Welcome, Guest. Please Login or Register.
Search
Members
Login
Register
   Mischel Internet Security Forum
   Malware
   Adware, Browser Hijackers and other Malware (Moderators: Helena, Gavin_Coe, Magnus)
   hijack this scan log		 « Previous topic | Next topic »
Pages: 1 2 3  ...  7 Reply Reply  Notify of replies Notify of replies   Send Topic Send Topic   Print Print
   Author  Topic: hijack this scan log  (Read 6318 times)
Big_R
Full Member
***





   
WWW  

Gender: male
 Posts: 156
hijack this scan log
« on: Apr 27th, 2008, 11:22pm »		 Quote Quote  Modify Modify
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
C:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\MySpace\IM\MySpaceIM.exe
C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe
C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\MySpace\IM\MySpaceIM.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\HP\KBD\KBD.EXE
c:\windows\system\hpsysdrv.exe
C:\Program Files\DISC\DISCover.exe
C:\Program Files\DISC\DiscUpdMgr.exe
C:\Program Files\DISC\DiscStreamHub.exe
C:\Program Files\AIM95\aim.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\Common Files\AOL\Loader\aolload.exe
C:\Program Files\AIM6\aim6.exe
C:\WINDOWS\system32\drwtsn32.exe
C:\WINDOWS\system32\drwtsn32.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\system32\drwtsn32.exe
c:\program files\aim6\anotify.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\HP_Administrator\Desktop\HijackThis.exe
 
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_U S&c=64&bd=PAVILION&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_U S&c=64&bd=PAVILION&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_U S&c=64&bd=PAVILION&pf=desktop
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US& amp;c=64&bd=PAVILION&pf=desktop
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_U S&c=64&bd=PAVILION&pf=desktop
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: hpWebHelper Class - {AAAE832A-5FFF-4661-9C8F-369692D1DCB9} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca, C=US\plugin\WebHelper.dll
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll
O3 - Toolbar: &Save Flash - {4064EA35-578D-4073-A834-C96D82CBCF40} - C:\Program Files\Save Flash\SaveFlash.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [ftutil2] rundll32.exe ftutil2.dll,SetWriteCacheMode
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
O4 - HKLM\..\Run: [DMAScheduler] "c:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe"
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - Startup: Cyber-shot Viewer Media Check Tool.lnk = C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Updates From HP.lnk = C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll
O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca, C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca, C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O15 - Trusted Zone: http://*.trymedia.com (HKLM)
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe" -r (file missing)
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
 
 
 
 
anything seem wrong?
IP Logged
siliconman01
Global Moderator
*****



Trojans! Chew 'em Up, Spit 'em Out...

   


Gender: male
 Posts: 7357
Re: hijack this scan log
« Reply #1 on: Apr 27th, 2008, 11:54pm »		 Quote Quote  Modify Modify
Everything appears to be okay.  Cheesy
 
Are you experiencing some strange events?  
 
Did you intentionally add the following to your Trusted Sites in IE.  If not, you should remove it.
 
 
O15 - Trusted Zone: http://*.trymedia.com (HKLM)  
 
Your JAVA applet is severely out-of-date.  You should upgrade it.
 
http://java.sun.com/javase/downloads/index.jsp
 
Download/install the Java Runtime Environment (JRE) 6 Update 6 component.  After you get the update installed, be sure to remove all older versions of Java via the Control Panel>Add or Remove Programs.
« Last Edit: Apr 27th, 2008, 11:58pm by siliconman01 » IP Logged
______
TrojanHunter V5.5.1002...No. 1 AT in my Book and on my Box(es)! Windows 7 x64 Professional on a Dell XPS 410, 8 gbyte RAM, dual WD VelociRaptors, dual 24" UltraSharp FPD monitors, Logitech 5.1 Surround Sound; Windows 7 x86 Professional on a Dell Vostro 220s, 4 gbyte RAM, dual WD VelociRaptors. Common: router, cable modem.
Big_R
Full Member
***





   
WWW  

Gender: male
 Posts: 156
Re: hijack this scan log
« Reply #2 on: May 28th, 2008, 10:32am »		 Quote Quote  Modify Modify
on Apr 27th, 2008, 11:54pm, siliconman01 wrote:
Everything appears to be okay.  Cheesy
 
Are you experiencing some strange events?  
 
Did you intentionally add the following to your Trusted Sites in IE.  If not, you should remove it.
 
 
O15 - Trusted Zone: http://*.trymedia.com (HKLM)  
 
Your JAVA applet is severely out-of-date.  You should upgrade it.
 
http://java.sun.com/javase/downloads/index.jsp
 
Download/install the Java Runtime Environment (JRE) 6 Update 6 component.  After you get the update installed, be sure to remove all older versions of Java via the Control Panel>Add or Remove Programs.

 
i dont think so and how do i remove it through hijack this?
 
 
 
and heres an updated hi jack cuz something randomly popped up when i open my browser so i think its spyware
 
 
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
C:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\HP\KBD\KBD.EXE
c:\windows\system\hpsysdrv.exe
C:\Program Files\DISC\DISCover.exe
C:\Program Files\DISC\DiscUpdMgr.exe
C:\Program Files\DISC\DiscStreamHub.exe
C:\Program Files\Winamp\winamp.exe
C:\Program Files\AIM95\aim.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\HP_Administrator\Desktop\HijackThis.exe
 
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_U S&c=64&bd=PAVILION&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_U S&c=64&bd=PAVILION&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_U S&c=64&bd=PAVILION&pf=desktop
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US& amp;c=64&bd=PAVILION&pf=desktop
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_U S&c=64&bd=PAVILION&pf=desktop
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O3 - Toolbar: &Save Flash - {4064EA35-578D-4073-A834-C96D82CBCF40} - C:\Program Files\Save Flash\SaveFlash.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [ftutil2] rundll32.exe ftutil2.dll,SetWriteCacheMode
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
O4 - HKLM\..\Run: [DMAScheduler] "c:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe"
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [BM5c09fe4f] Rundll32.exe "C:\WINDOWS\system32\raoypgux.dll",s
O4 - HKLM\..\Run: [5f3acdd3] rundll32.exe "C:\WINDOWS\system32\lyrapyds.dll",b
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Updates From HP.lnk = C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll
O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca, C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca, C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O15 - Trusted Zone: http://*.trymedia.com (HKLM)
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe" -r (file missing)
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
 
IP Logged
Big_R
Full Member
***





   
WWW  

Gender: male
 Posts: 156
Re: hijack this scan log
« Reply #3 on: May 28th, 2008, 10:36am »		 Quote Quote  Modify Modify
also this popped up from firefox
 
 
http://i28.tinypic.com/30lfjw1.jpg
 
 
so im guessing it spyware Sad
IP Logged
siliconman01
Global Moderator
*****



Trojans! Chew 'em Up, Spit 'em Out...

   


Gender: male
 Posts: 7357
Re: hijack this scan log
« Reply #4 on: May 28th, 2008, 1:39pm »		 Quote Quote  Modify Modify
Yes, you are infected.  You need to run security scans and remove the infection.
 
Please do the following:  
  
1.  Go to the link below and download program Combofix.exe and save it on your desktop.  
  
http://download.bleepingcomputer.com/sUBs/ComboFix.exe  
  
2.  Temporarily de-activate all your security programs EXCEPT your software firewall.  
  
3.  Close down as many programs as you can (programs in the Notification Tray-  next to the clock).  
  
4.  Close your browser.  
  
5.  Double click on Combofix.exe to execute it and follow the instructions.  
  
Please note, that once you start ComboFix you should not click anywhere on the ComboFix window as it can cause the program to stall. In fact, when ComboFix is running, do not touch your computer at all and just take a break as it may take a while for it to complete.
  
-  When Combofix.exe is finished, it will save a log on your system.      
 
6.  Scan with TrojanHunter and with your computer in SAFE MODE.  BE SURE to update to the latest rulesets for TrojanHunter (issued every day) before rebooting into SAFE MODE.  Let TH quarantine what it finds.
 
7.  Update your normal antivirus program's rules and scan your full computer with your AV.
 
8.  Post the Combofix log back here.  
 
9.  Post a new HJT log back here after you complete the two above scans.
« Last Edit: May 28th, 2008, 1:50pm by siliconman01 » IP Logged
______
TrojanHunter V5.5.1002...No. 1 AT in my Book and on my Box(es)! Windows 7 x64 Professional on a Dell XPS 410, 8 gbyte RAM, dual WD VelociRaptors, dual 24" UltraSharp FPD monitors, Logitech 5.1 Surround Sound; Windows 7 x86 Professional on a Dell Vostro 220s, 4 gbyte RAM, dual WD VelociRaptors. Common: router, cable modem.
siliconman01
Global Moderator
*****



Trojans! Chew 'em Up, Spit 'em Out...

   


Gender: male
 Posts: 7357
Re: hijack this scan log
« Reply #5 on: May 28th, 2008, 2:19pm »		 Quote Quote  Modify Modify
After you have completed the above post items and posted the requested logs, clear Combofix.exe off your computer.
 
1.  Delete Combofix.exe from your desktop.
 
2.  Delete the Combofix log file  
 
3.  Delete the Combofix quarantine folder Qoobox which is at C:\Windows\Qoobox.
 
4.  Empty your Recycle Bin
« Last Edit: May 28th, 2008, 2:20pm by siliconman01 » IP Logged
______
TrojanHunter V5.5.1002...No. 1 AT in my Book and on my Box(es)! Windows 7 x64 Professional on a Dell XPS 410, 8 gbyte RAM, dual WD VelociRaptors, dual 24" UltraSharp FPD monitors, Logitech 5.1 Surround Sound; Windows 7 x86 Professional on a Dell Vostro 220s, 4 gbyte RAM, dual WD VelociRaptors. Common: router, cable modem.
Big_R
Full Member
***





   
WWW  

Gender: male
 Posts: 156
Re: hijack this scan log
« Reply #6 on: May 28th, 2008, 3:05pm »		 Quote Quote  Modify Modify
is it possible for you to give me a link to download trojan hunter? because i cant search on google or go to yahoo
IP Logged
siliconman01
Global Moderator
*****



Trojans! Chew 'em Up, Spit 'em Out...

   


Gender: male
 Posts: 7357
Re: hijack this scan log
« Reply #7 on: May 28th, 2008, 3:07pm »		 Quote Quote  Modify Modify
The "Download TrojanHunter Now" link is at the top of this forum page.
 
After you install the Trial Version of TrojanHunter, you will have to manually update the rulesets to get the latest ones.  The link below is for manually updating.  
 
http://www.misec.net/trojanhunter/updating/
« Last Edit: May 28th, 2008, 3:10pm by siliconman01 » IP Logged
______
TrojanHunter V5.5.1002...No. 1 AT in my Book and on my Box(es)! Windows 7 x64 Professional on a Dell XPS 410, 8 gbyte RAM, dual WD VelociRaptors, dual 24" UltraSharp FPD monitors, Logitech 5.1 Surround Sound; Windows 7 x86 Professional on a Dell Vostro 220s, 4 gbyte RAM, dual WD VelociRaptors. Common: router, cable modem.
Big_R
Full Member
***





   
WWW  

Gender: male
 Posts: 156
Re: hijack this scan log
« Reply #8 on: May 28th, 2008, 4:54pm »		 Quote Quote  Modify Modify
hi jack this
 
 
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
C:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\Winamp\winampa.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\TrojanHunter 5.0\THGuard.exe
C:\WINDOWS\system32\Rundll32.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\Program Files\MySpace\IM\MySpaceIM.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\MySpace\IM\MySpaceIM.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\HP\KBD\KBD.EXE
c:\windows\system\hpsysdrv.exe
C:\Program Files\DISC\DISCover.exe
C:\Program Files\DISC\DiscUpdMgr.exe
C:\Program Files\DISC\DiscStreamHub.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\HP_Administrator\Desktop\HijackThis.exe
 
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_U S&c=64&bd=PAVILION&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_U S&c=64&bd=PAVILION&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US& amp;c=64&bd=PAVILION&pf=desktop
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: (no name) - {4B1ED9DB-5585-43EA-8BBB-95183E3286D9} - C:\WINDOWS\system32\opnnkihh.dll (file missing)
O2 - BHO: (no name) - {522E0112-EDD9-413D-A99E-C311A54B6676} - C:\WINDOWS\system32\awtsQJCt.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: hpWebHelper Class - {AAAE832A-5FFF-4661-9C8F-369692D1DCB9} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca, C=US\plugin\WebHelper.dll
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll
O2 - BHO: {95c2e3a9-4842-ebe9-2634-c8adc040c60f} - {f06c040c-da8c-4362-9ebe-24849a3e2c59} - C:\WINDOWS\system32\kytpdvkt.dll
O3 - Toolbar: &Save Flash - {4064EA35-578D-4073-A834-C96D82CBCF40} - C:\Program Files\Save Flash\SaveFlash.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [ftutil2] rundll32.exe ftutil2.dll,SetWriteCacheMode
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
O4 - HKLM\..\Run: [DMAScheduler] "c:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe"
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [5f3acdd3] rundll32.exe "C:\WINDOWS\system32\vpkvllpw.dll",b
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 5.0\THGuard.exe"
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe"
O4 - HKLM\..\Run: [BM5c09fe4f] Rundll32.exe "C:\WINDOWS\system32\poqbcduv.dll",s
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Updates From HP.lnk = C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll
O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca, C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca, C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O15 - Trusted Zone: http://*.trymedia.com (HKLM)
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O20 - Winlogon Notify: awtsQJCt - C:\WINDOWS\SYSTEM32\awtsQJCt.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe" -r (file missing)
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
IP Logged
Big_R
Full Member
***





   
WWW  

Gender: male
 Posts: 156
Re: hijack this scan log
« Reply #9 on: May 28th, 2008, 4:55pm »		 Quote Quote  Modify Modify
combo fix
 
ComboFix 08-05-27.4 - HP_Administrator 2008-05-28 13:12:42.1 - NTFSx86
Microsoft Windows XP Professional  5.1.2600.2.1252.1.1033.18.428 [GMT -7:00]
Running from: C:\Documents and Settings\HP_Administrator\Desktop\ComboFix.exe
 * Created a new restore point
.
 
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
 
C:\WINDOWS\BM5c09fe4f.xml
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\bmhtooqw.ini
C:\WINDOWS\system32\hOpXIkkj.ini
C:\WINDOWS\system32\hOpXIkkj.ini2
C:\WINDOWS\system32\jkkIXpOh.dll
C:\WINDOWS\system32\lyrapyds.dll
C:\WINDOWS\system32\nabfkrdr.exe
C:\WINDOWS\system32\pmvfssbo.dll
C:\WINDOWS\system32\raoypgux.dll
C:\WINDOWS\system32\sdyparyl.ini
C:\WINDOWS\system32\wqoothmb.dll
D:\Autorun.inf
 
.
(((((((((((((((((((((((((   Files Created from 2008-04-28 to 2008-05-28  )))))))))))))))))))))))))))))))
.
 
2008-05-28 13:23 . 2008-05-28 13:23372,736--a------C:\WINDOWS\system32\opnnkihh.dll
2008-05-28 13:23 . 2008-05-28 13:23345--ahs----C:\WINDOWS\system32\hhiknnpo.ini2
2008-05-28 13:23 . 2008-05-28 13:26345--ahs----C:\WINDOWS\system32\hhiknnpo.ini
2008-05-27 13:51 . 2008-05-27 13:5158,880--a------C:\WINDOWS\system32\awtsQJCt.dll
2008-05-11 05:28 . 2008-05-11 05:28268--ah-----C:\sqmdata01.sqm
2008-05-11 05:28 . 2008-05-11 05:28244--ah-----C:\sqmnoopt01.sqm
2008-05-11 05:25 . 2008-05-11 05:25268--ah-----C:\sqmdata00.sqm
2008-05-11 05:25 . 2008-05-11 05:25244--ah-----C:\sqmnoopt00.sqm
2008-05-07 21:18 . 2008-05-07 21:18<DIR>dr-h-----C:\Documents and Settings\HP_Administrator\Application Data\SecuROM
2008-05-07 21:18 . 2008-05-07 21:18108,144--a------C:\WINDOWS\system32\CmdLineExt.dll
2008-05-07 21:09 . 2008-05-07 21:09<DIR>d--------C:\Program Files\Atari
 
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-28 20:25512,032--sha-wC:\WINDOWS\system32\drivers\fidbox2.dat
2008-05-28 20:2539,983,136--sha-wC:\WINDOWS\system32\drivers\fidbox.dat
2008-05-28 20:24---------d-----wC:\Documents and Settings\HP_Administrator\Application Data\AdobeUM
2008-05-28 20:24---------d-----wC:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-05-28 20:21536,492--sha-wC:\WINDOWS\system32\drivers\fidbox.idx
2008-05-28 20:2148,980--sha-wC:\WINDOWS\system32\drivers\fidbox2.idx
2008-05-22 03:55---------d-----wC:\Documents and Settings\HP_Administrator\Application Data\Aim
2008-05-20 21:47---------d-----wC:\Program Files\Java
2008-05-19 16:15---------d-----wC:\Program Files\Winamp
2008-05-11 12:28---------d-----wC:\Program Files\Windows Live
2008-04-25 20:07---------d-----wC:\Program Files\Common Files\AOL
2008-04-20 05:16---------d-----wC:\Documents and Settings\HP_Administrator\Application Data\acccore
2008-04-20 05:15---------d-----wC:\Program Files\AIM6
2008-04-20 05:15---------d-----wC:\Documents and Settings\All Users\Application Data\Viewpoint
2008-04-20 05:15---------d-----wC:\Documents and Settings\All Users\Application Data\AOL
2008-04-20 05:14---------d-----wC:\Documents and Settings\All Users\Application Data\AOL Downloads
2008-04-17 22:51---------d-----wC:\Documents and Settings\HP_Administrator\Application Data\Vso
2008-04-17 20:24---------d-----wC:\Program Files\Replay Converter
2008-04-17 20:21737,280----a-wC:\WINDOWS\iun6002.exe
2008-04-17 20:21---------d-----wC:\Documents and Settings\HP_Administrator\Application Data\GetRightToGo
2008-04-10 04:21---------d-----wC:\Program Files\FlashFXP
2008-04-06 13:43---------d-----wC:\Program Files\HP
2008-04-01 06:51---------d-----wC:\Documents and Settings\All Users\Application Data\FlashFXP
2008-03-27 08:12151,583------wC:\WINDOWS\system32\msjint40.dll
2008-03-27 08:12151,583------wC:\WINDOWS\system32\dllcache\msjint40.dll
2008-03-19 09:471,845,248----a-wC:\WINDOWS\system32\win32k.sys
2008-03-19 09:471,845,248------wC:\WINDOWS\system32\dllcache\win32k.sys
2008-03-02 01:363,591,680----a-wC:\WINDOWS\system32\dllcache\mshtml.dll
2008-02-29 08:5570,656----a-wC:\WINDOWS\system32\dllcache\ie4uinit.exe
2008-02-29 08:55625,664----a-wC:\WINDOWS\system32\dllcache\iexplore.exe
2007-12-29 02:170----a-wC:\Documents and Settings\HP_Administrator\Application Data\wklnhst.dat
2007-12-06 01:1287,608----a-wC:\Documents and Settings\HP_Administrator\Application Data\inst.exe
2007-12-06 01:1247,360----a-wC:\Documents and Settings\HP_Administrator\Application Data\pcouffin.sys
2007-03-09 07:1227,648--sha-wC:\WINDOWS\system32\AVSredirect.dll
.
 
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown  
REGEDIT4
 
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{522E0112-EDD9-413D-A99E-C311A54B6676}]
2008-05-27 13:5158880--a------C:\WINDOWS\system32\awtsQJCt.dll
 
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{729CD527-2990-4873-9ED3-F018BFAECE15}]
2008-05-28 13:23372736--a------C:\WINDOWS\system32\opnnkihh.dll
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [ ]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [ ]
"MySpaceIM"="C:\Program Files\MySpace\IM\MySpaceIM.exe" [2008-02-01 13:32 8699904]
"Aim6"="C:\Program Files\AIM6\aim6.exe" [2006-11-07 08:29 50736]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 16:45 313472]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-09-29 14:01 67584]
"ftutil2"="ftutil2.dll" [2004-06-07 07:05 106496 C:\WINDOWS\system32\ftutil2.dll]
"RTHDCPL"="RTHDCPL.EXE" [2006-06-13 13:05 16239616 C:\WINDOWS\RTHDCPL.EXE]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2006-03-23 06:13 77824]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2006-03-23 06:17 118784]
"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2006-02-21 09:59 143360]
"DMAScheduler"="c:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe" [2006-04-13 02:05 90112]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2005-07-22 15:14 237568]
"PCDrProfiler"="" []
"HPBootOp"="C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2006-02-15 15:34 249856]
"Reminder"="C:\Windows\Creator\Remind_XP.exe" [2004-12-13 19:23 663552]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [ ]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"InCD"="C:\Program Files\Ahead\InCD\InCD.exe" [2002-09-12 10:13 1101824]
"HP Software Update"="C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 16:24 54840]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2008-04-01 11:49 36352]
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe" [2007-06-28 13:51 218376]
"BM5c09fe4f"="C:\WINDOWS\system32\poqbcduv.dll" [2008-05-28 13:27 126464]
 
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"MySpaceIM"="C:\Program Files\MySpace\IM\MySpaceIM.exe" [2008-02-01 13:32 8699904]
 
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26 29696]
Updates From HP.lnk - C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe [2006-10-19 23:33:45 36903]
 
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme
 
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{522E0112-EDD9-413D-A99E-C311A54B6676}"= C:\WINDOWS\system32\awtsQJCt.dll [2008-05-27 13:51 58880]
 
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\awtsQJCt]
awtsQJCt.dll 2008-05-27 13:51 58880 C:\WINDOWS\system32\awtsQJCt.dll
 
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.iac2"= C:\PROGRA~1\REPLAY~1\iac25_32.ax
 
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication PackagesREG_MULTI_SZ   msv1_0 C:\WINDOWS\system32\opnnkihh
 
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
 
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
 
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
 
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\DISC\\DISCover.exe"=
"C:\\Program Files\\DISC\\DiscStreamHub.exe"=
"C:\\Program Files\\DISC\\myFTP.exe"=
"C:\\Program Files\\Updates from HP\\9972322\\Program\\Updates from HP.exe"=
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Kaspersky Lab\\Kaspersky Anti-Virus 7.0\\avp.exe"=
"C:\\Program Files\\AIM95\\aim.exe"=
"C:\\Documents and Settings\\HP_Administrator\\Application Data\\SopCast\\adv\\SopAdver.exe"=
"C:\\Program Files\\MySpace\\IM\\MySpaceIM.exe"=
"C:\\Program Files\\FlashFXP\\FlashFXP.exe"=
"C:\\Program Files\\AIM6\\aim6.exe"=
 
R0 BsStor;InCD Storage Helper Driver;C:\WINDOWS\system32\DRIVERS\bsstor.sys [2002-06-05 16:07]
R2 BsUDF;InCD UDF Driver;C:\WINDOWS\system32\drivers\BsUDF.sys [2002-09-13 05:35]
R2 Viewpoint Manager Service;Viewpoint Manager Service;"C:\Program Files\Viewpoint\Common\ViewpointService.exe" [2007-01-04 14:38]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [2007-04-04 15:58]
 
.
************************************************************************ **
 
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-28 13:24:22
Windows 5.1.2600 Service Pack 2 NTFS
 
scanning hidden processes ...  
 
scanning hidden autostart entries ...
 
scanning hidden files ...  
 
scan completed successfully
hidden files: 0
 
************************************************************************ **
.
--------------------- DLLs Loaded Under Running Processes ---------------------
 
PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\WINDOWS\system32\awtsQJCt.dll
 
PROCESS: C:\WINDOWS\explorer.exe
-> C:\WINDOWS\system32\poqbcduv.dll
-> C:\WINDOWS\system32\opnnkihh.dll
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\ehome\ehrecvr.exe
C:\WINDOWS\ehome\ehSched.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\ehome\ehmsas.exe
C:\WINDOWS\system32\rundll32.exe
C:\hp\KBD\kbd.exe
.
************************************************************************ **
.
Completion time: 2008-05-28 13:32:41 - machine was rebooted
ComboFix-quarantined-files.txt  2008-05-28 20:32:22
 
Pre-Run: 8,639,696,896 bytes free
Post-Run: 11,458,510,848 bytes free
 
186--- E O F ---2008-05-16 10:01:42
IP Logged
siliconman01
Global Moderator
*****



Trojans! Chew 'em Up, Spit 'em Out...

   


Gender: male
 Posts: 7357
Re: hijack this scan log
« Reply #10 on: May 28th, 2008, 5:18pm »		 Quote Quote  Modify Modify
Okay, ComboFix picked up a lot of infections and removed them.  However, it did not get them all.  I assume that you ran the requested TrojanHunter scan in SAFE MODE too.
 
Please do this:
 
1.  Make all your files and folders visible via the procedure in the link below.
 
http://www.misec.net/forum/board/FAQ/1139610900
 
2.  Locate the following files on your system and submit them to Mischel Internet Security for analysis.  
 
awtsQJCt.dll
vpkvllpw.dll
poqbcduv.dll
 
The link below describes how to submit files.
 
http://www.misec.net/forum/board/FAQ/1139308293
 
3.  Then download/install the free version-Home Users of SuperAntiSpyware at the link below.
 
http://www.superantispyware.com/
 
BE SURE to update its definitions to the latest definitions.
 
-  The link below provides the manual update link for the free version of Superantispyware.  At the bottom of the web page it states how to perform the update.
 
http://www.superantispyware.com/definitions.html
 
4.  Reboot your computer into SAFE MODE
 
5.  Run a COMPLETE SCAN of your system with SuperAntispyware.  Let it quarantine what it finds.
 
6.  Reboot back into Normal Mode
 
7.  Post the SuperAntispyware scan log
 
8.  Post a new Hijackthis Log.
 
 
 
 
 
 
IP Logged
______
TrojanHunter V5.5.1002...No. 1 AT in my Book and on my Box(es)! Windows 7 x64 Professional on a Dell XPS 410, 8 gbyte RAM, dual WD VelociRaptors, dual 24" UltraSharp FPD monitors, Logitech 5.1 Surround Sound; Windows 7 x86 Professional on a Dell Vostro 220s, 4 gbyte RAM, dual WD VelociRaptors. Common: router, cable modem.
Big_R
Full Member
***





   
WWW  

Gender: male
 Posts: 156
Re: hijack this scan log
« Reply #11 on: May 28th, 2008, 5:35pm »		 Quote Quote  Modify Modify
i searched and found
 
awtsQJCt.dll
poqbcduv.dll
 
 
but the  vpkvllpw.dll couldnt be found
 
 
 
and my browser isnt loading yahoo or gmail or hotmail for me, is there another way to email?
IP Logged
Big_R
Full Member
***





   
WWW  

Gender: male
 Posts: 156
Re: hijack this scan log
« Reply #12 on: May 28th, 2008, 9:09pm »		 Quote Quote  Modify Modify

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
C:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\TrojanHunter 5.0\THGuard.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\Program Files\MySpace\IM\MySpaceIM.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\MySpace\IM\MySpaceIM.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\HP\KBD\KBD.EXE
c:\windows\system\hpsysdrv.exe
C:\Program Files\DISC\DISCover.exe
C:\Program Files\DISC\DiscUpdMgr.exe
C:\Program Files\DISC\DiscStreamHub.exe
C:\Documents and Settings\HP_Administrator\Desktop\HijackThis.exe
 
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_U S&c=64&bd=PAVILION&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_U S&c=64&bd=PAVILION&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US& amp;c=64&bd=PAVILION&pf=desktop
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: (no name) - {4B1ED9DB-5585-43EA-8BBB-95183E3286D9} - C:\WINDOWS\system32\opnnkihh.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: hpWebHelper Class - {AAAE832A-5FFF-4661-9C8F-369692D1DCB9} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca, C=US\plugin\WebHelper.dll
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll
O3 - Toolbar: &Save Flash - {4064EA35-578D-4073-A834-C96D82CBCF40} - C:\Program Files\Save Flash\SaveFlash.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [ftutil2] rundll32.exe ftutil2.dll,SetWriteCacheMode
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
O4 - HKLM\..\Run: [DMAScheduler] "c:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe"
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 5.0\THGuard.exe"
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe"
O4 - HKLM\..\Run: [5f3acdd3] rundll32.exe "C:\WINDOWS\system32\quxekbka.dll",b
O4 - HKLM\..\Run: [BM5c09fe4f] Rundll32.exe "C:\WINDOWS\system32\pixwscsy.dll",s
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Updates From HP.lnk = C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll
O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca, C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca, C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O15 - Trusted Zone: http://*.trymedia.com (HKLM)
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe" -r (file missing)
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
IP Logged
Big_R
Full Member
***





   
WWW  

Gender: male
 Posts: 156
Re: hijack this scan log
« Reply #13 on: May 28th, 2008, 9:12pm »		 Quote Quote  Modify Modify
SUPERAntiSpyware Scan Log
http://www.superantispyware.com
 
Generated 05/28/2008 at 07:04 PM
 
Application Version : 4.1.1046
 
Core Rules Database Version : 3470
Trace Rules Database Version: 1461
 
Scan type  : Complete Scan
Total Scan Time : 00:26:03
 
Memory items scanned : 154
Memory threats detected   : 2
Registry items scanned    : 5467
Registry threats detected : 20
File items scanned   : 24903
File threats detected     : 69
 
Trojan.Vundo-Variant/Small
C:\WINDOWS\SYSTEM32\AWTSQJCT.DLL
C:\WINDOWS\SYSTEM32\AWTSQJCT.DLL
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2873d5e4-e853-4912-b48e-f5d47536fd1f}
HKCR\CLSID\{2873D5E4-E853-4912-B48E-F5D47536FD1F}
HKCR\CLSID\{2873D5E4-E853-4912-B48E-F5D47536FD1F}\InprocServer32
HKCR\CLSID\{2873D5E4-E853-4912-B48E-F5D47536FD1F}\InprocServer32#Threadi ngModel
C:\WINDOWS\SYSTEM32\QFFTYSWQ.DLL
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{42E218CF-3097-435A-91BA-D0BDA357DCE1}
HKCR\CLSID\{42E218CF-3097-435A-91BA-D0BDA357DCE1}
HKCR\CLSID\{42E218CF-3097-435A-91BA-D0BDA357DCE1}\InprocServer32
HKCR\CLSID\{42E218CF-3097-435A-91BA-D0BDA357DCE1}\InprocServer32#Threadi ngModel
Software\Microsoft\Windows NT\CurrentVersion\WinLogon\Notify\awtsQJCt
C:\WINDOWS\SYSTEM32\IQQFFMNA.DLL
C:\WINDOWS\SYSTEM32\KYTPDVKT.DLL
C:\WINDOWS\SYSTEM32\PIXWSCSY.DLL
C:\WINDOWS\SYSTEM32\POQBCDUV.DLL
C:\WINDOWS\SYSTEM32\QUXEKBKA.DLL
 
Adware.Vundo Variant/Resident
C:\WINDOWS\SYSTEM32\IIFCTJBT.DLL
C:\WINDOWS\SYSTEM32\IIFCTJBT.DLL
 
Adware.Vundo Variant
HKLM\Software\Classes\CLSID\{522E0112-EDD9-413D-A99E-C311A54B6676}
HKCR\CLSID\{522E0112-EDD9-413D-A99E-C311A54B6676}
HKCR\CLSID\{522E0112-EDD9-413D-A99E-C311A54B6676}\InprocServer32
HKCR\CLSID\{522E0112-EDD9-413D-A99E-C311A54B6676}\InprocServer32#Threadi ngModel
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{522E0112-EDD9-413D-A99E-C311A54B6676}
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHook s#{522E0112-EDD9-413D-A99E-C311A54B6676}
HKCR\CLSID\{522E0112-EDD9-413D-A99E-C311A54B6676}
 
Adware.Tracking Cookie
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@adecn[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@interclick[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@ads.adgoto[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@media6degrees[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@ad1.doublepimp[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@freeadultmedia[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@tour.sexsearchcom[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@image.masterstats[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@www.burstbeacon[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@yadro[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@www.24porn7[3].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@ads.revsci[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@atdmt[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@eas.apm.emediate[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@kinxxx[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@ads.kinxxx[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@richmedia.yahoo[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@adultadworld[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@precisionclick[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@www.24porn7[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@www.fpctraffic2[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@www.mypornlounge[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@ad1.clickhype[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@ads.str8up[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@a.websponsors[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@eyewonder[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@azjmp[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@ad2.doublepimp[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@nakedonthestreets[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@www.videocunts[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@secretxxxvideo[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@sexyandfunny[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@imrworldwide[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@adopt.specificclick[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@media.mtvnservices[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@sexsearchcom[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@www.likecrack[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@kinxxx[3].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@www.megaporndump[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@ads.joinaxxess[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@cdn.atwola[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@www.googleadservices[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@atwola[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@burstnet[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@2o7[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@advertising[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@ads4.blastro[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@2.adbrite[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@doubleclick[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@collective-media[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@hornymatches[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@mypornlounge[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@ar.atwola[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@clicksor[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@server.cpmstar[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@bp.specificclick[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@enhance[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@82.98.235[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@revsci[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@exitexchange[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@megaporndump[1].txt
 
IP Logged
Big_R
Full Member
***





   
WWW  

Gender: male
 Posts: 156
Re: hijack this scan log
« Reply #14 on: May 28th, 2008, 9:12pm »		 Quote Quote  Modify Modify
.systemerrorfixer.com [ C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\ck82pjdc.default\cookies.txt ]
.systemerrorfixer.com [ C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\ck82pjdc.default\cookies.txt ]
.systemerrorfixer.com [ C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\ck82pjdc.default\cookies.txt ]
.systemerrorfixer.com [ C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\ck82pjdc.default\cookies.txt ]
.systemerrorfixer.com [ C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\ck82pjdc.default\cookies.txt ]
.systemerrorfixer.com [ C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\ck82pjdc.default\cookies.txt ]
secure.systemerrorfixer.com [ C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\ck82pjdc.default\cookies.txt ]
.systemerrorfixer.com [ C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\ck82pjdc.default\cookies.txt ]
.systemerrorfixer.com [ C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\ck82pjdc.default\cookies.txt ]
.systemerrorfixer.com [ C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\ck82pjdc.default\cookies.txt ]
.systemerrorfixer.com [ C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\ck82pjdc.default\cookies.txt ]
.systemerrorfixer.com [ C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\ck82pjdc.default\cookies.txt ]
.systemerrorfixer.com [ C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\ck82pjdc.default\cookies.txt ]
.systemerrorfixer.com [ C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\ck82pjdc.default\cookies.txt ]
secure.systemerrorfixer.com [ C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\ck82pjdc.default\cookies.txt ]
secure.systemerrorfixer.com [ C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\ck82pjdc.default\cookies.txt ]
secure.systemerrorfixer.com [ C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\ck82pjdc.default\cookies.txt ]
secure.systemerrorfixer.com [ C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\ck82pjdc.default\cookies.txt ]
.adnetserver.com [ C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\ck82pjdc.default\cookies.txt ]
.winanonymous.com [ C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\ck82pjdc.default\cookies.txt ]
.winanonymous.com [ C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\ck82pjdc.default\cookies.txt ]
.winanonymous.com [ C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\ck82pjdc.default\cookies.txt ]
.winanonymous.com [ C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\ck82pjdc.default\cookies.txt ]
.winanonymous.com [ C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\ck82pjdc.default\cookies.txt ]
.winanonymous.com [ C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\ck82pjdc.default\cookies.txt ]
.winanonymous.com [ C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\ck82pjdc.default\cookies.txt ]
.winanonymous.com [ C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\ck82pjdc.default\cookies.txt ]
.winanonymous.com [ C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\ck82pjdc.default\cookies.txt ]
.winanonymous.com [ C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\ck82pjdc.default\cookies.txt ]
.winanonymous.com [ C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\ck82pjdc.default\cookies.txt ]
shop.winanonymous.com [ C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\ck82pjdc.default\cookies.txt ]
shop.winanonymous.com [ C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\ck82pjdc.default\cookies.txt ]
shop.winanonymous.com [ C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\ck82pjdc.default\cookies.txt ]
shop.winanonymous.com [ C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\ck82pjdc.default\cookies.txt ]
shop.winanonymous.com [ C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\ck82pjdc.default\cookies.txt ]
m1.webstats.motigo.com [ C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\ck82pjdc.default\cookies.txt ]
optimize.indieclick.com [ C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\ck82pjdc.default\cookies.txt ]
.hornymatches.com [ C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\ck82pjdc.default\cookies.txt ]
.hornymatches.com [ C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\ck82pjdc.default\cookies.txt ]
.hornymatches.com [ C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\ck82pjdc.default\cookies.txt ]
.hornymatches.com [ C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\ck82pjdc.default\cookies.txt ]
.hornymatches.com [ C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\ck82pjdc.default\cookies.txt ]
.hornymatches.com [ C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\ck82pjdc.default\cookies.txt ]
.adultfriendfinder.com [ C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\ck82pjdc.default\cookies.txt ]
.adultfriendfinder.com [ C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\ck82pjdc.default\cookies.txt ]
.adultfriendfinder.com [ C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\ck82pjdc.default\cookies.txt ]
.adultfriendfinder.com [ C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\ck82pjdc.default\cookies.txt ]
.atdmt.com [ C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\ck82pjdc.default\cookies.txt ]
.antispywaresuite.com [ C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\ck82pjdc.default\cookies.txt ]
.antispywaresuite.com [ C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\ck82pjdc.default\cookies.txt ]
.antispywaresuite.com [ C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\ck82pjdc.default\cookies.txt ]
.antispywaresuite.com [ C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\ck82pjdc.default\cookies.txt ]
.antispywaresuite.com [ C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\ck82pjdc.default\cookies.txt ]
.antispywaresuite.com [ C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\ck82pjdc.default\cookies.txt ]
.antispywaresuite.com [ C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\ck82pjdc.default\cookies.txt ]
.antispywaresuite.com [ C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\ck82pjdc.default\cookies.txt ]
.antispywaresuite.com [ C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\ck82pjdc.default\cookies.txt ]
server.lon.liveperson.net [ C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\ck82pjdc.default\cookies.txt ]
server.lon.liveperson.net [ C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\ck82pjdc.default\cookies.txt ]
server.lon.liveperson.net [ C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\ck82pjdc.default\cookies.txt ]
.stat.4u.pl [ C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\ck82pjdc.default\cookies.txt ]
.xiti.com [ C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\ck82pjdc.default\cookies.txt ]
.axxessads.valuead.com [ C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\ck82pjdc.default\cookies.txt ]
.axxessads.valuead.com [ C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\ck82pjdc.default\cookies.txt ]
.axxessads.valuead.com [ C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\ck82pjdc.default\cookies.txt ]
.axxessads.valuead.com [ C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\ck82pjdc.default\cookies.txt ]
.axxessads.valuead.com [ C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\ck82pjdc.default\cookies.txt ]
.axxessads.valuead.com [ C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\ck82pjdc.default\cookies.txt ]
server.iad.liveperson.net [ C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\ck82pjdc.default\cookies.txt ]
server.iad.liveperson.net [ C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\ck82pjdc.default\cookies.txt ]
.apmebf.com [ C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\ck82pjdc.default\cookies.txt ]
.apmebf.com [ C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\ck82pjdc.default\cookies.txt ]
.2o7.net [ C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\ck82pjdc.default\cookies.txt ]
.112.2o7.net [ C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\ck82pjdc.default\cookies.txt ]
.2o7.net [ C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\ck82pjdc.default\cookies.txt ]
.112.2o7.net [ C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\ck82pjdc.default\cookies.txt ]
.112.2o7.net [ C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\ck82pjdc.default\cookies.txt ]
.112.2o7.net [ C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\ck82pjdc.default\cookies.txt ]
.2o7.net [ C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\ck82pjdc.default\cookies.txt ]
.2o7.net [ C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\ck82pjdc.default\cookies.txt ]
.2o7.net [ C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\ck82pjdc.default\cookies.txt ]
data.coremetrics.com [ C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\ck82pjdc.default\cookies.txt ]
stats.sphere.com [ C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\ck82pjdc.default\cookies.txt ]
.rsfind.com [ C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\ck82pjdc.default\cookies.txt ]
.rsfind.com [ C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\ck82pjdc.default\cookies.txt ]
.doubleclick.net [ C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\ck82pjdc.default\cookies.txt ]
.adultadworld.com [ C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\ck82pjdc.default\cookies.txt ]
.adultadworld.com [ C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\ck82pjdc.default\cookies.txt ]
.adultadworld.com [ C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\ck82pjdc.default\cookies.txt ]
.statcounter.com [ C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\ck82pjdc.default\cookies.txt ]
.statcounter.com [ C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\ck82pjdc.default\cookies.txt ]
.statcounter.com [ C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\ck82pjdc.default\cookies.txt ]
.statcounter.com [ C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\ck82pjdc.default\cookies.txt ]
.statcounter.com [ C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\ck82pjdc.default\cookies.txt ]
.statcounter.com [ C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\ck82pjdc.default\cookies.txt ]
.statcounter.com [ C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\ck82pjdc.default\cookies.txt ]
.statcounter.com [ C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\ck82pjdc.default\cookies.txt ]
.statcounter.com [ C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\ck82pjdc.default\cookies.txt ]
.clickaider.com [ C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\ck82pjdc.default\cookies.txt ]
.tracking.foxnews.com [ C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\ck82pjdc.default\cookies.txt ]
.tracking.foxnews.com [ C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\ck82pjdc.default\cookies.txt ]
.tracking.foxnews.com [ C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\ck82pjdc.default\cookies.txt ]
.mediatakeout.com [ C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\ck82pjdc.default\cookies.txt ]
.mediatakeout.com [ C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\ck82pjdc.default\cookies.txt ]
statse.webtrendslive.com [ C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\ck82pjdc.default\cookies.txt ]
.teenidols4you.com [ C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\ck82pjdc.default\cookies.txt ]
.teenidols4you.com [ C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\ck82pjdc.default\cookies.txt ]
www2.addfreestats.com [ C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\ck82pjdc.default\cookies.txt ]
.centralmediaserver.com [ C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\ck82pjdc.default\cookies.txt ] www.belstat.com [ C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\ck82pjdc.default\cookies.txt ]
.ads.pointroll.com [ C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\ck82pjdc.default\cookies.txt ]
.ads.pointroll.com [ C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\ck82pjdc.default\cookies.txt ]
.ads.pointroll.com [ C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\ck82pjdc.default\cookies.txt ]
.ads.pointroll.com [ C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\ck82pjdc.default\cookies.txt ]
.ads.pointroll.com [ C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\ck82pjdc.default\cookies.txt ]
.ads.pointroll.com [ C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\ck82pjdc.default\cookies.txt ]
.ads.pointroll.com [ C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\ck82pjdc.default\cookies.txt ]
.nba.112.2o7.net [ C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\ck82pjdc.default\cookies.txt ]
.mediafire.com [ C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\ck82pjdc.default\cookies.txt ]
.mediafire.com [ C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\ck82pjdc.default\cookies.txt ]
.mediafire.com [ C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\ck82pjdc.default\cookies.txt ]
display.mediafire.com [ C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\ck82pjdc.default\cookies.txt ]
linkto.mediafire.com [ C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\ck82pjdc.default\cookies.txt ]
sales.liveperson.net [ C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\ck82pjdc.default\cookies.txt ]
sales.liveperson.net [ C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\ck82pjdc.default\cookies.txt ]
.onetruemedia.com [ C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\ck82pjdc.default\cookies.txt ]
 
Adware.Vundo Variant/Rel
HKLM\SOFTWARE\Microsoft\aoprndtws
HKLM\SOFTWARE\Microsoft\FCOVM
HKLM\SOFTWARE\Microsoft\RemoveRP
HKU\S-1-5-21-1920414965-2959385927-1606216039-1007\Software\Microsoft\rd fa
IP Logged
Pages: 1 2 3  ...  7 Reply Reply  Notify of replies Notify of replies   Send Topic Send Topic   Print Print

« Previous topic | Next topic »