|
|
stressederic
new user
Reg'd: Tue
Posts: 9
|
|
Hi
I am new to this sort of thing and any help would be greatly appreciated
I run AVG every day It came up with a Trojan Horse Virus
What does this do to my Computer? ) Are my files on computer ok ,Is it still ok to Do internet Banking and shop online.
Heres my Hijack log Hope someone can help me.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 09:27:23, on 03/06/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16643)
Boot mode: Normal
Running processes:
C:\Windows\SYSTEM32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe
C:\Program Files\Intel\IntelDH\CCU\CCU_TrayIcon.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Grisoft\AVG7\avgcc.exe
C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Intel\IntelDH\CCU\CCU_Engine.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\Grisoft\AVG7\avginet.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.medion.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer Provided By Sky Broadband
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [NMSSupport] "C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe" /startup
O4 - HKLM\..\Run: [CCUTRAYICON] C:\Program Files\Intel\IntelDH\CCU\CCU_TrayIcon.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [toolbar_eula_launcher] C:\Program Files\GoogleEULA\EULALauncher.exe
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [snpstd3] C:\Windows\vsnpstd3.exe
O4 - HKLM\..\Run: [VirtualCloneDrive] "C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\HOMERunner.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O9 - Extra button: Sky - {08E730A4-FB02-45BD-A900-01E4AD8016F6} - http://www.skybroadband.com (file missing)
O13 - Gopher Prefix:
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
O20 - Winlogon Notify: avgwlntf - C:\Windows\SYSTEM32\avgwlntf.dll
O23 - Service: Intel(R) Alert Service (AlertService) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\CCU\AlertService.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG7 Resident Shield Service (AvgCoreSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Intel(R) DHTrace Controller (DHTRACE) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\IntelDH\bin\DHTraceController.exe
O23 - Service: DQLWinService - Unknown owner - C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktopManager.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Software Services Manager (ISSM) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe
O23 - Service: Intel(R) Viiv(TM) Media Server (M1 Server) - Unknown owner - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe
O23 - Service: Intel(R) Application Tracker (MCLServiceATL) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: Intel(R) NMSCore (NMSCore) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\IntelDH\NMS\NMSCore\NMSCore.exe
O23 - Service: Intel(R) Quality Manager (QualityManager) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\qualitymanager.exe
O23 - Service: Intel(R) Remoting Service (Remote UI Service) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
--
End of file - 8093 bytes
Regards
More stressed than usual Eric
|
|
bricat
HijackThis Helper
Reg'd: Wed
Posts: 28634
Loc: belfast
|
|
Welcome to the Webuser forum. 
to be on the safe side :-
Please download ComboFix from Here or Here to your Desktop.
**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
- Please, never rename Combofix unless instructed.
- Close any open browsers.
- Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
- Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
- Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
- Close any open browsers.
- WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
- Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
- If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.
Please post the "C:\ComboFix.txt" along with a new HijackThis log for further review.
**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**
--------------------
MY HELP IS FREE,BUT PLEASE CONSIDER GIVING A DONATION TO HELP IN MY FIGHT AGAINST SPYWARE.
 
You don't stop laughing when you get old, you get old when you stop laughing!
|
stressederic
new user
Reg'd: Tue
Posts: 9
|
|
Hi Heres my Combo Logfile
Thanks for the help so far
Stressed Eric
"AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{466B9FD4-75C5-4F67-9170-509AEA03C375}"= UDP:Profile=Private|Profile=Public:LocalSubnet:LocalSubnet|C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\TSHWMDTCP.exe:SPCM
"{0C116A5F-6FFE-47C7-8145-1599CEF9CAD5}"= TCP:Profile=Private|Profile=Public:LocalSubnet:LocalSubnet|C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\TSHWMDTCP.exe:SPCM
"{8DAA9876-E537-40AC-8D9D-4097E44BD4EF}"= UDP:Profile=Private|Profile=Public:LocalSubnet:LocalSubnet|C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe:Intel(R) Remoting Service
"{FC104377-27F3-451F-A933-D8D4D463E689}"= TCP:Profile=Private|Profile=Public:LocalSubnet:LocalSubnet|C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe:Intel(R) Remoting Service
"{B822D6ED-943B-4CFC-A211-CA784D56CDD5}"= UDP:Profile=Private|Profile=Public:LocalSubnet:LocalSubnet|C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe:Intel(R) Viiv(TM) Media Server
"{4919C88F-1FFA-4EF3-AFE2-C7E22A7F2DA8}"= TCP:Profile=Private|Profile=Public:LocalSubnet:LocalSubnet|C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe:Intel(R) Viiv(TM) Media Server
"{9BB5027C-7328-41D6-8ECC-2827A1CFBDFC}"= TCP:Profile=Private|Profile=Public|9442:127.0.0.1:Intel(R) Viiv(TM) Media Server Discovery
"{46D166AC-5B9C-4E40-820D-24196754A6D1}"= TCP:Profile=Private|Profile=Public|1900:LocalSubnet:LocalSubnet:Intel(R) Viiv(TM) Media Server UPnP Discovery
"{C9040F56-C570-4CB6-8098-9BF903389EBE}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{F8467473-23BB-49FF-9E2C-15F245434263}"= UDP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent
"{BBD57F2D-08E1-483E-882B-F9502F03F46A}"= TCP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|
R2 nmsunidr;UniDriver for NMS;C:\Windows\system32\DRIVERS\nmsunidr.sys [2007-02-18 20:34]
R3 AvgWFP;AVG7 Firewall Driver x86;C:\Windows\system32\Drivers\avgwfp.sys [2008-03-14 09:59]
R3 IntelDH;IntelDH Driver;C:\Windows\system32\Drivers\IntelDH.sys [2007-06-21 11:44]
R3 Ph3xIB32;Philips 713x Inbox PCI TV Card;C:\Windows\system32\DRIVERS\Ph3xIB32.sys [2007-04-03 10:43]
R3 X10Hid;X10 Hid Device;C:\Windows\system32\Drivers\x10hid.sys [2006-11-17 10:31]
S3 3xHybrid;Philips SAA713x PCI Card;C:\Windows\system32\DRIVERS\3xHybrid.sys [2007-01-08 18:43]
S3 athrusb;Atheros Wireless LAN USB device driver;C:\Windows\system32\DRIVERS\athrusb.sys [2006-12-22 20:05]
S3 DHTRACE;Intel(R) DHTrace Controller;C:\Program Files\Common Files\Intel\IntelDH\bin\DHTraceController.exe [2007-04-06 14:08]
S3 DQLWinService;DQLWinService;"C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe" [2007-02-12 10:46]
S3 NMSCore;Intel(R) NMSCore;"C:\Program Files\Common Files\Intel\IntelDH\NMS\NMSCore\NMSCore.exe" [2007-04-06 14:07]
S3 QualityManager;Intel(R) Quality Manager;"C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\qualitymanager.exe" [2007-04-06 14:10]
S3 R300;R300;C:\Windows\system32\DRIVERS\atikmdag.sys [2006-11-02 08:36]
S3 ss_bus;SAMSUNG Mobile USB Device 1.0 driver (WDM);C:\Windows\system32\DRIVERS\ss_bus.sys [2007-05-02 11:11]
S3 ss_mdfl;SAMSUNG Mobile USB Modem 1.0 Filter;C:\Windows\system32\DRIVERS\ss_mdfl.sys [2007-05-02 11:11]
S3 ss_mdm;SAMSUNG Mobile USB Modem 1.0 Drivers;C:\Windows\system32\DRIVERS\ss_mdm.sys [2007-05-02 11:11]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{af434285-231a-11dd-83bf-0019dbc07679}]
\shell\AutoRun\command - M:\InstallTomTomHOME.exe
*Newly Created Service* - CATCHME
.
Contents of the 'Scheduled Tasks' folder
"2008-06-03 20:50:13 C:\Windows\Tasks\User_Feed_Synchronization-{46C837DE-2959-4B2A-B4A1-C6A0C42D8527}.job"
- C:\Windows\system32\msfeedssync.exe
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-03 21:53:17
Windows 6.0.6000 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-06-03 21:54:04
ComboFix-quarantined-files.txt 2008-06-03 20:53:58
Pre-Run: 200,685,330,432 bytes free
Post-Run: 202,665,541,632 bytes free
162 --- E O F --- 2008-06-03 17:31:07
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 09:27:23, on 03/06/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16643)
Boot mode: Normal
Running processes:
C:\Windows\SYSTEM32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe
C:\Program Files\Intel\IntelDH\CCU\CCU_TrayIcon.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Grisoft\AVG7\avgcc.exe
C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Intel\IntelDH\CCU\CCU_Engine.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\Grisoft\AVG7\avginet.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.medion.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer Provided By Sky Broadband
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [NMSSupport] "C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe" /startup
O4 - HKLM\..\Run: [CCUTRAYICON] C:\Program Files\Intel\IntelDH\CCU\CCU_TrayIcon.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [toolbar_eula_launcher] C:\Program Files\GoogleEULA\EULALauncher.exe
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [snpstd3] C:\Windows\vsnpstd3.exe
O4 - HKLM\..\Run: [VirtualCloneDrive] "C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\HOMERunner.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O9 - Extra button: Sky - {08E730A4-FB02-45BD-A900-01E4AD8016F6} - http://www.skybroadband.com (file missing)
O13 - Gopher Prefix:
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
O20 - Winlogon Notify: avgwlntf - C:\Windows\SYSTEM32\avgwlntf.dll
O23 - Service: Intel(R) Alert Service (AlertService) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\CCU\AlertService.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG7 Resident Shield Service (AvgCoreSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Intel(R) DHTrace Controller (DHTRACE) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\IntelDH\bin\DHTraceController.exe
O23 - Service: DQLWinService - Unknown owner - C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktopManager.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Software Services Manager (ISSM) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe
O23 - Service: Intel(R) Viiv(TM) Media Server (M1 Server) - Unknown owner - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe
O23 - Service: Intel(R) Application Tracker (MCLServiceATL) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: Intel(R) NMSCore (NMSCore) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\IntelDH\NMS\NMSCore\NMSCore.exe
O23 - Service: Intel(R) Quality Manager (QualityManager) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\qualitymanager.exe
O23 - Service: Intel(R) Remoting Service (Remote UI Service) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
--
End of file - 8093 bytes
Edited by stressederic (Tue Jun 03 2008 10:02 PM)
|
bricat
HijackThis Helper
Reg'd: Wed
Posts: 28634
Loc: belfast
|
|
can you please post ALL of the combofix log, the top half of it is missing.
--------------------
MY HELP IS FREE,BUT PLEASE CONSIDER GIVING A DONATION TO HELP IN MY FIGHT AGAINST SPYWARE.
You don't stop laughing when you get old, you get old when you stop laughing!
|
stressederic
new user
Reg'd: Tue
Posts: 9
|
|
Sorry about that
ComboFix 08-06-01.6 - Ian 2008-06-03 21:51:28.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1033.18.1213 [GMT 1:00]
Running from: C:\Users\Ian\Desktop\ComboFix.exe
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Users\Ian\AppData\Roaming\inst.exe
.
((((((((((((((((((((((((( Files Created from 2008-05-03 to 2008-06-03 )))))))))))))))))))))))))))))))
.
2008-06-03 09:27 . 2008-06-03 09:27 <DIR> d-------- C:\Program Files\Trend Micro
2008-05-28 08:57 . 2008-03-08 01:37 4,247,552 --a------ C:\Windows\System32\GameUXLegacyGDFs.dll
2008-05-28 08:57 . 2008-03-08 05:30 1,686,528 --a------ C:\Windows\System32\gameux.dll
2008-05-28 08:38 . 2008-05-31 09:36 <DIR> dr-h----- C:\$VAULT$.AVG
2008-05-16 12:18 . 2008-05-16 12:18 <DIR> d-------- C:\Users\Ian\AppData\Roaming\TomTom
2008-05-16 12:18 . 2008-05-16 12:18 <DIR> d-------- C:\Users\All Users\TomTom
2008-05-16 12:18 . 2008-05-16 12:18 <DIR> d-------- C:\ProgramData\TomTom
2008-05-16 12:18 . 2008-05-16 12:18 <DIR> d-------- C:\Program Files\TomTom HOME 2
2008-05-16 12:12 . 2008-05-16 12:18 <DIR> d-------- C:\Program Files\TomTom HOME
2008-05-16 12:08 . 2008-05-16 12:08 <DIR> d-------- C:\Program Files\TomTom DesktopSuite
2008-05-04 14:12 . 2008-05-04 14:15 <DIR> d-------- C:\Windows\System32\Samsung_USB_Drivers
2008-05-04 14:12 . 2008-05-04 14:12 <DIR> d-------- C:\Program Files\Samsung
2008-05-04 14:12 . 2007-05-02 11:11 109,704 --a------ C:\Windows\System32\drivers\ss_mdm.sys
2008-05-04 14:12 . 2007-05-02 11:11 83,592 --a------ C:\Windows\System32\drivers\ss_bus.sys
2008-05-04 14:12 . 2007-05-02 11:11 15,112 --a------ C:\Windows\System32\drivers\ss_mdfl.sys
2008-05-04 14:12 . 2007-05-02 11:11 12,424 --a------ C:\Windows\System32\drivers\ss_whnt.sys
2008-05-04 14:12 . 2007-05-02 11:11 12,424 --a------ C:\Windows\System32\drivers\ss_wh.sys
2008-05-04 14:12 . 2007-05-02 11:11 12,424 --a------ C:\Windows\System32\drivers\ss_cmnt.sys
2008-05-04 14:12 . 2007-05-02 11:11 12,424 --a------ C:\Windows\System32\drivers\ss_cm.sys
2008-05-04 14:12 . 2005-08-28 20:51 766 --a------ C:\Windows\System32\Uninstall.ico
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-03 20:43 --------- d-----w C:\Users\Ian\AppData\Roaming\uTorrent
2008-06-03 20:43 --------- d-----w C:\Users\Ian\AppData\Roaming\AVG7
2008-05-31 08:36 47,360 ----a-w C:\Users\Ian\AppData\Roaming\pcouffin.sys
2008-05-31 08:36 --------- d-----w C:\Users\Ian\AppData\Roaming\Vso
2008-05-17 07:13 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-15 16:48 --------- d-----w C:\Users\SPARE\AppData\Roaming\AVG7
2008-05-15 07:21 --------- d-----w C:\Program Files\Windows Mail
2008-04-27 20:19 --------- d-----w C:\Program Files\NCH Swift Sound
2008-04-27 19:35 --------- d-----w C:\Program Files\Common Files\Real
2008-04-16 13:41 --------- d-----w C:\Users\Ian\AppData\Roaming\DVDFab
2008-04-11 22:02 --------- d-----w C:\ProgramData\vsosdk
2008-04-09 17:19 --------- d-----w C:\ProgramData\DVD Shrink
2008-04-09 17:19 --------- d-----w C:\Program Files\DVD Shrink
2008-04-09 17:03 --------- d-----w C:\Program Files\Avi2Dvd
2008-04-09 16:52 --------- d-----w C:\Program Files\AviSynth 2.5
2008-04-09 16:00 --------- d-----w C:\Users\SPARE\AppData\Roaming\Nero
2008-04-07 03:16 --------- d-----w C:\Users\Ian\AppData\Roaming\Nero
2008-04-07 03:15 --------- d-----w C:\Program Files\Common Files\Nero
2008-04-07 03:11 --------- d-----w C:\ProgramData\Nero
2008-04-07 03:11 --------- d-----w C:\Program Files\Nero
2008-04-06 15:37 --------- d-----w C:\Program Files\PowerISO
2008-04-06 14:29 --------- d-----w C:\Users\Ian\AppData\Roaming\NCH Software
2008-04-06 12:48 --------- d-----w C:\Program Files\EPSON Print CD
2008-04-06 10:31 --------- d-----w C:\Program Files\Elaborate Bytes
2008-04-05 18:20 --------- d-----w C:\Program Files\EPSON
2008-04-04 10:57 --------- d-----w C:\Program Files\UnderCoverXP
2008-03-08 04:30 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll
2008-03-08 04:30 449,536 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2008-03-08 04:30 2,144,256 ----a-w C:\Windows\AppPatch\AcGenral.dll
2008-03-08 04:30 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2008-03-08 00:22 2,560 ----a-w C:\Windows\AppPatch\AcRes.dll
2007-12-23 01:15 174 --sha-w C:\Program Files\desktop.ini
.
------- Sigcheck -------
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-14 05:29 1232896]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 13:35 125440]
"uTorrent"="C:\Program Files\uTorrent\uTorrent.exe" [2008-02-05 05:21 219952]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe" [2007-08-03 12:51 202024]
"TomTomHOME.exe"="C:\Program Files\TomTom HOME 2\HOMERunner.exe" [2008-05-06 09:42 202088]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2007-05-10 17:10 4468736 C:\Windows\RtHDVCpl.exe]
"NMSSupport"="C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe" [2007-04-06 14:07 439768]
"CCUTRAYICON"="C:\Program Files\Intel\IntelDH\CCU\CCU_TrayIcon.exe" [2007-04-06 14:11 215512]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2007-06-21 11:52 220160]
"toolbar_eula_launcher"="C:\Program Files\GoogleEULA\EULALauncher.exe" [2007-02-09 15:54 16896]
"Skytel"="Skytel.exe" [2007-05-07 18:51 1826816 C:\Windows\SkyTel.exe]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-05-15 04:03 86016]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-05-15 04:03 8429568]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-05-15 04:03 81920]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-04-16 07:38 579584]
"snpstd3"="C:\Windows\vsnpstd3.exe" [2005-09-06 11:55 339968]
"VirtualCloneDrive"="C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2006-04-29 14:21 94208]
"PWRISOVM.EXE"="C:\Program Files\PowerISO\PWRISOVM.EXE" [2007-08-07 01:05 200704]
"NeroFilterCheck"="C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 15:57 153136]
"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-08-08 09:25 1828136]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2007-12-22 02:13 219136]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"LogonHoursAction"= 2 (0x2)
"DontDisplayLogonHoursWarnings"= 1 (0x1)
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\system]
"LogonHoursAction"= 2 (0x2)
"DontDisplayLogonHoursWarnings"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgwlntf]
avgwlntf.dll 2007-12-22 02:13 9216 C:\Windows\System32\avgwlntf.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{466B9FD4-75C5-4F67-9170-509AEA03C375}"= UDP:Profile=Private|Profile=Public:LocalSubnet:LocalSubnet|C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\TSHWMDTCP.exe:SPCM
"{0C116A5F-6FFE-47C7-8145-1599CEF9CAD5}"= TCP:Profile=Private|Profile=Public:LocalSubnet:LocalSubnet|C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\TSHWMDTCP.exe:SPCM
"{8DAA9876-E537-40AC-8D9D-4097E44BD4EF}"= UDP:Profile=Private|Profile=Public:LocalSubnet:LocalSubnet|C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe:Intel(R) Remoting Service
"{FC104377-27F3-451F-A933-D8D4D463E689}"= TCP:Profile=Private|Profile=Public:LocalSubnet:LocalSubnet|C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe:Intel(R) Remoting Service
"{B822D6ED-943B-4CFC-A211-CA784D56CDD5}"= UDP:Profile=Private|Profile=Public:LocalSubnet:LocalSubnet|C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe:Intel(R) Viiv(TM) Media Server
"{4919C88F-1FFA-4EF3-AFE2-C7E22A7F2DA8}"= TCP:Profile=Private|Profile=Public:LocalSubnet:LocalSubnet|C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe:Intel(R) Viiv(TM) Media Server
"{9BB5027C-7328-41D6-8ECC-2827A1CFBDFC}"= TCP:Profile=Private|Profile=Public|9442:127.0.0.1:Intel(R) Viiv(TM) Media Server Discovery
"{46D166AC-5B9C-4E40-820D-24196754A6D1}"= TCP:Profile=Private|Profile=Public|1900:LocalSubnet:LocalSubnet:Intel(R) Viiv(TM) Media Server UPnP Discovery
"{C9040F56-C570-4CB6-8098-9BF903389EBE}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{F8467473-23BB-49FF-9E2C-15F245434263}"= UDP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent
"{BBD57F2D-08E1-483E-882B-F9502F03F46A}"= TCP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|
R2 nmsunidr;UniDriver for NMS;C:\Windows\system32\DRIVERS\nmsunidr.sys [2007-02-18 20:34]
R3 AvgWFP;AVG7 Firewall Driver x86;C:\Windows\system32\Drivers\avgwfp.sys [2008-03-14 09:59]
R3 IntelDH;IntelDH Driver;C:\Windows\system32\Drivers\IntelDH.sys [2007-06-21 11:44]
R3 Ph3xIB32;Philips 713x Inbox PCI TV Card;C:\Windows\system32\DRIVERS\Ph3xIB32.sys [2007-04-03 10:43]
R3 X10Hid;X10 Hid Device;C:\Windows\system32\Drivers\x10hid.sys [2006-11-17 10:31]
S3 3xHybrid;Philips SAA713x PCI Card;C:\Windows\system32\DRIVERS\3xHybrid.sys [2007-01-08 18:43]
S3 athrusb;Atheros Wireless LAN USB device driver;C:\Windows\system32\DRIVERS\athrusb.sys [2006-12-22 20:05]
S3 DHTRACE;Intel(R) DHTrace Controller;C:\Program Files\Common Files\Intel\IntelDH\bin\DHTraceController.exe [2007-04-06 14:08]
S3 DQLWinService;DQLWinService;"C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe" [2007-02-12 10:46]
S3 NMSCore;Intel(R) NMSCore;"C:\Program Files\Common Files\Intel\IntelDH\NMS\NMSCore\NMSCore.exe" [2007-04-06 14:07]
S3 QualityManager;Intel(R) Quality Manager;"C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\qualitymanager.exe" [2007-04-06 14:10]
S3 R300;R300;C:\Windows\system32\DRIVERS\atikmdag.sys [2006-11-02 08:36]
S3 ss_bus;SAMSUNG Mobile USB Device 1.0 driver (WDM);C:\Windows\system32\DRIVERS\ss_bus.sys [2007-05-02 11:11]
S3 ss_mdfl;SAMSUNG Mobile USB Modem 1.0 Filter;C:\Windows\system32\DRIVERS\ss_mdfl.sys [2007-05-02 11:11]
S3 ss_mdm;SAMSUNG Mobile USB Modem 1.0 Drivers;C:\Windows\system32\DRIVERS\ss_mdm.sys [2007-05-02 11:11]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{af434285-231a-11dd-83bf-0019dbc07679}]
\shell\AutoRun\command - M:\InstallTomTomHOME.exe
*Newly Created Service* - CATCHME
.
Contents of the 'Scheduled Tasks' folder
"2008-06-03 20:50:13 C:\Windows\Tasks\User_Feed_Synchronization-{46C837DE-2959-4B2A-B4A1-C6A0C42D8527}.job"
- C:\Windows\system32\msfeedssync.exe
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-03 21:53:17
Windows 6.0.6000 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-06-03 21:54:04
ComboFix-quarantined-files.txt 2008-06-03 20:53:58
Pre-Run: 200,685,330,432 bytes free
Post-Run: 202,665,541,632 bytes free
162 --- E O F --- 2008-06-03 17:31:07
|
bricat
HijackThis Helper
Reg'd: Wed
Posts: 28634
Loc: belfast
|
|
That looks clean now.
combofix cleanup.
Time for some housekeeping
- Click START then RUN
- Now type Combofix /u in the runbox and click OK
[list] 
When shown the disclaimer, Select "2"[/list]
The above procedure will:
- Delete the following:[list]
- ComboFix and its associated files and folders.
- VundoFix backups, if present
- The C:\Deckard folder, if present
- The C:_OtMoveIt folder, if present
Reset the clock settings.
Hide file extensions, if required.
Hide System/Hidden files, if required.
Reset System Restore.[/list]
Then :-
Download and scan with CCleaner - CCleaner installs the Yahoo Toolbar as an option which IS checkmarked by default during the installation.
IF you do NOT want it, REMOVE the checkmark when provided with the option OR download the toolbar-free or Slim versions instead of the Standard Build.
- Before first use, select Options > Advanced and UNCHECK "Only delete files in Windows Temp folder older than 48 hours"
Then select "Cookies"
Move any cookies you wish to retain, e.g. login cookies, in the left-hand window to the right-hand window by highlighting them and clicking the right arrow in the centre.
- Then select the items you wish to clean up.
In the Windows Tab:
• Clean all entries in the "Internet Explorer" section.
• Clean all the entries in the "Windows Explorer" section.
• Clean all entries in the "System" section.
• Clean all entries in the "Advanced" section.
• Clean any others that you choose.
In the Applications Tab:
• Clean all entries in the Mozilla Firefox Section.
• Clean all in the Opera section if you use it.
• Clean Sun Java in the Internet Section.
• Clean any others that you choose.
- Click the "Run Cleaner" button.
- A pop up box will appear advising this process will permanently delete files from your system.
- Click "OK" and it will scan and clean your system.
- Click "exit" when done.
then DEFRAG your C:\ drive.
to help speed up your system.
then let us know how the computer is running.
HOW DID I GET INFECTED
--------------------
MY HELP IS FREE,BUT PLEASE CONSIDER GIVING A DONATION TO HELP IN MY FIGHT AGAINST SPYWARE.
You don't stop laughing when you get old, you get old when you stop laughing!
|
stressederic
new user
Reg'd: Tue
Posts: 9
|
|
Hi
I performed my daily AVg And I still have the virus could you please have a look again
Many Thanks
|
bricat
HijackThis Helper
Reg'd: Wed
Posts: 28634
Loc: belfast
|
|
Can you tell me what the "virus" is called and where AVG tells you it is located on your computer.
--------------------
MY HELP IS FREE,BUT PLEASE CONSIDER GIVING A DONATION TO HELP IN MY FIGHT AGAINST SPYWARE.
You don't stop laughing when you get old, you get old when you stop laughing!
|
stressederic
new user
Reg'd: Tue
Posts: 9
|
|
The virus is trojan horse generic10.ADIU
I'ts found im My Doucuments.
I have now deleted it and run AVG , I think I should of asked B4 I deleted it because my AVG stops half way through the scanning process.
Sorry
Edited by stressederic (Thu Jun 05 2008 08:17 PM)
|
stressederic
new user
Reg'd: Tue
Posts: 9
|
|
is it ok Bricat
|
bricat
HijackThis Helper
Reg'd: Wed
Posts: 28634
Loc: belfast
|
|
Quote:
generic10.ADIU
are you sure the spelling is right ? i can't find any references to it.
run this scan :-
Please download and install SUPERAntiSpyware Home Edition (free)- Once installed, update the program definitions when prompted.
- Click the "Preferences" button and then the "Scanning Control" tab.
- Under "Scanner Options" make sure the following are checked/selected:
- 1>> Close browsers before scanning.
- 2>> Scan for tracking cookies.
- 3>> Terminate memory threats before quarantining.
- 4>> Ignore System Restore/Volume Information on ME and XP.
- Deselect all other scanning options.
- Close SUPERAntiSpyware for use later.
Then boot up in SAFE MODE
Open SUPERAntiSpyware and click the "Scan your computer" button.- On the left, select "C:\Fixed Drive".
- On the right, under "Complete Scan", choose "Perform Complete Scan".
- Click "Next" to start the scan. Please be patient while it scans your computer.
- After the scan is complete a summary box will appear. Click "OK".
- Make sure everything in the white box has a check next to it, then click "Next".
- After quarantining anything found, you may be prompted to reboot, click "Yes".
- Paste the scan log in your next reply (Preferences > Statistics/Logs tab > double-click SUPERAntiSpyware Scan Log)
--------------------
MY HELP IS FREE,BUT PLEASE CONSIDER GIVING A DONATION TO HELP IN MY FIGHT AGAINST SPYWARE.
You don't stop laughing when you get old, you get old when you stop laughing!
|
stressederic
new user
Reg'd: Tue
Posts: 9
|
|
This is a bit of the virus report from AVG
rec time="2008/06/05 19:50:45" user="Ian" source="Virus">
<value>@HL_ReportFind</value>
<attr name="where">C:\Users\Ian\Documents\Downloads\DVD Fab PLATINUM EDITION 4.0.6.0.(NEW-with serial key)\DVDFabPlatinum4060.rar</attr>
<attr name="type">@EID_Id_trj</attr>
<attr name="what">Generic10.ADIU</attr>
Here is the spyware log
SUPERAntiSpyware Scan Log
http://www.superantispyware.com
Generated 06/06/2008 at 04:53 PM
Application Version : 4.15.1000
Core Rules Database Version : 3476
Trace Rules Database Version: 1467
Scan type : Complete Scan
Total Scan Time : 00:38:50
Memory items scanned : 196
Memory threats detected : 0
Registry items scanned : 6080
Registry threats detected : 0
File items scanned : 102662
File threats detected : 30
Adware.Tracking Cookie
.adtech.de [ C:\Users\Ian\AppData\Roaming\Mozilla\Firefox\Profiles\qeaxqphf.default\cookies.txt ]
.2o7.net [ C:\Users\Ian\AppData\Roaming\Mozilla\Firefox\Profiles\qeaxqphf.default\cookies.txt ]
.122.2o7.net [ C:\Users\Ian\AppData\Roaming\Mozilla\Firefox\Profiles\qeaxqphf.default\cookies.txt ]
.2o7.net [ C:\Users\Ian\AppData\Roaming\Mozilla\Firefox\Profiles\qeaxqphf.default\cookies.txt ]
.2o7.net [ C:\Users\Ian\AppData\Roaming\Mozilla\Firefox\Profiles\qeaxqphf.default\cookies.txt ]
imagebank.ipcmedia.com [ C:\Users\Ian\AppData\Roaming\Mozilla\Firefox\Profiles\qeaxqphf.default\cookies.txt ]
.revsci.net [ C:\Users\Ian\AppData\Roaming\Mozilla\Firefox\Profiles\qeaxqphf.default\cookies.txt ]
.atdmt.com [ C:\Users\Ian\AppData\Roaming\Mozilla\Firefox\Profiles\qeaxqphf.default\cookies.txt ]
.revsci.net [ C:\Users\Ian\AppData\Roaming\Mozilla\Firefox\Profiles\qeaxqphf.default\cookies.txt ]
.revsci.net [ C:\Users\Ian\AppData\Roaming\Mozilla\Firefox\Profiles\qeaxqphf.default\cookies.txt ]
.adopt.euroclick.com [ C:\Users\Ian\AppData\Roaming\Mozilla\Firefox\Profiles\qeaxqphf.default\cookies.txt ]
.adopt.euroclick.com [ C:\Users\Ian\AppData\Roaming\Mozilla\Firefox\Profiles\qeaxqphf.default\cookies.txt ]
.adopt.euroclick.com [ C:\Users\Ian\AppData\Roaming\Mozilla\Firefox\Profiles\qeaxqphf.default\cookies.txt ]
.adopt.euroclick.com [ C:\Users\Ian\AppData\Roaming\Mozilla\Firefox\Profiles\qeaxqphf.default\cookies.txt ]
.adopt.euroclick.com [ C:\Users\Ian\AppData\Roaming\Mozilla\Firefox\Profiles\qeaxqphf.default\cookies.txt ]
adopt.euroclick.com [ C:\Users\Ian\AppData\Roaming\Mozilla\Firefox\Profiles\qeaxqphf.default\cookies.txt ]
.doubleclick.net [ C:\Users\Ian\AppData\Roaming\Mozilla\Firefox\Profiles\qeaxqphf.default\cookies.txt ]
.mediaplex.com [ C:\Users\Ian\AppData\Roaming\Mozilla\Firefox\Profiles\qeaxqphf.default\cookies.txt ]
.advertising.com [ C:\Users\Ian\AppData\Roaming\Mozilla\Firefox\Profiles\qeaxqphf.default\cookies.txt ]
ad.yieldmanager.com [ C:\Users\Ian\AppData\Roaming\Mozilla\Firefox\Profiles\qeaxqphf.default\cookies.txt ]
ad.yieldmanager.com [ C:\Users\Ian\AppData\Roaming\Mozilla\Firefox\Profiles\qeaxqphf.default\cookies.txt ]
ad.yieldmanager.com [ C:\Users\Ian\AppData\Roaming\Mozilla\Firefox\Profiles\qeaxqphf.default\cookies.txt ]
ad.yieldmanager.com [ C:\Users\Ian\AppData\Roaming\Mozilla\Firefox\Profiles\qeaxqphf.default\cookies.txt ]
ad.yieldmanager.com [ C:\Users\Ian\AppData\Roaming\Mozilla\Firefox\Profiles\qeaxqphf.default\cookies.txt ]
ad.yieldmanager.com [ C:\Users\Ian\AppData\Roaming\Mozilla\Firefox\Profiles\qeaxqphf.default\cookies.txt ]
ad.yieldmanager.com [ C:\Users\Ian\AppData\Roaming\Mozilla\Firefox\Profiles\qeaxqphf.default\cookies.txt ]
ad.yieldmanager.com [ C:\Users\Ian\AppData\Roaming\Mozilla\Firefox\Profiles\qeaxqphf.default\cookies.txt ]
.advertising.com [ C:\Users\Ian\AppData\Roaming\Mozilla\Firefox\Profiles\qeaxqphf.default\cookies.txt ]
.advertising.com [ C:\Users\Ian\AppData\Roaming\Mozilla\Firefox\Profiles\qeaxqphf.default\cookies.txt ]
.advertising.com [ C:\Users\Ian\AppData\Roaming\Mozilla\Firefox\Profiles\qeaxqphf.default\cookies.txt ]
.advertising.com [ C:\Users\Ian\AppData\Roaming\Mozilla\Firefox\Profiles\qeaxqphf.default\cookies.txt ]
.statcounter.com [ C:\Users\Ian\AppData\Roaming\Mozilla\Firefox\Profiles\qeaxqphf.default\cookies.txt ]
.statcounter.com [ C:\Users\Ian\AppData\Roaming\Mozilla\Firefox\Profiles\qeaxqphf.default\cookies.txt ]
.microsoftwga.112.2o7.net [ C:\Users\Ian\AppData\Roaming\Mozilla\Firefox\Profiles\qeaxqphf.default\cookies.txt ]
.adrevolver.com [ C:\Users\Ian\AppData\Roaming\Mozilla\Firefox\Profiles\qeaxqphf.default\cookies.txt ]
.casalemedia.com [ C:\Users\Ian\AppData\Roaming\Mozilla\Firefox\Profiles\qeaxqphf.default\cookies.txt ]
.casalemedia.com [ C:\Users\Ian\AppData\Roaming\Mozilla\Firefox\Profiles\qeaxqphf.default\cookies.txt ]
ads.revsci.net [ C:\Users\Ian\AppData\Roaming\Mozilla\Firefox\Profiles\qeaxqphf.default\cookies.txt ]
.casalemedia.com [ C:\Users\Ian\AppData\Roaming\Mozilla\Firefox\Profiles\qeaxqphf.default\cookies.txt ]
.tacoda.net [ C:\Users\Ian\AppData\Roaming\Mozilla\Firefox\Profiles\qeaxqphf.default\cookies.txt ]
.adrevolver.com [ C:\Users\Ian\AppData\Roaming\Mozilla\Firefox\Profiles\qeaxqphf.default\cookies.txt ]
.tribalfusion.com [ C:\Users\Ian\AppData\Roaming\Mozilla\Firefox\Profiles\qeaxqphf.default\cookies.txt ]
.burstnet.com [ C:\Users\Ian\AppData\Roaming\Mozilla\Firefox\Profiles\qeaxqphf.default\cookies.txt ]
.casalemedia.com [ C:\Users\Ian\AppData\Roaming\Mozilla\Firefox\Profiles\qeaxqphf.default\cookies.txt ]
.adopt.specificclick.net [ C:\Users\Ian\AppData\Roaming\Mozilla\Firefox\Profiles\qeaxqphf.default\cookies.txt ]
.specificclick.net [ C:\Users\Ian\AppData\Roaming\Mozilla\Firefox\Profiles\qeaxqphf.default\cookies.txt ]
.tacoda.net [ C:\Users\Ian\AppData\Roaming\Mozilla\Firefox\Profiles\qeaxqphf.default\cookies.txt ]
.tacoda.net [ C:\Users\Ian\AppData\Roaming\Mozilla\Firefox\Profiles\qeaxqphf.default\cookies.txt ]
.tacoda.net [ C:\Users\Ian\AppData\Roaming\Mozilla\Firefox\Profiles\qeaxqphf.default\cookies.txt ]
.adrevolver.com [ C:\Users\Ian\AppData\Roaming\Mozilla\Firefox\Profiles\qeaxqphf.default\cookies.txt ]
.adrevolver.com [ C:\Users\Ian\AppData\Roaming\Mozilla\Firefox\Profiles\qeaxqphf.default\cookies.txt ]
media.adrevolver.com [ C:\Users\Ian\AppData\Roaming\Mozilla\Firefox\Profiles\qeaxqphf.default\cookies.txt ]
media.adrevolver.com [ C:\Users\Ian\AppData\Roaming\Mozilla\Firefox\Profiles\qeaxqphf.default\cookies.txt ]
media.adrevolver.com [ C:\Users\Ian\AppData\Roaming\Mozilla\Firefox\Profiles\qeaxqphf.default\cookies.txt ]
media.adrevolver.com [ C:\Users\Ian\AppData\Roaming\Mozilla\Firefox\Profiles\qeaxqphf.default\cookies.txt ]
.tacoda.net [ C:\Users\Ian\AppData\Roaming\Mozilla\Firefox\Profiles\qeaxqphf.default\cookies.txt ]
.tacoda.net [ C:\Users\Ian\AppData\Roaming\Mozilla\Firefox\Profiles\qeaxqphf.default\cookies.txt ]
.tacoda.net [ C:\Users\Ian\AppData\Roaming\Mozilla\Firefox\Profiles\qeaxqphf.default\cookies.txt ]
.specificclick.net [ C:\Users\Ian\AppData\Roaming\Mozilla\Firefox\Profiles\qeaxqphf.default\cookies.txt ]
.specificclick.net [ C:\Users\Ian\AppData\Roaming\Mozilla\Firefox\Profiles\qeaxqphf.default\cookies.txt ]
.specificclick.net [ C:\Users\Ian\AppData\Roaming\Mozilla\Firefox\Profiles\qeaxqphf.default\cookies.txt ]
.adopt.specificclick.net [ C:\Users\Ian\AppData\Roaming\Mozilla\Firefox\Profiles\qeaxqphf.default\cookies.txt ]
.apmebf.com [ C:\Users\Ian\AppData\Roaming\Mozilla\Firefox\Profiles\qeaxqphf.default\cookies.txt ]
.fastclick.net [ C:\Users\Ian\AppData\Roaming\Mozilla\Firefox\Profiles\qeaxqphf.default\cookies.txt ]
.247realmedia.com [ C:\Users\Ian\AppData\Roaming\Mozilla\Firefox\Profiles\qeaxqphf.default\cookies.txt ]
.fastclick.net [ C:\Users\Ian\AppData\Roaming\Mozilla\Firefox\Profiles\qeaxqphf.default\cookies.txt ]
.zedo.com [ C:\Users\Ian\AppData\Roaming\Mozilla\Firefox\Profiles\qeaxqphf.default\cookies.txt ]
.zedo.com [ C:\Users\Ian\AppData\Roaming\Mozilla\Firefox\Profiles\qeaxqphf.default\cookies.txt ]
.zedo.com [ C:\Users\Ian\AppData\Roaming\Mozilla\Firefox\Profiles\qeaxqphf.default\cookies.txt ]
.realmedia.com [ C:\Users\Ian\AppData\Roaming\Mozilla\Firefox\Profiles\qeaxqphf.default\cookies.txt ]
.realmedia.com [ C:\Users\Ian\AppData\Roaming\Mozilla\Firefox\Profiles\qeaxqphf.default\cookies.txt ]
.apmebf.com [ C:\Users\Ian\AppData\Roaming\Mozilla\Firefox\Profiles\qeaxqphf.default\cookies.txt ]
.realmedia.com [ C:\Users\Ian\AppData\Roaming\Mozilla\Firefox\Profiles\qeaxqphf.default\cookies.txt ]
.realmedia.com [ C:\Users\Ian\AppData\Roaming\Mozilla\Firefox\Profiles\qeaxqphf.default\cookies.txt ]
.ehg-wilkinson.hitbox.com [ C:\Users\Ian\AppData\Roaming\Mozilla\Firefox\Profiles\qeaxqphf.default\cookies.txt ]
.hitbox.com [ C:\Users\Ian\AppData\Roaming\Mozilla\Firefox\Profiles\qeaxqphf.default\cookies.txt ]
.hitbox.com [ C:\Users\Ian\AppData\Roaming\Mozilla\Firefox\Profiles\qeaxqphf.default\cookies.txt ]
www.googleadservices.com [ C:\Users\Ian\AppData\Roaming\Mozilla\Firefox\Profiles\qeaxqphf.default\cookies.txt ]
.dynamic.media.adrevolver.com [ C:\Users\Ian\AppData\Roaming\Mozilla\Firefox\Profiles\qeaxqphf.default\cookies.txt ]
clicktorrent.info [ C:\Users\Ian\AppData\Roaming\Mozilla\Firefox\Profiles\qeaxqphf.default\cookies.txt ]
.empornium.us [ C:\Users\Ian\AppData\Roaming\Mozilla\Firefox\Profiles\qeaxqphf.default\cookies.txt ]
.empornium.us [ C:\Users\Ian\AppData\Roaming\Mozilla\Firefox\Profiles\qeaxqphf.default\cookies.txt ]
.empornium.us [ C:\Users\Ian\AppData\Roaming\Mozilla\Firefox\Profiles\qeaxqphf.default\cookies.txt ]
.empornium.us [ C:\Users\Ian\AppData\Roaming\Mozilla\Firefox\Profiles\qeaxqphf.default\cookies.txt ]
clicktorrent.info [ C:\Users\Ian\AppData\Roaming\Mozilla\Firefox\Profiles\qeaxqphf.default\cookies.txt ]
clicktorrent.info [ C:\Users\Ian\AppData\Roaming\Mozilla\Firefox\Profiles\qeaxqphf.default\cookies.txt ]
clicktorrent.info [ C:\Users\Ian\AppData\Roaming\Mozilla\Firefox\Profiles\qeaxqphf.default\cookies.txt ]
clicktorrent.info [ C:\Users\Ian\AppData\Roaming\Mozilla\Firefox\Profiles\qeaxqphf.default\cookies.txt ]
clicktorrent.info [ C:\Users\Ian\AppData\Roaming\Mozilla\Firefox\Profiles\qeaxqphf.default\cookies.txt ]
clicktorrent.info [ C:\Users\Ian\AppData\Roaming\Mozilla\Firefox\Profiles\qeaxqphf.default\cookies.txt ]
clicktorrent.info [ C:\Users\Ian\AppData\Roaming\Mozilla\Firefox\Profiles\qeaxqphf.default\cookies.txt ]
clicktorrent.info [ C:\Users\Ian\AppData\Roaming\Mozilla\Firefox\Profiles\qeaxqphf.default\cookies.txt ]
clicktorrent.info [ C:\Users\Ian\AppData\Roaming\Mozilla\Firefox\Profiles\qeaxqphf.default\cookies.txt ]
clicktorrent.info [ C:\Users\Ian\AppData\Roaming\Mozilla\Firefox\Profiles\qeaxqphf.default\cookies.txt ]
clicktorrent.info [ C:\Users\Ian\AppData\Roaming\Mozilla\Firefox\Profiles\qeaxqphf.default\cookies.txt ]
clicktorrent.info [ C:\Users\Ian\AppData\Roaming\Mozilla\Firefox\Profiles\qeaxqphf.default\cookies.txt ]
clicktorrent.info [ C:\Users\Ian\AppData\Roaming\Mozilla\Firefox\Profiles\qeaxqphf.default\cookies.txt ]
clicktorrent.info [ C:\Users\Ian\AppData\Roaming\Mozilla\Firefox\Profiles\qeaxqphf.default\cookies.txt ]
clicktorrent.info [ C:\Users\Ian\AppData\Roaming\Mozilla\Firefox\Profiles\qeaxqphf.default\cookies.txt ]
clicktorrent.info [ C:\Users\Ian\AppData\Roaming\Mozilla\Firefox\Profiles\qeaxqphf.default\cookies.txt ]
clicktorrent.info [ C:\Users\Ian\AppData\Roaming\Mozilla\Firefox\Profiles\qeaxqphf.default\cookies.txt ]
clicktorrent.info [ C:\Users\Ian\AppData\Roaming\Mozilla\Firefox\Profiles\qeaxqphf.default\cookies.txt ]
clicktorrent.info [ C:\Users\Ian\AppData\Roaming\Mozilla\Firefox\Profiles\qeaxqphf.default\cookies.txt ]
clicktorrent.info [ C:\Users\Ian\AppData\Roaming\Mozilla\Firefox\Profiles\qeaxqphf.default\cookies.txt ]
clicktorrent.info [ C:\Users\Ian\AppData\Roaming\Mozilla\Firefox\Profiles\qeaxqphf.default\cookies.txt ]
clicktorrent.info [ C:\Users\Ian\AppData\Roaming\Mozilla\Firefox\Profiles\qeaxqphf.default\cookies.txt ]
clicktorrent.info [ C:\Users\Ian\AppData\Roaming\Mozilla\Firefox\Profiles\qeaxqphf.default\cookies.txt ]
clicktorrent.info [ C:\Users\Ian\AppData\Roaming\Mozilla\Firefox\Profiles\qeaxqphf.default\cookies.txt ]
clicktorrent.info [ C:\Users\Ian\AppData\Roaming\Mozilla\Firefox\Profiles\qeaxqphf.default\cookies.txt ]
clicktorrent.info [ C:\Users\Ian\AppData\Roaming\Mozilla\Firefox\Profiles\qeaxqphf.default\cookies.txt ]
clicktorrent.info [ C:\Users\Ian\AppData\Roaming\Mozilla\Firefox\Profiles\qeaxqphf.default\cookies.txt ]
clicktorrent.info [ C:\Users\Ian\AppData\Roaming\Mozilla\Firefox\Profiles\qeaxqphf.default\cookies.txt ]
clicktorrent.info [ C:\Users\Ian\AppData\Roaming\Mozilla\Firefox\Profiles\qeaxqphf.default\cookies.txt ]
clicktorrent.info [ C:\Users\Ian\AppData\Roaming\Mozilla\Firefox\Profiles\qeaxqphf.default\cookies.txt ]
clicktorrent.info [ C:\Users\Ian\AppData\Roaming\Mozilla\Firefox\Profiles\qeaxqphf.default\cookies.txt ]
clicktorrent.info [ C:\Users\Ian\AppData\Roaming\Mozilla\Firefox\Profiles\qeaxqphf.default\cookies.txt ]
clicktorrent.info [ C:\Users\Ian\AppData\Roaming\Mozilla\Firefox\Profiles\qeaxqphf.default\cookies.txt ]
clicktorrent.info [ C:\Users\Ian\AppData\Roaming\Mozilla\Firefox\Profiles\qeaxqphf.default\cookies.txt ]
clicktorrent.info [ C:\Users\Ian\AppData\Roaming\Mozilla\Firefox\Profiles\qeaxqphf.default\cookies.txt ]
clicktorrent.info [ C:\Users\Ian\AppData\Roaming\Mozilla\Firefox\Profiles\qeaxqphf.default\cookies.txt ]
clicktorrent.info [ C:\Users\Ian\AppData\Roaming\Mozilla\Firefox\Profiles\qeaxqphf.default\cookies.txt ]
clicktorrent.info [ C:\Users\Ian\AppData\Roaming\Mozilla\Firefox\Profiles\qeaxqphf.default\cookies.txt ]
clicktorrent.info [ C:\Users\Ian\AppData\Roaming\Mozilla\Firefox\Profiles\qeaxqphf.default\cookies.txt ]
clicktorrent.info [ C:\Users\Ian\AppData\Roaming\Mozilla\Firefox\Profiles\qeaxqphf.default\cookies.txt ]
clicktorrent.info [ C:\Users\Ian\AppData\Roaming\Mozilla\Firefox\Profiles\qeaxqphf.default\cookies.txt ]
clicktorrent.info [ C:\Users\Ian\AppData\Roaming\Mozilla\Firefox\Profiles\qeaxqphf.default\cookies.txt ]
clicktorrent.info [ C:\Users\Ian\AppData\Roaming\Mozilla\Firefox\Profiles\qeaxqphf.default\cookies.txt ]
clicktorrent.info [ C:\Users\Ian\AppData\Roaming\Mozilla\Firefox\Profiles\qeaxqphf.default\cookies.txt ]
clicktorrent.info [ C:\Users\Ian\AppData\Roaming\Mozilla\Firefox\Profiles\qeaxqphf.default\cookies.txt ]
clicktorrent.info [ C:\Users\Ian\AppData\Roaming\Mozilla\Firefox\Profiles\qeaxqphf.default\cookies.txt ]
clicktorrent.info [ C:\Users\Ian\AppData\Roaming\Mozilla\Firefox\Profiles\qeaxqphf.default\cookies.txt ]
clicktorrent.info [ C:\Users\Ian\AppData\Roaming\Mozilla\Firefox\Profiles\qeaxqphf.default\cookies.txt ]
empornium.us [ C:\Users\Ian\AppData\Roaming\Mozilla\Firefox\Profiles\qeaxqphf.default\cookies.txt ]
empornium.us [ C:\Users\Ian\AppData\Roaming\Mozilla\Firefox\Profiles\qeaxqphf.default\cookies.txt ]
empornium.us [ C:\Users\Ian\AppData\Roaming\Mozilla\Firefox\Profiles\qeaxqphf.default\cookies.txt ]
openx.ventivmedia.com [ C:\Users\Ian\AppData\Roaming\Mozilla\Firefox\Profiles\qeaxqphf.default\cookies.txt ]
openx.ventivmedia.com [ C:\Users\Ian\AppData\Roaming\Mozilla\Firefox\Profiles\qeaxqphf.default\cookies.txt ]
openx.ventivmedia.com [ C:\Users\Ian\AppData\Roaming\Mozilla\Firefox\Profiles\qeaxqphf.default\cookies.txt ]
openx.ventivmedia.com [ C:\Users\Ian\AppData\Roaming\Mozilla\Firefox\Profiles\qeaxqphf.default\cookies.txt ]
.adultfriendfinder.com [ C:\Users\Ian\AppData\Roaming\Mozilla\Firefox\Profiles\qeaxqphf.default\cookies.txt ]
.adultfriendfinder.com [ C:\Users\Ian\AppData\Roaming\Mozilla\Firefox\Profiles\qeaxqphf.default\cookies.txt ]
.adultfriendfinder.com [ C:\Users\Ian\AppData\Roaming\Mozilla\Firefox\Profiles\qeaxqphf.default\cookies.txt ]
.adultfriendfinder.com [ C:\Users\Ian\AppData\Roaming\Mozilla\Firefox\Profiles\qeaxqphf.default\cookies.txt ]
publisher.adultking.com [ C:\Users\Ian\AppData\Roaming\Mozilla\Firefox\Profiles\qeaxqphf.default\cookies.txt ]
publisher.adultking.com [ C:\Users\Ian\AppData\Roaming\Mozilla\Firefox\Profiles\qeaxqphf.default\cookies.txt ]
publisher.adultking.com [ C:\Users\Ian\AppData\Roaming\Mozilla\Firefox\Profiles\qeaxqphf.default\cookies.txt ]
statse.webtrendslive.com [ C:\Users\Ian\AppData\Roaming\Mozilla\Firefox\Profiles\qeaxqphf.default\cookies.txt ]
.partygaming.122.2o7.net [ C:\Users\Ian\AppData\Roaming\Mozilla\Firefox\Profiles\qeaxqphf.default\cookies.txt ]
.partypoker.com [ C:\Users\Ian\AppData\Roaming\Mozilla\Firefox\Profiles\qeaxqphf.default\cookies.txt ]
.partypoker.com [ C:\Users\Ian\AppData\Roaming\Mozilla\Firefox\Profiles\qeaxqphf.default\cookies.txt ]
.adbrite.com [ C:\Users\Ian\AppData\Roaming\Mozilla\Firefox\Profiles\qeaxqphf.default\cookies.txt ]
.adbrite.com [ C:\Users\Ian\AppData\Roaming\Mozilla\Firefox\Profiles\qeaxqphf.default\cookies.txt ]
.adbrite.com [ C:\Users\Ian\AppData\Roaming\Mozilla\Firefox\Profiles\qeaxqphf.default\cookies.txt ]
.adbrite.com [ C:\Users\Ian\AppData\Roaming\Mozilla\Firefox\Profiles\qeaxqphf.default\cookies.txt ]
ad1.clickhype.com [ C:\Users\Ian\AppData\Roaming\Mozilla\Firefox\Profiles\qeaxqphf.default\cookies.txt ]
.serving-sys.com [ C:\Users\Ian\AppData\Roaming\Mozilla\Firefox\Profiles\qeaxqphf.default\cookies.txt ]
.serving-sys.com [ C:\Users\Ian\AppData\Roaming\Mozilla\Firefox\Profiles\qeaxqphf.default\cookies.txt ]
.serving-sys.com [ C:\Users\Ian\AppData\Roaming\Mozilla\Firefox\Profiles\qeaxqphf.default\cookies.txt ]
.serving-sys.com [ C:\Users\Ian\AppData\Roaming\Mozilla\Firefox\Profiles\qeaxqphf.default\cookies.txt ]
.bs.serving-sys.com [ C:\Users\Ian\AppData\Roaming\Mozilla\Firefox\Profiles\qeaxqphf.default\cookies.txt ]
.serving-sys.com [ C:\Users\Ian\AppData\Roaming\Mozilla\Firefox\Profiles\qeaxqphf.default\cookies.txt ]
.serving-sys.com [ C:\Users\Ian\AppData\Roaming\Mozilla\Firefox\Profiles\qeaxqphf.default\cookies.txt ]
.ads.pointroll.com [ C:\Users\Ian\AppData\Roaming\Mozilla\Firefox\Profiles\qeaxqphf.default\cookies.txt ]
.ads.pointroll.com [ C:\Users\Ian\AppData\Roaming\Mozilla\Firefox\Profiles\qeaxqphf.default\cookies.txt ]
.ads.pointroll.com [ C:\Users\Ian\AppData\Roaming\Mozilla\Firefox\Profiles\qeaxqphf.default\cookies.txt ]
.ads.pointroll.com [ C:\Users\Ian\AppData\Roaming\Mozilla\Firefox\Profiles\qeaxqphf.default\cookies.txt ]
.ads.pointroll.com [ C:\Users\Ian\AppData\Roaming\Mozilla\Firefox\Profiles\qeaxqphf.default\cookies.txt ]
.ads.pointroll.com [ C:\Users\Ian\AppData\Roaming\Mozilla\Firefox\Profiles\qeaxqphf.default\cookies.txt ]
.ads.pointroll.com [ C:\Users\Ian\AppData\Roaming\Mozilla\Firefox\Profiles\qeaxqphf.default\cookies.txt ]
.atk-hairygirls.com [ C:\Users\Ian\AppData\Roaming\Mozilla\Firefox\Profiles\qeaxqphf.default\cookies.txt ]
.atk-hairygirls.com [ C:\Users\Ian\AppData\Roaming\Mozilla\Firefox\Profiles\qeaxqphf.default\cookies.txt ]
a2.adserver01.de [ C:\Users\Ian\AppData\Roaming\Mozilla\Firefox\Profiles\qeaxqphf.default\cookies.txt ]
.roiservice.com [ C:\Users\Ian\AppData\Roaming\Mozilla\Firefox\Profiles\qeaxqphf.default\cookies.txt ]
C:\Users\SPARE\AppData\Roaming\Microsoft\Windows\Cookies\Low\spare@ad.yieldmanager[1].txt
C:\Users\SPARE\AppData\Roaming\Microsoft\Windows\Cookies\Low\spare@adrevolver[2].txt
C:\Users\SPARE\AppData\Roaming\Microsoft\Windows\Cookies\Low\spare@adstats.cdfreaks[2].txt
C:\Users\SPARE\AppData\Roaming\Microsoft\Windows\Cookies\Low\spare@advertising[1].txt
C:\Users\SPARE\AppData\Roaming\Microsoft\Windows\Cookies\Low\spare@adviva[1].txt
C:\Users\SPARE\AppData\Roaming\Microsoft\Windows\Cookies\Low\spare@atdmt[2].txt
C:\Users\SPARE\AppData\Roaming\Microsoft\Windows\Cookies\Low\spare@bs.serving-sys[2].txt
C:\Users\SPARE\AppData\Roaming\Microsoft\Windows\Cookies\Low\spare@doubleclick[2].txt
C:\Users\SPARE\AppData\Roaming\Microsoft\Windows\Cookies\Low\spare@e-2dj6wfk4andzcep.stats.esomniture[2].txt
C:\Users\SPARE\AppData\Roaming\Microsoft\Windows\Cookies\Low\spare@e-2dj6wfkokiczeeo.stats.esomniture[2].txt
C:\Users\SPARE\AppData\Roaming\Microsoft\Windows\Cookies\Low\spare@e-2dj6wgkowkazgfo.stats.esomniture[2].txt
C:\Users\SPARE\AppData\Roaming\Microsoft\Windows\Cookies\Low\spare@imrworldwide[2].txt
C:\Users\SPARE\AppData\Roaming\Microsoft\Windows\Cookies\Low\spare@kontera[2].txt
C:\Users\SPARE\AppData\Roaming\Microsoft\Windows\Cookies\Low\spare@media.adrevolver[2].txt
C:\Users\SPARE\AppData\Roaming\Microsoft\Windows\Cookies\Low\spare@media.adrevolver[3].txt
C:\Users\SPARE\AppData\Roaming\Microsoft\Windows\Cookies\Low\spare@mediaplex[1].txt
C:\Users\SPARE\AppData\Roaming\Microsoft\Windows\Cookies\Low\spare@msnportal.112.2o7[1].txt
C:\Users\SPARE\AppData\Roaming\Microsoft\Windows\Cookies\Low\spare@serving-sys[2].txt
C:\Users\SPARE\AppData\Roaming\Microsoft\Windows\Cookies\Low\spare@specificclick[1].txt
C:\Users\SPARE\AppData\Roaming\Microsoft\Windows\Cookies\Low\spare@statse.webtrendslive[1].txt
C:\Users\SPARE\AppData\Roaming\Microsoft\Windows\Cookies\Low\spare@www.googleadservices[1].txt
C:\Users\SPARE\AppData\Roaming\Microsoft\Windows\Cookies\spare@2o7[2].txt
C:\Users\SPARE\AppData\Roaming\Microsoft\Windows\Cookies\spare@adlegend[1].txt
C:\Users\SPARE\AppData\Roaming\Microsoft\Windows\Cookies\spare@adopt.euroclick[2].txt
C:\Users\SPARE\AppData\Roaming\Microsoft\Windows\Cookies\spare@atdmt[2].txt
C:\Users\SPARE\AppData\Roaming\Microsoft\Windows\Cookies\spare@bs.serving-sys[2].txt
C:\Users\SPARE\AppData\Roaming\Microsoft\Windows\Cookies\spare@doubleclick[1].txt
C:\Users\SPARE\AppData\Roaming\Microsoft\Windows\Cookies\spare@mediaplex[1].txt
C:\Users\SPARE\AppData\Roaming\Microsoft\Windows\Cookies\spare@serving-sys[1].txt
C:\Users\SPARE\AppData\Roaming\Microsoft\Windows\Cookies\spare@tradedoubler[2].txt
.adviva.net [ C:\Users\SPARE\AppData\Roaming\Mozilla\Firefox\Profiles\snfxwemr.default\cookies.txt ]
.doubleclick.net [ C:\Users\SPARE\AppData\Roaming\Mozilla\Firefox\Profiles\snfxwemr.default\cookies.txt ]
.adviva.net [ C:\Users\SPARE\AppData\Roaming\Mozilla\Firefox\Profiles\snfxwemr.default\cookies.txt ]
.atdmt.com [ C:\Users\SPARE\AppData\Roaming\Mozilla\Firefox\Profiles\snfxwemr.default\cookies.txt ]
.mediaplex.com [ C:\Users\SPARE\AppData\Roaming\Mozilla\Firefox\Profiles\snfxwemr.default\cookies.txt ]
.adrevolver.com [ C:\Users\SPARE\AppData\Roaming\Mozilla\Firefox\Profiles\snfxwemr.default\cookies.txt ]
.adrevolver.com [ C:\Users\SPARE\AppData\Roaming\Mozilla\Firefox\Profiles\snfxwemr.default\cookies.txt ]
media.adrevolver.com [ C:\Users\SPARE\AppData\Roaming\Mozilla\Firefox\Profiles\snfxwemr.default\cookies.txt ]
.imrworldwide.com [ C:\Users\SPARE\AppData\Roaming\Mozilla\Firefox\Profiles\snfxwemr.default\cookies.txt ]
.imrworldwide.com [ C:\Users\SPARE\AppData\Roaming\Mozilla\Firefox\Profiles\snfxwemr.default\cookies.txt ]
.fls.doubleclick.net [ C:\Users\SPARE\AppData\Roaming\Mozilla\Firefox\Profiles\snfxwemr.default\cookies.txt ]
.fls.doubleclick.net [ C:\Users\SPARE\AppData\Roaming\Mozilla\Firefox\Profiles\snfxwemr.default\cookies.txt ]
fr.sitestat.com [ C:\Users\SPARE\AppData\Roaming\Mozilla\Firefox\Profiles\snfxwemr.default\cookies.txt ]
fr.sitestat.com [ C:\Users\SPARE\AppData\Roaming\Mozilla\Firefox\Profiles\snfxwemr.default\cookies.txt ]
stats.renault.co.uk [ C:\Users\SPARE\AppData\Roaming\Mozilla\Firefox\Profiles\snfxwemr.default\cookies.txt ]
.advertising.com [ C:\Users\SPARE\AppData\Roaming\Mozilla\Firefox\Profiles\snfxwemr.default\cookies.txt ]
.advertising.com [ C:\Users\SPARE\AppData\Roaming\Mozilla\Firefox\Profiles\snfxwemr.default\cookies.txt ]
.advertising.com [ C:\Users\SPARE\AppData\Roaming\Mozilla\Firefox\Profiles\snfxwemr.default\cookies.txt ]
.ad.yieldmanager.com [ C:\Users\SPARE\AppData\Roaming\Mozilla\Firefox\Profiles\snfxwemr.default\cookies.txt ]
ad.yieldmanager.com [ C:\Users\SPARE\AppData\Roaming\Mozilla\Firefox\Profiles\snfxwemr.default\cookies.txt ]
ad.yieldmanager.com [ C:\Users\SPARE\AppData\Roaming\Mozilla\Firefox\Profiles\snfxwemr.default\cookies.txt ]
ad.yieldmanager.com [ C:\Users\SPARE\AppData\Roaming\Mozilla\Firefox\Profiles\snfxwemr.default\cookies.txt ]
ad.yieldmanager.com [ C:\Users\SPARE\AppData\Roaming\Mozilla\Firefox\Profiles\snfxwemr.default\cookies.txt ]
ad.yieldmanager.com [ C:\Users\SPARE\AppData\Roaming\Mozilla\Firefox\Profiles\snfxwemr.default\cookies.txt ]
.advertising.com [ C:\Users\SPARE\AppData\Roaming\Mozilla\Firefox\Profiles\snfxwemr.default\cookies.txt ]
.advertising.com [ C:\Users\SPARE\AppData\Roaming\Mozilla\Firefox\Profiles\snfxwemr.default\cookies.txt ]
.toplist.cz [ C:\Users\SPARE\AppData\Roaming\Mozilla\Firefox\Profiles\snfxwemr.default\cookies.txt ]
.tribalfusion.com [ C:\Users\SPARE\AppData\Roaming\Mozilla\Firefox\Profiles\snfxwemr.default\cookies.txt ]
.revsci.net [ C:\Users\SPARE\AppData\Roaming\Mozilla\Firefox\Profiles\snfxwemr.default\cookies.txt ]
.2o7.net [ C:\Users\SPARE\AppData\Roaming\Mozilla\Firefox\Profiles\snfxwemr.default\cookies.txt ]
.2o7.net [ C:\Users\SPARE\AppData\Roaming\Mozilla\Firefox\Profiles\snfxwemr.default\cookies.txt ]
.2o7.net [ C:\Users\SPARE\AppData\Roaming\Mozilla\Firefox\Profiles\snfxwemr.default\cookies.txt ]
.2o7.net [ C:\Users\SPARE\AppData\Roaming\Mozilla\Firefox\Profiles\snfxwemr.default\cookies.txt ]
.2o7.net [ C:\Users\SPARE\AppData\Roaming\Mozilla\Firefox\Profiles\snfxwemr.default\cookies.txt ]
.2o7.net [ C:\Users\SPARE\AppData\Roaming\Mozilla\Firefox\Profiles\snfxwemr.default\cookies.txt ]
.2o7.net [ C:\Users\SPARE\AppData\Roaming\Mozilla\Firefox\Profiles\snfxwemr.default\cookies.txt ]
.questionmarket.com [ C:\Users\SPARE\AppData\Roaming\Mozilla\Firefox\Profiles\snfxwemr.default\cookies.txt ]
.questionmarket.com [ C:\Users\SPARE\AppData\Roaming\Mozilla\Firefox\Profiles\snfxwemr.default\cookies.txt ]
.adopt.euroclick.com [ C:\Users\SPARE\AppData\Roaming\Mozilla\Firefox\Profiles\snfxwemr.default\cookies.txt ]
.adopt.euroclick.com [ C:\Users\SPARE\AppData\Roaming\Mozilla\Firefox\Profiles\snfxwemr.default\cookies.txt ]
.hitbox.com [ C:\Users\SPARE\AppData\Roaming\Mozilla\Firefox\Profiles\snfxwemr.default\cookies.txt ]
.ehg-autotrader.hitbox.com [ C:\Users\SPARE\AppData\Roaming\Mozilla\Firefox\Profiles\snfxwemr.default\cookies.txt ]
.serving-sys.com [ C:\Users\SPARE\AppData\Roaming\Mozilla\Firefox\Profiles\snfxwemr.default\cookies.txt ]
.bs.serving-sys.com [ C:\Users\SPARE\AppData\Roaming\Mozilla\Firefox\Profiles\snfxwemr.default\cookies.txt ]
.serving-sys.com [ C:\Users\SPARE\AppData\Roaming\Mozilla\Firefox\Profiles\snfxwemr.default\cookies.txt ]
.serving-sys.com [ C:\Users\SPARE\AppData\Roaming\Mozilla\Firefox\Profiles\snfxwemr.default\cookies.txt ]
.serving-sys.com [ C:\Users\SPARE\AppData\Roaming\Mozilla\Firefox\Profiles\snfxwemr.default\cookies.txt ]
.serving-sys.com [ C:\Users\SPARE\AppData\Roaming\Mozilla\Firefox\Profiles\snfxwemr.default\cookies.txt ]
.serving-sys.com [ C:\Users\SPARE\AppData\Roaming\Mozilla\Firefox\Profiles\snfxwemr.default\cookies.txt ]
.fastclick.net [ C:\Users\SPARE\AppData\Roaming\Mozilla\Firefox\Profiles\snfxwemr.default\cookies.txt ]
track.adform.net [ C:\Users\SPARE\AppData\Roaming\Mozilla\Firefox\Profiles\snfxwemr.default\cookies.txt ]
.fastclick.net [ |
Previous
Index
Next
Threaded
Edit
Reply
Quote
