Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Hijack This Scan Results (trojan-spy.win32@mx?) Please Help


  • This topic is locked This topic is locked
15 replies to this topic

#1 freakpower

freakpower

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:09:13 AM

Posted 05 March 2007 - 01:15 AM

Hello.. first time posting here, kinda in a panic because of this virus I got today on my Windows XP machine. This is a terrible virus... it pops up windows asking you to download anti-virus software NONSTOP and Norton doesn't seem to be able to remove it.

I did a Google search and found this site, through which I found multiple posts suggesting I download and run "HiJack This." I downloaded it and ran the scan, here are the results:

Logfile of HijackThis v1.99.1
Scan saved at 9:58:31 PM, on 3/4/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\System32\sesinetd.exe
C:\WINDOWS\system32\hserver.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Tablet.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Video Access ActiveX Object\pmsnrr.exe
C:\Program Files\NovaStor\NovaBackup\NbkCtrl.exe
C:\Program Files\Common Files\Ulead Systems\DVD\USISrv.exe
C:\Program Files\Video Access ActiveX Object\pmmnt.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\ATI Multimedia\main\ATIDtct.EXE
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\PROGRA~1\NovaStor\NOVABA~1\NSENGINE.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam10\QuickCam10.exe
C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\WTablet\TabUserW.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\Program Files\Java\jre1.5.0_06\bin\jucheck.exe
C:\PROGRA~1\Mozilla Firefox\firefox.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Road Runner High Speed Online
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: NVRIEbar.IEbar - {BCBF738C-4891-4B9A-959A-C6BF7F608C3A} - C:\Program Files\NaturalSoft\NaturalReader63\NVRIEBar.dll
O4 - HKLM\..\Run: [NovaBackup 7 Tray Control] "C:\Program Files\NovaStor\NovaBackup\NbkCtrl.exe"
O4 - HKLM\..\Run: [USIUDF_Eject_Monitor] C:\Program Files\Common Files\Ulead Systems\DVD\USISrv.exe
O4 - HKLM\..\Run: [WinPLOSION] "C:\Program Files\WinPLOSION\wep.exe"
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [ATI DeviceDetect] C:\Program Files\ATI Multimedia\main\ATIDtct.EXE
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [Desksite CMA] C:\Program Files\desksite\bin\cma.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [LogitechVideo[inspector]] C:\Program Files\Logitech\Video\InstallHelper.exe /inspect
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" /hide
O4 - HKLM\..\Run: [LVCOMSX] "C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [igndlm.exe] C:\Program Files\FilePlanet\Download Manager\DLM.exe /windowsstart /startifwork
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: TabUserW.exe.lnk = C:\WINDOWS\system32\WTablet\TabUserW.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: ATI TV - {44226DFF-747E-4edc-B30C-78752E50CD0C} - C:\Program Files\ATI Multimedia\tv\EXPLBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: ppctlcab - http://www.pestscan.com/scanner/ppctlcab.cab
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://supportcenter.rr.com/sdccommon/download/tgctlcm.cab
O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} (MetaStreamCtl Class) - https://components.viewpoint.com/MTSInstall...coworkerVPM.htm
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/download/ipixx.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.3.102.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www1.snapfish.com/SnapfishActivia.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/m...84/mcinsctl.cab
O16 - DPF: {78A730D4-0DF3-4B65-8DD2-BFCD433CEE30} - http://www.surfsecret.com/inst/PPInstaller.exe
O16 - DPF: {85D1F3B2-2A21-11D7-97B9-0010DC2A6243} (SecureLogin class) - http://secure2.comned.com/signuptemplates/...login-devel.cab
O16 - DPF: {B020B534-4AA2-4B99-BD6D-5F6EE286DF5C} (Symantec Download Bridge) - https://a248.e.akamai.net/f/248/5462/2h/www...ol/SymDlBrg.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/shared/m...,21/mcgdmgr.cab
O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.apple.com.edgesuite.net/d.../ITDetector.cab
O16 - DPF: {FFFFFFFF-CAFE-BABE-BABE-00AA0055595A} - http://www.networksolutionsemailpopwizard....rueSwitchEC.exe
O18 - Protocol: bw+0 - {3A5868EC-A1D2-4D6E-AD17-6679AA7775DA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {3A5868EC-A1D2-4D6E-AD17-6679AA7775DA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {3A5868EC-A1D2-4D6E-AD17-6679AA7775DA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {3A5868EC-A1D2-4D6E-AD17-6679AA7775DA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {3A5868EC-A1D2-4D6E-AD17-6679AA7775DA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {3A5868EC-A1D2-4D6E-AD17-6679AA7775DA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {3A5868EC-A1D2-4D6E-AD17-6679AA7775DA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {3A5868EC-A1D2-4D6E-AD17-6679AA7775DA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {3A5868EC-A1D2-4D6E-AD17-6679AA7775DA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {3A5868EC-A1D2-4D6E-AD17-6679AA7775DA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {3A5868EC-A1D2-4D6E-AD17-6679AA7775DA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {3A5868EC-A1D2-4D6E-AD17-6679AA7775DA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {3A5868EC-A1D2-4D6E-AD17-6679AA7775DA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {3A5868EC-A1D2-4D6E-AD17-6679AA7775DA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {3A5868EC-A1D2-4D6E-AD17-6679AA7775DA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {3A5868EC-A1D2-4D6E-AD17-6679AA7775DA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {3A5868EC-A1D2-4D6E-AD17-6679AA7775DA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {3A5868EC-A1D2-4D6E-AD17-6679AA7775DA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {3A5868EC-A1D2-4D6E-AD17-6679AA7775DA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {3A5868EC-A1D2-4D6E-AD17-6679AA7775DA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {3A5868EC-A1D2-4D6E-AD17-6679AA7775DA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {3A5868EC-A1D2-4D6E-AD17-6679AA7775DA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {3A5868EC-A1D2-4D6E-AD17-6679AA7775DA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {3A5868EC-A1D2-4D6E-AD17-6679AA7775DA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {3A5868EC-A1D2-4D6E-AD17-6679AA7775DA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {3A5868EC-A1D2-4D6E-AD17-6679AA7775DA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {3A5868EC-A1D2-4D6E-AD17-6679AA7775DA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {3A5868EC-A1D2-4D6E-AD17-6679AA7775DA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {3A5868EC-A1D2-4D6E-AD17-6679AA7775DA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {3A5868EC-A1D2-4D6E-AD17-6679AA7775DA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {3A5868EC-A1D2-4D6E-AD17-6679AA7775DA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {3A5868EC-A1D2-4D6E-AD17-6679AA7775DA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {3A5868EC-A1D2-4D6E-AD17-6679AA7775DA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {3A5868EC-A1D2-4D6E-AD17-6679AA7775DA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {3A5868EC-A1D2-4D6E-AD17-6679AA7775DA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {3A5868EC-A1D2-4D6E-AD17-6679AA7775DA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {3A5868EC-A1D2-4D6E-AD17-6679AA7775DA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {3A5868EC-A1D2-4D6E-AD17-6679AA7775DA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {3A5868EC-A1D2-4D6E-AD17-6679AA7775DA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {3A5868EC-A1D2-4D6E-AD17-6679AA7775DA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {3A5868EC-A1D2-4D6E-AD17-6679AA7775DA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {3A5868EC-A1D2-4D6E-AD17-6679AA7775DA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {3A5868EC-A1D2-4D6E-AD17-6679AA7775DA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {3A5868EC-A1D2-4D6E-AD17-6679AA7775DA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {3A5868EC-A1D2-4D6E-AD17-6679AA7775DA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {3A5868EC-A1D2-4D6E-AD17-6679AA7775DA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {3A5868EC-A1D2-4D6E-AD17-6679AA7775DA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {3A5868EC-A1D2-4D6E-AD17-6679AA7775DA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {3A5868EC-A1D2-4D6E-AD17-6679AA7775DA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {3A5868EC-A1D2-4D6E-AD17-6679AA7775DA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {3A5868EC-A1D2-4D6E-AD17-6679AA7775DA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {3A5868EC-A1D2-4D6E-AD17-6679AA7775DA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {3A5868EC-A1D2-4D6E-AD17-6679AA7775DA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {3A5868EC-A1D2-4D6E-AD17-6679AA7775DA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {3A5868EC-A1D2-4D6E-AD17-6679AA7775DA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {3A5868EC-A1D2-4D6E-AD17-6679AA7775DA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {3A5868EC-A1D2-4D6E-AD17-6679AA7775DA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {3A5868EC-A1D2-4D6E-AD17-6679AA7775DA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {3A5868EC-A1D2-4D6E-AD17-6679AA7775DA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {3A5868EC-A1D2-4D6E-AD17-6679AA7775DA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {3A5868EC-A1D2-4D6E-AD17-6679AA7775DA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {3A5868EC-A1D2-4D6E-AD17-6679AA7775DA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {3A5868EC-A1D2-4D6E-AD17-6679AA7775DA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {3A5868EC-A1D2-4D6E-AD17-6679AA7775DA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {3A5868EC-A1D2-4D6E-AD17-6679AA7775DA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {3A5868EC-A1D2-4D6E-AD17-6679AA7775DA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {3A5868EC-A1D2-4D6E-AD17-6679AA7775DA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {3A5868EC-A1D2-4D6E-AD17-6679AA7775DA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {3A5868EC-A1D2-4D6E-AD17-6679AA7775DA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {3A5868EC-A1D2-4D6E-AD17-6679AA7775DA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {3A5868EC-A1D2-4D6E-AD17-6679AA7775DA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {3A5868EC-A1D2-4D6E-AD17-6679AA7775DA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {3A5868EC-A1D2-4D6E-AD17-6679AA7775DA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {3A5868EC-A1D2-4D6E-AD17-6679AA7775DA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {3A5868EC-A1D2-4D6E-AD17-6679AA7775DA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {3A5868EC-A1D2-4D6E-AD17-6679AA7775DA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: offline-8876480 - {3A5868EC-A1D2-4D6E-AD17-6679AA7775DA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Houdini License Server (HoudiniLicenseServer) - Side Effects Software Inc. - C:\WINDOWS\System32\sesinetd.exe
O23 - Service: HoudiniServer - Side Effects Software Inc. - C:\WINDOWS\system32\hserver.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe
O23 - Service: X10 Device Network Service (x10nets) - Unknown owner - C:\PROGRA~1\ATIMUL~1\RemCtrl\x10nets.exe (file missing)

Any info as to which files I should keep and which I should get rid of? Any help would be much appreciated.

Thanks,

-Daniel

BC AdBot (Login to Remove)

 


#2 waterfalls

waterfalls

    Malware Exorcist


  • Members
  • 621 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:13 AM

Posted 05 March 2007 - 03:50 AM

Hi -

Start HijackThis, click System Scan Only and place a checkmark next to the following items:
O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} (MetaStreamCtl Class) - https://components.viewpoint.com/MTSInstall...coworkerVPM.htm
O16 - DPF: {85D1F3B2-2A21-11D7-97B9-0010DC2A6243} (SecureLogin class) - http://secure2.comned.com/signuptemplates/...login-devel.cab
O16 - DPF: {FFFFFFFF-CAFE-BABE-BABE-00AA0055595A} - http://www.networksolutionsemailpopwizard....rueSwitchEC.exe


Close ALL browsers and open windows/programs leaving just HijackThis and click 'Fix Checked'.

Reboot your computer.

Download Superantispyware
  • Load Superantispyware and click the check for updates button.
  • Once the update is finished click the scan your computer button.
  • Check Perform Complete Scan and then next.
  • Superantispyware will now scan your computer and when its finished it will list all the infections it has found.
  • Make sure that they all have a check next to them and press next.
  • Click finish and you will be taken back to the main interface.
  • Click Preferences and then click the statistics/logs tab. Click the dated log and press view log and a text file will appear.
  • Copy and paste the log in your next reply.
Post back with the log from Superantispyware and a new HijackThis log.
Take only memories, leave nothing but footprints.

Posted ImagePosted Image

#3 freakpower

freakpower
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:09:13 AM

Posted 05 March 2007 - 04:48 AM

Ok, did what you suggested, ran a scan and got this:

SUPERAntiSpyware Scan Log
Generated 03/05/2007 at 01:38 AM

Application Version : 3.5.1016

Core Rules Database Version : 3193
Trace Rules Database Version: 1203

Scan type : Complete Scan
Total Scan Time : 00:03:28

Memory items scanned : 512
Memory threats detected : 0
Registry items scanned : 6662
Registry threats detected : 0
File items scanned : 2706
File threats detected : 0

...The virus is still active however :thumbsup:

#4 waterfalls

waterfalls

    Malware Exorcist


  • Members
  • 621 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:13 AM

Posted 05 March 2007 - 06:08 AM

• Download SmitfraudFix (by S!Ri) http://siri.urz.free.fr/Fix/SmitfraudFix.exe and save it to your Desktop.

______________________________
Next:

• Download and install AVG Anti-Spyware 7.5.
1. After download, double click on the file to launch the install process.
2. Choose a language, click "OK" and then click "Next".
3. Read the "License Agreement" and click "I Agree".
4. Accept default installation path: C:\Program Files\Grisoft\AVG Anti-Spyware 7.5, click "Next", then click "Install".
5. After setup completes, click "Finish" to start the program automatically or launch AVG Anti-Spyware by double-clicking its icon on your desktop or in the system tray.
6. The main "Status" menu will appear. Select "Change state" to inactivate 'Resident Shield' and 'Automatic Updates'.
7. Then right click on AVG Anti-Spyware in the system tray and uncheck "Start with Windows".
8. Go to Start > Run and type: services.msc
  • Press "OK".
  • Click the "Extended tab" and scroll down the list to find AVG Anti-Spyware guard.
  • When you find the guard service, double-click on it.
  • In the Properties Window > General Tab that opens, click the "Stop" button.
  • From the drop-down menu next to "Startup Type", click on "Manual".
  • Now click "Apply", then "OK" and close the Services window.
9. Select the "Update" button and click "Start update". Wait until you see the "Update succesfull message. If you are having problems with the updater, manually update with the AVG Anti-Spyware Full database installer from here. Exit AVG Anti-Spyware when done.
Do NOT perform a scan yet.
______________________________

• Double-click smitfraudfix.exe
Select option #1 - Search by typing 1 and press Enter

Posted Image

This program will scan large amounts of files on your computer for known patterns, so please be patient while it works. It will create a file named: C:\rapport.txt

IMPORTANT: Do NOT run any other options until you are asked to do so!

Note: The file process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool." It is not a virus but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs; therefore, they may alert the user.

• Post back with the C:\rapport.txt and a new HijackThis log.

Edited by waterfalls, 05 March 2007 - 06:13 AM.

Take only memories, leave nothing but footprints.

Posted ImagePosted Image

#5 freakpower

freakpower
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:09:13 AM

Posted 05 March 2007 - 07:05 PM

Ok, running the deep scan now. Thankyou for all of your information thus far.

Quick Update:

I unplugged my machine from the internet last night and ran "SUPERAntiSpyware Free Edition" again before I went to sleep... this time it found a few trojan virus's and a couple of hundred spyware programs. I had it clean and remove all of them and plugged my machine back into the internet. (I can give you those logs if you want.)

Amazingly, the popup's and "!" that was appearing in my system tray were gone. I no longer have a crippled machine thanks to you. But I am still receiving the other system tray warning, which flashes between a "?" mark sign and a "no smoking" type sign (red). When I click on it, it brings me to this webpage:

http://spydawn.com/?aff=334

It appears to be a leftover process not quite killed with my most recent virus scan, hopefully the deep scan process I am currently running will uncover this last problem.

I'll respond ASAP with two log reports once they have been generated.

-Daniel

#6 freakpower

freakpower
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:09:13 AM

Posted 05 March 2007 - 08:57 PM

Hmmm... the scan never officially announced it was finished but it saved a txt file where you said it would. I opened it and here's what it contained:

SmitFraudFix v2.147

Scan done at 15:58:00.79, Mon 03/05/2007
Run from C:\Documents and Settings\Daniel\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode

hosts

I also ran "HiJack This" and it spit this out:

Logfile of HijackThis v1.99.1
Scan saved at 5:55:36 PM, on 3/5/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
C:\WINDOWS\System32\sesinetd.exe
C:\WINDOWS\system32\hserver.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Tablet.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Multimedia\main\ATIDtct.EXE
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\PROGRA~1\Mozilla Firefox\firefox.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\mmc.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\find.exe
C:\Program Files\Outlook Express\msimn.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [ATI DeviceDetect] C:\Program Files\ATI Multimedia\main\ATIDtct.EXE
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/download/ipixx.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www1.snapfish.com/SnapfishActivia.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Houdini License Server (HoudiniLicenseServer) - Side Effects Software Inc. - C:\WINDOWS\System32\sesinetd.exe
O23 - Service: HoudiniServer - Side Effects Software Inc. - C:\WINDOWS\system32\hserver.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe

#7 freakpower

freakpower
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:09:13 AM

Posted 05 March 2007 - 11:45 PM

Hmmm... out of curiosity I decided to run SmitFraud again, this time I got information back in the shell and it compiled this text message when it finished (didnt do this last time):

SmitFraudFix v2.147

Scan done at 20:41:36.62, Mon 03/05/2007
Run from C:\Documents and Settings\Daniel\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode

hosts


C:\


C:\WINDOWS


C:\WINDOWS\system


C:\WINDOWS\Web


C:\WINDOWS\system32

C:\WINDOWS\system32\geplxss.dll FOUND !

C:\WINDOWS\system32\LogFiles


C:\Documents and Settings\Daniel


C:\Documents and Settings\Daniel\Application Data


Start Menu


C:\DOCUME~1\Daniel\FAVORI~1

C:\DOCUME~1\Daniel\FAVORI~1\Online Security Test.url FOUND !

Desktop


C:\Program Files


Corrupted keys


Desktop Components

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"


Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{aed6f6a3-183c-488d-9f90-23db99f56e7f}"="apathies"

[HKEY_CLASSES_ROOT\CLSID\{aed6f6a3-183c-488d-9f90-23db99f56e7f}\InProcServer32]
@="C:\WINDOWS\system32\geplxss.dll"

[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{aed6f6a3-183c-488d-9f90-23db99f56e7f}\InProcServer32]
@="C:\WINDOWS\system32\geplxss.dll"



AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""


Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


pe386-msguard-lzx32-huy32


Scanning wininet.dll infection


End



===============

I also ran HiJack this again, here are the results:

Logfile of HijackThis v1.99.1
Scan saved at 8:43:36 PM, on 3/5/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Tablet.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\PROGRA~1\Mozilla Firefox\firefox.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\notepad.exe
C:\Program Files\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [ATI DeviceDetect] C:\Program Files\ATI Multimedia\main\ATIDtct.EXE
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/download/ipixx.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www1.snapfish.com/SnapfishActivia.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Houdini License Server (HoudiniLicenseServer) - Side Effects Software Inc. - C:\WINDOWS\System32\sesinetd.exe
O23 - Service: HoudiniServer - Side Effects Software Inc. - C:\WINDOWS\system32\hserver.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe

#8 waterfalls

waterfalls

    Malware Exorcist


  • Members
  • 621 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:13 AM

Posted 06 March 2007 - 09:40 AM

You will need to print these instructions because you will be working in Safe Mode without an Internet connection. Make sure to work through all the steps in the exact order in which they are listed below. If there's anything that you do not understand, ask your question(s) before moving on with the fixes.

Make sure that you update AVG Anti-Spyware.

Reboot into SAFE MODE.
To get into the Windows XP Safe Mode, restart your computer and, just before Windows starts to load, tap the F8 key a few times. Choose Safe Mode from the menu that will appear and press Enter.

Double-click smitfraudfix.exe file to start the tool.
Select option #2 - Clean by typing 2 and press Enter.
Wait for the tool to complete and disk cleanup to finish.
You will be prompted : "Registry cleaning - Do you want to clean the registry?" answer Yes by typing Y and hit Enter.

Posted Image

The tool will also check if wininet.dll is infected. If a clean version is found, you will be prompted to replace wininet.dll. Answer Yes to the question "Replace infected file ?" by typing Y and hit Enter.

A reboot may be needed to finish the cleaning process, if you computer does not restart automatically please do it yourself manually. Reboot in Safe Mode.

The tool will create a log named rapport.txt in the root of your drive, eg: Local Disk C: or partition where your operating system is installed. Please post that log along with all others requested in your next reply.
______________________________

Clean out your Temporary Internet files. Proceed like this:
  • Close ALL browsers and open windows / programs.
  • Click Start, click Control Panel, and then double-click Internet Options.
  • On the General tab, click Delete Files under Temporary Internet Files.
  • In the Delete Files dialog box, tick the Delete all offline content check box , and then click OK.
  • On the General tab, click Delete Cookies under Temporary Internet Files, and then click OK.
  • Click on the Programs tab then click the Reset Web Settings button. Click Apply then OK.
  • Click OK.
Next Click Start, click Control Panel and then double-click Display. Click on the Desktop tab, then click the Customize Desktop button. Click on the Web tab. Under Web Pages you should see a checked entry called Security info or something similar. If it is there, select that entry and click the Delete button. Click Ok then Apply and Ok.

Empty the Recycle Bin by right-clicking the Recycle Bin icon on your Desktop, and then clicking Empty Recycle Bin.
______________________________

Close ALL open Windows / Programs / Folders. Please start AVG Anti-Spyware 7.5, and run a full scan.
  • IMPORTANT: Do not open any other windows or programs while AVG/Ewido is scanning, it may interfere with the scanning proccess.
    Scan with AVG Anti-Spyware as follows:
    1. Launch AVG Anti-Spyware, click on the "Scanner" button and choose the "Settings" tab.
  • Under "How to act?", click on "Recommended actions" and choose "Quarantine" to set default action for detected malware.
  • Under "How to Scan?" check all (default).
  • Under "Possibly unwanted software" check all (default).
  • Under "What to Scan?" make sure "Scan every file" is selected (default).
  • Under "Reports" select "Automatically generate report after every scan" and UNcheck "Only if threats were found".
2. Click the "Scan" tab to return to scanning options.
3. Click "Complete System Scan" to start.
4. When the scan has finished you will be presented with a list of infected objects found. Click "Apply all actions" to place the files in Quarantine.

IMPORTANT!Do not save the report before you have clicked the Apply all actions button. If you do, the log that is created will indicate "No action taken", making it more difficult to interpret the report. So be sure you save it only AFTER clicking the "Apply all actions" button?

5. Click on "Save Report" to view all completed scans. Click on the most recent scan you just performed and select "Save report as" - the default file name will be in date/time format as follows: Report-Scan-20060620-142816.txt. Save to your desktop. A copy of each report will also be saved in C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Reports\
6. Exit AVG Anti-Spyware when done, reboot normally and submit the log report in your next response.
______________________________

Post back with the C:\rapport.txt; the AVG Anti-Spyware log; and a new HijackThis log
Take only memories, leave nothing but footprints.

Posted ImagePosted Image

#9 freakpower

freakpower
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:09:13 AM

Posted 07 March 2007 - 04:04 AM

**UPDATE**

Since doing this I no longer have any warnings of spyware as I did before which was indicating a virus. I see no signs of virus or spyware activity at all, however when I did the scan you suggested it found quite a few malicious programs, even after all virus activity has seemingly stopped. Here are the logs:


==================================
The rapport.txt:
==================================

SmitFraudFix v2.147

Scan done at 2:54:09.01, Tue 03/06/2007
Run from C:\Documents and Settings\Daniel\Desktop\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode

SharedTaskScheduler Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{aed6f6a3-183c-488d-9f90-23db99f56e7f}"="apathies"

[HKEY_CLASSES_ROOT\CLSID\{aed6f6a3-183c-488d-9f90-23db99f56e7f}\InProcServer32]
@="C:\WINDOWS\system32\geplxss.dll"

[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{aed6f6a3-183c-488d-9f90-23db99f56e7f}\InProcServer32]
@="C:\WINDOWS\system32\geplxss.dll"


Killing process


hosts


127.0.0.1 localhost

Generic Renos Fix

GenericRenosFix by S!Ri


Deleting infected files

C:\WINDOWS\system32\geplxss.dll Deleted
C:\DOCUME~1\Daniel\FAVORI~1\Online Security Test.url Deleted

Deleting Temp Files


Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


Registry Cleaning

Registry Cleaning done.

SharedTaskScheduler After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


End








==================================
Here's the "AVG" log:
==================================









---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 12:43:33 AM 3/7/2007

+ Scan result:



C:\Documents and Settings\Administrator\Local Settings\Temp\Temporary Internet Files\Content.IE5\K5OJWJ07\sp2-cydoor-728[1].swf -> Not-A-Virus.Hoax.SWF.Alerter.a : Cleaned.
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\LVB7P9CE\ad-sp2-fastclick[1].swf -> Not-A-Virus.Hoax.SWF.Alerter.a : Cleaned.
:mozilla.164:C:\Documents and Settings\Daniel\Application Data\Mozilla\Firefox\Profiles\9fv0qbac.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.165:C:\Documents and Settings\Daniel\Application Data\Mozilla\Firefox\Profiles\9fv0qbac.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.459:C:\Documents and Settings\Daniel\Application Data\Mozilla\Firefox\Profiles\9fv0qbac.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.523:C:\Documents and Settings\Daniel\Application Data\Mozilla\Firefox\Profiles\9fv0qbac.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.150:C:\Documents and Settings\Daniel\Application Data\Mozilla\Firefox\Profiles\9fv0qbac.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.154:C:\Documents and Settings\Daniel\Application Data\Mozilla\Firefox\Profiles\9fv0qbac.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.156:C:\Documents and Settings\Daniel\Application Data\Mozilla\Firefox\Profiles\9fv0qbac.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.295:C:\Documents and Settings\Daniel\Application Data\Mozilla\Firefox\Profiles\9fv0qbac.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.296:C:\Documents and Settings\Daniel\Application Data\Mozilla\Firefox\Profiles\9fv0qbac.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.299:C:\Documents and Settings\Daniel\Application Data\Mozilla\Firefox\Profiles\9fv0qbac.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.328:C:\Documents and Settings\Daniel\Application Data\Mozilla\Firefox\Profiles\9fv0qbac.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.402:C:\Documents and Settings\Daniel\Application Data\Mozilla\Firefox\Profiles\9fv0qbac.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.403:C:\Documents and Settings\Daniel\Application Data\Mozilla\Firefox\Profiles\9fv0qbac.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.404:C:\Documents and Settings\Daniel\Application Data\Mozilla\Firefox\Profiles\9fv0qbac.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.405:C:\Documents and Settings\Daniel\Application Data\Mozilla\Firefox\Profiles\9fv0qbac.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.40:C:\Documents and Settings\Daniel\Application Data\Mozilla\Firefox\Profiles\9fv0qbac.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.41:C:\Documents and Settings\Daniel\Application Data\Mozilla\Firefox\Profiles\9fv0qbac.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.45:C:\Documents and Settings\Daniel\Application Data\Mozilla\Firefox\Profiles\9fv0qbac.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.48:C:\Documents and Settings\Daniel\Application Data\Mozilla\Firefox\Profiles\9fv0qbac.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.49:C:\Documents and Settings\Daniel\Application Data\Mozilla\Firefox\Profiles\9fv0qbac.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.138:C:\Documents and Settings\Daniel\Application Data\Mozilla\Firefox\Profiles\9fv0qbac.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
C:\Documents and Settings\Administrator\Local Settings\Temp\Cookies\administrator@bfast[2].txt -> TrackingCookie.Bfast : Cleaned.
:mozilla.84:C:\Documents and Settings\Daniel\Application Data\Mozilla\Firefox\Profiles\9fv0qbac.default\cookies.txt -> TrackingCookie.Bluestreak : Cleaned.
:mozilla.486:C:\Documents and Settings\Daniel\Application Data\Mozilla\Firefox\Profiles\9fv0qbac.default\cookies.txt -> TrackingCookie.Bridgetrack : Cleaned.
:mozilla.487:C:\Documents and Settings\Daniel\Application Data\Mozilla\Firefox\Profiles\9fv0qbac.default\cookies.txt -> TrackingCookie.Bridgetrack : Cleaned.
:mozilla.418:C:\Documents and Settings\Daniel\Application Data\Mozilla\Firefox\Profiles\9fv0qbac.default\cookies.txt -> TrackingCookie.Burstbeacon : Cleaned.
:mozilla.415:C:\Documents and Settings\Daniel\Application Data\Mozilla\Firefox\Profiles\9fv0qbac.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.416:C:\Documents and Settings\Daniel\Application Data\Mozilla\Firefox\Profiles\9fv0qbac.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.417:C:\Documents and Settings\Daniel\Application Data\Mozilla\Firefox\Profiles\9fv0qbac.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.27:C:\Documents and Settings\Daniel\Application Data\Mozilla\Firefox\Profiles\9fv0qbac.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.38:C:\Documents and Settings\Daniel\Application Data\Mozilla\Firefox\Profiles\9fv0qbac.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.39:C:\Documents and Settings\Daniel\Application Data\Mozilla\Firefox\Profiles\9fv0qbac.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.42:C:\Documents and Settings\Daniel\Application Data\Mozilla\Firefox\Profiles\9fv0qbac.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.43:C:\Documents and Settings\Daniel\Application Data\Mozilla\Firefox\Profiles\9fv0qbac.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.44:C:\Documents and Settings\Daniel\Application Data\Mozilla\Firefox\Profiles\9fv0qbac.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.46:C:\Documents and Settings\Daniel\Application Data\Mozilla\Firefox\Profiles\9fv0qbac.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.47:C:\Documents and Settings\Daniel\Application Data\Mozilla\Firefox\Profiles\9fv0qbac.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.517:C:\Documents and Settings\Daniel\Application Data\Mozilla\Firefox\Profiles\9fv0qbac.default\cookies.txt -> TrackingCookie.Clickbank : Cleaned.
:mozilla.518:C:\Documents and Settings\Daniel\Application Data\Mozilla\Firefox\Profiles\9fv0qbac.default\cookies.txt -> TrackingCookie.Clickbank : Cleaned.
C:\Documents and Settings\Administrator\Local Settings\Temp\Cookies\administrator@data.coremetrics[1].txt -> TrackingCookie.Coremetrics : Cleaned.
:mozilla.450:C:\Documents and Settings\Daniel\Application Data\Mozilla\Firefox\Profiles\9fv0qbac.default\cookies.txt -> TrackingCookie.Cpvfeed : Cleaned.
:mozilla.451:C:\Documents and Settings\Daniel\Application Data\Mozilla\Firefox\Profiles\9fv0qbac.default\cookies.txt -> TrackingCookie.Cpvfeed : Cleaned.
:mozilla.452:C:\Documents and Settings\Daniel\Application Data\Mozilla\Firefox\Profiles\9fv0qbac.default\cookies.txt -> TrackingCookie.Cpvfeed : Cleaned.
:mozilla.453:C:\Documents and Settings\Daniel\Application Data\Mozilla\Firefox\Profiles\9fv0qbac.default\cookies.txt -> TrackingCookie.Cpvfeed : Cleaned.
:mozilla.108:C:\Documents and Settings\Daniel\Application Data\Mozilla\Firefox\Profiles\9fv0qbac.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.237:C:\Documents and Settings\Daniel\Application Data\Mozilla\Firefox\Profiles\9fv0qbac.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.398:C:\Documents and Settings\Daniel\Application Data\Mozilla\Firefox\Profiles\9fv0qbac.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.399:C:\Documents and Settings\Daniel\Application Data\Mozilla\Firefox\Profiles\9fv0qbac.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.400:C:\Documents and Settings\Daniel\Application Data\Mozilla\Firefox\Profiles\9fv0qbac.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.401:C:\Documents and Settings\Daniel\Application Data\Mozilla\Firefox\Profiles\9fv0qbac.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.124:C:\Documents and Settings\Daniel\Application Data\Mozilla\Firefox\Profiles\9fv0qbac.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.125:C:\Documents and Settings\Daniel\Application Data\Mozilla\Firefox\Profiles\9fv0qbac.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.126:C:\Documents and Settings\Daniel\Application Data\Mozilla\Firefox\Profiles\9fv0qbac.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.127:C:\Documents and Settings\Daniel\Application Data\Mozilla\Firefox\Profiles\9fv0qbac.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.128:C:\Documents and Settings\Daniel\Application Data\Mozilla\Firefox\Profiles\9fv0qbac.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.129:C:\Documents and Settings\Daniel\Application Data\Mozilla\Firefox\Profiles\9fv0qbac.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.130:C:\Documents and Settings\Daniel\Application Data\Mozilla\Firefox\Profiles\9fv0qbac.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.534:C:\Documents and Settings\Daniel\Application Data\Mozilla\Firefox\Profiles\9fv0qbac.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.722:C:\Documents and Settings\Daniel\Application Data\Mozilla\Firefox\Profiles\9fv0qbac.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.723:C:\Documents and Settings\Daniel\Application Data\Mozilla\Firefox\Profiles\9fv0qbac.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.10:C:\Documents and Settings\Daniel\My Documents\LEGO Creations\MINDSTORMS Projects\Profiles\Default\wxxmbi0o.slt\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.384:C:\Documents and Settings\Daniel\Application Data\Mozilla\Firefox\Profiles\9fv0qbac.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.385:C:\Documents and Settings\Daniel\Application Data\Mozilla\Firefox\Profiles\9fv0qbac.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.386:C:\Documents and Settings\Daniel\Application Data\Mozilla\Firefox\Profiles\9fv0qbac.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.387:C:\Documents and Settings\Daniel\Application Data\Mozilla\Firefox\Profiles\9fv0qbac.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.437:C:\Documents and Settings\Daniel\Application Data\Mozilla\Firefox\Profiles\9fv0qbac.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.441:C:\Documents and Settings\Daniel\Application Data\Mozilla\Firefox\Profiles\9fv0qbac.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.443:C:\Documents and Settings\Daniel\Application Data\Mozilla\Firefox\Profiles\9fv0qbac.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.6:C:\Documents and Settings\Daniel\My Documents\LEGO Creations\MINDSTORMS Projects\Profiles\Default\wxxmbi0o.slt\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.7:C:\Documents and Settings\Daniel\My Documents\LEGO Creations\MINDSTORMS Projects\Profiles\Default\wxxmbi0o.slt\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.8:C:\Documents and Settings\Daniel\My Documents\LEGO Creations\MINDSTORMS Projects\Profiles\Default\wxxmbi0o.slt\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.432:C:\Documents and Settings\Daniel\Application Data\Mozilla\Firefox\Profiles\9fv0qbac.default\cookies.txt -> TrackingCookie.Kmpads : Cleaned.
:mozilla.433:C:\Documents and Settings\Daniel\Application Data\Mozilla\Firefox\Profiles\9fv0qbac.default\cookies.txt -> TrackingCookie.Kmpads : Cleaned.
:mozilla.322:C:\Documents and Settings\Daniel\Application Data\Mozilla\Firefox\Profiles\9fv0qbac.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.323:C:\Documents and Settings\Daniel\Application Data\Mozilla\Firefox\Profiles\9fv0qbac.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.189:C:\Documents and Settings\Daniel\Application Data\Mozilla\Firefox\Profiles\9fv0qbac.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.190:C:\Documents and Settings\Daniel\Application Data\Mozilla\Firefox\Profiles\9fv0qbac.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.151:C:\Documents and Settings\Daniel\Application Data\Mozilla\Firefox\Profiles\9fv0qbac.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.152:C:\Documents and Settings\Daniel\Application Data\Mozilla\Firefox\Profiles\9fv0qbac.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.153:C:\Documents and Settings\Daniel\Application Data\Mozilla\Firefox\Profiles\9fv0qbac.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.155:C:\Documents and Settings\Daniel\Application Data\Mozilla\Firefox\Profiles\9fv0qbac.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.146:C:\Documents and Settings\Daniel\Application Data\Mozilla\Firefox\Profiles\9fv0qbac.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.147:C:\Documents and Settings\Daniel\Application Data\Mozilla\Firefox\Profiles\9fv0qbac.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.148:C:\Documents and Settings\Daniel\Application Data\Mozilla\Firefox\Profiles\9fv0qbac.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.358:C:\Documents and Settings\Daniel\Application Data\Mozilla\Firefox\Profiles\9fv0qbac.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.359:C:\Documents and Settings\Daniel\Application Data\Mozilla\Firefox\Profiles\9fv0qbac.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.360:C:\Documents and Settings\Daniel\Application Data\Mozilla\Firefox\Profiles\9fv0qbac.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.361:C:\Documents and Settings\Daniel\Application Data\Mozilla\Firefox\Profiles\9fv0qbac.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.362:C:\Documents and Settings\Daniel\Application Data\Mozilla\Firefox\Profiles\9fv0qbac.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.363:C:\Documents and Settings\Daniel\Application Data\Mozilla\Firefox\Profiles\9fv0qbac.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.364:C:\Documents and Settings\Daniel\Application Data\Mozilla\Firefox\Profiles\9fv0qbac.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.365:C:\Documents and Settings\Daniel\Application Data\Mozilla\Firefox\Profiles\9fv0qbac.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.366:C:\Documents and Settings\Daniel\Application Data\Mozilla\Firefox\Profiles\9fv0qbac.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.367:C:\Documents and Settings\Daniel\Application Data\Mozilla\Firefox\Profiles\9fv0qbac.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.368:C:\Documents and Settings\Daniel\Application Data\Mozilla\Firefox\Profiles\9fv0qbac.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.369:C:\Documents and Settings\Daniel\Application Data\Mozilla\Firefox\Profiles\9fv0qbac.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.370:C:\Documents and Settings\Daniel\Application Data\Mozilla\Firefox\Profiles\9fv0qbac.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.371:C:\Documents and Settings\Daniel\Application Data\Mozilla\Firefox\Profiles\9fv0qbac.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.372:C:\Documents and Settings\Daniel\Application Data\Mozilla\Firefox\Profiles\9fv0qbac.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.373:C:\Documents and Settings\Daniel\Application Data\Mozilla\Firefox\Profiles\9fv0qbac.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.374:C:\Documents and Settings\Daniel\Application Data\Mozilla\Firefox\Profiles\9fv0qbac.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.375:C:\Documents and Settings\Daniel\Application Data\Mozilla\Firefox\Profiles\9fv0qbac.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.376:C:\Documents and Settings\Daniel\Application Data\Mozilla\Firefox\Profiles\9fv0qbac.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.377:C:\Documents and Settings\Daniel\Application Data\Mozilla\Firefox\Profiles\9fv0qbac.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.378:C:\Documents and Settings\Daniel\Application Data\Mozilla\Firefox\Profiles\9fv0qbac.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.419:C:\Documents and Settings\Daniel\Application Data\Mozilla\Firefox\Profiles\9fv0qbac.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.420:C:\Documents and Settings\Daniel\Application Data\Mozilla\Firefox\Profiles\9fv0qbac.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.421:C:\Documents and Settings\Daniel\Application Data\Mozilla\Firefox\Profiles\9fv0qbac.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.422:C:\Documents and Settings\Daniel\Application Data\Mozilla\Firefox\Profiles\9fv0qbac.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.423:C:\Documents and Settings\Daniel\Application Data\Mozilla\Firefox\Profiles\9fv0qbac.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.424:C:\Documents and Settings\Daniel\Application Data\Mozilla\Firefox\Profiles\9fv0qbac.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.425:C:\Documents and Settings\Daniel\Application Data\Mozilla\Firefox\Profiles\9fv0qbac.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.117:C:\Documents and Settings\Daniel\Application Data\Mozilla\Firefox\Profiles\9fv0qbac.default\cookies.txt -> TrackingCookie.Spylog : Cleaned.
:mozilla.353:C:\Documents and Settings\Daniel\Application Data\Mozilla\Firefox\Profiles\9fv0qbac.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.355:C:\Documents and Settings\Daniel\Application Data\Mozilla\Firefox\Profiles\9fv0qbac.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.356:C:\Documents and Settings\Daniel\Application Data\Mozilla\Firefox\Profiles\9fv0qbac.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.260:C:\Documents and Settings\Daniel\Application Data\Mozilla\Firefox\Profiles\9fv0qbac.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.261:C:\Documents and Settings\Daniel\Application Data\Mozilla\Firefox\Profiles\9fv0qbac.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.51:C:\Documents and Settings\Daniel\Application Data\Mozilla\Firefox\Profiles\9fv0qbac.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.52:C:\Documents and Settings\Daniel\Application Data\Mozilla\Firefox\Profiles\9fv0qbac.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.53:C:\Documents and Settings\Daniel\Application Data\Mozilla\Firefox\Profiles\9fv0qbac.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.55:C:\Documents and Settings\Daniel\Application Data\Mozilla\Firefox\Profiles\9fv0qbac.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.56:C:\Documents and Settings\Daniel\Application Data\Mozilla\Firefox\Profiles\9fv0qbac.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.340:C:\Documents and Settings\Daniel\Application Data\Mozilla\Firefox\Profiles\9fv0qbac.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.341:C:\Documents and Settings\Daniel\Application Data\Mozilla\Firefox\Profiles\9fv0qbac.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.342:C:\Documents and Settings\Daniel\Application Data\Mozilla\Firefox\Profiles\9fv0qbac.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.343:C:\Documents and Settings\Daniel\Application Data\Mozilla\Firefox\Profiles\9fv0qbac.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.344:C:\Documents and Settings\Daniel\Application Data\Mozilla\Firefox\Profiles\9fv0qbac.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.345:C:\Documents and Settings\Daniel\Application Data\Mozilla\Firefox\Profiles\9fv0qbac.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.346:C:\Documents and Settings\Daniel\Application Data\Mozilla\Firefox\Profiles\9fv0qbac.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.185:C:\Documents and Settings\Daniel\Application Data\Mozilla\Firefox\Profiles\9fv0qbac.default\cookies.txt -> TrackingCookie.Trafic : Cleaned.
C:\Documents and Settings\Administrator\Local Settings\Temp\Cookies\administrator@trafic[1].txt -> TrackingCookie.Trafic : Cleaned.
:mozilla.171:C:\Documents and Settings\Daniel\Application Data\Mozilla\Firefox\Profiles\9fv0qbac.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.174:C:\Documents and Settings\Daniel\Application Data\Mozilla\Firefox\Profiles\9fv0qbac.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.223:C:\Documents and Settings\Daniel\Application Data\Mozilla\Firefox\Profiles\9fv0qbac.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned.
:mozilla.529:C:\Documents and Settings\Daniel\Application Data\Mozilla\Firefox\Profiles\9fv0qbac.default\cookies.txt -> TrackingCookie.Yadro : Cleaned.
:mozilla.532:C:\Documents and Settings\Daniel\Application Data\Mozilla\Firefox\Profiles\9fv0qbac.default\cookies.txt -> TrackingCookie.Yadro : Cleaned.
:mozilla.118:C:\Documents and Settings\Daniel\Application Data\Mozilla\Firefox\Profiles\9fv0qbac.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.119:C:\Documents and Settings\Daniel\Application Data\Mozilla\Firefox\Profiles\9fv0qbac.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.120:C:\Documents and Settings\Daniel\Application Data\Mozilla\Firefox\Profiles\9fv0qbac.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.121:C:\Documents and Settings\Daniel\Application Data\Mozilla\Firefox\Profiles\9fv0qbac.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.122:C:\Documents and Settings\Daniel\Application Data\Mozilla\Firefox\Profiles\9fv0qbac.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.123:C:\Documents and Settings\Daniel\Application Data\Mozilla\Firefox\Profiles\9fv0qbac.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.488:C:\Documents and Settings\Daniel\Application Data\Mozilla\Firefox\Profiles\9fv0qbac.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.489:C:\Documents and Settings\Daniel\Application Data\Mozilla\Firefox\Profiles\9fv0qbac.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.490:C:\Documents and Settings\Daniel\Application Data\Mozilla\Firefox\Profiles\9fv0qbac.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
C:\Documents and Settings\Daniel\Shared\01 Track 1.wma -> Trojan.Wimad.a : Cleaned.


::Report end








==================================
And here's the "HiJack This" log:
==================================






Logfile of HijackThis v1.99.1
Scan saved at 12:58:48 AM, on 3/7/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\System32\sesinetd.exe
C:\WINDOWS\system32\hserver.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Tablet.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\wbem\wmiprvse.exe
C:\Program Files\ATI Multimedia\main\ATIDtct.EXE
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\PROGRA~1\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [ATI DeviceDetect] C:\Program Files\ATI Multimedia\main\ATIDtct.EXE
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/download/ipixx.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www1.snapfish.com/SnapfishActivia.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Houdini License Server (HoudiniLicenseServer) - Side Effects Software Inc. - C:\WINDOWS\System32\sesinetd.exe
O23 - Service: HoudiniServer - Side Effects Software Inc. - C:\WINDOWS\system32\hserver.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe






...Again, thanks for all your help on this.

#10 waterfalls

waterfalls

    Malware Exorcist


  • Members
  • 621 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:13 AM

Posted 07 March 2007 - 01:58 PM

Start HijackThis, click System Scan Only and place a checkmark next to the following items:
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =


Close ALL browsers and open windows/programs except HijackThis and click 'Fix Checked'.

Reboot your computer.

Post back with a new HijackThis log.
Take only memories, leave nothing but footprints.

Posted ImagePosted Image

#11 freakpower

freakpower
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:09:13 AM

Posted 07 March 2007 - 05:21 PM

Ok, I'll do this when I get home from work. Thanks again for your continued help.

#12 freakpower

freakpower
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:09:13 AM

Posted 08 March 2007 - 03:59 AM

Ok, here's the log:

Logfile of HijackThis v1.99.1
Scan saved at 12:57:11 AM, on 3/8/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\System32\sesinetd.exe
C:\WINDOWS\system32\hserver.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Tablet.exe
C:\Program Files\ATI Multimedia\main\ATIDtct.EXE
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Hijackthis\HijackThis.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\System32\alg.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [ATI DeviceDetect] C:\Program Files\ATI Multimedia\main\ATIDtct.EXE
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/download/ipixx.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www1.snapfish.com/SnapfishActivia.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Houdini License Server (HoudiniLicenseServer) - Side Effects Software Inc. - C:\WINDOWS\System32\sesinetd.exe
O23 - Service: HoudiniServer - Side Effects Software Inc. - C:\WINDOWS\system32\hserver.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe

#13 waterfalls

waterfalls

    Malware Exorcist


  • Members
  • 621 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:13 AM

Posted 08 March 2007 - 04:13 AM

Hi -

Your log looks clean.

If you have not done so, please empty your Recycle Bin.

Create a new Restore Point:
- Go to Start > All Programs > Accessories > System Tools > System Restore.
- When the utility opens, select "Create a new restore point" and click Next
- Name the restore point - something like "After infection cleaned" or "After cleaning"
- Click Create.

Delete the old Restore Points:
- Go to Start > All Programs > Accessories > System Tools > Disk Cleanup. Click Ok.
- Click the "More Options" tab.
- Where it states "System Restore" - click Clean up.
- All of the old Restore Points will be deleted EXCEPT for the one you just created.

Reboot your computer.

To keep this clean in the future, I would suggest the following things:

Install Spywareblaster. SpywareBlaster doesn't scan and clean for so-called spyware but prevents it from being installed in the first place. It blocks the popular spyware ActiveX controls and also prevents the installation of any of them via a webpage. Update it periodically.

Install IE-SPYAD puts over 20,000 sites in your restricted zone, so you will be protected when you visit innocent-looking sites that are not actually innocent at all.

* Avoid illegal sites because that's where most malware is present.
* Don't click on links inside pop-ups. If you should get them, use ALT + F4 to close them.
* Don't click on links in spam messages claiming to offer anti-spyware software because most of these so-called removers ARE spyware.
* Download free software only from sites you know and trust because a lot of free software can bundle other software, including spyware.

Let your anti-virus and anti-spyware scanners scan frequently and don't forget to update before scanning.

Make sure your Windows has the latest updates by going here.

More information on how to prevent malware can be found at So how did I get infected in the first place? (by Tony Klein).

Happy surfing again! :thumbsup:
Take only memories, leave nothing but footprints.

Posted ImagePosted Image

#14 freakpower

freakpower
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:09:13 AM

Posted 08 March 2007 - 04:57 AM

I can't thank you enough Waterfalls, my machine is running great :thumbsup: Thanks for all the good info, I'm really glad I posted here!

#15 waterfalls

waterfalls

    Malware Exorcist


  • Members
  • 621 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:13 AM

Posted 08 March 2007 - 05:03 AM

You're quite welcome - glad I could help. :thumbsup:
Take only memories, leave nothing but footprints.

Posted ImagePosted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users