Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Hellppp!


  • This topic is locked This topic is locked
32 replies to this topic

#1 friedrice32547

friedrice32547

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:09:55 AM

Posted 23 April 2006 - 11:18 AM

Logfile of HijackThis v1.99.1
Scan saved at 12:15:53 PM, on 4/23/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\WINDOWS\system32\E_S00RP1.EXE
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\SAgent4.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\DOCUME~1\SEANFE~1\MYDOCU~1\SSTEM3~1\tracert.exe
C:\Documents and Settings\Sean Ferreyra\My Documents\F?nts\l?ass.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\mssearchnet.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = prosearching.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://mysearch.myway.com/jsp/dellsidebar.jsp?p=DE
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = prosearching.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchURL = prosearching.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = prosearching.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = prosearching.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = prosearching.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchURL = prosearching.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = prosearching.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = prosearching.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = prosearching.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page_bak = prosearching.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell4me.com/myway
R3 - URLSearchHook: (no name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\deSrcAs.dll
O2 - BHO: (no name) - {4D25F921-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\deSrcAs.dll
O2 - BHO: Nothing - {edbf1bc8-39ab-48eb-a0a9-c75078eb7c8e} - C:\WINDOWS\system32\hp5375.tmp
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [EPSON Stylus CX4800 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE /P26 "EPSON Stylus CX4800 Series" /O6 "USB001" /M "Stylus CX4800"
O4 - HKLM\..\Run: [StarSkin] C:\PROGRAM FILES\ROCKET DIVISION SOFTWARE\STARSKIN\STARSKIN.EXE -H
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Sen] "C:\DOCUME~1\SEANFE~1\MYDOCU~1\SSTEM3~1\tracert.exe" -vt mt
O4 - HKCU\..\Run: [Ksdv] C:\Documents and Settings\Sean Ferreyra\My Documents\F?nts\l?ass.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Subscribe in Desktop Sidebar - {09FE188B-6E85-479e-9411-51FB2220DF80} - C:\WINDOWS\Resources\Themes\DameK UltraBlue\Desktop Sidebar\sbhelp.dll
O9 - Extra 'Tools' menuitem: Subscribe in Desktop Sidebar - {09FE188B-6E85-479e-9411-51FB2220DF80} - C:\WINDOWS\Resources\Themes\DameK UltraBlue\Desktop Sidebar\sbhelp.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1144093852500
O16 - DPF: {74CD40EA-EF77-4BAD-808A-B5982DA73F20} (YazzleActiveX Control) - http://yax-download.yazzle.net/YazzleActiveX.cab?refid=1162
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: winxgo32 - C:\WINDOWS\SYSTEM32\winxgo32.dll
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: EPSON V3 Service2(03) (EPSON_PM_RPCV2_01) - SEIKO EPSON CORPORATION - C:\WINDOWS\system32\E_S00RP1.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Epson Printer Status Agent4 (StatusAgent4) - SEIKO EPSON CORPORATION - C:\WINDOWS\system32\SAgent4.exe

:thumbsup:

BC AdBot (Login to Remove)

 


#2 amateur

amateur

    Malware Fighter


  • Malware Response Team
  • 2,775 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:09:55 AM

Posted 24 April 2006 - 09:53 AM

Hi afriedrice32547 and welcome to the Forum. :thumbsup:

You have several infections going on in there. It will take several posts to clean them all. I am not surprised as you don't have an AntiVirus. That's a problem. You don't seem to have a firewall either. I'll be giving you some links for that once the computer is cleaned.

Download one of these free anti-virus programs RIGHT NOW, update it and run a full scan. Have it fix anything it finds.

Grisoft AVG from here : http://free.grisoft.com/doc/1
AntiVir Free from here : http://www.free-av.com/
Avast Home Edition from here : http://www.avast.com/eng/down_home.html

======================================

Look in your control panels add/remove programs for PuritySCAN By OIN, OuterInfo, OIN or similar , click on it and click remove.
Reboot and delete this folder if found:
C:\Program Files\PurityScan

If not listed, download and run this uninstaller:
http://www.outerinfo.com/OiUninstaller.exe

Tutorial for the uninstaller if needed

Reboot when done and delete this folder if found:
C:\Program Files\PurityScan

====================================

First make a folder on desktop & call it BFU then
please download BFU from BFU
and save it to the folder you have just made
Open the folder & double click BFU.exe to run it

Run the program and click the Web button as shown here:
Posted Image

Use this URL to copy into the address bar of the Download BFU script window:
http://metallica.geekstogo.com/alcanshorty.bfu

Execute the script by clicking the Execute button.
Note that you should see a progress bar while the script is being executed.

If you have any questions about the use of BFU please read here:
http://metallica.geekstogo.com/BFUinstructions.html


==================================================

Please download SmitfraudFix (by S!Ri)
Extract the content (a folder named SmitfraudFix) to your Desktop.

Open the SmitfraudFix folder and double-click smitfraudfix.cmd
Select option #1 - Search by typing 1 and press Enter
This program will scan large amounts of files on your computer for known patterns so please be patient while it works. When it is done, the results of the scan will be displayed and it will create a log named rapport.txt in the root of your drive, eg: Local Disk C: or partition where your operating system is installed. Please post that log along with all others requested in your next reply.

IMPORTANT: Do NOT run any other options until you are asked to do so!

Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore your antivirus may alert you about this. Please allow it.

==================================================

In your next post, please include
  • smitfraudfix log
  • a new hijackthis log
Note: report is saved at C:\ C:\rapport.txt

Edited by amateur, 24 April 2006 - 09:54 AM.


#3 friedrice32547

friedrice32547
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:09:55 AM

Posted 24 April 2006 - 03:21 PM

Logfile of HijackThis v1.99.1
Scan saved at 4:16:47 PM, on 4/24/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\WINDOWS\system32\E_S00RP1.EXE
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\SAgent4.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = prosearching.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://mysearch.myway.com/jsp/dellsidebar.jsp?p=DE
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = prosearching.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchURL = prosearching.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = prosearching.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = prosearching.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = prosearching.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchURL = prosearching.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = prosearching.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = prosearching.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = prosearching.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page_bak = prosearching.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell4me.com/myway
R3 - URLSearchHook: (no name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\deSrcAs.dll (file missing)
O2 - BHO: Nothing - {edbf1bc8-39ab-48eb-a0a9-c75078eb7c8e} - C:\WINDOWS\system32\hpD1A8.tmp (file missing)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [EPSON Stylus CX4800 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE /P26 "EPSON Stylus CX4800 Series" /O6 "USB001" /M "Stylus CX4800"
O4 - HKLM\..\Run: [StarSkin] C:\PROGRAM FILES\ROCKET DIVISION SOFTWARE\STARSKIN\STARSKIN.EXE -H
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Subscribe in Desktop Sidebar - {09FE188B-6E85-479e-9411-51FB2220DF80} - C:\WINDOWS\Resources\Themes\DameK UltraBlue\Desktop Sidebar\sbhelp.dll
O9 - Extra 'Tools' menuitem: Subscribe in Desktop Sidebar - {09FE188B-6E85-479e-9411-51FB2220DF80} - C:\WINDOWS\Resources\Themes\DameK UltraBlue\Desktop Sidebar\sbhelp.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1144093852500
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: winxgo32 - C:\WINDOWS\SYSTEM32\winxgo32.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: EPSON V3 Service2(03) (EPSON_PM_RPCV2_01) - SEIKO EPSON CORPORATION - C:\WINDOWS\system32\E_S00RP1.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Epson Printer Status Agent4 (StatusAgent4) - SEIKO EPSON CORPORATION - C:\WINDOWS\system32\SAgent4.exe



i was unable to use SmitfraudFix well i did use the antivires and BFU and so on just couldent get the SmitfraudFix to work :thumbsup:

#4 amateur

amateur

    Malware Fighter


  • Malware Response Team
  • 2,775 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:09:55 AM

Posted 24 April 2006 - 03:33 PM

i was unable to use SmitfraudFix well i did use the antivires and BFU and so on just couldent get the SmitfraudFix to work



Can you tell me exactly what happens when you try to use it. Were you able to download and unzip it?

#5 amateur

amateur

    Malware Fighter


  • Malware Response Team
  • 2,775 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:09:55 AM

Posted 24 April 2006 - 04:09 PM

Click here to download haxfix.exe and save it to your desktop.
  • Double click on haxfix.exe to install haxfix. (standard installation path is c:\program Files\haxfix)
  • Checkmark "Create a desktop icon"
  • Click "Next"
  • When the installation is completed, make sure that the checkmark "Launch HaxFix" is placed
  • Click "Finish"
  • A red "dos window" (dos box) will open with options:
    • 1. Make logfile
    • 2. Run auto fix
    • 3. Run manual fix
    • E. Exit Haxfix
  • Select option 1. Make logfile by typing 1 and then pressing Enter
  • Haxfix will start scanning the computer. When it is finished a logfile will open: haxlog.txt > (c:\haxfix.txt)
  • Copy the contents of that logfile and paste it into this thread.
======================

============================================
  • Close all open Explorer windows and browsers/email, etc
  • Run HijackThis
  • Click on the Scan button and when complete
  • Put a check beside all of the items listed below
  • Click on the "Fix Checked" button
  • When completed, close the application.
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = prosearching.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = prosearching.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchURL = prosearching.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = prosearching.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = prosearching.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = prosearching.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchURL = prosearching.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = prosearching.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = prosearching.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = prosearching.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page_bak = prosearching.com
R3 - URLSearchHook: (no name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\deSrcAs.dll (file missing)
O2 - BHO: Nothing - {edbf1bc8-39ab-48eb-a0a9-c75078eb7c8e} - C:\WINDOWS\system32\hpD1A8.tmp (file missing)


============================================

The following is an optional fix. PartyPoker.com is listed among the Sites in Eric Howes' IE-SPYAD block List. I would recommend that you remove it from the Add/Remove Programs in Control Panel and also fix the below entries in the HijackThis, but the choice is yours.

O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe

Go the Start>Control Panel>Add/Remove Programs and remove the following:

MyWaySA
PartyPoker
<===== This is optional

Then, Using Windows Explorer (right click on Start, click on Explore), find and delete the following folders, if present:

C:\Program Files\MyWaySA
C:\Program Files\PartyGaming\PartyPoker <===== only if you uninstalled it.

============================================

Post back the haxlog.txt and a fresh HijackThis log please.

#6 friedrice32547

friedrice32547
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:09:55 AM

Posted 24 April 2006 - 04:19 PM

Posted Image this is always what happends

#7 friedrice32547

friedrice32547
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:09:55 AM

Posted 24 April 2006 - 04:39 PM

Logfile of HijackThis v1.99.1
Scan saved at 5:34:33 PM, on 4/24/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\WINDOWS\system32\E_S00RP1.EXE
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\SAgent4.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell4me.com/myway
R3 - Default URLSearchHook is missing
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [EPSON Stylus CX4800 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE /P26 "EPSON Stylus CX4800 Series" /O6 "USB001" /M "Stylus CX4800"
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1144093852500
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: winxgo32 - C:\WINDOWS\SYSTEM32\winxgo32.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: EPSON V3 Service2(03) (EPSON_PM_RPCV2_01) - SEIKO EPSON CORPORATION - C:\WINDOWS\system32\E_S00RP1.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Epson Printer Status Agent4 (StatusAgent4) - SEIKO EPSON CORPORATION - C:\WINDOWS\system32\SAgent4.exe












HAXFIX logfile - by Marckie
--------------
version 2.31
Mon 04/24/2006 17:37:14.46

checking for ps.a3d....
ps.a3d not found

checking for p2s2.a3d....
p2s2.a3d not found

checking for matching notify keys....
no matching notify keys found

checking for matching services....
no matching services found

checking for matching safeboot services....
no matching safeboot services found

#8 amateur

amateur

    Malware Fighter


  • Malware Response Team
  • 2,775 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:09:55 AM

Posted 24 April 2006 - 04:59 PM

Thank you for the log. You are doing an excellent job.

Fix the following entries with the HijackThis like you did before:

R3 - Default URLSearchHook is missing
O20 - Winlogon Notify: winxgo32 - C:\WINDOWS\SYSTEM32\winxgo32.dll


===============================

Download Avenger by Swandog, and unzip it to your desktop or somewhere you can find it. (Do not run it yet).

Note: This programme is for use on Windows XP 32 bit systems only, and must be run from an account with Administor priviledges. If yours is a 64 bit version, do not use it, let me know.
  • Open a Notepad file by clicking Start > Run and typing Notepad.exe in the box, click OK.
  • Click Format, and ensure Word Wrap is unchecked.
  • Copy and Paste all the text inside the box below into Notepad.
  • Now save the file as RemoveFiles.txt in a location where you can find it.
Files to delete:
"C:\WINDOWS\SYSTEM32\winxgo32.dll"
Start Avenger by double clicking on Avenger.exe.
  • Check Load script from file:
  • Click on the folder symbol below and to the right, and browse to RemoveFiles.txt.
  • Double click it to enter it into Avenger.
  • Click the green traffic light symbol.
  • You will be asked if you want to execute the script, answer Yes.
  • At this point you may get prompts from your protection systems, allow them please.
  • Avenger will set itself up to run the next time you re-boot, and will prompt you to re-start immediately.
  • Answer Yes, and allow your computer to re-boot.
  • Upon re-boot a command window will briefly appear on screen (this is normal).
  • A Notepad text file will be created C:\avenger.txt.
  • Copy and Paste it into your next post please, along with a new HJT log.
Let me know how the system is running now.

Edited by amateur, 24 April 2006 - 04:59 PM.


#9 friedrice32547

friedrice32547
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:09:55 AM

Posted 24 April 2006 - 07:59 PM

//////////////////////////////////////////
Avenger Pre-Processor log
//////////////////////////////////////////

Error: could not create zip file.
Error code: 0


//////////////////////////////////////////


Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\nkpqgqat

*******************

Script file located at: \??\C:\Documents and Settings\cpxtkvik.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:



File C:\WINDOWS\SYSTEM32\winxgo32.dll not found!
Deletion of file C:\WINDOWS\SYSTEM32\winxgo32.dll failed!

Could not process line:
C:\WINDOWS\SYSTEM32\winxgo32.dll
Status: 0xc0000034


Completed script processing.

*******************

Finished! Terminate.//////////////////////////////////////////


Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\saxxpuap

*******************

Script file located at: \??\C:\stjpyebl.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:



File C:\WINDOWS\SYSTEM32\winxgo32.dll not found!
Deletion of file C:\WINDOWS\SYSTEM32\winxgo32.dll failed!

Could not process line:
C:\WINDOWS\SYSTEM32\winxgo32.dll
Status: 0xc0000034


Completed script processing.

*******************

Finished! Terminate.//////////////////////////////////////////


Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\scpvigyu

*******************

Script file located at: \??\C:\unnonogi.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:



File C:\WINDOWS\SYSTEM32\winxgo32.dll not found!
Deletion of file C:\WINDOWS\SYSTEM32\winxgo32.dll failed!

Could not process line:
C:\WINDOWS\SYSTEM32\winxgo32.dll
Status: 0xc0000034


Completed script processing.

*******************

Finished! Terminate.








Logfile of HijackThis v1.99.1
Scan saved at 8:50:50 PM, on 4/24/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\WINDOWS\system32\E_S00RP1.EXE
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\SAgent4.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell4me.com/myway
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [EPSON Stylus CX4800 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE /P26 "EPSON Stylus CX4800 Series" /O6 "USB001" /M "Stylus CX4800"
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [sibneyho] C:\ahavgqvk.bat
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1144093852500
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: winxgo32 - winxgo32.dll (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: EPSON V3 Service2(03) (EPSON_PM_RPCV2_01) - SEIKO EPSON CORPORATION - C:\WINDOWS\system32\E_S00RP1.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Epson Printer Status Agent4 (StatusAgent4) - SEIKO EPSON CORPORATION - C:\WINDOWS\system32\SAgent4.exe

Posted Imagethats a lil thingy that wont go away

#10 amateur

amateur

    Malware Fighter


  • Malware Response Team
  • 2,775 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:09:55 AM

Posted 24 April 2006 - 08:44 PM

Go ahead and delete BFU, haxfix and Avenger. There is a new entry in the HijackThis log which is puzzling, but we'll deal with that later. Let's try the Smitfraudfix again. First Make sure that you extract all files first. Extract them to your desktop. If you extracted them properly (not just double clicking on the folder) to your desktop, you shouldn't have a problem. If you still have the same problem, check if you have the following files in the folder:There shoud be these three files in the folder +:

*SmitfraudFix.cmd
* reg.exe
* Process.exe

Rightclick on SmitfraudFix.cmd and click on properties. At the bottom of the window there should be a warning about security, something like "your computer may be blocking this file" .
check "unblock", click on "apply" and click "OK". Then you should be able to run it.

Edited by amateur, 24 April 2006 - 09:27 PM.


#11 friedrice32547

friedrice32547
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:09:55 AM

Posted 24 April 2006 - 10:01 PM

SmitFraudFix v2.34

Scan done at 23:02:32.10, Mon 04/24/2006
Run from C:\Documents and Settings\Sean Ferreyra\Desktop
OS: Microsoft Windows XP [Version 5.1.2600]

C:\


C:\WINDOWS


C:\WINDOWS\system


C:\WINDOWS\Web


C:\WINDOWS\system32

C:\WINDOWS\system32\dfrgsrv.exe FOUND !
C:\WINDOWS\system32\hp????.tmp FOUND !
C:\WINDOWS\system32\interf.tlb FOUND !
C:\WINDOWS\system32\ld????.tmp FOUND !
C:\WINDOWS\system32\ncompat.tlb FOUND !
C:\WINDOWS\system32\ot.ico FOUND !
C:\WINDOWS\system32\ts.ico FOUND !
C:\WINDOWS\system32\xenadot.dll FOUND !
C:\WINDOWS\system32\1024\ FOUND !

C:\Documents and Settings\Sean Ferreyra\Application Data


Start Menu


C:\DOCUME~1\SEANFE~1\FAVORI~1


Desktop


C:\Program Files


Corrupted keys


Desktop Components

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"


Sharedtaskscheduler

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"

[HKEY_CLASSES_ROOT\CLSID\{438755C2-A8BA-11D1-B96B-00A0C90312E1}\InProcServer32]
@="%SystemRoot%\system32\browseui.dll"

[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{438755C2-A8BA-11D1-B96B-00A0C90312E1}\InProcServer32]
@="%SystemRoot%\system32\browseui.dll"


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

[HKEY_CLASSES_ROOT\CLSID\{8C7461EF-2B13-11d2-BE35-3078302C2030}\InProcServer32]
@="%SystemRoot%\system32\browseui.dll"

[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{8C7461EF-2B13-11d2-BE35-3078302C2030}\InProcServer32]
@="%SystemRoot%\system32\browseui.dll"


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{CD5E2AC9-25CE-A1C5-D1E2-DC6B28A6ED5A}"="XenaDot Software"

[HKEY_CLASSES_ROOT\CLSID\{CD5E2AC9-25CE-A1C5-D1E2-DC6B28A6ED5A}\InProcServer32]
@="C:\WINDOWS\system32\xenadot.dll"

[HKEY_CURRENT_USER\Software\Classes\CLSID\{CD5E2AC9-25CE-A1C5-D1E2-DC6B28A6ED5A}\InProcServer32]
@="C:\WINDOWS\system32\xenadot.dll"


Scanning wininet.dll infection


End

Edited by friedrice32547, 24 April 2006 - 10:04 PM.


#12 amateur

amateur

    Malware Fighter


  • Malware Response Team
  • 2,775 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:09:55 AM

Posted 25 April 2006 - 05:50 AM

Please print out or copy these instructions/tutorial to Notepad as the internet will not be (while in Safe Mode) available to you at certain points of the removal process. Make sure to work through all the Steps in the exact order in which they are listed below. If there's anything that you don't understand, ask your question(s) before moving on with the fixes.

Please download the trial version of Ewido anti-malware 3.5 from here:
http://www.ewido.net/en/download/
  • Install Ewido anti-malware.
  • When installing, under Additional Options uncheck Install background guard and Install scan via context menu.
  • When you run Ewido for the first time, you could get a warning "Database could not be found!". Click Ok.
  • The program will prompt you to update. Click the Ok button.
  • The program will now go to the main screen.
You will need to update Ewido to the latest definition files.
  • On the left-hand side of the main screen click the Update Button.
  • Click on Start.
The update will start and a progress bar will show the updates being installed.
Once finished updating, close Ewido.

If you are having problems with the updater, you can use this link to manually update ewido.
Ewido manual updates. Make sure to close Ewido before installing the update.

=================================

Reboot your computer in Safe Mode.
  • If the computer is running, shut down Windows, and then turn off the power.
  • Wait 30 seconds, and then turn the computer on.
  • Start tapping the F8 key. The Windows Advanced Options Menu appears. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, restart the computer and try again.
  • Ensure that the Safe Mode option is selected.
  • Press Enter. The computer then begins to start in Safe mode.
  • Login on your usual account.
=================================

Open the SmitfraudFix Folder, then double-click smitfraudfix.cmd file to start the tool.
Select option #2 - Clean by typing 2 and press Enter.
Wait for the tool to complete and disk cleanup to finish.
You will be prompted : "Registry cleaning - Do you want to clean the registry ?" answer Yes by typing Y and hit Enter.
The tool will also check if wininet.dll is infected. If a clean version is found, you will be prompted to replace wininet.dll. Answer Yes to the question "Replace infected file ?" by typing Y and hit Enter.

A reboot may be needed to finish the cleaning process, if you computer does not restart automatically please do it yourself manually. Reboot in Safe Mode.

The tool will create a log named rapport.txt in the root of your drive, eg: Local Disk C: or partition where your operating system is installed. Please post that log along with all others requested in your next reply.

=================================

Navigate to C:\Windows\Temp
Click Edit, click Select All, press the DELETE key, and then click Yes to confirm that you want to send all the items to the Recycle Bin.

Navigate to C:\Documents and Settings\(EVERY LISTED USER)\Local Settings\Temp
Click Edit, click Select All, press the DELETE key, and then click Yes to confirm that you want to send all the items to the Recycle Bin.

Clean out your Temporary Internet files. Proceed like this:
  • Quit Internet Explorer and quit any instances of Windows Explorer.
  • Click Start, click Control Panel, and then double-click Internet Options.
  • On the General tab, click Delete Files under Temporary Internet Files.
  • In the Delete Files dialog box, tick the Delete all offline content check box , and then click OK.
  • On the General tab, click Delete Cookies under Temporary Internet Files, and then click OK.
  • Click on the Programs tab then click the Reset Web Settings button. Click Apply then OK.
  • Click OK.
Next Click Start, click Control Panel and then double-click Display. Click on the Desktop tab, then click the Customize Desktop button. Click on the Web tab. Under Web Pages you should see a checked entry called Security info or something similar. If it is there, select that entry and click the Delete button. Click Ok then Apply and Ok.

Empty the Recycle Bin by right-clicking the Recycle Bin icon on your Desktop, and then clicking Empty Recycle Bin.

=================================

Close ALL open Windows / Programs / Folders. Please start Ewido, and run a full scan.
  • Click on Scanner
  • Click on Settings
    • Under How to scan all boxes should be checked
    • Under Unwanted Software all boxes should be checked
    • Under What to scan select Scan every file
    • Click on Ok
  • Click on Complete System Scan to start the scan process.
  • Let the program scan the machine.
If Ewido finds anything, it will pop up a notification. When it asks if you want to clean the first file, put a checkmark in the lower left corner of the box that says Perform action on all infections and put a checkmark in the box next to Create encrypted backup, then choose clean and click Ok.

Once the scan has completed, there will be a button located on the bottom of the screen named Save Report.
  • Click Save Report button
  • Save the report to your Desktop
Close Ewido and Reboot in Normal Mode.

=================================

Open the SmitfraudFix folder and double-click smitfraudfix.cmd
Select option #3 - Delete Trusted zone by typing 3 and press Enter.
Answer Yes to the question "Restore Trusted Zone ?" by typing Y and hit Enter.

Note, if you use SpywareBlaster and/or IE-SPYAD, it will be necessary to re-install the protection both afford. For SpywareBlaster, run the program and re-protect all items. For IE-SPYAD, run the batch file and reinstall the protection.

=================================

Please post:
  • c:\rapport.txt
  • Ewido log
  • A new HijackThis log
Your may need several replies to post the requested logs, otherwise they might get cut off

#13 friedrice32547

friedrice32547
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:09:55 AM

Posted 25 April 2006 - 07:37 PM

Logfile of HijackThis v1.99.1
Scan saved at 8:34:30 PM, on 4/25/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\WINDOWS\system32\E_S00RP1.EXE
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\SAgent4.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\dcomcfg.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell4me.com/myway
O2 - BHO: Nothing - {edbf1bc8-39ab-48eb-a0a9-c75078eb7c8e} - C:\WINDOWS\system32\hp93C4.tmp
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [EPSON Stylus CX4800 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE /P26 "EPSON Stylus CX4800 Series" /O6 "USB001" /M "Stylus CX4800"
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [sibneyho] C:\ahavgqvk.bat
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1144093852500
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: winxgo32 - winxgo32.dll (file missing)
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: EPSON V3 Service2(03) (EPSON_PM_RPCV2_01) - SEIKO EPSON CORPORATION - C:\WINDOWS\system32\E_S00RP1.EXE
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Epson Printer Status Agent4 (StatusAgent4) - SEIKO EPSON CORPORATION - C:\WINDOWS\system32\SAgent4.exe







SmitFraudFix v2.34

Scan done at 16:51:50.09, Tue 04/25/2006
Run from C:\Documents and Settings\Sean Ferreyra\Desktop
OS: Microsoft Windows XP [Version 5.1.2600]

Killing process


Deleting infected files

C:\WINDOWS\system32\dfrgsrv.exe Deleted
C:\WINDOWS\system32\hp????.tmp Deleted
C:\WINDOWS\system32\ncompat.tlb Deleted
C:\WINDOWS\system32\ot.ico Deleted
C:\WINDOWS\system32\ts.ico Deleted
C:\WINDOWS\system32\1024\ Deleted

Deleting Temp Files


Registry Cleaning

Registry Cleaning done.

End











---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------

+ Created on: 8:31:51 PM, 4/25/2006
+ Report-Checksum: 16023222

+ Scan result:

HKLM\SOFTWARE\Classes\CLSID\{364B6276-C6C1-40B6-A6D7-6C48871FD707} -> Adware.Accoona : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{944864A5-3916-46E2-96A9-A2E84F3F1208} -> Adware.Accoona : Cleaned with backup
HKLM\SOFTWARE\Clickspring -> Adware.PurityScan : Cleaned with backup
HKU\S-1-5-21-1808412286-2808600143-4247538886-1014\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{944864A5-3916-46E2-96A9-A2E84F3F1208} -> Adware.Accoona : Cleaned with backup
:mozilla.6:C:\Documents and Settings\Sean Ferreyra\Application Data\Mozilla\Firefox\Profiles\y4twwj8q.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.7:C:\Documents and Settings\Sean Ferreyra\Application Data\Mozilla\Firefox\Profiles\y4twwj8q.default\cookies.txt -> TrackingCookie.247realmedia : Cleaned with backup
:mozilla.8:C:\Documents and Settings\Sean Ferreyra\Application Data\Mozilla\Firefox\Profiles\y4twwj8q.default\cookies.txt -> TrackingCookie.247realmedia : Cleaned with backup
:mozilla.9:C:\Documents and Settings\Sean Ferreyra\Application Data\Mozilla\Firefox\Profiles\y4twwj8q.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.10:C:\Documents and Settings\Sean Ferreyra\Application Data\Mozilla\Firefox\Profiles\y4twwj8q.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.11:C:\Documents and Settings\Sean Ferreyra\Application Data\Mozilla\Firefox\Profiles\y4twwj8q.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.12:C:\Documents and Settings\Sean Ferreyra\Application Data\Mozilla\Firefox\Profiles\y4twwj8q.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.13:C:\Documents and Settings\Sean Ferreyra\Application Data\Mozilla\Firefox\Profiles\y4twwj8q.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.14:C:\Documents and Settings\Sean Ferreyra\Application Data\Mozilla\Firefox\Profiles\y4twwj8q.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.15:C:\Documents and Settings\Sean Ferreyra\Application Data\Mozilla\Firefox\Profiles\y4twwj8q.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.16:C:\Documents and Settings\Sean Ferreyra\Application Data\Mozilla\Firefox\Profiles\y4twwj8q.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.17:C:\Documents and Settings\Sean Ferreyra\Application Data\Mozilla\Firefox\Profiles\y4twwj8q.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.18:C:\Documents and Settings\Sean Ferreyra\Application Data\Mozilla\Firefox\Profiles\y4twwj8q.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.19:C:\Documents and Settings\Sean Ferreyra\Application Data\Mozilla\Firefox\Profiles\y4twwj8q.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.20:C:\Documents and Settings\Sean Ferreyra\Application Data\Mozilla\Firefox\Profiles\y4twwj8q.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.21:C:\Documents and Settings\Sean Ferreyra\Application Data\Mozilla\Firefox\Profiles\y4twwj8q.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.22:C:\Documents and Settings\Sean Ferreyra\Application Data\Mozilla\Firefox\Profiles\y4twwj8q.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.23:C:\Documents and Settings\Sean Ferreyra\Application Data\Mozilla\Firefox\Profiles\y4twwj8q.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.24:C:\Documents and Settings\Sean Ferreyra\Application Data\Mozilla\Firefox\Profiles\y4twwj8q.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.25:C:\Documents and Settings\Sean Ferreyra\Application Data\Mozilla\Firefox\Profiles\y4twwj8q.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.26:C:\Documents and Settings\Sean Ferreyra\Application Data\Mozilla\Firefox\Profiles\y4twwj8q.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.27:C:\Documents and Settings\Sean Ferreyra\Application Data\Mozilla\Firefox\Profiles\y4twwj8q.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.28:C:\Documents and Settings\Sean Ferreyra\Application Data\Mozilla\Firefox\Profiles\y4twwj8q.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.46:C:\Documents and Settings\Sean Ferreyra\Application Data\Mozilla\Firefox\Profiles\y4twwj8q.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.47:C:\Documents and Settings\Sean Ferreyra\Application Data\Mozilla\Firefox\Profiles\y4twwj8q.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.48:C:\Documents and Settings\Sean Ferreyra\Application Data\Mozilla\Firefox\Profiles\y4twwj8q.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.51:C:\Documents and Settings\Sean Ferreyra\Application Data\Mozilla\Firefox\Profiles\y4twwj8q.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned with backup
:mozilla.52:C:\Documents and Settings\Sean Ferreyra\Application Data\Mozilla\Firefox\Profiles\y4twwj8q.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned with backup
:mozilla.53:C:\Documents and Settings\Sean Ferreyra\Application Data\Mozilla\Firefox\Profiles\y4twwj8q.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
:mozilla.55:C:\Documents and Settings\Sean Ferreyra\Application Data\Mozilla\Firefox\Profiles\y4twwj8q.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.56:C:\Documents and Settings\Sean Ferreyra\Application Data\Mozilla\Firefox\Profiles\y4twwj8q.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.57:C:\Documents and Settings\Sean Ferreyra\Application Data\Mozilla\Firefox\Profiles\y4twwj8q.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.58:C:\Documents and Settings\Sean Ferreyra\Application Data\Mozilla\Firefox\Profiles\y4twwj8q.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.70:C:\Documents and Settings\Sean Ferreyra\Application Data\Mozilla\Firefox\Profiles\y4twwj8q.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.71:C:\Documents and Settings\Sean Ferreyra\Application Data\Mozilla\Firefox\Profiles\y4twwj8q.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.72:C:\Documents and Settings\Sean Ferreyra\Application Data\Mozilla\Firefox\Profiles\y4twwj8q.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.73:C:\Documents and Settings\Sean Ferreyra\Application Data\Mozilla\Firefox\Profiles\y4twwj8q.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.74:C:\Documents and Settings\Sean Ferreyra\Application Data\Mozilla\Firefox\Profiles\y4twwj8q.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.95:C:\Documents and Settings\Sean Ferreyra\Application Data\Mozilla\Firefox\Profiles\y4twwj8q.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.96:C:\Documents and Settings\Sean Ferreyra\Application Data\Mozilla\Firefox\Profiles\y4twwj8q.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned with backup
:mozilla.97:C:\Documents and Settings\Sean Ferreyra\Application Data\Mozilla\Firefox\Profiles\y4twwj8q.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
:mozilla.103:C:\Documents and Settings\Sean Ferreyra\Application Data\Mozilla\Firefox\Profiles\y4twwj8q.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.104:C:\Documents and Settings\Sean Ferreyra\Application Data\Mozilla\Firefox\Profiles\y4twwj8q.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.105:C:\Documents and Settings\Sean Ferreyra\Application Data\Mozilla\Firefox\Profiles\y4twwj8q.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.106:C:\Documents and Settings\Sean Ferreyra\Application Data\Mozilla\Firefox\Profiles\y4twwj8q.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.107:C:\Documents and Settings\Sean Ferreyra\Application Data\Mozilla\Firefox\Profiles\y4twwj8q.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.108:C:\Documents and Settings\Sean Ferreyra\Application Data\Mozilla\Firefox\Profiles\y4twwj8q.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.115:C:\Documents and Settings\Sean Ferreyra\Application Data\Mozilla\Firefox\Profiles\y4twwj8q.default\cookies.txt -> TrackingCookie.Bridgetrack : Cleaned with backup
:mozilla.116:C:\Documents and Settings\Sean Ferreyra\Application Data\Mozilla\Firefox\Profiles\y4twwj8q.default\cookies.txt -> TrackingCookie.Bridgetrack : Cleaned with backup
:mozilla.117:C:\Documents and Settings\Sean Ferreyra\Application Data\Mozilla\Firefox\Profiles\y4twwj8q.default\cookies.txt -> TrackingCookie.Bridgetrack : Cleaned with backup
:mozilla.126:C:\Documents and Settings\Sean Ferreyra\Application Data\Mozilla\Firefox\Profiles\y4twwj8q.default\cookies.txt -> TrackingCookie.Com : Cleaned with backup
:mozilla.156:C:\Documents and Settings\Sean Ferreyra\Application Data\Mozilla\Firefox\Profiles\y4twwj8q.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup
:mozilla.157:C:\Documents and Settings\Sean Ferreyra\Application Data\Mozilla\Firefox\Profiles\y4twwj8q.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup
:mozilla.158:C:\Documents and Settings\Sean Ferreyra\Application Data\Mozilla\Firefox\Profiles\y4twwj8q.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.191:C:\Documents and Settings\Sean Ferreyra\Application Data\Mozilla\Firefox\Profiles\y4twwj8q.default\cookies.txt -> TrackingCookie.Hotlog : Cleaned with backup
:mozilla.197:C:\Documents and Settings\Sean Ferreyra\Application Data\Mozilla\Firefox\Profiles\y4twwj8q.default\cookies.txt -> TrackingCookie.Masterstats : Cleaned with backup
:mozilla.219:C:\Documents and Settings\Sean Ferreyra\Application Data\Mozilla\Firefox\Profiles\y4twwj8q.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
:mozilla.220:C:\Documents and Settings\Sean Ferreyra\Application Data\Mozilla\Firefox\Profiles\y4twwj8q.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
:mozilla.221:C:\Documents and Settings\Sean Ferreyra\Application Data\Mozilla\Firefox\Profiles\y4twwj8q.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
:mozilla.222:C:\Documents and Settings\Sean Ferreyra\Application Data\Mozilla\Firefox\Profiles\y4twwj8q.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
:mozilla.229:C:\Documents and Settings\Sean Ferreyra\Application Data\Mozilla\Firefox\Profiles\y4twwj8q.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.239:C:\Documents and Settings\Sean Ferreyra\Application Data\Mozilla\Firefox\Profiles\y4twwj8q.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.263:C:\Documents and Settings\Sean Ferreyra\Application Data\Mozilla\Firefox\Profiles\y4twwj8q.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.269:C:\Documents and Settings\Sean Ferreyra\Application Data\Mozilla\Firefox\Profiles\y4twwj8q.default\cookies.txt -> TrackingCookie.Overture : Cleaned with backup
:mozilla.270:C:\Documents and Settings\Sean Ferreyra\Application Data\Mozilla\Firefox\Profiles\y4twwj8q.default\cookies.txt -> TrackingCookie.Overture : Cleaned with backup
:mozilla.272:C:\Documents and Settings\Sean Ferreyra\Application Data\Mozilla\Firefox\Profiles\y4twwj8q.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.282:C:\Documents and Settings\Sean Ferreyra\Application Data\Mozilla\Firefox\Profiles\y4twwj8q.default\cookies.txt -> TrackingCookie.Overture : Cleaned with backup
:mozilla.288:C:\Documents and Settings\Sean Ferreyra\Application Data\Mozilla\Firefox\Profiles\y4twwj8q.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup
:mozilla.289:C:\Documents and Settings\Sean Ferreyra\Application Data\Mozilla\Firefox\Profiles\y4twwj8q.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup
:mozilla.301:C:\Documents and Settings\Sean Ferreyra\Application Data\Mozilla\Firefox\Profiles\y4twwj8q.default\cookies.txt -> TrackingCookie.Adjuggler : Cleaned with backup
:mozilla.307:C:\Documents and Settings\Sean Ferreyra\Application Data\Mozilla\Firefox\Profiles\y4twwj8q.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup
:mozilla.308:C:\Documents and Settings\Sean Ferreyra\Application Data\Mozilla\Firefox\Profiles\y4twwj8q.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup
:mozilla.309:C:\Documents and Settings\Sean Ferreyra\Application Data\Mozilla\Firefox\Profiles\y4twwj8q.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup
:mozilla.319:C:\Documents and Settings\Sean Ferreyra\Application Data\Mozilla\Firefox\Profiles\y4twwj8q.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup
:mozilla.320:C:\Documents and Settings\Sean Ferreyra\Application Data\Mozilla\Firefox\Profiles\y4twwj8q.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup
:mozilla.321:C:\Documents and Settings\Sean Ferreyra\Application Data\Mozilla\Firefox\Profiles\y4twwj8q.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup
:mozilla.328:C:\Documents and Settings\Sean Ferreyra\Application Data\Mozilla\Firefox\Profiles\y4twwj8q.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.329:C:\Documents and Settings\Sean Ferreyra\Application Data\Mozilla\Firefox\Profiles\y4twwj8q.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.330:C:\Documents and Settings\Sean Ferreyra\Application Data\Mozilla\Firefox\Profiles\y4twwj8q.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.331:C:\Documents and Settings\Sean Ferreyra\Application Data\Mozilla\Firefox\Profiles\y4twwj8q.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.345:C:\Documents and Settings\Sean Ferreyra\Application Data\Mozilla\Firefox\Profiles\y4twwj8q.default\cookies.txt -> TrackingCookie.Spylog : Cleaned with backup
:mozilla.348:C:\Documents and Settings\Sean Ferreyra\Application Data\Mozilla\Firefox\Profiles\y4twwj8q.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.349:C:\Documents and Settings\Sean Ferreyra\Application Data\Mozilla\Firefox\Profiles\y4twwj8q.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.350:C:\Documents and Settings\Sean Ferreyra\Application Data\Mozilla\Firefox\Profiles\y4twwj8q.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.351:C:\Documents and Settings\Sean Ferreyra\Application Data\Mozilla\Firefox\Profiles\y4twwj8q.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.365:C:\Documents and Settings\Sean Ferreyra\Application Data\Mozilla\Firefox\Profiles\y4twwj8q.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup
:mozilla.366:C:\Documents and Settings\Sean Ferreyra\Application Data\Mozilla\Firefox\Profiles\y4twwj8q.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup
:mozilla.376:C:\Documents and Settings\Sean Ferreyra\Application Data\Mozilla\Firefox\Profiles\y4twwj8q.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned with backup
:mozilla.377:C:\Documents and Settings\Sean Ferreyra\Application Data\Mozilla\Firefox\Profiles\y4twwj8q.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.378:C:\Documents and Settings\Sean Ferreyra\Application Data\Mozilla\Firefox\Profiles\y4twwj8q.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.379:C:\Documents and Settings\Sean Ferreyra\Application Data\Mozilla\Firefox\Profiles\y4twwj8q.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.380:C:\Documents and Settings\Sean Ferreyra\Application Data\Mozilla\Firefox\Profiles\y4twwj8q.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.381:C:\Documents and Settings\Sean Ferreyra\Application Data\Mozilla\Firefox\Profiles\y4twwj8q.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.382:C:\Documents and Settings\Sean Ferreyra\Application Data\Mozilla\Firefox\Profiles\y4twwj8q.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.383:C:\Documents and Settings\Sean Ferreyra\Application Data\Mozilla\Firefox\Profiles\y4twwj8q.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.384:C:\Documents and Settings\Sean Ferreyra\Application Data\Mozilla\Firefox\Profiles\y4twwj8q.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.385:C:\Documents and Settings\Sean Ferreyra\Application Data\Mozilla\Firefox\Profiles\y4twwj8q.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.386:C:\Documents and Settings\Sean Ferreyra\Application Data\Mozilla\Firefox\Profiles\y4twwj8q.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
:mozilla.387:C:\Documents and Settings\Sean Ferreyra\Application Data\Mozilla\Firefox\Profiles\y4twwj8q.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
:mozilla.388:C:\Documents and Settings\Sean Ferreyra\Application Data\Mozilla\Firefox\Profiles\y4twwj8q.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
:mozilla.473:C:\Documents and Settings\Sean Ferreyra\Application Data\Mozilla\Firefox\Profiles\y4twwj8q.default\cookies.txt -> TrackingCookie.Yadro : Cleaned with backup
:mozilla.474:C:\Documents and Settings\Sean Ferreyra\Application Data\Mozilla\Firefox\Profiles\y4twwj8q.default\cookies.txt -> TrackingCookie.Yadro : Cleaned with backup
:mozilla.488:C:\Documents and Settings\Sean Ferreyra\Application Data\Mozilla\Firefox\Profiles\y4twwj8q.default\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup
:mozilla.489:C:\Documents and Settings\Sean Ferreyra\Application Data\Mozilla\Firefox\Profiles\y4twwj8q.default\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup
:mozilla.490:C:\Documents and Settings\Sean Ferreyra\Application Data\Mozilla\Firefox\Profiles\y4twwj8q.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
:mozilla.491:C:\Documents and Settings\Sean Ferreyra\Application Data\Mozilla\Firefox\Profiles\y4twwj8q.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
:mozilla.492:C:\Documents and Settings\Sean Ferreyra\Application Data\Mozilla\Firefox\Profiles\y4twwj8q.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
:mozilla.493:C:\Documents and Settings\Sean Ferreyra\Application Data\Mozilla\Firefox\Profiles\y4twwj8q.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.494:C:\Documents and Settings\Sean Ferreyra\Application Data\Mozilla\Firefox\Profiles\y4twwj8q.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.495:C:\Documents and Settings\Sean Ferreyra\Application Data\Mozilla\Firefox\Profiles\y4twwj8q.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.11:C:\Documents and Settings\Sean Robert Ferreyra.SEAN\Application Data\Mozilla\Firefox\Profiles\e72gi9wq.Default User\cookies.txt -> TrackingCookie.Zedo : Error during cleaning
:mozilla.12:C:\Documents and Settings\Sean Robert Ferreyra.SEAN\Application Data\Mozilla\Firefox\Profiles\e72gi9wq.Default User\cookies.txt -> TrackingCookie.Zedo : Error during cleaning
:mozilla.13:C:\Documents and Settings\Sean Robert Ferreyra.SEAN\Application Data\Mozilla\Firefox\Profiles\e72gi9wq.Default User\cookies.txt -> TrackingCookie.Zedo : Error during cleaning
:mozilla.14:C:\Documents and Settings\Sean Robert Ferreyra.SEAN\Application Data\Mozilla\Firefox\Profiles\e72gi9wq.Default User\cookies.txt -> TrackingCookie.2o7 : Error during cleaning
:mozilla.17:C:\Documents and Settings\Sean Robert Ferreyra.SEAN\Application Data\Mozilla\Firefox\Profiles\e72gi9wq.Default User\cookies.txt -> TrackingCookie.247realmedia : Error during cleaning
:mozilla.18:C:\Documents and Settings\Sean Robert Ferreyra.SEAN\Application Data\Mozilla\Firefox\Profiles\e72gi9wq.Default User\cookies.txt -> TrackingCookie.247realmedia : Error during cleaning
:mozilla.19:C:\Documents and Settings\Sean Robert Ferreyra.SEAN\Application Data\Mozilla\Firefox\Profiles\e72gi9wq.Default User\cookies.txt -> TrackingCookie.2o7 : Error during cleaning
:mozilla.20:C:\Documents and Settings\Sean Robert Ferreyra.SEAN\Application Data\Mozilla\Firefox\Profiles\e72gi9wq.Default User\cookies.txt -> TrackingCookie.2o7 : Error during cleaning
:mozilla.21:C:\Documents and Settings\Sean Robert Ferreyra.SEAN\Application Data\Mozilla\Firefox\Profiles\e72gi9wq.Default User\cookies.txt -> TrackingCookie.2o7 : Error during cleaning
:mozilla.22:C:\Documents and Settings\Sean Robert Ferreyra.SEAN\Application Data\Mozilla\Firefox\Profiles\e72gi9wq.Default User\cookies.txt -> TrackingCookie.2o7 : Error during cleaning
:mozilla.23:C:\Documents and Settings\Sean Robert Ferreyra.SEAN\Application Data\Mozilla\Firefox\Profiles\e72gi9wq.Default User\cookies.txt -> TrackingCookie.2o7 : Error during cleaning
:mozilla.24:C:\Documents and Settings\Sean Robert Ferreyra.SEAN\Application Data\Mozilla\Firefox\Profiles\e72gi9wq.Default User\cookies.txt -> TrackingCookie.2o7 : Error during cleaning
:mozilla.25:C:\Documents and Settings\Sean Robert Ferreyra.SEAN\Application Data\Mozilla\Firefox\Profiles\e72gi9wq.Default User\cookies.txt -> TrackingCookie.2o7 : Error during cleaning
:mozilla.26:C:\Documents and Settings\Sean Robert Ferreyra.SEAN\Application Data\Mozilla\Firefox\Profiles\e72gi9wq.Default User\cookies.txt -> TrackingCookie.2o7 : Error during cleaning
:mozilla.27:C:\Documents and Settings\Sean Robert Ferreyra.SEAN\Application Data\Mozilla\Firefox\Profiles\e72gi9wq.Default User\cookies.txt -> TrackingCookie.2o7 : Error during cleaning
:mozilla.28:C:\Documents and Settings\Sean Robert Ferreyra.SEAN\Application Data\Mozilla\Firefox\Profiles\e72gi9wq.Default User\cookies.txt -> TrackingCookie.2o7 : Error during cleaning
:mozilla.29:C:\Documents and Settings\Sean Robert Ferreyra.SEAN\Application Data\Mozilla\Firefox\Profiles\e72gi9wq.Default User\cookies.txt -> TrackingCookie.2o7 : Error during cleaning
:mozilla.30:C:\Documents and Settings\Sean Robert Ferreyra.SEAN\Application Data\Mozilla\Firefox\Profiles\e72gi9wq.Default User\cookies.txt -> TrackingCookie.2o7 : Error during cleaning
:mozilla.31:C:\Documents and Settings\Sean Robert Ferreyra.SEAN\Application Data\Mozilla\Firefox\Profiles\e72gi9wq.Default User\cookies.txt -> TrackingCookie.2o7 : Error during cleaning
:mozilla.32:C:\Documents and Settings\Sean Robert Ferreyra.SEAN\Application Data\Mozilla\Firefox\Profiles\e72gi9wq.Default User\cookies.txt -> TrackingCookie.2o7 : Error during cleaning
:mozilla.33:C:\Documents and Settings\Sean Robert Ferreyra.SEAN\Application Data\Mozilla\Firefox\Profiles\e72gi9wq.Default User\cookies.txt -> TrackingCookie.2o7 : Error during cleaning
:mozilla.34:C:\Documents and Settings\Sean Robert Ferreyra.SEAN\Application Data\Mozilla\Firefox\Profiles\e72gi9wq.Default User\cookies.txt -> TrackingCookie.2o7 : Error during cleaning
:mozilla.35:C:\Documents and Settings\Sean Robert Ferreyra.SEAN\Application Data\Mozilla\Firefox\Profiles\e72gi9wq.Default User\cookies.txt -> TrackingCookie.2o7 : Error during cleaning
:mozilla.36:C:\Documents and Settings\Sean Robert Ferreyra.SEAN\Application Data\Mozilla\Firefox\Profiles\e72gi9wq.Default User\cookies.txt -> TrackingCookie.2o7 : Error during cleaning
:mozilla.37:C:\Documents and Settings\Sean Robert Ferreyra.SEAN\Application Data\Mozilla\Firefox\Profiles\e72gi9wq.Default User\cookies.txt -> TrackingCookie.2o7 : Error during cleaning
:mozilla.38:C:\Documents and Settings\Sean Robert Ferreyra.SEAN\Application Data\Mozilla\Firefox\Profiles\e72gi9wq.Default User\cookies.txt -> TrackingCookie.2o7 : Error during cleaning
:mozilla.39:C:\Documents and Settings\Sean Robert Ferreyra.SEAN\Application Data\Mozilla\Firefox\Profiles\e72gi9wq.Default User\cookies.txt -> TrackingCookie.2o7 : Error during cleaning
:mozilla.40:C:\Documents and Settings\Sean Robert Ferreyra.SEAN\Application Data\Mozilla\Firefox\Profiles\e72gi9wq.Default User\cookies.txt -> TrackingCookie.2o7 : Error during cleaning
:mozilla.41:C:\Documents and Settings\Sean Robert Ferreyra.SEAN\Application Data\Mozilla\Firefox\Profiles\e72gi9wq.Default User\cookies.txt -> TrackingCookie.2o7 : Error during cleaning
:mozilla.42:C:\Documents and Settings\Sean Robert Ferreyra.SEAN\Application Data\Mozilla\Firefox\Profiles\e72gi9wq.Default User\cookies.txt -> TrackingCookie.2o7 : Error during cleaning
:mozilla.43:C:\Documents and Settings\Sean Robert Ferreyra.SEAN\Application Data\Mozilla\Firefox\Profiles\e72gi9wq.Default User\cookies.txt -> TrackingCookie.2o7 : Error during cleaning
:mozilla.44:C:\Documents and Settings\Sean Robert Ferreyra.SEAN\Application Data\Mozilla\Firefox\Profiles\e72gi9wq.Default User\cookies.txt -> TrackingCookie.2o7 : Error during cleaning
:mozilla.45:C:\Documents and Settings\Sean Robert Ferreyra.SEAN\Application Data\Mozilla\Firefox\Profiles\e72gi9wq.Default User\cookies.txt -> TrackingCookie.2o7 : Error during cleaning
:mozilla.46:C:\Documents and Settings\Sean Robert Ferreyra.SEAN\Application Data\Mozilla\Firefox\Profiles\e72gi9wq.Default User\cookies.txt -> TrackingCookie.2o7 : Error during cleaning
:mozilla.47:C:\Documents and Settings\Sean Robert Ferreyra.SEAN\Application Data\Mozilla\Firefox\Profiles\e72gi9wq.Default User\cookies.txt -> TrackingCookie.2o7 : Error during cleaning
:mozilla.48:C:\Documents and Settings\Sean Robert Ferreyra.SEAN\Application Data\Mozilla\Firefox\Profiles\e72gi9wq.Default User\cookies.txt -> TrackingCookie.2o7 : Error during cleaning
:mozilla.49:C:\Documents and Settings\Sean Robert Ferreyra.SEAN\Application Data\Mozilla\Firefox\Profiles\e72gi9wq.Default User\cookies.txt -> TrackingCookie.2o7 : Error during cleaning
:mozilla.50:C:\Documents and Settings\Sean Robert Ferreyra.SEAN\Application Data\Mozilla\Firefox\Profiles\e72gi9wq.Default User\cookies.txt -> TrackingCookie.2o7 : Error during cleaning
:mozilla.51:C:\Documents and Settings\Sean Robert Ferreyra.SEAN\Application Data\Mozilla\Firefox\Profiles\e72gi9wq.Default User\cookies.txt -> TrackingCookie.2o7 : Error during cleaning
:mozilla.52:C:\Documents and Settings\Sean Robert Ferreyra.SEAN\Application Data\Mozilla\Firefox\Profiles\e72gi9wq.Default User\cookies.txt -> TrackingCookie.2o7 : Error during cleaning
:mozilla.53:C:\Documents and Settings\Sean Robert Ferreyra.SEAN\Application Data\Mozilla\Firefox\Profiles\e72gi9wq.Default User\cookies.txt -> TrackingCookie.2o7 : Error during cleaning
:mozilla.54:C:\Documents and Settings\Sean Robert Ferreyra.SEAN\Application Data\Mozilla\Firefox\Profiles\e72gi9wq.Default User\cookies.txt -> TrackingCookie.2o7 : Error during cleaning
:mozilla.55:C:\Documents and Settings\Sean Robert Ferreyra.SEAN\Application Data\Mozilla\Firefox\Profiles\e72gi9wq.Default User\cookies.txt -> TrackingCookie.2o7 : Error during cleaning
:mozilla.94:C:\Documents and Settings\Sean Robert Ferreyra.SEAN\Application Data\Mozilla\Firefox\Profiles\e72gi9wq.Default User\cookies.txt -> TrackingCookie.Adbrite : Error during cleaning
:mozilla.95:C:\Documents and Settings\Sean Robert Ferreyra.SEAN\Application Data\Mozilla\Firefox\Profiles\e72gi9wq.Default User\cookies.txt -> TrackingCookie.Adbrite : Error during cleaning
:mozilla.101:C:\Documents and Settings\Sean Robert Ferreyra.SEAN\Application Data\Mozilla\Firefox\Profiles\e72gi9wq.Default User\cookies.txt -> TrackingCookie.Euroclick : Error during cleaning
:mozilla.102:C:\Documents and Settings\Sean Robert Ferreyra.SEAN\Application Data\Mozilla\Firefox\Profiles\e72gi9wq.Default User\cookies.txt -> TrackingCookie.Specificclick : Error during cleaning
:mozilla.103:C:\Documents and Settings\Sean Robert Ferreyra.SEAN\Application Data\Mozilla\Firefox\Profiles\e72gi9wq.Default User\cookies.txt -> TrackingCookie.Adrevolver : Error during cleaning
:mozilla.106:C:\Documents and Settings\Sean Robert Ferreyra.SEAN\Application Data\Mozilla\Firefox\Profiles\e72gi9wq.Default User\cookies.txt -> TrackingCookie.Pointroll : Error during cleaning
:mozilla.107:C:\Documents and Settings\Sean Robert Ferreyra.SEAN\Application Data\Mozilla\Firefox\Profiles\e72gi9wq.Default User\cookies.txt -> TrackingCookie.Pointroll : Error during cleaning
:mozilla.108:C:\Documents and Settings\Sean Robert Ferreyra.SEAN\Application Data\Mozilla\Firefox\Profiles\e72gi9wq.Default User\cookies.txt -> TrackingCookie.Pointroll : Error during cleaning
:mozilla.109:C:\Documents and Settings\Sean Robert Ferreyra.SEAN\Application Data\Mozilla\Firefox\Profiles\e72gi9wq.Default User\cookies.txt -> TrackingCookie.Pointroll : Error during cleaning
:mozilla.110:C:\Documents and Settings\Sean Robert Ferreyra.SEAN\Application Data\Mozilla\Firefox\Profiles\e72gi9wq.Default User\cookies.txt -> TrackingCookie.Pointroll : Error during cleaning
:mozilla.145:C:\Documents and Settings\Sean Robert Ferreyra.SEAN\Application Data\Mozilla\Firefox\Profiles\e72gi9wq.Default User\cookies.txt -> TrackingCookie.Falkag : Error during cleaning
:mozilla.150:C:\Documents and Settings\Sean Robert Ferreyra.SEAN\Application Data\Mozilla\Firefox\Profiles\e72gi9wq.Default User\cookies.txt -> TrackingCookie.Falkag : Error during cleaning
:mozilla.151:C:\Documents and Settings\Sean Robert Ferreyra.SEAN\Application Data\Mozilla\Firefox\Profiles\e72gi9wq.Default User\cookies.txt -> TrackingCookie.Falkag : Error during cleaning
:mozilla.162:C:\Documents and Settings\Sean Robert Ferreyra.SEAN\Application Data\Mozilla\Firefox\Profiles\e72gi9wq.Default User\cookies.txt -> TrackingCookie.2o7 : Error during cleaning
:mozilla.174:C:\Documents and Settings\Sean Robert Ferreyra.SEAN\Application Data\Mozilla\Firefox\Profiles\e72gi9wq.Default User\cookies.txt -> TrackingCookie.Serving-sys : Error during cleaning
:mozilla.177:C:\Documents and Settings\Sean Robert Ferreyra.SEAN\Application Data\Mozilla\Firefox\Profiles\e72gi9wq.Default User\cookies.txt -> TrackingCookie.Burstnet : Error during cleaning
:mozilla.178:C:\Documents and Settings\Sean Robert Ferreyra.SEAN\Application Data\Mozilla\Firefox\Profiles\e72gi9wq.Default User\cookies.txt -> TrackingCookie.Burstnet : Error during cleaning
:mozilla.179:C:\Documents and Settings\Sean Robert Ferreyra.SEAN\Application Data\Mozilla\Firefox\Profiles\e72gi9wq.Default User\cookies.txt -> TrackingCookie.Burstnet : Error during cleaning
:mozilla.184:C:\Documents and Settings\Sean Robert Ferreyra.SEAN\Application Data\Mozilla\Firefox\Profiles\e72gi9wq.Default User\cookies.txt -> TrackingCookie.Zedo : Error during cleaning
:mozilla.192:C:\Documents and Settings\Sean Robert Ferreyra.SEAN\Application Data\Mozilla\Firefox\Profiles\e72gi9wq.Default User\cookies.txt -> TrackingCookie.Casalemedia : Error during cleaning
:mozilla.193:C:\Documents and Settings\Sean Robert Ferreyra.SEAN\Application Data\Mozilla\Firefox\Profiles\e72gi9wq.Default User\cookies.txt -> TrackingCookie.Casalemedia : Error during cleaning
:mozilla.194:C:\Documents and Settings\Sean Robert Ferreyra.SEAN\Application Data\Mozilla\Firefox\Profiles\e72gi9wq.Default User\cookies.txt -> TrackingCookie.Casalemedia : Error during cleaning
:mozilla.195:C:\Documents and Settings\Sean Robert Ferreyra.SEAN\Application Data\Mozilla\Firefox\Profiles\e72gi9wq.Default User\cookies.txt -> TrackingCookie.Casalemedia : Error during cleaning
:mozilla.196:C:\Documents and Settings\Sean Robert Ferreyra.SEAN\Application Data\Mozilla\Firefox\Profiles\e72gi9wq.Default User\cookies.txt -> TrackingCookie.Casalemedia : Error during cleaning
:mozilla.197:C:\Documents and Settings\Sean Robert Ferreyra.SEAN\Application Data\Mozilla\Firefox\Profiles\e72gi9wq.Default User\cookies.txt -> TrackingCookie.Casalemedia : Error during cleaning
:mozilla.200:C:\Documents and Settings\Sean Robert Ferreyra.SEAN\Application Data\Mozilla\Firefox\Profiles\e72gi9wq.Default User\cookies.txt -> TrackingCookie.Centrport : Error during cleaning
:mozilla.204:C:\Documents and Settings\Sean Robert Ferreyra.SEAN\Application Data\Mozilla\Firefox\Profiles\e72gi9wq.Default User\cookies.txt -> TrackingCookie.Clickbank : Error during cleaning
:mozilla.209:C:\Documents and Settings\Sean Robert Ferreyra.SEAN\Application Data\Mozilla\Firefox\Profiles\e72gi9wq.Default User\cookies.txt -> TrackingCookie.2o7 : Error during cleaning
:mozilla.214:C:\Documents and Settings\Sean Robert Ferreyra.SEAN\Application Data\Mozilla\Firefox\Profiles\e72gi9wq.Default User\cookies.txt -> TrackingCookie.Com : Error during cleaning
:mozilla.215:C:\Documents and Settings\Sean Robert Ferreyra.SEAN\Application Data\Mozilla\Firefox\Profiles\e72gi9wq.Default User\cookies.txt -> TrackingCookie.Com : Error during cleaning
:mozilla.224:C:\Documents and Settings\Sean Robert Ferreyra.SEAN\Application Data\Mozilla\Firefox\Profiles\e72gi9wq.Default User\cookies.txt -> TrackingCookie.Sexcounter : Error during cleaning
:mozilla.225:C:\Documents and Settings\Sean Robert Ferreyra.SEAN\Application Data\Mozilla\Firefox\Profiles\e72gi9wq.Default User\cookies.txt -> TrackingCookie.Sexcounter : Error during cleaning
:mozilla.227:C:\Documents and Settings\Sean Robert Ferreyra.SEAN\Application Data\Mozilla\Firefox\Profiles\e72gi9wq.Default User\cookies.txt -> TrackingCookie.Clickzs : Error during cleaning
:mozilla.228:C:\Documents and Settings\Sean Robert Ferreyra.SEAN\Application Data\Mozilla\Firefox\Profiles\e72gi9wq.Default User\cookies.txt -> TrackingCookie.Clickzs : Error during cleaning
:mozilla.267:C:\Documents and Settings\Sean Robert Ferreyra.SEAN\Application Data\Mozilla\Firefox\Profiles\e72gi9wq.Default User\cookies.txt -> TrackingCookie.2o7 : Error during cleaning
:mozilla.268:C:\Documents and Settings\Sean Robert Ferreyra.SEAN\Application Data\Mozilla\Firefox\Profiles\e72gi9wq.Default User\cookies.txt -> TrackingCookie.Ru4 : Error during cleaning
:mozilla.269:C:\Documents and Settings\Sean Robert Ferreyra.SEAN\Application Data\Mozilla\Firefox\Profiles\e72gi9wq.Default User\cookies.txt -> TrackingCookie.Ru4 : Error during cleaning
:mozilla.270:C:\Documents and Settings\Sean Robert Ferreyra.SEAN\Application Data\Mozilla\Firefox\Profiles\e72gi9wq.Default User\cookies.txt -> TrackingCookie.Ru4 : Error during cleaning
:mozilla.282:C:\Documents and Settings\Sean Robert Ferreyra.SEAN\Application Data\Mozilla\Firefox\Profiles\e72gi9wq.Default User\cookies.txt -> TrackingCookie.2o7 : Error during cleaning
:mozilla.297:C:\Documents and Settings\Sean Robert Ferreyra.SEAN\Application Data\Mozilla\Firefox\Profiles\e72gi9wq.Default User\cookies.txt -> TrackingCookie.Findwhat : Error during cleaning
:mozilla.344:C:\Documents and Settings\Sean Robert Ferreyra.SEAN\Application Data\Mozilla\Firefox\Profiles\e72gi9wq.Default User\cookies.txt -> TrackingCookie.2o7 : Error during cleaning
:mozilla.356:C:\Documents and Settings\Sean Robert Ferreyra.SEAN\Application Data\Mozilla\Firefox\Profiles\e72gi9wq.Default User\cookies.txt -> TrackingCookie.Hotlog : Error during cleaning
:mozilla.360:C:\Documents and Settings\Sean Robert Ferreyra.SEAN\Application Data\Mozilla\Firefox\Profiles\e72gi9wq.Default User\cookies.txt -> TrackingCookie.Hypertracker : Error during cleaning
:mozilla.403:C:\Documents and Settings\Sean Robert Ferreyra.SEAN\Application Data\Mozilla\Firefox\Profiles\e72gi9wq.Default User\cookies.txt -> TrackingCookie.Komtrack : Error during cleaning
:mozilla.427:C:\Documents and Settings\Sean Robert Ferreyra.SEAN\Application Data\Mozilla\Firefox\Profiles\e72gi9wq.Default User\cookies.txt -> TrackingCookie.2o7 : Error during cleaning
:mozilla.450:C:\Documents and Settings\Sean Robert Ferreyra.SEAN\Application Data\Mozilla\Firefox\Profiles\e72gi9wq.Default User\cookies.txt -> TrackingCookie.2o7 : Error during cleaning
:mozilla.531:C:\Documents and Settings\Sean Robert Ferreyra.SEAN\Application Data\Mozilla\Firefox\Profiles\e72gi9wq.Default User\cookies.txt -> TrackingCookie.Overture : Error during cleaning
:mozilla.532:C:\Documents and Settings\Sean Robert Ferreyra.SEAN\Application Data\Mozilla\Firefox\Profiles\e72gi9wq.Default User\cookies.txt -> TrackingCookie.Overture : Error during cleaning
:mozilla.541:C:\Documents and Settings\Sean Robert Ferreyra.SEAN\Application Data\Mozilla\Firefox\Profiles\e72gi9wq.Default User\cookies.txt -> TrackingCookie.Paycounter : Error during cleaning
:mozilla.551:C:\Documents and Settings\Sean Robert Ferreyra.SEAN\Application Data\Mozilla\Firefox\Profiles\e72gi9wq.Default User\cookies.txt -> TrackingCookie.Overture : Error during cleaning
:mozilla.564:C:\Documents and Settings\Sean Robert Ferreyra.SEAN\Application Data\Mozilla\Firefox\Profiles\e72gi9wq.Default User\cookies.txt -> TrackingCookie.Qksrv : Error during cleaning
:mozilla.565:C:\Documents and Settings\Sean Robert Ferreyra.SEAN\Application Data\Mozilla\Firefox\Profiles\e72gi9wq.Default User\cookies.txt -> TrackingCookie.Qksrv : Error during cleaning
:mozilla.566:C:\Documents and Settings\Sean Robert Ferreyra.SEAN\Application Data\Mozilla\Firefox\Profiles\e72gi9wq.Default User\cookies.txt -> TrackingCookie.Questionmarket : Error during cleaning
:mozilla.567:C:\Documents and Settings\Sean Robert Ferreyra.SEAN\Application Data\Mozilla\Firefox\Profiles\e72gi9wq.Default User\cookies.txt -> TrackingCookie.Questionmarket : Error during cleaning
:mozilla.579:C:\Documents and Settings\Sean Robert Ferreyra.SEAN\Application Data\Mozilla\Firefox\Profiles\e72gi9wq.Default User\cookies.txt -> TrackingCookie.Valuead : Error during cleaning
:mozilla.580:C:\Documents and Settings\Sean Robert Ferreyra.SEAN\Application Data\Mozilla\Firefox\Profiles\e72gi9wq.Default User\cookies.txt -> TrackingCookie.Valuead : Error during cleaning
:mozilla.581:C:\Documents and Settings\Sean Robert Ferreyra.SEAN\Application Data\Mozilla\Firefox\Profiles\e72gi9wq.Default User\cookies.txt -> TrackingCookie.Valuead : Error during cleaning
:mozilla.582:C:\Documents and Settings\Sean Robert Ferreyra.SEAN\Application Data\Mozilla\Firefox\Profiles\e72gi9wq.Default User\cookies.txt -> TrackingCookie.Valuead : Error during cleaning
:mozilla.583:C:\Documents and Settings\Sean Robert Ferreyra.SEAN\Application Data\Mozilla\Firefox\Profiles\e72gi9wq.Default User\cookies.txt -> TrackingCookie.Valuead : Error during cleaning
:mozilla.586:C:\Documents and Settings\Sean Robert Ferreyra.SEAN\Application Data\Mozilla\Firefox\Profiles\e72gi9wq.Default User\cookies.txt -> TrackingCookie.Revenue : Error during cleaning
:mozilla.600:C:\Documents and Settings\Sean Robert Ferreyra.SEAN\Application Data\Mozilla\Firefox\Profiles\e72gi9wq.Default User\cookies.txt -> TrackingCookie.Serving-sys : Error during cleaning
:mozilla.601:C:\Documents and Settings\Sean Robert Ferreyra.SEAN\Application Data\Mozilla\Firefox\Profiles\e72gi9wq.Default User\cookies.txt -> TrackingCookie.Serving-sys : Error during cleaning
:mozilla.602:C:\Documents and Settings\Sean Robert Ferreyra.SEAN\Application Data\Mozilla\Firefox\Profiles\e72gi9wq.Default User\cookies.txt -> TrackingCookie.Serving-sys : Error during cleaning
:mozilla.603:C:\Documents and Settings\Sean Robert Ferreyra.SEAN\Application Data\Mozilla\Firefox\Profiles\e72gi9wq.Default User\cookies.txt -> TrackingCookie.Serving-sys : Error during cleaning
:mozilla.604:C:\Documents and Settings\Sean Robert Ferreyra.SEAN\Application Data\Mozilla\Firefox\Profiles\e72gi9wq.Default User\cookies.txt -> TrackingCookie.Serving-sys : Error during cleaning
:mozilla.616:C:\Documents and Settings\Sean Robert Ferreyra.SEAN\Application Data\Mozilla\Firefox\Profiles\e72gi9wq.Default User\cookies.txt -> TrackingCookie.2o7 : Error during cleaning
:mozilla.624:C:\Documents and Settings\Sean Robert Ferreyra.SEAN\Application Data\Mozilla\Firefox\Profiles\e72gi9wq.Default User\cookies.txt -> TrackingCookie.Spylog : Error during cleaning
:mozilla.626:C:\Documents and Settings\Sean Robert Ferreyra.SEAN\Application Data\Mozilla\Firefox\Profiles\e72gi9wq.Default User\cookies.txt -> TrackingCookie.Statcounter : Error during cleaning
:mozilla.627:C:\Documents and Settings\Sean Robert Ferreyra.SEAN\Application Data\Mozilla\Firefox\Profiles\e72gi9wq.Default User\cookies.txt -> TrackingCookie.Statcounter : Error during cleaning
:mozilla.628:C:\Documents and Settings\Sean Robert Ferreyra.SEAN\Application Data\Mozilla\Firefox\Profiles\e72gi9wq.Default User\cookies.txt -> TrackingCookie.Statcounter : Error during cleaning
:mozilla.629:C:\Documents and Settings\Sean Robert Ferreyra.SEAN\Application Data\Mozilla\Firefox\Profiles\e72gi9wq.Default User\cookies.txt -> TrackingCookie.Statcounter : Error during cleaning
:mozilla.630:C:\Documents and Settings\Sean Robert Ferreyra.SEAN\Application Data\Mozilla\Firefox\Profiles\e72gi9wq.Default User\cookies.txt -> TrackingCookie.Statcounter : Error during cleaning
:mozilla.631:C:\Documents and Settings\Sean Robert Ferreyra.SEAN\Application Data\Mozilla\Firefox\Profiles\e72gi9wq.Default User\cookies.txt -> TrackingCookie.Statcounter : Error during cleaning
:mozilla.632:C:\Documents and Settings\Sean Robert Ferreyra.SEAN\Application Data\Mozilla\Firefox\Profiles\e72gi9wq.Default User\cookies.txt -> TrackingCookie.Statcounter : Error during cleaning
:mozilla.633:C:\Documents and Settings\Sean Robert Ferreyra.SEAN\Application Data\Mozilla\Firefox\Profiles\e72gi9wq.Default User\cookies.txt -> TrackingCookie.Statcounter : Error during cleaning
:mozilla.634:C:\Documents and Settings\Sean Robert Ferreyra.SEAN\Application Data\Mozilla\Firefox\Profiles\e72gi9wq.Default User\cookies.txt -> TrackingCookie.Statcounter : Error during cleaning
:mozilla.635:C:\Documents and Settings\Sean Robert Ferreyra.SEAN\Application Data\Mozilla\Firefox\Profiles\e72gi9wq.Default User\cookies.txt -> TrackingCookie.Statcounter : Error during cleaning
:mozilla.636:C:\Documents and Settings\Sean Robert Ferreyra.SEAN\Application Data\Mozilla\Firefox\Profiles\e72gi9wq.Default User\cookies.txt -> TrackingCookie.Statcounter : Error during cleaning
:mozilla.637:C:\Documents and Settings\Sean Robert Ferreyra.SEAN\Application Data\Mozilla\Firefox\Profiles\e72gi9wq.Default User\cookies.txt -> TrackingCookie.Statcounter : Error during cleaning
:mozilla.638:C:\Documents and Settings\Sean Robert Ferreyra.SEAN\Application Data\Mozilla\Firefox\Profiles\e72gi9wq.Default User\cookies.txt -> TrackingCookie.Statcounter : Error during cleaning
:mozilla.639:C:\Documents and Settings\Sean Robert Ferreyra.SEAN\Application Data\Mozilla\Firefox\Profiles\e72gi9wq.Default User\cookies.txt -> TrackingCookie.Statcounter : Error during cleaning<

#14 amateur

amateur

    Malware Fighter


  • Malware Response Team
  • 2,775 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:09:55 AM

Posted 25 April 2006 - 07:58 PM

Please go to the following link and read about Limewire. I would recommend you select a clean application.
http://www.spywareinfo.com/articles/p2p/

Open HijackThis and go into the Config option when you start HijackThis, and then click on the Misc Tools button at the top. You will then click on the button labeled "Generate StartupList Log". Once you click that button, the program will automatically open up a notepad filled with the Startup items from your computer. Copy and paste the list here please.

======================

Please download F-Secure Blacklight (blbeta.exe) and save to your C:\ drive.
1. Open a command window by going to Start > Run and typing: cmd
2. Copy/paste or type the following in the command window:

C:\blbeta.exe /expert

3. Hit "Enter" to start the program and then close the cmd box.
4. Accept the user agreement and click "Next".
5 Click "Scan".
6. After the scan is complete, click "Next", then "Exit". BlackLight will create a log in C:\ drive named "fsbl-xxxxxxx.log" (the xxxxxxx will be the date and time of the scan).
7. The log will have a list of all items found. Do not choose to rename any yet! I want to see the log first because legitimate items can also be present...like "wbemtest.exe".
8. Exit Blacklight and post the contents of the log in your next reply.

Note: If you download Blacklight to your desktop, just double-click to run from there and it will create the "fsbl-xxxxxxx.log" on your desktop.

Edited by amateur, 25 April 2006 - 08:56 PM.


#15 friedrice32547

friedrice32547
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:09:55 AM

Posted 25 April 2006 - 08:55 PM

StartupList report, 4/25/2006, 9:54:12 PM
StartupList version: 1.52.2
Started from : C:\Program Files\HijackThis\HijackThis.EXE
Detected: Windows XP SP2 (WinNT 5.01.2600)
Detected: Internet Explorer v6.00 SP2 (6.00.2900.2180)
* Using default options
==================================================

Running processes:

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\WINDOWS\system32\E_S00RP1.EXE
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\SAgent4.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\dcomcfg.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Winamp\winamp.exe
C:\Program Files\BitLord\BitLord.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HijackThis\HijackThis.exe

--------------------------------------------------

Listing of startup folders:

Shell folders Common Startup:
[C:\Documents and Settings\All Users\Start Menu\Programs\Startup]
Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE

--------------------------------------------------

Checking Windows NT UserInit:

[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\WINDOWS\System32\userinit.exe,

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

SoundMAXPnP = C:\Program Files\Analog Devices\Core\smax4pnp.exe
SunJavaUpdateSched = C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
IntelMeM = C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
dla = C:\WINDOWS\system32\dla\tfswctrl.exe
ISUSPM Startup = C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
ISUSScheduler = "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
BJCFD = C:\Program Files\BroadJump\Client Foundation\CFD.exe
NeroFilterCheck = C:\WINDOWS\system32\NeroCheck.exe
EPSON Stylus CX4800 Series = C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE /P26 "EPSON Stylus CX4800 Series" /O6 "USB001" /M "Stylus CX4800"
igfxtray = C:\WINDOWS\system32\igfxtray.exe
igfxhkcmd = C:\WINDOWS\system32\hkcmd.exe
igfxpers = C:\WINDOWS\system32\igfxpers.exe
iTunesHelper = "C:\Program Files\iTunes\iTunesHelper.exe"
QuickTime Task = "C:\Program Files\QuickTime\qttask.exe" -atboottime
avast! = C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
sibneyho = C:\ahavgqvk.bat
avgnt = "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run

DellSupport = "C:\Program Files\Dell Support\DSAgnt.exe" /startup
AIM = C:\Program Files\AIM\aim.exe -cnetwait.odl
Yahoo! Pager = "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
Steam =
MsnMsgr = "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background

--------------------------------------------------

Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:

Shell=*INI section not found*
SCRNSAVE.EXE=*INI section not found*
drivers=*INI section not found*

Shell & screensaver key from Registry:

Shell=Explorer.exe
SCRNSAVE.EXE=C:\WINDOWS\system32\ssmypics.scr
drivers=*Registry value not found*

Policies Shell key:

HKCU\..\Policies: Shell=*Registry value not found*
HKLM\..\Policies: Shell=*Registry value not found*

--------------------------------------------------


Enumerating Browser Helper Objects:

(no name) - C:\WINDOWS\system32\hp93C4.tmp - {edbf1bc8-39ab-48eb-a0a9-c75078eb7c8e}

--------------------------------------------------

Enumerating Download Program Files:

[MUWebControl Class]
InProcServer32 = C:\WINDOWS\system32\muweb.dll
CODEBASE = http://update.microsoft.com/microsoftupdat...b?1144093852500

[Shockwave Flash Object]
InProcServer32 = C:\WINDOWS\system32\Macromed\Flash\Flash8b.ocx
CODEBASE = http://fpdownload.macromedia.com/get/flash...ent/swflash.cab

--------------------------------------------------

Enumerating Windows NT logon/logoff scripts:
*No scripts set to run*

Windows NT checkdisk command:
BootExecute = autocheck autochk *

Windows NT 'Wininit.ini':
PendingFileRenameOperations: C:\DOCUME~1\SEANFE~1\LOCALS~1\Temp\A~NSISu_.exe|||C

--------------------------------------------------

Enumerating ShellServiceObjectDelayLoad items:

PostBootReminder: C:\WINDOWS\system32\SHELL32.dll
CDBurn: *Registry key not found*
WebCheck: C:\WINDOWS\system32\webcheck.dll
SysTray: C:\WINDOWS\system32\stobject.dll
UPnPMonitor: C:\WINDOWS\system32\upnpui.dll

--------------------------------------------------
Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run

dcomcfg.exe = dcomcfg.exe

--------------------------------------------------

End of report, 6,942 bytes
Report generated in 0.078 seconds

Command line options:
/verbose - to add additional info on each section
/complete - to include empty sections and unsuspicious data
/full - to include several rarely-important sections
/force9x - to include Win9x-only startups even if running on WinNT
/forcent - to include WinNT-only startups even if running on Win9x
/forceall - to include all Win9x and WinNT startups, regardless of platform
/history - to list version history only










so far everything is working fine on my computer just a bit lagish and everytime i open internet explore the homepage is to http://www.securitybulletin.net/ changed it befor but keeps coming back -_-




edit:ok WTF internet explore just went crazy on me it keeps opening new internet explores like 55 of then and they keep repawning tryed to end the process but couldent get task manager to open so restarted -____- man this sucks never had this major problem with a vires or anything

Edited by friedrice32547, 25 April 2006 - 09:20 PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users