Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected With Virus Burst


  • This topic is locked This topic is locked
10 replies to this topic

#1 phishy25

phishy25

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:11:41 AM

Posted 10 November 2006 - 03:58 AM

This thing is driving me nuts! I've had it on the computer for about a week now. I have firewalls, Norton, Spybot and Adaware and none seem to detect it. I also ran a Microsoft Malicious Software removal but it took forever and did nothing.

I have followed all the previous instructions listed: Deleted temporary files, ran adaware, spybot, Housecall, and MacAfee. I tried to install the recommended firewall Zonelabs but my computer blocked the installation and I can't seem to get around that. If anyone has advice on that I will gladly take it because it is also blocking me from installing Java updates.

Anyway, here is the HijackThis log. Thank you for your time and help.


Logfile of HijackThis v1.99.1
Scan saved at 10:48:05 PM, on 11/9/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\WINDOWS\system32\CTSvcCDA.EXE
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
c:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\system32\MsPMSPSv.exe
c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\VideoKeyCodec\isamonitor.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\VideoKeyCodec\isamini.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDet.EXE
C:\WINDOWS\eHome\ehmsas.exe
C:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\system32\hphmon06.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\AOL\1153389732\ee\AOLSoftware.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe
C:\HP\KBD\KBD.EXE
c:\windows\system\hpsysdrv.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = "C:\Program Files\Outlook Express\msimn.exe"
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = By Hawaiian Telcom
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {7b4d79df-9ef0-429d-a0e9-d9b138c6a53b} - C:\Program Files\VideoKeyCodec\isaddon.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: HP view - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Protection Bar - {1a29a79a-b9c8-44a9-bedf-7fadde3cf33f} - C:\Program Files\VideoKeyCodec\iesplugin.dll (file missing)
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [SSC_UserPrompt] c:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [IS CfgWiz] c:\Program Files\Norton Internet Security\cfgwiz.exe /GUID {257BBC47-1B26-432e-9F84-188603799DD3} /MODE CfgWiz /CMDLINE "REBOOT"
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [CTDVDDET] C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDet.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1153389732\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [IPHSend] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = ?
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - c:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (HKCU)
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (HKCU)
O21 - SSODL: contrabandists - {dfa61db1-388e-4c87-8d56-540fa229bcb4} - C:\WINDOWS\system32\dpfwu.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTSvcCDA.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: IS Service (ISSVC) - Symantec Corporation - c:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SAVScan - Symantec Corporation - c:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

BC AdBot (Login to Remove)

 


m

#2 YounGun

YounGun

    The malware-fighting kid


  • Members
  • 244 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Romania, Bucharest
  • Local time:06:41 PM

Posted 10 November 2006 - 06:18 AM

Hello, my name is Victor and I will be helping you.

Please take your time to read thru my instructions and follow them carefully

Download SmitfraudFix (by S!Ri) to your Desktop.
http://siri.urz.free.fr/Fix/SmitfraudFix.zip
Extract all the files to your Destop. A folder named SmitfraudFix will be created on your Desktop.
______________________________

Download : Download AVG Anti-Spyware 7.5 and save that file to your desktop.
This is a 30 day trial of the program
  • Once you have downloaded AVG Anti-Spyware, locate the icon on the desktop and double-click it to launch the set up program.
  • Select “Change state" to inactivate 'Resident Shield' and 'Automatic Updates'
    Right click on AVG Anti-Spyware in the system tray and uncheck "Start with Windows".
    Go to Start > Run and type: services.msc
  • Press "OK".
  • In Services, click the "Extended tab" and scroll down the list to find AVG anti-spyware 7.5 guard.
  • When you find the guard service, double-click on it.
  • In the Properties Window > General Tab that opens, click the "Stop" button.
  • From the drop-down menu next to "Startup Type", click on "Manual".
  • Now click "Apply", then "OK" and close the Services window.
  • Once the setup is complete you will need run AVG Anti-Spyware and update the definition files.
  • On the main screen select the icon "Update" then select the "Update now" link.
    • Next select the "Start Update" button, the update will start and a progress bar will show the updates being installed.
      If you are having problems with the updater, manually update with the AVG Anti-Spyware Full database installer from here.
  • Once the update has completed select the "Scanner" icon at the top of the screen, then select the "Settings" tab.
  • Once in the Settings screen click on "Recommended actions" and then select "Quarantine".
  • Under "Reports"
    • Select "Automatically generate report after every scan"
    • Un-Select "Only if threats were found"
Close AVG Anti-Spyware, Do Not run a scan just yet. We will shortly.

______________________________

Open the SmitfraudFix folder and double-click smitfraudfix.cmd
Select option #1 - Search by typing 1 and press Enter
This program will scan large amounts of files on your computer for known patterns so please be patient while it works. When it is done, the results of the scan will be displayed and it will create a log named rapport.txt in the root of your drive, eg: Local Disk C: or partition where your operating system is installed. Please post that log along with all others requested in your next reply.

Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.
http://www.beyondlogic.org/consulting/proc...processutil.htm

IMPORTANT: Do NOT run any other options until you are asked to do so!

#3 phishy25

phishy25
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:11:41 AM

Posted 10 November 2006 - 04:20 PM

Thanks for your help. I did all the steps, except for #13. In the AVG Anti-Spyware, when I click on reports, it just says, No reports availiable. I don't know where to find:

Under "Reports"

* Select "Automatically generate report after every scan"
* Un-Select "Only if threats were found"

Here is the log from Smitfraud:

SmitFraudFix v2.120

Scan done at 11:14:45.95, Fri 11/10/2006
Run from C:\Documents and Settings\HP_Administrator\Desktop\SmitfraudFix\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
Fix run in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32

C:\WINDOWS\system32\dpfwu.dll FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\HP_Administrator


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\HP_Administrator\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Start Menu

C:\DOCUME~1\ALLUSE~1\STARTM~1\Online Security Guide.url FOUND !
C:\DOCUME~1\ALLUSE~1\STARTM~1\Security Troubleshooting.url FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\HP_ADM~1\FAVORI~1


»»»»»»»»»»»»»»»»»»»»»»»» Desktop


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files

C:\Program Files\VideoKeyCodec\ FOUND !
C:\Program Files\VirusBurster\ FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys


»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"


»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{dfa61db1-388e-4c87-8d56-540fa229bcb4}"="contrabandists"

[HKEY_CLASSES_ROOT\CLSID\{dfa61db1-388e-4c87-8d56-540fa229bcb4}\InProcServer32]
@="C:\WINDOWS\system32\dpfwu.dll"

[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{dfa61db1-388e-4c87-8d56-540fa229bcb4}\InProcServer32]
@="C:\WINDOWS\system32\dpfwu.dll"



»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""


»»»»»»»»»»»»»»»»»»»»»»»» pe386-msguard-lzx32


»»»»»»»»»»»»»»»»»»»»»»»» Scanning wininet.dll infection


»»»»»»»»»»»»»»»»»»»»»»»» End

#4 YounGun

YounGun

    The malware-fighting kid


  • Members
  • 244 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Romania, Bucharest
  • Local time:06:41 PM

Posted 11 November 2006 - 03:39 AM

I had that problem too first time I went thru the instructions :thumbsup: When you click the scanned icon, you will see that there is a sub-menu called reports on the right.

Please print out or copy these instructions/tutorial to Notepad as the internet will not be (while in Safe Mode) available to you at certain points of the removal process. Make sure to work through all the Steps in the exact order in which they are listed below. If there's anything that you don't understand, ask your question(s) before moving on with the fixes.

Reboot your computer in Safe Mode.
  • If the computer is running, shut down Windows, and then turn off the power.
  • Wait 30 seconds, and then turn the computer on.
  • Start tapping the F8 key. The Windows Advanced Options Menu appears. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, restart the computer and try again.
  • Ensure that the Safe Mode option is selected.
  • Press Enter. The computer then begins to start in Safe mode.
  • Login on your usual account.
______________________________

Open the SmitfraudFix Folder, then double-click smitfraudfix.cmd file to start the tool.
Select option #2 - Clean by typing 2 and press Enter.
Wait for the tool to complete and disk cleanup to finish.
You will be prompted : "Registry cleaning - Do you want to clean the registry ?" answer Yes by typing Y and hit Enter.
The tool will also check if wininet.dll is infected. If it is infected and a clean version is found, you will be prompted to replace the infected wininet.dll with the clean file. Answer Yes to the question "Replace infected file ?" by typing Y and hit Enter.

A reboot may be needed to finish the cleaning process, if you computer does not restart automatically please do it yourself manually. Reboot in Safe Mode.

The tool will create a log named rapport.txt in the root of your drive, eg: Local Disk C: or partition where your operating system is installed. Please post that log along with all others requested in your next reply.
______________________________

Clean out your Temporary Internet files. Proceed like this:
  • Quit Internet Explorer and quit any instances of Windows Explorer.
  • Click Start, click Control Panel, and then double-click Internet Options.
  • On the General tab, click Delete Files under Temporary Internet Files.
  • In the Delete Files dialog box, tick the Delete all offline content check box , and then click OK.
  • On the General tab, click Delete Cookies under Temporary Internet Files, and then click OK.
  • Click on the Programs tab then click the Reset Web Settings button. Click Apply then OK.
  • Click OK.
Next Click Start, click Control Panel and then double-click Display. Click on the Desktop tab, then click the Customize Desktop button. Click on the Web tab. Under Web Pages you should see a checked entry called Security info or something similar. If it is there, select that entry and click the Delete button. Click Ok then Apply and Ok.

Empty the Recycle Bin by right-clicking the Recycle Bin icon on your Desktop, and then clicking Empty Recycle Bin
______________________________
Close ALL open Windows / Programs / Folders. Close ALL open Windows / Programs / Folders.
  • While in Safe Mode, Scan with AVG Anti-Spyware as follows:
    1. Launch AVG Anti-Spyware, click on the "Scanner" button and choose the "Settings" tab.
  • Under "How to act?", click on "Recommended actions" and choose "Quarantine" to set default action for detected malware.
  • Under "How to Scan?" check all (default).
  • Under "Possibly unwanted software" check all (default).
  • Under "What to Scan?" make sure "Scan every file" is selected (default).
  • Under "Reports" select "Automatically generate report after every scan" and UNcheck "Only if threats were found".
2. Click the "Scan" tab to return to scanning options.
3. Click "Complete System Scan" to start.
4. When the scan has finished you will be presented with a list of infected objects found. Click "Apply all actions" to place the files in Quarantine.

IMPORTANT! Do not save the report before you have clicked the Apply all actions button. If you do, the log that is created will indicate "No action taken", making it more difficult to interpret the report. So be sure you save it only AFTER clicking the "Apply all actions" button?

5. Click on "Save Report" to view all completed scans. Click on the most recent scan you just performed and select "Save report as" - the default file name will be in date/time format as follows: Report-Scan-20060620-142816.txt. Save to your desktop. A copy of each report will also be saved in C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Reports\
6. Exit AVG Anti-Spyware when done, reboot your system back into Normal Mode.
_____________________________

Open the SmitfraudFix folder and double-click smitfraudfix.cmd
Select option #3 - Delete Trusted zone by typing 3 and press Enter

Note, if you use SpywareBlaster and/or IE-SPYAD, it will be necessary to re-install the protection both afford. For SpywareBlaster, run the program and re-protect all items. For IE-SPYAD, run the batch file and reinstall the protection.
______________________________

Please post:
  • c:\rapport.txt
  • AVG AS log
  • A new HijackThis log
You may need several replies to post the requested logs, otherwise they might get cut off.

#5 phishy25

phishy25
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:11:41 AM

Posted 11 November 2006 - 11:54 AM

Rapport

SmitFraudFix v2.120

Scan done at 23:18:51.07, Fri 11/10/2006
Run from C:\Documents and Settings\HP_Administrator\Desktop\SmitfraudFix\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
Fix run in safe mode

»»»»»»»»»»»»»»»»»»»»»»»» Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{dfa61db1-388e-4c87-8d56-540fa229bcb4}"="contrabandists"

[HKEY_CLASSES_ROOT\CLSID\{dfa61db1-388e-4c87-8d56-540fa229bcb4}\InProcServer32]
@="C:\WINDOWS\system32\dpfwu.dll"

[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{dfa61db1-388e-4c87-8d56-540fa229bcb4}\InProcServer32]
@="C:\WINDOWS\system32\dpfwu.dll"


»»»»»»»»»»»»»»»»»»»»»»»» Killing process


»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri

C:\WINDOWS\system32\dpfwu.dll -> Hoax.Win32.Renos.gen.d
C:\WINDOWS\system32\dpfwu.dll -> Deleted


»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files

C:\DOCUME~1\ALLUSE~1\STARTM~1\Online Security Guide.url Deleted
C:\DOCUME~1\ALLUSE~1\STARTM~1\Security Troubleshooting.url Deleted
C:\Program Files\VideoKeyCodec\ Deleted
C:\Program Files\VirusBurster\ Deleted

»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files


»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

Registry Cleaning done.

»»»»»»»»»»»»»»»»»»»»»»»» After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» End

#6 phishy25

phishy25
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:11:41 AM

Posted 11 November 2006 - 11:56 AM

AVG AS

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 6:38:11 AM 11/11/2006

+ Scan result:



HKU\S-1-5-21-1706675628-2928505146-1237967110-1007\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1A29A79A-B9C8-44A9-BEDF-7FADDE3CF33F} -> Adware.Generic : Cleaned with backup (quarantined).
C:\Program Files\WildTangent\Apps\GameChannel\Games\1FFA88DF-0AC3-4D9E-9139-5FF98813C12C\wygdutp32.dll -> Downloader.Agent.ux : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP327\A0044662.dll -> Downloader.Zlob.ase : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP327\A0044663.exe -> Downloader.Zlob.ase : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP327\A0044681.dll -> Downloader.Zlob.ase : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP327\A0044682.exe -> Downloader.Zlob.ase : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP327\A0044703.dll -> Downloader.Zlob.ase : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP327\A0044704.exe -> Downloader.Zlob.ase : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP327\A0044725.dll -> Downloader.Zlob.ase : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP327\A0044726.exe -> Downloader.Zlob.ase : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP327\A0044727.exe -> Downloader.Zlob.ase : Cleaned with backup (quarantined).
:mozilla.132:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\lfqbz2cr.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.133:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\lfqbz2cr.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.134:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\lfqbz2cr.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.135:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\lfqbz2cr.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.136:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\lfqbz2cr.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.137:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\lfqbz2cr.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.138:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\lfqbz2cr.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.139:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\lfqbz2cr.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.140:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\lfqbz2cr.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.141:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\lfqbz2cr.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.142:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\lfqbz2cr.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.143:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\lfqbz2cr.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.144:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\lfqbz2cr.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.145:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\lfqbz2cr.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.146:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\lfqbz2cr.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.147:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\lfqbz2cr.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.148:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\lfqbz2cr.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.149:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\lfqbz2cr.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.150:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\lfqbz2cr.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.151:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\lfqbz2cr.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.152:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\lfqbz2cr.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.153:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\lfqbz2cr.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.154:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\lfqbz2cr.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.155:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\lfqbz2cr.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.156:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\lfqbz2cr.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.157:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\lfqbz2cr.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.158:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\lfqbz2cr.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.159:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\lfqbz2cr.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.160:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\lfqbz2cr.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.161:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\lfqbz2cr.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.162:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\lfqbz2cr.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.163:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\lfqbz2cr.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.164:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\lfqbz2cr.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.165:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\lfqbz2cr.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.166:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\lfqbz2cr.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.167:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\lfqbz2cr.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.168:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\lfqbz2cr.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.169:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\lfqbz2cr.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.170:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\lfqbz2cr.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.582:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\lfqbz2cr.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.649:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\lfqbz2cr.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.769:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\lfqbz2cr.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@cnn.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@northwestairlines.112.2o7[2].txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.578:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\lfqbz2cr.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.579:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\lfqbz2cr.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.601:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\lfqbz2cr.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.360:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\lfqbz2cr.default\cookies.txt -> TrackingCookie.Addynamix : Cleaned.
:mozilla.470:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\lfqbz2cr.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.471:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\lfqbz2cr.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.472:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\lfqbz2cr.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.473:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\lfqbz2cr.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.474:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\lfqbz2cr.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.475:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\lfqbz2cr.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.476:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\lfqbz2cr.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.477:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\lfqbz2cr.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.611:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\lfqbz2cr.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.612:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\lfqbz2cr.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.884:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\lfqbz2cr.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.885:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\lfqbz2cr.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.728:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\lfqbz2cr.default\cookies.txt -> TrackingCookie.Adserver : Cleaned.
:mozilla.729:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\lfqbz2cr.default\cookies.txt -> TrackingCookie.Adserver : Cleaned.
:mozilla.250:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\lfqbz2cr.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.252:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\lfqbz2cr.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.253:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\lfqbz2cr.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.254:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\lfqbz2cr.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.255:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\lfqbz2cr.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.16:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\lfqbz2cr.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
:mozilla.516:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\lfqbz2cr.default\cookies.txt -> TrackingCookie.Bluestreak : Cleaned.
:mozilla.556:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\lfqbz2cr.default\cookies.txt -> TrackingCookie.Burstbeacon : Cleaned.
:mozilla.557:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\lfqbz2cr.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.558:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\lfqbz2cr.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.559:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\lfqbz2cr.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.560:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\lfqbz2cr.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.289:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\lfqbz2cr.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.290:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\lfqbz2cr.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.291:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\lfqbz2cr.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.292:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\lfqbz2cr.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.293:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\lfqbz2cr.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.294:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\lfqbz2cr.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.295:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\lfqbz2cr.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.296:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\lfqbz2cr.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.297:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\lfqbz2cr.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.682:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\lfqbz2cr.default\cookies.txt -> TrackingCookie.Com : Cleaned.
:mozilla.26:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\lfqbz2cr.default\cookies.txt -> TrackingCookie.Coremetrics : Cleaned.
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@www.rape.com.18345.fb.dbbsrv[2].txt -> TrackingCookie.Dbbsrv : Cleaned.
:mozilla.28:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\lfqbz2cr.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.101:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\lfqbz2cr.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.104:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\lfqbz2cr.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.105:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\lfqbz2cr.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.114:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\lfqbz2cr.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.116:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\lfqbz2cr.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.117:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\lfqbz2cr.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.118:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\lfqbz2cr.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.119:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\lfqbz2cr.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.124:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\lfqbz2cr.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.126:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\lfqbz2cr.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.127:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\lfqbz2cr.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.131:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\lfqbz2cr.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.242:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\lfqbz2cr.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.502:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\lfqbz2cr.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.644:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\lfqbz2cr.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.720:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\lfqbz2cr.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.725:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\lfqbz2cr.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.726:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\lfqbz2cr.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.727:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\lfqbz2cr.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.744:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\lfqbz2cr.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.745:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\lfqbz2cr.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@e-2dj6wfk4gncjgco.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@e-2dj6wfk4skczceq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@e-2dj6wfkigpdzwlo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@e-2dj6wfkiojc5sbp.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@e-2dj6wfkiqkazobp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@e-2dj6wfkisjajmbp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@e-2dj6wfkocgdzgco.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@e-2dj6wfkyqocpeaq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@e-2dj6wfkysncpiap.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@e-2dj6wfkywidpkko.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@e-2dj6wfl4kmdzggq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@e-2dj6wfliohdpalo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@e-2dj6wfloegdjgbo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@e-2dj6wfloklc5akp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@e-2dj6wfmyqpcpccq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@e-2dj6wgkicldpceo.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@e-2dj6wgkiuidpwao.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@e-2dj6wgkyqjczabo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@e-2dj6wjk4cmcpkap.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@e-2dj6wjk4qldjmgp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@e-2dj6wjk4woajwko.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@e-2dj6wjkokgdpeeo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@e-2dj6wjkoshcjgap.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@e-2dj6wjkyenczkko.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@e-2dj6wjkyogdzkdp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@e-2dj6wjkysmd5klp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@e-2dj6wjkyupcpgdp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@e-2dj6wjl4ajcjgfo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@e-2dj6wjlicpczafo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@e-2dj6wjlieocjocp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@e-2dj6wjliomd5acp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@e-2dj6wjlismc5clp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@e-2dj6wjlocjczihp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@e-2dj6wjlogjc5wbq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@e-2dj6wjloshdjeeo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@e-2dj6wjlygiazafo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@e-2dj6wjlyokd5gho.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@e-2dj6wjmiahd5oco.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@e-2dj6wjmicndjoho.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@e-2dj6wjmicoajiko.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@e-2dj6wjmiemdpidq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@e-2dj6wjmyejajokp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@e-2dj6wjmyuidpmdo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@e-2dj6wjny-1gajgg.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@e-2dj6wjny-1mczol.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@e-2dj6wjnycmajsbp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@e-2dj6wjnyeiczsko.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@e-2dj6wjnyggczwco.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@e-2dj6wjnyogd5scq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@e-2dj6wjnyojazcdq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@e-2dj6wjnyoodpmap.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@e-2dj6wjnyopajcdq.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@e-2dj6wjnysgazclo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@e-2dj6wjnyuidjaao.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@e-2dj6wjnyupc5gcp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.504:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\lfqbz2cr.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.505:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\lfqbz2cr.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.506:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\lfqbz2cr.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.507:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\lfqbz2cr.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.508:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\lfqbz2cr.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.859:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\lfqbz2cr.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.860:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\lfqbz2cr.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.861:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\lfqbz2cr.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.862:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\lfqbz2cr.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.353:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\lfqbz2cr.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.354:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\lfqbz2cr.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.355:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\lfqbz2cr.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.356:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\lfqbz2cr.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.357:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\lfqbz2cr.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.358:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\lfqbz2cr.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.359:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\lfqbz2cr.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.573:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\lfqbz2cr.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.799:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\lfqbz2cr.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.802:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\lfqbz2cr.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.875:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\lfqbz2cr.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.275:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\lfqbz2cr.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.276:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\lfqbz2cr.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.277:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\lfqbz2cr.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.617:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\lfqbz2cr.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.618:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\lfqbz2cr.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.620:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\lfqbz2cr.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.621:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\lfqbz2cr.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.625:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\lfqbz2cr.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.626:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\lfqbz2cr.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.628:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\lfqbz2cr.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.629:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\lfqbz2cr.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.630:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\lfqbz2cr.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.631:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\lfqbz2cr.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.632:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\lfqbz2cr.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.633:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\lfqbz2cr.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.634:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\lfqbz2cr.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.635:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\lfqbz2cr.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.636:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\lfqbz2cr.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.637:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\lfqbz2cr.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.638:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\lfqbz2cr.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.654:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\lfqbz2cr.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.792:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\lfqbz2cr.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.815:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\lfqbz2cr.default\cookies.txt -> TrackingCookie.Hitslink : Cleaned.
:mozilla.561:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\lfqbz2cr.default\cookies.txt -> TrackingCookie.Linksynergy : Cleaned.
:mozilla.562:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\lfqbz2cr.default\cookies.txt -> TrackingCookie.Linksynergy : Cleaned.
:mozilla.738:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\lfqbz2cr.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.739:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\lfqbz2cr.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.740:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\lfqbz2cr.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@sales.liveperson[1].txt -> TrackingCookie.Liveperson : Cleaned.
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@image.masterstats[1].txt -> TrackingCookie.Masterstats : Cleaned.
:mozilla.120:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\lfqbz2cr.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.123:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\lfqbz2cr.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.392:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\lfqbz2cr.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.648:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\lfqbz2cr.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.543:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\lfqbz2cr.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.544:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\lfqbz2cr.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.545:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\lfqbz2cr.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.546:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\lfqbz2cr.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.121:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\lfqbz2cr.default\cookies.txt -> TrackingCookie.Qksrv : Cleaned.
:mozilla.122:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\lfqbz2cr.default\cookies.txt -> TrackingCookie.Qksrv : Cleaned.
:mozilla.209:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\lfqbz2cr.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.210:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\lfqbz2cr.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.211:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\lfqbz2cr.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.722:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\lfqbz2cr.default\cookies.txt -> TrackingCookie.Revenue : Cleaned.
:mozilla.172:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\lfqbz2cr.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.173:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\lfqbz2cr.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.174:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\lfqbz2cr.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.175:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\lfqbz2cr.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.176:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\lfqbz2cr.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.177:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\lfqbz2cr.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.178:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\lfqbz2cr.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.179:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\lfqbz2cr.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.180:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\lfqbz2cr.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.181:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\lfqbz2cr.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.364:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\lfqbz2cr.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.365:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\lfqbz2cr.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.366:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\lfqbz2cr.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.367:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\lfqbz2cr.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.368:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\lfqbz2cr.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.369:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\lfqbz2cr.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.593:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\lfqbz2cr.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.594:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\lfqbz2cr.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.30:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\lfqbz2cr.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.32:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\lfqbz2cr.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.34:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\lfqbz2cr.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.35:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\lfqbz2cr.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.36:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\lfqbz2cr.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.37:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\lfqbz2cr.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.38:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\lfqbz2cr.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.39:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\lfqbz2cr.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.40:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\lfqbz2cr.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.41:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\lfqbz2cr.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.109:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\lfqbz2cr.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.110:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\lfqbz2cr.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.111:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\lfqbz2cr.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.112:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\lfqbz2cr.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.113:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\lfqbz2cr.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.776:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\lfqbz2cr.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.374:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\lfqbz2cr.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned.
:mozilla.316:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\lfqbz2cr.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.317:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\lfqbz2cr.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.318:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\lfqbz2cr.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.319:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\lfqbz2cr.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.320:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\lfqbz2cr.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.321:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\lfqbz2cr.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.322:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\lfqbz2cr.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.323:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\lfqbz2cr.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.324:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\lfqbz2cr.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.298:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\lfqbz2cr.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.299:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\lfqbz2cr.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.300:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\lfqbz2cr.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.301:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\lfqbz2cr.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.302:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\lfqbz2cr.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.303:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\lfqbz2cr.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.304:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\lfqbz2cr.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.305:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\lfqbz2cr.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.306:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\lfqbz2cr.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.307:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\lfqbz2cr.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.308:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\lfqbz2cr.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.309:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\lfqbz2cr.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.310:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\lfqbz2cr.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@server3.web-stat[2].txt -> TrackingCookie.Web-stat : Cleaned.
:mozilla.402:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\lfqbz2cr.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned.
:mozilla.330:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\lfqbz2cr.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.333:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\lfqbz2cr.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.334:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\lfqbz2cr.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.335:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\lfqbz2cr.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.336:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\lfqbz2cr.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.721:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\lfqbz2cr.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.723:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\lfqbz2cr.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.724:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\lfqbz2cr.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP327\A0044723.dll -> Trojan.Fakealert : Cleaned with backup (quarantined).


::Report end



Hijack This

Logfile of HijackThis v1.99.1
Scan saved at 6:49:52 AM, on 11/11/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\WINDOWS\system32\CTSvcCDA.EXE
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
c:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\system32\MsPMSPSv.exe
c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDet.EXE
C:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\system32\hphmon06.exe
C:\Program Files\Picasa2\PicasaMediaDetector.e

#7 phishy25

phishy25
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:11:41 AM

Posted 11 November 2006 - 11:58 AM

Logfile of HijackThis v1.99.1
Scan saved at 6:49:52 AM, on 11/11/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\WINDOWS\system32\CTSvcCDA.EXE
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
c:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\system32\MsPMSPSv.exe
c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDet.EXE
C:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\system32\hphmon06.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\Common Files\AOL\1153389732\ee\aolsoftware.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe
C:\WINDOWS\system32\wuauclt.exe
C:\HP\KBD\KBD.EXE
c:\windows\system\hpsysdrv.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = "C:\Program Files\Outlook Express\msimn.exe"
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = By Hawaiian Telcom
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: HP view - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [SSC_UserPrompt] c:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [IS CfgWiz] c:\Program Files\Norton Internet Security\cfgwiz.exe /GUID {257BBC47-1B26-432e-9F84-188603799DD3} /MODE CfgWiz /CMDLINE "REBOOT"
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [CTDVDDET] C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDet.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1153389732\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [IPHSend] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = ?
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - c:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (HKCU)
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (HKCU)
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTSvcCDA.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: IS Service (ISSVC) - Symantec Corporation - c:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SAVScan - Symantec Corporation - c:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

#8 phishy25

phishy25
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:11:41 AM

Posted 13 November 2006 - 03:18 AM

Another problem :thumbsup: . Ever since I ran all these programs I can no longer send email in Outlook. I keep getting this message: An unknown error has occurred. Subject 'Re: Re: ', Account: 'angelita1225@hawaiiantel.net', Server: 'smtp.hawaiiantel.net', Protocol: SMTP, Server Response: '554 Message refused', Port: 25, Secure(SSL): No, Server Error: 554, Error Number: 0x800CCC6F

Any thoughts?

Thank you.

#9 YounGun

YounGun

    The malware-fighting kid


  • Members
  • 244 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Romania, Bucharest
  • Local time:06:41 PM

Posted 13 November 2006 - 04:33 AM

Hi :thumbsup:

Well, the infection is gone. How are things looking on your side?

I'll get back to you on the error.

#10 phishy25

phishy25
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:11:41 AM

Posted 14 November 2006 - 12:04 AM

THanks, things are going quite well. Thank you for your help regarding the infection. And I also did manage to figure out the email issue by going through HP customer support. Thanks again.

#11 YounGun

YounGun

    The malware-fighting kid


  • Members
  • 244 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Romania, Bucharest
  • Local time:06:41 PM

Posted 14 November 2006 - 04:43 PM

Great, glad you got it fixed :thumbsup:

If you ever should need this topic re-opened, please private message a moderator. (this applies to the original topic starter)
Everybody else please start a new thread with your issue.

To reduce the re-infection potential for malware and protect yourself against spyware, here are a few helpful suggestions:

1. Keep Windows and Internet Explorer current with the latest critical security updates from Microsoft. This will patch many of the security holes through which attackers can gain access to your computer.

2. Prevent spyware, homepage hijacking and increase your browser security by using the following free programs:

SpywareGuard
SpywareBlaster
IE-SPYAD

3. Prevention and Protection Tips:

"Help Preventing Spyware" by Pieter Arntz [aka: Metallica] for detailed instructions on how to install and use the above preventive tools.
"How to Protect yourself from malware!" and download a FREE anti-spyware, Firewalls and security tools from ONE LOCATION.
"How did I get infected in the first place?" by Tony Klein.
"THE PARASITE FIGHT: Finding, Removing & Protecting Yourself From Scumware"
"Basic understanding of security" by me, Victor C. aka YounGun for an introduction into the security world.

4. Safer Internet Explorer Settings:

"Safer Settings for Internet Explorer for SP1 & SP2" by Larry Stevenson [aka: Prince_Serendip]
"How to Configure Enhanced Security Features for Internet Explorer in XP SP2".

5. Increase Your Computer Stability and Overall Security

"COMPUTER HEALTH: Getting greater stability from Windows".
"Secure Your Home Computer" by TomCat for a comprehensive overview on how to keep your computer safe.

6. Confused about which apps are good or not? Read "Rogue/Suspect Anti-Spyware Products".




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users