ComputerForum.com ComputerForum.com  
TigerDirect
  
Go Back   Computer Forum > Computer Software > Computer Security
agh! help! agh! help!
Register FAQ Members List Calendar Mark Forums Read

Reply
 
LinkBack Thread Tools Display Modes
Old 04-24-2006, 01:21 PM   #1 (permalink)
New Member
 
kbryant's Avatar
 
Join Date: Apr 2006
Location: seattle
Age: 19
Posts: 23
Default agh! help!
i was an idiot and downloaded a questionable file, and in turn i got some major spyware. i got mssearchnet.exe and nvctrl.exe and fun stuff like those, but i managed to delete those. theres something i cant delete though. i have this little icon in my start menu (near the clock; i forget what its called). its a flashing green handicap logo and an anti sign. when you hover over it it says Virus Alert! i got it the same time as the other files. it keeps recommending me spyware programs and other crap. anyone know how to get rid of this?? any help appreciated!!

heres my HJT logfile:

Logfile of HijackThis v1.99.1
Scan saved at 6:27:56 AM, on 4/24/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
D:\Program Files\ewido anti-malware\ewidoctrl.exe
D:\Program Files\ewido anti-malware\ewidoguard.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\System32\svchost.exe
D:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
D:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\system32\bcmwltry.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
D:\Program Files\TaskSwitchXP\TaskSwitchXP.exe
C:\PROGRA~1\COMMON~1\DOBE~1\javaw.exe
D:\Program Files\ewido anti-malware\securitysuite.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\HiJack This!\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=56626&homepage=http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SU B_PVER}&ar=home
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [removecpl] RemoveCpl.exe
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\K-Lite Codec Pack\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "D:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [bcmwltry] bcmwltry.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKLM\..\Run: [UnlockerAssistant] D:\Program Files\Unlocker\UnlockerAssistant.exe
O4 - HKCU\..\Run: [AIM] D:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [TaskSwitchXP] D:\Program Files\TaskSwitchXP\TaskSwitchXP.exe
O4 - HKCU\..\Run: [Olhu] "C:\PROGRA~1\COMMON~1\DOBE~1\javaw.exe" -vt yazr
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = D:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - D:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1143798513623
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1143799405639
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: ewido security suite control - ewido networks - D:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - D:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - D:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
__________________
My P.O.S.
AMD Sempron 2800+ 1.6 GHz (Someone help me OC!)
512 MB DDR PC3200 RAM
20GB+20GB=40GB
nVidia GeForce 6100
RealTek 5.1 Audio
Last edited by kbryant; 04-24-2006 at 01:29 PM.
kbryant is offline   Reply With Quote


Old 04-24-2006, 01:40 PM   #2 (permalink)
Gold Member
 
Antiodontalgic's Avatar
 
Join Date: Jan 2006
Location: Coalton, Ohio
Age: 21
Posts: 359
Default
Get Zonealarm and Spybot Search and Destroy.

Run scans and it should detect and get rid of it.

Or, it will tell you how to remove manually if cannot be done automatically.
__________________
"What you mean I have to work while at work?"
Earn prizes and cash by signing up and doing offers or surveys. Get started by clicking Here
Antiodontalgic is offline   Reply With Quote
Old 04-24-2006, 02:12 PM   #3 (permalink)
New Member
 
kbryant's Avatar
 
Join Date: Apr 2006
Location: seattle
Age: 19
Posts: 23
Default
ive used several anti-virus/malware programs, including search and destroy, windows defender, ad aware, webroot spy sweeper, and ewido anti malware. nothing seems to work. any other ideas?
__________________
My P.O.S.
AMD Sempron 2800+ 1.6 GHz (Someone help me OC!)
512 MB DDR PC3200 RAM
20GB+20GB=40GB
nVidia GeForce 6100
RealTek 5.1 Audio
kbryant is offline   Reply With Quote
Old 04-24-2006, 02:13 PM   #4 (permalink)
Diamond Member
 
Motoxrdude's Avatar
 
Join Date: Nov 2005
Location: Nor Cal
Age: 17
Posts: 5,656
Default
Did you run those scans in safe mode?
__________________
RIP Mom 9/17/55-02/22/08.
Motoxrdude is offline   Reply With Quote
Old 04-24-2006, 03:33 PM   #5 (permalink)
Slyware Assassin
 
Buzz1927's Avatar
 
Join Date: May 2005
Location: Melbourne AU
Posts: 5,829
Default
Please download SmitfraudFix (by S!Ri)
Extract the content (a folder named SmitfraudFix) to your Desktop.

Open the SmitfraudFix folder and double-click smitfraudfix.cmd
Select option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).
Please copy/paste the content of that report into your next reply.

Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.
http://www.beyondlogic.org/consulting/proc...processutil.htm
__________________
The Grim Reaper - Son of Glyndwr
"To Hell or Connacht" may you burn in Hell tonight!
Buzz1927 is offline   Reply With Quote


Old 04-24-2006, 10:23 PM   #6 (permalink)
New Member
 
kbryant's Avatar
 
Join Date: Apr 2006
Location: seattle
Age: 19
Posts: 23
Default
motorxdude - no, the scans were run in normal mode.

buzz1927 - heres the document:

SmitFraudFix v2.34

Scan done at 15:22:55.21, Mon 04/24/2006
Run from C:\Documents and Settings\Kieffer Bryant\Desktop
OS: Microsoft Windows XP [Version 5.1.2600]

»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32

C:\WINDOWS\system32\hp????.tmp FOUND !
C:\WINDOWS\system32\ld????.tmp FOUND !
C:\WINDOWS\system32\ot.ico FOUND !
C:\WINDOWS\system32\1024\ FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Kieffer Bryant\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Start Menu


»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\KIEFFE~1\FAVORI~1

C:\DOCUME~1\KIEFFE~1\FAVORI~1\Antivirus Test Online.url FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» Desktop


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files


»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys


»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="about:Home"
"SubscribedURL"="about:Home"
"FriendlyName"="My Current Home Page"


»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\SharedTaskScheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"

[HKEY_CLASSES_ROOT\CLSID\{438755C2-A8BA-11D1-B96B-00A0C90312E1}\InProcServer32]
@="%SystemRoot%\System32\browseui.dll"

[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{438755C 2-A8BA-11D1-B96B-00A0C90312E1}\InProcServer32]
@="%SystemRoot%\System32\browseui.dll"


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\SharedTaskScheduler]
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

[HKEY_CLASSES_ROOT\CLSID\{8C7461EF-2B13-11d2-BE35-3078302C2030}\InProcServer32]
@="%SystemRoot%\System32\browseui.dll"

[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{8C7461E F-2B13-11d2-BE35-3078302C2030}\InProcServer32]
@="%SystemRoot%\System32\browseui.dll"


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\SharedTaskScheduler]
"{EA26CE12-DE64-A1C5-9A4F-FC1A64E6AC2E}"="SivuWare"

[HKEY_CLASSES_ROOT\CLSID\{EA26CE12-DE64-A1C5-9A4F-FC1A64E6AC2E}\InProcServer32]
@="C:\WINDOWS\system32\sivudro.dll"

[HKEY_CURRENT_USER\Software\Classes\CLSID\{EA26CE12-DE64-A1C5-9A4F-FC1A64E6AC2E}\InProcServer32]
@="C:\WINDOWS\system32\sivudro.dll"


»»»»»»»»»»»»»»»»»»»»»»»» Scanning wininet.dll infection


»»»»»»»»»»»»»»»»»»»»»»»» End

thanks
__________________
My P.O.S.
AMD Sempron 2800+ 1.6 GHz (Someone help me OC!)
512 MB DDR PC3200 RAM
20GB+20GB=40GB
nVidia GeForce 6100
RealTek 5.1 Audio
kbryant is offline   Reply With Quote
Old 04-24-2006, 10:33 PM   #7 (permalink)
Slyware Assassin
 
Buzz1927's Avatar
 
Join Date: May 2005
Location: Melbourne AU
Posts: 5,829
Default
You should print out these instructions, or copy them to a Notepad file for reading while in Safe Mode, because you will not be able to connect to the Internet to read from this site.

Please download, install, and update the free version of Ewido Anti-Malware:
  1. When installing, under "Additional Options" uncheck "Install background guard" and "Install scan via context menu".
  2. When you run Ewido for the first time, you will get a warning "Database could not be found!". Click OK. We will fix this in a moment.
  3. From the main Ewido screen, click on update in the left menu, then click the Start update button.
  4. After the update finishes, the status bar at the bottom will display "Update successful"
  5. Exit Ewido. DO NOT run a scan yet.

Next, please reboot your computer in Safe Mode by doing the following :
  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
  • Instead of Windows loading as normal, a menu with options should appear;
  • Select the first option, to run Windows in Safe Mode, then press "Enter".
  • Choose your usual account.
Once in Safe Mode, open the SmitfraudFix folder again and double-click smitfraudfix.cmd
Select option #2 - Clean by typing 2 and press "Enter" to delete infected files.

You will be prompted : "Registry cleaning - Do you want to clean the registry ?"; answer "Yes" by typing Y and press "Enter" in order to remove the Desktop background and clean registry keys associated with the infection.

The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found); answer "Yes" by typing Y and press "Enter".

The tool may need to restart your computer to finish the cleaning process. A text file will appear onscreen, with results from the cleaning process; please copy/paste the content of that report into your next reply.

After SmitfraudFix finishes (and after a reboot if required), please open Ewido. (If a reboot is required, please boot BACK into Safe Mode.)
  • Click on Scanner
  • Click on Complete System Scan and the scan will begin.
  • If ewido finds anything, it will pop up a notification. You can select "clean" and check the boxes "Perform action with all infections" and "Create encrypted backup" before clicking on OK.
  • When the scan is finished, click the Save report button at the bottom of the screen.
  • Save the report to your desktop
  • Close Ewido

Then please restart it into Normal Windows. Please post the contents of the SmitfraudFix log located at C:\rapport.txt into this thread, along with a new HijackThis log.


Warning : running option #2 on a non infected computer will remove your Desktop background.
__________________
The Grim Reaper - Son of Glyndwr
"To Hell or Connacht" may you burn in Hell tonight!
Buzz1927 is offline   Reply With Quote
Old 04-24-2006, 10:39 PM   #8 (permalink)
New Member
 
Join Date: Aug 2005
Posts: 23
Default
I have that same sign and same search.exe thing.... my hijacklog is already in a thread, should i just do the same thing?
daredare11 is offline   Reply With Quote
Old 04-25-2006, 12:31 AM   #9 (permalink)
New Member
 
kbryant's Avatar
 
Join Date: Apr 2006
Location: seattle
Age: 19
Posts: 23
Default
YES! ITS GONE! thank you so much for your help. here is my smitfraud and HJT logfiles from safe mode. below those are the ones in normal mode

SmitFraudFix v2.34

Scan done at 16:37:07.73, Mon 04/24/2006
Run from C:\Documents and Settings\Kieffer Bryant\Desktop\Smitfraud
OS: Microsoft Windows XP [Version 5.1.2600]

»»»»»»»»»»»»»»»»»»»»»»»» Killing process


»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files


»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files


»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

Registry Cleaning done.

»»»»»»»»»»»»»»»»»»»»»»»» End






Logfile of HijackThis v1.99.1
Scan saved at 5:23:20 PM, on 4/24/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\WINDOWS\explorer.exe
C:\Program Files\HiJack This!\HijackThis.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [removecpl] RemoveCpl.exe
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\K-Lite Codec Pack\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "D:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [bcmwltry] bcmwltry.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKLM\..\Run: [UnlockerAssistant] D:\Program Files\Unlocker\UnlockerAssistant.exe
O4 - HKCU\..\Run: [AIM] D:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [TaskSwitchXP] D:\Program Files\TaskSwitchXP\TaskSwitchXP.exe
O4 - HKCU\..\Run: [Olhu] "C:\PROGRA~1\COMMON~1\DOBE~1\javaw.exe" -vt yazr
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = D:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - D:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1143798513623
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1143799405639
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: winpvb32 - winpvb32.dll (file missing)
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: ewido security suite control - ewido networks - D:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - D:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe




normal mode

SmitFraudFix v2.34

Scan done at 17:30:02.26, Mon 04/24/2006
Run from C:\Documents and Settings\Kieffer Bryant\Desktop\Smitfraud
OS: Microsoft Windows XP [Version 5.1.2600]

»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Kieffer Bryant\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Start Menu


»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\KIEFFE~1\FAVORI~1


»»»»»»»»»»»»»»»»»»»»»»»» Desktop


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files


»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys


»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components



»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\SharedTaskScheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"

[HKEY_CLASSES_ROOT\CLSID\{438755C2-A8BA-11D1-B96B-00A0C90312E1}\InProcServer32]
@="%SystemRoot%\System32\browseui.dll"

[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{438755C 2-A8BA-11D1-B96B-00A0C90312E1}\InProcServer32]
@="%SystemRoot%\System32\browseui.dll"


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\SharedTaskScheduler]
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

[HKEY_CLASSES_ROOT\CLSID\{8C7461EF-2B13-11d2-BE35-3078302C2030}\InProcServer32]
@="%SystemRoot%\System32\browseui.dll"

[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{8C7461E F-2B13-11d2-BE35-3078302C2030}\InProcServer32]
@="%SystemRoot%\System32\browseui.dll"


»»»»»»»»»»»»»»»»»»»»»»»» Scanning wininet.dll infection


»»»»»»»»»»»»»»»»»»»»»»»» End





Logfile of HijackThis v1.99.1
Scan saved at 5:31:03 PM, on 4/24/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
D:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
D:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\system32\bcmwltry.exe
D:\Program Files\AIM\aim.exe
C:\WINDOWS\System32\svchost.exe
D:\Program Files\TaskSwitchXP\TaskSwitchXP.exe
C:\PROGRA~1\COMMON~1\DOBE~1\javaw.exe
D:\Program Files\iPod\bin\iPodService.exe
D:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\HiJack This!\HijackThis.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [removecpl] RemoveCpl.exe
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\K-Lite Codec Pack\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "D:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [bcmwltry] bcmwltry.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKLM\..\Run: [UnlockerAssistant] D:\Program Files\Unlocker\UnlockerAssistant.exe
O4 - HKCU\..\Run: [AIM] D:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [TaskSwitchXP] D:\Program Files\TaskSwitchXP\TaskSwitchXP.exe
O4 - HKCU\..\Run: [Olhu] "C:\PROGRA~1\COMMON~1\DOBE~1\javaw.exe" -vt yazr
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = D:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - D:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1143798513623
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1143799405639
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: winpvb32 - winpvb32.dll (file missing)
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: ewido security suite control - ewido networks - D:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - D:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
__________________
My P.O.S.
AMD Sempron 2800+ 1.6 GHz (Someone help me OC!)
512 MB DDR PC3200 RAM
20GB+20GB=40GB
nVidia GeForce 6100
RealTek 5.1 Audio
kbryant is offline   Reply With Quote
Old 04-25-2006, 02:38 AM   #10 (permalink)
New Member
 
Join Date: Aug 2005
Posts: 23
Default
Sorry had a blackout :| .... so here are my logs.

NORMAL MODE HIJACK AFTER CLEANING
Logfile of HijackThis v1.99.1
Scan saved at 10:36:16 PM, on 24/04/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\DISC\DISCover.exe
C:\Program Files\DISC\DiscUpdateMgr.exe
C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe
C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC 2.EXE
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\issch.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
C:\WINDOWS\arservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\DISC\DiscStreamHub.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Alwil Software\Avast4\ashSimpl.exe
C:\Program Files\HijackThis\HijackThis.exe

O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (file missing)
O2 - BHO: Nothing - {edbf1bc8-39ab-48eb-a0a9-c75078eb7c8e} - C:\WINDOWS\system32\hp57F3.tmp (file missing)
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [AlwaysReady Power Message APP] ARPWRMSG.EXE
O4 - HKLM\..\Run: [HPHUPD08] c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe
O4 - HKLM\..\Run: [DISCover] C:\Program Files\DISC\DISCover.exe
O4 - HKLM\..\Run: [DiscUpdateManager] C:\Program Files\DISC\DiscUpdateMgr.exe
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
O4 - HKLM\..\Run: [EPSON Stylus CX3200 (Copy 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC 2.EXE /P28 "EPSON Stylus CX3200 (Copy 1)" /O5 "LPT1:" /M "Stylus CX3200"
O4 - HKLM\..\Run: [EPSON Stylus CX3200] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC 2.EXE /P19 "EPSON Stylus CX3200" /O6 "USB001" /M "Stylus CX3200"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\issch. exe" -start
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://*.trymedia.com (HKLM)
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/Ms...Downloader.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{B12B7CE4-FBCF-4829-A06D-78727B40FC86}: NameServer = 206.47.244.133 67.69.184.160
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: EpsonBidirectionalService - Unknown owner - C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe


EWIDO report in SAFE
---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------

+ Created on: 10:30:31 PM, 24/04/2006
+ Report-Checksum: 9F4B1863

+ Scan result:

:mozilla.33:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\f3320igi.default\coo kies.txt -> TrackingCookie.Doubleclick : Cleaned with backup
:mozilla.40:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\f3320igi.default\coo kies.txt -> TrackingCookie.Atdmt : Cleaned with backup
:mozilla.44:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\f3320igi.default\coo kies.txt -> TrackingCookie.Questionmarket : Cleaned with backup
:mozilla.45:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\f3320igi.default\coo kies.txt -> TrackingCookie.Questionmarket : Cleaned with backup
:mozilla.46:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\f3320igi.default\coo kies.txt -> TrackingCookie.Questionmarket : Cleaned with backup
:mozilla.57:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\f3320igi.default\coo kies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.58:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\f3320igi.default\coo kies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.59:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\f3320igi.default\coo kies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.60:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\f3320igi.default\coo kies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.61:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\f3320igi.default\coo kies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.62:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\f3320igi.default\coo kies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.71:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\f3320igi.default\coo kies.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.72:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\f3320igi.default\coo kies.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.73:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\f3320igi.default\coo kies.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.74:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\f3320igi.default\coo kies.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.75:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\f3320igi.default\coo kies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.76:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\f3320igi.default\coo kies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.77:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\f3320igi.default\coo kies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.78:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\f3320igi.default\coo kies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.79:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\f3320igi.default\coo kies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
:mozilla.80:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\f3320igi.default\coo kies.txt -> TrackingCookie.Adjuggler : Cleaned with backup
:mozilla.81:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\f3320igi.default\coo kies.txt -> TrackingCookie.Adjuggler : Cleaned with backup
:mozilla.82:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\f3320igi.default\coo kies.txt -> TrackingCookie.Adjuggler : Cleaned with backup
:mozilla.83:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\f3320igi.default\coo kies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
:mozilla.93:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\f3320igi.default\coo kies.txt -> TrackingCookie.Sextracker : Cleaned with backup
:mozilla.94:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\f3320igi.default\coo kies.txt -> TrackingCookie.Sextracker : Cleaned with backup
:mozilla.95:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\f3320igi.default\coo kies.txt -> TrackingCookie.Onestat : Cleaned with backup
:mozilla.96:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\f3320igi.default\coo kies.txt -> TrackingCookie.Onestat : Cleaned with backup
:mozilla.97:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\f3320igi.default\coo kies.txt -> TrackingCookie.Onestat : Cleaned with backup
:mozilla.98:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\f3320igi.default\coo kies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.99:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\f3320igi.default\coo kies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.102:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\f3320igi.default\coo kies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.112:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\f3320igi.default\coo kies.txt -> TrackingCookie.Masterstats : Cleaned with backup
:mozilla.129:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\f3320igi.default\coo kies.txt -> TrackingCookie.Addynamix : Cleaned with backup
:mozilla.145:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\f3320igi.default\coo kies.txt -> TrackingCookie.Clickzs : Cleaned with backup
:mozilla.146:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\f3320igi.default\coo kies.txt -> TrackingCookie.Clickzs : Cleaned with backup
:mozilla.147:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\f3320igi.default\coo kies.txt -> TrackingCookie.Clickzs : Cleaned with backup
:mozilla.148:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\f3320igi.default\coo kies.txt -> TrackingCookie.Clickzs : Cleaned with backup
:mozilla.150:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\f3320igi.default\coo kies.txt -> TrackingCookie.Overture : Cleaned with backup
:mozilla.151:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\f3320igi.default\coo kies.txt -> TrackingCookie.Overture : Cleaned with backup
:mozilla.156:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\f3320igi.default\coo kies.txt -> TrackingCookie.Targetnet : Cleaned with backup
:mozilla.157:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\f3320igi.default\coo kies.txt -> TrackingCookie.Targetnet : Cleaned with backup
:mozilla.158:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\f3320igi.default\coo kies.txt -> TrackingCookie.Targetnet : Cleaned with backup
:mozilla.176:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\f3320igi.default\coo kies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.177:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\f3320igi.default\coo kies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.185:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\f3320igi.default\coo kies.txt -> TrackingCookie.Adserver : Cleaned with backup
:mozilla.186:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\f3320igi.default\coo kies.txt -> TrackingCookie.Fastclick : Cleaned with backup
:mozilla.187:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\f3320igi.default\coo kies.txt -> TrackingCookie.Fastclick : Cleaned with backup
:mozilla.188:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\f3320igi.default\coo kies.txt -> TrackingCookie.Fastclick : Cleaned with backup
:mozilla.189:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\f3320igi.default\coo kies.txt -> TrackingCookie.Adserver : Cleaned with backup
:mozilla.190:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\f3320igi.default\coo kies.txt -> TrackingCookie.Fastclick : Cleaned with backup
:mozilla.191:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\f3320igi.default\coo kies.txt -> TrackingCookie.Fastclick : Cleaned with backup
:mozilla.192:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\f3320igi.default\coo kies.txt -> TrackingCookie.Fastclick : Cleaned with backup
:mozilla.199:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\f3320igi.default\coo kies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.202:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\f3320igi.default\coo kies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.203:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\f3320igi.default\coo kies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.204:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\f3320igi.default\coo kies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.219:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\f3320igi.default\coo kies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.220:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\f3320igi.default\coo kies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.221:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\f3320igi.default\coo kies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.222:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\f3320igi.default\coo kies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.224:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\f3320igi.default\coo kies.txt -> TrackingCookie.Revenue : Cleaned with backup
:mozilla.233:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\f3320igi.default\coo kies.txt -> TrackingCookie.Mediaplex : Cleaned with backup
:mozilla.275:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\f3320igi.default\coo kies.txt -> TrackingCookie.Coremetrics : Cleaned with backup
:mozilla.289:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\f3320igi.default\coo kies.txt -> TrackingCookie.Burstnet : Cleaned with backup
:mozilla.290:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\f3320igi.default\coo kies.txt -> TrackingCookie.Burstnet : Cleaned with backup
:mozilla.291:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\f3320igi.default\coo kies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.292:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\f3320igi.default\coo kies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.293:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\f3320igi.default\coo kies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.294:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\f3320igi.default\coo kies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.312:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\f3320igi.default\coo kies.txt -> TrackingCookie.Googleadservices : Cleaned with backup
:mozilla.313:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\f3320igi.default\coo kies.txt -> TrackingCookie.Clickbank : Cleaned with backup
:mozilla.316:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\f3320igi.default\coo kies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.318:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\f3320igi.default\coo kies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.331:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\f3320igi.default\coo kies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.332:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\f3320igi.default\coo kies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.333:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\f3320igi.default\coo kies.txt -> TrackingCookie.247realmedia : Cleaned with backup
:mozilla.334:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\f3320igi.default\coo kies.txt -> TrackingCookie.247realmedia : Cleaned with backup
:mozilla.335:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\f3320igi.default\coo kies.txt -> TrackingCookie.247realmedia : Cleaned with backup
:mozilla.336:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\f3320igi.default\coo kies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.338:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\f3320igi.default\coo kies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.339:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\f3320igi.default\coo kies.txt -> TrackingCookie.Googleadservices : Cleaned with backup
:mozilla.342:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\f3320igi.default\coo kies.txt -> TrackingCookie.Specificclick : Cleaned with backup
:mozilla.343:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\f3320igi.default\coo kies.txt -> TrackingCookie.Specificclick : Cleaned with backup
:mozilla.368:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\f3320igi.default\coo kies.txt -> TrackingCookie.Bluestreak : Cleaned with backup
:mozilla.374:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\f3320igi.default\coo kies.txt -> TrackingCookie.Webtrendslive : Cleaned with backup
:mozilla.375:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\f3320igi.default\coo kies.txt -> TrackingCookie.Webtrendslive : Cleaned with backup
:mozilla.413:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\f3320igi.default\coo kies.txt -> TrackingCookie.Valueclick : Cleaned with backup
:mozilla.414:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\f3320igi.default\coo kies.txt -> TrackingCookie.Burstbeacon : Cleaned with backup
:mozilla.6:C:\Documents and Settings\HP_Administrator\Application Data\Netscape\NSB\Profiles\sujs9634.default\cookie s.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.7:C:\Documents and Settings\HP_Administrator\Application Data\Netscape\NSB\Profiles\sujs9634.default\cookie s.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.8:C:\Documents and Settings\HP_Administrator\Application Data\Netscape\NSB\Profiles\sujs9634.default\cookie s.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.9:C:\Documents and Settings\HP_Administrator\Application Data\Netscape\NSB\Profiles\sujs9634.default\cookie s.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.14:C:\Documents and Settings\HP_Administrator\Application Data\Netscape\NSB\Profiles\sujs9634.default\cookie s.txt -> TrackingCookie.247realmedia : Cleaned with backup
:mozilla.15:C:\Documents and Settings\HP_Administrator\Application Data\Netscape\NSB\Profiles\sujs9634.default\cookie s.txt -> TrackingCookie.247realmedia : Cleaned with backup
:mozilla.16:C:\Documents and Settings\HP_Administrator\Application Data\Netscape\NSB\Profiles\sujs9634.default\cookie s.txt -> TrackingCookie.247realmedia : Cleaned with backup
:mozilla.25:C:\Documents and Settings\HP_Administrator\Application Data\Netscape\NSB\Profiles\sujs9634.default\cookie s.txt -> TrackingCookie.Mediaplex : Cleaned with backup
:mozilla.26:C:\Documents and Settings\HP_Administrator\Application Data\Netscape\NSB\Profiles\sujs9634.default\cookie s.txt -> TrackingCookie.Doubleclick : Cleaned with backup
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator @247realmedia[1].txt -> TrackingCookie.247realmedia : Cleaned with backup
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator @ads.pointroll[2].txt -> TrackingCookie.Pointroll : Cleaned with backup
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator @advertising[1].txt -> TrackingCookie.Advertising : Cleaned with backup
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator @atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned with backup
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator @casalemedia[2].txt -> TrackingCookie.Casalemedia : Cleaned with backup
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator @com[1].txt -> TrackingCookie.Com : Cleaned with backup
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator @data.coremetrics[1].txt -> TrackingCookie.Coremetrics : Cleaned with backup
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator @doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned with backup
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator @fastclick[1].txt -> TrackingCookie.Fastclick : Cleaned with backup
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator @msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator @questionmarket[2].txt -> TrackingCookie.Questionmarket : Cleaned with backup
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator @rotator.adjuggler[1].txt -> TrackingCookie.Adjuggler : Cleaned with backup
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator @tribalfusion[2].txt -> TrackingCookie.Tribalfusion : Cleaned with backup


::Report End


is it fixed?
daredare11 is offline   Reply With Quote
Reply

« Previous Thread | Next Thread »
Thread Tools
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On



All times are GMT. The time now is 12:22 PM.

Contact Us - Computer Forum - Sitemap - Top

Powered by: vBulletin Version 3.7.0
Copyright ©2000 - 2008, Jelsoft Enterprises Ltd.
SEO by vBSEO 3.1.0 ©2007, Crawlability, Inc.
Copyright © 2002-2007 Computer and Web Design Forum