Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Spyquake/antivirus Gold/keystroke Inversions


  • Please log in to reply
7 replies to this topic

#1 alardru

alardru

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:01:41 AM

Posted 05 July 2006 - 07:59 PM

I recently downloaded what I thought was a video codec but which turned out to be malware/spyware. There are now icons in my taskbar persistently telling me I need anti-spyware software like SpyQuake and AntiVirus Gold, and my overall computer performance has slowed down. After about a day of trying to to fix this on my own (I've used Ad-Aware, Spybot S&D, VundoFix, AVG Anti-Virus, and McAfee Stinger), I noticed that when I type anything in Firefox, the text cursor will randomly skip back behind the character I had just typed, thus making it very difficult to type anything.

Here's my HijackThis profile:

Logfile of HijackThis v1.99.1
Scan saved at 7:58:24 PM, on 7/5/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\802.11 Wireless LAN\802.11g Pen Size Wireless USB 2.0 Adapter HW.32 V1.10\SiSWLSvc.exe
C:\Program Files\Intel\PROSetWired\NCS\PROSet\PRONoMgr.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\mobile PhoneTools\WatchDog.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Citrus Alarm Clock\citrusac.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\BitComet\BitComet.exe
C:\Program Files\GetRight\getright.exe
C:\Program Files\802.11 Wireless LAN\802.11g Pen Size Wireless USB 2.0 Adapter HW.32 V1.10\WlanCU.exe
C:\Program Files\GetRight\getright.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\explorer.exe
C:\HijackThis\HijackThis.exe
C:\Program Files\iTunes\iTunes.exe
C:\N\n_v14.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\NOTEPAD.EXE

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: bho2gr Class - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - C:\Program Files\GetRight\xx2gr.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5f4c3d09-b3b9-4f88-aa82-31332fee1c08} - C:\WINDOWS\system32\hp100.tmp
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [PRONoMgrWired] C:\Program Files\Intel\PROSetWired\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [WatchDog] C:\Program Files\mobile PhoneTools\WatchDog.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKCU\..\Run: [Citrus Alarm Clock] C:\Program Files\Citrus Alarm Clock\citrusac.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [BitComet] "C:\Program Files\BitComet\BitComet.exe"
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: GetRight - Tray Icon.lnk = C:\Program Files\GetRight\getright.exe
O4 - Global Startup: Wireless Configuration Utility HW.32.lnk = ?
O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL
O21 - SSODL: altmannsberger - {210b4043-35ca-4aa0-8796-191f9663dfb3} - C:\WINDOWS\system32\vpxnk.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: SiS WirelessLan Service (SiSWLSvc) - Unknown owner - C:\Program Files\802.11 Wireless LAN\802.11g Pen Size Wireless USB 2.0 Adapter HW.32 V1.10\SiSWLSvc.exe

BC AdBot (Login to Remove)

 


#2 Guest_Cretemonster_*

Guest_Cretemonster_*

  • Guests
  • OFFLINE
  •  

Posted 06 July 2006 - 06:32 AM

Hi alardru and Welcome to the Bleeping Computer!


First download ewido anti-spyware from HERE and save that file to your desktop.
This is a 30 day trial of the program
  • Once you have downloaded ewido anti-spyware, locate the icon on the desktop and double-click it to launch the set up program.
  • Once the setup is complete you will need run ewido and update the definition files.
  • On the main screen select the icon "Update" then select the "Update now" link.
    • Next select the "Start Update" button, the update will start and a progress bar will show the updates being installed.
  • Once the update has completed select the "Scanner" icon at the top of the screen, then select the "Settings" tab.
  • Once in the Settings screen click on "Recommended actions" and then select "Quarantine".
  • Under "Reports"
    • Select "Automatically generate report after every scan"
    • Un-Select "Only if threats were found"
Close ewido anti-spyware, Do Not run a scan just yet, we will shortly.


Download smitRem.exe ©noahdfear, and save the file to your desktop.
Double click on the file to extract it to it's own folder on the desktop.


Place a shortcut to Panda ActiveScan on your desktop (in Internet Explorer, right click on Panda ActiveScan link select "Copy Shortcut" then right click on your desktop and select "Paste Shortcut" or in FireFox right-click the link and select "Save Link As" and save it to your desktop).


Next, please reboot your computer in SafeMode by doing the following:
  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
  • Instead of Windows loading as normal, a menu should appear
  • Select the first option, to run Windows in Safe Mode.
Open the smitRem folder, then double click the RunThis.bat file to start the tool. Follow the prompts on screen.
Wait for the tool to complete and disk cleanup to finish.

The tool will create a log named smitfiles.txt in the root of your drive, eg; Local Disk C: or partition where your operating system is installed. Please post that log along with all others requested in your next reply.
  • Lauch ewido-anti-spyware by double-clicking the icon on your desktop.
  • Select the "Scanner" icon at the top and then the "Scan" tab then click on "Complete System Scan".
  • ewido will now begin the scanning process, be patient this may take a little time.
    Once the scan is complete do the following:
  • If you have any infections you will prompted, then select "Apply all actions"
  • Next select the "Reports" icon at the top.
  • Select the "Save report as" button in the lower left hand of the screen and save it to a text file on your system (make sure to remember where you saved that file, this is important).
  • Close out Ewido Anti-Spyware.
IMPORTANT: Do not open any other windows or programs while ewido is scanning, it may interfere with the scanning proccess.



Next go to Control Panel click Display > Desktop > Customize Desktop > Web > Uncheck "Security Info" if present.



Reboot back into Windows and click the Panda ActiveScan shortcut.
  • Once you are on the Panda site click the Scan your PC button.
  • A new window will open...click the Check Now button.
    • Enter your Country
    • Enter your State/Province
    • Enter your e-mail address and click send
    • Select either Home User or Company
    • Click the big Scan Now button
  • If it wants to install an ActiveX component allow it
  • It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
  • When the download is complete, click on My Computer to start the scan
  • When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location.
Post the contents of the Panda scan report, along with a new HijackThis Log, the contents of smitfiles.txt and the Ewido Log by using Add Reply.

#3 alardru

alardru
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  

Posted 07 July 2006 - 10:37 AM

Panda scan:


Incident Status Location

Spyware:Cookie/adultfriendfinder Not disinfected C:\Documents and Settings\Pitr Strait\Application Data\Mozilla\Firefox\Profiles\v4u3ml5b.default\cookies.txt[.adultfriendfinder.com/]
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Pitr Strait\Application Data\Mozilla\Firefox\Profiles\v4u3ml5b.default\cookies.txt[.atwola.com/]
Spyware:Cookie/Ccbill Not disinfected C:\Documents and Settings\Pitr Strait\Application Data\Mozilla\Firefox\Profiles\v4u3ml5b.default\cookies.txt[.ccbill.com/]
Spyware:Cookie/Apmebf Not disinfected C:\Documents and Settings\Pitr Strait\Application Data\Mozilla\Firefox\Profiles\v4u3ml5b.default\cookies.txt[.apmebf.com/]
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Pitr Strait\Application Data\Mozilla\Firefox\Profiles\v4u3ml5b.default\cookies.txt[.belnk.com/]
Spyware:Cookie/bravenetA Not disinfected C:\Documents and Settings\Pitr Strait\Application Data\Mozilla\Firefox\Profiles\v4u3ml5b.default\cookies.txt[.bravenet.com/]
Spyware:Cookie/360i Not disinfected C:\Documents and Settings\Pitr Strait\Application Data\Mozilla\Firefox\Profiles\v4u3ml5b.default\cookies.txt[.ct.360i.com/]
Spyware:Cookie/Maxserving Not disinfected C:\Documents and Settings\Pitr Strait\Application Data\Mozilla\Firefox\Profiles\v4u3ml5b.default\cookies.txt[.maxserving.com/]
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Pitr Strait\Application Data\Mozilla\Firefox\Profiles\v4u3ml5b.default\cookies.txt[.realmedia.com/]
Spyware:Cookie/Versiontracker Not disinfected C:\Documents and Settings\Pitr Strait\Application Data\Mozilla\Firefox\Profiles\v4u3ml5b.default\cookies.txt[.versiontracker.com/]
Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\Pitr Strait\Application Data\Mozilla\Firefox\Profiles\v4u3ml5b.default\cookies.txt[.xiti.com/]
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Pitr Strait\Cookies\pitr strait@atwola[2].txt
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Pitr Strait\Desktop\smitRem\Process.exe
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Pitr Strait\Desktop\smitRem.exe[smitRem/Process.exe]
Spyware:Cookie/Atwola Not disinfected C:\Nov05\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\agv8beej.Pitr\cookies.txt[.atwola.com/]
Spyware:Cookie/Versiontracker Not disinfected C:\Nov05\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\agv8beej.Pitr\cookies.txt[.versiontracker.com/]
Spyware:Cookie/adultfriendfinder Not disinfected C:\Nov05\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ja8xv86r.default\cookies.txt[.adultfriendfinder.com/]
Spyware:Cookie/bravenetA Not disinfected C:\Nov05\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ja8xv86r.default\cookies.txt[.bravenet.com/]
Spyware:Cookie/Atwola Not disinfected C:\Nov05\Documents and Settings\Owner\Cookies\owner@atwola[2].txt
Adware:Adware/SpywareQuake Not disinfected C:\Program Files\SpyQuake2.com\Spy-Quake2.exe

New HijackThis log:

Logfile of HijackThis v1.99.1
Scan saved at 10:33:32 AM, on 7/7/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\802.11 Wireless LAN\802.11g Pen Size Wireless USB 2.0 Adapter HW.32 V1.10\SiSWLSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\WgaTray.exe
C:\Program Files\Intel\PROSetWired\NCS\PROSet\PRONoMgr.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\mobile PhoneTools\WatchDog.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Citrus Alarm Clock\citrusac.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\BitComet\BitComet.exe
C:\Program Files\GetRight\getright.exe
C:\Program Files\GetRight\getright.exe
C:\Program Files\802.11 Wireless LAN\802.11g Pen Size Wireless USB 2.0 Adapter HW.32 V1.10\WlanCU.exe
C:\Program Files\Winamp\Winamp.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\explorer.exe
C:\HijackThis\HijackThis.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: bho2gr Class - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - C:\Program Files\GetRight\xx2gr.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [PRONoMgrWired] C:\Program Files\Intel\PROSetWired\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [WatchDog] C:\Program Files\mobile PhoneTools\WatchDog.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKCU\..\Run: [Citrus Alarm Clock] C:\Program Files\Citrus Alarm Clock\citrusac.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [BitComet] "C:\Program Files\BitComet\BitComet.exe"
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: GetRight - Tray Icon.lnk = C:\Program Files\GetRight\getright.exe
O4 - Global Startup: Wireless Configuration Utility HW.32.lnk = ?
O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: SiS WirelessLan Service (SiSWLSvc) - Unknown owner - C:\Program Files\802.11 Wireless LAN\802.11g Pen Size Wireless USB 2.0 Adapter HW.32 V1.10\SiSWLSvc.exe

smitfiles.txt:


smitRem © log file
version 3.0

by noahdfear


Microsoft Windows XP [Version 5.1.2600]
"IE"="6.0000"
The current date is: Fri 07/07/2006
The current time is: 1:50:24.50

Running from
C:\Documents and Settings\Pitr Strait\Desktop\smitRem

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Pre-run SharedTask Export

(GetSTS.exe) SharedTaskScheduler exporter by Lawrence Abrams (Grinler)
Copyright© 2006 BleepingComputer.com

Registry Pseudo-Format Mode (Not a valid reg file):

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"
"altmannsberger"="{210b4043-35ca-4aa0-8796-191f9663dfb3}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{438755C2-A8BA-11D1-B96B-00A0C90312E1}\InProcServer32]
@="%SystemRoot%\system32\browseui.dll"


[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8C7461EF-2B13-11d2-BE35-3078302C2030}\InProcServer32]
@="%SystemRoot%\system32\browseui.dll"


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

checking for ShudderLTD key

ShudderLTD key not present!

checking for PSGuard.com key


PSGuard.com key not present!


checking for WinHound.com key


WinHound.com key not present!


checking for drsmartload2 key


drsmartload2 key not present!

spyaxe uninstaller NOT present
Winhound uninstaller NOT present
SpywareStrike uninstaller NOT present
AlfaCleaner uninstaller NOT present
SpyFalcon uninstaller NOT present
SpywareQuake uninstaller NOT present
SpywareSheriff uninstaller NOT present

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Existing Pre-run Files


~~~ Program Files ~~~

Security Toolbar


~~~ Shortcuts ~~~

Online Security Guide.url
Online Security Guide.url
Security Troubleshooting.url
Security Troubleshooting.url


~~~ Favorites ~~~

Antivirus Test Online.url


~~~ system32 folder ~~~

regperf.exe
simpole.tlb
stdole3.tlb
atmclk.exe
dcomcfg.exe
amcompat.tlb
nscompat.tlb
1024 dir
ld****.tmp
hp***.tmp
logfiles


~~~ Icons in System32 ~~~

ot.ico


~~~ Windows directory ~~~



~~~ Drive root ~~~


~~~ Miscellaneous Files/folders ~~~




~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright© 2002-2003 Craig.Peacock@beyondlogic.org
Killing PID 996 'explorer.exe'
Killing PID 996 'explorer.exe'

Starting registry repairs

Registry repairs complete

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

SharedTask Export after registry fix

(GetSTS.exe) SharedTaskScheduler exporter by Lawrence Abrams (Grinler)
Copyright© 2006 BleepingComputer.com

Registry Pseudo-Format Mode (Not a valid reg file):

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{438755C2-A8BA-11D1-B96B-00A0C90312E1}\InProcServer32]
@="%SystemRoot%\system32\browseui.dll"


[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8C7461EF-2B13-11d2-BE35-3078302C2030}\InProcServer32]
@="%SystemRoot%\system32\browseui.dll"


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Deleting files

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Remaining Post-run Files


~~~ Program Files ~~~



~~~ Shortcuts ~~~



~~~ Favorites ~~~



~~~ system32 folder ~~~



~~~ Icons in System32 ~~~



~~~ Windows directory ~~~



~~~ Drive root ~~~


~~~ Miscellaneous Files/folders ~~~


~~~ Wininet.dll ~~~

CLEAN! :thumbsup:

Ewido Log:

---------------------------------------------------------
ewido anti-spyware - Scan Report
---------------------------------------------------------

+ Created at: 8:58:42 AM 7/7/2006

+ Scan result:



:mozilla.338:C:\Documents and Settings\Pitr Strait\Application Data\Mozilla\Firefox\Profiles\v4u3ml5b.default\cookies.txt -> TrackingCookie.247realmedia : Cleaned with backup (quarantined).
:mozilla.11:C:\Documents and Settings\Pitr Strait\Application Data\Mozilla\Firefox\Profiles\wqihhtgz.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.12:C:\Documents and Settings\Pitr Strait\Application Data\Mozilla\Firefox\Profiles\wqihhtgz.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.13:C:\Documents and Settings\Pitr Strait\Application Data\Mozilla\Firefox\Profiles\wqihhtgz.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.14:C:\Documents and Settings\Pitr Strait\Application Data\Mozilla\Firefox\Profiles\wqihhtgz.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.207:C:\Documents and Settings\Pitr Strait\Application Data\Mozilla\Firefox\Profiles\v4u3ml5b.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.217:C:\Documents and Settings\Pitr Strait\Application Data\Mozilla\Firefox\Profiles\v4u3ml5b.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.218:C:\Documents and Settings\Pitr Strait\Application Data\Mozilla\Firefox\Profiles\v4u3ml5b.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.219:C:\Documents and Settings\Pitr Strait\Application Data\Mozilla\Firefox\Profiles\v4u3ml5b.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.220:C:\Documents and Settings\Pitr Strait\Application Data\Mozilla\Firefox\Profiles\v4u3ml5b.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.221:C:\Documents and Settings\Pitr Strait\Application Data\Mozilla\Firefox\Profiles\v4u3ml5b.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.222:C:\Documents and Settings\Pitr Strait\Application Data\Mozilla\Firefox\Profiles\v4u3ml5b.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.223:C:\Documents and Settings\Pitr Strait\Application Data\Mozilla\Firefox\Profiles\v4u3ml5b.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.224:C:\Documents and Settings\Pitr Strait\Application Data\Mozilla\Firefox\Profiles\v4u3ml5b.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.225:C:\Documents and Settings\Pitr Strait\Application Data\Mozilla\Firefox\Profiles\v4u3ml5b.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.226:C:\Documents and Settings\Pitr Strait\Application Data\Mozilla\Firefox\Profiles\v4u3ml5b.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.227:C:\Documents and Settings\Pitr Strait\Application Data\Mozilla\Firefox\Profiles\v4u3ml5b.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.228:C:\Documents and Settings\Pitr Strait\Application Data\Mozilla\Firefox\Profiles\v4u3ml5b.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.229:C:\Documents and Settings\Pitr Strait\Application Data\Mozilla\Firefox\Profiles\v4u3ml5b.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.230:C:\Documents and Settings\Pitr Strait\Application Data\Mozilla\Firefox\Profiles\v4u3ml5b.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.231:C:\Documents and Settings\Pitr Strait\Application Data\Mozilla\Firefox\Profiles\v4u3ml5b.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.232:C:\Documents and Settings\Pitr Strait\Application Data\Mozilla\Firefox\Profiles\v4u3ml5b.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.233:C:\Documents and Settings\Pitr Strait\Application Data\Mozilla\Firefox\Profiles\v4u3ml5b.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.234:C:\Documents and Settings\Pitr Strait\Application Data\Mozilla\Firefox\Profiles\v4u3ml5b.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.235:C:\Documents and Settings\Pitr Strait\Application Data\Mozilla\Firefox\Profiles\v4u3ml5b.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.236:C:\Documents and Settings\Pitr Strait\Application Data\Mozilla\Firefox\Profiles\v4u3ml5b.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.237:C:\Documents and Settings\Pitr Strait\Application Data\Mozilla\Firefox\Profiles\v4u3ml5b.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.238:C:\Documents and Settings\Pitr Strait\Application Data\Mozilla\Firefox\Profiles\v4u3ml5b.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.239:C:\Documents and Settings\Pitr Strait\Application Data\Mozilla\Firefox\Profiles\v4u3ml5b.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.240:C:\Documents and Settings\Pitr Strait\Application Data\Mozilla\Firefox\Profiles\v4u3ml5b.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.241:C:\Documents and Settings\Pitr Strait\Application Data\Mozilla\Firefox\Profiles\v4u3ml5b.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.248:C:\Documents and Settings\Pitr Strait\Application Data\Mozilla\Firefox\Profiles\v4u3ml5b.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.31:C:\Nov05\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ja8xv86r.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.32:C:\Nov05\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ja8xv86r.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.33:C:\Nov05\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ja8xv86r.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.34:C:\Nov05\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ja8xv86r.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.35:C:\Nov05\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ja8xv86r.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.36:C:\Nov05\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ja8xv86r.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.37:C:\Nov05\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ja8xv86r.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.38:C:\Nov05\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ja8xv86r.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.39:C:\Nov05\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ja8xv86r.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.40:C:\Nov05\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\agv8beej.Pitr\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.40:C:\Nov05\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ja8xv86r.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.41:C:\Nov05\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\agv8beej.Pitr\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.41:C:\Nov05\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ja8xv86r.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.424:C:\Documents and Settings\Pitr Strait\Application Data\Mozilla\Firefox\Profiles\v4u3ml5b.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.426:C:\Documents and Settings\Pitr Strait\Application Data\Mozilla\Firefox\Profiles\v4u3ml5b.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.428:C:\Documents and Settings\Pitr Strait\Application Data\Mozilla\Firefox\Profiles\v4u3ml5b.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.42:C:\Nov05\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\agv8beej.Pitr\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.42:C:\Nov05\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ja8xv86r.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.43:C:\Nov05\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\agv8beej.Pitr\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.43:C:\Nov05\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ja8xv86r.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.444:C:\Documents and Settings\Pitr Strait\Application Data\Mozilla\Firefox\Profiles\v4u3ml5b.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.44:C:\Nov05\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ja8xv86r.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.45:C:\Nov05\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ja8xv86r.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.46:C:\Nov05\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ja8xv86r.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.47:C:\Nov05\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ja8xv86r.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.48:C:\Nov05\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ja8xv86r.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.49:C:\Nov05\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ja8xv86r.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.50:C:\Nov05\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ja8xv86r.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.51:C:\Nov05\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ja8xv86r.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.52:C:\Nov05\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ja8xv86r.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.53:C:\Nov05\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ja8xv86r.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.54:C:\Nov05\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ja8xv86r.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.55:C:\Nov05\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ja8xv86r.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.56:C:\Nov05\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ja8xv86r.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.57:C:\Nov05\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ja8xv86r.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.58:C:\Nov05\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ja8xv86r.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.59:C:\Nov05\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ja8xv86r.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.60:C:\Nov05\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ja8xv86r.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.61:C:\Nov05\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ja8xv86r.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.62:C:\Nov05\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ja8xv86r.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.63:C:\Nov05\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ja8xv86r.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.64:C:\Nov05\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ja8xv86r.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.65:C:\Nov05\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ja8xv86r.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.66:C:\Nov05\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ja8xv86r.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.67:C:\Nov05\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ja8xv86r.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.68:C:\Nov05\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ja8xv86r.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.69:C:\Nov05\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ja8xv86r.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.70:C:\Nov05\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ja8xv86r.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.71:C:\Nov05\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ja8xv86r.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.72:C:\Nov05\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ja8xv86r.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.73:C:\Nov05\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ja8xv86r.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.74:C:\Nov05\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ja8xv86r.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.75:C:\Nov05\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ja8xv86r.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.76:C:\Nov05\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ja8xv86r.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.77:C:\Nov05\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ja8xv86r.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.78:C:\Nov05\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ja8xv86r.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.790:C:\Nov05\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ja8xv86r.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.79:C:\Nov05\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ja8xv86r.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.80:C:\Nov05\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ja8xv86r.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
C:\Documents and Settings\Pitr Strait\Cookies\pitr strait@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
C:\Nov05\Documents and Settings\Owner\Cookies\owner@cnn.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
C:\Nov05\Documents and Settings\Owner\Cookies\owner@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.152:C:\Documents and Settings\Pitr Strait\Application Data\Mozilla\Firefox\Profiles\v4u3ml5b.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned with backup (quarantined).
:mozilla.153:C:\Documents and Settings\Pitr Strait\Application Data\Mozilla\Firefox\Profiles\v4u3ml5b.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned with backup (quarantined).
:mozilla.155:C:\Documents and Settings\Pitr Strait\Application Data\Mozilla\Firefox\Profiles\v4u3ml5b.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned with backup (quarantined).
:mozilla.156:C:\Documents and Settings\Pitr Strait\Application Data\Mozilla\Firefox\Profiles\v4u3ml5b.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned with backup (quarantined).
:mozilla.241:C:\Nov05\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ja8xv86r.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned with backup (quarantined).
:mozilla.280:C:\Nov05\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ja8xv86r.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned with backup (quarantined).
:mozilla.283:C:\Nov05\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ja8xv86r.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned with backup (quarantined).
:mozilla.284:C:\Nov05\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ja8xv86r.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned with backup (quarantined).
:mozilla.345:C:\Documents and Settings\Pitr Strait\Application Data\Mozilla\Firefox\Profiles\v4u3ml5b.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned with backup (quarantined).
:mozilla.346:C:\Documents and Settings\Pitr Strait\Application Data\Mozilla\Firefox\Profiles\v4u3ml5b.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned with backup (quarantined).
:mozilla.351:C:\Documents and Settings\Pitr Strait\Application Data\Mozilla\Firefox\Profiles\v4u3ml5b.default\cookies.txt -> TrackingCookie.Addynamix : Cleaned with backup (quarantined).
:mozilla.317:C:\Nov05\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ja8xv86r.default\cookies.txt -> TrackingCookie.Adjuggler : Cleaned with backup (quarantined).
:mozilla.319:C:\Nov05\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ja8xv86r.default\cookies.txt -> TrackingCookie.Adjuggler : Cleaned with backup (quarantined).
:mozilla.863:C:\Documents and Settings\Pitr Strait\Application Data\Mozilla\Firefox\Profiles\v4u3ml5b.default\cookies.txt -> TrackingCookie.Adjuggler : Cleaned with backup (quarantined).
:mozilla.864:C:\Documents and Settings\Pitr Strait\Application Data\Mozilla\Firefox\Profiles\v4u3ml5b.default\cookies.txt -> TrackingCookie.Adjuggler : Cleaned with backup (quarantined).
:mozilla.865:C:\Documents and Settings\Pitr Strait\Application Data\Mozilla\Firefox\Profiles\v4u3ml5b.default\cookies.txt -> TrackingCookie.Adjuggler : Cleaned with backup (quarantined).
:mozilla.350:C:\Documents and Settings\Pitr Strait\Application Data\Mozilla\Firefox\Profiles\v4u3ml5b.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup (quarantined).
:mozilla.853:C:\Documents and Settings\Pitr Strait\Application Data\Mozilla\Firefox\Profiles\v4u3ml5b.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup (quarantined).
:mozilla.854:C:\Documents and Settings\Pitr Strait\Application Data\Mozilla\Firefox\Profiles\v4u3ml5b.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup (quarantined).
:mozilla.855:C:\Documents and Settings\Pitr Strait\Application Data\Mozilla\Firefox\Profiles\v4u3ml5b.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup (quarantined).
:mozilla.856:C:\Documents and Settings\Pitr Strait\Application Data\Mozilla\Firefox\Profiles\v4u3ml5b.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup (quarantined).
:mozilla.257:C:\Nov05\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ja8xv86r.default\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup (quarantined).
:mozilla.258:C:\Nov05\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ja8xv86r.default\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup (quarantined).
:mozilla.259:C:\Nov05\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ja8xv86r.default\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup (quarantined).
:mozilla.799:C:\Documents and Settings\Pitr Strait\Application Data\Mozilla\Firefox\Profiles\v4u3ml5b.default\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup (quarantined).
:mozilla.800:C:\Documents and Settings\Pitr Strait\Application Data\Mozilla\Firefox\Profiles\v4u3ml5b.default\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup (quarantined).
:mozilla.358:C:\Documents and Settings\Pitr Strait\Application Data\Mozilla\Firefox\Profiles\v4u3ml5b.default\cookies.txt -> TrackingCookie.Adtech : Cleaned with backup (quarantined).
:mozilla.359:C:\Documents and Settings\Pitr Strait\Application Data\Mozilla\Firefox\Profiles\v4u3ml5b.default\cookies.txt -> TrackingCookie.Adtech : Cleaned with backup (quarantined).
:mozilla.10:C:\Nov05\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\agv8beej.Pitr\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.11:C:\Nov05\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\agv8beej.Pitr\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.14:C:\Nov05\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\agv8beej.Pitr\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.16:C:\Nov05\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\agv8beej.Pitr\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.30:C:\Documents and Settings\Pitr Strait\Application Data\Mozilla\Firefox\Profiles\wqihhtgz.slt\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.311:C:\Documents and Settings\Pitr Strait\Application Data\Mozilla\Firefox\Profiles\v4u3ml5b.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.312:C:\Documents and Settings\Pitr Strait\Application Data\Mozilla\Firefox\Profiles\v4u3ml5b.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.313:C:\Documents and Settings\Pitr Strait\Application Data\Mozilla\Firefox\Profiles\v4u3ml5b.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.314:C:\Documents and Settings\Pitr Strait\Application Data\Mozilla\Firefox\Profiles\v4u3ml5b.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.315:C:\Documents and Settings\Pitr Strait\Application Data\Mozilla\Firefox\Profiles\v4u3ml5b.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.31:C:\Documents and Settings\Pitr Strait\Application Data\Mozilla\Firefox\Profiles\wqihhtgz.slt\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.329:C:\Nov05\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ja8xv86r.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.330:C:\Nov05\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ja8xv86r.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.331:C:\Nov05\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ja8xv86r.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.332:C:\Nov05\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ja8xv86r.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.333:C:\Nov05\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ja8xv86r.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.334:C:\Nov05\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ja8xv86r.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.405:C:\Nov05\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ja8xv86r.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.57:C:\Nov05\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\agv8beej.Pitr\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.7:C:\Nov05\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\agv8beej.Pitr\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.8:C:\Nov05\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\agv8beej.Pitr\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.9:C:\Nov05\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\agv8beej.Pitr\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.15:C:\Nov05\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\agv8beej.Pitr\cookies.txt -> TrackingCookie.Atdmt : Cleaned with backup (quarantined).
:mozilla.24:C:\Documents and Settings\Pitr Strait\Application Data\Mozilla\Firefox\Profiles\wqihhtgz.slt\cookies.txt -> TrackingCookie.Atdmt : Cleaned with backup (quarantined).
:mozilla.55:C:\Documents and Settings\Pitr Strait\Application Data\Mozilla\Firefox\Profiles\v4u3ml5b.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned with backup (quarantined).
:mozilla.83:C:\Nov05\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ja8xv86r.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned with backup (quarantined).
:mozilla.84:C:\Nov05\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ja8xv86r.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned with backup (quarantined).
:mozilla.87:C:\Nov05\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ja8xv86r.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned with backup (quarantined).
:mozilla.88:C:\Nov05\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ja8xv86r.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned with backup (quarantined).
:mozilla.89:C:\Nov05\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ja8xv86r.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned with backup (quarantined).
:mozilla.90:C:\Nov05\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ja8xv86r.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned with backup (quarantined).
:mozilla.91:C:\Nov05\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ja8xv86r.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned with backup (quarantined).
:mozilla.92:C:\Nov05\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ja8xv86r.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned with backup (quarantined).
:mozilla.93:C:\Nov05\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ja8xv86r.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned with backup (quarantined).
:mozilla.94:C:\Nov05\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ja8xv86r.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned with backup (quarantined).
:mozilla.432:C:\Nov05\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ja8xv86r.default\cookies.txt -> TrackingCookie.Bfast : Cleaned with backup (quarantined).
:mozilla.170:C:\Nov05\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ja8xv86r.default\cookies.txt -> TrackingCookie.Bluestreak : Cleaned with backup (quarantined).
:mozilla.435:C:\Nov05\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ja8xv86r.default\cookies.txt -> TrackingCookie.Bridgetrack : Cleaned with backup (quarantined).
:mozilla.436:C:\Nov05\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ja8xv86r.default\cookies.txt -> TrackingCookie.Bridgetrack : Cleaned with backup (quarantined).
:mozilla.437:C:\Nov05\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ja8xv86r.default\cookies.txt -> TrackingCookie.Bridgetrack : Cleaned with backup (quarantined).
:mozilla.189:C:\Nov05\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ja8xv86r.default\cookies.txt -> TrackingCookie.Burstbeacon : Cleaned with backup (quarantined).
:mozilla.896:C:\Documents and Settings\Pitr Strait\Application Data\Mozilla\Firefox\Profiles\v4u3ml5b.default\cookies.txt -> TrackingCookie.Burstbeacon : Cleaned with backup (quarantined).
:mozilla.179:C:\Nov05\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ja8xv86r.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned with backup (quarantined).
:mozilla.180:C:\Nov05\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ja8xv86r.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned with backup (quarantined).
:mozilla.181:C:\Nov05\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ja8xv86r.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned with backup (quarantined).
:mozilla.321:C:\Documents and Settings\Pitr Strait\Application Data\Mozilla\Firefox\Profiles\v4u3ml5b.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned with backup (quarantined).
:mozilla.322:C:\Documents and Settings\Pitr Strait\Application Data\Mozilla\Firefox\Profiles\v4u3ml5b.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned with backup (quarantined).
:mozilla.117:C:\Nov05\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ja8xv86r.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup (quarantined).
:mozilla.118:C:\Nov05\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ja8xv86r.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup (quarantined).
:mozilla.119:C:\Nov05\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ja8xv86r.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup (quarantined).
:mozilla.120:C:\Nov05\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ja8xv86r.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup (quarantined).
:mozilla.127:C:\Nov05\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ja8xv86r.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup (quarantined).
:mozilla.128:C:\Nov05\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ja8xv86r.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup (quarantined).
:mozilla.129:C:\Nov05\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ja8xv86r.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup (quarantined).
:mozilla.130:C:\Nov05\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ja8xv86r.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup (quarantined).
:mozilla.131:C:\Nov05\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ja8xv86r.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup (quarantined).
:mozilla.298:C:\Documents and Settings\Pitr Strait\Application Data\Mozilla\Firefox\Profiles\v4u3ml5b.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup (quarantined).
:mozilla.299:C:\Documents and Settings\Pitr Strait\Application Data\Mozilla\Firefox\Profiles\v4u3ml5b.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup (quarantined).
:mozilla.300:C:\Documents and Settings\Pitr Strait\Application Data\Mozilla\Firefox\Profiles\v4u3ml5b.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup (quarantined).
:mozilla.448:C:\Documents and Settings\Pitr Strait\Application Data\Mozilla\Firefox\Profiles\v4u3ml5b.default\cookies.txt -> TrackingCookie.Clickzs : Cleaned with backup (quarantined).
:mozilla.449:C:\Documents and Settings\Pitr Strait\Application Data\Mozilla\Firefox\Profiles\v4u3ml5b.default\cookies.txt -> TrackingCookie.Clickzs : Cleaned with backup (quarantined).
:mozilla.177:C:\Documents and Settings\Pitr Strait\Application Data\Mozilla\Firefox\Profiles\v4u3ml5b.default\cookies.txt -> TrackingCookie.Com : Cleaned with backup (quarantined).
:mozilla.289:C:\Nov05\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ja8xv86r.default\cookies.txt -> TrackingCookie.Com : Cleaned with backup (quarantined).
:mozilla.29:C:\Documents and Settings\Pitr Strait\Application Data\Mozilla\Firefox\Profiles\wqihhtgz.slt\cookies.txt -> TrackingCookie.Coremetrics : Cleaned with ba

#4 Guest_Cretemonster_*

Guest_Cretemonster_*

  • Guests
  • OFFLINE
  •  

Posted 07 July 2006 - 06:19 PM

I wanna check something else real quick please.


Please download SmitfraudFix (by S!Ri)
Extract the content (a folder named SmitfraudFix) to your Desktop.

Open the SmitfraudFix folder and double-click smitfraudfix.cmd
Select option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).
Please copy/paste the content of that report into your next reply.

Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.
http://www.beyondlogic.org/consulting/proc...processutil.htm

#5 alardru

alardru
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:01:41 AM

Posted 07 July 2006 - 06:36 PM

SmitFraudFix v2.68b

Scan done at 18:35:35.23, Fri 07/07/2006
Run from C:\Documents and Settings\Pitr Strait\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
Fix ran in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Pitr Strait\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Start Menu


»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\PITRST~1\FAVORI~1


»»»»»»»»»»»»»»»»»»»»»»»» Desktop


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files

C:\Program Files\SpyQuake2.com\ FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys


»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"


»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Scanning wininet.dll infection


»»»»»»»»»»»»»»»»»»»»»»»» End

#6 Guest_Cretemonster_*

Guest_Cretemonster_*

  • Guests
  • OFFLINE
  •  

Posted 07 July 2006 - 06:54 PM

You should print out these instructions, or copy them to a NotePad file for reading while in Safe Mode, because you will not be able to connect to the Internet to read from this site.

Next, please reboot your computer in Safe Mode by doing the following :
  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
  • Instead of Windows loading as normal, a menu with options should appear;
  • Select the first option, to run Windows in Safe Mode, then press "Enter".
  • Choose your usual account.
Once in Safe Mode, open the SmitfraudFix folder again and double-click smitfraudfix.cmd
Select option #2 - Clean by typing 2 and press "Enter" to delete infected files.

You will be prompted : "Registry cleaning - Do you want to clean the registry ?"; answer "Yes" by typing Y and press "Enter" in order to remove the Desktop background and clean registry keys associated with the infection.

The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found); answer "Yes" by typing Y and press "Enter".

The tool may need to restart your computer to finish the cleaning process; if it doesn't, please restart it into Normal Windows.
A text file will appear onscreen, with results from the cleaning process; please copy/paste the content of that report into your next reply.
The report can also be found at the root of the system drive, usually at C:\rapport.txt

Warning : running option #2 on a non infected computer will remove your Desktop background.



Download ComboFix to your desktop.
Doubleclick combo.exe
Follow the prompts.
Don't click on the window while the fix is running, because that will cause your system to hang.

When finished and after reboot, it should open a log, combofix.txt.

Post the contents of combofix.txt into the next reply along with C:\rapport.txt



Also,use the tool below to keep the temp files cleaned up about every 3 or 4 days.


Please download ATF Cleaner by Atribune.
This program is for XP and Windows 2000 onlyDouble-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.


Be sure to use it for both IE and FireFox.

Edited by Cretemonster, 07 July 2006 - 06:56 PM.


#7 alardru

alardru
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  

Posted 08 July 2006 - 02:01 AM

Smit log:

SmitFraudFix v2.68b

Scan done at 1:55:36.84, Sat 07/08/2006
Run from C:\Documents and Settings\Pitr Strait\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
Fix ran in safe mode

»»»»»»»»»»»»»»»»»»»»»»»» Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Killing process


»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files

C:\Program Files\SpyQuake2.com\ Deleted

»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files


»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

Registry Cleaning done.

»»»»»»»»»»»»»»»»»»»»»»»» After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» End



ComboFix log:

Start Time= Sat 07/08/2006 1:59:49.15
Running from: C:\Documents and Settings\Pitr Strait\Desktop

QuickScan did not find any signs of infected files

(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2006-07-08 00:17:32 ( .D... ) "C:\Program Files\Ahead"
2006-07-07 19:05:32 ( .D... ) "C:\Documents and Settings\Pitr Strait\Application Data\DeepBurner Pro"
2006-07-07 19:04:44 ( .D... ) "C:\Program Files\Astonsoft"
2006-07-07 19:03:36 ( .D... ) "C:\Program Files\iTunes"
2006-07-07 01:31:40 ( .D... ) "C:\Program Files\ewido anti-spyware 4.0"
2006-07-06 04:50:32 1796868 ( A.... ) "C:\crazy-cube.exe"
2006-07-05 12:57:46 ( .D... ) "C:\Program Files\Spybot - Search & Destroy"
2006-07-04 20:48:28 ( .D... ) "C:\Documents and Settings\Pitr Strait\Application Data\Lavasoft"
2006-07-04 20:48:06 ( .D... ) "C:\Program Files\Lavasoft"
2006-06-21 22:55:20 ( .D... ) "C:\Program Files\Guild Wars"
2006-06-19 18:35:14 ( .D... ) "C:\Program Files\LiveUpdate"
2006-06-19 18:34:12 ( .D... ) "C:\Program Files\mobile PhoneTools"
2006-06-19 16:20:42 702768 ( ..... ) "C:\WINDOWS\system32\WgaLogon.dll"
2006-06-19 16:19:42 571184 ( ..... ) "C:\WINDOWS\system32\LegitCheckControl.dll"
2006-06-19 16:19:26 304944 ( ..... ) "C:\WINDOWS\system32\WgaTray.exe"
2006-06-18 12:40:22 ( .D... ) "C:\Documents and Settings\Pitr Strait\Application Data\AdobeUM"
2006-06-17 18:20:08 875 ( A.... ) "C:\Documents and Settings\Pitr Strait\Application Data\AdobeDLM.log"
2006-06-17 18:20:08 0 ( A.... ) "C:\Documents and Settings\Pitr Strait\Application Data\dm.ini"
2006-06-17 18:20:08 ( .D... ) "C:\Program Files\Adobe"
2006-06-17 18:18:58 ( .D... ) "C:\Documents and Settings\Pitr Strait\Application Data\Adobe"
2006-06-17 18:18:56 ( .D... ) "C:\Program Files\Common Files\Adobe"
2006-06-15 16:55:04 778240 ( A.... ) "C:\WINDOWS\system32\divx_xx0c.dll"
2006-06-15 16:55:04 778240 ( A.... ) "C:\WINDOWS\system32\divx_xx07.dll"
2006-06-15 16:55:04 761856 ( A.... ) "C:\WINDOWS\system32\divx_xx11.dll"
2006-06-15 16:55:04 620180 ( A.... ) "C:\WINDOWS\system32\DivX.dll"
2006-06-15 14:11:10 ( .D... ) "C:\Program Files\MSBuild"
2006-06-15 14:10:46 ( .D... ) "C:\Program Files\Microsoft Visual Studio"
2006-06-15 14:10:46 ( .D... ) "C:\Program Files\Common Files\DESIGNER"
2006-06-15 14:08:10 ( .D... ) "C:\Program Files\Microsoft Works"
2006-06-15 14:03:58 ( .D... ) "C:\Program Files\Microsoft Office"
2006-06-14 12:49:08 118784 ( A.... ) "C:\WINDOWS\system32\DivXCodecUpdateChecker.exe"
2006-06-12 18:51:22 ( .D... ) "C:\Program Files\Project64 1.6"
2006-06-12 14:22:08 520192 ( A.... ) "C:\WINDOWS\system32\DivXsm.exe"
2006-06-08 20:19:50 5967776 ( A.... ) "C:\WINDOWS\system32\MRT.exe"
2006-06-07 01:43:26 ( .D... ) "C:\Program Files\Common Files\Blizzard Entertainment"
2006-06-06 17:24:14 ( .D... ) "C:\Program Files\World of Warcraft"
2006-06-05 09:51:28 ( .D... ) "C:\Program Files\Active GIF Creator 2.22"
2006-06-03 05:42:28 ( .D... ) "C:\Program Files\Easy GIF Animator"
2006-06-01 16:47:12 ( .D... ) "C:\Program Files\Creative Labs"
2006-06-01 16:46:02 ( .D... ) "C:\Program Files\EidosNet"
2006-06-01 16:46:02 ( .D... ) "C:\Program Files\Eidos Interactive"
2006-06-01 13:47:08 163840 ( A.... ) "C:\WINDOWS\system32\jgdw400.dll"
2006-06-01 13:47:08 27648 ( A.... ) "C:\WINDOWS\system32\jgpl400.dll"
2006-05-31 09:19:34 ( .D... ) "C:\Program Files\The Weather Channel FW"
2006-05-31 09:13:02 ( .D... ) "C:\Program Files\Common Files\xing shared"
2006-05-31 09:12:40 176167 ( A.... ) "C:\WINDOWS\system32\rmoc3260.dll"
2006-05-31 09:12:24 6656 ( A.... ) "C:\WINDOWS\system32\pndx5016.dll"
2006-05-31 09:12:24 5632 ( A.... ) "C:\WINDOWS\system32\pndx5032.dll"
2006-05-31 09:12:20 278528 ( A.... ) "C:\WINDOWS\system32\pncrt.dll"
2006-05-31 09:12:12 ( .D... ) "C:\Program Files\Common Files\Real"
2006-05-31 09:12:00 ( .D... ) "C:\Program Files\Real"
2006-05-31 09:11:40 ( .D... ) "C:\Documents and Settings\Pitr Strait\Application Data\Real"
2006-05-31 07:25:04 ( .D... ) "C:\Program Files\Desktop Taipei"
2006-05-31 00:34:28 ( .D... ) "C:\Program Files\1964"
2006-05-30 00:20:46 ( .D... ) "C:\Documents and Settings\Pitr Strait\Application Data\Ahead"
2006-05-30 00:18:30 ( .D... ) "C:\Program Files\Nero"
2006-05-30 00:18:30 ( .D... ) "C:\Program Files\Common Files\Ahead"
2006-05-29 17:55:34 ( .D... ) "C:\Program Files\Soulseek"
2006-05-29 10:30:34 1494016 ( A.... ) "C:\WINDOWS\system32\shdocvw.dll"
2006-05-26 20:21:08 ( .D... ) "C:\Program Files\Lionhead Studios"
2006-05-26 20:17:04 ( .D... ) "C:\Program Files\DAEMON Tools"
2006-05-25 17:47:08 ( .D... ) "C:\Documents and Settings\Pitr Strait\Application Data\Aim"
2006-05-25 17:46:46 ( .D... ) "C:\Program Files\AOD"
2006-05-25 17:46:34 ( .D... ) "C:\Program Files\AIM"
2006-05-25 16:56:34 ( .D... ) "C:\Program Files\CDisplay"
2006-05-25 03:55:00 ( .D... ) "C:\Program Files\BitComet"
2006-05-25 02:57:54 ( .D... ) "C:\Documents and Settings\Pitr Strait\Application Data\Sun"
2006-05-25 02:55:22 ( .D... ) "C:\Program Files\Java"
2006-05-25 02:52:52 ( .D... ) "C:\Program Files\Common Files\Java"
2006-05-25 02:52:00 ( .D... ) "C:\Documents and Settings\Pitr Strait\Application Data\acccore"
2006-05-25 02:51:18 ( .D... ) "C:\Program Files\Viewpoint"
2006-05-25 02:51:14 ( .D... ) "C:\Program Files\Common Files\Nullsoft"
2006-05-25 02:50:58 ( .D... ) "C:\Program Files\Common Files\AOL"
2006-05-25 00:52:34 ( .D... ) "C:\Documents and Settings\Pitr Strait\Application Data\Macromedia"
2006-05-25 00:52:26 ( .D... ) "C:\Program Files\GetRight"
2006-05-24 17:47:12 3596288 ( A.... ) "C:\WINDOWS\system32\qt-dx331.dll"
2006-05-24 17:46:52 53248 ( A.... ) "C:\WINDOWS\system32\dpuGUI10.dll"
2006-05-24 17:46:44 593920 ( A.... ) "C:\WINDOWS\system32\dpuGUI11.dll"
2006-05-24 17:46:44 344064 ( A.... ) "C:\WINDOWS\system32\dpus11.dll"
2006-05-24 17:46:44 294912 ( A.... ) "C:\WINDOWS\system32\dpu11.dll"
2006-05-24 17:46:44 294912 ( A.... ) "C:\WINDOWS\system32\dpu10.dll"
2006-05-24 17:46:44 200704 ( A.... ) "C:\WINDOWS\system32\dtu100.dll"
2006-05-24 17:46:44 90112 ( A.... ) "C:\WINDOWS\system32\dpl100.dll"
2006-05-24 17:46:44 57344 ( A.... ) "C:\WINDOWS\system32\dpv11.dll"
2006-05-24 17:43:44 1044480 ( A.... ) "C:\WINDOWS\system32\libdivx.dll"
2006-05-24 17:43:44 200704 ( A.... ) "C:\WINDOWS\system32\ssldivx.dll"
2006-05-24 17:43:40 245408 ( A.... ) "C:\WINDOWS\system32\unicows.dll"
2006-05-20 21:47:46 ( .D... ) "C:\Program Files\AC3Filter"
2006-05-19 10:08:32 3052544 ( A.... ) "C:\WINDOWS\system32\mshtml.dll"
2006-05-19 01:51:44 ( .D... ) "C:\Program Files\802.11 Wireless LAN"
2006-05-18 00:24:26 450560 ( A.... ) "C:\WINDOWS\system32\jscript.dll"
2006-05-16 15:23:56 339968 ( ..... ) "C:\WINDOWS\system32\pxwave.dll"
2006-05-16 15:23:56 28672 ( ..... ) "C:\WINDOWS\system32\vxblock.dll"
2006-05-16 15:23:54 1257472 ( ..... ) "C:\WINDOWS\system32\pxsfs.dll"
2006-05-16 15:23:54 450560 ( ..... ) "C:\WINDOWS\system32\pxdrv.dll"
2006-05-16 15:23:54 430080 ( ..... ) "C:\WINDOWS\system32\px.dll"
2006-05-16 15:23:54 176128 ( ..... ) "C:\WINDOWS\system32\pxmas.dll"
2006-05-16 15:23:54 61440 ( ..... ) "C:\WINDOWS\system32\pxhpinst.exe"
2006-05-16 15:23:54 57344 ( ..... ) "C:\WINDOWS\system32\pxcpya64.exe"
2006-05-16 15:23:54 56832 ( ..... ) "C:\WINDOWS\system32\pxinsa64.exe"
2006-05-15 23:13:28 176 ( A.... ) "C:\Documents and Settings\Pitr Strait\Application Data\iPod Access v2 Prefs"
2006-05-15 22:52:38 ( .D... ) "C:\Program Files\Red Chair Software"
2006-05-15 22:52:38 ( .D... ) "C:\Documents and Settings\Pitr Strait\Application Data\Red Chair Software"
2006-05-15 22:00:20 11 ( A..H. ) "C:\Documents and Settings\Pitr Strait\Application Data\iPodAccess_Time"
2006-05-15 22:00:08 ( .D... ) "C:\Program Files\iPod Access for Windows"
2006-05-14 03:44:08 181248 ( A.... ) "C:\WINDOWS\system32\rasmans.dll"
2006-05-13 05:13:08 ( .D... ) "C:\Documents and Settings\Pitr Strait\Application Data\CyberLink"
2006-05-13 05:03:04 ( .D... ) "C:\Documents and Settings\Pitr Strait\Application Data\Apple Computer"
2006-05-13 05:02:12 ( .D... ) "C:\Program Files\QuickTime"
2006-05-13 05:01:46 ( .D... ) "C:\Program Files\iPod"
2006-05-13 04:59:14 ( .D... ) "C:\Program Files\Citrus Alarm Clock"
2006-05-13 04:54:42 ( .D... ) "C:\Documents and Settings\Pitr Strait\Application Data\AVG7"
2006-05-13 04:54:28 499712 ( ..... ) "C:\WINDOWS\system32\msvcp71.dll"
2006-05-13 04:54:28 348160 ( ..... ) "C:\WINDOWS\system32\msvcr71.dll"
2006-05-13 04:54:06 ( .D... ) "C:\Program Files\Grisoft"
2006-05-13 04:49:48 ( .D... ) "C:\Program Files\Winamp"
2006-05-13 04:47:34 ( .D.H. ) "C:\Program Files\InstallShield Installation Information"
2006-05-13 04:47:34 ( .D... ) "C:\Program Files\CyberLink"
2006-05-13 04:47:16 ( .D... ) "C:\Program Files\Common Files\InstallShield"
2006-05-13 04:39:26 ( .D... ) "C:\Program Files\DC++"
2006-05-13 04:32:30 ( .D... ) "C:\Program Files\WinRAR"
2006-05-13 04:31:50 ( .D... ) "C:\Program Files\XviD"
2006-05-13 04:30:32 ( .D... ) "C:\Program Files\DivX"
2006-05-13 04:23:54 ( .D... ) "C:\Program Files\Mozilla Firefox"
2006-05-13 04:23:54 ( .D... ) "C:\Documents and Settings\Pitr Strait\Application Data\Mozilla"
2006-05-13 04:22:06 ( .D... ) "C:\Program Files\Intel"
2006-05-13 03:34:28 ( .D... ) "C:\Documents and Settings\Pitr Strait\Application Data\Identities"
2006-05-13 03:34:26 ( .D.H. ) "C:\Program Files\Uninstall Information"
2006-05-13 03:34:16 ( .DS.. ) "C:\Documents and Settings\Pitr Strait\Application Data\Microsoft"
2006-05-13 03:28:02 ( .D... ) "C:\Program Files\xerox"
2006-05-13 03:28:02 ( .D... ) "C:\Program Files\microsoft frontpage"
2006-05-13 03:27:40 0 ( A.... ) "C:\AUTOEXEC.BAT"
2006-05-13 03:25:50 ( .D.H. ) "C:\Program Files\WindowsUpdate"
2006-05-13 03:24:42 ( .D... ) "C:\Program Files\Common Files\Services"
2006-05-13 03:24:36 ( .D... ) "C:\Program Files\Common Files\MSSoap"
2006-05-13 03:24:22 ( .D... ) "C:\Program Files\Movie Maker"
2006-05-13 03:24:08 ( .D... ) "C:\Program Files\NetMeeting"
2006-05-13 03:24:04 ( .D... ) "C:\Program Files\Outlook Express"
2006-05-13 03:23:56 ( .D... ) "C:\Program Files\Common Files\System"
2006-05-13 03:23:54 ( .D... ) "C:\Program Files\Internet Explorer"
2006-05-13 03:23:10 ( .D... ) "C:\Program Files\ComPlus Applications"
2006-05-13 03:22:50 ( .D... ) "C:\Program Files\Online Services"
2006-05-13 03:22:48 ( .D... ) "C:\Program Files\Windows Media Player"
2006-05-13 03:22:40 ( .D... ) "C:\Program Files\Messenger"
2006-05-13 03:22:36 ( .D... ) "C:\Program Files\MSN Gaming Zone"
2006-05-13 03:21:50 ( .D... ) "C:\Program Files\MSN"
2006-05-13 03:21:48 ( .D... ) "C:\Program Files\Windows NT"
2006-05-12 22:40:50 ( .D... ) "C:\Program Files\Common Files\ODBC"
2006-05-12 22:40:46 ( .D... ) "C:\Program Files\Common Files\SpeechEngines"
2006-05-12 22:40:46 ( .D... ) "C:\Program Files\Common Files\Microsoft Shared"
2006-05-12 22:40:46 ( .D... ) "C:\Program Files\Common Files"
2006-05-12 22:40:06 62 ( A.SH. ) "C:\Documents and Settings\Pitr Strait\Application Data\desktop.ini"
2006-05-11 03:23:24 24576 ( A.... ) "C:\WINDOWS\system32\xpsp3res.dll"
2006-05-10 00:23:04 658432 ( A.... ) "C:\WINDOWS\system32\wininet.dll"
2006-05-10 00:23:02 613888 ( A.... ) "C:\WINDOWS\system32\urlmon.dll"
2006-05-10 00:23:02 532480 ( A.... ) "C:\WINDOWS\system32\mstime.dll"
2006-05-10 00:23:02 474112 ( A.... ) "C:\WINDOWS\system32\shlwapi.dll"
2006-05-10 00:23:02 448512 ( A.... ) "C:\WINDOWS\system32\mshtmled.dll"
2006-05-10 00:23:02 146432 ( A.... ) "C:\WINDOWS\system32\msrating.dll"
2006-05-10 00:23:02 39424 ( A.... ) "C:\WINDOWS\system32\pngfilt.dll"
2006-05-10 00:23:00 1054208 ( A.... ) "C:\WINDOWS\system32\danim.dll"
2006-05-10 00:23:00 1022976 ( A.... ) "C:\WINDOWS\system32\browseui.dll"
2006-05-10 00:23:00 357888 ( A.... ) "C:\WINDOWS\system32\dxtmsft.dll"
2006-05-10 00:23:00 251392 ( A.... ) "C:\WINDOWS\system32\iepeers.dll"
2006-05-10 00:23:00 205312 ( A.... ) "C:\WINDOWS\system32\dxtrans.dll"
2006-05-10 00:23:00 151040 ( A.... ) "C:\WINDOWS\system32\cdfview.dll"
2006-05-10 00:23:00 96256 ( A.... ) "C:\WINDOWS\system32\inseng.dll"
2006-05-10 00:23:00 55808 ( A.... ) "C:\WINDOWS\system32\extmgr.dll"
2006-05-10 00:23:00 16384 ( A.... ) "C:\WINDOWS\system32\jsproxy.dll"
2006-04-28 01:51:38 29968 ( A.... ) "C:\WINDOWS\system32\mdimon.dll"
2006-04-27 17:49:30 288417 ( A.... ) "C:\WINDOWS\system32\SrchSTS.exe"
2006-04-25 20:41:04 1190152 ( A.... ) "C:\WINDOWS\system32\FM20.DLL"
2006-04-25 20:41:04 32528 ( A.... ) "C:\WINDOWS\system32\FM20ENU.DLL"
2006-04-24 15:40:00 4730880 ( A.... ) "C:\WINDOWS\system32\wmp.dll"
2006-04-18 19:04:54 12288 ( A.... ) "C:\WINDOWS\system32\DivXWMPExtType.dll"


(((((((((((((((((((((((((((((((((((((( Files Created - Last 30days )))))))))))))))))))))))))))))))))))))))))))


2006-07-08 01:57 535,613,440 C:\hiberfil.sys
2006-07-08 00:17 476,320 C:\WINDOWS\system32\ImagXpr7.dll
2006-07-08 00:17 471,040 C:\WINDOWS\system32\ImagXRA7.dll
2006-07-08 00:17 262,144 C:\WINDOWS\system32\ImagXR7.dll
2006-07-08 00:17 155,648 C:\WINDOWS\system32\NeroCheck.exe
2006-07-08 00:17 106,496 C:\WINDOWS\system32\TwnLib20.dll
2006-07-08 00:17 1,568,768 C:\WINDOWS\system32\ImagX7.dll
2006-07-07 18:35 53,248 C:\WINDOWS\system32\Process.exe
2006-07-07 18:35 42,496 C:\WINDOWS\system32\swreg.exe
2006-07-07 18:35 40,960 C:\WINDOWS\system32\swsc.exe
2006-07-07 18:35 288,417 C:\WINDOWS\system32\SrchSTS.exe
2006-07-07 09:09 73,728 C:\WINDOWS\system32\asuninst.exe
2006-07-07 09:09 11,776 C:\WINDOWS\system32\ZPORT4AS.dll
2006-07-06 04:50 1,796,868 C:\crazy-cube.exe
2006-06-22 08:39 1,257,472 C:\WINDOWS\system32\pxsfs.dll
2006-06-19 16:20 702,768 C:\WINDOWS\system32\WgaLogon.dll
2006-06-19 16:19 571,184 C:\WINDOWS\system32\LegitCheckControl.dll
2006-06-19 16:19 304,944 C:\WINDOWS\system32\WgaTray.exe
2006-06-16 04:00 221,184 C:\WINDOWS\system32\wmpns.dll
2006-06-15 21:33 178,408 C:\WINDOWS\system32\muweb.dll
2006-06-15 21:33 127,208 C:\WINDOWS\system32\mucltui.dll
2006-06-15 16:55 778,240 C:\WINDOWS\system32\divx_xx0c.dll
2006-06-15 16:55 778,240 C:\WINDOWS\system32\divx_xx07.dll
2006-06-15 16:55 761,856 C:\WINDOWS\system32\divx_xx11.dll
2006-06-15 16:55 620,180 C:\WINDOWS\system32\DivX.dll
2006-06-15 14:13 29,968 C:\WINDOWS\system32\mdimon.dll
2006-06-14 12:49 118,784 C:\WINDOWS\system32\DivXCodecUpdateChecker.exe
2006-06-01 16:47 40,960 C:\WINDOWS\system32\eax.dll
2006-06-01 16:45 306,688 C:\WINDOWS\IsUninst.exe
2006-05-31 09:12 6,656 C:\WINDOWS\system32\pndx5016.dll
2006-05-31 09:12 5,632 C:\WINDOWS\system32\pndx5032.dll
2006-05-31 09:12 278,528 C:\WINDOWS\system32\pncrt.dll
2006-05-31 09:12 176,167 C:\WINDOWS\system32\rmoc3260.dll
2006-05-26 20:21 2,337,488 C:\WINDOWS\system32\d3dx9_25.dll
2006-05-25 02:56 49,250 C:\WINDOWS\system32\javaw.exe
2006-05-25 02:56 49,248 C:\WINDOWS\system32\java.exe
2006-05-25 02:56 127,078 C:\WINDOWS\system32\javaws.exe
2006-05-24 17:46 90,112 C:\WINDOWS\system32\dpl100.dll
2006-05-24 17:46 593,920 C:\WINDOWS\system32\dpuGUI11.dll
2006-05-24 17:46 57,344 C:\WINDOWS\system32\dpv11.dll
2006-05-24 17:46 53,248 C:\WINDOWS\system32\dpuGUI10.dll
2006-05-24 17:46 344,064 C:\WINDOWS\system32\dpus11.dll
2006-05-24 17:46 294,912 C:\WINDOWS\system32\dpu11.dll
2006-05-24 17:46 294,912 C:\WINDOWS\system32\dpu10.dll
2006-05-24 17:46 200,704 C:\WINDOWS\system32\dtu100.dll
2006-05-24 17:43 245,408 C:\WINDOWS\system32\unicows.dll
2006-05-24 17:43 200,704 C:\WINDOWS\system32\ssldivx.dll
2006-05-24 17:43 1,044,480 C:\WINDOWS\system32\libdivx.dll


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"PRONoMgrWired"="C:\\Program Files\\Intel\\PROSetWired\\NCS\\PROSet\\PRONoMgr.exe"
"CTHelper"="CTHELPER.EXE"
"AVG7_CC"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgcc.exe /STARTUP"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"SunJavaUpdateSched"="C:\\Program Files\\Java\\jre1.5.0_06\\bin\\jusched.exe"
"DAEMON Tools"="\"C:\\Program Files\\DAEMON Tools\\daemon.exe\" -lang 1033"
"WatchDog"="C:\\Program Files\\mobile PhoneTools\\WatchDog.exe"
"WinampAgent"="C:\\Program Files\\Winamp\\winampa.exe"
"!ewido"="\"C:\\Program Files\\ewido anti-spyware 4.0\\ewido.exe\" /minimized"
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"Citrus Alarm Clock"="C:\\Program Files\\Citrus Alarm Clock\\citrusac.exe"
"MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"BitComet"="\"C:\\Program Files\\BitComet\\BitComet.exe\""

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=dword:00000000

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000005

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"SetDefaultMIDI"="MIDIDef.exe"
"AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE"

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"SetDefaultMidi"="MIDIDEF.EXE"

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"SetDefaultMIDI"="MIDIDef.exe"
"AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE"

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\runonce]
"SetDefaultMidi"="MIDIDEF.EXE"

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="ewido anti-spyware 4.0"



Contents of the 'Scheduled Tasks' folder

Completion time: Sat 07/08/2006 2:00:01.68
ComboFix ver 06.07.07 - This logfile is located at C:\ComboFix.txt

#8 Guest_Cretemonster_*

Guest_Cretemonster_*

  • Guests
  • OFFLINE
  •  

Posted 08 July 2006 - 07:00 AM

Please run the F-Secure Online Scanner

Note: This Scanner is for Internet Explorer Only!
  • Follow the Instruction on the F-Secure page for proper installation.
  • Accept the License Agreement.
  • Once the ActiveX installs,Click Full System Scan
  • Once the download completes,the scan will begin automatically.
  • The scan will take some time to finish,so please be patient.
  • When the scan completes, click the Automatic cleaning (recommended) button.
  • Click the Show Report button and Copy&Paste the entire report in your next reply.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users