAntiSpyware.com
2008-01-14 18:16 . 2008-01-14 18:16 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-01-14 18:15 . 2008-01-14 18:15 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-01-14 17:08 . 2008-01-14 17:08 <DIR> d-------- C:\Documents and Settings\NetworkService\Application Data\Webroot
2008-01-14 16:02 . 2008-01-14 16:02 <DIR> d-------- C:\Program Files\Webroot
2008-01-14 16:02 . 2008-01-14 16:02 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\Webroot
2008-01-14 16:02 . 2008-01-04 20:56 1,526,640 --a------ C:\WINDOWS\WRSetup.dll
2008-01-14 16:02 . 2008-01-04 20:34 163,696 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\ssidrv.sys
2008-01-14 16:02 . 2008-01-04 20:34 23,920 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\sskbfd.sys
2008-01-14 16:02 . 2008-01-04 20:34 21,872 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\sshrmd.sys
2008-01-14 16:02 . 2008-01-04 20:34 20,336 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\SSFS0BB9.sys
2008-01-14 16:00 . 2008-01-14 16:00 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Webroot
2008-01-14 15:58 . 2008-01-14 15:58 <DIR> d-------- C:\Documents and Settings\Trevan\Application Data\Webroot
2008-01-14 14:16 . 2008-01-14 14:16 <DIR> d-------- C:\Documents and Settings\Teresa\Application Data\Grisoft
2008-01-13 18:42 . 2008-01-14 19:53 <DIR> d-------- C:\VundoFix Backups
2008-01-12 20:13 . 2008-01-12 20:13 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-01-12 11:46 . 2008-01-14 16:01 164 --a------ C:\install.dat
2008-01-12 10:35 . 2008-01-12 10:35 <DIR> d-------- C:\Program Files\Enigma Software Group
2008-01-11 16:27 . 2008-01-12 11:59 28,672 --a------ C:\WINDOWS\SYSTEM32\DSentry.exe
2008-01-11 13:25 . 2008-01-13 20:14 15,360 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\ctfmon.exe
2008-01-11 13:25 . 2008-01-13 20:14 15,360 --a------ C:\WINDOWS\SYSTEM32\ctfmon.exe
2008-01-11 13:24 . 2008-01-12 11:59 90,112 --a------ C:\WINDOWS\UpdReg.EXE
2007-12-29 12:27 . 2007-12-29 12:27 <DIR> d-------- C:\WINDOWS\.jagex_cache_32

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-20 20:18 --------- d-----w C:\Documents and Settings\All Users\Application Data\SecTaskMan
2008-01-18 05:11 --------- d-----w C:\Program Files\Winamp
2008-01-18 05:11 --------- d-----w C:\Program Files\DellSupport
2008-01-14 22:18 --------- d-----w C:\Program Files\Picasa2
2008-01-13 04:36 --------- d-----w C:\Program Files\Call of Duty Game of the Year Edition
2008-01-13 04:34 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-01-13 04:13 --------- d-----w C:\Program Files\QuickTime
2008-01-13 04:13 --------- d-----w C:\Program Files\EarthLink 5.0
2008-01-12 16:36 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-12-13 05:53 --------- d-----w C:\Documents and Settings\All Users\Application Data\Knowledge Adventure
2007-12-02 22:34 --------- d--h--w C:\Program Files\InstallShield Installation Information
2004-11-16 16:01 57,352 ----a-w C:\Documents and Settings\Teresa\Application Data\GDIPFONTCACHEV1.DAT
2003-06-15 16:02 170 ---ha-w C:\Documents and Settings\Teresa\hpothb07.dat
2003-06-15 16:01 503 ---ha-w C:\Program Files\hpothb07.tif
2003-06-15 16:01 293 ---ha-w C:\Program Files\hpothb07.dat
2003-06-15 16:01 164 ---ha-w C:\Documents and Settings\All Users\hpothb07.dat
2003-05-10 21:18 707,072 ----a-w C:\Program Files\ws_ftple.exe
2003-05-02 15:10 251,600 ----a-w C:\Program Files\NSSetup.exe
.

((((((((((((((((((((((((((((( [email protected]_18.07.17.62 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-01-17 01:30:33 245,760 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000001\NTUSER.DAT
+ 2008-01-20 20:11:16 245,760 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000001\NTUSER.DAT
- 2008-01-17 01:30:33 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000002\UsrClass.dat
+ 2008-01-20 20:11:16 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000002\UsrClass.dat
- 2008-01-17 01:30:33 245,760 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000003\NTUSER.DAT
+ 2008-01-20 20:11:16 245,760 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000003\NTUSER.DAT
- 2008-01-17 01:30:33 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000004\UsrClass.dat
+ 2008-01-20 20:11:16 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000004\UsrClass.dat
- 2008-01-17 01:30:33 4,337,664 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000005\NTUSER.DAT
+ 2008-01-20 20:11:16 4,337,664 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000005\NTUSER.DAT
- 2008-01-17 01:30:33 12,288 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000006\UsrClass.dat
+ 2008-01-20 20:11:16 12,288 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000006\UsrClass.dat
- 2008-01-15 05:13:54 15,760 ----a-w C:\WINDOWS\mozver.dat
+ 2008-01-19 22:18:27 15,760 ----a-w C:\WINDOWS\mozver.dat
+ 2005-05-24 20:27:16 213,048 ----a-w C:\WINDOWS\SYSTEM32\Kaspersky Lab\Kaspersky Online Scanner\kavss.dll
+ 2007-08-29 23:47:20 94,208 ----a-w C:\WINDOWS\SYSTEM32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exe
+ 2007-08-29 23:49:54 950,272 ----a-w C:\WINDOWS\SYSTEM32\Kaspersky Lab\Kaspersky Online Scanner\kavwebscan.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MoneyAgent"="C:\Program Files\Microsoft Money\System\mnyexpr.exe" [2008-01-12 12:00 200767]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2008-01-12 12:00 1694208]
"NvMediaCenter"="RUNDLL32.exe" [2004-08-03 23:56 33280 C:\WINDOWS\SYSTEM32\rundll32.exe]
"DellSupport"="C:\Program Files\DellSupport\DSAgnt.exe" [2008-01-12 12:00 460784]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-01-13 20:14 15360]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-01-12 12:00 68856]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2008-01-12 12:00 313472]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-12 12:01 1460560]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-01-16 17:01 1318912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="RUNDLL32.exe" [2004-08-03 23:56 33280 C:\WINDOWS\SYSTEM32\rundll32.exe]
"VirusScan Online"="c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe" [2008-01-12 11:59 139264]
"nwiz"="nwiz.exe" [2003-10-06 14:16 741376 C:\WINDOWS\SYSTEM32\nwiz.exe]
"Logitech Utility"="Logi_MwX.Exe" [2003-03-04 01:50 19968 C:\WINDOWS\LOGI_MWX.EXE]
"MCUpdateExe"="c:\PROGRA~1\mcafee.com\agent\McUpdate.exe" [ ]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26]
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2003-04-02 10:55:49]
hp psc 2000 Series.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe [2002-06-11 09:31:50]
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2004-03-26 10:15:39]
NkbMonitor.exe.lnk - C:\Program Files\Nikon\PictureProject\NkbMonitor.exe [2004-11-06 15:55:12]
officejet 6100.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposol08.exe [2002-06-11 09:32:22]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\khfebbx]

S3 NMSCFG;NIC Management Service Configuration Driver;C:\WINDOWS\system32\drivers\NMSCFG.SYS [2002-10-10 02:18]
S3 NMSSvc;Intel® NMS;C:\WINDOWS\System32\NMSSvc.exe [2002-10-10 02:18]

.
Contents of the 'Scheduled Tasks' folder
"2003-09-20 20:45:06 C:\WINDOWS\Tasks\FRU Task #Hewlett-Packard#hp psc 2100 series#1050264682.job"
- C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe4-I
"2005-09-30 22:26:24 C:\WINDOWS\Tasks\FRU Task #Hewlett-Packard#hp psc 2100 series#1127612217.job"
- C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe4-I
"2003-04-09 03:52:50 C:\WINDOWS\Tasks\ISP signup reminder 1.job"
- C:\WINDOWS\System32\OOBE\OOBEBALN.EXE
"2008-01-20 20:28:00 C:\WINDOWS\Tasks\McAfee.com Update Check (CORN-Teresa).job"
- C:\PROGRA~1\McAfee.com\Agent\mcupdate.ex
- C:\PROGRA~1\McAfee.com\Agent.TeresaXMcAfee.com SecurityCenter periodically checks for updates for your McAfee.com Services.
"2008-01-20 20:24:00 C:\WINDOWS\Tasks\McAfee.com Update Check (CORN-Trevan).job"
- C:\PROGRA~1\mcafee.com\agent\MCUPDA~2 .EX
- C:\PROGRA~1\mcafee.com\agent.TrevanXMcAfee.com SecurityCenter periodically checks for updates for your McAfee.com Services.
"2008-01-20 20:28:00 C:\WINDOWS\Tasks\McAfee.com Update Check (D3HN0N21-Owner).job"
- C:\PROGRA~1\McAfee.com\Agent\mcupdate.ex
- C:\PROGRA~1\McAfee.com\Agent
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-20 12:21:50
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-01-20 12:29:17 - machine was rebooted
ComboFix-quarantined-files.txt 2008-01-20 20:29:13
ComboFix2.txt 2008-01-18 05:45:58
ComboFix3.txt 2008-01-17 02:07:53
.
2008-01-09 05:12:10 --- E O F ---



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:29:57 PM, on 1/20/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\CTsvcCDA.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\System32\MsPMSPSv.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\WINDOWS\system32\wscntfy.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\Program Files\Microsoft Money\System\mnyexpr.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposol08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\WINDOWS\system32\notepad.exe
C:\Documents and Settings\Trevan\Desktop\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://news.bbc.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
N4 - Mozilla: user_pref("browser.startup.homepage", "http://www.google.com/"); (C:\Documents and Settings\TREVAN\Application Data\Mozilla\Profiles\default\8gfaju0c.slt\prefs.js)
N4 - Mozilla: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\TREVAN\Application Data\Mozilla\Profiles\default\8gfaju0c.slt\prefs.js)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [VirusScan Online] c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1
O4 - HKCU\..\Run: [SpybotSD TeaTimer] "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] "C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe"
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
O4 - Global Startup: officejet 6100.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: ComcastHSI - {669B269B-0D4E-41FB-A3D8-FD67CA94F646} - http://www.comcast.net/ (file missing)
O9 - Extra button: Support - {8828075D-D097-4055-AA02-2DBFA9D85E8A} - http://www.comcastsupport.com/ (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Help - {97809617-3937-4F84-B335-9BB05EF1A8D4} - http://online.comcast.net/help/ (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www2.snapfish...fishActivia.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcaf...84/mcinsctl.cab
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://www.nick.com/.../GrooveAX27.cab
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.c.../cpcScanner.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcaf...,21/mcgdmgr.cab
O16 - DPF: {FE5B9F54-7764-4C01-89F0-4862601EE954} (DigWebHelper Class) - http://photos.msn.co....cab?10,0,910,0
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: khfebbx - C:\WINDOWS\
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\SYSTEM32\ati2sgag.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Mcafee.com Corporation - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: Intel® NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

--
End of file - 9329 bytes
  • 0

#12
Cookiegal

Cookiegal

    Visiting Consultant

  • Visiting Consultant
  • 887 posts
Download and install AVG Anti-Spyware v7.5. Note to AVG Free anti-virus program users only: This is not the same program as the one you already have, this is an anti-spyware program so please proceed with the instructions.
  • After download, double click on the file to launch the install process.
  • Choose a language, click "OK" and then click "Next".
  • Read the "License Agreement" and click "I Agree".
  • Accept default installation path: C:\Program Files\Grisoft\AVG Anti-Spyware 7.5, click "Next", then click "Install".
  • After setup completes, click "Finish" to start the program automatically or launch AVG Anti-Spyware by double-clicking its icon on your desktop or in the system tray.
  • The main "Status" menu will appear. Select "Change state" to inactivate 'Resident Shield' and 'Automatic Updates'. As AVG Anti-Spyware may interfere with some of our other fixes, we are temporarily disabling its active protection features until your system is clean, then you can re-enable them.
  • Then right click on AVG Anti-Spyware in the system tray and uncheck "Start with Windows".
  • Connect to the Internet, go back to AVG Anti-Spyware, select the "Update" button and click "Start update".
    Wait until you see the "Update successful" message. If you are having problems with the updater, manually download and update with the AVG Anti-Spyware Full database installer.
  • Exit AVG Anti-Spyware when done - DO NOT perform a scan yet.
Reboot your computer in SAFE MODE using the F8 method. To do this, restart your computer and after hearing your computer beep once during startup (but before the Windows icon appears) press the F8 key repeatedly. A menu will appear with several options. Use the arrow keys to navigate and select the option to run Windows in "Safe Mode". (Note: When run in safe mode, sometimes the GUI is larger than the screen and the buttons at the bottom are partly or completely hidden, making them inaccessible for doing a scan. If this happens press Alt + Spacebar. A menu will come open, make sure you select maximize then run the scan. If that does not help, then you may have to run your scan in normal mode and advise your helper afterwards.)

Scan with AVG Anti-Spyware as follows:
  • Click on the "Scanner" button and choose the "Settings" tab.
  • Under "How to act?", click on "Recommended actions" and choose "Quarantine" to set default action for detected malware.
  • Under "How to Scan? ", "Possibly unwanted software", and What to Scan?" leave all the default settings.
  • Under "Reports" select "Do not automatically generate reports".
  • Click the "Scan" tab to return to scanning options.
  • Click "Complete System Scan" to start.
  • When the scan has finished, it should automatically be set to Quarantine--if not click on Recommended Action and set it there.
  • You will also be presented with a list of infected objects found. Click "Apply all actions" to place the files in Quarantine.
IMPORTANT! Do not save the report before you have clicked the :Apply all actions button. If you do, the log that is created will indicate "No action taken", making it more difficult to interpret the report. So be sure you save it only AFTER clicking the "Apply all actions" button.
  • Click on "Save Report" to view all completed scans. Click on the most recent scan you just performed and select "Save report as" - the default file name will be in date/time format as follows: Report-Scan-20060620-142816.txt. Save to your desktop. A copy of each report will also be saved in C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Reports\
  • Exit AVG Anti-Spyware when done, reboot normally and post the log report in your next response.
Note: Close all open windows, programs, and DO NOT USE the computer while AVG Anti-Spyware is scanning. Doing so can hamper AVG Anti-Spyware's ability to clean properly and may result in reinfection.

AVG Anti-Spyware is free for 30 days and all the extensions of the full version will be activated. After the 30 day trial, active protection extensions will be deactivated and the program will turn into a feature-limited freeware version that you can continue to use as an on-demand scanner or you may purchase a license to use the full version. We are installing AVG Anti-Spyware with its real-time protection disabled. Once your system is clean you may re-enable it so you can continue using this feature for the remainder of the trial period.


Please go HERE to run Panda's ActiveScan
  • You need to use IE to run this scan
  • Once you are on the Panda site click the Scan your PC button
  • A new window will open...click the Check Now button
  • Enter your Country
  • Enter your State/Province
  • Enter your e-mail address and click send
  • Select either Home User or Company
  • Click the big Scan Now button
  • If it wants to install an ActiveX component allow it
  • It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
  • When download is complete, click on My Computer to start the scan
  • When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location. Post the contents of the ActiveScan report


Come back here and post a new HijackThis log along with the logs from the AVG and Panda scans.
  • 0

#13
trouter

trouter

    Member

  • Topic Starter
  • Member
  • PipPip
  • 22 posts
Thanks for your help. Looks like I'll have to break these files up to post them. Perhaps I should have deleted the cookies before the scans.

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 7:51:12 PM 1/20/2008

+ Scan result:



C:\QooBox\Quarantine\C\Documents and Settings\All Users\Application Data\SecTaskMan\Dot1XCfg .exe.q_A9DF000_q.vir -> Downloader.Adload.pr : Cleaned with backup (quarantined).
C:\Documents and Settings\Trevan\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 01-14-2008 - 19-52-43\{38D2CAF4-CA69-46A8-9E28-F412610BFF24} -> Dropper.Agent.dgo : Cleaned with backup (quarantined).
C:\Documents and Settings\Trevan\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 01-14-2008 - 19-52-43\{3FD0F1D8-E85C-419E-96F0-76D0FDDCDB41} -> Dropper.Agent.dgo : Cleaned with backup (quarantined).
C:\Documents and Settings\Trevan\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 01-14-2008 - 19-52-43\{447711E5-1524-43E1-9E7C-06795D3B32C1} -> Dropper.Agent.dgo : Cleaned with backup (quarantined).
C:\Documents and Settings\Trevan\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 01-14-2008 - 19-52-43\{48968133-2CF3-4227-B250-402D9BE9EEB7} -> Dropper.Agent.dgo : Cleaned with backup (quarantined).
C:\Documents and Settings\Trevan\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 01-14-2008 - 19-52-43\{491ED91F-4205-475F-9BCC-B403B2CF28DF} -> Dropper.Agent.dgo : Cleaned with backup (quarantined).
C:\Documents and Settings\Trevan\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 01-14-2008 - 19-52-43\{4FE63CA3-B57C-4087-80BB-D1AE85F760B6} -> Dropper.Agent.dgo : Cleaned with backup (quarantined).
C:\Documents and Settings\Trevan\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 01-14-2008 - 19-52-43\{5B936FB7-643C-4574-BB29-B477C0FDC49D} -> Dropper.Agent.dgo : Cleaned with backup (quarantined).
C:\Documents and Settings\Trevan\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 01-14-2008 - 19-52-43\{5D6180CB-7D75-42EE-97BD-2585EFDF742D} -> Dropper.Agent.dgo : Cleaned with backup (quarantined).
C:\Documents and Settings\Trevan\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 01-14-2008 - 19-52-43\{626C20CD-5D6C-4929-8C78-C773B1809A17} -> Dropper.Agent.dgo : Cleaned with backup (quarantined).
C:\Documents and Settings\Trevan\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 01-14-2008 - 19-52-43\{6D95657E-076B-4767-AFE5-FFCA2BF9AAE7} -> Dropper.Agent.dgo : Cleaned with backup (quarantined).
C:\Documents and Settings\Trevan\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 01-14-2008 - 19-52-43\{949A6604-8422-4975-BDB8-C7338DF9404A} -> Dropper.Agent.dgo : Cleaned with backup (quarantined).
C:\Documents and Settings\Trevan\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 01-14-2008 - 19-52-43\{966DECF9-ECB0-4B19-987D-937EEBEEC806} -> Dropper.Agent.dgo : Cleaned with backup (quarantined).
C:\Documents and Settings\Trevan\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 01-14-2008 - 19-52-43\{C1EC6080-A8D1-413A-BB90-C6F61659A63F} -> Dropper.Agent.dgo : Cleaned with backup (quarantined).
C:\Documents and Settings\Trevan\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 01-14-2008 - 19-52-43\{C2CEC244-8069-4B1D-B820-451603406EF2} -> Dropper.Agent.dgo : Cleaned with backup (quarantined).
C:\Documents and Settings\Trevan\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 01-14-2008 - 19-52-43\{C76164E0-6CC6-4BF9-B2CC-6392F5AD9870} -> Dropper.Agent.dgo : Cleaned with backup (quarantined).
C:\Documents and Settings\Trevan\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 01-14-2008 - 19-52-43\{C881B0DB-B296-4104-B033-2585C1DEC3B5} -> Dropper.Agent.dgo : Cleaned with backup (quarantined).
C:\Documents and Settings\Trevan\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 01-14-2008 - 19-52-43\{CA5423CE-6135-4048-9C8A-644C60C59703} -> Dropper.Agent.dgo : Cleaned with backup (quarantined).
C:\Documents and Settings\Trevan\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 01-14-2008 - 19-52-43\{CEFA1FFC-D3F1-4294-BCE2-C4375685949C} -> Dropper.Agent.dgo : Cleaned with backup (quarantined).
C:\Documents and Settings\Trevan\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 01-14-2008 - 19-52-43\{D36755AA-7C48-4AE6-8F7F-06A0E1AE32A5} -> Dropper.Agent.dgo : Cleaned with backup (quarantined).
C:\Documents and Settings\Trevan\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 01-14-2008 - 19-52-43\{D97FDDE2-A29A-4E59-8FE5-4F2F0E512E43} -> Dropper.Agent.dgo : Cleaned with backup (quarantined).
C:\Documents and Settings\Trevan\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 01-14-2008 - 19-52-43\{F99EC897-BF17-496A-AFE3-007FA2D95F74} -> Dropper.Agent.dgo : Cleaned with backup (quarantined).
C:\Documents and Settings\Trevan\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 01-14-2008 - 19-52-43\{FC9901EC-1984-4077-8431-2662617CD926} -> Dropper.Agent.dgo : Cleaned with backup (quarantined).
C:\Documents and Settings\Trevan\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 01-14-2008 - 19-52-43\{FDD36147-9904-455D-A44B-8B82E745958D} -> Dropper.Agent.dgo : Cleaned with backup (quarantined).
C:\QooBox\Quarantine\C\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas .exe.vir -> Dropper.Agent.dgo : Cleaned with backup (quarantined).
C:\QooBox\Quarantine\C\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe.vir -> Dropper.Agent.dgo : Cleaned with backup (quarantined).
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\ctfmon.exe.tmp.vir -> Dropper.Agent.dgo : Cleaned with backup (quarantined).
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\jkhhf.exe.vir -> Dropper.Agent.dgo : Cleaned with backup (quarantined).
C:\QooBox\Quarantine\catchme2008-01-20_122034.39.zip/SpySweeperUI.exe -> Dropper.Agent.dgo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1683\A0071248.exe -> Dropper.Agent.dgo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1683\A0071249.exe -> Dropper.Agent.dgo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1684\A0071261.exe -> Dropper.Agent.dgo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1684\A0071262.exe -> Dropper.Agent.dgo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1684\A0071263.exe -> Dropper.Agent.dgo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1685\A0071271.exe -> Dropper.Agent.dgo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1685\A0071272.exe -> Dropper.Agent.dgo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1686\A0071275.exe -> Dropper.Agent.dgo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1686\A0071277.exe -> Dropper.Agent.dgo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1686\A0071278.exe -> Dropper.Agent.dgo : Cleaned with backup (quarantined).
C:\VundoFix Backups\ctfmon.exe.bad -> Dropper.Agent.dgo : Cleaned with backup (quarantined).
C:\Documents and Settings\Trevan\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 01-14-2008 - 19-52-43\{5B9ED28A-B506-4F74-A714-2E308690DD3E} -> Hijacker.IFrame.dn : Cleaned with backup (quarantined).
C:\Documents and Settings\Teresa\Cookies\[email protected][2].txt -> TrackingCookie.247realmedia : Cleaned.
C:\Documents and Settings\Teresa\Cookies\[email protected][1].txt -> TrackingCookie.247realmedia : Cleaned.
C:\Documents and Settings\Teresa\Cookies\[email protected][1].txt -> TrackingCookie.247realmedia : Cleaned.
C:\Documents and Settings\Trevan\Cookies\[email protected][2].txt -> TrackingCookie.247realmedia : Cleaned.
:mozilla.104:C:\Program Files\support.com\backup\co\cookies.txt\20637_538fdc774_/cookies.txt -> TrackingCookie.2o7 : Error during cleaning.
:mozilla.105:C:\Program Files\support.com\backup\co\cookies.txt\20552_507301f83_/cookies.txt -> TrackingCookie.2o7 : Error during cleaning.
:mozilla.106:C:\Program Files\support.com\backup\co\cookies.txt\20547_5ddff5c1d_/cookies.txt -> TrackingCookie.2o7 : Error during cleaning.
:mozilla.107:C:\Program Files\support.com\backup\co\cookies.txt\20613_508807f12_/cookies.txt -> TrackingCookie.2o7 : Error during cleaning.
:mozilla.107:C:\Program Files\support.com\backup\co\cookies.txt\20614_5be112fa6_/cookies.txt -> TrackingCookie.2o7 : Error during cleaning.
:mozilla.108:C:\Program Files\support.com\backup\co\cookies.txt\20693_50655e19d_/cookies.txt -> TrackingCookie.2o7 : Error during cleaning.
:mozilla.10:C:\Program Files\support.com\backup\co\cookies.txt\11068_53dbbd940_/cookies.txt -> TrackingCookie.2o7 : Error during cleaning.
:mozilla.10:C:\Program Files\support.com\backup\co\cookies.txt\12666_541a7987f_/cookies.txt -> TrackingCookie.2o7 : Error during cleaning.
:mozilla.10:C:\Program Files\support.com\backup\co\cookies.txt\20552_507301f83_/cookies.txt -> TrackingCookie.2o7 : Error during cleaning.
:mozilla.10:C:\Program Files\support.com\backup\co\cookies.txt\21461_5e97d9ab6_/cookies.txt -> TrackingCookie.2o7 : Error during cleaning.
:mozilla.10:C:\Program Files\support.com\backup\co\cookies.txt\26459_586c54434_/cookies.txt -> TrackingCookie.2o7 : Error during cleaning.
:mozilla.10:C:\Program Files\support.com\backup\co\cookies.txt\29100_5d41f17e9_/cookies.txt -> TrackingCookie.2o7 : Error during cleaning.
:mozilla.10:C:\Program Files\support.com\backup\co\cookies.txt\36549_565f024f7_/cookies.txt -> TrackingCookie.2o7 : Error during cleaning.
:mozilla.10:C:\Program Files\support.com\backup\co\cookies.txt\44615_53f0f1e36_/cookies.txt -> TrackingCookie.2o7 : Error during cleaning.
:mozilla.10:C:\Program Files\support.com\backup\co\cookies.txt\46963_507fdce13_/cookies.txt -> TrackingCookie.2o7 : Error during cleaning.
:mozilla.10:C:\Program Files\support.com\backup\co\cookies.txt\48429_56c60f278_/cookies.txt -> TrackingCookie.2o7 : Error during cleaning.
:mozilla.112:C:\Program Files\support.com\backup\co\cookies.txt\21532_514c2705a_/cookies.txt -> TrackingCookie.2o7 : Error during cleaning.
:mozilla.115:C:\Program Files\support.com\backup\co\cookies.txt\20552_507301f83_/cookies.txt -> TrackingCookie.2o7 : Error during cleaning.
:mozilla.116:C:\Program Files\support.com\backup\co\cookies.txt\20547_5ddff5c1d_/cookies.txt -> TrackingCookie.2o7 : Error during cleaning.
:mozilla.116:C:\Program Files\support.com\backup\co\cookies.txt\22280_5f24cf93b_/cookies.txt -> TrackingCookie.2o7 : Error during cleaning.
:mozilla.117:C:\Program Files\support.com\backup\co\cookies.txt\20613_508807f12_/cookies.txt -> TrackingCookie.2o7 : Error during cleaning.
:mozilla.117:C:\Program Files\support.com\backup\co\cookies.txt\20614_5be112fa6_/cookies.txt -> TrackingCookie.2o7 : Error during cleaning.
:mozilla.117:C:\Program Files\support.com\backup\co\cookies.txt\21461_5e97d9ab6_/cookies.txt -> TrackingCookie.2o7 : Error during cleaning.
:mozilla.118:C:\Program Files\support.com\backup\co\cookies.txt\20693_50655e19d_/cookies.txt -> TrackingCookie.2o7 : Error during cleaning.
:mozilla.11:C:\Program Files\support.com\backup\co\cookies.txt\11068_53dbbd940_/cookies.txt -> TrackingCookie.2o7 : Error during cleaning.
:mozilla.11:C:\Program Files\support.com\backup\co\cookies.txt\12666_541a7987f_/cookies.txt -> TrackingCookie.2o7 : Error during cleaning.
:mozilla.11:C:\Program Files\support.com\backup\co\cookies.txt\20552_507301f83_/cookies.txt -> TrackingCookie.2o7 : Error during cleaning.
:mozilla.11:C:\Program Files\support.com\backup\co\cookies.txt\21461_5e97d9ab6_/cookies.txt -> TrackingCookie.2o7 : Error during cleaning.
:mozilla.11:C:\Program Files\support.com\backup\co\cookies.txt\26459_586c54434_/cookies.txt -> TrackingCookie.2o7 : Error during cleaning.
:mozilla.11:C:\Program Files\support.com\backup\co\cookies.txt\29100_5d41f17e9_/cookies.txt -> TrackingCookie.2o7 : Error during cleaning.
:mozilla.11:C:\Program Files\support.com\backup\co\cookies.txt\36549_565f024f7_/cookies.txt -> TrackingCookie.2o7 : Error during cleaning.
:mozilla.11:C:\Program Files\support.com\backup\co\cookies.txt\44615_53f0f1e36_/cookies.txt -> TrackingCookie.2o7 : Error during cleaning.
:mozilla.11:C:\Program Files\support.com\backup\co\cookies.txt\46963_507fdce13_/cookies.txt -> TrackingCookie.2o7 : Error during cleaning.
:mozilla.11:C:\Program Files\support.com\backup\co\cookies.txt\48429_56c60f278_/cookies.txt -> TrackingCookie.2o7 : Error during cleaning.
:mozilla.122:C:\Program Files\support.com\backup\co\cookies.txt\21532_514c2705a_/cookies.txt -> TrackingCookie.2o7 : Error during cleaning.
:mozilla.126:C:\Program Files\support.com\backup\co\cookies.txt\22280_5f24cf93b_/cookies.txt -> TrackingCookie.2o7 : Error during cleaning.
:mozilla.127:C:\Program Files\support.com\backup\co\cookies.txt\21461_5e97d9ab6_/cookies.txt -> TrackingCookie.2o7 : Error during cleaning.
:mozilla.128:C:\Program Files\support.com\backup\co\cookies.txt\22298_59ddc4d1a_/cookies.txt -> TrackingCookie.2o7 : Error during cleaning.
:mozilla.129:C:\Program Files\support.com\backup\co\cookies.txt\23025_5c822bee4_/cookies.txt -> TrackingCookie.2o7 : Error during cleaning.
:mozilla.12:C:\Program Files\support.com\backup\co\cookies.txt\12666_541a7987f_/cookies.txt -> TrackingCookie.2o7 : Error during cleaning.
:mozilla.12:C:\Program Files\support.com\backup\co\cookies.txt\20552_507301f83_/cookies.txt -> TrackingCookie.2o7 : Error during cleaning.
:mozilla.12:C:\Program Files\support.com\backup\co\cookies.txt\21461_5e97d9ab6_/cookies.txt -> TrackingCookie.2o7 : Error during cleaning.
:mozilla.12:C:\Program Files\support.com\backup\co\cookies.txt\26459_586c54434_/cookies.txt -> TrackingCookie.2o7 : Error during cleaning.
:mozilla.12:C:\Program Files\support.com\backup\co\cookies.txt\29100_5d41f17e9_/cookies.txt -> TrackingCookie.2o7 : Error during cleaning.
:mozilla.12:C:\Program Files\support.com\backup\co\cookies.txt\36549_565f024f7_/cookies.txt -> TrackingCookie.2o7 : Error during cleaning.
:mozilla.12:C:\Program Files\support.com\backup\co\cookies.txt\44615_53f0f1e36_/cookies.txt -> TrackingCookie.2o7 : Error during cleaning.
:mozilla.12:C:\Program Files\support.com\backup\co\cookies.txt\46963_507fdce13_/cookies.txt -> TrackingCookie.2o7 : Error during cleaning.
:mozilla.135:C:\Program Files\support.com\backup\co\cookies.txt\45237_5e82dd66e_/cookies.txt -> TrackingCookie.2o7 : Error during cleaning.
:mozilla.136:C:\Program Files\support.com\backup\co\cookies.txt\45237_5e82dd66e_/cookies.txt -> TrackingCookie.2o7 : Error during cleaning.
:mozilla.137:C:\Program Files\support.com\backup\co\cookies.txt\45237_5e82dd66e_/cookies.txt -> TrackingCookie.2o7 : Error during cleaning.
:mozilla.138:C:\Program Files\support.com\backup\co\cookies.txt\45237_5e82dd66e_/cookies.txt -> TrackingCookie.2o7 : Error during cleaning.
:mozilla.139:C:\Program Files\support.com\backup\co\cookies.txt\23025_5c822bee4_/cookies.txt -> TrackingCookie.2o7 : Error during cleaning.
:mozilla.139:C:\Program Files\support.com\backup\co\cookies.txt\45237_5e82dd66e_/cookies.txt -> TrackingCookie.2o7 : Error during cleaning.
:mozilla.13:C:\Program Files\support.com\backup\co\cookies.txt\10820_5298cafe6_/cookies.txt -> TrackingCookie.2o7 : Error during cleaning.
:mozilla.13:C:\Program Files\support.com\backup\co\cookies.txt\12666_541a7987f_/cookies.txt -> TrackingCookie.2o7 : Error during cleaning.
:mozilla.13:C:\Program Files\support.com\backup\co\cookies.txt\20552_507301f83_/cookies.txt -> TrackingCookie.2o7 : Error during cleaning.
:mozilla.13:C:\Program Files\support.com\backup\co\cookies.txt\21461_5e97d9ab6_/cookies.txt -> TrackingCookie.2o7 : Error during cleaning.
:mozilla.13:C:\Program Files\support.com\backup\co\cookies.txt\26459_586c54434_/cookies.txt -> TrackingCookie.2o7 : Error during cleaning.
:mozilla.13:C:\Program Files\support.com\backup\co\cookies.txt\29100_5d41f17e9_/cookies.txt -> TrackingCookie.2o7 : Error during cleaning.
:mozilla.13:C:\Program Files\support.com\backup\co\cookies.txt\36549_565f024f7_/cookies.txt -> TrackingCookie.2o7 : Error during cleaning.
:mozilla.13:C:\Program Files\support.com\backup\co\cookies.txt\44615_53f0f1e36_/cookies.txt -> TrackingCookie.2o7 : Error during cleaning.
:mozilla.13:C:\Program Files\support.com\backup\co\cookies.txt\46963_507fdce13_/cookies.txt -> TrackingCookie.2o7 : Error during cleaning.
:mozilla.140:C:\Program Files\support.com\backup\co\cookies.txt\45237_5e82dd66e_/cookies.txt -> TrackingCookie.2o7 : Error during cleaning.
:mozilla.141:C:\Program Files\support.com\backup\co\cookies.txt\45237_5e82dd66e_/cookies.txt -> TrackingCookie.2o7 : Error during cleaning.
:mozilla.142:C:\Program Files\support.com\backup\co\cookies.txt\45237_5e82dd66e_/cookies.txt -> TrackingCookie.2o7 : Error during cleaning.
:mozilla.143:C:\Program Files\support.com\backup\co\cookies.txt\45237_5e82dd66e_/cookies.txt -> TrackingCookie.2o7 : Error during cleaning.
:mozilla.144:C:\Program Files\support.com\backup\co\cookies.txt\45237_5e82dd66e_/cookies.txt -> TrackingCookie.2o7 : Error during cleaning.
:mozilla.145:C:\Program Files\support.com\backup\co\cookies.txt\45237_5e82dd66e_/cookies.txt -> TrackingCookie.2o7 : Error during cleaning.
:mozilla.146:C:\Program Files\support.com\backup\co\cookies.txt\45237_5e82dd66e_/cookies.txt -> TrackingCookie.2o7 : Error during cleaning.
:mozilla.147:C:\Program Files\support.com\backup\co\cookies.txt\45237_5e82dd66e_/cookies.txt -> TrackingCookie.2o7 : Error during cleaning.
:mozilla.148:C:\Program Files\support.com\backup\co\cookies.txt\45237_5e82dd66e_/cookies.txt -> TrackingCookie.2o7 : Error during cleaning.
:mozilla.149:C:\Program Files\support.com\backup\co\cookies.txt\45237_5e82dd66e_/cookies.txt -> TrackingCookie.2o7 : Error during cleaning.
:mozilla.14:C:\Program Files\support.com\backup\co\cookies.txt\10820_5298cafe6_/cookies.txt -> TrackingCookie.2o7 : Error during cleaning.
:mozilla.14:C:\Program Files\support.com\backup\co\cookies.txt\20552_507301f83_/cookies.txt -> TrackingCookie.2o7 : Error during cleaning.
:mozilla.14:C:\Program Files\support.com\backup\co\cookies.txt\21461_5e97d9ab6_/cookies.txt -> TrackingCookie.2o7 : Error during cleaning.
:mozilla.14:C:\Program Files\support.com\backup\co\cookies.txt\26459_586c54434_/cookies.txt -> TrackingCookie.2o7 : Error during cleaning.
:mozilla.14:C:\Program Files\support.com\backup\co\cookies.txt\29100_5d41f17e9_/cookies.txt -> TrackingCookie.2o7 : Error during cleaning.
:mozilla.14:C:\Program Files\support.com\backup\co\cookies.txt\36549_565f024f7_/cookies.txt -> TrackingCookie.2o7 : Error during cleaning.
:mozilla.14:C:\Program Files\support.com\backup\co\cookies.txt\44615_53f0f1e36_/cookies.txt -> TrackingCookie.2o7 : Error during cleaning.
:mozilla.14:C:\Program Files\support.com\backup\co\cookies.txt\46963_507fdce13_/cookies.txt -> TrackingCookie.2o7 : Error during cleaning.
:mozilla.14:C:\Program Files\support.com\backup\co\cookies.txt\48429_56c60f278_/cookies.txt -> TrackingCookie.2o7 : Error during cleaning.
:mozilla.151:C:\Program Files\support.com\backup\co\cookies.txt\45237_5e82dd66e_/cookies.txt -> TrackingCookie.2o7 : Error during cleaning.
:mozilla.153:C:\Program Files\support.com\backup\co\cookies.txt\25820_59698d356_/cookies.txt -> TrackingCookie.2o7 : Error during cleaning.
:mozilla.154:C:\Program Files\support.com\backup\co\cookies.txt\25879_5728ae97c_/cookies.txt -> TrackingCookie.2o7 : Error during cleaning.
:mozilla.15:C:\Program Files\support.com\backup\co\cookies.txt\10820_5298cafe6_/cookies.txt -> TrackingCookie.2o7 : Error during cleaning.
:mozilla.15:C:\Program Files\support.com\backup\co\cookies.txt\20552_507301f83_/cookies.txt -> TrackingCookie.2o7 : Error during cleaning.
:mozilla.15:C:\Program Files\support.com\backup\co\cookies.txt\21461_5e97d9ab6_/cookies.txt -> TrackingCookie.2o7 : Error during cleaning.
:mozilla.15:C:\Program Files\support.com\backup\co\cookies.txt\26459_586c54434_/cookies.txt -> TrackingCookie.2o7 : Error during cleaning.
:mozilla.15:C:\Program Files\support.com\backup\co\cookies.txt\29100_5d41f17e9_/cookies.txt -> TrackingCookie.2o7 : Error during cleaning.
:mozilla.15:C:\Program Files\support.com\backup\co\cookies.txt\36549_565f024f7_/cookies.txt -> TrackingCookie.2o7 : Error during cleaning.
:mozilla.15:C:\Program Files\support.com\backup\co\cookies.txt\44615_53f0f1e36_/cookies.txt -> TrackingCookie.2o7 : Error during cleaning.
:mozilla.15:C:\Program Files\support.com\backup\co\cookies.txt\46963_507fdce13_/cookies.txt -> TrackingCookie.2o7 : Error during cleaning.
:mozilla.15:C:\Program Files\support.com\backup\co\cookies.txt\48429_56c60f278_/cookies.txt -> TrackingCookie.2o7 : Error during cleaning.
:mozilla.160:C:\Program Files\support.com\backup\co\cookies.txt\47203_59a3f466c_/cookies.txt -> TrackingCookie.2o7 : Error during cleaning.
:mozilla.161:C:\Program Files\support.com\backup\co\cookies.txt\47203_59a3f466c_/cookies.txt -> TrackingCookie.2o7 : Error during cleaning.
:mozilla.162:C:\Program Files\support.com\backup\co\cookies.txt\26459_586c54434_/cookies.txt -> TrackingCookie.2o7 : Error during cleaning.
:mozilla.162:C:\Program Files\support.com\backup\co\cookies.txt\47203_59a3f466c_/cookies.txt -> TrackingCookie.2o7 : Error during cleaning.
:mozilla.163:C:\Program Files\support.com\backup\co\cookies.txt\25820_59698d356_/cookies.txt -> TrackingCookie.2o7 : Error during cleaning.
:mozilla.163:C:\Program Files\support.com\backup\co\cookies.txt\47203_59a3f466c_/cookies.txt -> TrackingCookie.2o7 : Error during cleaning.
:mozilla.164:C:\Program Files\support.com\backup\co\cookies.txt\25879_5728ae97c_/cookies.txt -> TrackingCookie.2o7 : Error during cleaning.
:mozilla.164:C:\Program Files\support.com\backup\co\cookies.txt\47203_59a3f466c_/cookies.txt -> TrackingCookie.2o7 : Error during cleaning.
:mozilla.165:C:\Program Files\support.com\backup\co\cookies.txt\47203_59a3f466c_/cookies.txt -> TrackingCookie.2o7 : Error during cleaning.
:mozilla.166:C:\Program Files\support.com\backup\co\cookies.txt\47203_59a3f466c_/cookies.txt -> TrackingCookie.2o7 : Error during cleaning.
:mozilla.167:C:\Program Files\support.com\backup\co\cookies.txt\47203_59a3f466c_/cookies.txt -> TrackingCookie.2o7 : Error during cleaning.
:mozilla.168:C:\Program Files\support.com\backup\co\cookies.txt\47203_59a3f466c_/cookies.txt -> TrackingCookie.2o7 : Error during cleaning.
:mozilla.169:C:\Program Files\support.com\backup\co\cookies.txt\47203_59a3f466c_/cookies.txt -> TrackingCookie.2o7 : Error during cleaning.
:mozilla.16:C:\Program Files\support.com\backup\co\cookies.txt\20552_507301f83_/cookies.txt -> TrackingCookie.2o7 : Error during cleaning.
:mozilla.16:C:\Program Files\support.com\backup\co\cookies.txt\21461_5e97d9ab6_/cookies.txt -> TrackingCookie.2o7 : Error during cleaning.
:mozilla.16:C:\Program Files\support.com\backup\co\cookies.txt\26459_586c54434_/cookies.txt -> TrackingCookie.2o7 : Error during cleaning.
:mozilla.16:C:\Program Files\support.com\backup\co\cookies.txt\29100_5d41f17e9_/cookies.txt -> TrackingCookie.2o7 : Error during cleaning.
:mozilla.16:C:\Program Files\support.com\backup\co\cookies.txt\35887_5a452dccb_/cookies.txt -> TrackingCookie.2o7 : Error during cleaning.
:mozilla.16:C:\Program Files\support.com\backup\co\cookies.txt\36549_565f024f7_/cookies.txt -> TrackingCookie.2o7 : Error during cleaning.
:mozilla.16:C:\Program Files\support.com\backup\co\cookies.txt\44615_53f0f1e36_/cookies.txt -> TrackingCookie.2o7 : Error during cleaning.
:mozilla.16:C:\Program Files\support.com\backup\co\cookies.txt\46963_507fdce13_/cookies.txt -> TrackingCookie.2o7 : Error during cleaning.
:mozilla.16:C:\Program Files\support.com\backup\co\cookies.txt\48429_56c60f278_/cookies.txt -> TrackingCookie.2o7 : Error during cleaning.
:mozilla.170:C:\Program Files\support.com\backup\co\cookies.txt\47203_59a3f466c_/cookies.txt -> TrackingCookie.2o7 : Error during cleaning.
:mozilla.171:C:\Program Files\support.com\backup\co\cookies.txt\47203_59a3f466c_/cookies.txt -> TrackingCookie.2o7 : Error during cleaning.
:mozilla.172:C:\Program Files\support.com\backup\co\cookies.txt\26459_586c54434_/cookies.txt -> TrackingCookie.2o7 : Error during cleaning.
:mozilla.172:C:\Program Files\support.com\backup\co\cookies.txt\47203_59a3f466c_/cookies.txt -> TrackingCookie.2o7 : Error during cleaning.
:mozilla.173:C:\Program Files\support.com\backup\co\cookies.txt\47203_59a3f466c_/cookies.txt -> TrackingCookie.2o7 : Error during cleaning.
:mozilla.174:C:\Program Files\support.com\backup\co\cookies.txt\47203_59a3f466c_/cookies.txt -> TrackingCookie.2o7 : Error during cleaning.
:mozilla.176:C:\Program Files\support.com\backup\co\cookies.txt\47203_59a3f466c_/cookies.txt -> TrackingCookie.2o7 : Error during cleaning.
:mozilla.177:C:\Program Files\support.com\backup\co\cookies.txt\44615_53f0f1e36_/cookies.txt -> TrackingCookie.2o7 : Error during cleaning.
:mozilla.178:C:\Program Files\support.com\backup\co\cookies.txt\27933_573cf9c84_/cookies.txt -> TrackingCookie.2o7 : Error during cleaning.
:mozilla.179:C:\Program Files\support.com\backup\co\cookies.txt\45237_5e82dd66e_/cookies.txt -> TrackingCookie.2o7 : Error during cleaning.
:mozilla.17:C:\Program Files\support.com\backup\co\cookies.txt\20613_508807f12_/cookies.txt -> TrackingCookie.2o7 : Error during cleaning.
:mozilla.17:C:\Program Files\support.com\backup\co\cookies.txt\21461_5e97d9ab6_/cookies.txt -> TrackingCookie.2o7 : Error during cleaning.
:mozilla.17:C:\Program Files\support.com\backup\co\cookies.txt\29100_5d41f17e9_/cookies.txt -> TrackingCookie.2o7 : Error during cleaning.
:mozilla.17:C:\Program Files\support.com\backup\co\cookies.txt\35887_5a452dccb_/cookies.txt -> TrackingCookie.2o7 : Error during cleaning.
:mozilla.17:C:\Program Files\support.com\backup\co\cookies.txt\36549_565f024f7_/cookies.txt -> TrackingCookie.2o7 : Error during cleaning.
:mozilla.17:C:\Program Files\support.com\backup\co\cookies.txt\44615_53f0f1e36_/cookies.txt -> TrackingCookie.2o7 : Error during cleaning.
:mozilla.17:C:\Program Files\support.com\backup\co\cookies.txt\46963_507fdce13_/cookies.txt -> TrackingCookie.2o7 : Error during cleaning.
:mozilla.17:C:\Program Files\support.com\backup\co\cookies.txt\48429_56c60f278_/cookies.txt -> TrackingCookie.2o7 : Error during cleaning.
:mozilla.180:C:\Program Files\support.com\backup\co\cookies.txt\28155_529c96aa8_/cookies.txt -> TrackingCookie.2o7 : Error during cleaning.
:mozilla.180:C:\Program Files\support.com\backup\co\cookies.txt\28163_5c9cf84e0_/cookies.txt -> TrackingCookie.2o7 : Error during cleaning.
:mozilla.188:C:\Program Files\support.com\backup\co\cookies.txt\27933_573cf9c84_/cookies.txt -> TrackingCookie.2o7 : Error during cleaning.
:mozilla.18:C:\Program Files\support.com\backup\co\cookies.txt\21461_5e97d9ab6_/cookies.txt -> TrackingCookie.2o7 : Error during cleaning.
:mozilla.18:C:\Program Files\support.com\backup\co\cookies.txt\26459_586c54434_/cookies.txt -> TrackingCookie.2o7 : Error during cleaning.
:mozilla.18:C:\Program Files\support.com\backup\co\cookies.txt\29100_5d41f17e9_/cookies.txt -> TrackingCookie.2o7 : Error during cleaning.
:mozilla.18:C:\Program Files\support.com\backup\co\cookies.txt\35887_5a452dccb_/cookies.txt -> TrackingCookie.2o7 : Error during cleaning.
:mozilla.18:C:\Program Files\support.com\backup\co\cookies.txt\36549_565f024f7_/cookies.txt -> TrackingCookie.2o7 : Error during cleaning.
:mozilla.18:C:\Program Files\support.com\backup\co\cookies.txt\44615_53f0f1e36_/cookies.txt -> TrackingCookie.2o7 : Error during cleaning.
:mozilla.18:C:\Program Files\support.com\backup\co\cookies.txt\46963_507fdce13_/cookies.txt -> TrackingCookie.2o7 : Error during cleaning.
:mozilla.18:C:\Program Files\support.com\backup\co\cookies.txt\48429_56c60f278_/cookies.txt -> TrackingCookie.2o7 : Error during cleaning.
:mozilla.190:C:\Program Files\support.com\backup\co\cookies.txt\28155_529c96aa8_/cookies.txt -> TrackingCookie.2o7 : Error during cleaning.
:mozilla.190:C:\Program Files\support.com\backup\co\cookies.txt\28163_5c9cf84e0_/cookies.txt -> TrackingCookie.2o7 : Error during cleaning.
:mozilla.192:C:\Program Files\support.com\backup\co\cookies.txt\29100_5d41f17e9_/cookies.txt -> TrackingCookie.2o7 : Error during cleaning.
:mozilla.19:C:\Program Files\support.com\backup\co\cookies.txt\20552_507301f83_/cookies.txt -> TrackingCookie.2o7 : Error during cleaning.
:mozilla.19:C:\Program Files\support.com\backup\co\cookies.txt\26459_586c54434_/cookies.txt -> TrackingCookie.2o7 : Error during cleaning.
:mozilla.19:C:\Program Files\support.com\backup\co\cookies.txt\29100_5d41f17e9_/cookies.txt -> TrackingCookie.2o7 : Error during cleaning.
:mozilla.19:C:\Program Files\support.com\backup\co\cookies.txt\35887_5a452dccb_/cookies.txt -> TrackingCookie.2o7 : Error during cleaning.
:mozilla.19:C:\Program Files\support.com\backup\co\cookies.txt\36549_565f024f7_/cookies.txt -> TrackingCookie.2o7 : Error during cleaning.
:mozilla.19:C:\Program Files\support.com\backup\co\cookies.txt\44615_53f0f1e36_/cookies.txt -> TrackingCookie.2o7 : Error during cleaning.
:mozilla.19:C:\Program Files\support.com\backup\co\cookies.txt\46963_507fdce13_/cookies.txt -> TrackingCookie.2o7 : Error during cleaning.
:mozilla.19:C:\Program Files\support.com\backup\co\cookies.txt\48429_56c60f278_/cookies.txt -> TrackingCookie.2o7 : Error during cleaning.
:mozilla.202:C:\Program Files\support.com\backup\co\cookies.txt\29100_5d41f17e9_/cookies.txt -> TrackingCookie.2o7 : Error during cleaning.
:mozilla.204:C:\Program Files\support.com\backup\co\cookies.txt\47203_59a3f466c_/cookies.txt -> TrackingCookie.2o7 : Error during cleaning.
:mozilla.20:C:\Program Files\support.com\backup\co\cookies.txt\10700_5b7bd8783_/cookies.txt -> TrackingCookie.2o7 : Error during cleaning.
:mozilla.20:C:\Program Files\support.com\backup\co\cookies.txt\20552_507301f83_/cookies.txt -> TrackingCookie.2o7 : Error during cleaning.
:mozilla.20:C:\Program Files\support.com\backup\co\cookies.txt\20613_508807f12_/cookies.txt -> TrackingCookie.2o7 : Error during cleaning.
:mozilla.20:C:\Program Files\support.com\backup\co\cookies.txt\26459_586c54434_/cookies.txt -> TrackingCookie.2o7 : Error during cleaning.
:mozilla.20:C:\Program Files\support.com\backup\co\cookies.txt\29100_5d41f17e9_/cookies.txt -> TrackingCookie.2o7 : Error during cleaning.
:mozilla.20:C:\Program Files\support.com\backup\co\cookies.txt\35887_5a452dccb_/cookies.txt -> TrackingCookie.2o7 : Error during cleaning.
:mozilla.20:C:\Program Files\support.com\backup\co\cookies.txt\36549_565f024f7_/cookies.txt -> TrackingCookie.2o7 : Error during cleaning.
:mozilla.20:C:\Program Files\support.com\backup\co\cookies.txt\44615_53f0f1e36_/cookies.txt -> TrackingCookie.2o7 : Error during cleaning.
:mozilla.20:C:\Program Files\support.com\backup\co\cookies.txt\46963_507fdce13_/cookies.txt -> TrackingCookie.2o7 : Error during cleaning.
:mozilla.20:C:\Program Files\support.com\backup\co\cookies.txt\48429_56c60f278_/cookies.txt -> TrackingCookie.2o7 : Error during cleaning.
:mozilla.213:C:\Program Files\support.com\backup\co\cookies.txt\31480_51bf9df43_/cookies.txt -> TrackingCookie.2o7 : Error during cleaning.
:mozilla.21:C:\Program Files\support.com\backup\co\cookies.txt\20613_508807f12_/cookies.txt -> TrackingCookie.2o7 : Error during cleaning.
:mozilla.21:C:\Program Files\support.com\backup\co\cookies.txt\26459_586c54434_/cookies.txt -> TrackingCookie.2o7 : Error during cleaning.
:mozilla.21:C:\Program Files\support.com\backup\co\cookies.txt\29100_5d41f17e9_/cookies.txt -> TrackingCookie.2o7 : Error during cleaning.
:mozilla.21:C:\Program Files\support.com\backup\co\cookies.txt\35887_5a452dccb_/cookies.txt -> TrackingCookie.2o7 : Error during cleaning.
:mozilla.21:C:\Program Files\support.com\backup\co\cookies.txt\36549_565f024f7_/cookies.txt -> TrackingCookie.2o7 : Error during cleaning.
:mozilla.21:C:\Program Files\support.com\backup\co\cookies.txt\44615_53f0f1e36_/cookies.txt -> TrackingCookie.2o7 : Error during cleaning.
:mozilla.21:C:\Program Files\support.com\backup\co\cookies.txt\46963_507fdce13_/cookies.txt -> TrackingCookie.2o7 : Error during cleaning.
:mozilla.21:C:\Program Files\support.com\backup\co\cookies.txt\48429_56c60f278_/cookies.txt -> TrackingCookie.2o7 : Error during cleaning.
:mozilla.223:C:\Program Files\support.com\backup\co\cookies.txt\31480_51bf9df43_/cookies.txt -> TrackingCookie.2o7 : Error during cleaning.
:mozilla.225:C:\Program Files\support.com\backup\co\cookies.txt\47343_5d03b71bd_/cookies.txt -> TrackingCookie.2o7 : Error during cleaning.
:mozilla.228:C:\Program Files\support.com\backup\co\cookies.txt\46569_59030f2d8_/cookies.txt -> TrackingCookie.2o7 : Error during cleaning.
:mozilla.229:C:\Program Files\support.com\backup\co\cookies.txt\46619_589cb09da_/cookies.txt -> TrackingCookie.2o7 : Error during cleaning.
:mozilla.22:C:\Program Files\support.com\backup\co\cookies.txt\20613_508807f12_/cookies.txt -> TrackingCookie.2o7 : Error during cleaning.
:mozilla.22:C:\Program Files\support.com\backup\co\cookies.txt\29100_5d41f17e9_/cookies.txt -> TrackingCookie.2o7 : Error during cleaning.
:mozilla.22:C:\Program Files\support.com\backup\co\cookies.txt\35887_5a452dccb_/cookies.txt -> TrackingCookie.2o7 : Error during cleaning.
:mozilla.22:C:\Program Files\support.com\backup\co\cookies.txt\44615_53f0f1e36_/cookies.txt -> TrackingCookie.2o7 : Error during cleaning.
:mozilla.22:C:\Program Files\support.com\backup\co\cookies.txt\48429_56c60f278_/cookies.txt -> TrackingCookie.2o7 : Error during cleaning.
:mozilla.232:C:\Program Files\support.com\backup\co\cookies.txt\46187_5dcefc159_/cookies.txt -> TrackingCookie.2o7 : Error during cleaning.
:mozilla.234:C:\Program Files\support.com\backup\co\cookies.txt\46274_51a94bcb8_/cookies.txt -> TrackingCookie.2o7 : Error during cleaning.
:mozilla.237:C:\Program Files\support.com\backup\co\cookies.txt\48429_56c60f278_/cookies.txt -> TrackingCookie.2o7 : Error during cleaning.
:mozilla.23:C:\Program Files\support.com\backup\co\cookies.txt\20613_508807f12_/cookies.txt -> TrackingCookie.2o7 : Error during cleaning.
:mozilla.23:C:\Program Files\support.com\backup\co\cookies.txt\29100_5d41f17e9_/cookies.txt -> TrackingCookie.2o7 : Error during cleaning.
:mozilla.23:C:\Program Files\support.com\backup\co\cookies.txt\35887_5a452dccb_/cookies.txt -> TrackingCookie.2o7 : Error during cleaning.
:mozilla.23:C:\Program Files\support.com\backup\co\cookies.txt\44615_53f0f1e36_/cookies.txt -> TrackingCookie.2o7 : Error during cleaning.
:mozilla.23:C:\Program Files\support.com\backup\co\cookies.txt\46963_507fdce13_/cookies.txt -> TrackingCookie.2o7 : Error during cleaning.
:mozilla.23:C:\Program Files\support.com\backup\co\cookies.txt\48429_56c60f278_/cookies.txt -> TrackingCookie.2o7 : Error during cleaning.
:mozilla.240:C:\Program Files\support.com\backup\co\cookies.txt\46963_507fdce13_/cookies.txt -> TrackingCookie.2o7 : Error during cleaning.
:mozilla.24:C:\Program Files\support.com\backup\co\cookies.txt\20613_508807f12_/cookies.txt -> TrackingCookie.2o7 : Error during cleaning.
:mozilla.24:C:\Program Files\support.com\backup\co\cookies.txt\35887_5a452dccb_/cookies.txt -> TrackingCookie.2o7 : Error during cleaning.
:mozilla.24:C:\Program Files\support.com\backup\co\cookies.txt\36549_565f024f7_/cookies.txt -> TrackingCookie.2o7 : Error during cleaning.
:mozilla.24:C:\Program Files\support.com\backup\co\cookies.txt\46963_507fdce13_/cookies.txt -> TrackingCookie.2o7 : Error during cleaning.
:mozilla.24:C:\Program Files\support.com\backup\co\cookies.txt\48429_56c60f278_/cookies.txt -> TrackingCookie.2o7 : Error during cleaning.
:mozilla.25:C:\Program Files\support.com\backup\co\cookies.txt\20613_508807f12_/cookies.txt -> TrackingCookie.2o7 : Error during cleaning.
:mozilla.25:C:\Program Files\support.com\backup\co\cookies.txt\23025_5c822bee4_/cookies.txt -> TrackingCookie.2o7 : Error during cleaning.
:mozilla.25:C:\Program Files\support.com\backup\co\cookies.txt\35887_5a452dccb_/cookies.txt -> TrackingCookie.2o7 : Error during cleaning.
:mozilla.25:C:\Program Files\support.com\backup\co\cookies.txt\46963_507fdce13_/cookies.txt -> TrackingCookie.2o7 : Error during cleaning.
:mozilla.25:C:\Program Files\support.com\backup\co\cookies.txt\48429_56c60f278_/cookies.txt -> TrackingCookie.2o7 : Error during cleaning.
:mozilla.265:C:\Program Files\support.com\backup\co\cookies.txt\35887_5a452dccb_/cookies.txt -> TrackingCookie.2o7 : Error during cleaning.
:mozilla.26:C:\Program Files\support.com\backup\co\cookies.txt\11666_52fa92640_/cookies.txt -> TrackingCookie.2o7 : Error during cleaning.
:mozilla.26:C:\Program Files\support.com\backup\co\cookies.txt\20613_508807f12_/cookies.txt -> TrackingCookie.2o7 : Error during cleaning.
:mozilla.26:C:\Program Files\support.com\backup\co\cookies.txt\35887_5a452dccb_/cookies.txt -> TrackingCookie.2o7 : Error during cleaning.
:mozilla.26:C:\Program Files\support.com\backup\co\cookies.txt\46963_507fdce13_/cookies.txt -> TrackingCookie.2o7 : Error during cleaning.
:mozilla.26:C:\Program Files\support.com\backup\co\cookies.txt\48429_56c60f278_/cookies.txt -> TrackingCookie.2o7 : Error during cleaning.
:mozilla.275:C:\Program Files\support.com\backup\co\cookies.txt\35887_5a452dccb_/cookies.txt -> TrackingCookie.2o7 : Error during cleaning.
:mozilla.275:C:\Program Files\support.com\backup\co\cookies.txt\36549_565f024f7_/cookies.txt -> TrackingCookie.2o7 : Error during cleaning.
:mozilla.27:C:\Program Files\support.com\backup\co\cookies.txt\11666_52fa92640_/cookies.txt -> TrackingCookie.2o7 : Error during cleaning.
:mozilla.27:C:\Program Files\support.com\backup\co\cookies.txt\20613_508807f12_/cookies.txt -> TrackingCookie.2o7 : Error during cleaning.
:mozilla.27:C:\Program Files\support.com\backup\co\cookies.txt\35887_5a452dccb_/cookies.txt -> TrackingCookie.2o7 : Error during cleaning.
:mozilla.27:C:\Program Files\support.com\backup\co\cookies.txt\48429_56c60f278_/cookies.txt -> TrackingCookie.2o7 : Error during cleaning.
:mozilla.285:C:\Program Files\support.com\backup\co\cookies.txt\36549_565f024f7_/cookies.txt -> TrackingCookie.2o7 : Error during cleaning.
:mozilla.28:C:\Program Files\support.com\backup\co\cookies.txt\11666_52fa92640_/cookies.txt -> TrackingCookie.2o7 : Error during cleaning.
:mozilla.28:C:\Program Files\support.com\backup\co\cookies.txt\20613_508807f12_/cookies.txt -> TrackingCookie.2o7 : Error during cleaning.
:mozilla.28:C:\Program Files\support.com\backup\co\cookies.txt\23025_5c822bee4_/cookies.txt -> TrackingCookie.2o7 : Error during cleaning.
:mozilla.28:C:\Program Files\support.com\backup\co\cookies.txt\35887_5a452dccb_/cookies.txt -> TrackingCookie.2o7 : Error during cleaning.
:mozilla.28:C:\Program Files\support.com\backup\co\cookies.txt\48429_56c60f278_/cookies.txt -> TrackingCookie.2o7 : Error during cleaning.
:mozilla.29:C:\Program Files\support.com\backup\co\cookies.txt\11666_52fa92640_/cookies.txt -> TrackingCookie.2o7 : Error during cleaning.
:mozilla.29:C:\Program Files\support.com\backup\co\cookies.txt\20613_508807f12_/cookies.txt -> TrackingCookie.2o7 : Error during cleaning.
:mozilla.29:C:\Program Files\support.com\backup\co\cookies.txt\23025_5c822bee4_/cookies.txt -> TrackingCookie.2o7 : Error during cleaning.
:mozilla.29:C:\Program Files\support.com\backup\co\cookies.txt\27933_573cf9c84_/cookies.txt -> TrackingCookie.2o7 : Error during cleaning.
:mozilla.29:C:\Program Files\support.com\backup\co\cookies.txt\35887_5a452dccb_/cookies.txt -> TrackingCookie.2o7 : Error during cleaning.
:mozilla.29:C:\Program Files\support.com\backup\co\cookies.txt\47343_5d03b71bd_/cookies.txt -> TrackingCookie.2o7 : Error during cleaning.
:mozilla.30:C:\Program Files\support.com\backup\co\cookies.txt\23025_5c822bee4_/cookies.txt -> TrackingCookie.2o7 : Error during cleaning.
:mozilla.30:C:\Program Files\support.com\backup\co\cookies.txt\27933_573cf9c84_/cookies.txt -> TrackingCookie.2o7 : Error during cleaning.
:mozilla.30:C:\Program Files\support.com\backup\co\cookies.txt\35887_5a452dccb_/cookies.txt -> TrackingCookie.2o7 : Error during cleaning.
:mozilla.31:C:\Program Files\support.com\backup\co\cookies.txt\23025_5c822bee4_/cookies.txt -> TrackingCookie.2o7 : Error during cleaning.
:mozilla.31:C:\Program Files\support.com\backup\co\cookies.txt\27933_573cf9c84_/cookies.txt -> TrackingCookie.2o7 : Error during cleaning.
:mozilla.322:C:\Program Files\support.com\backup\co\cookies.txt\38347_51db1e001_/cookies.txt -> TrackingCookie.2o7 : Error during cleaning.
:mozilla.324:C:\Program Files\support.com\backup\co\cookies.txt\38347_51db1e001_/cookies.txt -> TrackingCookie.2o7 : Error during cleaning.
:mozilla.325:C:\Program Files\support.com\backup\co\cookies.txt\38347_51db1e001_/cookies.txt -> TrackingCookie.2o7 : Error during cleaning.
:mozilla.326:C:\Program Files\support.com\backup\co\cookies.txt\38347_51db1e001_/cookies.txt -> TrackingCookie.2o7 : Error during cleaning.
:mozilla.32:C:\Program Files\support.com\backup\co\cookies.txt\10646_5d03d5420_/cookies.txt -> TrackingCookie.2o7 : Error during cleaning.
:mozilla.32:C:\Program Files\support.com\backup\co\cookies.txt\20693_50655e19d_/cookies.txt -> TrackingCookie.2o7 : Error during cleaning.
:mozilla.32:C:\Program Files\support.com\backup\co\cookies.txt\23025_5c822bee4_/cookies.txt -> TrackingCookie.2o7 : Error during cleaning.
:mozilla.32:C:\Program Files\support.com\backup\co\cookies.txt\27933_573cf9c84_/cookies.txt -> TrackingCookie.2o7 : Error during cleaning.
:mozilla.32:C:\Program Files\support.com\backup\co\cookies.txt\35887_5a452dccb_/cookies.txt -> TrackingCookie.2o7 : Error during cleaning.
:mozilla.330:C:\Program Files\support.com\backup\co\cookies.txt\39725_5d521e6e2_/cookies.txt -> TrackingCookie.2o7 : Error during cleaning.
:mozilla.332:C:\Program Files\support.com\backup\co\cookies.txt\39725_5d521e6e2_/cookies.txt -> TrackingCookie.2o7 : Error during cleaning.
:mozilla.333:C:\Program Files\support.com\backup\co\cookies.txt\38347_51db1e001_/cookies.txt -> TrackingCookie.2o7 : Error during cleaning.
:mozilla.333:C:\Program Files\support.com\backup\co\cookies.txt\39725_5d521e6e2_/cookies.txt -> TrackingCookie.2o7 : Error during cleaning.
:mozilla.334:C:\Program Files\support.com\backup\co\cookies.txt\38347_51db1e001_/cookies.txt -> TrackingCookie.2o7 : Error during cleaning.
:mozilla.334:C:\Program Files\support.com\backup\co\cookies.txt\39725_5d521e6e2_/cookies.txt -> TrackingCookie.2o7 : Error during cleaning.
:mozilla.336:C:\Program Files\support.com\backup\co\cookies.txt\38347_51db1e001_/cookies.txt -> TrackingCookie.2o7 : Error during cleaning.
:mozilla.337:C:\Program Files\support.com\backup\co\cookies.txt\38347_51db1e001_/cookies.txt -> TrackingCookie.2o7 : Error during cleaning.
:mozilla.338:C:\Program Files\support.com\backup\co\cookies.txt\38347_51db1e001_/cookies.txt -> TrackingCookie.2o7 : Error during cleaning.
:mozilla.338:C:\Program Files\support.com\backup\co\cookies.txt\44615_53f0f1e36_/cookies.txt -> TrackingCookie.2o7 : Error during cleaning.
:mozilla.33:C:\Program Files\support.com\backup\co\cookies.txt\23025_5c822bee4_/cookies.txt -> TrackingCookie.2o7 : Error during cleaning.
:mozilla.33:C:\Program Files\support.com\backup\co\cookies.txt\27933_573cf9c84_/cookies.txt -> TrackingCookie.2o7 : Error during cleaning.
:mozilla.33:C:\Program Files\support.com\backup\co\cookies.txt\28163_5c9cf84e0_/cookies.txt -> TrackingCookie.2o7 : Error during cleaning.
:mozilla.33:C:\Program Files\support.com\backup\co\cookies.txt\47343_5d03b71bd_/cookies.txt -> TrackingCookie.2o7 : Error during cleaning.
:mozilla.340:C:\Program Files\support.com\backup\co\cookies.txt\40673_5fc13340f_/cookies.txt -> TrackingCookie.2o7 : Error during cleaning.
:mozilla.341:C:\Program Files\support.com\backup\co\cookies.txt\39725_5d521e6e2_/cookies.txt -> TrackingCookie.2o7 : Error during cleaning.
:mozilla.342:C:\Program Files\support.com\backup\co\cookies.txt\39725_5d521e6e2_/cookies.txt -> TrackingCookie.2o7 : Error during cleaning.
:mozilla.342:C:\Program Files\support.com\backup\co\cookies.txt\40673_5fc13340f_/cookies.txt -> TrackingCookie.2o7 : Error during cleaning.
:mozilla.343:C:\Program Files\support.com\backup\co\cookies.txt\40673_5fc13340f_/cookies.txt -> TrackingCookie.2o7 : Error during cleaning.
:mozilla.343:C:\Program Files\support.com\backup\co\cookies.txt\45237_5e82dd66e_/cookies.txt -> TrackingCookie.2o7 : Error during cleaning.
:mozilla.344:C:\Program Files\support.com\backup\co\cookies.txt\39725_5d521e6e2_/cookies.txt -> TrackingCookie.2o7 : Error during cleaning.
:mozilla.344:C:\Program Files\support.com\backup\co\cookies.txt\40673_5fc13340f_/cookies.txt -> TrackingCookie.2o7 : Error during cleaning.
:mozilla.345:C:\Program Files\support.com\backup\co\cookies.txt\39725_5d521e6e2_/cookies.txt -> TrackingCookie.2o7 : Error during cleaning.
:mozilla.346:C:\Program Files\support.com\backup\co\cookies.txt\39725_5d521e6e2_/cookies.txt -> TrackingCookie.2o7 : Error during cleaning.
:mozilla.348:C:\Program Files\support.com\backup\co\cookies.txt\44615_53f0f1e36_/cookies.txt -> TrackingCookie.2o7 : Error during cleaning.
:mozilla.34:C:\Program Files\support.com\backup\co\cookies.txt\20693_50655e19d_/cookies.txt -> TrackingCookie.2o7 : Error during cleaning.
:mozilla.34:C:\Program Files\support.com\backup\co\cookies.txt\23025_5c822bee4_/cookies.txt -> TrackingCookie.2o7 : Error during cleaning.
:mozilla.34:C:\Program Files\support.com\backup\co\cookies.txt\27933_573cf9c84_/cookies.txt -> TrackingCookie.2o7 : Error during cleaning.
:mozilla.34:C:\Program Files\support.com\backup\co\cookies.txt\28155_529c96aa8_/cookies.txt -> TrackingCookie.2o7 : Error during cleaning.
:mozilla.34:C:\Program Files\support.com\backup\co\cookies.txt\28163_5c9cf84e0_/cookies.txt -> TrackingCookie.2o7 : Error during cleaning.
:mozilla.34:C:\Program Files\support.com\backup\co\cookies.txt\47343_5d03b71bd_/cookies.txt -> TrackingCookie.2o7 : Error during cleaning.
:mozilla.351:C:\Program Files\support.com\backup\co\cookies.txt\40673_5fc13340f_/cookies.txt -> TrackingCookie.2o7 : Error during cleaning.
:mozilla.352:C:\Program Files\support.com\backup\co\cookies.txt\40673_5fc13340f_/cookies.txt -> TrackingCookie.2o7 : Error during cleaning.
:mozilla.353:C:\Program Files\support.com\backup\co\cookies.txt\45237_5e82dd66e_/cookies.txt -> TrackingCookie.2o7 : Error during cleaning.
:mozilla.354:C:\Program Files\support.com\backup\co\cookies.txt\40673_5fc13340f_/cookies.txt -> TrackingCookie.2o7 : Error during cleaning.
:mozilla.355:C:\Program Files\support.com\backup\co\cookies.txt\40673_5fc13340f_/cookies.txt -> TrackingCookie.2o7 : Error during cleaning.
:mozilla.356:C:\Program Files\support.com\backup\co\cookies.txt\40673_5fc13340f_/cookies.txt -> TrackingCookie.2o7 : Error during cleaning.
:mozilla.356:C:\Program Files\support.com\backup\co\cookies.txt\46187_5dcefc159_/cookies.txt -> TrackingCookie.2o7 : Error during cleaning.
:mozilla.356:C:\Program Files\support.com\backup\co\cookies.txt\46569_59030f2d8_/cookies.txt -> TrackingCookie.2o7 : Error during cleaning.
:mozilla.357:C:\Program Files\support.com\backup\co\cookies.txt\46619_589cb09da_/cookies.txt -> TrackingCookie.2o7 : Error during cleaning.
:mozilla.358:C:\Program Files\support.com\backup\co\cookies.txt\46274_51a94bcb8_/cookies.txt -> TrackingCookie.2o7 : Error during cleaning.
:mozilla.35:C:\Program Files\support.com\backup\co\cookies.txt\20693_50655e19d_/cookies.txt -> TrackingCookie.2o7 : Error during cleaning.
:mozilla.35:C:\Program Files\support.com\backup\co\cookies.txt\23025_5c822bee4_/cookies.txt -> TrackingCookie.2o7 : Error during cleaning.
:mozilla.35:C:\Program Files\support.com\backup\co\cookies.txt\27933_573cf9c84_/cookies.txt -> TrackingCookie.2o7 : Error during cleaning.
:mozilla.35:C:\Program Files\support.com\backup\co\cookies.txt\28155_529c96aa8_/cookies.txt -> TrackingCookie.2o7 : Error during cleaning.
:mozilla.35:C:\Program Files\support.com\backup\co\cookies.txt\28163_5c9cf84e0_/cookies.txt -> TrackingCookie.2o7 : Error during cleaning.
:mozilla.35:C:\Program Files\support.com\backup\co\cookies.txt\47343_5d03b71bd_/cookies.txt -> TrackingCookie.2o7 : Error during cleaning.
:mozilla.360:C:\Program Files\support.com\backup\co\cookies.txt\47343_5d03b71bd_/cookies.txt -> TrackingCookie.2o7 : Error during cleaning.
:mozilla.366:C:\Program Files\support.com\backup\co\cookies.txt\46187_5dcefc159_/cookies.txt -> TrackingCookie.2o7 : Error during cleaning.
:mozilla.366:C:\Program Files\support.com\backup\co\cookies.txt\46569_59030f2d8_/cookies.txt -> TrackingCookie.2o7 : Error during cleaning.
:mozilla.366:C:\Program Files\support.com\backup\co\cookies.txt\46963_507fdce13_/cookies.txt -> TrackingCookie.2o7 : Error during cleaning.
:mozilla.367:C:\Program Files\support.com\backup\co\cookies.txt\46619_589cb09da_/cookies.txt -> TrackingCookie.2o7 : Error during cleaning.
:mozilla.368:C:\Program Files\support.com\backup\co\cookies.txt\46274_51a94bcb8_/cookies.txt -> TrackingCookie.2o7 : Error during cleaning.
:mozilla.369:C:\Program Files\support.com\backup\co\cookies.txt\47203_59a3f466c_/cookies.txt -> TrackingCookie.2o7 : Error during cleaning.
:mozilla.36:C:\Program Files\support.com\backup\co\cookies.txt\20547_5ddff5c1d_/cookies.txt -> TrackingCookie.2o7 : Error during cleaning.
:mozilla.36:C:\Program Files\support.com\backup\co\cookies.txt\20693_50655e19d_/cookies.txt -> TrackingCookie.2o7 : Error during cleaning.
:mozilla.36:C:\Program Files\support.com\backup\co\cookies.txt\21532_514c2705a_/cookies.txt -> TrackingCookie.2o7 : Error during cleaning.
:mozilla.36:C:\Program Files\support.com\backup\co\cookies.txt\23025_5c822bee4_/cookies.txt -> TrackingCookie.2o7 : Error during cleaning.
:mozilla.36:C:\Program Files\support.com\backup\co\cookies.txt\27933_573cf9c84_/cookies.txt -> TrackingCookie.2o7 : Error during cleaning.
:mozilla.36:C:\Program Files\support.com\backup\co\cookies.txt\28155_529c96aa8_/cookies.txt -> TrackingCookie.2o7 : Error during cleaning.
:mozilla.36:C:\Program Files\support.com\backup\co\cookies.txt\28163_5c9cf84e0_/cookies.txt -> TrackingCookie.2o7 : Error during cleaning.
:mozilla.36:C:\Program Files\support.com\backup\co\cookies.txt\46619_589cb09da_/cookies.txt -> TrackingCookie.2o7 : Error during cleaning.
:mozilla.36:C:\Program Files\support.com\backup\co\cookies.txt\47343_5d03b71bd_/cookies.txt -> TrackingCookie.2o7 : Error during cleaning.
:mozilla.370:C:\Program Files\support.com\backup\co\cookies.txt\47343_5d03b71bd_/cookies.txt -> TrackingCookie.2o7 : Error during cleaning.
:mozilla.372:C:\Program Files\support.com\backup\co\cookies.txt\48429_56c60f278_/cookies.txt -> TrackingCookie.2o7 : Error during cleaning.
:mozilla.376:C:\Program Files\support.com\backup\co\cookies.txt\46963_507fdce13_/cookies.txt -> TrackingCookie.2o7 : Error during cleaning.
:mozilla.379:C:\Program Files\support.com\backup\co�
  • 0

#14
trouter

trouter

    Member

  • Topic Starter
  • Member
  • PipPip
  • 22 posts
more of AVG... actually, upon further reflection - these files are huge, requiring many posts. AVG is 1.02MB, Panda 453KB, and mostly filled with cookie files.
Should I just paste the non-cookie findings, or get rid of them before the scans (if so, whats the best way?), or do you really want to see everything?

Here's the new Hijack this, in case it's of value...

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:24:48 PM, on 1/20/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\Program Files\Microsoft Money\System\mnyexpr.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposol08.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\WINDOWS\System32\MsPMSPSv.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\Documents and Settings\Trevan\Desktop\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://news.bbc.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
N4 - Mozilla: user_pref("browser.startup.homepage", "http://www.google.com/"); (C:\Documents and Settings\TREVAN\Application Data\Mozilla\Profiles\default\8gfaju0c.slt\prefs.js)
N4 - Mozilla: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\TREVAN\Application Data\Mozilla\Profiles\default\8gfaju0c.slt\prefs.js)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [VirusScan Online] c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1
O4 - HKCU\..\Run: [SpybotSD TeaTimer] "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] "C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe"
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
O4 - Global Startup: officejet 6100.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: ComcastHSI - {669B269B-0D4E-41FB-A3D8-FD67CA94F646} - http://www.comcast.net/ (file missing)
O9 - Extra button: Support - {8828075D-D097-4055-AA02-2DBFA9D85E8A} - http://www.comcastsupport.com/ (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Help - {97809617-3937-4F84-B335-9BB05EF1A8D4} - http://online.comcast.net/help/ (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www2.snapfish...fishActivia.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcaf...84/mcinsctl.cab
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://www.nick.com/.../GrooveAX27.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.c.../cpcScanner.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcaf...,21/mcgdmgr.cab
O16 - DPF: {FE5B9F54-7764-4C01-89F0-4862601EE954} (DigWebHelper Class) - http://photos.msn.co....cab?10,0,910,0
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: khfebbx - C:\WINDOWS\
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\SYSTEM32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Mcafee.com Corporation - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: Intel® NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

--
End of file - 9602 bytes
  • 0

#15
Cookiegal

Cookiegal

    Visiting Consultant

  • Visiting Consultant
  • 887 posts
Delete the cookies that AVG-AS said it couldn't clean that are in the C:\Program Files\support.com\backup\co folder.

If you could upload the Panda scan as an attachment, that would be good. Don't worry about other cookies.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP