Task manager, disk defragmentation, and regedit don't work

BullGuard Antivirus Forum > Virus Removal > Removal Help > Task manager, disk defragmentation, and regedit don't work

Forum Quick Jump

[ << Previous Thread | Next Thread >> ]

CrimsonTriad
New Member

Date Joined Jun 2008
Total Posts : 8

Posted 7-1-2008 7:12 (GMT +2)

they open up the window for a second before automatically closing. not even enough time to see anything really. i don't know what to do. here is my HijackThis log. can anyone help me out here?

Logfile of HijackThis v1.99.1
Scan saved at 11:45:49 PM, on 6/30/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ACS.exe
C:\WINDOWS\Explorer.EXE
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Toshiba\Power Management\CeEPwrSvc.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\WINDOWS\system32\DVDRAMSV.exe
c:\Program Files\Norton AntiVirus\navapsvc.exe
c:\Program Files\Norton AntiVirus\SAVScan.exe
c:\Toshiba\Ivp\Swupdate\swupdtmr.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
C:\Program Files\TOSHIBA\Power Management\CePMTray.exe
C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\EzButton\EzButton.EXE
C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\toshiba\ivp\ism\pinger.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSServ.exe
C:\WINDOWS\system32\WINHOST.EXE
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
C:\PROGRA~1\MUSICM~1\MUSICM~1\MMDiag.exe
C:\Program Files\Plaxo\2.13.1.6\PlaxoHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mim.exe
C:\WINDOWS\system32\RAMASST.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSCNo.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\HijackThis\HijackThis.exe
C:\Program Files\Messenger\msmsgs.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://grannyfatpants.livejournal.com/friends/
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [CeEKEY] C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
O4 - HKLM\..\Run: [CeEPOWER] C:\Program Files\TOSHIBA\Power Management\CePMTray.exe
O4 - HKLM\..\Run: [TPNF] C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [EzButton] C:\Program Files\EzButton\EzButton.EXE
O4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [Notebook Maximizer] C:\Program Files\Notebook Maximizer\maximizer_startup.exe
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~1\mimboot.exe
O4 - HKLM\..\Run: [MMTray] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe"
O4 - HKLM\..\Run: [RegSvr32] C:\WINDOWS\system32\msmsgs.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [!(Rfa2W] C:\WINDOWS\svchost.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [CFSServ.exe] CFSServ.exe -NoClient
O4 - HKLM\..\Run: [Windows NetConfig] WINHOST.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\RunServices: [stratas] lockx.exe
O4 - HKCU\..\Run: [PlaxoUpdate] C:\Program Files\Plaxo\2.13.1.6\PlaxoHelper.exe -a
O4 - HKCU\..\Run: [!(Rfa2W] C:\WINDOWS\svchost.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\RunOnce: [Windows NetConfig] WINHOST.EXE
O4 - Global Startup: Cisco Systems VPN Client.lnk = C:\Program Files\Cisco Systems\VPN Client\vpngui.exe
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: eBay - Homepage - {EF79EAC5-3452-4E02-B8BD-BA4C89F1AC7A} - C:\Program Files\IrfanView\Ebay\Ebay.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.toshiba.com
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1173921915000
O20 - Winlogon Notify: jkhfc - C:\WINDOWS\system32\jkhfc.dll (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\ACS.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: CeEPwrSvc - COMPAL ELECTRONIC INC. - C:\Program Files\Toshiba\Power Management\CeEPwrSvc.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: DVD-RAM_Service - Matsu!!!!a Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: SAVScan - Symantec Corporation - c:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Swupdtmr - Unknown owner - c:\Toshiba\Ivp\Swupdate\swupdtmr.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

Touch
Forum Moderator

Date Joined Jun 2004
Total Posts : 12798

Posted 7-1-2008 7:51 (GMT +2)

Hello CrimsonTriad cool

Go to Start - Control Panel - Add-Remove Programs

Remove the following if found or any variation:

Viewpoint Manager Service

Please download Combofix:

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

And save to the desktop.

Close all other browser windows.

Important-> Temporarily disable your anti-virus, real-time protection before performing a scan. They can interfere with combofix or remove some of its embedded files which may cause "unpredictable results".

Go to Start->Run and copy/paste: ComboFix /snapshot and hit OK. It should run Combofix.

Please note, that once you start combofix you should not click anywhere on the combofix window as it can cause the program to stall. In fact, when combofix is running, do not touch your computer at all and just take a break as it may take a while for it to complete.

When finished, it will produce a logfile located at C:\combofix.txt.

Post the contents of that log in your next reply with a new hijackthis log.

Please copy and paste your log files. DO NOT add it as an attachment

NB. If you are using any P2P (file sharing) programs, please remove them before we clean your computer.. We do not clean logs that have P2P applications installed as this can cause reinfection during your cleaning.

Do NOT post your problem in someone elses thread.

Member of - Alliance of Security Analysis Professionals

CrimsonTriad
New Member

Date Joined Jun 2008
Total Posts : 8

Posted 7-1-2008 7:51 (GMT +2)

should i remove the viewpoint media player as well?

Touch
Forum Moderator

Date Joined Jun 2004
Total Posts : 12798

Posted 7-1-2008 7:57 (GMT +2)

I suggest you do ->

"Viewpoint Media Player is sometimes claimed to be adware. Although it does not directly collect user identifiable information, the license agreement states that the software collects information about users' interactions with advertisements and the browser and operating system in use. This information is collected by Viewpoint along with a unique identifying code"

Do NOT post your problem in someone elses thread.

Member of - Alliance of Security Analysis Professionals

CrimsonTriad
New Member

Date Joined Jun 2008
Total Posts : 8

Posted 7-1-2008 8:00 (GMT +2)

also, when i tried to run ComboFix /snapshot it said it could not be found. can i just open the program from my desktop?

CrimsonTriad
New Member

Date Joined Jun 2008
Total Posts : 8

Posted 7-1-2008 11:19 (GMT +2)

so i found another thread where someone was having a similar problem as i was and couldn't get combofix to work. so you suggested using malwarebytes anti-malware. after running that i was able to run combo fix. but task manager and disk defrag and regedit still don't work!

HIJACK THIS

Logfile of HijackThis v1.99.1
Scan saved at 4:13:37 PM, on 7/1/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ACS.exe
C:\WINDOWS\Explorer.EXE
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Toshiba\Power Management\CeEPwrSvc.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\WINDOWS\system32\DVDRAMSV.exe
c:\Program Files\Norton AntiVirus\navapsvc.exe
c:\Program Files\Norton AntiVirus\SAVScan.exe
c:\Toshiba\Ivp\Swupdate\swupdtmr.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
C:\Program Files\TOSHIBA\Power Management\CePMTray.exe
C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\EzButton\EzButton.EXE
C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\toshiba\ivp\ism\pinger.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\MUSICM~1\MUSICM~1\MMDiag.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSServ.exe
C:\WINDOWS\system32\WINHOST.EXE
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mim.exe
C:\Program Files\Plaxo\2.13.1.6\PlaxoHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\RAMASST.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSCNo.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://grannyfatpants.livejournal.com/friends/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [CeEKEY] C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
O4 - HKLM\..\Run: [CeEPOWER] C:\Program Files\TOSHIBA\Power Management\CePMTray.exe
O4 - HKLM\..\Run: [TPNF] C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [EzButton] C:\Program Files\EzButton\EzButton.EXE
O4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [Notebook Maximizer] C:\Program Files\Notebook Maximizer\maximizer_startup.exe
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~1\mimboot.exe
O4 - HKLM\..\Run: [MMTray] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe"
O4 - HKLM\..\Run: [RegSvr32] C:\WINDOWS\system32\msmsgs.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [!(Rfa2W] C:\WINDOWS\svchost.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [CFSServ.exe] CFSServ.exe -NoClient
O4 - HKLM\..\Run: [Windows NetConfig] WINHOST.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\RunServices: [stratas] lockx.exe
O4 - HKCU\..\Run: [PlaxoUpdate] C:\Program Files\Plaxo\2.13.1.6\PlaxoHelper.exe -a
O4 - HKCU\..\Run: [!(Rfa2W] C:\WINDOWS\svchost.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\RunOnce: [Windows NetConfig] WINHOST.EXE
O4 - Global Startup: Cisco Systems VPN Client.lnk = C:\Program Files\Cisco Systems\VPN Client\vpngui.exe
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: eBay - Homepage - {EF79EAC5-3452-4E02-B8BD-BA4C89F1AC7A} - C:\Program Files\IrfanView\Ebay\Ebay.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.toshiba.com
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1173921915000
O20 - Winlogon Notify: jkhfc - C:\WINDOWS\system32\jkhfc.dll (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\ACS.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: CeEPwrSvc - COMPAL ELECTRONIC INC. - C:\Program Files\Toshiba\Power Management\CeEPwrSvc.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: DVD-RAM_Service - Matsu!!!!a Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: SAVScan - Symantec Corporation - c:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Swupdtmr - Unknown owner - c:\Toshiba\Ivp\Swupdate\swupdtmr.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

COMBO FIX LOG

ComboFix 08-06-30.2 - Jaime 2008-07-01 16:52:39.2 - NTFSx86
Running from: C:\Documents and Settings\Jaime\Desktop\ComboFix.exe
Command switches used :: /snapshot

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Created from 2008-06-01 to 2008-07-01 )))))))))))))))))))))))))))))))
.

2008-07-01 13:38 . 2008-07-01 13:38 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-07-01 13:38 . 2008-07-01 13:38 <DIR> d-------- C:\Documents and Settings\Jaime\Application Data\Malwarebytes
2008-07-01 13:38 . 2008-07-01 13:38 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-07-01 13:38 . 2008-06-28 14:16 34,296 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-07-01 13:38 . 2008-06-28 14:16 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-06-29 16:39 . 2004-02-26 01:17 38,868 --------- C:\WINDOWS\hpomdl03.dat
2008-06-29 16:39 . 2008-06-29 16:54 29,171 --a------ C:\WINDOWS\hpoins03.dat
2008-06-29 16:05 . 2004-08-03 23:08 31,616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys
2008-06-29 16:05 . 2004-08-03 23:08 31,616 --a--c--- C:\WINDOWS\system32\dllcache\usbccgp.sys
2008-06-21 09:55 . 2008-02-22 02:33 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-06-21 08:58 . 2008-06-21 04:35 691,545 --a------ C:\WINDOWS\unins000.exe
2008-06-21 08:58 . 2008-06-21 08:58 2,548 --a------ C:\WINDOWS\unins000.dat
2008-06-11 00:38 . 2008-06-13 08:10 272,128 --------- C:\WINDOWS\system32\drivers\bthport.sys
2008-06-11 00:38 . 2008-06-13 08:10 272,128 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys
2008-06-07 21:37 . 2008-07-01 09:45 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-06-07 21:37 . 2008-06-07 21:37 1,409 --a------ C:\WINDOWS\QTFont.for

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-01 21:06 --------- d-----w C:\Program Files\Plaxo
2008-07-01 17:59 --------- d-----w C:\Documents and Settings\All Users\Application Data\Viewpoint
2008-07-01 03:37 --------- d-----w C:\Program Files\Notebook Maximizer
2008-07-01 03:27 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-07-01 03:27 --------- d-----w C:\Program Files\Soulseek
2008-06-21 15:50 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-06-21 14:55 --------- d-----w C:\Program Files\Java
2008-06-21 14:45 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-06-20 16:10 --------- d-----w C:\Program Files\Winamp
2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
2008-05-07 05:18 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll
2008-04-21 07:04 659,456 ----a-w C:\WINDOWS\system32\wininet.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PlaxoUpdate"="C:\Program Files\Plaxo\2.13.1.6\PlaxoHelper.exe" [2008-04-14 17:36 227914]
"!(Rfa2W"="C:\WINDOWS\svchost.exe" [BU]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 07:00 15360]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]
"Sonic RecordNow!"="" [BU]
"Aim6"="" [BU]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Windows NetConfig"="WINHOST.EXE" [2007-02-25 11:25 603136 C:\WINDOWS\system32\winhost.exe]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CeEKEY"="C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe" [2004-06-14 07:00 638976]
"CeEPOWER"="C:\Program Files\TOSHIBA\Power Management\CePMTray.exe" [2004-08-19 20:14 135168]
"TPNF"="C:\Program Files\TOSHIBA\TouchPad\TPTray.exe" [2004-03-14 22:17 53248]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2004-07-20 04:04 122939]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-04-21 23:10 335872]
"Apoint"="C:\Program Files\Apoint2K\Apoint.exe" [2003-10-30 18:46 192512]
"EzButton"="C:\Program Files\EzButton\EzButton.EXE" [2004-05-14 12:29 712704]
"PadTouch"="C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe" [2004-02-03 16:47 1089589]
"ccApp"="c:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2005-12-12 15:37 71328]
"Pinger"="c:\toshiba\ivp\ism\pinger.exe" [2003-10-20 11:39 159744]
"Symantec NetDriver Monitor"="C:\PROGRA~1\SYMNET~1\SNDMon.exe" [2005-10-07 13:25 100056]
"Notebook Maximizer"="C:\Program Files\Notebook Maximizer\maximizer_startup.exe" [2004-05-25 16:35 28672]
"MimBoot"="C:\PROGRA~1\MUSICM~1\MUSICM~1\mimboot.exe" [2005-05-10 17:04 11776]
"MMTray"="C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe" [2005-05-10 17:04 110592]
"RegSvr32"="C:\WINDOWS\system32\msmsgs.exe" [BU]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-05-18 04:04 282624]
"!(Rfa2W"="C:\WINDOWS\svchost.exe" [BU]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2006-06-14 17:24 278528]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2008-01-15 17:54 37376]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-04-09 09:03 185896]
"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe" [2004-02-26 01:17 176128]
"AGRSMMSG"="AGRSMMSG.exe" [2004-02-20 17:00 88363 C:\WINDOWS\agrsmmsg.exe]
"NDSTray.exe"="NDSTray.exe" [BU]
"CFSServ.exe"="CFSServ.exe" [BU]
"Windows NetConfig"="WINHOST.EXE" [2007-02-25 11:25 603136 C:\WINDOWS\system32\winhost.exe]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
"stratas"="lockx.exe" [BU]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Cisco Systems VPN Client.lnk - C:\Program Files\Cisco Systems\VPN Client\vpngui.exe [2005-06-01 19:12:25 1462104]
RAMASST.lnk - C:\WINDOWS\system32\RAMASST.exe [2004-08-10 16:15:20 155648]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\jkhfc]
C:\WINDOWS\system32\jkhfc.dll [BU]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.NSVI"= NSVIDEO.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Soulseek\\slsk.exe"=
"C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE"=
"C:\\WINDOWS\\system32\\fxsclnt.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\WINDOWS\\system32"=
"C:\\Program Files\\AIM\\aim.exe"=
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"C:\\Program Files\\AIM\\AIM95_c0\\aim.exe"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"C:\\Program Files\\Winamp\\winamp.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\AIM6\\aim6.exe"=
"C:\\WINDOWS\\system32\\winhost.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"C:\\Program Files\\Winamp Remote\\bin\\Orb.exe"=
"C:\\Program Files\\Winamp Remote\\bin\\OrbTray.exe"=
"C:\\Program Files\\Winamp Remote\\bin\\OrbStreamerClient.exe"=

R0 Achernar;Achernar - SCSI Command Filters;C:\WINDOWS\system32\Drivers\Achernar.sys [2004-02-11 15:34]
R1 oreans32;oreans32;C:\WINDOWS\system32\drivers\oreans32.sys [2006-10-21 23:31]
R3 Aldebaran;Aldebaran - SCSI Command Filters;C:\WINDOWS\system32\Drivers\Aldebaran.sys [2004-02-11 15:34]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{04FCD2C2-2623-7FD0-736A-44EFFC9284B2}]
C:\Documents and Settings\Jaime\Application Data\svchost.exe s
.
Contents of the 'Scheduled Tasks' folder
"2008-06-21 01:11:13 C:\WINDOWS\Tasks\Norton AntiVirus - Scan my computer - Jaime.job"
- c:\PROGRA~1\NORTON~1\Navw32.exeh/task:
"2008-07-01 21:56:00 C:\WINDOWS\Tasks\Symantec NetDetect.job"
- C:\Program Files\Symantec\LiveUpdate\NDetect.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-01 16:56:35
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Windows NetConfig = WINHOST.EXE?pepsi?#oreos?!s0xr0x!???2???Windows NetConfig???????lolz?bH b0t?payload.dat?????????bH b0t??'?E???????????E???????E
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce
Windows NetConfig = WINHOST.EXE?pepsi?#oreos?!s0xr0x!???2???Windows NetConfig???????lolz?bH b0t?payload.dat?????????bH b0t??'?E???????????E???????E

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-07-01 16:58:43
ComboFix-quarantined-files.txt 2008-07-01 21:58:36
ComboFix2.txt 2008-07-01 21:00:15

Pre-Run: 3,837,087,744 bytes free
Post-Run: 3,827,052,544 bytes free

145 --- E O F --- 2008-06-21 02:26:36

MALWAREBYTES LOG

Malwarebytes' Anti-Malware 1.19
Database version: 912
Windows 5.1.2600 Service Pack 2

3:43:28 PM 7/1/2008
mbam-log-7-1-2008 (15-43-28).txt

Scan type: Full Scan (C:\|)
Objects scanned: 119628
Time elapsed: 1 hour(s), 47 minute(s), 7 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 7
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 5

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\Interface\{04a38f6b-006f-4247-ba4c-02a139d5531c} (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{3c2d2a1e-031f-4397-9614-87c932a848e0} (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{2b96d5cc-c5b5-49a5-a69d-cc0a30f9028c} (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\minibugtransporter.minibugtransporterx (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\minibugtransporter.minibugtransporterx.1 (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{daed9266-8c28-4c1c-8b58-5c66eff1d302} (Search.Hijack) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\E404.e404mgr (Trojan.BHO) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\CmdMapping\{9034a523-d068-4be8-a284-9df278be776e} (Trojan.Zlob) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Program Files\AWS\WeatherBug\MiniBugTransporter.dll (Adware.Minibug) -> Quarantined and deleted successfully.
C:\RECYCLER\S-1-5-21-381477846-825013387-3398208425-1006\Dc233.exe (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\RECYCLER\S-1-5-21-381477846-825013387-3398208425-1006\Dc234.exe (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\RECYCLER\S-1-5-21-381477846-825013387-3398208425-1006\Dc236.exe (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\LogFiles\HP0061400.so (Spyware.OnlineGames) -> Quarantined and deleted successfully.

Post Edited (CrimsonTriad) : 01-07-2008 22:17:23 GMT

Touch
Forum Moderator

Date Joined Jun 2004
Total Posts : 12798

Posted 7-2-2008 9:47 (GMT +2)

You have a large number of infections, I´ll therefore suggest you run the below scan tools -

Please download Free Version of Superantispyware

http://www.superantispyware.com/superantispywarefreevspro.html

Install it using the Standard Install option. (You will be asked for your e-mail address, it is safe to give it.

close the program

Please download ATF Cleaner:

http://www.atribune.org/ccount/click.php?id=1 by Atribune.
This program is for XP and Windows 2000 only

Download DrWebCureit:

ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe

to your desktop.

Please print out or copy this page to Notepad as you will be in Safe Mode and unable to refer to this page.

Reboot to Safe mode

Double click ATF-Cleaner.exe to run the program.
Check the boxes to the left of:
Windows Temp
Current User Temp
All Users Temp
Temporary Internet Files
Prefetch (Windows XP) only.
Java Cache

Recycle Bin

NB. It's normal after running ATF cleaner that the PC will be slower to boot the first time.

Doubleclick the "drweb-cureit.exe" and click "Start" in the prompt window that will open , asking "start the express scan now".

It will first make a quick scan of your system, let it clean what it find, and when it says "done"

Click on the Options->Change settings.

Actions Tab- Adware-Dialers-Riskware-Hacktools, use dropdown menu and select –Rename

Click – Apply - OK

Click on Scan Tab. Move dot from Express scan to Complete Scan. Click on The Green arrow to the right. It will now scan your drive(s), say yes to all

After the scan, in the Dr.Web CureIt menu on top, click file and choose save report list

Save the report to your desktop. The report will be called DrWeb.csv

Close Dr.Web Cureit.

Reboot your computer!! Because it could be possible that files in use will be moved/deleted during reboot.

Start Superantispyware.

Hit - Scan Your Computer - button

Click on the drive(s) you want to scan. Put a check in - Perform Complete Scan, then next,

it will scan now. When scan have finished, put a checkmark with all items it found. Next, after cleaning, allow it to Reboot

Start Superantispyware again –

Click Preferences and then click the statistics/logs tab.

Click the dated log and press view log and a text file will appear.

Post this log along with fresh hijackthis log, Dr.Web log, new combofix log.

Do NOT post your problem in someone elses thread.

Member of - Alliance of Security Analysis Professionals

CrimsonTriad
New Member

Date Joined Jun 2008
Total Posts : 8

Posted 7-3-2008 6:54 (GMT +2)

Super AntiSpyware Log
SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 07/02/2008 at 09:18 PM

Application Version : 4.15.1000

Core Rules Database Version : 3496
Trace Rules Database Version: 1487

Scan type : Complete Scan
Total Scan Time : 00:41:28

Memory items scanned : 524
Memory threats detected : 0
Registry items scanned : 5434
Registry threats detected : 52
File items scanned : 17974
File threats detected : 27

Unclassified.Oreans32
HKLM\System\ControlSet001\Services\oreans32
C:\WINDOWS\SYSTEM32\DRIVERS\OREANS32.SYS
HKLM\System\ControlSet001\Enum\Root\LEGACY_oreans32
HKLM\System\ControlSet003\Services\oreans32
HKLM\System\ControlSet003\Enum\Root\LEGACY_oreans32
HKLM\System\CurrentControlSet\Services\oreans32
HKLM\System\CurrentControlSet\Enum\Root\LEGACY_oreans32
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_OREANS32#NextInstance
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_OREANS32\0000
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_OREANS32\0000#Service
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_OREANS32\0000#Legacy
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_OREANS32\0000#ConfigFlags
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_OREANS32\0000#Class
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_OREANS32\0000#ClassGUID
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_OREANS32\0000#DeviceDesc
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_OREANS32\0000#Capabilities
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_OREANS32\0000#Driver
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_OREANS32\0000\LogConf
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_OREANS32\0000\Control
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_OREANS32\0000\Control#ActiveService
HKLM\SYSTEM\CurrentControlSet\Services\oreans32#Type
HKLM\SYSTEM\CurrentControlSet\Services\oreans32#Start
HKLM\SYSTEM\CurrentControlSet\Services\oreans32#ErrorControl
HKLM\SYSTEM\CurrentControlSet\Services\oreans32#ImagePath
HKLM\SYSTEM\CurrentControlSet\Services\oreans32#DisplayName
HKLM\SYSTEM\CurrentControlSet\Services\oreans32\Security
HKLM\SYSTEM\CurrentControlSet\Services\oreans32\Security#Security
HKLM\SYSTEM\CurrentControlSet\Services\oreans32\Enum
HKLM\SYSTEM\CurrentControlSet\Services\oreans32\Enum#0
HKLM\SYSTEM\CurrentControlSet\Services\oreans32\Enum#Count
HKLM\SYSTEM\CurrentControlSet\Services\oreans32\Enum#NextInstance

Adware.Tracking Cookie
C:\Documents and Settings\Jaime\Cookies\Jaime@burstnet.txt
C:\Documents and Settings\Jaime\Cookies\Jaime@tacoda.txt
C:\Documents and Settings\Jaime\Cookies\Jaime@optimize.indieclick.txt
C:\Documents and Settings\Jaime\Cookies\Jaime@cdn.at.atwola.txt
C:\Documents and Settings\Jaime\Cookies\Jaime@cgi-bin.txt
C:\Documents and Settings\Jaime\Cookies\Jaime@ads.adbrite.txt
C:\Documents and Settings\Jaime\Cookies\Jaime@www.virprotect.txt
C:\Documents and Settings\Jaime\Cookies\Jaime@richmedia.yahoo.txt
C:\Documents and Settings\Jaime\Cookies\Jaime@sixapart.adbureau.txt
C:\Documents and Settings\Jaime\Cookies\Jaime@bc.txt
C:\Documents and Settings\Jaime\Cookies\Jaime@cgi-bin.txt
C:\Documents and Settings\Jaime\Cookies\Jaime@203.txt
C:\Documents and Settings\Jaime\Cookies\Jaime@adserver.txt
C:\Documents and Settings\Jaime\Cookies\Jaime@at.atwola.txt
C:\Documents and Settings\Jaime\Cookies\Jaime@www.burstnet.txt
C:\Documents and Settings\Jaime\Cookies\Jaime@bluestreak.txt
C:\Documents and Settings\Jaime\Cookies\Jaime@zedo.txt
C:\Documents and Settings\Jaime\Cookies\Jaime@eas.apm.emediate.txt
C:\Documents and Settings\Jaime\Cookies\Jaime@html.txt
C:\Documents and Settings\Jaime\Cookies\Jaime@ad.yieldmanager.txt
C:\Documents and Settings\Jaime\Cookies\Jaime@anad.tacoda.txt
C:\Documents and Settings\Jaime\Cookies\Jaime@atwola.txt
.doubleclick.net [ C:\Documents and Settings\Jaime\Application Data\Mozilla\Firefox\Profiles\7rpka85u.default\cookies.txt ]
.servedby.advertising.com [ C:\Documents and Settings\Jaime\Application Data\Mozilla\Firefox\Profiles\7rpka85u.default\cookies.txt ]
.servedby.advertising.com [ C:\Documents and Settings\Jaime\Application Data\Mozilla\Firefox\Profiles\7rpka85u.default\cookies.txt ]
.servedby.advertising.com [ C:\Documents and Settings\Jaime\Application Data\Mozilla\Firefox\Profiles\7rpka85u.default\cookies.txt ]
.servedby.advertising.com [ C:\Documents and Settings\Jaime\Application Data\Mozilla\Firefox\Profiles\7rpka85u.default\cookies.txt ]
.advertising.com [ C:\Documents and Settings\Jaime\Application Data\Mozilla\Firefox\Profiles\7rpka85u.default\cookies.txt ]
.servedby.advertising.com [ C:\Documents and Settings\Jaime\Application Data\Mozilla\Firefox\Profiles\7rpka85u.default\cookies.txt ]
.servedby.advertising.com [ C:\Documents and Settings\Jaime\Application Data\Mozilla\Firefox\Profiles\7rpka85u.default\cookies.txt ]
.servedby.advertising.com [ C:\Documents and Settings\Jaime\Application Data\Mozilla\Firefox\Profiles\7rpka85u.default\cookies.txt ]
.servedby.advertising.com [ C:\Documents and Settings\Jaime\Application Data\Mozilla\Firefox\Profiles\7rpka85u.default\cookies.txt ]
.servedby.advertising.com [ C:\Documents and Settings\Jaime\Application Data\Mozilla\Firefox\Profiles\7rpka85u.default\cookies.txt ]
.servedby.advertising.com [ C:\Documents and Settings\Jaime\Application Data\Mozilla\Firefox\Profiles\7rpka85u.default\cookies.txt ]
.servedby.advertising.com [ C:\Documents and Settings\Jaime\Application Data\Mozilla\Firefox\Profiles\7rpka85u.default\cookies.txt ]
.servedby.advertising.com [ C:\Documents and Settings\Jaime\Application Data\Mozilla\Firefox\Profiles\7rpka85u.default\cookies.txt ]
.servedby.advertising.com [ C:\Documents and Settings\Jaime\Application Data\Mozilla\Firefox\Profiles\7rpka85u.default\cookies.txt ]
.servedby.advertising.com [ C:\Documents and Settings\Jaime\Application Data\Mozilla\Firefox\Profiles\7rpka85u.default\cookies.txt ]
.servedby.advertising.com [ C:\Documents and Settings\Jaime\Application Data\Mozilla\Firefox\Profiles\7rpka85u.default\cookies.txt ]
.servedby.advertising.com [ C:\Documents and Settings\Jaime\Application Data\Mozilla\Firefox\Profiles\7rpka85u.default\cookies.txt ]
.servedby.advertising.com [ C:\Documents and Settings\Jaime\Application Data\Mozilla\Firefox\Profiles\7rpka85u.default\cookies.txt ]
.servedby.advertising.com [ C:\Documents and Settings\Jaime\Application Data\Mozilla\Firefox\Profiles\7rpka85u.default\cookies.txt ]
.servedby.advertising.com [ C:\Documents and Settings\Jaime\Application Data\Mozilla\Firefox\Profiles\7rpka85u.default\cookies.txt ]
.servedby.advertising.com [ C:\Documents and Settings\Jaime\Application Data\Mozilla\Firefox\Profiles\7rpka85u.default\cookies.txt ]
.servedby.advertising.com [ C:\Documents and Settings\Jaime\Application Data\Mozilla\Firefox\Profiles\7rpka85u.default\cookies.txt ]
.view.atdmt.com [ C:\Documents and Settings\Jaime\Application Data\Mozilla\Firefox\Profiles\7rpka85u.default\cookies.txt ]
.view.atdmt.com [ C:\Documents and Settings\Jaime\Application Data\Mozilla\Firefox\Profiles\7rpka85u.default\cookies.txt ]
.servedby.advertising.com [ C:\Documents and Settings\Jaime\Application Data\Mozilla\Firefox\Profiles\7rpka85u.default\cookies.txt ]
.servedby.advertising.com [ C:\Documents and Settings\Jaime\Application Data\Mozilla\Firefox\Profiles\7rpka85u.default\cookies.txt ]
.servedby.advertising.com [ C:\Documents and Settings\Jaime\Application Data\Mozilla\Firefox\Profiles\7rpka85u.default\cookies.txt ]
.servedby.advertising.com [ C:\Documents and Settings\Jaime\Application Data\Mozilla\Firefox\Profiles\7rpka85u.default\cookies.txt ]
.servedby.advertising.com [ C:\Documents and Settings\Jaime\Application Data\Mozilla\Firefox\Profiles\7rpka85u.default\cookies.txt ]
.servedby.advertising.com [ C:\Documents and Settings\Jaime\Application Data\Mozilla\Firefox\Profiles\7rpka85u.default\cookies.txt ]
.servedby.advertising.com [ C:\Documents and Settings\Jaime\Application Data\Mozilla\Firefox\Profiles\7rpka85u.default\cookies.txt ]
.servedby.advertising.com [ C:\Documents and Settings\Jaime\Application Data\Mozilla\Firefox\Profiles\7rpka85u.default\cookies.txt ]
.servedby.advertising.com [ C:\Documents and Settings\Jaime\Application Data\Mozilla\Firefox\Profiles\7rpka85u.default\cookies.txt ]
.servedby.advertising.com [ C:\Documents and Settings\Jaime\Application Data\Mozilla\Firefox\Profiles\7rpka85u.default\cookies.txt ]
.servedby.advertising.com [ C:\Documents and Settings\Jaime\Application Data\Mozilla\Firefox\Profiles\7rpka85u.default\cookies.txt ]
.servedby.advertising.com [ C:\Documents and Settings\Jaime\Application Data\Mozilla\Firefox\Profiles\7rpka85u.default\cookies.txt ]
.servedby.advertising.com [ C:\Documents and Settings\Jaime\Application Data\Mozilla\Firefox\Profiles\7rpka85u.default\cookies.txt ]
.view.atdmt.com [ C:\Documents and Settings\Jaime\Application Data\Mozilla\Firefox\Profiles\7rpka85u.default\cookies.txt ]
.view.atdmt.com [ C:\Documents and Settings\Jaime\Application Data\Mozilla\Firefox\Profiles\7rpka85u.default\cookies.txt ]
.servedby.advertising.com [ C:\Documents and Settings\Jaime\Application Data\Mozilla\Firefox\Profiles\7rpka85u.default\cookies.txt ]
.view.atdmt.com [ C:\Documents and Settings\Jaime\Application Data\Mozilla\Firefox\Profiles\7rpka85u.default\cookies.txt ]
.view.atdmt.com [ C:\Documents and Settings\Jaime\Application Data\Mozilla\Firefox\Profiles\7rpka85u.default\cookies.txt ]
.advertising.com [ C:\Documents and Settings\Jaime\Application Data\Mozilla\Firefox\Profiles\7rpka85u.default\cookies.txt ]
.servedby.advertising.com [ C:\Documents and Settings\Jaime\Application Data\Mozilla\Firefox\Profiles\7rpka85u.default\cookies.txt ]
.servedby.advertising.com [ C:\Documents and Settings\Jaime\Application Data\Mozilla\Firefox\Profiles\7rpka85u.default\cookies.txt ]
.servedby.advertising.com [ C:\Documents and Settings\Jaime\Application Data\Mozilla\Firefox\Profiles\7rpka85u.default\cookies.txt ]
.servedby.advertising.com [ C:\Documents and Settings\Jaime\Application Data\Mozilla\Firefox\Profiles\7rpka85u.default\cookies.txt ]
.view.atdmt.com [ C:\Documents and Settings\Jaime\Application Data\Mozilla\Firefox\Profiles\7rpka85u.default\cookies.txt ]
.view.atdmt.com [ C:\Documents and Settings\Jaime\Application Data\Mozilla\Firefox\Profiles\7rpka85u.default\cookies.txt ]
.atdmt.com [ C:\Documents and Settings\Jaime\Application Data\Mozilla\Firefox\Profiles\7rpka85u.default\cookies.txt ]
.atdmt.com [ C:\Documents and Settings\Jaime\Application Data\Mozilla\Firefox\Profiles\7rpka85u.default\cookies.txt ]
.advertising.com [ C:\Documents and Settings\Jaime\Application Data\Mozilla\Firefox\Profiles\7rpka85u.default\cookies.txt ]
.advertising.com [ C:\Documents and Settings\Jaime\Application Data\Mozilla\Firefox\Profiles\7rpka85u.default\cookies.txt ]
.advertising.com [ C:\Documents and Settings\Jaime\Application Data\Mozilla\Firefox\Profiles\7rpka85u.default\cookies.txt ]
.servedby.advertising.com [ C:\Documents and Settings\Jaime\Application Data\Mozilla\Firefox\Profiles\7rpka85u.default\cookies.txt ]
.servedby.advertising.com [ C:\Documents and Settings\Jaime\Application Data\Mozilla\Firefox\Profiles\7rpka85u.default\cookies.txt ]
.revsci.net [ C:\Documents and Settings\Jaime\Application Data\Mozilla\Firefox\Profiles\7rpka85u.default\cookies.txt ]
.revsci.net [ C:\Documents and Settings\Jaime\Application Data\Mozilla\Firefox\Profiles\7rpka85u.default\cookies.txt ]
.revsci.net [ C:\Documents and Settings\Jaime\Application Data\Mozilla\Firefox\Profiles\7rpka85u.default\cookies.txt ]
.revsci.net [ C:\Documents and Settings\Jaime\Application Data\Mozilla\Firefox\Profiles\7rpka85u.default\cookies.txt ]
.adrevolver.com [ C:\Documents and Settings\Jaime\Application Data\Mozilla\Firefox\Profiles\7rpka85u.default\cookies.txt ]
media.adrevolver.com [ C:\Documents and Settings\Jaime\Application Data\Mozilla\Firefox\Profiles\7rpka85u.default\cookies.txt ]
media.adrevolver.com [ C:\Documents and Settings\Jaime\Application Data\Mozilla\Firefox\Profiles\7rpka85u.default\cookies.txt ]
media.adrevolver.com [ C:\Documents and Settings\Jaime\Application Data\Mozilla\Firefox\Profiles\7rpka85u.default\cookies.txt ]
media.adrevolver.com [ C:\Documents and Settings\Jaime\Application Data\Mozilla\Firefox\Profiles\7rpka85u.default\cookies.txt ]
media.adrevolver.com [ C:\Documents and Settings\Jaime\Application Data\Mozilla\Firefox\Profiles\7rpka85u.default\cookies.txt ]
.fastclick.net [ C:\Documents and Settings\Jaime\Application Data\Mozilla\Firefox\Profiles\7rpka85u.default\cookies.txt ]
.fastclick.net [ C:\Documents and Settings\Jaime\Application Data\Mozilla\Firefox\Profiles\7rpka85u.default\cookies.txt ]
.fastclick.net [ C:\Documents and Settings\Jaime\Application Data\Mozilla\Firefox\Profiles\7rpka85u.default\cookies.txt ]
.fastclick.net [ C:\Documents and Settings\Jaime\Application Data\Mozilla\Firefox\Profiles\7rpka85u.default\cookies.txt ]
.fastclick.net [ C:\Documents and Settings\Jaime\Application Data\Mozilla\Firefox\Profiles\7rpka85u.default\cookies.txt ]
.fastclick.net [ C:\Documents and Settings\Jaime\Application Data\Mozilla\Firefox\Profiles\7rpka85u.default\cookies.txt ]
ad.yieldmanager.com [ C:\Documents and Settings\Jaime\Application Data\Mozilla\Firefox\Profiles\7rpka85u.default\cookies.txt ]
ad.yieldmanager.com [ C:\Documents and Settings\Jaime\Application Data\Mozilla\Firefox\Profiles\7rpka85u.default\cookies.txt ]
ad.yieldmanager.com [ C:\Documents and Settings\Jaime\Application Data\Mozilla\Firefox\Profiles\7rpka85u.default\cookies.txt ]
ad.yieldmanager.com [ C:\Documents and Settings\Jaime\Application Data\Mozilla\Firefox\Profiles\7rpka85u.default\cookies.txt ]
ad.yieldmanager.com [ C:\Documents and Settings\Jaime\Application Data\Mozilla\Firefox\Profiles\7rpka85u.default\cookies.txt ]
ad.yieldmanager.com [ C:\Documents and Settings\Jaime\Application Data\Mozilla\Firefox\Profiles\7rpka85u.default\cookies.txt ]
ad.yieldmanager.com [ C:\Documents and Settings\Jaime\Application Data\Mozilla\Firefox\Profiles\7rpka85u.default\cookies.txt ]
ad.yieldmanager.com [ C:\Documents and Settings\Jaime\Application Data\Mozilla\Firefox\Profiles\7rpka85u.default\cookies.txt ]
ad.yieldmanager.com [ C:\Documents and Settings\Jaime\Application Data\Mozilla\Firefox\Profiles\7rpka85u.default\cookies.txt ]
.yieldmanager.com [ C:\Documents and Settings\Jaime\Application Data\Mozilla\Firefox\Profiles\7rpka85u.default\cookies.txt ]
.yieldmanager.com [ C:\Documents and Settings\Jaime\Application Data\Mozilla\Firefox\Profiles\7rpka85u.default\cookies.txt ]
.yieldmanager.com [ C:\Documents and Settings\Jaime\Application Data\Mozilla\Firefox\Profiles\7rpka85u.default\cookies.txt ]
.yieldmanager.com [ C:\Documents and Settings\Jaime\Application Data\Mozilla\Firefox\Profiles\7rpka85u.default\cookies.txt ]
.yieldmanager.com [ C:\Documents and Settings\Jaime\Application Data\Mozilla\Firefox\Profiles\7rpka85u.default\cookies.txt ]
.yieldmanager.com [ C:\Documents and Settings\Jaime\Application Data\Mozilla\Firefox\Profiles\7rpka85u.default\cookies.txt ]
.yieldmanager.com [ C:\Documents and Settings\Jaime\Application Data\Mozilla\Firefox\Profiles\7rpka85u.default\cookies.txt ]
.adknowledge.com [ C:\Documents and Settings\Jaime\Application Data\Mozilla\Firefox\Profiles\7rpka85u.default\cookies.txt ]
.realmedia.com [ C:\Documents and Settings\Jaime\Application Data\Mozilla\Firefox\Profiles\7rpka85u.default\cookies.txt ]
.realmedia.com [ C:\Documents and Settings\Jaime\Application Data\Mozilla\Firefox\Profiles\7rpka85u.default\cookies.txt ]
.realmedia.com [ C:\Documents and Settings\Jaime\Application Data\Mozilla\Firefox\Profiles\7rpka85u.default\cookies.txt ]
.realmedia.com [ C:\Documents and Settings\Jaime\Application Data\Mozilla\Firefox\Profiles\7rpka85u.default\cookies.txt ]
.realmedia.com [ C:\Documents and Settings\Jaime\Application Data\Mozilla\Firefox\Profiles\7rpka85u.default\cookies.txt ]
.realmedia.com [ C:\Documents and Settings\Jaime\Application Data\Mozilla\Firefox\Profiles\7rpka85u.default\cookies.txt ]
.realmedia.com [ C:\Documents and Settings\Jaime\Application Data\Mozilla\Firefox\Profiles\7rpka85u.default\cookies.txt ]
.realmedia.com [ C:\Documents and Settings\Jaime\Application Data\Mozilla\Firefox\Profiles\7rpka85u.default\cookies.txt ]
.realmedia.com [ C:\Documents and Settings\Jaime\Application Data\Mozilla\Firefox\Profiles\7rpka85u.default\cookies.txt ]
.realmedia.com [ C:\Documents and Settings\Jaime\Application Data\Mozilla\Firefox\Profiles\7rpka85u.default\cookies.txt ]
.realmedia.com [ C:\Documents and Settings\Jaime\Application Data\Mozilla\Firefox\Profiles\7rpka85u.default\cookies.txt ]
.realmedia.com [ C:\Documents and Settings\Jaime\Application Data\Mozilla\Firefox\Profiles\7rpka85u.default\cookies.txt ]
.realmedia.com [ C:\Documents and Settings\Jaime\Application Data\Mozilla\Firefox\Profiles\7rpka85u.default\cookies.txt ]
.realmedia.com [ C:\Documents and Settings\Jaime\Application Data\Mozilla\Firefox\Profiles\7rpka85u.default\cookies.txt ]
citi.bridgetrack.com [ C:\Documents and Settings\Jaime\Application Data\Mozilla\Firefox\Profiles\7rpka85u.default\cookies.txt ]
citi.bridgetrack.com [ C:\Documents and Settings\Jaime\Application Data\Mozilla\Firefox\Profiles\7rpka85u.default\cookies.txt ]
citi.bridgetrack.com [ C:\Documents and Settings\Jaime\Application Data\Mozilla\Firefox\Profiles\7rpka85u.default\cookies.txt ]
citi.bridgetrack.com [ C:\Documents and Settings\Jaime\Application Data\Mozilla\Firefox\Profiles\7rpka85u.default\cookies.txt ]
citi.bridgetrack.com [ C:\Documents and Settings\Jaime\Application Data\Mozilla\Firefox\Profiles\7rpka85u.default\cookies.txt ]
.as-us.falkag.net [ C:\Documents and Settings\Jaime\Application Data\Mozilla\Firefox\Profiles\7rpka85u.default\cookies.txt ]
.valueclick.com [ C:\Documents and Settings\Jaime\Application Data\Mozilla\Firefox\Profiles\7rpka85u.default\cookies.txt ]
.valueclick.com [ C:\Documents and Settings\Jaime\Application Data\Mozilla\Firefox\Profiles\7rpka85u.default\cookies.txt ]
.oz.valueclick.com [ C:\Documents and Settings\Jaime\Application Data\Mozilla\Firefox\Profiles\7rpka85u.default\cookies.txt ]
.questionmarket.com [ C:\Documents and Settings\Jaime\Application Data\Mozilla\Firefox\Profiles\7rpka85u.default\cookies.txt ]
.edge.ru4.com [ C:\Documents and Settings\Jaime\Application Data\Mozilla\Firefox\Profiles\7rpka85u.default\cookies.txt ]
.edge.ru4.com [ C:\Documents and Settings\Jaime\Application Data\Mozilla\Firefox\Profiles\7rpka85u.default\cookies.txt ]
.edge.ru4.com [ C:\Documents and Settings\Jaime\Application Data\Mozilla\Firefox\Profiles\7rpka85u.default\cookies.txt ]
.edge.ru4.com [ C:\Documents and Settings\Jaime\Application Data\Mozilla\Firefox\Profiles\7rpka85u.default\cookies.txt ]
.edge.ru4.com [ C:\Documents and Settings\Jaime\Application Data\Mozilla\Firefox\Profiles\7rpka85u.default\cookies.txt ]
.edge.ru4.com [ C:\Documents and Settings\Jaime\Application Data\Mozilla\Firefox\Profiles\7rpka85u.default\cookies.txt ]
sales.liveperson.net [ C:\Documents and Settings\Jaime\Application Data\Mozilla\Firefox\Profiles\7rpka85u.default\cookies.txt ]
sales.liveperson.net [ C:\Documents and Settings\Jaime\Application Data\Mozilla\Firefox\Profiles\7rpka85u.default\cookies.txt ]
sales.liveperson.net [ C:\Documents and Settings\Jaime\Application Data\Mozilla\Firefox\Profiles\7rpka85u.default\cookies.txt ]
sales.liveperson.net [ C:\Documents and Settings\Jaime\Application Data\Mozilla\Firefox\Profiles\7rpka85u.default\cookies.txt ]
.2o7.net [ C:\Documents and Settings\Jaime\Application Data\Mozilla\Firefox\Profiles\7rpka85u.default\cookies.txt ]
.2o7.net [ C:\Documents and Settings\Jaime\Application Data\Mozilla\Firefox\Profiles\7rpka85u.default\cookies.txt ]
.2o7.net [ C:\Documents and Settings\Jaime\Application Data\Mozilla\Firefox\Profiles\7rpka85u.default\cookies.txt ]
.2o7.net [ C:\Documents and Settings\Jaime\Application Data\Mozilla\Firefox\Profiles\7rpka85u.default\cookies.txt ]
.2o7.net [ C:\Documents and Settings\Jaime\Application Data\Mozilla\Firefox\Profiles\7rpka85u.default\cookies.txt ]
.2o7.net [ C:\Documents and Settings\Jaime\Application Data\Mozilla\Firefox\Profiles\7rpka85u.default\cookies.txt ]
.2o7.net [ C:\Documents and Settings\Jaime\Application Data\Mozilla\Firefox\Profiles\7rpka85u.default\cookies.txt ]
.2o7.net [ C:\Documents and Settings\Jaime\Application Data\Mozilla\Firefox\Profiles\7rpka85u.default\cookies.txt ]
.2o7.net [ C:\Documents and Settings\Jaime\Application Data\Mozilla\Firefox\Profiles\7rpka85u.default\cookies.txt ]
.2o7.net [ C:\Documents and Settings\Jaime\Application Data\Mozilla\Firefox\Profiles\7rpka85u.default\cookies.txt ]
.2o7.net [ C:\Documents and Settings\Jaime\Application Data\Mozilla\Firefox\Profiles\7rpka85u.default\cookies.txt ]
.2o7.net [ C:\Documents and Settings\Jaime\Application Data\Mozilla\Firefox\Profiles\7rpka85u.default\cookies.txt ]
.2o7.net [ C:\Documents and Settings\Jaime\Application Data\Mozilla\Firefox\Profiles\7rpka85u.default\cookies.txt ]
.2o7.net [ C:\Documents and Settings\Jaime\Application Data\Mozilla\Firefox\Profiles\7rpka85u.default\cookies.txt ]
.2o7.net [ C:\Documents and Settings\Jaime\Application Data\Mozilla\Firefox\Profiles\7rpka85u.default\cookies.txt ]
.tradedoubler.com [ C:\Documents and Settings\Jaime\Application Data\Mozilla\Firefox\Profiles\7rpka85u.default\cookies.txt ]
.casalemedia.com [ C:\Documents and Settings\Jaime\Application Data\Mozilla\Firefox\Profiles\7rpka85u.default\cookies.txt ]
.casalemedia.com [ C:\Documents and Settings\Jaime\Application Data\Mozilla\Firefox\Profiles\7rpka85u.default\cookies.txt ]
.casalemedia.com [ C:\Documents and Settings\Jaime\Application Data\Mozilla\Firefox\Profiles\7rpka85u.default\cookies.txt ]
.casalemedia.com [ C:\Documents and Settings\Jaime\Application Data\Mozilla\Firefox\Profiles\7rpka85u.default\cookies.txt ]
.casalemedia.com [ C:\Documents and Settings\Jaime\Application Data\Mozilla\Firefox\Profiles\7rpka85u.default\cookies.txt ]
.casalemedia.com [ C:\Documents and Settings\Jaime\Application Data\Mozilla\Firefox\Profiles\7rpka85u.default\cookies.txt ]
.casalemedia.com [ C:\Documents and Settings\Jaime\Application Data\Mozilla\Firefox\Profiles\7rpka85u.default\cookies.txt ]
.casalemedia.com [ C:\Documents and Settings\Jaime\Application Data\Mozilla\Firefox\Profiles\7rpka85u.default\cookies.txt ]
.casalemedia.com [ C:\Documents and Settings\Jaime\Application Data\Mozilla\Firefox\Profiles\7rpka85u.default\cookies.txt ]
.casalemedia.com [ C:\Documents and Settings\Jaime\Application Data\Mozilla\Firefox\Profiles\7rpka85u.default\cookies.txt ]
server.iad.liveperson.net [ C:\Documents and Settings\Jaime\Application Data\Mozilla\Firefox\Profiles\7rpka85u.default\cookies.txt ]
server.iad.liveperson.net [ C:\Documents and Settings\Jaime\Application Data\Mozilla\Firefox\Profiles\7rpka85u.default\cookies.txt ]
server.iad.liveperson.net [ C:\Documents and Settings\Jaime\Application Data\Mozilla\Firefox\Profiles\7rpka85u.default\cookies.txt ]
server.iad.liveperson.net [ C:\Documents and Settings\Jaime\Application Data\Mozilla\Firefox\Profiles\7rpka85u.default\cookies.txt ]
.trafficmp.com [ C:\Documents and Settings\Jaime\Application Data\Mozilla\Firefox\Profiles\7rpka85u.default\cookies.txt ]
.trafficmp.com [ C:\Documents and Settings\Jaime\Application Data\Mozilla\Firefox\Profiles\7rpka85u.default\cookies.txt ]
.trafficmp.com [ C:\Documents and Settings\Jaime\Application Data\Mozilla\Firefox\Profiles\7rpka85u.default\cookies.txt ]
.trafficmp.com [ C:\Documents and Settings\Jaime\Application Data\Mozilla\Firefox\Profiles\7rpka85u.default\cookies.txt ]
.trafficmp.com [ C:\Documents and Settings\Jaime\Application Data\Mozilla\Firefox\Profiles\7rpka85u.default\cookies.txt ]
.trafficmp.com [ C:\Documents and Settings\Jaime\Application Data\Mozilla\Firefox\Profiles\7rpka85u.default\cookies.txt ]
.trafficmp.com [ C:\Documents and Settings\Jaime\Application Data\Mozilla\Firefox\Profiles\7rpka85u.default\cookies.txt ]
.serving-sys.com [ C:\Documents and Settings\Jaime\Application Data\Mozilla\Firefox\Profiles\7rpka85u.default\cookies.txt ]
.serving-sys.com [ C:\Documents and Settings\Jaime\Application Data\Mozilla\Firefox\Profiles\7rpka85u.default\cookies.txt ]
.bs.serving-sys.com [ C:\Documents and Settings\Jaime\Application Data\Mozilla\Firefox\Profiles\7rpka85u.default\cookies.txt ]
.serving-sys.com [ C:\Documents and Settings\Jaime\Application Data\Mozilla\Firefox\Profiles\7rpka85u.default\cookies.txt ]
.serving-sys.com [ C:\Documents and Settings\Jaime\Application Data\Mozilla\Firefox\Profiles\7rpka85u.default\cookies.txt ]
.serving-sys.com [ C:\Documents and Settings\Jaime\Application Data\Mozilla\Firefox\Profiles\7rpka85u.default\cookies.txt ]
.tribalfusion.com [ C:\Documents and Settings\Jaime\Application Data\Mozilla\Firefox\Profiles\7rpka85u.d