Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Smithfraud


  • This topic is locked This topic is locked
26 replies to this topic

#1 Gutsi

Gutsi

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:07:00 AM

Posted 09 February 2006 - 05:11 PM

I have the most annoying trojan called smithfraud. It periodically installs a program called spyaxe which I can uninstall but the next time I look it's back. It's driving me insane. Spybot can find it but it can't delete it. I have been on the internet for a few hours looking for help and trying different things but I have not been able to get rid of the smithfraud. the following is a log from HJT. Please help I can't take it anymore!

Logfile of HijackThis v1.99.1
Scan saved at 4:48:48 PM, on 2/9/2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\Ati2evxx.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\WINDOWS\System32\pctspk.exe
C:\WINDOWS\System32\atiptaxx.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Viewpoint\Viewpoint Toolbar V35\FotomatDeviceConnect.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\TOSHIBA\gigabeat room 2.0.2\TosGbWatcher.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Java\jre1.5.0_03\bin\jucheck.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\WINDOWS\System32\wuauclt.exe
C:\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: HomepageBHO - {4da4616d-7e6e-4fd9-a2d5-b6c535733e22} - C:\WINDOWS\System32\hp289.tmp (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (file missing)
O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Viewpoint\Viewpoint Toolbar V35\ViewBar.dll
O3 - Toolbar: SecurityToolbar - {736b5468-bdad-41be-92d0-22ae2ddf7bcb} - C:\Program Files\Security Toolbar\Security Toolbar.dll
O3 - Toolbar: BitComet Toolbar - {2E608F70-C430-4bc5-96F6-608E02EBA5B2} - C:\Program Files\BitComet Toolbar\v2.0.0.1\BitComet_Toolbar.dll
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [ViewpointPhotosDeviceConnect] C:\Program Files\Viewpoint\Viewpoint Toolbar V35\FotomatDeviceConnect.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [TosGbWatcher] "C:\Program Files\TOSHIBA\gigabeat room 2.0.2\TosGbWatcher.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Viewpoint Search - res://C:\Program Files\Viewpoint\Viewpoint Toolbar V35\ViewBar.dll/CXTSEARCH.HTML
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyPoker.net\partypokernet.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyPoker.net\partypokernet.exe (file missing)
O15 - Trusted Zone: http://ny.contentmatch.net (HKLM)
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab_adult/Me...e/bridge-c9.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {8FCDF9D9-A28B-480F-8C3D-581F119A8AB8} (MediaGatewayX) - http://static.zangocash.com/cab/Seekmo/ie/bridge-c24.cab
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe

BC AdBot (Login to Remove)

 


#2 Daemon

Daemon

    Security Expert


  • Members
  • 1,446 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:11:00 AM

Posted 10 February 2006 - 08:59 AM

We can help you, but first you need to help us. The first step in this process is to apply Service Pack 1a for Windows XP. Without this update, you're wide open to reinfection and we're both just wasting our time.

Click here: http://www.microsoft.com/downloads/details...&DisplayLang=en

Apply the update, reboot, and post a fresh Hijack This log.
Posted Image

Have I helped you? Please consider donating to help me continue with the fight against malware. Click here

#3 Gutsi

Gutsi
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:07:00 AM

Posted 10 February 2006 - 03:35 PM

I will gladly donate if I can get rid of this thing. I have installed what you asked me to. The following is the resulting HJT report.

Logfile of HijackThis v1.99.1
Scan saved at 3:31:21 PM, on 2/10/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\msiexec.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\WINDOWS\System32\pctspk.exe
C:\Program Files\Java\jre1.5.0_03\bin\jucheck.exe
C:\WINDOWS\System32\atiptaxx.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Viewpoint\Viewpoint Toolbar V35\FotomatDeviceConnect.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\TOSHIBA\gigabeat room 2.0.2\TosGbWatcher.exe
C:\Program Files\SpywareAxe\spywareaxe.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\Program Files\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: HomepageBHO - {4da4616d-7e6e-4fd9-a2d5-b6c535733e22} - C:\WINDOWS\System32\hp289.tmp (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (file missing)
O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Viewpoint\Viewpoint Toolbar V35\ViewBar.dll
O3 - Toolbar: SecurityToolbar - {736b5468-bdad-41be-92d0-22ae2ddf7bcb} - C:\Program Files\Security Toolbar\Security Toolbar.dll
O3 - Toolbar: BitComet Toolbar - {2E608F70-C430-4bc5-96F6-608E02EBA5B2} - C:\Program Files\BitComet Toolbar\v2.0.0.1\BitComet_Toolbar.dll
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [ViewpointPhotosDeviceConnect] C:\Program Files\Viewpoint\Viewpoint Toolbar V35\FotomatDeviceConnect.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [TosGbWatcher] "C:\Program Files\TOSHIBA\gigabeat room 2.0.2\TosGbWatcher.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Viewpoint Search - res://C:\Program Files\Viewpoint\Viewpoint Toolbar V35\ViewBar.dll/CXTSEARCH.HTML
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyPoker.net\partypokernet.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyPoker.net\partypokernet.exe (file missing)
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab_adult/Me...e/bridge-c9.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {8FCDF9D9-A28B-480F-8C3D-581F119A8AB8} (MediaGatewayX) - http://static.zangocash.com/cab/Seekmo/ie/bridge-c24.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe

#4 Daemon

Daemon

    Security Expert


  • Members
  • 1,446 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:11:00 AM

Posted 10 February 2006 - 03:42 PM

OK do this for me. Click here to download smitRem.exe and save the file to your desktop. Double click on the file to extract it to it's own folder on the desktop.

Click here to download ewido security suite - it is a trial version of the program.
  • Install ewido security suite
  • When installing, under "Additional Options" uncheck "Install background guard" and "Install scan via context menu".
  • Launch ewido, there should be an icon on your desktop double-click it.
  • The program will now go to the main screen
You will need to update ewido to the latest definition files.
  • On the left hand side of the main screen click update
  • Then click on Start Update
The update will start and a progress bar will show the updates being installed. Do NOT run a scan yet. Exit the program.

Click here to download Ad-Aware SE 1.06 and install' if you haven't already got it. Launch Ad-aware and click on "check for updates now" to make sure you have the latest reference file. Do NOT run a scan yet. Exit the program.

Next reboot into Safe Mode. You can get there by restarting your computer and continually tapping F8 until a menu appears. Use your arrow to highlight Safe Mode then hit enter.

Open the smitRem folder, then double click the RunThis.bat file to start the tool. Follow the prompts on screen. Wait for the tool to complete and disk cleanup to finish. The tool will create a log named smitfiles.txt in the root of your drive (where your operating system is installed). You will need that log later.

Launch Ad-aware again:
  • Click "Start"
  • Select "Perform Full System scan"
  • Click "Next" to start the scan.
When the scan is finished, the screen will tell you if anything has been found.
  • Click "Next". The bad files will be listed.
  • Right click the pane and click "Select all objects" - this will put a check mark in the box at the side.
  • Click "Next" again
  • Click "OK" at the prompt "# objects will be removed. Continue?".
Exit the program.

Launch ewido again:
  • Click on scanner
  • Click on Complete System Scan and the scan will begin (do not open any folders or open the windows control panel while the scan is in progress).
  • While the scan is in progress you will be prompted to clean files, click OK
  • When it asks if you want to clean the first file, put a check in the lower left corner of the box that says "Perform action on all infections" then choose clean and click OK.
  • Once the scan has completed, there will be a button located on the bottom of the screen named Save report
  • Click Save report.
  • Save the report .txt file to your desktop.
Now close ewido.

Next click Start>Settings>Control Panel>Display>Desktop>Customize Desktop>Web and uncheck "Security Info" if present.

Reboot back into Normal Mode and click here to run ActiveScan.
  • Once you are on the Panda site click the Scan your PC button
  • A new window will open...click the Check Now button
  • Enter your Country
  • Enter your State/Province
  • Enter your e-mail address and click send
  • Select either Home User or Company
  • Click the big Scan Now button
  • If it wants to install an ActiveX component allow it
  • It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
  • When download is complete, click on My Computer to start the scan
  • When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location.
Paste the contents of the Panda scan report, along with a new HijackThis Log, the contents of smitfiles.txt and the Ewido Log in your next reply.
Posted Image

Have I helped you? Please consider donating to help me continue with the fight against malware. Click here

#5 Gutsi

Gutsi
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:07:00 AM

Posted 11 February 2006 - 01:00 PM

Here is the smithfiles.txt

smitRem log file
version 2.8

by noahdfear


Microsoft Windows XP [Version 5.1.2600]
The current date is: Sat 02/11/2006
The current time is: 4:33:18.38

Running from
C:\Documents and Settings\Michael.DAVID-6KNN93QYU\Desktop\smitRem

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Pre-run SharedTask Export

(GetSTS.exe) SharedTaskScheduler exporter by Lawrence Abrams (Grinler)
Copyright© 2006 BleepingComputer.com

Registry Pseudo-Format Mode (Not a valid reg file):

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{438755C2-A8BA-11D1-B96B-00A0C90312E1}\InProcServer32]
@="%SystemRoot%\System32\browseui.dll"


[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8C7461EF-2B13-11d2-BE35-3078302C2030}\InProcServer32]
@="%SystemRoot%\System32\browseui.dll"


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

checking for ShudderLTD key

ShudderLTD key not present!

checking for PSGuard.com key


PSGuard.com key not present!


checking for WinHound.com key


WinHound.com key not present!

spyaxe uninstaller NOT present
Winhound uninstaller NOT present
SpywareStrike uninstaller NOT present

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Existing Pre-run Files


~~~ Program Files ~~~



~~~ Shortcuts ~~~



~~~ Favorites ~~~



~~~ system32 folder ~~~



~~~ Icons in System32 ~~~



~~~ Windows directory ~~~



~~~ Drive root ~~~


~~~ Miscellaneous Files/folders ~~~




~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright© 2002-2003 Craig.Peacock@beyondlogic.org
Killing PID 476 'explorer.exe'
Killing PID 476 'explorer.exe'

Starting registry repairs

Registry repairs complete

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

SharedTask Export after registry fix

(GetSTS.exe) SharedTaskScheduler exporter by Lawrence Abrams (Grinler)
Copyright© 2006 BleepingComputer.com

Registry Pseudo-Format Mode (Not a valid reg file):

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{438755C2-A8BA-11D1-B96B-00A0C90312E1}\InProcServer32]
@="%SystemRoot%\System32\browseui.dll"


[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8C7461EF-2B13-11d2-BE35-3078302C2030}\InProcServer32]
@="%SystemRoot%\System32\browseui.dll"


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Deleting files

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Remaining Post-run Files


~~~ Program Files ~~~



~~~ Shortcuts ~~~



~~~ Favorites ~~~



~~~ system32 folder ~~~



~~~ Icons in System32 ~~~



~~~ Windows directory ~~~



~~~ Drive root ~~~


~~~ Miscellaneous Files/folders ~~~


~~~ Wininet.dll ~~~

CLEAN! :thumbsup:






Active scan report:

Incident Status Location

Adware:adware/mbkwbar Not disinfected C:\PROGRAM FILES\MBKWBar
Potentially unwanted tool:application/myway Not disinfected C:\PROGRAM FILES\MyWay
Adware:adware/winad Not disinfected C:\PROGRAM FILES\Winad Client
Adware:adware/wupd Not disinfected C:\PROGRAM FILES\Windows ServeAd
Adware:adware/mediatickets Not disinfected Windows Registry
Potentially unwanted tool:application/zango Not disinfected HKEY_CLASSES_ROOT\CLSID\{8FCDF9D9-A28B-480F-8C3D-581F119A8AB8}
Spyware:Cookie/Hbmediapro Not disinfected C:\Documents and Settings\Michael.DAVID-6KNN93QYU\Cookies\michael@adopt.hbmediapro[2].txt
Spyware:Cookie/adultfriendfinder Not disinfected C:\Documents and Settings\Michael.DAVID-6KNN93QYU\Cookies\michael@adultfriendfinder[2].txt
Spyware:Cookie/Ask Not disinfected C:\Documents and Settings\Michael.DAVID-6KNN93QYU\Cookies\michael@ask[2].txt
Spyware:Cookie/Azjmp Not disinfected C:\Documents and Settings\Michael.DAVID-6KNN93QYU\Cookies\michael@azjmp[2].txt
Spyware:Cookie/Banner Not disinfected C:\Documents and Settings\Michael.DAVID-6KNN93QYU\Cookies\michael@banner[1].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Michael.DAVID-6KNN93QYU\Cookies\michael@belnk[1].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Michael.DAVID-6KNN93QYU\Cookies\michael@dist.belnk[2].txt
Spyware:Cookie/Rn11 Not disinfected C:\Documents and Settings\Michael.DAVID-6KNN93QYU\Cookies\michael@rn11[2].txt
Spyware:Cookie/WebPower Not disinfected C:\Documents and Settings\Michael.DAVID-6KNN93QYU\Cookies\michael@webpower[1].txt
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Michael.DAVID-6KNN93QYU\Application Data\Mozilla\Firefox\Profiles\379013mg.default\cookies.txt[.advertising.com/]
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Michael.DAVID-6KNN93QYU\Application Data\Mozilla\Firefox\Profiles\379013mg.default\cookies.txt[.atdmt.com/]
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Michael.DAVID-6KNN93QYU\Application Data\Mozilla\Firefox\Profiles\379013mg.default\cookies.txt[servedby.advertising.com/]
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Michael.DAVID-6KNN93QYU\Application Data\Mozilla\Firefox\Profiles\379013mg.default\cookies.txt[.advertising.com/]
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Michael.DAVID-6KNN93QYU\Application Data\Mozilla\Firefox\Profiles\379013mg.default\cookies.txt[.doubleclick.net/]
Spyware:Cookie/Maxserving Not disinfected C:\Documents and Settings\Michael.DAVID-6KNN93QYU\Application Data\Mozilla\Firefox\Profiles\379013mg.default\cookies.txt[.maxserving.com/]
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Michael.DAVID-6KNN93QYU\Application Data\Mozilla\Firefox\Profiles\379013mg.default\cookies.txt[ad.yieldmanager.com/]
Spyware:Cookie/Maxserving Not disinfected C:\Documents and Settings\Michael.DAVID-6KNN93QYU\Application Data\Mozilla\Firefox\Profiles\379013mg.default\cookies.txt[.maxserving.com/]
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Michael.DAVID-6KNN93QYU\Application Data\Mozilla\Firefox\Profiles\379013mg.default\cookies.txt[.realmedia.com/]
Spyware:Cookie/Ask Not disinfected C:\Documents and Settings\Michael.DAVID-6KNN93QYU\Application Data\Mozilla\Firefox\Profiles\379013mg.default\cookies.txt[.ask.com/]
Spyware:Cookie/Hbmediapro Not disinfected C:\Documents and Settings\Michael.DAVID-6KNN93QYU\Application Data\Mozilla\Firefox\Profiles\379013mg.default\cookies.txt[.adopt.hbmediapro.com/]
Spyware:Cookie/adultfriendfinder Not disinfected C:\Documents and Settings\Michael.DAVID-6KNN93QYU\Application Data\Mozilla\Firefox\Profiles\379013mg.default\cookies.txt[.adultfriendfinder.com/]
Spyware:Cookie/Apmebf Not disinfected C:\Documents and Settings\Michael.DAVID-6KNN93QYU\Application Data\Mozilla\Firefox\Profiles\379013mg.default\cookies.txt[.apmebf.com/]
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Michael.DAVID-6KNN93QYU\Application Data\Mozilla\Firefox\Profiles\379013mg.default\cookies.txt[.ath.belnk.com/]
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Michael.DAVID-6KNN93QYU\Application Data\Mozilla\Firefox\Profiles\379013mg.default\cookies.txt[.belnk.com/]
Spyware:Cookie/bravenetA Not disinfected C:\Documents and Settings\Michael.DAVID-6KNN93QYU\Application Data\Mozilla\Firefox\Profiles\379013mg.default\cookies.txt[.bravenet.com/]
Spyware:Cookie/Ccbill Not disinfected C:\Documents and Settings\Michael.DAVID-6KNN93QYU\Application Data\Mozilla\Firefox\Profiles\379013mg.default\cookies.txt[.ccbill.com/]
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Michael.DAVID-6KNN93QYU\Application Data\Mozilla\Firefox\Profiles\379013mg.default\cookies.txt[.ciudad.com.ar/]
Spyware:Cookie/FortuneCity Not disinfected C:\Documents and Settings\Michael.DAVID-6KNN93QYU\Application Data\Mozilla\Firefox\Profiles\379013mg.default\cookies.txt[.fortunecity.com/]
Spyware:Cookie/go Not disinfected C:\Documents and Settings\Michael.DAVID-6KNN93QYU\Application Data\Mozilla\Firefox\Profiles\379013mg.default\cookies.txt[.go.com/]
Spyware:Cookie/GoStats Not disinfected C:\Documents and Settings\Michael.DAVID-6KNN93QYU\Application Data\Mozilla\Firefox\Profiles\379013mg.default\cookies.txt[.gostats.com/]
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Michael.DAVID-6KNN93QYU\Application Data\Mozilla\Firefox\Profiles\379013mg.default\cookies.txt[.ig.com.br/]
Spyware:Cookie/MediaTickets Not disinfected C:\Documents and Settings\Michael.DAVID-6KNN93QYU\Application Data\Mozilla\Firefox\Profiles\379013mg.default\cookies.txt[.kinghost.com/]
Spyware:Cookie/MetriWeb Not disinfected C:\Documents and Settings\Michael.DAVID-6KNN93QYU\Application Data\Mozilla\Firefox\Profiles\379013mg.default\cookies.txt[.metriweb.be/]
Spyware:Cookie/WebPower Not disinfected C:\Documents and Settings\Michael.DAVID-6KNN93QYU\Application Data\Mozilla\Firefox\Profiles\379013mg.default\cookies.txt[.webpower.com/]
Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\Michael.DAVID-6KNN93QYU\Application Data\Mozilla\Firefox\Profiles\379013mg.default\cookies.txt[.xiti.com/]
Spyware:Cookie/888 Not disinfected C:\Documents and Settings\LocalService\Cookies\system@888[1].txt
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Michael.DAVID-6KNN93QYU\Application Data\Mozilla\Firefox\Profiles\379013mg.default\cookies.txt[]
Spyware:Cookie/Hbmediapro Not disinfected C:\Documents and Settings\Michael.DAVID-6KNN93QYU\Cookies\michael@adopt.hbmediapro[2].txt
Spyware:Cookie/adultfriendfinder Not disinfected C:\Documents and Settings\Michael.DAVID-6KNN93QYU\Cookies\michael@adultfriendfinder[2].txt
Spyware:Cookie/Ask Not disinfected C:\Documents and Settings\Michael.DAVID-6KNN93QYU\Cookies\michael@ask[2].txt
Spyware:Cookie/Azjmp Not disinfected C:\Documents and Settings\Michael.DAVID-6KNN93QYU\Cookies\michael@azjmp[2].txt
Spyware:Cookie/Banner Not disinfected C:\Documents and Settings\Michael.DAVID-6KNN93QYU\Cookies\michael@banner[1].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Michael.DAVID-6KNN93QYU\Cookies\michael@belnk[1].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Michael.DAVID-6KNN93QYU\Cookies\michael@dist.belnk[2].txt
Spyware:Cookie/Rn11 Not disinfected C:\Documents and Settings\Michael.DAVID-6KNN93QYU\Cookies\michael@rn11[2].txt
Spyware:Cookie/WebPower Not disinfected C:\Documents and Settings\Michael.DAVID-6KNN93QYU\Cookies\michael@webpower[1].txt
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Michael.DAVID-6KNN93QYU\Desktop\smitRem\Process.exe
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Michael.DAVID-6KNN93QYU\Desktop\smitRem.exe[Process.exe]
Adware:Adware/MBKWBar Not disinfected C:\Program Files\MBKWBar\MBKWBar.exe
Virus:Bck/Freeze.C Not disinfected C:\Program Files\ScreenSaver.com\Living Marine Aquarium\UNINSTAL.EXE
Potentially unwanted tool:Application/Processor Not disinfected C:\Program Files\smitRem\Process.exe









ewido report:

---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------

+ Created on: 1:05:08 AM, 2/11/2006
+ Report-Checksum: 3421F6C3

+ Scan result:

C:\Documents and Settings\LocalService\Cookies\system@c.enhance[1].txt -> TrackingCookie.Enhance : Cleaned with backup
C:\Documents and Settings\LocalService\Cookies\system@cpvfeed[1].txt -> TrackingCookie.Cpvfeed : Cleaned with backup
C:\Documents and Settings\LocalService\Cookies\system@hypertracker[1].txt -> TrackingCookie.Hypertracker : Cleaned with backup
C:\Documents and Settings\LocalService\Cookies\system@paypopup[2].txt -> TrackingCookie.Paypopup : Cleaned with backup
:mozilla.21:C:\Documents and Settings\Michael.DAVID-6KNN93QYU\Application Data\Mozilla\Firefox\Profiles\379013mg.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned with backup
:mozilla.22:C:\Documents and Settings\Michael.DAVID-6KNN93QYU\Application Data\Mozilla\Firefox\Profiles\379013mg.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.23:C:\Documents and Settings\Michael.DAVID-6KNN93QYU\Application Data\Mozilla\Firefox\Profiles\379013mg.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.24:C:\Documents and Settings\Michael.DAVID-6KNN93QYU\Application Data\Mozilla\Firefox\Profiles\379013mg.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.25:C:\Documents and Settings\Michael.DAVID-6KNN93QYU\Application Data\Mozilla\Firefox\Profiles\379013mg.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned with backup
:mozilla.26:C:\Documents and Settings\Michael.DAVID-6KNN93QYU\Application Data\Mozilla\Firefox\Profiles\379013mg.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
:mozilla.27:C:\Documents and Settings\Michael.DAVID-6KNN93QYU\Application Data\Mozilla\Firefox\Profiles\379013mg.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
:mozilla.28:C:\Documents and Settings\Michael.DAVID-6KNN93QYU\Application Data\Mozilla\Firefox\Profiles\379013mg.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
:mozilla.32:C:\Documents and Settings\Michael.DAVID-6KNN93QYU\Application Data\Mozilla\Firefox\Profiles\379013mg.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
:mozilla.33:C:\Documents and Settings\Michael.DAVID-6KNN93QYU\Application Data\Mozilla\Firefox\Profiles\379013mg.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
:mozilla.34:C:\Documents and Settings\Michael.DAVID-6KNN93QYU\Application Data\Mozilla\Firefox\Profiles\379013mg.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.35:C:\Documents and Settings\Michael.DAVID-6KNN93QYU\Application Data\Mozilla\Firefox\Profiles\379013mg.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.36:C:\Documents and Settings\Michael.DAVID-6KNN93QYU\Application Data\Mozilla\Firefox\Profiles\379013mg.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.37:C:\Documents and Settings\Michael.DAVID-6KNN93QYU\Application Data\Mozilla\Firefox\Profiles\379013mg.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.38:C:\Documents and Settings\Michael.DAVID-6KNN93QYU\Application Data\Mozilla\Firefox\Profiles\379013mg.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.39:C:\Documents and Settings\Michael.DAVID-6KNN93QYU\Application Data\Mozilla\Firefox\Profiles\379013mg.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.40:C:\Documents and Settings\Michael.DAVID-6KNN93QYU\Application Data\Mozilla\Firefox\Profiles\379013mg.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.41:C:\Documents and Settings\Michael.DAVID-6KNN93QYU\Application Data\Mozilla\Firefox\Profiles\379013mg.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.54:C:\Documents and Settings\Michael.DAVID-6KNN93QYU\Application Data\Mozilla\Firefox\Profiles\379013mg.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup
:mozilla.55:C:\Documents and Settings\Michael.DAVID-6KNN93QYU\Application Data\Mozilla\Firefox\Profiles\379013mg.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup
:mozilla.66:C:\Documents and Settings\Michael.DAVID-6KNN93QYU\Application Data\Mozilla\Firefox\Profiles\379013mg.default\cookies.txt -> TrackingCookie.Com : Cleaned with backup
:mozilla.67:C:\Documents and Settings\Michael.DAVID-6KNN93QYU\Application Data\Mozilla\Firefox\Profiles\379013mg.default\cookies.txt -> TrackingCookie.Com : Cleaned with backup
:mozilla.68:C:\Documents and Settings\Michael.DAVID-6KNN93QYU\Application Data\Mozilla\Firefox\Profiles\379013mg.default\cookies.txt -> TrackingCookie.Overture : Cleaned with backup
:mozilla.69:C:\Documents and Settings\Michael.DAVID-6KNN93QYU\Application Data\Mozilla\Firefox\Profiles\379013mg.default\cookies.txt -> TrackingCookie.Overture : Cleaned with backup
:mozilla.71:C:\Documents and Settings\Michael.DAVID-6KNN93QYU\Application Data\Mozilla\Firefox\Profiles\379013mg.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
:mozilla.72:C:\Documents and Settings\Michael.DAVID-6KNN93QYU\Application Data\Mozilla\Firefox\Profiles\379013mg.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
:mozilla.73:C:\Documents and Settings\Michael.DAVID-6KNN93QYU\Application Data\Mozilla\Firefox\Profiles\379013mg.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
:mozilla.74:C:\Documents and Settings\Michael.DAVID-6KNN93QYU\Application Data\Mozilla\Firefox\Profiles\379013mg.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.75:C:\Documents and Settings\Michael.DAVID-6KNN93QYU\Application Data\Mozilla\Firefox\Profiles\379013mg.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.76:C:\Documents and Settings\Michael.DAVID-6KNN93QYU\Application Data\Mozilla\Firefox\Profiles\379013mg.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.77:C:\Documents and Settings\Michael.DAVID-6KNN93QYU\Application Data\Mozilla\Firefox\Profiles\379013mg.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.119:C:\Documents and Settings\Michael.DAVID-6KNN93QYU\Application Data\Mozilla\Firefox\Profiles\379013mg.default\cookies.txt -> TrackingCookie.Valueclick : Cleaned with backup
:mozilla.120:C:\Documents and Settings\Michael.DAVID-6KNN93QYU\Application Data\Mozilla\Firefox\Profiles\379013mg.default\cookies.txt -> TrackingCookie.Valueclick : Cleaned with backup
:mozilla.121:C:\Documents and Settings\Michael.DAVID-6KNN93QYU\Application Data\Mozilla\Firefox\Profiles\379013mg.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned with backup
:mozilla.122:C:\Documents and Settings\Michael.DAVID-6KNN93QYU\Application Data\Mozilla\Firefox\Profiles\379013mg.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned with backup
:mozilla.123:C:\Documents and Settings\Michael.DAVID-6KNN93QYU\Application Data\Mozilla\Firefox\Profiles\379013mg.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned with backup
:mozilla.124:C:\Documents and Settings\Michael.DAVID-6KNN93QYU\Application Data\Mozilla\Firefox\Profiles\379013mg.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned with backup
:mozilla.125:C:\Documents and Settings\Michael.DAVID-6KNN93QYU\Application Data\Mozilla\Firefox\Profiles\379013mg.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned with backup
:mozilla.136:C:\Documents and Settings\Michael.DAVID-6KNN93QYU\Application Data\Mozilla\Firefox\Profiles\379013mg.default\cookies.txt -> TrackingCookie.Coremetrics : Cleaned with backup
:mozilla.156:C:\Documents and Settings\Michael.DAVID-6KNN93QYU\Application Data\Mozilla\Firefox\Profiles\379013mg.default\cookies.txt -> TrackingCookie.Addynamix : Cleaned with backup
:mozilla.168:C:\Documents and Settings\Michael.DAVID-6KNN93QYU\Application Data\Mozilla\Firefox\Profiles\379013mg.default\cookies.txt -> TrackingCookie.Adtech : Cleaned with backup
:mozilla.169:C:\Documents and Settings\Michael.DAVID-6KNN93QYU\Application Data\Mozilla\Firefox\Profiles\379013mg.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.170:C:\Documents and Settings\Michael.DAVID-6KNN93QYU\Application Data\Mozilla\Firefox\Profiles\379013mg.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.171:C:\Documents and Settings\Michael.DAVID-6KNN93QYU\Application Data\Mozilla\Firefox\Profiles\379013mg.default\cookies.txt -> TrackingCookie.Adtech : Cleaned with backup
:mozilla.172:C:\Documents and Settings\Michael.DAVID-6KNN93QYU\Application Data\Mozilla\Firefox\Profiles\379013mg.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.175:C:\Documents and Settings\Michael.DAVID-6KNN93QYU\Application Data\Mozilla\Firefox\Profiles\379013mg.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup
:mozilla.180:C:\Documents and Settings\Michael.DAVID-6KNN93QYU\Application Data\Mozilla\Firefox\Profiles\379013mg.default\cookies.txt -> TrackingCookie.Coremetrics : Cleaned with backup
:mozilla.185:C:\Documents and Settings\Michael.DAVID-6KNN93QYU\Application Data\Mozilla\Firefox\Profiles\379013mg.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.186:C:\Documents and Settings\Michael.DAVID-6KNN93QYU\Application Data\Mozilla\Firefox\Profiles\379013mg.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.187:C:\Documents and Settings\Michael.DAVID-6KNN93QYU\Application Data\Mozilla\Firefox\Profiles\379013mg.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.188:C:\Documents and Settings\Michael.DAVID-6KNN93QYU\Application Data\Mozilla\Firefox\Profiles\379013mg.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.189:C:\Documents and Settings\Michael.DAVID-6KNN93QYU\Application Data\Mozilla\Firefox\Profiles\379013mg.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.190:C:\Documents and Settings\Michael.DAVID-6KNN93QYU\Application Data\Mozilla\Firefox\Profiles\379013mg.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.191:C:\Documents and Settings\Michael.DAVID-6KNN93QYU\Application Data\Mozilla\Firefox\Profiles\379013mg.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.193:C:\Documents and Settings\Michael.DAVID-6KNN93QYU\Application Data\Mozilla\Firefox\Profiles\379013mg.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.194:C:\Documents and Settings\Michael.DAVID-6KNN93QYU\Application Data\Mozilla\Firefox\Profiles\379013mg.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.195:C:\Documents and Settings\Michael.DAVID-6KNN93QYU\Application Data\Mozilla\Firefox\Profiles\379013mg.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.196:C:\Documents and Settings\Michael.DAVID-6KNN93QYU\Application Data\Mozilla\Firefox\Profiles\379013mg.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.202:C:\Documents and Settings\Michael.DAVID-6KNN93QYU\Application Data\Mozilla\Firefox\Profiles\379013mg.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.203:C:\Documents and Settings\Michael.DAVID-6KNN93QYU\Application Data\Mozilla\Firefox\Profiles\379013mg.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.204:C:\Documents and Settings\Michael.DAVID-6KNN93QYU\Application Data\Mozilla\Firefox\Profiles\379013mg.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.205:C:\Documents and Settings\Michael.DAVID-6KNN93QYU\Application Data\Mozilla\Firefox\Profiles\379013mg.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.206:C:\Documents and Settings\Michael.DAVID-6KNN93QYU\Application Data\Mozilla\Firefox\Profiles\379013mg.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.207:C:\Documents and Settings\Michael.DAVID-6KNN93QYU\Application Data\Mozilla\Firefox\Profiles\379013mg.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.208:C:\Documents and Settings\Michael.DAVID-6KNN93QYU\Application Data\Mozilla\Firefox\Profiles\379013mg.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.209:C:\Documents and Settings\Michael.DAVID-6KNN93QYU\Application Data\Mozilla\Firefox\Profiles\379013mg.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.210:C:\Documents and Settings\Michael.DAVID-6KNN93QYU\Application Data\Mozilla\Firefox\Profiles\379013mg.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.211:C:\Documents and Settings\Michael.DAVID-6KNN93QYU\Application Data\Mozilla\Firefox\Profiles\379013mg.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.213:C:\Documents and Settings\Michael.DAVID-6KNN93QYU\Application Data\Mozilla\Firefox\Profiles\379013mg.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.214:C:\Documents and Settings\Michael.DAVID-6KNN93QYU\Application Data\Mozilla\Firefox\Profiles\379013mg.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.215:C:\Documents and Settings\Michael.DAVID-6KNN93QYU\Application Data\Mozilla\Firefox\Profiles\379013mg.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.216:C:\Documents and Settings\Michael.DAVID-6KNN93QYU\Application Data\Mozilla\Firefox\Profiles\379013mg.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.217:C:\Documents and Settings\Michael.DAVID-6KNN93QYU\Application Data\Mozilla\Firefox\Profiles\379013mg.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.218:C:\Documents and Settings\Michael.DAVID-6KNN93QYU\Application Data\Mozilla\Firefox\Profiles\379013mg.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.219:C:\Documents and Settings\Michael.DAVID-6KNN93QYU\Application Data\Mozilla\Firefox\Profiles\379013mg.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.220:C:\Documents and Settings\Michael.DAVID-6KNN93QYU\Application Data\Mozilla\Firefox\Profiles\379013mg.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.221:C:\Documents and Settings\Michael.DAVID-6KNN93QYU\Application Data\Mozilla\Firefox\Profiles\379013mg.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.222:C:\Documents and Settings\Michael.DAVID-6KNN93QYU\Application Data\Mozilla\Firefox\Profiles\379013mg.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.223:C:\Documents and Settings\Michael.DAVID-6KNN93QYU\Application Data\Mozilla\Firefox\Profiles\379013mg.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.224:C:\Documents and Settings\Michael.DAVID-6KNN93QYU\Application Data\Mozilla\Firefox\Profiles\379013mg.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.225:C:\Documents and Settings\Michael.DAVID-6KNN93QYU\Application Data\Mozilla\Firefox\Profiles\379013mg.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.226:C:\Documents and Settings\Michael.DAVID-6KNN93QYU\Application Data\Mozilla\Firefox\Profiles\379013mg.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.227:C:\Documents and Settings\Michael.DAVID-6KNN93QYU\Application Data\Mozilla\Firefox\Profiles\379013mg.default\cookies.txt -> TrackingCookie.Bluestreak : Cleaned with backup
:mozilla.228:C:\Documents and Settings\Michael.DAVID-6KNN93QYU\Application Data\Mozilla\Firefox\Profiles\379013mg.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.229:C:\Documents and Settings\Michael.DAVID-6KNN93QYU\Application Data\Mozilla\Firefox\Profiles\379013mg.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.230:C:\Documents and Settings\Michael.DAVID-6KNN93QYU\Application Data\Mozilla\Firefox\Profiles\379013mg.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.231:C:\Documents and Settings\Michael.DAVID-6KNN93QYU\Application Data\Mozilla\Firefox\Profiles\379013mg.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.233:C:\Documents and Settings\Michael.DAVID-6KNN93QYU\Application Data\Mozilla\Firefox\Profiles\379013mg.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.234:C:\Documents and Settings\Michael.DAVID-6KNN93QYU\Application Data\Mozilla\Firefox\Profiles\379013mg.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.235:C:\Documents and Settings\Michael.DAVID-6KNN93QYU\Application Data\Mozilla\Firefox\Profiles\379013mg.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.238:C:\Documents and Settings\Michael.DAVID-6KNN93QYU\Application Data\Mozilla\Firefox\Profiles\379013mg.default\cookies.txt -> TrackingCookie.247realmedia : Cleaned with backup
:mozilla.239:C:\Documents and Settings\Michael.DAVID-6KNN93QYU\Application Data\Mozilla\Firefox\Profiles\379013mg.default\cookies.txt -> TrackingCookie.247realmedia : Cleaned with backup
:mozilla.243:C:\Documents and Settings\Michael.DAVID-6KNN93QYU\Application Data\Mozilla\Firefox\Profiles\379013mg.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.244:C:\Documents and Settings\Michael.DAVID-6KNN93QYU\Application Data\Mozilla\Firefox\Profiles\379013mg.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.259:C:\Documents and Settings\Michael.DAVID-6KNN93QYU\Application Data\Mozilla\Firefox\Profiles\379013mg.default\cookies.txt -> TrackingCookie.Adocean : Cleaned with backup
:mozilla.260:C:\Documents and Settings\Michael.DAVID-6KNN93QYU\Application Data\Mozilla\Firefox\Profiles\379013mg.default\cookies.txt -> TrackingCookie.Adocean : Cleaned with backup
:mozilla.261:C:\Documents and Settings\Michael.DAVID-6KNN93QYU\Application Data\Mozilla\Firefox\Profiles\379013mg.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.262:C:\Documents and Settings\Michael.DAVID-6KNN93QYU\Application Data\Mozilla\Firefox\Profiles\379013mg.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.263:C:\Documents and Settings\Michael.DAVID-6KNN93QYU\Application Data\Mozilla\Firefox\Profiles\379013mg.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.264:C:\Documents and Settings\Michael.DAVID-6KNN93QYU\Application Data\Mozilla\Firefox\Profiles\379013mg.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned with backup
:mozilla.265:C:\Documents and Settings\Michael.DAVID-6KNN93QYU\Application Data\Mozilla\Firefox\Profiles\379013mg.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned with backup
:mozilla.276:C:\Documents and Settings\Michael.DAVID-6KNN93QYU\Application Data\Mozilla\Firefox\Profiles\379013mg.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned with backup
:mozilla.332:C:\Documents and Settings\Michael.DAVID-6KNN93QYU\Application Data\Mozilla\Firefox\Profiles\379013mg.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.333:C:\Documents and Settings\Michael.DAVID-6KNN93QYU\Application Data\Mozilla\Firefox\Profiles\379013mg.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.334:C:\Documents and Settings\Michael.DAVID-6KNN93QYU\Application Data\Mozilla\Firefox\Profiles\379013mg.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.341:C:\Documents and Settings\Michael.DAVID-6KNN93QYU\Application Data\Mozilla\Firefox\Profiles\379013mg.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.380:C:\Documents and Settings\Michael.DAVID-6KNN93QYU\Application Data\Mozilla\Firefox\Profiles\379013mg.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.382:C:\Documents and Settings\Michael.DAVID-6KNN93QYU\Application Data\Mozilla\Firefox\Profiles\379013mg.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned with backup
:mozilla.383:C:\Documents and Settings\Michael.DAVID-6KNN93QYU\Application Data\Mozilla\Firefox\Profiles\379013mg.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned with backup
:mozilla.389:C:\Documents and Settings\Michael.DAVID-6KNN93QYU\Application Data\Mozilla\Firefox\Profiles\379013mg.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.402:C:\Documents and Settings\Michael.DAVID-6KNN93QYU\Application Data\Mozilla\Firefox\Profiles\379013mg.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.403:C:\Documents and Settings\Michael.DAVID-6KNN93QYU\Application Data\Mozilla\Firefox\Profiles\379013mg.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.404:C:\Documents and Settings\Michael.DAVID-6KNN93QYU\Application Data\Mozilla\Firefox\Profiles\379013mg.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.405:C:\Documents and Settings\Michael.DAVID-6KNN93QYU\Application Data\Mozilla\Firefox\Profiles\379013mg.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.406:C:\Documents and Settings\Michael.DAVID-6KNN93QYU\Application Data\Mozilla\Firefox\Profiles\379013mg.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.407:C:\Documents and Settings\Michael.DAVID-6KNN93QYU\Application Data\Mozilla\Firefox\Profiles\379013mg.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.417:C:\Documents and Settings\Michael.DAVID-6KNN93QYU\Application Data\Mozilla\Firefox\Profiles\379013mg.default\cookies.txt -> TrackingCookie.Centrport : Cleaned with backup
:mozilla.418:C:\Documents and Settings\Michael.DAVID-6KNN93QYU\Application Data\Mozilla\Firefox\Profiles\379013mg.default\cookies.txt -> TrackingCookie.Centrport : Cleaned with backup
:mozilla.439:C:\Documents and Settings\Michael.DAVID-6KNN93QYU\Application Data\Mozilla\Firefox\Profiles\379013mg.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.440:C:\Documents and Settings\Michael.DAVID-6KNN93QYU\Application Data\Mozilla\Firefox\Profiles\379013mg.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.441:C:\Documents and Settings\Michael.DAVID-6KNN93QYU\Application Data\Mozilla\Firefox\Profiles\379013mg.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.442:C:\Documents and Settings\Michael.DAVID-6KNN93QYU\Application Data\Mozilla\Firefox\Profiles\379013mg.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.443:C:\Documents and Settings\Michael.DAVID-6KNN93QYU\Application Data\Mozilla\Firefox\Profiles\379013mg.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.444:C:\Documents and Settings\Michael.DAVID-6KNN93QYU\Application Data\Mozilla\Firefox\Profiles\379013mg.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.445:C:\Documents and Settings\Michael.DAVID-6KNN93QYU\Application Data\Mozilla\Firefox\Profiles\379013mg.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.446:C:\Documents and Settings\Michael.DAVID-6KNN93QYU\Application Data\Mozilla\Firefox\Profiles\379013mg.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.447:C:\Documents and Settings\Michael.DAVID-6KNN93QYU\Application Data\Mozilla\Firefox\Profiles\379013mg.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.448:C:\Documents and Settings\Michael.DAVID-6KNN93QYU\Application Data\Mozilla\Firefox\Profiles\379013mg.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.449:C:\Documents and Settings\Michael.DAVID-6KNN93QYU\Application Data\Mozilla\Firefox\Profiles\379013mg.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.450:C:\Documents and Settings\Michael.DAVID-6KNN93QYU\Application Data\Mozilla\Firefox\Profiles\379013mg.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.451:C:\Documents and Settings\Michael.DAVID-6KNN93QYU\Application Data\Mozilla\Firefox\Profiles\379013mg.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.452:C:\Documents and Settings\Michael.DAVID-6KNN93QYU\Application Data\Mozilla\Firefox\Profiles\379013mg.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.453:C:\Documents and Settings\Michael.DAVID-6KNN93QYU\Application Data\Mozilla\Firefox\Profiles\379013mg.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.454:C:\Documents and Settings\Michael.DAVID-6KNN93QYU\Application Data\Mozilla\Firefox\Profiles\379013mg.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.455:C:\Documents and Settings\Michael.DAVID-6KNN93QYU\Application Data\Mozilla\Firefox\Profiles\379013mg.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.456:C:\Documents and Settings\Michael.DAVID-6KNN93QYU\Application Data\Mozilla\Firefox\Profiles\379013mg.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.457:C:\Documents and Settings\Michael.DAVID-6KNN93QYU\Application Data\Mozilla\Firefox\Profiles\379013mg.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.458:C:\Documents and Settings\Michael.DAVID-6KNN93QYU\Application Data\Mozilla\Firefox\Profiles\379013mg.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.459:C:\Documents and Settings\Michael.DAVID-6KNN93QYU\Application Data\Mozilla\Firefox\Profiles\379013mg.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.460:C:\Documents and Settings\Michael.DAVID-6KNN93QYU\Application Data\Mozilla\Firefox\Profiles\379013mg.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.461:C:\Documents and Settings\Michael.DAVID-6KNN93QYU\Application Data\Mozilla\Firefox\Profiles\379013mg.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.462:C:\Documents and Settings\Michael.DAVID-6KNN93QYU\Application Data\Mozilla\Firefox\Profiles\379013mg.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.463:C:\Documents and Settings\Michael.DAVID-6KNN93QYU\Application Data\Mozilla\Firefox\Profiles\379013mg.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.464:C:\Documents and Settings\Michael.DAVID-6KNN93QYU\Application Data\Mozilla\Firefox\Profiles\379013mg.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.465:C:\Documents and Settings\Michael.DAVID-6KNN93QYU\Application Data\Mozilla\Firefox\Profiles\379013mg.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.466:C:\Documents and Settings\Michael.DAVID-6KNN93QYU\Application Data\Mozilla\Firefox\Profiles\379013mg.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.467:C:\Documents and Settings\Michael.DAVID-6KNN93QYU\Application Data\Mozilla\Firefox\Profiles\379013mg.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.468:C:\Documents and Settings\Michael.DAVID-6KNN93QYU\Application Data\Mozilla\Firefox\Profiles\379013mg.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.469:C:\Documents and Settings\Michael.DAVID-6KNN93QYU\Application Data\Mozilla\Firefox\Profiles\379013mg.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.470:C:\Documents and Settings\Michael.DAVID-6KNN93QYU\Application Data\Mozilla\Firefox\Profiles\379013mg.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.471:C:\Documents and Settings\Michael.DAVID-6KNN93QYU\Application Data\Mozilla\Firefox\Profiles\379013mg.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.472:C:\Documents and Settings\Michael.DAVID-6KNN93QYU\Application Data\Mozilla\Firefox\Profiles\379013mg.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.473:C:\Documents and Settings\Michael.DAVID-6KNN93QYU\Application Data\Mozilla\Firefox\Profiles\379013mg.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.474:C:\Documents and Settings\Michael.DAVID-6KNN93QYU\Application Data\Mozilla\Firefox\Profiles\379013mg.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.475:C:\Documents and Settings\Michael.DAVID-6KNN93QYU\Application Data\Mozilla\Firefox\Profiles\379013mg.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.476:C:\Documents and Settings\Michael.DAVID-6KNN93QYU\Application Data\Mozilla\Firefox\Profiles\379013mg.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.477:C:\Documents and Settings\Michael.DAVID-6KNN93QYU\Application Data\Mozilla\Firefox\Profiles\379013mg.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.478:C:\Documents and Settings\Michael.DAVID-6KNN93QYU\Application Data\Mozilla\Firefox\Profiles\379013mg.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.479:C:\Documents and Settings\Michael.DAVID-6KNN93QYU\Application Data\Mozilla\Firefox\Profiles\379013mg.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.480:C:\Documents and Settings\Michael.DAVID-6KNN9

#6 Gutsi

Gutsi
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:07:00 AM

Posted 11 February 2006 - 01:04 PM

Sorry Daemon; I forgot the HJT log. Here it is.

Logfile of HijackThis v1.99.1
Scan saved at 1:01:23 PM, on 2/11/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\WINDOWS\System32\wuauclt.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\WINDOWS\System32\pctspk.exe
C:\WINDOWS\System32\atiptaxx.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.5.0_03\bin\jucheck.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Viewpoint\Viewpoint Toolbar V35\FotomatDeviceConnect.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\TOSHIBA\gigabeat room 2.0.2\TosGbWatcher.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Microsoft Office\Office\WINWORD.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (file missing)
O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Viewpoint\Viewpoint Toolbar V35\ViewBar.dll
O3 - Toolbar: BitComet Toolbar - {2E608F70-C430-4bc5-96F6-608E02EBA5B2} - C:\Program Files\BitComet Toolbar\v2.0.0.1\BitComet_Toolbar.dll
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [ViewpointPhotosDeviceConnect] C:\Program Files\Viewpoint\Viewpoint Toolbar V35\FotomatDeviceConnect.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [TosGbWatcher] "C:\Program Files\TOSHIBA\gigabeat room 2.0.2\TosGbWatcher.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Viewpoint Search - res://C:\Program Files\Viewpoint\Viewpoint Toolbar V35\ViewBar.dll/CXTSEARCH.HTML
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyPoker.net\partypokernet.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyPoker.net\partypokernet.exe (file missing)
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab_adult/Me...e/bridge-c9.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {8FCDF9D9-A28B-480F-8C3D-581F119A8AB8} (MediaGatewayX) - http://static.zangocash.com/cab/Seekmo/ie/bridge-c24.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe

#7 Daemon

Daemon

    Security Expert


  • Members
  • 1,446 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:11:00 AM

Posted 11 February 2006 - 02:45 PM

Grab a copy of this little free application to help control those tracking cookies in future:

http://www.analogx.com/contents/download/network/cookie.htm

Make sure that you have no browser windows open as this could prevent the fix from working properly. Open HijackThis, scan and when complete, remove the following entries by checking the box to the left and clicking 'fixed checked':

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Viewpoint\Viewpoint Toolbar V35\ViewBar.dll
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [ViewpointPhotosDeviceConnect] C:\Program Files\Viewpoint\Viewpoint Toolbar V35\FotomatDeviceConnect.exe
O8 - Extra context menu item: &Viewpoint Search - res://C:\Program Files\Viewpoint\Viewpoint Toolbar V35\ViewBar.dll/CXTSEARCH.HTML
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab_adult/Me...e/bridge-c9.cab
O16 - DPF: {8FCDF9D9-A28B-480F-8C3D-581F119A8AB8} (MediaGatewayX) - http://static.zangocash.com/cab/Seekmo/ie/bridge-c24.cab


Exit HijackThis when done. Reboot, rescan with HijackThis and post a new log here.
Posted Image

Have I helped you? Please consider donating to help me continue with the fight against malware. Click here

#8 Gutsi

Gutsi
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:07:00 AM

Posted 11 February 2006 - 04:20 PM

Thank you so much!!


Logfile of HijackThis v1.99.1
Scan saved at 4:18:29 PM, on 2/11/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\WINDOWS\System32\pctspk.exe
C:\Program Files\Java\jre1.5.0_03\bin\jucheck.exe
C:\WINDOWS\System32\atiptaxx.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\TOSHIBA\gigabeat room 2.0.2\TosGbWatcher.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\Program Files\HijackThis.exe
C:\WINDOWS\System32\wuauclt.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (file missing)
O3 - Toolbar: BitComet Toolbar - {2E608F70-C430-4bc5-96F6-608E02EBA5B2} - C:\Program Files\BitComet Toolbar\v2.0.0.1\BitComet_Toolbar.dll
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [TosGbWatcher] "C:\Program Files\TOSHIBA\gigabeat room 2.0.2\TosGbWatcher.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyPoker.net\partypokernet.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyPoker.net\partypokernet.exe (file missing)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe

#9 Daemon

Daemon

    Security Expert


  • Members
  • 1,446 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:11:00 AM

Posted 11 February 2006 - 04:46 PM

Looks better - how is it running now?
Posted Image

Have I helped you? Please consider donating to help me continue with the fight against malware. Click here

#10 Gutsi

Gutsi
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:07:00 AM

Posted 12 February 2006 - 04:48 PM

My computer is running much better now. Thank you so much for your help. I would never have been able to get rid of it without you. Should I be concerned if Spybot keeps detecting smithfraud? I also have benn getting a lot of registry errors or virus alerts that appear to be spyware. There is alot of them. If I leave my computer on all day it will usually take me at least a minute to close all of them. Do you know what this is or if i can fix it?

#11 Daemon

Daemon

    Security Expert


  • Members
  • 1,446 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:11:00 AM

Posted 12 February 2006 - 05:50 PM

Could you post here specifically what Spybot is detecting?

Do this for me - an online scan with Kaspersky WebScanner

Click on Kaspersky Online Scanner

You will be promted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
    Extended (if available otherwise Standard)
    • Scan Options:
    Scan Archives
    Scan Mail Bases
  • Click OK
  • Now under select a target to scan:Select My Computer
  • This will program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Now click on the Save as Text button:
  • Save the file to your desktop.
  • Copy and paste that information in your next post.

Posted Image

Have I helped you? Please consider donating to help me continue with the fight against malware. Click here

#12 Gutsi

Gutsi
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:07:00 AM

Posted 15 February 2006 - 01:26 PM

Sorry it took me so long to get this posted. I have been out of town.

Monday, February 13, 2006 4:01:17 PM
Operating System: Microsoft Windows XP Professional, Service Pack 1 (Build 2600)
Kaspersky On-line Scanner version: 5.0.78.0
Kaspersky Anti-Virus database last update: 13/02/2006
Kaspersky Anti-Virus database records: 176600
Scan Settings
Scan using the following antivirus database extended
Scan Archives true
Scan Mail Bases true
Scan Target My Computer
C:\
Scan Statistics
Total number of scanned objects 45556
Number of viruses found 28
Number of infected objects 82
Number of suspicious objects 6
Duration of the scan process 01:50:52

Infected Object Name Virus Name Last Action
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\DyFuCAInternetOptimizer.zip/install.exe Suspicious: Password-protected-EXE skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\DyFuCAInternetOptimizer.zip ZIP: suspicious - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ExactAdvertisingBargainsBuddy20.zip/cb.exe Suspicious: Password-protected-EXE skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ExactAdvertisingBargainsBuddy20.zip ZIP: suspicious - 1 skipped
C:\Documents and Settings\Michael.DAVID-6KNN93QYU\My Documents\vcodec_ver3-1.189.exe/data0006 Infected: Trojan-Downloader.Win32.Zlob.da skipped
C:\Documents and Settings\Michael.DAVID-6KNN93QYU\My Documents\vcodec_ver3-1.189.exe NSIS: infected - 1 skipped
C:\Documents and Settings\Michael.DAVID-6KNN93QYU\My Documents\vcodec_ver3-1.189.exe UPX: infected - 1 skipped
C:\Program Files\Commusic\ace.dll Infected: Trojan.Win32.Crypt.t skipped
C:\Program Files\Commusic\npwadmin.exe Infected: Trojan.Win32.Crypt.t skipped
C:\Program Files\Commusic\uheink32.exe Infected: Trojan.Win32.Crypt.t skipped
C:\Program Files\Commusic\WinGenerics.dll Infected: Trojan.Win32.Crypt.t skipped
C:\Program Files\DNS\Catcher.dll Infected: not-a-virus:AdWare.Win32.Maxifiles.s skipped
C:\Program Files\MBKWBar\MBKWBar.exe/data0002 Infected: not-a-virus:AdWare.Win32.MBKWBar.a skipped
C:\Program Files\MBKWBar\MBKWBar.exe NSIS: infected - 1 skipped
C:\System Volume Information\_restore{0F5DD1A6-CF22-4A5C-B403-F2CF3E676B0D}\RP328\A0434637.exe Infected: not-a-virus:Dialer.Win32.E-Group.b skipped
C:\System Volume Information\_restore{0F5DD1A6-CF22-4A5C-B403-F2CF3E676B0D}\RP328\A0434640.exe Infected: not-a-virus:Dialer.Win32.E-Group.b skipped
C:\System Volume Information\_restore{0F5DD1A6-CF22-4A5C-B403-F2CF3E676B0D}\RP328\A0434659.exe/WISE0001.BIN Suspicious: not-a-virus:AdWare.Win32.EZula.ak skipped
C:\System Volume Information\_restore{0F5DD1A6-CF22-4A5C-B403-F2CF3E676B0D}\RP328\A0434659.exe WiseSFX: suspicious - 1 skipped
C:\System Volume Information\_restore{0F5DD1A6-CF22-4A5C-B403-F2CF3E676B0D}\RP328\A0434661.dll Infected: not-a-virus:AdWare.Win32.EZula.x skipped
C:\System Volume Information\_restore{0F5DD1A6-CF22-4A5C-B403-F2CF3E676B0D}\RP328\A0434662.dll Infected: not-a-virus:AdWare.Win32.EZula.g skipped
C:\System Volume Information\_restore{0F5DD1A6-CF22-4A5C-B403-F2CF3E676B0D}\RP328\A0434679.dll Infected: not-a-virus:AdWare.Win32.NavExcel.h skipped
C:\System Volume Information\_restore{0F5DD1A6-CF22-4A5C-B403-F2CF3E676B0D}\RP328\A0434680.exe Infected: not-a-virus:AdWare.Win32.NavExcel.h skipped
C:\System Volume Information\_restore{0F5DD1A6-CF22-4A5C-B403-F2CF3E676B0D}\RP328\A0434681.exe Infected: not-a-virus:AdWare.Win32.NavExcel.h skipped
C:\System Volume Information\_restore{0F5DD1A6-CF22-4A5C-B403-F2CF3E676B0D}\RP328\A0434728.exe Infected: not-a-virus:Dialer.Win32.E-Group.b skipped
C:\System Volume Information\_restore{0F5DD1A6-CF22-4A5C-B403-F2CF3E676B0D}\RP329\A0438704.exe Infected: not-a-virus:AdWare.Win32.BetterInternet.c skipped
C:\System Volume Information\_restore{0F5DD1A6-CF22-4A5C-B403-F2CF3E676B0D}\RP329\A0439689.exe Infected: Trojan.Win32.Crypt.t skipped
C:\System Volume Information\_restore{0F5DD1A6-CF22-4A5C-B403-F2CF3E676B0D}\RP329\A0439718.exe Infected: not-a-virus:AdWare.Win32.BetterInternet.a skipped
C:\System Volume Information\_restore{0F5DD1A6-CF22-4A5C-B403-F2CF3E676B0D}\RP329\A0440687.exe Infected: Trojan.Win32.Crypt.t skipped
C:\System Volume Information\_restore{0F5DD1A6-CF22-4A5C-B403-F2CF3E676B0D}\RP331\A0453699.exe Infected: not-a-virus:AdWare.Win32.WinAD.am skipped
C:\System Volume Information\_restore{0F5DD1A6-CF22-4A5C-B403-F2CF3E676B0D}\RP331\A0453757.exe/WISE0033.BIN/data0001.cab/VVSN.exe Infected: not-a-virus:AdWare.Win32.SaveNow.z skipped
C:\System Volume Information\_restore{0F5DD1A6-CF22-4A5C-B403-F2CF3E676B0D}\RP331\A0453757.exe/WISE0033.BIN/data0001.cab Infected: not-a-virus:AdWare.Win32.SaveNow.z skipped
C:\System Volume Information\_restore{0F5DD1A6-CF22-4A5C-B403-F2CF3E676B0D}\RP331\A0453757.exe/WISE0033.BIN Infected: not-a-virus:AdWare.Win32.SaveNow.z skipped
C:\System Volume Information\_restore{0F5DD1A6-CF22-4A5C-B403-F2CF3E676B0D}\RP331\A0453757.exe/WISE0034.BIN Infected: not-a-virus:AdWare.Win32.NewDotNet skipped
C:\System Volume Information\_restore{0F5DD1A6-CF22-4A5C-B403-F2CF3E676B0D}\RP331\A0453757.exe/WISE0035.BIN Infected: not-a-virus:Server-Proxy.Win32.MarketScore.g skipped
C:\System Volume Information\_restore{0F5DD1A6-CF22-4A5C-B403-F2CF3E676B0D}\RP331\A0453757.exe WiseSFX: infected - 5 skipped
C:\System Volume Information\_restore{0F5DD1A6-CF22-4A5C-B403-F2CF3E676B0D}\RP333\A0458879.exe Infected: Trojan.Win32.Crypt.t skipped
C:\System Volume Information\_restore{7911E33E-379C-44C6-AD72-AB545C8835F3}\RP117\A0107284.exe/data0006 Infected: Trojan-Downloader.Win32.Zlob.dn skipped
C:\System Volume Information\_restore{7911E33E-379C-44C6-AD72-AB545C8835F3}\RP117\A0107284.exe NSIS: infected - 1 skipped
C:\System Volume Information\_restore{7911E33E-379C-44C6-AD72-AB545C8835F3}\RP117\A0107284.exe UPX: infected - 1 skipped
C:\System Volume Information\_restore{7911E33E-379C-44C6-AD72-AB545C8835F3}\RP117\A0107287.exe/data0006 Infected: Trojan-Downloader.Win32.Zlob.da skipped
C:\System Volume Information\_restore{7911E33E-379C-44C6-AD72-AB545C8835F3}\RP117\A0107287.exe NSIS: infected - 1 skipped
C:\System Volume Information\_restore{7911E33E-379C-44C6-AD72-AB545C8835F3}\RP117\A0107287.exe UPX: infected - 1 skipped
C:\System Volume Information\_restore{7911E33E-379C-44C6-AD72-AB545C8835F3}\RP117\A0107288.exe/data0006 Infected: Trojan-Downloader.Win32.Zlob.da skipped
C:\System Volume Information\_restore{7911E33E-379C-44C6-AD72-AB545C8835F3}\RP117\A0107288.exe NSIS: infected - 1 skipped
C:\System Volume Information\_restore{7911E33E-379C-44C6-AD72-AB545C8835F3}\RP117\A0107288.exe UPX: infected - 1 skipped
C:\System Volume Information\_restore{7911E33E-379C-44C6-AD72-AB545C8835F3}\RP117\A0107289.exe/data0006 Infected: Trojan-Downloader.Win32.Zlob.dy skipped
C:\System Volume Information\_restore{7911E33E-379C-44C6-AD72-AB545C8835F3}\RP117\A0107289.exe NSIS: infected - 1 skipped
C:\System Volume Information\_restore{7911E33E-379C-44C6-AD72-AB545C8835F3}\RP117\A0107289.exe UPX: infected - 1 skipped
C:\System Volume Information\_restore{7911E33E-379C-44C6-AD72-AB545C8835F3}\RP119\A0109225.exe/data0006 Infected: Trojan-Downloader.Win32.Zlob.dy skipped
C:\System Volume Information\_restore{7911E33E-379C-44C6-AD72-AB545C8835F3}\RP119\A0109225.exe NSIS: infected - 1 skipped
C:\System Volume Information\_restore{7911E33E-379C-44C6-AD72-AB545C8835F3}\RP119\A0109225.exe UPX: infected - 1 skipped
C:\System Volume Information\_restore{7911E33E-379C-44C6-AD72-AB545C8835F3}\RP120\A0110257.dll Infected: not-a-virus:AdWare.Win32.180Solutions.a skipped
C:\System Volume Information\_restore{7911E33E-379C-44C6-AD72-AB545C8835F3}\RP120\A0111335.dll Infected: not-a-virus:AdWare.Win32.180Solutions.a skipped
C:\System Volume Information\_restore{7911E33E-379C-44C6-AD72-AB545C8835F3}\RP121\A0112332.dll Infected: not-a-virus:AdWare.Win32.180Solutions.a skipped
C:\System Volume Information\_restore{7911E33E-379C-44C6-AD72-AB545C8835F3}\RP125\A0113331.dll Infected: not-a-virus:AdWare.Win32.180Solutions.a skipped
C:\System Volume Information\_restore{7911E33E-379C-44C6-AD72-AB545C8835F3}\RP127\A0114350.dll Infected: not-a-virus:AdWare.Win32.180Solutions.a skipped
C:\System Volume Information\_restore{7911E33E-379C-44C6-AD72-AB545C8835F3}\RP129\A0115330.dll Infected: not-a-virus:AdWare.Win32.180Solutions.a skipped
C:\System Volume Information\_restore{7911E33E-379C-44C6-AD72-AB545C8835F3}\RP129\A0115347.exe Infected: not-a-virus:AdWare.Win32.180Solutions.ag skipped
C:\System Volume Information\_restore{7911E33E-379C-44C6-AD72-AB545C8835F3}\RP129\A0115348.exe Infected: not-a-virus:AdWare.Win32.180Solutions.ac skipped
C:\System Volume Information\_restore{7911E33E-379C-44C6-AD72-AB545C8835F3}\RP130\A0116326.dll Infected: not-a-virus:AdWare.Win32.180Solutions.a skipped
C:\System Volume Information\_restore{7911E33E-379C-44C6-AD72-AB545C8835F3}\RP131\A0116361.tlb Infected: Trojan-Downloader.Win32.Zlob.fd skipped
C:\System Volume Information\_restore{7911E33E-379C-44C6-AD72-AB545C8835F3}\RP131\A0116383.exe Infected: not-a-virus:AdWare.Win32.SurfAccuracy.d skipped
C:\System Volume Information\_restore{7911E33E-379C-44C6-AD72-AB545C8835F3}\RP132\A0116413.tlb Infected: Trojan-Downloader.Win32.Zlob.fd skipped
C:\System Volume Information\_restore{7911E33E-379C-44C6-AD72-AB545C8835F3}\RP132\A0117361.tlb Infected: Trojan-Downloader.Win32.Zlob.fd skipped
C:\System Volume Information\_restore{7911E33E-379C-44C6-AD72-AB545C8835F3}\RP133\A0118361.tlb Infected: Trojan-Downloader.Win32.Zlob.fd skipped
C:\System Volume Information\_restore{7911E33E-379C-44C6-AD72-AB545C8835F3}\RP133\A0118376.tlb Infected: Trojan-Downloader.Win32.Zlob.fd skipped
C:\System Volume Information\_restore{7911E33E-379C-44C6-AD72-AB545C8835F3}\RP135\A0118476.dll Infected: not-a-virus:AdWare.Win32.180Solutions.a skipped
C:\System Volume Information\_restore{7911E33E-379C-44C6-AD72-AB545C8835F3}\RP135\A0118509.dll Infected: not-a-virus:AdWare.Win32.180Solutions.a skipped
C:\System Volume Information\_restore{7911E33E-379C-44C6-AD72-AB545C8835F3}\RP135\A0118513.dll Infected: Trojan-Clicker.Win32.Agent.fx skipped
C:\System Volume Information\_restore{7911E33E-379C-44C6-AD72-AB545C8835F3}\RP135\A0118515.tlb Infected: Trojan-Downloader.Win32.Zlob.fd skipped
C:\System Volume Information\_restore{7911E33E-379C-44C6-AD72-AB545C8835F3}\RP136\A0118536.tlb Infected: Trojan-Downloader.Win32.Zlob.fq skipped
C:\System Volume Information\_restore{7911E33E-379C-44C6-AD72-AB545C8835F3}\RP136\A0118539.dll Infected: not-a-virus:AdWare.Win32.180Solutions.a skipped
C:\System Volume Information\_restore{7911E33E-379C-44C6-AD72-AB545C8835F3}\RP136\A0118558.exe Infected: not-a-virus:AdWare.Win32.180Solutions.ag skipped
C:\System Volume Information\_restore{7911E33E-379C-44C6-AD72-AB545C8835F3}\RP136\A0118559.exe Infected: not-a-virus:AdWare.Win32.180Solutions.ac skipped
C:\System Volume Information\_restore{7911E33E-379C-44C6-AD72-AB545C8835F3}\RP137\A0118562.dll Infected: not-a-virus:AdWare.Win32.180Solutions.a skipped
C:\System Volume Information\_restore{7911E33E-379C-44C6-AD72-AB545C8835F3}\RP137\A0118567.tlb Infected: Trojan-Downloader.Win32.Zlob.fq skipped
C:\System Volume Information\_restore{7911E33E-379C-44C6-AD72-AB545C8835F3}\RP137\A0118571.dll Infected: Trojan-Clicker.Win32.Agent.fx skipped
C:\System Volume Information\_restore{7911E33E-379C-44C6-AD72-AB545C8835F3}\RP137\A0120568.tlb Infected: Trojan-Downloader.Win32.Zlob.fq skipped
C:\System Volume Information\_restore{7911E33E-379C-44C6-AD72-AB545C8835F3}\RP138\A0121566.tlb Infected: Trojan-Downloader.Win32.Zlob.fq skipped
C:\System Volume Information\_restore{7911E33E-379C-44C6-AD72-AB545C8835F3}\RP138\A0122570.tlb Infected: Trojan-Downloader.Win32.Zlob.fq skipped
C:\System Volume Information\_restore{7911E33E-379C-44C6-AD72-AB545C8835F3}\RP139\A0123569.tlb Infected: Trojan-Downloader.Win32.Zlob.fq skipped
C:\System Volume Information\_restore{7911E33E-379C-44C6-AD72-AB545C8835F3}\RP139\A0123577.exe/data0007 Infected: Trojan.Win32.Zapchast skipped
C:\System Volume Information\_restore{7911E33E-379C-44C6-AD72-AB545C8835F3}\RP139\A0123577.exe/data0008 Infected: Trojan-Downloader.Win32.Zlob.fn skipped
C:\System Volume Information\_restore{7911E33E-379C-44C6-AD72-AB545C8835F3}\RP139\A0123577.exe NSIS: infected - 2 skipped
C:\System Volume Information\_restore{7911E33E-379C-44C6-AD72-AB545C8835F3}\RP139\A0123577.exe UPX: infected - 2 skipped
C:\System Volume Information\_restore{7911E33E-379C-44C6-AD72-AB545C8835F3}\RP140\A0124567.tlb Infected: Trojan-Downloader.Win32.Zlob.fq skipped
C:\System Volume Information\_restore{7911E33E-379C-44C6-AD72-AB545C8835F3}\RP146\A0128761.tlb Infected: Trojan-Downloader.Win32.Zlob.fq skipped
C:\System Volume Information\_restore{7911E33E-379C-44C6-AD72-AB545C8835F3}\RP148\A0131860.dll Infected: not-virus:Hoax.Win32.Renos.ak skipped



This is what spybot is detecting:

Smitfraud-C.: User settings (Registry change, nothing done)
HKEY_USERS\S-1-5-21-842925246-746137067-854245398-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\free-spy-cam.net\*!=W=4

Advertising.com: Tracking cookie (Firefox: default) (Cookie, nothing done)


Advertising.com: Tracking cookie (Firefox: default) (Cookie, nothing done)


Advertising.com: Tracking cookie (Firefox: default) (Cookie, nothing done)


Avenue A, Inc.: Tracking cookie (Firefox: default) (Cookie, nothing done)


DoubleClick: Tracking cookie (Firefox: default) (Cookie, nothing done)


CoreMetrics: Tracking cookie (Firefox: default) (Cookie, nothing done)


User abort!: Scan was not completed successfully. ()



--- Spybot - Search & Destroy version: 1.4 (build: 20050523) ---

2005-05-31 blindman.exe (1.0.0.1)
2005-05-31 SpybotSD.exe (1.4.0.3)
2005-05-31 TeaTimer.exe (1.4.0.2)
2005-09-07 unins000.exe (51.41.0.0)
2005-05-31 Update.exe (1.4.0.0)
2005-05-31 advcheck.dll (1.0.2.0)
2005-05-31 aports.dll (2.1.0.0)
2005-05-31 borlndmm.dll (7.0.4.453)
2005-05-31 delphimm.dll (7.0.4.453)
2005-05-31 Tools.dll (2.0.0.2)
2005-05-31 UnzDll.dll (1.73.1.1)
2005-05-31 ZipDll.dll (1.73.2.0)
2005-04-26 Includes\Cookies.sbi (*)
2005-08-26 Includes\Dialer.sbi (*)
2005-08-26 Includes\Hijackers.sbi (*)
2005-08-16 Includes\Keyloggers.sbi (*)
2004-11-29 Includes\LSP.sbi (*)
2005-08-26 Includes\Malware.sbi (*)
2005-08-12 Includes\PUPS.sbi (*)
2005-04-27 Includes\Revision.sbi (*)
2005-08-25 Includes\Security.sbi (*)
2005-08-16 Includes\Spybots.sbi (*)
2005-02-17 Includes\Tracks.uti
2005-08-26 Includes\Trojans.sbi (*)

#13 Daemon

Daemon

    Security Expert


  • Members
  • 1,446 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:11:00 AM

Posted 15 February 2006 - 06:39 PM

Grab a copy of this little free application to help control those tracking cookies in future:

http://www.analogx.com/contents/download/network/cookie.htm

Download and save blacklight to your desktop. Doubleclick blbeta.exe, accept the agreement, click scan > next.

You'll see a list of all the items it found. There will also be a log on your desktop with the name fsbl.xxxxxxx.log (where xxxxxxx represents numbers). The application finds both bad files and legitimate ones. Copy and paste the log it generated in your next reply.
Posted Image

Have I helped you? Please consider donating to help me continue with the fight against malware. Click here

#14 Gutsi

Gutsi
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:07:00 AM

Posted 17 February 2006 - 11:15 AM

It didn't pick up on much but here it is:

02/17/06 08:25:24 [Info]: BlackLight Engine 1.0.30 initialized
02/17/06 08:25:24 [Info]: OS: 5.1 build 2600 (Service Pack 1)
02/17/06 08:25:27 [Note]: 7019 4
02/17/06 08:25:27 [Note]: 7005 0
02/17/06 08:25:33 [Note]: 7006 0
02/17/06 08:25:33 [Note]: 7011 1716
02/17/06 08:25:37 [Note]: FSRAW library version 1.7.1014
02/17/06 11:12:52 [Note]: 7007 0

#15 Daemon

Daemon

    Security Expert


  • Members
  • 1,446 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:11:00 AM

Posted 18 February 2006 - 08:41 AM

Looks OK - are you still having problems?
Posted Image

Have I helped you? Please consider donating to help me continue with the fight against malware. Click here




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users