Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Smithfraud-c


  • This topic is locked This topic is locked
16 replies to this topic

#1 cctexun

cctexun

  • Members
  • 116 posts
  • OFFLINE
  •  
  • Local time:09:48 PM

Posted 22 August 2005 - 11:27 AM

Thanks for your patience, I am not computer savvy and hate hittin the enter button for fear I will cause more damage. My neighbor that helps me on this infernal machine told me to stay out of the registry so I am just dying to wander into it.
That said "Where do I start?"
Corn-pruter runnin real slow, I am usin Firefox. Ran spybot nothing to fix but 27 instances of Smithfraud-c. It could not delete or fix them. What to do, Saw that another person has similar problem should I simply follow the instructions for thier solution or post a log and deal with my problems.
Thanks D

BC AdBot (Login to Remove)

 


#2 g2i2r4

g2i2r4

    Malware remover


  • Members
  • 900 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:03:48 AM

Posted 23 August 2005 - 10:00 AM

Welcome cctexun to Bleeping Computer.

Can you post me one of those line Spybot finds?

Please download the latest version of HiJack This. Click here to download the latest version (1.99.1). Please save it in a permanent folder (such as C:\HJT). This is to ensure that backups are saved and accessible in the event you should need it. Follow the instructions below if you are unsure how to save it in a permanent folder:1.) Click on the link to download HiJackThis.exe.
2.) When it pulls up the box (for you to pick a location to save the file), click on the pulldown menu and select "[C:]".
3.) Click on the button to "create new folder" and name the folder HiJackThis
4.) Double click on the folder you just made (to go into the folder) and click "save" on the bottom of the box.
Double-click HijackThis.exe and choose 'scan and save log'.

Reply to this topic using the button 'add reply' and post me that log to check.


Posted Image
Life is what happens while you're making other plans

#3 cctexun

cctexun
  • Topic Starter

  • Members
  • 116 posts
  • OFFLINE
  •  
  • Local time:09:48 PM

Posted 23 August 2005 - 09:30 PM

g2i2r4

Thanks so much for your help. Your explicit instructions will be much appreciated. I am such a newbie it took me a couple minutes to find the add reply button.
Here goes, I have not been able to figure out how to post you a line from the spybot scan.If you could please explain how to do so like you did for the HiJack this stuff .

I will try to type what I see in the Spybot results box.


Here is the first line:


User settings
HKEY_USERS\-1-5-21-1644491937-1563985344-1708537768-1003\Software\Microsoft\Windows\Current\Version\Internet Settings\ZoneMap\Domains\www.niger.ru\*!=W=4 Registry change


That was one of 30. Again thanks so much for your help I hope I followed your instructions correctly.


Logfile of HijackThis v1.99.1
Scan saved at 9:08:18 PM, on 8/23/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\McAfee.com\VSO\mcvsshld.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\McAfee.com\VSO\oasclnt.exe
C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\Microsoft Office\Office\1033\OLFSNT40.EXE
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R3 - Default URLSearchHook is missing
F1 - win.ini: run=Melis.exe
F2 - REG:system.ini: Shell=
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\ycomp5_5_7_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboForm.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\ycomp5_5_7_0.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboForm.dll
O4 - HKLM\..\Run: [AdaptecDirectCD] C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [IEXPLORE.EXE] C:\Program Files\Internet Explorer\iexplore.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 - Startup: PowerReg Scheduler.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Symantec Fax Starter Edition Port.lnk = C:\Program Files\Microsoft Office\Office\1033\OLFSNT40.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE (file missing)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://activex.microsoft.com/activex/contr...media/Swdir.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/200207...meInstaller.exe
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/m...81/mcinsctl.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/m...,19/mcgdmgr.cab
O16 - DPF: {CAFEEFAC-0014-0000-0000-ABCDEFFEDCBA} (Java Runtime Environment 1.4.0) -
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/...353/mcfscan.cab
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe

#4 g2i2r4

g2i2r4

    Malware remover


  • Members
  • 900 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:03:48 AM

Posted 24 August 2005 - 03:58 AM

What spybot finds here is a block list. That's a list preventing you from visiting bad sites. That's good, so leave the entries that look like this.

However, there is something else in your HijackThis log. Let's clean that up.


Read this advise, see if you understand what I mean. Print it or save it to notepad, for in safe mode this page will not be available.


Please download, install, and update the free version of Ewido trojan scanner:
  • When installing, under "Additional Options" uncheck "Install background guard" and "Install scan via context menu".
  • Run Ewido --- When you run it for the first time, you will get a warning "Database could not be found!". Click OK. We will fix this in a moment.
  • From the main ewido screen, click on update in the left menu, then click the Start update button.
  • After the update finishes (the status bar at the bottom will display "Update successful")
  • Exit Ewido. DO NOT scan yet.
***

Download the Killbox.
Unzip it to the desktop

Double-click Killbox.exe to run it.

Select "Delete on Reboot".
Place the following line (complete path) in bold in the "Full Path of File to Delete" box in Killbox:
C:\WINDOWS\melis.exe
Put a mark next to "Delete on Reboot"
Click the red-and-white "Delete File" button. Click "Yes" at the Delete on Reboot prompt. Click "No" at the Pending Operations prompt.
If your computer does not restart automatically, please restart it manually.

***

Next, please reboot your computer in Safe Mode by doing the following:
1) Restart your computer
2) After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
3) Instead of Windows loading as normal, a menu should appear
4) Select the first option, to run Windows in Safe Mode.

For additional help in booting into Safe Mode, see the following site:
http://www.pchell.com/support/safemode.shtml

***

Open HijackThis
Place a check against each of the following, making sure you get them all and not any others by mistake:

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =

R3 - Default URLSearchHook is missing

F1 - win.ini: run=Melis.exe

F2 - REG:system.ini: Shell=

O4 - Startup: PowerReg Scheduler.exe

Close all programs leaving only HijackThis running.
Click on Fix Checked when finished and exit HijackThis.

***

Next, run Ewido again.
  • Click on the Scanner button in the left menu, then click on Complete System Scan. This scan can take quite a while to run.
  • If ewido finds anything, it will pop up a notification. We have been finding some cases of false positives with the new version of Ewido, so we need to step through the fixes one-by-one. If Ewido finds something that you KNOW is legitimate (for example, parts of AVG Antivirus, pcAnywhere and the game "Risk" have been flagged), select "none" as the action. DO NOT check "Perform action with all infections". If you are unsure of an entry, select "none" for the time being. I'll see that in the log you will post later and let you know if ewido needs to be run again.
  • When the scan finishes, click on "Save Report". This will create a text file. Make sure you know where to find this file again.
***

Reboot back to normal mode.

***

Post back in this topic with a fresh HijackThis log and the Ewido log.


Posted Image
Life is what happens while you're making other plans

#5 cctexun

cctexun
  • Topic Starter

  • Members
  • 116 posts
  • OFFLINE
  •  
  • Local time:09:48 PM

Posted 24 August 2005 - 07:54 AM

g2i2r4

That wasn't so bad, seemed I had to try several times to get the hang of the process. Had to go to pchell to figure out the safe mode startup, not sure if it all came out right. I guess you will tell me what I need to go back and do over.


I left some of the cookies etc. that ewido found, I saw they were in mozilla and thought they might be a part of Firefox so hit the none option. maybe I should have removed them. Also a "Hueristic.win32Dialer" not sure what it was now I am thinking I should have removed it all.

Here is the ewido log

---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 7:20:30 AM, 8/24/2005
+ Report-Checksum: FCF6CD61

+ Scan result:

C:\WINDOWS\mediaupdate186.exe -> Heuristic.Win32.Dialer : Ignored
:mozilla.6:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\7kmyel8x.default\cookies.txt -> Spyware.Cookie.Myaffiliateprogram : Ignored
:mozilla.7:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\7kmyel8x.default\cookies.txt -> Spyware.Cookie.Myaffiliateprogram : Ignored
:mozilla.9:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\7kmyel8x.default\cookies.txt -> Spyware.Cookie.Myaffiliateprogram : Ignored
:mozilla.37:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\7kmyel8x.default\cookies.txt -> Spyware.Cookie.Masterstats : Ignored
:mozilla.38:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\7kmyel8x.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Ignored
:mozilla.39:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\7kmyel8x.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Ignored
:mozilla.40:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\7kmyel8x.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Ignored
:mozilla.41:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\7kmyel8x.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Ignored
:mozilla.42:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\7kmyel8x.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Ignored
:mozilla.43:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\7kmyel8x.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Ignored
:mozilla.44:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\7kmyel8x.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Ignored
:mozilla.49:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\7kmyel8x.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Ignored
:mozilla.50:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\7kmyel8x.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Ignored
:mozilla.78:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\7kmyel8x.default\cookies.txt -> Spyware.Cookie.Falkag : Ignored
:mozilla.79:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\7kmyel8x.default\cookies.txt -> Spyware.Cookie.Falkag : Ignored
:mozilla.80:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\7kmyel8x.default\cookies.txt -> Spyware.Cookie.Falkag : Ignored
:mozilla.81:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\7kmyel8x.default\cookies.txt -> Spyware.Cookie.Falkag : Ignored
:mozilla.82:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\7kmyel8x.default\cookies.txt -> Spyware.Cookie.Falkag : Ignored
:mozilla.160:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\7kmyel8x.default\cookies.txt -> Spyware.Cookie.Adbrite : Ignored
:mozilla.169:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\7kmyel8x.default\cookies.txt -> Spyware.Cookie.Casalemedia : Ignored
:mozilla.170:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\7kmyel8x.default\cookies.txt -> Spyware.Cookie.Casalemedia : Ignored
:mozilla.171:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\7kmyel8x.default\cookies.txt -> Spyware.Cookie.Casalemedia : Ignored
:mozilla.172:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\7kmyel8x.default\cookies.txt -> Spyware.Cookie.Casalemedia : Ignored
:mozilla.173:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\7kmyel8x.default\cookies.txt -> Spyware.Cookie.Casalemedia : Ignored
:mozilla.174:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\7kmyel8x.default\cookies.txt -> Spyware.Cookie.Casalemedia : Ignored
:mozilla.175:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\7kmyel8x.default\cookies.txt -> Spyware.Cookie.Casalemedia : Ignored
:mozilla.176:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\7kmyel8x.default\cookies.txt -> Spyware.Cookie.Casalemedia : Ignored
:mozilla.177:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\7kmyel8x.default\cookies.txt -> Spyware.Cookie.Casalemedia : Ignored
:mozilla.181:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\7kmyel8x.default\cookies.txt -> Spyware.Cookie.Statcounter : Ignored
:mozilla.182:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\7kmyel8x.default\cookies.txt -> Spyware.Cookie.Statcounter : Ignored
:mozilla.183:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\7kmyel8x.default\cookies.txt -> Spyware.Cookie.Statcounter : Ignored
:mozilla.184:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\7kmyel8x.default\cookies.txt -> Spyware.Cookie.Statcounter : Ignored
:mozilla.185:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\7kmyel8x.default\cookies.txt -> Spyware.Cookie.Statcounter : Ignored
:mozilla.186:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\7kmyel8x.default\cookies.txt -> Spyware.Cookie.Statcounter : Ignored
:mozilla.187:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\7kmyel8x.default\cookies.txt -> Spyware.Cookie.Statcounter : Ignored
:mozilla.188:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\7kmyel8x.default\cookies.txt -> Spyware.Cookie.Statcounter : Ignored
:mozilla.189:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\7kmyel8x.default\cookies.txt -> Spyware.Cookie.Statcounter : Ignored
:mozilla.190:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\7kmyel8x.default\cookies.txt -> Spyware.Cookie.Statcounter : Ignored
:mozilla.191:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\7kmyel8x.default\cookies.txt -> Spyware.Cookie.Statcounter : Ignored
:mozilla.192:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\7kmyel8x.default\cookies.txt -> Spyware.Cookie.Statcounter : Ignored
:mozilla.193:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\7kmyel8x.default\cookies.txt -> Spyware.Cookie.Statcounter : Ignored
:mozilla.194:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\7kmyel8x.default\cookies.txt -> Spyware.Cookie.Statcounter : Ignored
:mozilla.195:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\7kmyel8x.default\cookies.txt -> Spyware.Cookie.Statcounter : Ignored
:mozilla.196:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\7kmyel8x.default\cookies.txt -> Spyware.Cookie.Statcounter : Ignored
:mozilla.197:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\7kmyel8x.default\cookies.txt -> Spyware.Cookie.Statcounter : Ignored
:mozilla.198:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\7kmyel8x.default\cookies.txt -> Spyware.Cookie.Statcounter : Ignored
:mozilla.199:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\7kmyel8x.default\cookies.txt -> Spyware.Cookie.Statcounter : Ignored
:mozilla.200:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\7kmyel8x.default\cookies.txt -> Spyware.Cookie.Statcounter : Ignored
:mozilla.201:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\7kmyel8x.default\cookies.txt -> Spyware.Cookie.Statcounter : Ignored
:mozilla.202:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\7kmyel8x.default\cookies.txt -> Spyware.Cookie.Statcounter : Ignored
:mozilla.203:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\7kmyel8x.default\cookies.txt -> Spyware.Cookie.Statcounter : Ignored
:mozilla.204:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\7kmyel8x.default\cookies.txt -> Spyware.Cookie.Statcounter : Ignored
:mozilla.205:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\7kmyel8x.default\cookies.txt -> Spyware.Cookie.Statcounter : Ignored
:mozilla.206:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\7kmyel8x.default\cookies.txt -> Spyware.Cookie.Statcounter : Ignored
:mozilla.250:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\7kmyel8x.default\cookies.txt -> Spyware.Cookie.Onestat : Ignored
:mozilla.251:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\7kmyel8x.default\cookies.txt -> Spyware.Cookie.Onestat : Ignored
:mozilla.252:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\7kmyel8x.default\cookies.txt -> Spyware.Cookie.Onestat : Ignored
:mozilla.253:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\7kmyel8x.default\cookies.txt -> Spyware.Cookie.Onestat : Ignored
:mozilla.254:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\7kmyel8x.default\cookies.txt -> Spyware.Cookie.Onestat : Ignored
:mozilla.255:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\7kmyel8x.default\cookies.txt -> Spyware.Cookie.Onestat : Ignored
:mozilla.328:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\7kmyel8x.default\cookies.txt -> Spyware.Cookie.Burstnet : Ignored
:mozilla.329:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\7kmyel8x.default\cookies.txt -> Spyware.Cookie.Burstnet : Ignored
:mozilla.342:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\7kmyel8x.default\cookies.txt -> Spyware.Cookie.Clickzs : Ignored
:mozilla.344:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\7kmyel8x.default\cookies.txt -> Spyware.Cookie.Clickzs : Ignored
:mozilla.374:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\7kmyel8x.default\cookies.txt -> Spyware.Cookie.Clickzs : Ignored
:mozilla.375:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\7kmyel8x.default\cookies.txt -> Spyware.Cookie.Clickzs : Ignored
:mozilla.383:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\7kmyel8x.default\cookies.txt -> Spyware.Cookie.Clickzs : Ignored
:mozilla.384:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\7kmyel8x.default\cookies.txt -> Spyware.Cookie.Clickzs : Ignored
:mozilla.385:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\7kmyel8x.default\cookies.txt -> Spyware.Cookie.Clickzs : Ignored
:mozilla.386:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\7kmyel8x.default\cookies.txt -> Spyware.Cookie.Clickzs : Ignored
:mozilla.387:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\7kmyel8x.default\cookies.txt -> Spyware.Cookie.Clickzs : Ignored
:mozilla.388:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\7kmyel8x.default\cookies.txt -> Spyware.Cookie.Clickzs : Ignored
HKLM\SOFTWARE\Classes\CLSID\{08A3BAAE-CEB8-766F-9585-A831A8E94068} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{09098A2E-29B4-D7AC-C8EC-1C448EBA69E3} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{0ECEBD98-802F-9B4D-7308-C983A18EDBEC} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{10D837D7-D6EA-8BCE-37FB-E58A2E09397B} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{1F46E851-7EAF-1A9B-E6B4-CCA46BD7BB86} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{208BD4D8-3DA2-3736-A8E6-F3AF3479FA31} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{24E10FF7-10AA-6198-95AE-258D49D9ABCA} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{2B284248-D0FE-C340-0D87-ABD55DD24BFA} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{2FB10B1F-E342-08A1-CBAA-D4A2CD2ABAC6} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{338E88E9-D821-1C15-A00D-907AB980E988} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{38BCC2CD-AF0A-EC41-D4CB-035F1C7378C9} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{3B9E0A95-3EBA-124F-52D1-033C73734625} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{46C8C875-7053-566F-B7DF-A8735884B10E} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{47B70B6F-A6B0-230A-43C3-9F9B5C710209} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{4A210C09-C3AE-D36C-3EC5-0D7723985463} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{4AD64CAF-CC40-779E-C47E-E23705C41C75} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{52CA0FCE-F9E0-2125-6CA6-2627141A47E9} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{5F574346-A206-D78A-7149-4C709D5204A4} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{62B52B4D-547B-BFC7-9850-79709FDECF27} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{64770A00-0C3B-BCEC-D32D-83EE61896228} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{69C2D4B0-CE91-AAB5-0BB5-4F75B848492D} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{6C69E2F6-F200-55DF-18C6-3C368029FD3E} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{763FC5CF-92D8-A8BE-597E-1C53C8D18D56} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{7658C68E-7ED4-8476-AC96-729091012307} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{792A038A-9C16-9885-5B25-CE939788172A} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{7B28CC5E-5425-8989-13A1-2929DDA8CC5F} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{817972EC-CAD1-C47C-A430-508B1E97DE0D} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{826D0369-102B-4A44-F27B-D9DCC50A8EE6} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{8A50C2FE-C00E-0C19-DC1A-BCABABE155C3} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{8D01C3C9-547A-12EE-5401-4B29F8F98176} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{9320654E-9DD7-7B4E-FD11-BE169AC706F5} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{96EEA21B-4AA3-4627-EA0A-176241DBD1A4} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{9A711817-CADB-FD03-EBB1-4E2FC70601C2} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{9B9D4A7D-1232-E364-432D-B58ECFAE5AF4} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{9C060FC3-F4CE-894D-8EB7-FA3935CE5AA1} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{A7737E2C-9C15-D4BE-4A5B-C15B7E8C41E9} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{A9629E20-9B59-1F5F-58AE-E699D9122E1F} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{B30EFD56-F6AF-2F6B-C3AB-6571E5627F1F} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{B4F697AE-7E58-DC0D-D012-24F83EAB9F25} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{BE5DCDBC-54D3-95EA-B258-2D53BD817431} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{C092CEA0-FB34-5E12-83ED-47942941DECC} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{CAF35453-A9AB-61D6-E032-1F6CE85168F3} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{D02510A9-69A7-24D5-85DA-D3EC8E911C73} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{D27DD7B4-A72B-4B66-2BD3-262B793A3C2C} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{D4451521-F203-568E-2657-C5AD1F0B1F77} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{D75B9D6B-FB2A-EE40-24DA-791D27C77147} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{E63E927A-86D0-9904-89A5-12291C12FD61} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{ECEAF197-B6EF-9E38-0846-FF3BB03983AD} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{EF24BEB1-9592-9F8F-4B29-99399FD2C231} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{F7B868F8-EA98-86A3-D29E-5BCE94E2DD6A} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{BC3BBF86-E4EC-4412-9676-8355468B3B05} -> Spyware.Maxspeed : Cleaned with backup
:mozilla.392:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\7kmyel8x.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.393:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\7kmyel8x.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.394:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\7kmyel8x.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.395:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\7kmyel8x.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.396:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\7kmyel8x.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.397:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\7kmyel8x.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.398:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\7kmyel8x.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.399:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\7kmyel8x.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.400:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\7kmyel8x.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.401:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\7kmyel8x.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.402:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\7kmyel8x.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.403:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\7kmyel8x.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.404:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\7kmyel8x.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.405:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\7kmyel8x.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.406:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\7kmyel8x.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.407:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\7kmyel8x.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.408:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\7kmyel8x.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.409:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\7kmyel8x.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.410:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\7kmyel8x.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.411:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\7kmyel8x.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.412:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\7kmyel8x.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.413:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\7kmyel8x.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.414:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\7kmyel8x.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.415:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\7kmyel8x.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.416:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\7kmyel8x.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.417:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\7kmyel8x.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.418:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\7kmyel8x.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.419:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\7kmyel8x.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.420:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\7kmyel8x.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.421:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\7kmyel8x.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.422:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\7kmyel8x.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.423:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\7kmyel8x.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.424:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\7kmyel8x.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.425:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\7kmyel8x.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.426:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\7kmyel8x.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.427:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\7kmyel8x.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.428:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\7kmyel8x.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.429:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\7kmyel8x.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.430:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\7kmyel8x.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.431:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\7kmyel8x.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.432:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\7kmyel8x.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.433:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\7kmyel8x.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.434:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\7kmyel8x.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.435:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\7kmyel8x.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.436:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\7kmyel8x.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.437:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\7kmyel8x.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.438:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\7kmyel8x.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.439:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\7kmyel8x.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.440:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\7kmyel8x.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.441:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\7kmyel8x.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.456:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\7kmyel8x.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.463:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\7kmyel8x.default\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
:mozilla.468:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\7kmyel8x.default\cookies.txt -> Spyware.Cookie.Cqcounter : Cleaned with backup
:mozilla.535:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\7kmyel8x.default\cookies.txt -> Spyware.Cookie.Clickzs : Cleaned with backup
:mozilla.536:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\7kmyel8x.default\cookies.txt -> Spyware.Cookie.Clickzs : Cleaned with backup
:mozilla.537:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\7kmyel8x.default\cookies.txt -> Spyware.Cookie.Clickzs : Cleaned with backup
:mozilla.538:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\7kmyel8x.default\cookies.txt -> Spyware.Cookie.Clickzs : Cleaned with backup
:mozilla.605:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\7kmyel8x.default\cookies.txt -> Spyware.Cookie.Internetfuel : Cleaned with backup
:mozilla.606:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\7kmyel8x.default\cookies.txt -> Spyware.Cookie.Internetfuel : Cleaned with backup
:mozilla.607:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\7kmyel8x.default\cookies.txt -> Spyware.Cookie.Internetfuel : Cleaned with backup
:mozilla.608:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\7kmyel8x.default\cookies.txt -> Spyware.Cookie.Internetfuel : Cleaned with backup
:mozilla.609:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\7kmyel8x.default\cookies.txt -> Spyware.Cookie.Internetfuel : Cleaned with backup
:mozilla.649:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\7kmyel8x.default\cookies.txt -> Spyware.Cookie.Revenue : Cleaned with backup
:mozilla.657:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\7kmyel8x.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.658:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\7kmyel8x.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.659:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\7kmyel8x.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.660:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\7kmyel8x.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.677:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\7kmyel8x.default\cookies.txt -> Spyware.Cookie.Weborama : Cleaned with backup
:mozilla.678:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\7kmyel8x.default\cookies.txt -> Spyware.Cookie.Weborama : Cleaned with backup
:mozilla.725:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\7kmyel8x.default\cookies.txt -> Spyware.Cookie.Clickhype : Cleaned with backup
:mozilla.748:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\7kmyel8x.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.776:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\7kmyel8x.default\cookies.txt -> Spyware.Cookie.Adjuggler : Cleaned with backup
:mozilla.777:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\7kmyel8x.default\cookies.txt -> Spyware.Cookie.Adjuggler : Cleaned with backup
:mozilla.785:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\7kmyel8x.default\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
:mozilla.786:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\7kmyel8x.default\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
:mozilla.867:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\7kmyel8x.default\cookies.txt -> Spyware.Cookie.Onestat : Cleaned with backup


::Report End








Here is the new HIJack log


Logfile of HijackThis v1.99.1
Scan saved at 7:25:17 AM, on 8/24/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\McAfee.com\VSO\mcvsshld.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\McAfee.com\VSO\oasclnt.exe
C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
C:\Program Files\Microsoft Office\Office\1033\OLFSNT40.EXE
C:\Program Files\ewido\security suite\ewidoctrl.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\HijackThis\HijackThis.exe

O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\ycomp5_5_7_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboForm.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\ycomp5_5_7_0.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboForm.dll
O4 - HKLM\..\Run: [AdaptecDirectCD] C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [IEXPLORE.EXE] C:\Program Files\Internet Explorer\iexplore.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Symantec Fax Starter Edition Port.lnk = C:\Program Files\Microsoft Office\Office\1033\OLFSNT40.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE (file missing)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://activex.microsoft.com/activex/contr...media/Swdir.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/200207...meInstaller.exe
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/m...81/mcinsctl.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/m...,19/mcgdmgr.cab
O16 - DPF: {CAFEEFAC-0014-0000-0000-ABCDEFFEDCBA} (Java Runtime Environment 1.4.0) -
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/...353/mcfscan.cab
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe




What is the proper way to select and paste these files in this post? There has to be a better way than how I accomplished the task.
If I have been remiss I telling you how much I appreciate your help. Please allow me to say once again " Thanks Podna!!!!!! " As my old friend Bob Redding says "Much Obliged" D

#6 g2i2r4

g2i2r4

    Malware remover


  • Members
  • 900 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:03:48 AM

Posted 24 August 2005 - 09:50 AM

Let's remove that file:

Double-click Killbox.exe to run it.

Select "Delete on Reboot".
Place the following line (complete path) as shown here in blue in the "Full Path of File to Delete" box in Killbox:
C:\WINDOWS\mediaupdate186.exe
Put a mark next to "Delete on Reboot"
Click the red-and-white "Delete File" button. Click "Yes" at the Delete on Reboot prompt. Click "No" at the Pending Operations prompt.
If your computer does not restart automatically, please restart it manually.

It's no problem to remove those files in firefox, they are cookies (small textfile that are made when you visit a site).

Let me compliment you on a job well done.

The logs look clean, is the computer running ok now?

Edited by g2i2r4, 25 August 2005 - 07:13 PM.



Posted Image
Life is what happens while you're making other plans

#7 cctexun

cctexun
  • Topic Starter

  • Members
  • 116 posts
  • OFFLINE
  •  
  • Local time:09:48 PM

Posted 24 August 2005 - 11:54 AM

g2i2r4 Lookin Good!!!!


Followed your instructions with killbox, cept not really sure about the "bold" portion. Please explain.


put it back in safe mode and ran ewido, rebooted and ran Hijack. Should I run hijack while in safe mode?

What about the Smithfraud stuff?

Here are the logs.

Logfile of HijackThis v1.99.1
Scan saved at 11:36:40 AM, on 8/24/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\McAfee.com\VSO\mcvsshld.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\McAfee.com\VSO\oasclnt.exe
C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\Microsoft Office\Office\1033\OLFSNT40.EXE
C:\Program Files\ewido\security suite\ewidoctrl.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\HijackThis\HijackThis.exe

O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\ycomp5_5_7_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboForm.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\ycomp5_5_7_0.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboForm.dll
O4 - HKLM\..\Run: [AdaptecDirectCD] C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [IEXPLORE.EXE] C:\Program Files\Internet Explorer\iexplore.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Symantec Fax Starter Edition Port.lnk = C:\Program Files\Microsoft Office\Office\1033\OLFSNT40.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE (file missing)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://activex.microsoft.com/activex/contr...media/Swdir.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/200207...meInstaller.exe
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/m...81/mcinsctl.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/m...,19/mcgdmgr.cab
O16 - DPF: {CAFEEFAC-0014-0000-0000-ABCDEFFEDCBA} (Java Runtime Environment 1.4.0) -
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/...353/mcfscan.cab
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe





---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 11:31:36 AM, 8/24/2005
+ Report-Checksum: 5B271F6D

+ Scan result:

C:\WINDOWS\mediaupdate186.exe -> Heuristic.Win32.Dialer : Cleaned with backup
:mozilla.67:C:\Documents and Settings\David\Local Settings\Temp\~DFF51B.tmp -> Spyware.Cookie.Myaffiliateprogram : Cleaned with backup
:mozilla.68:C:\Documents and Settings\David\Local Settings\Temp\~DFF51B.tmp -> Spyware.Cookie.Myaffiliateprogram : Cleaned with backup
:mozilla.69:C:\Documents and Settings\David\Local Settings\Temp\~DFF51B.tmp -> Spyware.Cookie.Myaffiliateprogram : Cleaned with backup
:mozilla.93:C:\Documents and Settings\David\Local Settings\Temp\~DFF51B.tmp -> Spyware.Cookie.Masterstats : Cleaned with backup
:mozilla.94:C:\Documents and Settings\David\Local Settings\Temp\~DFF51B.tmp -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.95:C:\Documents and Settings\David\Local Settings\Temp\~DFF51B.tmp -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.96:C:\Documents and Settings\David\Local Settings\Temp\~DFF51B.tmp -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.97:C:\Documents and Settings\David\Local Settings\Temp\~DFF51B.tmp -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.98:C:\Documents and Settings\David\Local Settings\Temp\~DFF51B.tmp -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.99:C:\Documents and Settings\David\Local Settings\Temp\~DFF51B.tmp -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.100:C:\Documents and Settings\David\Local Settings\Temp\~DFF51B.tmp -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.105:C:\Documents and Settings\David\Local Settings\Temp\~DFF51B.tmp -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.106:C:\Documents and Settings\David\Local Settings\Temp\~DFF51B.tmp -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.128:C:\Documents and Settings\David\Local Settings\Temp\~DFF51B.tmp -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.129:C:\Documents and Settings\David\Local Settings\Temp\~DFF51B.tmp -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.130:C:\Documents and Settings\David\Local Settings\Temp\~DFF51B.tmp -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.131:C:\Documents and Settings\David\Local Settings\Temp\~DFF51B.tmp -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.132:C:\Documents and Settings\David\Local Settings\Temp\~DFF51B.tmp -> Spyware.Cookie.Falkag : Cleaned with backup
C:\Documents and Settings\David\Cookies\david@mediaplex[1].txt -> Spyware.Cookie.Mediaplex : Cleaned with backup
C:\Documents and Settings\David\Cookies\david@rccl.bridgetrack[2].txt -> Spyware.Cookie.Bridgetrack : Cleaned with backup
C:\Documents and Settings\David\Cookies\david@ad.yieldmanager[2].txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.67:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\7kmyel8x.default\cookies.txt -> Spyware.Cookie.Myaffiliateprogram : Cleaned with backup
:mozilla.68:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\7kmyel8x.default\cookies.txt -> Spyware.Cookie.Myaffiliateprogram : Cleaned with backup
:mozilla.69:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\7kmyel8x.default\cookies.txt -> Spyware.Cookie.Myaffiliateprogram : Cleaned with backup
:mozilla.93:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\7kmyel8x.default\cookies.txt -> Spyware.Cookie.Masterstats : Cleaned with backup
:mozilla.94:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\7kmyel8x.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.95:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\7kmyel8x.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.96:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\7kmyel8x.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.97:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\7kmyel8x.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.98:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\7kmyel8x.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.99:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\7kmyel8x.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.100:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\7kmyel8x.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.105:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\7kmyel8x.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.106:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\7kmyel8x.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.128:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\7kmyel8x.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.129:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\7kmyel8x.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.130:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\7kmyel8x.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.131:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\7kmyel8x.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.132:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\7kmyel8x.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.169:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\7kmyel8x.default\cookies.txt -> Spyware.Cookie.Adbrite : Cleaned with backup
:mozilla.178:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\7kmyel8x.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.179:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\7kmyel8x.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.180:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\7kmyel8x.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.181:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\7kmyel8x.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.182:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\7kmyel8x.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.183:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\7kmyel8x.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.184:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\7kmyel8x.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.185:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\7kmyel8x.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.186:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\7kmyel8x.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.190:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\7kmyel8x.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.191:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\7kmyel8x.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.192:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\7kmyel8x.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.193:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\7kmyel8x.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.194:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\7kmyel8x.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.195:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\7kmyel8x.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.196:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\7kmyel8x.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.197:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\7kmyel8x.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.198:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\7kmyel8x.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.199:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\7kmyel8x.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.200:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\7kmyel8x.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.201:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\7kmyel8x.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.202:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\7kmyel8x.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.203:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\7kmyel8x.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.204:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\7kmyel8x.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.205:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\7kmyel8x.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.206:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\7kmyel8x.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.207:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\7kmyel8x.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.208:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\7kmyel8x.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.209:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\7kmyel8x.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.210:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\7kmyel8x.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.211:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\7kmyel8x.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.212:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\7kmyel8x.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.213:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\7kmyel8x.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.214:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\7kmyel8x.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.215:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\7kmyel8x.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.259:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\7kmyel8x.default\cookies.txt -> Spyware.Cookie.Onestat : Cleaned with backup
:mozilla.260:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\7kmyel8x.default\cookies.txt -> Spyware.Cookie.Onestat : Cleaned with backup
:mozilla.261:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\7kmyel8x.default\cookies.txt -> Spyware.Cookie.Onestat : Cleaned with backup
:mozilla.262:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\7kmyel8x.default\cookies.txt -> Spyware.Cookie.Onestat : Cleaned with backup
:mozilla.263:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\7kmyel8x.default\cookies.txt -> Spyware.Cookie.Onestat : Cleaned with backup
:mozilla.264:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\7kmyel8x.default\cookies.txt -> Spyware.Cookie.Onestat : Cleaned with backup
:mozilla.337:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\7kmyel8x.default\cookies.txt -> Spyware.Cookie.Burstnet : Cleaned with backup
:mozilla.338:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\7kmyel8x.default\cookies.txt -> Spyware.Cookie.Burstnet : Cleaned with backup
:mozilla.350:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\7kmyel8x.default\cookies.txt -> Spyware.Cookie.Clickzs : Cleaned with backup
:mozilla.352:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\7kmyel8x.default\cookies.txt -> Spyware.Cookie.Clickzs : Cleaned with backup
:mozilla.382:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\7kmyel8x.default\cookies.txt -> Spyware.Cookie.Clickzs : Cleaned with backup
:mozilla.383:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\7kmyel8x.default\cookies.txt -> Spyware.Cookie.Clickzs : Cleaned with backup
:mozilla.391:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\7kmyel8x.default\cookies.txt -> Spyware.Cookie.Clickzs : Cleaned with backup
:mozilla.392:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\7kmyel8x.default\cookies.txt -> Spyware.Cookie.Clickzs : Cleaned with backup
:mozilla.393:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\7kmyel8x.default\cookies.txt -> Spyware.Cookie.Clickzs : Cleaned with backup
:mozilla.394:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\7kmyel8x.default\cookies.txt -> Spyware.Cookie.Clickzs : Cleaned with backup
:mozilla.395:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\7kmyel8x.default\cookies.txt -> Spyware.Cookie.Clickzs : Cleaned with backup
:mozilla.396:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\7kmyel8x.default\cookies.txt -> Spyware.Cookie.Clickzs : Cleaned with backup


::Report End

#8 g2i2r4

g2i2r4

    Malware remover


  • Members
  • 900 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:03:48 AM

Posted 25 August 2005 - 07:17 PM

I've edited my previous post from bold to blue. But no need to repeat it, by rerunning Ewido and clicking 'remove' Ewido took care of that.

As for you question "What about the Smithfraud stuff?", I replied this:

What spybot finds here is a block list. That's a list preventing you from visiting bad sites. That's good, so leave the entries that look like this.


The logs look clean. Is the computer running ok now?


Posted Image
Life is what happens while you're making other plans

#9 cctexun

cctexun
  • Topic Starter

  • Members
  • 116 posts
  • OFFLINE
  •  
  • Local time:09:48 PM

Posted 25 August 2005 - 07:34 PM

g2i2r4

Thanks so much for your help.

I got your email " Rush rush" Hope all is well. My coneputter seems to be runnin very nicely. I am still having the "Smithfraud-C" showing up as 30 instances after running Spybot.I can't figure out how to post the list, to show you what it ("Smithfraud-C") is, in this reply. Can you explain how to capture the lines of the report? I would like to post them here if needed. Is my only option to type them in? Is this thing(Smithfraud-C) a bad thing or a good thing?

Do you have any further suggestions? Thanks Podnah!!!!
"It's Great to be Alive and in South Texas"


D

#10 cctexun

cctexun
  • Topic Starter

  • Members
  • 116 posts
  • OFFLINE
  •  
  • Local time:09:48 PM

Posted 25 August 2005 - 07:44 PM

g2i2r4

You are the greatest. We must be on the same wavelength. As I was pecking out the previous post you were answering my questions even before I completed my thoughts. Though I started this process with considerable trepidation you have made it painless. Thanks so much for all your patience, skill, and consideration. I really don't know how you folks can explain such complex manipulations in so simple terms and specific directions. Thanks so much. The Dutch Rule!!!!!!

D

#11 g2i2r4

g2i2r4

    Malware remover


  • Members
  • 900 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:03:48 AM

Posted 27 August 2005 - 02:40 PM

Sorry, it took me a while to respond.

I've been glowing in the dark here ever since I read your compliments. Thank you so much :thumbsup:

Let's remove those Spybot Finding (I think I know what to expect).

RIGHT-CLICK HERE and Save As (in IE it's "Save Target As") in order to download DelDomains.inf to your desktop.
To use: RIGHT-CLICK DelDomains.inf and select: Install (no need to restart)
Note: This will remove all entries in the "Trusted Zone" and "Ranges" also.

Rerun Spybot and let me know it's findings.

Open SpyBot, check for and get any updates available, close all browsers, check for problems and fix everything found. Then on the toolbar menu select mode and switch to advanced mode, on the left lower down select tools
Now select (near the top) view report.
Press export in the save in box choose a place such as your my documents folder.

Open the file using Notepad. Copy the entire text and paste it here in your reply.


Posted Image
Life is what happens while you're making other plans

#12 cctexun

cctexun
  • Topic Starter

  • Members
  • 116 posts
  • OFFLINE
  •  
  • Local time:09:48 PM

Posted 28 August 2005 - 12:26 PM

g2i2r4


Let me compliment you on your continued attention to detail. Allow me to thank you for your constant assistance. This process has actually been a real boost to my ego. I really was quite concerned that I had gotten in over my head when I first saw how long and ardorous the task (To clean up and out my cornedprunner) seemed when reading some of the posts in this forum.

I still don't know how you peeps can read these logs and find lines that shouldn't be there and then explain how to right the wrongs.

My next question(yes I realize that I am almost at the accepted limit of questions allowed) is, "Was the infection in my machine unique?"

Could I have gone to a generic posting such as the one "Grinler" has posted in the "Spyware Removal & Malware Self-Help and Reading Room" followed his or her instructions and accomplished the next line you will read in this post.


Presto "No problems to report".

I thought I would never see the day I could say those words.

Oops have I begun my celebration too early, is there something that needs to be tended to before I pop the bubbly. Cheers, Glug, glug.

I can tell you that if I had done so,(Dealt with the infection through Grinlers posting) I certianly would have been much more anxiety ridden without the confidence I felt from your being at my side through this process.


"Thanks Podnah" D





Here is the most recent spybot scan report.


--- Search result list ---
Congratulations!: No immediate threats were found. ()



--- Spybot - Search & Destroy version: 1.4 (build: 20050523) ---

2005-06-15 unins000.exe (51.41.0.0)
2005-05-31 blindman.exe (1.0.0.1)
2005-05-31 SpybotSD.exe (1.4.0.3)
2005-05-31 TeaTimer.exe (1.4.0.2)
2005-05-31 Update.exe (1.4.0.0)
2005-05-31 advcheck.dll (1.0.2.0)
2005-05-31 aports.dll (2.1.0.0)
2005-05-31 borlndmm.dll (7.0.4.453)
2005-05-31 delphimm.dll (7.0.4.453)
2005-05-31 SDHelper.dll (1.4.0.0)
2005-05-31 Tools.dll (2.0.0.2)
2005-05-31 UnzDll.dll (1.73.1.1)
2005-05-31 ZipDll.dll (1.73.2.0)
2005-04-26 Includes\Cookies.sbi (*)
2004-11-29 Includes\LSP.sbi (*)
2005-08-26 Includes\Dialer.sbi (*)
2005-08-26 Includes\Hijackers.sbi (*)
2005-08-16 Includes\Keyloggers.sbi (*)
2005-08-26 Includes\Malware.sbi (*)
2005-04-27 Includes\Revision.sbi (*)
2005-08-25 Includes\Security.sbi (*)
2005-08-16 Includes\Spybots.sbi (*)
2005-08-26 Includes\Trojans.sbi (*)
2005-02-17 Includes\Tracks.uti
2005-08-12 Includes\PUPS.sbi (*)



--- System information ---
Windows XP (Build: 2600)
/ DataAccess: Microsoft Data Access Components KB870669
/ DataAccess: Patch Available For XMLHTTP Vulnerability
/ DataAccess: Patch Available For XMLHTTP Vulnerability
/ DataAccess: Security update for Microsoft Data Access Components
/ DataAccess: Security Update for Microsoft Data Access Components
/ DirectX: DirectX Update 819696
/ Internet Explorer 6 / SP0: Windows XP Hotfix - KB834707
/ Windows Media Player / SP0: Windows Media Player Hotfix [See wm828026 for more information]
/ Windows Media Player: Windows Media Update 320920
/ Windows Media Player: Windows Media Update 320920
/ Windows Media Player: Windows Media Update 819639
/ Windows Media Player: Windows Media Update 828026
/ Windows XP / SP1: Windows XP Hotfix - KB821557
/ Windows XP / SP1: Windows XP Hotfix - KB823182
/ Windows XP / SP1: Windows XP Hotfix - KB823980
/ Windows XP / SP1: Windows XP Hotfix - KB824105
/ Windows XP / SP1: Windows XP Hotfix - KB824141
/ Windows XP / SP1: Windows XP Hotfix - KB824146
/ Windows XP / SP1: Windows XP Hotfix - KB828028
/ Windows XP / SP1: Windows XP Hotfix - KB828035
/ Windows XP / SP1: Windows XP Hotfix (SP1) [See Q282010 for more information]
/ Windows XP / SP1 / Q307869: Windows XP Hotfix (SP1) [See Q307869 for more information]
/ Windows XP / SP1 / Q308210: Windows XP Hotfix (SP1) [See Q308210 for more information]
/ Windows XP / SP1 / Q309521: Windows XP Hotfix (SP1) [See Q309521 for more information]
/ Windows XP / SP1 / Q310437: Windows XP Hotfix (SP1) [See Q310437 for more information]
/ Windows XP / SP1: Windows XP Hotfix (SP1) [See Q310510 for more information]
/ Windows XP / SP1: Windows XP Hotfix (SP1) [See Q311542 for more information]
/ Windows XP / SP1: Windows XP Hotfix (SP1) [See Q311889 for more information]
/ Windows XP / SP1: Windows XP Hotfix (SP1) [See Q311967 for more information]
/ Windows XP / SP1: Windows XP Hotfix (SP1) [See Q313450 for more information]
/ Windows XP / SP1: Windows XP Hotfix (SP1) [See Q314147 for more information]
/ Windows XP / SP1: Windows XP Hotfix (SP1) [See Q314862 for more information]
/ Windows XP / SP1: Windows XP Hotfix (SP1) [See Q315000 for more information]
/ Windows XP / SP1: Windows XP Hotfix (SP1) [See Q315403 for more information]
/ Windows XP / SP1: Windows XP Hotfix (SP1) [See Q316397 for more information]
/ Windows XP / SP1: Windows XP Hotfix (SP1) [See Q317277 for more information]
/ Windows XP / SP1: Windows XP Hotfix (SP1) [See Q318138 for more information]
/ Windows XP / SP1: Windows XP Hotfix (SP1) [See Q318388 for more information]
/ Windows XP / SP1: Windows XP Hotfix (SP1) [See Q318966 for more information]
/ Windows XP / SP1: Windows XP Hotfix (SP1) [See Q319322 for more information]
/ Windows XP / SP1: Windows XP Application Compatibility Update[Q319580]
/ Windows XP / SP1: Windows XP Hotfix (SP1) [See Q319949 for more information]
/ Windows XP / SP1: Windows XP Hotfix (SP1) [See Q320174 for more information]
/ Windows XP / SP1: Windows XP Hotfix (SP1) [See Q320552 for more information]
/ Windows XP / SP1: Windows XP Hotfix (SP1) [See Q320678 for more information]
/ Windows XP / SP1: Windows XP Hotfix (SP1) [See Q323172 for more information]
/ Windows XP / SP1: Windows XP Hotfix (SP1) [See Q323322 for more information]
/ Windows XP / SP1: Windows XP Hotfix (SP1) [See Q324096 for more information]
/ Windows XP / SP1: Windows XP Hotfix (SP1) [See Q324380 for more information]
/ Windows XP / SP1: Windows XP Hotfix (SP1) [See Q326830 for more information]
/ Windows XP / SP1: Windows XP Hotfix (SP1) Q328310
/ Windows XP / SP1: Windows XP Hotfix (SP1) [See Q328940 for more information]
/ Windows XP / SP1: Windows XP Hotfix (SP1) [See Q329048 for more information]
/ Windows XP / SP1: Windows XP Hotfix (SP1) Q329170
/ Windows XP / SP1: Windows XP Hotfix (SP1) [See Q329390 for more information]
/ Windows XP / SP1: Windows XP Hotfix (SP1) [See Q329441 for more information]
/ Windows XP / SP1: Windows XP Hotfix (SP1) [See Q329834 for more information]
/ Windows XP / SP1: Windows XP Hotfix (SP1) Q331953
/ Windows XP / SP1: Windows XP Hotfix (SP1) Q810577
/ Windows XP / SP1: Windows XP Hotfix (SP1) Q810833
/ Windows XP / SP1: Windows XP Hotfix (SP1) Q811493
/ Windows XP / SP1: Windows XP Hotfix (SP1) Q811630
/ Windows XP / SP1: Windows XP Hotfix (SP1) Q815021
/ Windows XP / SP1: Windows XP Hotfix (SP1) Q817606
/ Windows XP / SP2: Windows XP Hotfix - KB823559
/ Windows XP / SP2: Windows XP Hotfix - KB825119
/ Windows XP / SP2: Windows XP Hotfix - KB828741
/ Windows XP / SP2: Windows XP Hotfix - KB833987
/ Windows XP / SP2: Windows XP Hotfix - KB835732
/ Windows XP / SP2: Windows XP Hotfix - KB837001
/ Windows XP / SP2: Windows XP Hotfix - KB839645
/ Windows XP / SP2: Windows XP Hotfix - KB840315
/ Windows XP / SP2: Windows XP Hotfix - KB840374
/ Windows XP / SP2: Windows XP Hotfix - KB840987
/ Windows XP / SP2: Windows XP Hotfix - KB841356
/ Windows XP / SP2: Windows XP Hotfix - KB841533
/ Windows XP / SP2: Windows XP Hotfix - KB841873
/ Windows XP / SP2: Windows XP Hotfix - KB842773
/ Windows XP / SP2: Windows XP Hotfix - KB873376
/ Windows XP / SP2: Windows XP Hotfix - KB883357
/ Windows XP / SP2: Windows XP Hotfix - KB887822
/ Windows XP / SP2: Windows XP Hotfix (SP2) [See Q323255 for more information]
/ Windows XP / SP2: Windows XP Hotfix (SP2) [See Q329115 for more information]


--- Startup entries list ---
Located: HK_LM:Run, AdaptecDirectCD
command: C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
file: C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
size: 684032
MD5: d600163ae3a335f0d43db1d2e748fa84

Located: HK_LM:Run, IEXPLORE.EXE
command: C:\Program Files\Internet Explorer\iexplore.exe
file: C:\Program Files\Internet Explorer\iexplore.exe
size: 91136
MD5: 92b1834f54eab14b0b7137e6cef5e1b2

Located: HK_LM:Run, iTunesHelper
command: "C:\Program Files\iTunes\iTunesHelper.exe"
file: C:\Program Files\iTunes\iTunesHelper.exe
size: 278528
MD5: 8f5581d1be59577cacd5b43cfc5e4447

Located: HK_LM:Run, MCAgentExe
command: c:\PROGRA~1\mcafee.com\agent\mcagent.exe
file: c:\PROGRA~1\mcafee.com\agent\mcagent.exe
size: 303104
MD5: 9d3216a4e7205453aea3e6c445f23261

Located: HK_LM:Run, MCUpdateExe
command: c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
file: c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
size: 212992
MD5: 811659b0ee1eb6b102a18a568fff5150

Located: HK_LM:Run, OASClnt
command: C:\Program Files\McAfee.com\VSO\oasclnt.exe
file: C:\Program Files\McAfee.com\VSO\oasclnt.exe
size: 53248
MD5: 76e033f33912bfaca4a05be8d1f3a740

Located: HK_LM:Run, QuickTime Task
command: "C:\Program Files\QuickTime\qttask.exe" -atboottime
file: C:\Program Files\QuickTime\qttask.exe
size: 98304
MD5: 76a3a30b58405c2c6d833895253a51a9

Located: HK_LM:Run, TkBellExe
command: "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
file: C:\Program Files\Common Files\Real\Update_OB\realsched.exe
size: 180269
MD5: f9b47f830dd55fedd6ef27d063c29a42

Located: HK_LM:Run, VirusScan Online
command: C:\Program Files\McAfee.com\VSO\mcvsshld.exe
file: C:\Program Files\McAfee.com\VSO\mcvsshld.exe
size: 163840
MD5: b154ac6dbd82f96476003e58e1625bd8

Located: HK_LM:Run, VSOCheckTask
command: "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
file: C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe
size: 151552
MD5: 3c943ceb913520f9981d82db93ba7a8a

Located: HK_CU:Run, FAST Defrag
command:
file:

Located: HK_CU:Run, RoboForm
command: "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
file: C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
size: 118784
MD5: 5ffd4975d8a179f655be6ae2750646e2

Located: Startup (common), Adobe Reader Speed Launch.lnk
command: C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
file: C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
size: 29696
MD5: deb88aef013dd1eefb462d7cad642166

Located: Startup (common), Microsoft Office.lnk
command: C:\Program Files\Microsoft Office\Office\OSA9.EXE
file: C:\Program Files\Microsoft Office\Office\OSA9.EXE
size: 65588
MD5: 1a80248ec5d290a391ce27326dd13e29

Located: Startup (common), Symantec Fax Starter Edition Port.lnk
command: C:\Program Files\Microsoft Office\Office\1033\OLFSNT40.EXE
file: C:\Program Files\Microsoft Office\Office\1033\OLFSNT40.EXE
size: 45568
MD5: 60fdd0fcf620deb6ac1f5fbedb659489

Located: System.ini, crypt32chain
command: crypt32.dll
file: crypt32.dll

Located: System.ini, cryptnet
command: cryptnet.dll
file: cryptnet.dll

Located: System.ini, cscdll
command: cscdll.dll
file: cscdll.dll

Located: System.ini, ScCertProp
command: wlnotify.dll
file: wlnotify.dll

Located: System.ini, Schedule
command: wlnotify.dll
file: wlnotify.dll

Located: System.ini, sclgntfy
command: sclgntfy.dll
file: sclgntfy.dll

Located: System.ini, SensLogn
command: WlNotify.dll
file: WlNotify.dll

Located: System.ini, termsrv
command: wlnotify.dll
file: wlnotify.dll

Located: System.ini, wlballoon
command: wlnotify.dll
file: wlnotify.dll



--- Browser helper object list ---
{02478D38-C3F9-4efb-9B51-7695ECA05670} (Yahoo! Companion BHO)
BHO name:
CLSID name: Yahoo! Companion BHO
description: Yahoo Companion!
classification: Legitimate
known filename: Ycomp*_*_*_*.dll
info link: http://companion.yahoo.com/
info source: TonyKlein
Path: C:\Program Files\Yahoo!\Companion\Installs\cpn1\
Long name: ycomp5_5_7_0.dll
Short name: YCOMP5~1.DLL
Date (created): 7/28/2005 12:09:30 PM
Date (last access): 8/28/2005
Date (last write): 9/29/2004 11:02:16 AM
Filesize: 292947
Attributes: archive
MD5: 15003F375140FFB2D2E0C5508857A2F1
CRC32: B0173BA1
Version: 2004.9.28.1

{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (AcroIEHlprObj Class)
BHO name:
CLSID name: AcroIEHlprObj Class
description: Adobe Acrobat reader
classification: Legitimate
known filename: AcroIEhelper.ocx<br>AcroIEhelper.dll
info link: http://www.adobe.com/products/acrobat/readstep2.html
info source: TonyKlein
Path: C:\Program Files\Adobe\Acrobat 7.0\ActiveX\
Long name: AcroIEHelper.dll
Short name: ACROIE~1.DLL
Date (created): 12/14/2004 1:56:50 AM
Date (last access): 8/28/2005
Date (last write): 12/14/2004 1:56:50 AM
Filesize: 63136
Attributes: archive
MD5: 42729C3DE75A7A51FC6F9EF6546C9199
CRC32: 4D60BD07
Version: 7.0.0.1333

{724d43a9-0d85-11d4-9908-00400523e39a} ()
BHO name:
CLSID name:
description: RoboForm
classification: Legitimate
known filename: RoboForm.dll
info link: http://www.roboform.com/
info source: TonyKlein
Path: C:\Program Files\Siber Systems\AI RoboForm\
Long name: RoboForm.dll
Short name: ROBOFORM.DLL
Date (created): 7/13/2004 1:22:24 AM
Date (last access): 8/28/2005
Date (last write): 8/8/2005 3:25:36 AM
Filesize: 3970864
Attributes: archive
MD5: D085B2603C487A84E6CAE016D52CFD21
CRC32: B048A93C
Version: 6.3.98.0



--- ActiveX list ---
Microsoft XML Parser for Java (Microsoft XML Parser for Java)
DPF name: Microsoft XML Parser for Java
CLSID name:
Installer:
Codebase: file://C:\WINDOWS\Java\classes\xmldso.cab
description:
classification: Legitimate
known filename: %WINDIR%\Java\classes\xmldso.cab
info link:
info source: Patrick M. Kolla

{00000161-0000-0010-8000-00AA00389B71} ()
DPF name:
CLSID name:
Installer: C:\WINDOWS\Downloaded Program Files\msaudio.inf
Codebase: http://codecs.microsoft.com/codecs/i386/msaudio.cab
description: Microsoft Audio Codec
classification: Legitimate
known filename: MSAUDIO.CAB
info link:
info source: Patrick M. Kolla

{02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object)
DPF name:
CLSID name: QuickTime Object
Installer: C:\WINDOWS\Downloaded Program Files\QTPlugin.inf
Codebase: http://www.apple.com/qtactivex/qtplugin.cab
description: Apple Quicktime
classification: Legitimate
known filename: QTPLUGIN.OCX
info link:
info source: Patrick M. Kolla
Path: C:\Program Files\QuickTime\
Long name: QTPlugin.ocx
Short name: QTPLUGIN.OCX
Date (created): 5/4/2005 12:30:40 PM
Date (last access): 8/27/2005
Date (last write): 7/16/2005 9:08:48 PM
Filesize: 360504
Attributes: archive
MD5: F88CD154B9627646E9DDA1679155E4E3
CRC32: 5B04FF79
Version: 6.5.1.17

{166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control)
DPF name:
CLSID name: Shockwave ActiveX Control
Installer: C:\WINDOWS\Downloaded Program Files\swdir.inf
Codebase: http://activex.microsoft.com/activex/contr...media/Swdir.cab
description: Macromedia ShockWave Flash Player 7
classification: Legitimate
known filename: SWDIR.DLL
info link:
info source: Patrick M. Kolla
Path: C:\WINDOWS\System32\macromed\director\
Long name: SwDir.dll
Short name: SWDIR.DLL
Date (created): 3/17/2000 5:56:26 AM
Date (last access): 8/25/2005
Date (last write): 3/17/2000 5:56:26 AM
Filesize: 49152
Attributes: archive
MD5: D1B5E77FA1BB745DF4762AB4105BB0D1
CRC32: 87FC6343
Version: 8.0.0.196

{33363249-0000-0010-8000-00AA00389B71} ()
DPF name:
CLSID name:
Installer: C:\WINDOWS\Downloaded Program Files\i263_32.inf
Codebase: http://codecs.microsoft.com/codecs/i386/i263_32.cab
description:
classification: Open for discussion
known filename:
info link:
info source: Safer Networking Ltd.

{41F17733-B041-4099-A042-B518BB6A408C} ()
DPF name:
CLSID name:
Installer:
Codebase: http://a1540.g.akamai.net/7/1540/52/200207...meInstaller.exe
description: QuickTime Installation
classification: Legitimate
known filename: QuickTimeInstaller.exe
info link:
info source: JavaCool

{4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class)
DPF name:
CLSID name: McAfee.com Operating System Class
Installer: C:\WINDOWS\Downloaded Program Files\mcinsctl.inf
Codebase: http://download.mcafee.com/molbin/shared/m...81/mcinsctl.cab
description:
classification: Open for discussion
known filename: mcinsctl.dll
info link:
info source: Safer Networking Ltd.
Path: C:\WINDOWS\System32\
Long name: mcinsctl.dll
Short name:
Date (created): 3/11/2004 1:11:54 PM
Date (last access): 8/28/2005
Date (last write): 7/18/2005 12:03:12 PM
Filesize: 349760
Attributes: archive
MD5: A337E162A7C21317B86ACECFE9E283A9
CRC32: 009FB8CD
Version: 4.0.0.96

{597C45C2-2D39-11D5-8D53-0050048383FE} (OPUCatalog Class)
DPF name:
CLSID name: OPUCatalog Class
Installer: C:\WINDOWS\Downloaded Program Files\opuc.inf
Codebase: http://office.microsoft.com/productupdates/content/opuc.cab
description: MS Office stuff
classification: Legitimate
known filename: opuc.cab
info link:
info source: JavaCool
Path: C:\WINDOWS\System32\
Long name: opuc.dll
Short name:
Date (created): 4/3/2003 4:48:58 PM
Date (last access): 7/7/2005
Date (last write): 4/3/2003 4:48:58 PM
Filesize: 180496
Attributes: archive
MD5: 81FBAD247E1A8C38BD5937578748C248
CRC32: 9A0F00AB
Version: 10.0.4928.0

{74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control)
DPF name:
CLSID name: HouseCall Control
Installer: C:\WINDOWS\Downloaded Program Files\xscan.inf
Codebase: http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab
description: Trend Micro Antivirus online scanner
classification: Legitimate
known filename: XSCAN53.OCX
info link:
info source: Patrick M. Kolla
Path: C:\WINDOWS\DOWNLO~1\
Long name: xscan53.ocx
Short name:
Date (created): 6/9/2004 4:56:02 PM
Date (last access): 7/7/2005
Date (last write): 6/9/2004 4:56:02 PM
Filesize: 435712
Attributes: archive
MD5: DCFFCA7F818B4CF4DF29B8932907735D
CRC32: 89BBB9BF
Version: 5.70.0.1086

{9F1C11AA-197B-4942-BA54-47A8489BB47F} ()
DPF name:
CLSID name:
Installer: C:\WINDOWS\Downloaded Program Files\iuctl.inf
Codebase: http://v4.windowsupdate.microsoft.com/CAB/...7616.2518287037
description: Windows Update
classification: Legitimate
known filename: %WINDIR%\System32\iuctl.dll,iuengine.dll
info link:
info source: Patrick M. Kolla

{BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class)
DPF name:
CLSID name: DwnldGroupMgr Class
Installer: C:\WINDOWS\Downloaded Program Files\McGDMgr.inf
Codebase: http://download.mcafee.com/molbin/shared/m...,19/mcgdmgr.cab
description:
classification: Open for discussion
known filename: McGDMgr.dll
info link:
info source: Safer Networking Ltd.
Path: C:\WINDOWS\System32\
Long name: McGDMgr.dll
Short name: MCGDMGR.DLL
Date (created): 3/11/2004 1:14:30 PM
Date (last access): 8/28/2005
Date (last write): 5/24/2005 7:23:32 PM
Filesize: 288320
Attributes: archive
MD5: DAD85986ECE72BC56A535FCC116AA6DD
CRC32: 6B1048D3
Version: 1.0.0.26

{CAFEEFAC-0014-0000-0000-ABCDEFFEDCBA} (Java Runtime Environment 1.4.0)
DPF name: Java Runtime Environment 1.4.0
CLSID name:
Installer:
Codebase:
description: Sun Java 2 Runtime 1.4
classification: Legitimate
known filename: install-14-win.cab
info link:
info source: JavaCool

{D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object)
DPF name:
CLSID name: Shockwave Flash Object
Installer: C:\WINDOWS\Downloaded Program Files\swflash.inf
Codebase: http://download.macromedia.com/pub/shockwa...ash/swflash.cab
description: Macromedia Shockwave Flash Player
classification: Legitimate
known filename:
info link:
info source: Patrick M. Kolla
Path: C:\WINDOWS\System32\macromed\flash\
Long name: Flash.ocx
Short name: FLASH.OCX
Date (created): 4/8/2004 5:51:02 PM
Date (last access): 8/24/2005
Date (last write): 4/8/2004 5:51:02 PM
Filesize: 939368
Attributes: archive
MD5: 2FB1D6FAB135CEE391AB3D70E1C26347
CRC32: 488FA4EC
Version: 7.0.19.0

{EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class)
DPF name:
CLSID name: McFreeScan Class
Installer: C:\WINDOWS\Downloaded Program Files\mcfscan.inf
Codebase: http://download.mcafee.com/molbin/iss-loc/...353/mcfscan.cab
description:
classification: Legitimate
known filename: mcfscan.dll
info link:
info source: Safer Networking Ltd.
Path: C:\WINDOWS\McAfee.com\FreeScan\
Long name: mcfscan.dll
Short name:
Date (created): 4/26/2004 10:23:26 AM
Date (last access): 8/25/2005
Date (last write): 4/26/2004 10:23:26 AM
Filesize: 86016
Attributes: archive
MD5: 7A7851FCE8F008185533B8373A19D215
CRC32: 664C41E8
Version: 1.5.0.4353



--- Process list ---
PID: 0 ( 0) [System]
PID: 332 ( 4) \SystemRoot\System32\smss.exe
PID: 380 ( 332) \??\C:\WINDOWS\system32\csrss.exe
PID: 404 ( 332) \??\C:\WINDOWS\system32\winlogon.exe
PID: 448 ( 404) C:\WINDOWS\system32\services.exe
size: 101376
MD5: E3DF4A0252D287C44606EE55355E1623
PID: 460 ( 404) C:\WINDOWS\system32\lsass.exe
size: 11776
MD5: 8A590EA109B5E0C7629E022F8A6B17C5
PID: 616 ( 448) C:\WINDOWS\system32\svchost.exe
size: 12800
MD5: 0F7D9C87B0CE1FA520473119752C6F79
PID: 640 ( 448) C:\WINDOWS\System32\svchost.exe
size: 12800
MD5: 0F7D9C87B0CE1FA520473119752C6F79
PID: 712 ( 448) C:\WINDOWS\System32\svchost.exe
size: 12800
MD5: 0F7D9C87B0CE1FA520473119752C6F79
PID: 724 ( 448) C:\WINDOWS\System32\svchost.exe
size: 12800
MD5: 0F7D9C87B0CE1FA520473119752C6F79
PID: 976 ( 948) C:\WINDOWS\Explorer.EXE
size: 1000960
MD5: 5A26FC6010886D25B3E412493DD95ED8
PID: 1044 ( 448) C:\WINDOWS\system32\spoolsv.exe
size: 51200
MD5: 9B4155BA58192D4073082B8FC5D42612
PID: 1140 ( 976) C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
size: 684032
MD5: D600163AE3A335F0D43DB1D2E748FA84
PID: 1156 ( 976) C:\Program Files\McAfee.com\VSO\mcvsshld.exe
size: 163840
MD5: B154AC6DBD82F96476003E58E1625BD8
PID: 1172 ( 976) C:\PROGRA~1\mcafee.com\agent\mcagent.exe
size: 303104
MD5: 9D3216A4E7205453AEA3E6C445F23261
PID: 1232 ( 976) C:\Program Files\Common Files\Real\Update_OB\realsched.exe
size: 180269
MD5: F9B47F830DD55FEDD6EF27D063C29A42
PID: 1248 ( 976) C:\Program Files\iTunes\iTunesHelper.exe
size: 278528
MD5: 8F5581D1BE59577CACD5B43CFC5E4447
PID: 1256 ( 976) C:\Program Files\QuickTime\qttask.exe
size: 98304
MD5: 76A3A30B58405C2C6D833895253A51A9
PID: 1276 ( 976) C:\Program Files\McAfee.com\VSO\oasclnt.exe
size: 53248
MD5: 76E033F33912BFACA4A05BE8D1F3A740
PID: 1284 ( 976) C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
size: 118784
MD5: 5FFD4975D8A179F655BE6AE2750646E2
PID: 1292 (1156) c:\progra~1\mcafee.com\vso\mcvsescn.exe
size: 483328
MD5: 3B1A1BAA8D7444DEFCE4093611212ED6
PID: 1316 ( 976) C:\Program Files\Microsoft Office\Office\1033\OLFSNT40.EXE
size: 45568
MD5: 60FDD0FCF620DEB6AC1F5FBEDB659489
PID: 1604 ( 448) C:\Program Files\ewido\security suite\ewidoctrl.exe
size: 16448
MD5: 867D9D1FA818F8629BB7A4A26E94B06A
PID: 1628 ( 448) c:\program files\mcafee.com\agent\mcdetect.exe
size: 126976
MD5: 920848F7B932B9CD543720F376E02A30
PID: 1640 ( 448) c:\PROGRA~1\mcafee.com\vso\mcshield.exe
size: 221184
MD5: FAE84A2F9C11B7C532950BF0AE1EC26A
PID: 1688 ( 448) c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
size: 121344
MD5: B6099C152A5049880370EB4A24A8D5C2
PID: 1928 ( 448) C:\WINDOWS\System32\svchost.exe
size: 12800
MD5: 0F7D9C87B0CE1FA520473119752C6F79
PID: 1952 ( 448) C:\WINDOWS\System32\wdfmgr.exe
size: 38912
MD5: AB0A7CA90D9E3D6A193905DC1715DED0
PID: 2036 ( 448) C:\WINDOWS\system32\svchost.exe
size: 12800
MD5: 0F7D9C87B0CE1FA520473119752C6F79
PID: 320 ( 448) C:\Program Files\iPod\bin\iPodService.exe
size: 331776
MD5: F82D852F5969BD3A1EC61E42D0255954
PID: 2132 (2036) C:\WINDOWS\System32\wuauclt.exe
size: 124184
MD5: EBF1AB7E4FC05CABF2F4680D2A45F827
PID: 3524 ( 976) C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
size: 4393096
MD5: 09CA174A605B480318731E691DC98539
PID: 4 ( 0) System


--- Browser start & search pages list ---
Spybot - Search & Destroy browser pages report, 8/28/2005 11:44:09 AM

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchURL
http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Local Page
C:\WINDOWS\System32\blank.htm
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Start Page
http://www.google.com/advanced_search?hl=en
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Local Page
%SystemRoot%\system32\blank.htm
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\SearchAssistant
http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\CustomizeSearch
http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm


--- Winsock Layered Service Provider list ---
Protocol 0: MSAFD Tcpip [TCP/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip [*]

Protocol 1: MSAFD Tcpip [UDP/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip [*]

Protocol 2: MSAFD Tcpip [RAW/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip [*]

Protocol 3: RSVP UDP Service Provider
GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
Filename: %SystemRoot%\system32\rsvpsp.dll
Description: Microsoft Windows NT/2k/XP RVSP
DB filename: %SystemRoot%\system32\rsvpsp.dll
DB protocol: RSVP * Service Provider

Protocol 4: RSVP TCP Service Provider
GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
Filename: %SystemRoot%\system32\rsvpsp.dll
Description: Microsoft Windows NT/2k/XP RVSP
DB filename: %SystemRoot%\system32\rsvpsp.dll
DB protocol: RSVP * Service Provider

Protocol 5: MSAFD nwlnkipx [IPX]
GUID: {11058240-BE47-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP Novell Netware UPX protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD nwlnkipx *

Protocol 6: MSAFD nwlnkspx [SPX]
GUID: {11058241-BE47-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP Novell Netware SPX protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD nwlnkspx *

Protocol 7: MSAFD nwlnkspx [SPX] [Pseudo Stream]
GUID: {11058241-BE47-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP Novell Netware SPX protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD nwlnkspx *

Protocol 8: MSAFD nwlnkspx [SPX II]
GUID: {11058241-BE47-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP Novell Netware SPX protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD nwlnkspx *

Protocol 9: MSAFD nwlnkspx [SPX II] [Pseudo Stream]
GUID: {11058241-BE47-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP Novell Netware SPX protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD nwlnkspx *

Protocol 10: MSAFD NetBIOS [\Device\NwlnkNb] SEQPACKET 3
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 11: MSAFD NetBIOS [\Device\NwlnkNb] DATAGRAM 3
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 12: MSAFD NetBIOS [\Device\NetBT_Tcpip_{3BBF674C-1113-41D3-B7DF-E12A5AB9EF53}] SEQPACKET 0
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 13: MSAFD NetBIOS [\Device\NetBT_Tcpip_{3BBF674C-1113-41D3-B7DF-E12A5AB9EF53}] DATAGRAM 0
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 14: MSAFD NetBIOS [\Device\NetBT_Tcpip_{FB458613-4778-4C16-92F4-0450C437C848}] SEQPACKET 1
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 15: MSAFD NetBIOS [\Device\NetBT_Tcpip_{FB458613-4778-4C16-92F4-0450C437C848}] DATAGRAM 1
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 16: MSAFD NetBIOS [\Device\NetBT_Tcpip_{74046427-157B-460E-8CF1-35C9520B9896}] SEQPACKET 2
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 17: MSAFD NetBIOS [\Device\NetBT_Tcpip_{74046427-157B-460E-8CF1-35C9520B9896}] DATAGRAM 2
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Namespace Provider 0: Tcpip
GUID: {22059D40-7E9E-11CF-AE5A-00AA00A7112B}
Filename: %SystemRoot%\System32\mswsock.dll
Description: Microsoft Windows NT/2k/XP TCP/IP name space provider
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: TCP/IP

Namespace Provider 1: NTDS
GUID: {3B2637EE-E580-11CF-A555-00C04FD8D4AC}
Filename: %SystemRoot%\System32\winrnr.dll
Description: Microsoft Windows NT/2k/XP name space provider
DB filename: %SystemRoot%\system32\winrnr.dll
DB protocol: NTDS

Namespace Provider 2: Network Location Awareness (NLA) Namespace
GUID: {6642243A-3BA8-4AA6-BAA5-2E0BD71FDD83}
Filename: %SystemRoot%\System32\mswsock.dll
Description: Microsoft Windows NT/2k/XP name space provider
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: NLA-Namespace

Namespace Provider 3: NWLink IPX/SPX/NetBIOS Compatible Transport Protocol
GUID: {E02DAAF0-7E9F-11CF-AE5A-00AA00A7112B}
Filename: %SystemRoot%\System32\nwprovau.dll
Description: Microsoft Windows NT/2k/XP Novell Netware name space provider
DB filename: %SystemRoot%\system32\nwprovau.dll
DB protocol: NWLink IPX/SPX/NetBIOS*



--- Uninstall list ---
Ad-Aware SE Personal 1.06 (Ad-Aware SE Personal)
uninstall cmd: C:\PROGRA~1\LAVASOFT\AD-AWA~2\UNWISE.EXE C:\PROGRA~1\LAVASOFT\AD-AWA~2\INSTALL.LOG
publisher: Lavasoft
help link: http://www.lavasoft.com

(AddressBook)

Adobe SVG Viewer 3.0 3.0 (Adobe SVG Viewer)
version (major): 3
install location: C:\WINDOWS\System32\Adobe\SVG Viewer 3.0
uninstall cmd: C:\Program Files\Common Files\Adobe\SVG Viewer 3.0\Uninstall\Winstall.exe -u -fC:\Program Files\Common Files\Adobe\SVG Viewer 3.0\Uninstall\Install.log
publisher: Adobe Systems, Inc.

Adobe Download Manager 2.0 (Remove Only) 2.0 (AdobeESD)
uninstall cmd: "C:\Program Files\Common Files\Adobe\ESD\uninst.exe"

(Branding)

CleanUp! (CleanUp!)
uninstall cmd: C:\Program Files\CleanUp!\uninstall.exe

(Connection Manager)

Corel Applications (Corel Applications)
uninstall cmd: C:\WINDOWS\Corel\Uninst32.exe

(DirectAnimation)

(DirectDrawEx)

Personal License Update Wizard for Windows Media Player (drmtool.inf)
uninstall cmd: RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\drmtool.inf,DefaultUninstall

(DXM_Runtime)

ewido security suite (ewidosecuritysuite)
install location: C:\Program Files\ewido\security suite
uninstall cmd: C:\Program Files\ewido\security suite\Uninstall.exe
publisher: ewido networks
help link: http://www.ewido.net

FAST Defrag 2.0.80 (FAST Defrag_is1)
uninstall cmd: "C:\Program Files\FAST Defrag\unins000.exe"
publisher: AMS Software
help link: http://www.ams.as.ro

(Fontcore)

HijackThis 1.99.1 1.99.1 (HijackThis)
uninstall cmd: C:\Program Files\HijackThis\HijackThis.exe /uninstall
publisher: Soeperman Enterprises Ltd.

(ICW)

(IE40)

(IE4Data)

(IE5BAKEX)

(IEData)

(InstallShield Uninstall Information)

iTunes 4.9.0.17 (InstallShield_{47808F78-F178-49DC-B708-15FE538B16FF})
version: 67698688
version (major): 4
version (minor): 9
estimated size: 14840
install date: 20050716
install location: C:\Program Files\iTunes\
install source: C:\WINDOWS\Downloaded Installations\{A89EB61A-717D-4E9B-BB70-7626DF2EB947}\
uninstall cmd: C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{47808F78-F178-49DC-B708-15FE538B16FF}
publisher: Apple Computer, Inc.
contact: AppleCare Support
help link: http://www.info.apple.com/
help telephone: 1-800-275-2273

Windows XP Hotfix - KB821557 20030611.135259 (KB821557)
uninstall cmd: C:\WINDOWS\$NtUninstallKB821557$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=821557

Windows XP Hotfix - KB823182 20030724.164309 (KB823182)
uninstall cmd: C:\WINDOWS\$NtUninstallKB823182$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=823182

Windows XP Hotfix - KB823559 20030701.220428 (KB823559)
uninstall cmd: C:\WINDOWS\$NtUninstallKB823559$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=823559

Windows XP Hotfix - KB823980 20030705.121436 (KB823980)
uninstall cmd: C:\WINDOWS\$NtUninstallKB823980$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=823980

Windows XP Hotfix - KB824105 20030724.165149 (KB824105)
uninstall cmd: C:\WINDOWS\$NtUninstallKB824105$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=824105

Windows XP Hotfix - KB824141 20030926.115120 (KB824141)
uninstall cmd: C:\WINDOWS\$NtUninstallKB824141$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=824141

Windows XP Hotfix - KB824146 20030825.152953 (KB824146)
uninstall cmd: C:\WINDOWS\$NtUninstallKB824146$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=824146

Windows XP Hotfix - KB825119 20030828.113916 (KB825119)
uninstall cmd: C:\WINDOWS\$NtUninstallKB825119$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=825119

Windows XP Hotfix - KB828028 20030919.142100 (KB828028)
uninstall cmd: C:\WINDOWS\$NtUninstallKB828028$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=828028

Windows XP Hotfix - KB828035 20031002.145934 (KB828035)
uninstall cmd: C:\WINDOWS\$NtUninstallKB828035$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=828035

Windows XP Hotfix - KB828741 20040305.180454 (KB828741)
uninstall cmd: C:\WINDOWS\$NtUninstallKB828741$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=828741

Windows XP Hotfix - KB833987 20040308.175840 (KB833987)
uninstall cmd: C:\WINDOWS\$NtUninstallKB833987$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=833987

Windows XP Hotfix - KB834707 20040929.115007 (KB834707-IE6-20040929.115007)
uninstall cmd: C:\WINDOWS\$NtUninstallKB834707-IE6-20040929.115007$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com/?kbid=834707

Windows XP Hotfix - KB835732 20040329.172537 (KB835732)
uninstall cmd: C:\WINDOWS\$NtUninstallKB835732$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=835732

Windows XP Hotfix - KB837001 20040318.095048 (KB837001)
uninstall cmd: C:\WINDOWS\$NtUninstallKB837001$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=837001

Windows XP Hotfix - KB839645 20040630.120502 (KB839645)
uninstall cmd: C:\WINDOWS\$NtUninstallKB839645$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=839645

Windows XP Hotfix - KB840315 20040622.172632 (KB840315)
uninstall cmd: C:\WINDOWS\$NtUninstallKB840315$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=840315

Windows XP Hotfix - KB840374 20040416.121729 (KB840374)
uninstall cmd: C:\WINDOWS\$NtUninstallKB840374$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=840374

Windows XP Hotfix - KB840987 20040927.095912 (KB840987)
uninstall cmd: C:\WINDOWS\$NtUninstallKB840987$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=840987

Windows XP Hotfix - KB841356 20040929.102221 (KB841356)
uninstall cmd: C:\WINDOWS\$NtUninstallKB841356$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=841356

Windows XP Hotfix - KB841533 20040927.100142 (KB841533)
uninstall cmd: C:\WINDOWS\$NtUninstallKB841533$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=841533

Windows XP Hotfix - KB841873 20040608.144331 (KB841873)
uninstall cmd: C:\WINDOWS\$NtUninstallKB841873$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=841873

Windows XP Hotfix - KB842773 20040701.144218 (KB842773)
uninstall cmd: C:\WINDOWS\$NtUninstallKB842773$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=842773

Microsoft Data Access Components KB870669 (KB870669)
uninstall cmd: C:\WINDOWS\muninst.exe C:\WINDOWS\INF\KB870669.inf
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=KB870669

Windows XP Hotfix - KB873376 20040923.181029 (KB873376)
uninstall cmd: C:\WINDOWS\$NtUninstallKB873376$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=873376

Windows XP Hotfix - KB883357 20040804.165131 (KB883357)
uninstall cmd: C:\WINDOWS\$NtUninstallKB883357$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=883357

Windows XP Hotfix - KB887822 20041014.125319 (KB887822)
uninstall cmd: C:\WINDOWS\$NtUninstallKB887822$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=887822

McAfee SecurityCenter (Mcafee SecurityCenter)
uninstall cmd: c:\PROGRA~1\mcafee.com\shared\mcappins.exe /v=3 /uninstall=1 /appid=msc /interact=1 /script_proactive=0 /start=c:\PROGRA~1\mcafee.com\agent\uninst\screm.ui::uninstall.htm

(Microsoft NetShow Player 2.0)

Movie Maker Background Music Files (mmmusic)
uninstall cmd: RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\mmmusic.inf,DefaultUninstall

Movie Maker Sound Effects (mmsounds)
uninstall cmd: RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\mmsounds.inf,DefaultUninstall

(MobileOptionPack)

Mozilla Firefox (1.0.6) 1.0.6 (en-US) (Mozilla Firefox (1.0.6))
install location: C:\Program Files\Mozilla Firefox
uninstall cmd: C:\WINDOWS\UninstallFirefox.exe /ua "1.0.6 (en-US)"
publisher: Mozilla

(MPlayer2)

Windows Media Player Playlist Import to Excel Wizard (mpxlswiz.inf)
uninstall cmd: RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\mpxlswiz.inf,DefaultUninstall

Windows Media Player Tray Control (mpxptray.inf)
uninstall cmd: RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\mpxptray.inf,DefaultUninstall

(MsJavaVM)

MSN Music Assistant (MSN Music Assistant)
uninstall cmd: rundll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\msninst.inf,Uninstall

(NetMeeting)

Outlook Express Q823353 (oeupdate)
uninstall cmd: C:\WINDOWS\oeuninst.exe C:\WINDOWS\INF\Q823353.inf

(OutlookExpress)

(PCHealth)
uninstall cmd: rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf

Windows XP Hotfix (SP1) [See Q282010 for more information] (Q282010)
uninstall cmd: C:\WINDOWS\$NtUninstallQ282010$\spuninst\spuninst.exe

Windows XP Hotfix (SP1) [See Q307869 for more information] (Q307869)
uninstall cmd: C:\WINDOWS\$NtUninstallQ307869$\spuninst\spuninst.exe

Windows XP Hotfix (SP1) [See Q308210 for more information] (Q308210)
uninstall cmd: C:\WINDOWS\$NtUninstallQ308210$\spuninst\spuninst.exe

Windows XP Hotfix (SP1) [See Q309521 for more information] (Q309521)
uninstall cmd: C:\WINDOWS\$NtUninstallQ309521$\spuninst\spuninst.exe

Windows XP Hotfix (SP1) [See Q310437 for more information] (Q310437)
uninstall cmd: C:\WINDOWS\$NtUninstallQ310437$\spuninst\spuninst.exe

Windows XP Hotfix (SP1) [See Q310510 for more information] (Q310510)
uninstall cmd: C:\WINDOWS\$NtUninstallQ310510$\spuninst\spuninst.exe

Windows XP Hotfix (SP1) [See Q311542 for more information] (Q311542)
uninstall cmd: C:\WINDOWS\$NtUninstallQ311542$\spuninst\spuninst.exe

Windows XP Hotfix (SP1) [See Q311889 for more information] (Q311889)
uninstall cmd: C:\WINDOWS\$NtUninstallQ311889$\spuninst\spuninst.exe

Windows XP Hotfix (SP1) [See Q311967 for more information] (Q311967)
uninstall cmd: C:\WINDOWS\$NtUninstallQ311967$\spuninst\spuninst.exe

Windows XP Hotfix (SP1) [See Q313450 for more information] (Q313450)
uninstall cmd: C:\WINDOWS\$NtUninstallQ313450$\spuninst\spuninst.exe

Windows XP Hotfix (SP1) [See Q314147 for more information] (Q314147)
uninstall cmd: C:\WINDOWS\$NtUninstallQ314147$\spuninst\spuninst.exe

Windows XP Hotfix (SP1) [See Q314862 for more information] (Q314862)
uninstall cmd: C:\WINDOWS\$NtUninstallQ314862$\spuninst\spuninst.exe

Windows XP Hotfix (SP1) [See Q315000 for more information] (Q315000)
uninstall cmd: C:\WINDOWS\$NtUninstallQ315000$\spuninst\spuninst.exe

Windows XP Hotfix (SP1) [See Q315403 for more information] (Q315403)
uninstall cmd: C:\WINDOWS\$NtUninstallQ315403$\spuninst\spuninst.exe

Windows XP Hotfix (SP1) [See Q316397 for more information] (Q316397)
uninstall cmd: C:\WINDOWS\$NtUninstallQ316397$\spuninst\spuninst.exe

Windows XP Hotfix (SP1) [See Q317277 for more information] (Q317277)
uninstall cmd: C:\WINDOWS\$NtUninstallQ317277$\spuninst\spuninst.exe

Windows XP Hotfix (SP1) [See Q318138 for more information] (Q318138)
uninstall cmd: C:\WINDOWS\$NtUninstallQ318138$\spuninst\spuninst.exe

Windows XP Hotfix (SP1) [See Q318388 for more information] (Q318388)
uninstall cmd: C:\WINDOWS\$NtUninstallQ318388$\spuninst\spuninst.exe

Windows XP Hotfix (SP1) [See Q318966 for more information] (Q318966)
uninstall cmd: C:\WINDOWS\$NtUninstallQ318966$\spuninst\spuninst.exe

Windows XP Hotfix (SP1) [See Q319322 for more information] (Q319322)
uninstall cmd: C:\WINDOWS\$NtUninstallQ319322$\spuninst\spuninst.exe

Windows XP Application Compatibility Update[Q319580] (Q319580)
uninstall cmd: C:\WINDOWS\$NtUninstallQ319580$\spuninst\spuninst.exe

Windows XP Hotfix (SP1) [See Q319949 for more information] (Q319949)
uninstall cmd: C:\WINDOWS\$NtUninstallQ319949$\spuninst\spuninst.exe

Windows XP Hotfix (SP1) [See Q320174 for more information] (Q320174)
uninstall cmd: C:\WINDOWS\$NtUninstallQ320174$\spuninst\spuninst.exe

Windows XP Hotfix (SP1) [See Q320552 for more information] (Q320552)
uninstall cmd: C:\WINDOWS\$NtUninstallQ320552$\spuninst\spuninst.exe

Windows XP Hotfix (SP1) [See Q320678 for more information] (Q320678)
uninstall cmd: C:\WINDOWS\$NtUninstallQ320678$\spuninst\spuninst.exe

Windows XP Hotfix (SP1) [See Q323172 for more information] (Q323172)
uninstall cmd: C:\WINDOWS\$NtUninstallQ323172$\spuninst\spuninst.exe

Windows XP Hotfix (SP1) [See Q323322 for more information] (Q323322)
uninstall cmd: C:\WINDOWS\$NtUninstallQ323322$\spuninst\spuninst.exe

Windows XP Hotfix (SP1) [See Q324096 for more information] (Q324096)
uninstall cmd: C:\WINDOWS\$NtUninstallQ324096$\spuninst\spuninst.exe

Windows XP Hotfix (SP1) [See Q324380 for more information] (Q324380)
uninstall cmd: C:\WINDOWS\$NtUninstallQ324380$\spuninst\spuninst.exe

Windows XP Hotfix (SP1) [See Q326830 for more information] (Q326830)
uninstall cmd: C:\WINDOWS\$NtUninstallQ326830$\spuninst\spuninst.exe

Windows XP Hotfix (SP1) Q328310 20021023.175555 (Q328310)
uninstall cmd: C:\WINDOWS\$NtUninstallQ328310$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: For more information, see Q328310 at http://support.microsoft.com

Windows XP Hotfix (SP1) [See Q328940 for more information] (Q328940)
uninstall cmd: C:\WINDOWS\$NtUninstallQ328940$\spuninst\spuninst.exe

Windows XP Hotfix (SP1) [See Q329048 for more information] (Q329048)
uninstall cmd: C:\WINDOWS\$NtUninstallQ329048$\spuninst\spuninst.exe

Windows XP Hotfix (SP2) [See Q329115 for more information] (Q329115)
uninstall cmd: C:\WINDOWS\$NtUninstallQ329115$\spuninst\spuninst.exe

Windows XP Hotfix (SP1) Q329170 20021031.162037 (Q329170)
uninstall cmd: C:\WINDOWS\$NtUninstallQ329170$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: For more information, see Q329170 at http://support.microsoft.com

Windows XP Hotfix (SP1) [See Q329390 fo

#13 g2i2r4

g2i2r4

    Malware remover


  • Members
  • 900 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:03:48 AM

Posted 28 August 2005 - 12:58 PM

Glowing again, good to hear those words...

You did great yourself, you are the one that had to do all that stuff in order to get it clean, weldone.

Let's have a look at a fresh HijackThis log. If that's clean too, I'll post you some tips for the future and close the topic.


Posted Image
Life is what happens while you're making other plans

#14 cctexun

cctexun
  • Topic Starter

  • Members
  • 116 posts
  • OFFLINE
  •  
  • Local time:09:48 PM

Posted 28 August 2005 - 05:54 PM

g golly mr. wilson me and tommy just wanted to see if you wanted to come out and play.

Tips for the future, Hummm must mean I get to keep this infernal machine.

Delightful experience, had a blast. Hope to visit with you in the distant future. I go in peace, wish the rest of the Texans would join me. Thanks. D


Here you go big fella.

Logfile of HijackThis v1.99.1
Scan saved at 5:44:33 PM, on 8/28/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\McAfee.com\VSO\mcvsshld.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\McAfee.com\VSO\oasclnt.exe
C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\Microsoft Office\Office\1033\OLFSNT40.EXE
C:\Program Files\ewido\security suite\ewidoctrl.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\ycomp5_5_7_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboForm.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\ycomp5_5_7_0.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboForm.dll
O4 - HKLM\..\Run: [AdaptecDirectCD] C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [IEXPLORE.EXE] C:\Program Files\Internet Explorer\iexplore.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Symantec Fax Starter Edition Port.lnk = C:\Program Files\Microsoft Office\Office\1033\OLFSNT40.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE (file missing)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://activex.microsoft.com/activex/contr...media/Swdir.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/200207...meInstaller.exe
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/m...81/mcinsctl.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/m...,19/mcgdmgr.cab
O16 - DPF: {CAFEEFAC-0014-0000-0000-ABCDEFFEDCBA} (Java Runtime Environment 1.4.0) -
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/...353/mcfscan.cab
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe

#15 g2i2r4

g2i2r4

    Malware remover


  • Members
  • 900 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:03:48 AM

Posted 29 August 2005 - 12:56 PM

This is not my native tongue, so I hope I understand you correctly :thumbsup:

You are happy the computer is running ok now.

To get back to your earlier question, I don't think you could have done this with 'just' Grinler's instructions.

Just one more thing to do:
Download: deldomains.
To use: right-click and select: Install (no need to restart)
Should the link above display the text instead of downloading the file, then copy & paste the text into notepad and save the file as DellDomains.inf
Note: This will remove all entries in the "Trusted Zone" and "Ranges" also.

Hummm must mean I get to keep this infernal machine.

I take it you are pleased?


Posted Image
Life is what happens while you're making other plans




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users