Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Spylocked And Not Happy!


  • Please log in to reply
15 replies to this topic

#1 Scottman

Scottman

  • Members
  • 57 posts
  • OFFLINE
  •  
  • Local time:09:37 PM

Posted 07 April 2007 - 02:51 PM

Hello

I need some help to get rid of the Spylocked Malware that has infected my computer. My 15 year old also uses this PC for IM and Utube and good knows what else, and it's probably oozing with infections, since it is running slowly. I have tried several ham-handed attempts at fixing the problem, to no avail, so now I come with my hat in hand, ready to do what am told to do!

I've followed the guidelines to prepare a post, and here's my Hijack this log. I will appreciate any advice on getting better!


Scottman :thumbsup:

Logfile of HijackThis v1.99.1
Scan saved at 14:33, on 07-04-07
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\ewido anti-spyware 4.0\guard.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Support.com\bin\tgkill.exe
C:\Program Files\SpywareLocked 3.3\Spy-Locked.exe
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Java\jre1.5.0_03\bin\jucheck.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\FinePixViewer\QuickDCF.exe
C:\Program Files\EZ-DUB\EZ-DUB.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\NETSCAPE\NETSCA~1\NETSCAPE.EXE
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.comcast.net
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Comcast
F3 - REG:win.ini: load=,c:\windows\system\svchctrl.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\userinit.exe ,c:\windows\system32\winlog.exe
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 3.1\aoltb.dll
O2 - BHO: (no name) - {A6ACAE64-F798-4930-AD86-BD3FB32038DB} - C:\Program Files\Video Access ActiveX Object\isadd.dll (file missing)
O2 - BHO: (no name) - {E73CBEFA-2D4E-7BCA-4587-7DE2990526E4} - C:\WINDOWS\System32\bgfy.dll (file missing)
O3 - Toolbar: OIN Search - {B9F6E8EB-A4E3-478E-88A4-D3995B5C45C8} - C:\Program Files\OIN Search\OINSearch.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [ComcastSUPPORT] C:\Program Files\Support.com\bin\tgkill.exe /cleaneahtioga /start
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SpywareLocked 3.3] "C:\Program Files\SpywareLocked 3.3\Spy-Locked.exe" /h
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [Microsoft Windows Visual V2.1] C:\WINDOWS\msiutil.exe
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Exif Launcher.lnk = C:\Program Files\FinePixViewer\QuickDCF.exe
O4 - Global Startup: EZ-DUB Finder.lnk = C:\Program Files\EZ-DUB\EZ-DUB.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 3.1\resources\en-US\local\search.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_03\bin\npjpi150_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_03\bin\npjpi150_03.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 3.1\aoltb.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Help - {97E7818A-29C2-441E-857C-EBA970D7B5D2} - http://www.comcast.net/memberservices/ (file missing) (HKCU)
O9 - Extra button: Support - {D34637AF-8024-434D-A488-4BC633950521} - http://www.comcastsupport.com (file missing) (HKCU)
O9 - Extra button: ComcastHSI - {DD9FC0CA-BFEF-496F-AB22-C995E60BA7D5} - http://www.comcast.net (file missing) (HKCU)
O14 - IERESET.INF: START_PAGE_URL=http://www.comcast.net
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/m...01/mcinsctl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by105fd.bay105.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1162659590343
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/m...,26/mcgdmgr.cab
O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} (Persits Software XUpload) - http://www.leaguelineup.com/XUpload.ocx
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Lavasoft\PERSON~1\wl_hook.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

BC AdBot (Login to Remove)

 


m

#2 Rawe

Rawe

  • Members
  • 2,363 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:04:37 AM

Posted 08 April 2007 - 07:34 AM

Hello and welcome aboard :thumbsup:

Please download SmitfraudFix © S!Ri to your desktop.

Double-click SmitFraudFix.exe.
Select option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).
Please copy/paste the content of that report into your next reply.

Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.
http://www.beyondlogic.org/consulting/proc...processutil.htm

---------

Please download Combofix to your desktop:
  • Double-click combofix.exe & follow the prompts.
  • When finished, it shall produce a log for you. Post that log in your next reply.
Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall.
Hi there, stranger!

#3 Scottman

Scottman
  • Topic Starter

  • Members
  • 57 posts
  • OFFLINE
  •  
  • Local time:09:37 PM

Posted 08 April 2007 - 09:41 AM

Thanks for taking on my case! :thumbsup:

SmitFraud Log[size=6]

SmitFraudFix v2.164

Scan done at 9:31:03.60, 07-04-08
Run from C:\Documents and Settings\All\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode

Process

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\ewido anti-spyware 4.0\guard.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Support.com\bin\tgkill.exe
C:\Program Files\SpywareLocked 3.3\Spy-Locked.exe
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Java\jre1.5.0_03\bin\jucheck.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\FinePixViewer\QuickDCF.exe
C:\Program Files\EZ-DUB\EZ-DUB.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\iPod\bin\iPodService.exe
c:\program files\aim6\anotify.exe
C:\PROGRA~1\NETSCAPE\NETSCA~1\NETSCAPE.EXE
C:\WINDOWS\System32\HPZipm12.exe
C:\WINDOWS\system32\cmd.exe

hosts


C:\


C:\WINDOWS


C:\WINDOWS\system


C:\WINDOWS\Web


C:\WINDOWS\system32


C:\Documents and Settings\All


C:\Documents and Settings\All\Application Data


Start Menu


C:\DOCUME~1\All\FAVORI~1


Desktop


C:\Program Files

C:\Program Files\SpywareLocked 3.3\ FOUND !

Corrupted keys


Desktop Components

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"


Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{bd0fc212-0a36-4232-83cc-2063fb9282e0}"="curdler"

[HKEY_CLASSES_ROOT\CLSID\{bd0fc212-0a36-4232-83cc-2063fb9282e0}\InProcServer32]
@="C:\WINDOWS\System32\qzviz.dll"

[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{bd0fc212-0a36-4232-83cc-2063fb9282e0}\InProcServer32]
@="C:\WINDOWS\System32\qzviz.dll"



AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="C:\\PROGRA~1\\Lavasoft\\PERSON~1\\wl_hook.dll "


Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


pe386-msguard-lzx32-huy32



DNS

Description: Intel® PRO/100 VE Network Connection - Packet Scheduler Miniport
DNS Server Search Order: 68.87.64.146
DNS Server Search Order: 68.87.75.194

HKLM\SYSTEM\CCS\Services\Tcpip\..\{B38D05E7-3F96-4688-A4BD-7F80141752DF}: DhcpNameServer=68.87.64.146 68.87.75.194
HKLM\SYSTEM\CS1\Services\Tcpip\..\{B38D05E7-3F96-4688-A4BD-7F80141752DF}: DhcpNameServer=68.87.64.146 68.87.75.194
HKLM\SYSTEM\CS3\Services\Tcpip\..\{B38D05E7-3F96-4688-A4BD-7F80141752DF}: DhcpNameServer=68.87.64.146 68.87.75.194
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=68.87.64.146 68.87.75.194
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=68.87.64.146 68.87.75.194
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=68.87.64.146 68.87.75.194


Scanning wininet.dll infection


End


Combo Fix Log[size=6]

All - 07-04-08 9:32:18.29
ComboFix 06.09.11B - Running from: C:\Documents and Settings\All\Desktop

Microsoft Windows XP [Version 5.1.2600]

(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\Program Files\Common Files\{38FCF975-0A61-1033-0127-030816020001}
C:\Program Files\Common Files\{F8FCF975-0A61-1033-0127-030816020001}
C:\Program Files\Common Files\{F8FCF975-0A62-1033-0127-030816020001}

~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ Purity ~ ~ ~ ~ ~ ~ ~ ~~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~

Folders Quarantined:

C:\QooBox\Purity\Documents and Settings\All\Application Data\ICROSO~1
C:\QooBox\Purity\Documents and Settings\All\My Documents\CURITY~1
C:\QooBox\Purity\Documents and Settings\All\My Documents\DOBE~1
C:\QooBox\Purity\Program Files\WNSXS~1
C:\QooBox\Purity\Program Files\Common Files\FNTS~1
C:\QooBox\Purity\Program Files\Common Files\FNTS~1\bak
C:\QooBox\Purity\Program Files\Common Files\FNTS~1\FNTS~1
C:\QooBox\Purity\Program Files\WNSXS~1\WNSXS~1
C:\QooBox\Purity\WINDOWS\YMBOLS~1
C:\QooBox\Purity\WINDOWS\YSTEM3~1


((((((((((((((((((((((((((((((( Files Created from 2006-10-12 to 2006-11-12 ))))))))))))))))))))))))))))))))))


2006-11-23 11:45 30,208 --------- C:\WINDOWS\system32\WNASPI32.DLL
2006-11-23 11:33 45,056 --------- C:\WINDOWS\system32\FINFCOPY.dll
2006-11-19 21:32 69 --a-s---- C:\WINDOWS\test.bat
2006-11-04 16:05 127,208 --a------ C:\WINDOWS\system32\mucltui.dll
2006-10-26 14:10 33,088 --a------ C:\WINDOWS\system32\FM20ENU.DLL
2006-10-26 14:10 1,190,688 --a------ C:\WINDOWS\system32\FM20.DLL
2006-10-26 13:45 293,376 --a------ C:\WINDOWS\system32\WISPTIS.EXE
2006-10-26 13:45 207,360 --a------ C:\WINDOWS\system32\INKED.DLL
2006-10-25 16:26 69,632 --a------ C:\WINDOWS\system32\lfgif13n.dll
2006-10-25 16:26 57,344 --a------ C:\WINDOWS\system32\lfbmp13n.dll
2006-10-25 16:26 462,848 --a------ C:\WINDOWS\system32\ltkrn13n.dll
2006-10-25 16:26 450,560 --a------ C:\WINDOWS\system32\ltimg13n.dll
2006-10-25 16:26 401,408 --a------ C:\WINDOWS\system32\lfcmp13n.dll
2006-10-25 16:26 299,008 --a------ C:\WINDOWS\system32\ltdis13n.dll
2006-10-25 16:26 206,336 --a------ C:\WINDOWS\system32\ltefx13n.dll
2006-10-25 16:26 163,840 --a------ C:\WINDOWS\system32\ltfil13n.dll


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2006-11-27 09:54 539136 --a------ C:\WINDOWS\system32\msftedit.dll
2006-11-27 09:54 433152 --a------ C:\WINDOWS\system32\riched20.dll
2006-11-26 16:05 18624 --a------ C:\Documents and Settings\All\Application Data\GDIPFONTCACHEV1.DAT
2006-11-23 11:44 -------- d--h----- C:\Program Files\InstallShield Installation Information
2006-11-23 11:44 -------- d-------- C:\Program Files\PIXELA
2006-11-23 11:44 -------- d-------- C:\Program Files\FinePixViewer
2006-11-13 18:53 -------- d-------- C:\Program Files\McAfee.com
2006-11-12 19:40 2 --a------ C:\WINDOWS\system32\wintit.exe
2006-11-11 19:30 32177 ---hs---- C:\Program Files\Common Files\Yazzle1122OinUninstaller.exe
2006-11-11 19:25 -------- d-------- C:\Program Files\OIN Search
2006-11-08 00:06 679424 --a------ C:\WINDOWS\system32\inetcomm.dll
2006-11-01 14:17 927504 --a------ C:\WINDOWS\system32\mfc40u.dll
2006-10-19 08:56 713216 --a------ C:\WINDOWS\system32\sxs.dll
2006-10-16 11:15 122880 --a------ C:\WINDOWS\system32\oledlg.dll
2006-10-14 03:13 981760 --a------ C:\WINDOWS\system32\mfc42u.dll
2006-10-13 07:35 142336 --a------ C:\WINDOWS\system32\nwprovau.dll
2006-10-09 10:49 -------- d-------- C:\Program Files\ewido anti-spyware 4.0
2006-09-23 17:55 -------- d-------- C:\Documents and Settings\All\Application Data\MSN6
2006-09-13 00:01 1084416 --a------ C:\WINDOWS\system32\msxml3.dll
2006-09-12 17:24 46345 --a------ C:\WINDOWS\NSSetDefaultBrowser.EXE
2006-08-29 19:43 135168 --a------ C:\WINDOWS\system32\swreg.exe
2006-08-25 10:45 617472 --a------ C:\WINDOWS\system32\comctl32.dll
2006-08-22 04:05 498742 --a------ C:\WINDOWS\system32\dxmasf.dll
2006-08-21 09:52 246814 --a------ C:\WINDOWS\system32\strmdll.dll
2006-08-21 07:21 16896 --a------ C:\WINDOWS\system32\fltlib.dll
2006-08-21 04:14 23040 --a------ C:\WINDOWS\system32\fltmc.exe
2006-08-17 07:28 721920 --a------ C:\WINDOWS\system32\lsasrv.dll
2006-08-17 07:28 132096 --a------ C:\WINDOWS\system32\wkssvc.dll
2006-08-16 06:58 100352 --a------ C:\WINDOWS\system32\6to4svc.dll


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"Aim6"="\"C:\\Program Files\\AIM6\\aim6.exe\" /d locale=en-US ee://aol/imApp"
"Microsoft Windows Visual V2.1"="C:\\WINDOWS\\msiutil.exe"
"NvMediaCenter"="RUNDLL32.EXE C:\\WINDOWS\\System32\\NVMCTRAY.DLL,NvTaskbarInit"
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BJCFD"="C:\\Program Files\\BroadJump\\Client Foundation\\CFD.exe"
"ComcastSUPPORT"="C:\\Program Files\\Support.com\\bin\\tgkill.exe /cleaneahtioga /start"
"ViewMgr"="C:\\Program Files\\Viewpoint\\Viewpoint Manager\\ViewMgr.exe"
"VSOCheckTask"="\"C:\\PROGRA~1\\McAfee.com\\VSO\\mcmnhdlr.exe\" /checktask"
"VirusScan Online"="C:\\Program Files\\McAfee.com\\VSO\\mcvsshld.exe"
"OASClnt"="C:\\Program Files\\McAfee.com\\VSO\\oasclnt.exe"
"MCAgentExe"="c:\\PROGRA~1\\mcafee.com\\agent\\mcagent.exe"
"MCUpdateExe"="c:\\PROGRA~1\\mcafee.com\\agent\\mcupdate.exe"
"REGSHAVE"="C:\\Program Files\\REGSHAVE\\REGSHAVE.EXE /AUTORUN"
"HP Software Update"="C:\\Program Files\\HP\\HP Software Update\\HPWuSchd2.exe"
"SpywareLocked 3.3"="\"C:\\Program Files\\SpywareLocked 3.3\\Spy-Locked.exe\" /h"
"SunJavaUpdateSched"="C:\\Program Files\\Java\\jre1.5.0_03\\bin\\jusched.exe"
"BCMSMMSG"="BCMSMMSG.exe"
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\System32\\NvCpl.dll,NvStartup"
"nwiz"="nwiz.exe /install"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000005

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,00,01,00,00,00,00,00,00,00,04,00,00,e2,03,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,00,01,00,00,00,00,00,00,00,04,00,00,e2,03,\
00,00,04,00,00,40
"RestoredStateInfo"=hex:18,00,00,00,00,01,00,00,00,00,00,00,00,04,00,00,e2,03,\
00,00,01,00,00,00

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"windows_startup"="c:\\windows\\system32\\winlog.exe"
"svchctrl"="c:\\windows\\system\\svchctrl.exe"

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"windows_startup"="c:\\windows\\system32\\winlog.exe"
"svchctrl"="c:\\windows\\system\\svchctrl.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="ewido anti-spyware 4.0"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
"NoDriveAutoRun"=dword:ffffffff

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run]
"rare"="C:\\Program Files\\Video Access ActiveX Object\\pmsnrr.exe"
"user32.dll"="C:\\Program Files\\Video Access ActiveX Object\\isamntr.exe"

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"


HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders
securityproviders REG_SZ msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll


Completion time: Sun 04/08/2007 9:35:42.23
ComboFix.txt
ComboFix2.txt
ComboFix3.txt

#4 Rawe

Rawe

  • Members
  • 2,363 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:04:37 AM

Posted 08 April 2007 - 11:02 AM

Hi again :thumbsup:

Please print these instructions out, or write them down, as you can't read them during the fix.

Next, please reboot your computer in Safe Mode by doing the following:
1) Restart your computer
2) After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
3) Instead of Windows loading as normal, a menu should appear
4) Select the first option, to run Windows in Safe Mode
5) Choose your usual account.


Once in Safe Mode, double-click SmitfraudFix.exe.
Select option #2 - Clean by typing 2 and press "Enter" to delete infected files.

You will be prompted : "Registry cleaning - Do you want to clean the registry ?"; answer "Yes" by typing Y and press "Enter" in order to remove the Desktop background and clean registry keys associated with the infection.

The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found); answer "Yes" by typing Y and press "Enter".

The tool may need to restart your computer to finish the cleaning process; if it doesn't, please restart it into Normal Windows.
A text file will appear onscreen, with results from the cleaning process; please copy/paste the content of that report into your next reply along with a fresh HijackThis log.
The report can also be found at the root of the system drive, usually at C:\rapport.txt

Warning : running option #2 on a non infected computer will remove your Desktop background.
Hi there, stranger!

#5 Rawe

Rawe

  • Members
  • 2,363 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:04:37 AM

Posted 15 April 2007 - 11:13 AM

Checking up, still in need of help??
Hi there, stranger!

#6 Scottman

Scottman
  • Topic Starter

  • Members
  • 57 posts
  • OFFLINE
  •  
  • Local time:09:37 PM

Posted 15 April 2007 - 11:27 AM

Yes, I do....I have been out on travel, and I will complete your most recent suggestions today.

Thanks for checking in!!!

Scottman.

#7 Scottman

Scottman
  • Topic Starter

  • Members
  • 57 posts
  • OFFLINE
  •  
  • Local time:09:37 PM

Posted 16 April 2007 - 09:43 PM

Rawe

Sometimes, there is not enough time in the day! I did get around to this, and it seems from the log SmitFraud has deleted spylocked!


:thumbsup:

SmitFraudFix v2.164

Scan done at 21:25:14.01, Mon 04/16/2007
Run from C:\Documents and Settings\All\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in safe mode

SharedTaskScheduler Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

Killing process


hosts


127.0.0.1 localhost

Generic Renos Fix

GenericRenosFix by S!Ri


Deleting infected files

C:\Program Files\SpywareLocked 3.3\ Deleted

DNS



Deleting Temp Files


Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


Registry Cleaning

Registry Cleaning done.

SharedTaskScheduler After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


End



HIJACKTHIS

Logfile of HijackThis v1.99.1
Scan saved at 9:39:18 PM, on 4/16/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\ewido anti-spyware 4.0\guard.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
c:\PROGRA~1\mcafee.com\vso\OasClnt.exe
C:\WINDOWS\System32\nvsvc32.exe
c:\PROGRA~1\mcafee.com\vso\bak\OasClnt.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\PROGRA~1\NETSCAPE\NETSCA~1\NETSCAPE.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\FinePixViewer\QuickDCF.exe
C:\Program Files\EZ-DUB\EZ-DUB.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Java\jre1.5.0_03\bin\jucheck.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Comcast
F3 - REG:win.ini: load=,c:\windows\system\svchctrl.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\userinit.exe ,c:\windows\system32\winlog.exe
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 3.1\aoltb.dll
O2 - BHO: (no name) - {E73CBEFA-2D4E-7BCA-4587-7DE2990526E4} - C:\WINDOWS\System32\bgfy.dll (file missing)
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [ComcastSUPPORT] C:\Program Files\Support.com\bin\tgkill.exe /cleaneahtioga /start
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [Microsoft Windows Visual V2.1] C:\WINDOWS\msiutil.exe
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Exif Launcher.lnk = C:\Program Files\FinePixViewer\QuickDCF.exe
O4 - Global Startup: EZ-DUB Finder.lnk = C:\Program Files\EZ-DUB\EZ-DUB.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 3.1\resources\en-US\local\search.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_03\bin\npjpi150_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_03\bin\npjpi150_03.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 3.1\aoltb.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Help - {97E7818A-29C2-441E-857C-EBA970D7B5D2} - http://www.comcast.net/memberservices/ (file missing) (HKCU)
O9 - Extra button: Support - {D34637AF-8024-434D-A488-4BC633950521} - http://www.comcastsupport.com (file missing) (HKCU)
O9 - Extra button: ComcastHSI - {DD9FC0CA-BFEF-496F-AB22-C995E60BA7D5} - http://www.comcast.net (file missing) (HKCU)
O14 - IERESET.INF: START_PAGE_URL=http://www.comcast.net
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/m...01/mcinsctl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by105fd.bay105.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1162659590343
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/m...,26/mcgdmgr.cab
O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} (Persits Software XUpload) - http://www.leaguelineup.com/XUpload.ocx
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Lavasoft\PERSON~1\wl_hook.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

Thanks!

Scottman!

#8 Rawe

Rawe

  • Members
  • 2,363 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:04:37 AM

Posted 17 April 2007 - 10:41 AM

Lets continue :flowers:

Still have some other crap there.

Please print these instructions out, or save them to a notepad file, as you can't read them during the fix.

Please run a scan with HijackThis and check the following objects for removal:

F3 - REG:win.ini: load=,c:\windows\system\svchctrl.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\userinit.exe ,c:\windows\system32\winlog.exe
O2 - BHO: (no name) - {E73CBEFA-2D4E-7BCA-4587-7DE2990526E4} - C:\WINDOWS\System32\bgfy.dll (file missing)
O4 - HKCU\..\Run: [Microsoft Windows Visual V2.1] C:\WINDOWS\msiutil.exe


Now close ALL other open windows except for HijackThis and hit FIX CHECKED. Exit HijackThis.

==

Please download AVG Anti-Spyware and save that file to your desktop.
This is a 30 day trial of the program
  • Once you have downloaded AVG Anti-Spyware, locate the icon on the desktop and double-click it to launch the setup program.
  • Once the setup is complete you will need run AVG Anti-Spyware and update the definition files.
  • On the main screen select the icon "Update" then select the "Update now" link.
    • Next select the "Start Update" button, the update will start and a progress bar will show the updates being installed.
    • If you aren't able to finish the update within AVG Anti-Spyware for a reason or another, you can install the manual updates here.
  • Once the update has completed select the "Scanner" icon at the top of the screen, then select the "Settings" tab.
  • Once in the Settings screen click on "Recommended actions" and then select "Quarantine".
  • Under "Reports"
    • Select "Automatically generate report after every scan"
    • Un-select "Only if threats were found"
Close AVG Anti-Spyware, DO NOT run a scan just yet, we will shortly.

Next, please reboot your computer in Safe Mode by doing the following:
1) Restart your computer
2) After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
3) Instead of Windows loading as normal, a menu should appear
4) Select the first option, to run Windows in Safe Mode.


==

Once in Safe Mode, please navigate to and delete the following files if found:

C:\WINDOWS\system\svchctrl.exe
C:\WINDOWS\system32\winlog.exe
C:\WINDOWS\msiutil.exe


Empty recycle bin.

==
  • IMPORTANT: Do not open any other windows or programs while AVG Anti-Spyware is scanning, it may interfere with the scanning process:
  • Lauch AVG Anti-Spyware by double-clicking the icon on your desktop.
  • Select the "Scanner" icon at the top and then the "Scan" tab then click on "Complete System Scan".
  • AVG Anti-Spyware will now begin the scanning process, be patient this may take a little time.
    Once the scan is complete do the following:
  • If you have any infections you will prompted, then select "Apply all actions"
  • Next select the "Reports" icon at the top.
  • Select the "Save report as" button in the lower left hand of the screen and save it to a text file on your system (make sure to remember where you saved that file, this is important).
  • Close AVG Anti-Spyware and reboot your system back into Normal Mode and post back with the AVG Anti-Spyware results. :thumbsup:

Hi there, stranger!

#9 Scottman

Scottman
  • Topic Starter

  • Members
  • 57 posts
  • OFFLINE
  •  
  • Local time:09:37 PM

Posted 17 April 2007 - 01:07 PM

Rawe

I am on top of things today!! Heres the AVG log- it founds a bucnh of stuff! I did not find any of the three files you had noted (svchctrl.exe, winlog.exe or msiutil.exe) Everything else went smoothly!

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 1:48:16 PM 4/17/2007

+ Scan result:



C:\Program Files\DriveCleaner 2006 Free -> Adware.DriveCleaner : Cleaned.
C:\Program Files\DriveCleaner 2006 Free\Activate.dat -> Adware.DriveCleaner : Cleaned.
C:\Program Files\DriveCleaner 2006 Free\Appbase -> Adware.DriveCleaner : Cleaned.
C:\Program Files\DriveCleaner 2006 Free\Appbase\AE_CD_Cr.dat -> Adware.DriveCleaner : Cleaned.
C:\Program Files\DriveCleaner 2006 Free\Appbase\AReadr4.dat -> Adware.DriveCleaner : Cleaned.
C:\Program Files\DriveCleaner 2006 Free\Appbase\AReadr5.dat -> Adware.DriveCleaner : Cleaned.
C:\Program Files\DriveCleaner 2006 Free\Appbase\ASDSEEpv.dat -> Adware.DriveCleaner : Cleaned.
C:\Program Files\DriveCleaner 2006 Free\Appbase\ASPack.dat -> Adware.DriveCleaner : Cleaned.
C:\Program Files\DriveCleaner 2006 Free\Appbase\BDelphi5.dat -> Adware.DriveCleaner : Cleaned.
C:\Program Files\DriveCleaner 2006 Free\Appbase\Babylon.dat -> Adware.DriveCleaner : Cleaned.
C:\Program Files\DriveCleaner 2006 Free\Appbase\CBuildr5.dat -> Adware.DriveCleaner : Cleaned.
C:\Program Files\DriveCleaner 2006 Free\Appbase\CCGA.dat -> Adware.DriveCleaner : Cleaned.
C:\Program Files\DriveCleaner 2006 Free\Appbase\CManager.dat -> Adware.DriveCleaner : Cleaned.
C:\Program Files\DriveCleaner 2006 Free\Appbase\CatchUp.dat -> Adware.DriveCleaner : Cleaned.
C:\Program Files\DriveCleaner 2006 Free\Appbase\CuteFTP4.dat -> Adware.DriveCleaner : Cleaned.
C:\Program Files\DriveCleaner 2006 Free\Appbase\CuteHTML.dat -> Adware.DriveCleaner : Cleaned.
C:\Program Files\DriveCleaner 2006 Free\Appbase\DAcceler.dat -> Adware.DriveCleaner : Cleaned.
C:\Program Files\DriveCleaner 2006 Free\Appbase\DiscJug.dat -> Adware.DriveCleaner : Cleaned.
C:\Program Files\DriveCleaner 2006 Free\Appbase\ECDCreat4.dat -> Adware.DriveCleaner : Cleaned.
C:\Program Files\DriveCleaner 2006 Free\Appbase\FFTsks.dat -> Adware.DriveCleaner : Cleaned.
C:\Program Files\DriveCleaner 2006 Free\Appbase\Far.dat -> Adware.DriveCleaner : Cleaned.
C:\Program Files\DriveCleaner 2006 Free\Appbase\FlashFXP.dat -> Adware.DriveCleaner : Cleaned.
C:\Program Files\DriveCleaner 2006 Free\Appbase\FrntPage.dat -> Adware.DriveCleaner : Cleaned.
C:\Program Files\DriveCleaner 2006 Free\Appbase\FrontPEx.dat -> Adware.DriveCleaner : Cleaned.
C:\Program Files\DriveCleaner 2006 Free\Appbase\FtpEXP.dat -> Adware.DriveCleaner : Cleaned.
C:\Program Files\DriveCleaner 2006 Free\Appbase\FtpVoya.dat -> Adware.DriveCleaner : Cleaned.
C:\Program Files\DriveCleaner 2006 Free\Appbase\GetRight.dat -> Adware.DriveCleaner : Cleaned.
C:\Program Files\DriveCleaner 2006 Free\Appbase\GoZilla.dat -> Adware.DriveCleaner : Cleaned.
C:\Program Files\DriveCleaner 2006 Free\Appbase\GravMRU.dat -> Adware.DriveCleaner : Cleaned.
C:\Program Files\DriveCleaner 2006 Free\Appbase\H_TxtPad.dat -> Adware.DriveCleaner : Cleaned.
C:\Program Files\DriveCleaner 2006 Free\Appbase\HomeSite.dat -> Adware.DriveCleaner : Cleaned.
C:\Program Files\DriveCleaner 2006 Free\Appbase\HotDogPr.dat -> Adware.DriveCleaner : Cleaned.
C:\Program Files\DriveCleaner 2006 Free\Appbase\IconExtr.dat -> Adware.DriveCleaner : Cleaned.
C:\Program Files\DriveCleaner 2006 Free\Appbase\ImgReady3.dat -> Adware.DriveCleaner : Cleaned.
C:\Program Files\DriveCleaner 2006 Free\Appbase\InsShExp.dat -> Adware.DriveCleaner : Cleaned.
C:\Program Files\DriveCleaner 2006 Free\Appbase\JASC_P_P.dat -> Adware.DriveCleaner : Cleaned.
C:\Program Files\DriveCleaner 2006 Free\Appbase\KaZaA.dat -> Adware.DriveCleaner : Cleaned.
C:\Program Files\DriveCleaner 2006 Free\Appbase\LView.dat -> Adware.DriveCleaner : Cleaned.
C:\Program Files\DriveCleaner 2006 Free\Appbase\MMUnDisk.dat -> Adware.DriveCleaner : Cleaned.
C:\Program Files\DriveCleaner 2006 Free\Appbase\MM_CON.dat -> Adware.DriveCleaner : Cleaned.
C:\Program Files\DriveCleaner 2006 Free\Appbase\MPImaGal.dat -> Adware.DriveCleaner : Cleaned.
C:\Program Files\DriveCleaner 2006 Free\Appbase\MPaint.dat -> Adware.DriveCleaner : Cleaned.
C:\Program Files\DriveCleaner 2006 Free\Appbase\MPicPub.dat -> Adware.DriveCleaner : Cleaned.
C:\Program Files\DriveCleaner 2006 Free\Appbase\MSExplorer.dat -> Adware.DriveCleaner : Cleaned.
C:\Program Files\DriveCleaner 2006 Free\Appbase\MSRegEdit.dat -> Adware.DriveCleaner : Cleaned.
C:\Program Files\DriveCleaner 2006 Free\Appbase\MSWMP.dat -> Adware.DriveCleaner : Cleaned.
C:\Program Files\DriveCleaner 2006 Free\Appbase\MSWordPad.dat -> Adware.DriveCleaner : Cleaned.
C:\Program Files\DriveCleaner 2006 Free\Appbase\MSoffice.dat -> Adware.DriveCleaner : Cleaned.
C:\Program Files\DriveCleaner 2006 Free\Appbase\MacDir.dat -> Adware.DriveCleaner : Cleaned.
C:\Program Files\DriveCleaner 2006 Free\Appbase\MacDrWea.dat -> Adware.DriveCleaner : Cleaned.
C:\Program Files\DriveCleaner 2006 Free\Appbase\MicAng.dat -> Adware.DriveCleaner : Cleaned.
C:\Program Files\DriveCleaner 2006 Free\Appbase\MicDes.dat -> Adware.DriveCleaner : Cleaned.
C:\Program Files\DriveCleaner 2006 Free\Appbase\Morpheus.dat -> Adware.DriveCleaner : Cleaned.
C:\Program Files\DriveCleaner 2006 Free\Appbase\NTBackup.dat -> Adware.DriveCleaner : Cleaned.
C:\Program Files\DriveCleaner 2006 Free\Appbase\Nero.dat -> Adware.DriveCleaner : Cleaned.
C:\Program Files\DriveCleaner 2006 Free\Appbase\NetShow.dat -> Adware.DriveCleaner : Cleaned.
C:\Program Files\DriveCleaner 2006 Free\Appbase\PHPCoder.dat -> Adware.DriveCleaner : Cleaned.
C:\Program Files\DriveCleaner 2006 Free\Appbase\PhotShel.dat -> Adware.DriveCleaner : Cleaned.
C:\Program Files\DriveCleaner 2006 Free\Appbase\PowerZIP.dat -> Adware.DriveCleaner : Cleaned.
C:\Program Files\DriveCleaner 2006 Free\Appbase\RapidBr.dat -> Adware.DriveCleaner : Cleaned.
C:\Program Files\DriveCleaner 2006 Free\Appbase\RealAuPl.dat -> Adware.DriveCleaner : Cleaned.
C:\Program Files\DriveCleaner 2006 Free\Appbase\RealDown.dat -> Adware.DriveCleaner : Cleaned.
C:\Program Files\DriveCleaner 2006 Free\Appbase\SL_BlWin.dat -> Adware.DriveCleaner : Cleaned.
C:\Program Files\DriveCleaner 2006 Free\Appbase\SecurCRT.dat -> Adware.DriveCleaner : Cleaned.
C:\Program Files\DriveCleaner 2006 Free\Appbase\SmartClr.dat -> Adware.DriveCleaner : Cleaned.
C:\Program Files\DriveCleaner 2006 Free\Appbase\Sonique.dat -> Adware.DriveCleaner : Cleaned.
C:\Program Files\DriveCleaner 2006 Free\Appbase\StuffIt.dat -> Adware.DriveCleaner : Cleaned.
C:\Program Files\DriveCleaner 2006 Free\Appbase\TelepPro.dat -> Adware.DriveCleaner : Cleaned.
C:\Program Files\DriveCleaner 2006 Free\Appbase\UGifAnim.dat -> Adware.DriveCleaner : Cleaned.
C:\Program Files\DriveCleaner 2006 Free\Appbase\UMedStud.dat -> Adware.DriveCleaner : Cleaned.
C:\Program Files\DriveCleaner 2006 Free\Appbase\UPhImpV.dat -> Adware.DriveCleaner : Cleaned.
C:\Program Files\DriveCleaner 2006 Free\Appbase\UPhotoEx.dat -> Adware.DriveCleaner : Cleaned.
C:\Program Files\DriveCleaner 2006 Free\Appbase\UVidStud.dat -> Adware.DriveCleaner : Cleaned.
C:\Program Files\DriveCleaner 2006 Free\Appbase\UltraEd.dat -> Adware.DriveCleaner : Cleaned.
C:\Program Files\DriveCleaner 2006 Free\Appbase\VNC.dat -> Adware.DriveCleaner : Cleaned.
C:\Program Files\DriveCleaner 2006 Free\Appbase\WebFeret.dat -> Adware.DriveCleaner : Cleaned.
C:\Program Files\DriveCleaner 2006 Free\Appbase\WebReap.dat -> Adware.DriveCleaner : Cleaned.
C:\Program Files\DriveCleaner 2006 Free\Appbase\WinACE.dat -> Adware.DriveCleaner : Cleaned.
C:\Program Files\DriveCleaner 2006 Free\Appbase\WinGate.dat -> Adware.DriveCleaner : Cleaned.
C:\Program Files\DriveCleaner 2006 Free\Appbase\WinRAR.dat -> Adware.DriveCleaner : Cleaned.
C:\Program Files\DriveCleaner 2006 Free\Appbase\WinZIP.dat -> Adware.DriveCleaner : Cleaned.
C:\Program Files\DriveCleaner 2006 Free\Appbase\WiseInst.dat -> Adware.DriveCleaner : Cleaned.
C:\Program Files\DriveCleaner 2006 Free\Appbase\YahooPl.dat -> Adware.DriveCleaner : Cleaned.
C:\Program Files\DriveCleaner 2006 Free\Appbase\ZipMagic.dat -> Adware.DriveCleaner : Cleaned.
C:\Program Files\DriveCleaner 2006 Free\Appbase\iMesh.dat -> Adware.DriveCleaner : Cleaned.
C:\Program Files\DriveCleaner 2006 Free\Appbase\pfilelst.xda -> Adware.DriveCleaner : Cleaned.
C:\Program Files\DriveCleaner 2006 Free\Appbase\wordslst.xda -> Adware.DriveCleaner : Cleaned.
C:\Program Files\DriveCleaner 2006 Free\Download -> Adware.DriveCleaner : Cleaned.
C:\Program Files\DriveCleaner 2006 Free\InstHelp.exe -> Adware.DriveCleaner : Cleaned.
C:\Program Files\DriveCleaner 2006 Free\ScanReport.dat -> Adware.DriveCleaner : Cleaned.
C:\Program Files\DriveCleaner 2006 Free\Schedule.dat -> Adware.DriveCleaner : Cleaned.
C:\Program Files\DriveCleaner 2006 Free\UDC2006.xml -> Adware.DriveCleaner : Cleaned.
C:\Program Files\DriveCleaner 2006 Free\UDC6.url -> Adware.DriveCleaner : Cleaned.
C:\Program Files\DriveCleaner 2006 Free\UDCShell.xml -> Adware.DriveCleaner : Cleaned.
C:\Program Files\DriveCleaner 2006 Free\UninstallPage.html -> Adware.DriveCleaner : Cleaned.
C:\Program Files\DriveCleaner 2006 Free\bak -> Adware.DriveCleaner : Cleaned.
C:\Program Files\DriveCleaner 2006 Free\bnlink.dat -> Adware.DriveCleaner : Cleaned.
C:\Program Files\DriveCleaner 2006 Free\diagnosis.dat -> Adware.DriveCleaner : Cleaned.
C:\Program Files\DriveCleaner 2006 Free\img -> Adware.DriveCleaner : Cleaned.
C:\Program Files\DriveCleaner 2006 Free\img\button.gif -> Adware.DriveCleaner : Cleaned.
C:\Program Files\DriveCleaner 2006 Free\img\button2.gif -> Adware.DriveCleaner : Cleaned.
C:\Program Files\DriveCleaner 2006 Free\img\header.gif -> Adware.DriveCleaner : Cleaned.
C:\Program Files\DriveCleaner 2006 Free\img\logo.gif -> Adware.DriveCleaner : Cleaned.
C:\Program Files\DriveCleaner 2006 Free\img\spacer.gif -> Adware.DriveCleaner : Cleaned.
C:\Program Files\DriveCleaner 2006 Free\img\top1.jpg -> Adware.DriveCleaner : Cleaned.
C:\Program Files\DriveCleaner 2006 Free\img\top2.jpg -> Adware.DriveCleaner : Cleaned.
C:\Program Files\DriveCleaner 2006 Free\img\top_line.gif -> Adware.DriveCleaner : Cleaned.
C:\Program Files\DriveCleaner 2006 Free\lapv.dat -> Adware.DriveCleaner : Cleaned.
C:\Program Files\DriveCleaner 2006 Free\license.rtf -> Adware.DriveCleaner : Cleaned.
C:\Program Files\DriveCleaner 2006 Free\manual.url -> Adware.DriveCleaner : Cleaned.
C:\Program Files\DriveCleaner 2006 Free\pv.dat -> Adware.DriveCleaner : Cleaned.
C:\Program Files\DriveCleaner 2006 Free\readme.rtf -> Adware.DriveCleaner : Cleaned.
C:\Program Files\DriveCleaner 2006 Free\sr.log -> Adware.DriveCleaner : Cleaned.
C:\Program Files\DriveCleaner 2006 Free\support.url -> Adware.DriveCleaner : Cleaned.
C:\Program Files\DriveCleaner 2006 Free\unins000.dat -> Adware.DriveCleaner : Cleaned.
C:\Program Files\DriveCleaner 2006 Free\unins000.exe -> Adware.DriveCleaner : Cleaned.
C:\Program Files\DriveCleaner 2006 Free\uninstall.ico -> Adware.DriveCleaner : Cleaned.
C:\Program Files\DriveCleaner 2006 Free\up.dat -> Adware.DriveCleaner : Cleaned.
C:\Program Files\DriveCleaner 2006 Free\update.log -> Adware.DriveCleaner : Cleaned.
C:\Program Files\DriveCleaner 2006 Free\updater.dat -> Adware.DriveCleaner : Cleaned.
C:\Program Files\DriveCleaner 2006 Free\vbpv.dat -> Adware.DriveCleaner : Cleaned.
C:\Documents and Settings\All\Local Settings\Temp\18QMvza.exe -> Adware.Fakealert : Cleaned.
C:\Documents and Settings\All\Local Settings\Temporary Internet Files\Content.IE5\ARORM5CR\sc[1].php -> Adware.Fakealert : Cleaned.
C:\Program Files\SpySheriff -> Adware.SpySheriff : Cleaned.
C:\Program Files\SpySheriff\SpySheriff.dvm -> Adware.SpySheriff : Cleaned.
C:\Program Files\SpySheriff\SpySheriff.exe -> Adware.SpySheriff : Cleaned.
C:\Program Files\SpySheriff\Uninstall.exe -> Adware.SpySheriff : Cleaned.
C:\Program Files\SpySheriff\base.avd -> Adware.SpySheriff : Cleaned.
C:\Program Files\SpySheriff\base001.avd -> Adware.SpySheriff : Cleaned.
C:\Program Files\SpySheriff\base002.avd -> Adware.SpySheriff : Cleaned.
C:\Program Files\SpySheriff\found.wav -> Adware.SpySheriff : Cleaned.
C:\Program Files\SpySheriff\heur000.dll -> Adware.SpySheriff : Cleaned.
C:\Program Files\SpySheriff\heur001.dll -> Adware.SpySheriff : Cleaned.
C:\Program Files\SpySheriff\heur002.dll -> Adware.SpySheriff : Cleaned.
C:\Program Files\SpySheriff\heur003.dll -> Adware.SpySheriff : Cleaned.
C:\Program Files\SpySheriff\notfound.wav -> Adware.SpySheriff : Cleaned.
C:\Program Files\SpySheriff\removed.wav -> Adware.SpySheriff : Cleaned.
C:\WINDOWS\system32\mswnt.exe -> Backdoor.SdBot.aad : Cleaned.
C:\Documents and Settings\All\My Documents\MyInstaller.exe -> Downloader.Zlob.brd : Cleaned.
C:\WINDOWS\Downloaded Program Files\UDC6_0001_D18M1108NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.m : Cleaned.
:mozilla.23:C:\Documents and Settings\All\Application Data\Netscape\NSB\Profiles\3sfesygn.default\cookies.txt -> TrackingCookie.247realmedia : Cleaned.
:mozilla.24:C:\Documents and Settings\All\Application Data\Netscape\NSB\Profiles\3sfesygn.default\cookies.txt -> TrackingCookie.247realmedia : Cleaned.
:mozilla.25:C:\Documents and Settings\All\Application Data\Netscape\NSB\Profiles\3sfesygn.default\cookies.txt -> TrackingCookie.247realmedia : Cleaned.
C:\Documents and Settings\All\Cookies\all@247realmedia[1].txt -> TrackingCookie.247realmedia : Cleaned.
C:\Documents and Settings\All\Cookies\all@oasc02.247realmedia[2].txt -> TrackingCookie.247realmedia : Cleaned.
:mozilla.335:C:\Documents and Settings\All\Application Data\Netscape\NSB\Profiles\3sfesygn.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.378:C:\Documents and Settings\All\Application Data\Netscape\NSB\Profiles\3sfesygn.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.416:C:\Documents and Settings\All\Application Data\Netscape\NSB\Profiles\3sfesygn.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.63:C:\Documents and Settings\All\Application Data\Netscape\NSB\Profiles\3sfesygn.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.64:C:\Documents and Settings\All\Application Data\Netscape\NSB\Profiles\3sfesygn.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.65:C:\Documents and Settings\All\Application Data\Netscape\NSB\Profiles\3sfesygn.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.66:C:\Documents and Settings\All\Application Data\Netscape\NSB\Profiles\3sfesygn.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.67:C:\Documents and Settings\All\Application Data\Netscape\NSB\Profiles\3sfesygn.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.68:C:\Documents and Settings\All\Application Data\Netscape\NSB\Profiles\3sfesygn.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.69:C:\Documents and Settings\All\Application Data\Netscape\NSB\Profiles\3sfesygn.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.71:C:\Documents and Settings\All\Application Data\Netscape\NSB\Profiles\3sfesygn.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.72:C:\Documents and Settings\All\Application Data\Netscape\NSB\Profiles\3sfesygn.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.73:C:\Documents and Settings\All\Application Data\Netscape\NSB\Profiles\3sfesygn.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\All\Cookies\all@2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\All\Cookies\all@ford.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\All\Cookies\all@heavycom.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\All\Cookies\all@journalregistercompany.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\All\Cookies\all@leeenterprises.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\All\Cookies\all@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\All\Cookies\all@sento.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\All\Cookies\all@viacomedycentralrldev.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\LocalService\Cookies\all@2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\WINDOWS\Temp\Cookies\all@2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\All\Cookies\all@adbrite[2].txt -> TrackingCookie.Adbrite : Cleaned.
C:\Documents and Settings\All\Cookies\all@rotator.its.adjuggler[1].txt -> TrackingCookie.Adjuggler : Cleaned.
:mozilla.391:C:\Documents and Settings\All\Application Data\Netscape\NSB\Profiles\3sfesygn.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
C:\Documents and Settings\All\Cookies\all@adrevolver[1].txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.49:C:\Documents and Settings\All\Application Data\Netscape\NSB\Profiles\3sfesygn.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.50:C:\Documents and Settings\All\Application Data\Netscape\NSB\Profiles\3sfesygn.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.51:C:\Documents and Settings\All\Application Data\Netscape\NSB\Profiles\3sfesygn.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.52:C:\Documents and Settings\All\Application Data\Netscape\NSB\Profiles\3sfesygn.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.53:C:\Documents and Settings\All\Application Data\Netscape\NSB\Profiles\3sfesygn.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
C:\Documents and Settings\All\Cookies\all@advertising[2].txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.32:C:\Documents and Settings\All\Application Data\Netscape\NSB\Profiles\3sfesygn.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
C:\Documents and Settings\All\Cookies\all@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned.
:mozilla.397:C:\Documents and Settings\All\Application Data\Netscape\NSB\Profiles\3sfesygn.default\cookies.txt -> TrackingCookie.Bfast : Cleaned.
C:\Documents and Settings\All\Cookies\all@bfast[1].txt -> TrackingCookie.Bfast : Cleaned.
:mozilla.109:C:\Documents and Settings\All\Application Data\Netscape\NSB\Profiles\3sfesygn.default\cookies.txt -> TrackingCookie.Bluestreak : Cleaned.
C:\Documents and Settings\All\Cookies\all@bluestreak[1].txt -> TrackingCookie.Bluestreak : Cleaned.
C:\Documents and Settings\All\Cookies\all@citi.bridgetrack[2].txt -> TrackingCookie.Bridgetrack : Cleaned.
:mozilla.279:C:\Documents and Settings\All\Application Data\Netscape\NSB\Profiles\3sfesygn.default\cookies.txt -> TrackingCookie.Burstbeacon : Cleaned.
C:\Documents and Settings\All\Cookies\all@www.burstbeacon[2].txt -> TrackingCookie.Burstbeacon : Cleaned.
:mozilla.278:C:\Documents and Settings\All\Application Data\Netscape\NSB\Profiles\3sfesygn.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
C:\Documents and Settings\All\Cookies\all@burstnet[2].txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.280:C:\Documents and Settings\All\Application Data\Netscape\NSB\Profiles\3sfesygn.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.281:C:\Documents and Settings\All\Application Data\Netscape\NSB\Profiles\3sfesygn.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.282:C:\Documents and Settings\All\Application Data\Netscape\NSB\Profiles\3sfesygn.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
C:\Documents and Settings\All\Cookies\all@casalemedia[1].txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.88:C:\Documents and Settings\All\Application Data\Netscape\NSB\Profiles\3sfesygn.default\cookies.txt -> TrackingCookie.Clickhype : Cleaned.
C:\Documents and Settings\All\Cookies\all@ad1.clickhype[1].txt -> TrackingCookie.Clickhype : Cleaned.
C:\Documents and Settings\All\Cookies\all@ads.cnn[1].txt -> TrackingCookie.Cnn : Cleaned.
:mozilla.355:C:\Documents and Settings\All\Application Data\Netscape\NSB\Profiles\3sfesygn.default\cookies.txt -> TrackingCookie.Com : Cleaned.
C:\Documents and Settings\All\Cookies\all@com[2].txt -> TrackingCookie.Com : Cleaned.
C:\Documents and Settings\All\Cookies\all@cpvfeed[2].txt -> TrackingCookie.Cpvfeed : Cleaned.
:mozilla.30:C:\Documents and Settings\All\Application Data\Netscape\NSB\Profiles\3sfesygn.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.
C:\Documents and Settings\All\Cookies\all@doubleclick[2].txt -> TrackingCookie.Doubleclick : Cleaned.
C:\Documents and Settings\All\Cookies\all@e-2dj6whkoqkazoep.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\All\Cookies\all@e-2dj6wjmyslczsko.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.414:C:\Documents and Settings\All\Application Data\Netscape\NSB\Profiles\3sfesygn.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
C:\Documents and Settings\All\Cookies\all@adopt.euroclick[2].txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.246:C:\Documents and Settings\All\Application Data\Netscape\NSB\Profiles\3sfesygn.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.247:C:\Documents and Settings\All\Application Data\Netscape\NSB\Profiles\3sfesygn.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.248:C:\Documents and Settings\All\Application Data\Netscape\NSB\Profiles\3sfesygn.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.249:C:\Documents and Settings\All\Application Data\Netscape\NSB\Profiles\3sfesygn.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
C:\Documents and Settings\All\Cookies\all@as-eu.falkag[1].txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.184:C:\Documents and Settings\All\Application Data\Netscape\NSB\Profiles\3sfesygn.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.185:C:\Documents and Settings\All\Application Data\Netscape\NSB\Profiles\3sfesygn.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
C:\Documents and Settings\All\Cookies\all@fastclick[2].txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.118:C:\Documents and Settings\All\Application Data\Netscape\NSB\Profiles\3sfesygn.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.119:C:\Documents and Settings\All\Application Data\Netscape\NSB\Profiles\3sfesygn.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.300:C:\Documents and Settings\All\Application Data\Netscape\NSB\Profiles\3sfesygn.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.301:C:\Documents and Settings\All\Application Data\Netscape\NSB\Profiles\3sfesygn.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.381:C:\Documents and Settings\All\Application Data\Netscape\NSB\Profiles\3sfesygn.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.40:C:\Documents and Settings\All\Application Data\Netscape\NSB\Profiles\3sfesygn.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.43:C:\Documents and Settings\All\Application Data\Netscape\NSB\Profiles\3sfesygn.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.44:C:\Documents and Settings\All\Application Data\Netscape\NSB\Profiles\3sfesygn.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.471:C:\Documents and Settings\All\Application Data\Netscape\NSB\Profiles\3sfesygn.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.479:C:\Documents and Settings\All\Application Data\Netscape\NSB\Profiles\3sfesygn.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\All\Cookies\all@ehg-comcast.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\All\Cookies\all@ehg-dig.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\All\Cookies\all@ehg-knightridder.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\All\Cookies\all@ehg-samsungusa.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\All\Cookies\all@ehg-theactivenetwork.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\All\Cookies\all@ehg-webex.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\All\Cookies\all@hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.468:C:\Documents and Settings\All\Application Data\Netscape\NSB\Profiles\3sfesygn.default\cookies.txt -> TrackingCookie.Imrworldwide : Cleaned.
:mozilla.469:C:\Documents and Settings\All\Application Data\Netscape\NSB\Profiles\3sfesygn.default\cookies.txt -> TrackingCookie.Imrworldwide : Cleaned.
C:\Documents and Settings\All\Cookies\all@ads.infinite-ads[2].txt -> TrackingCookie.Infinite-ads : Cleaned.
:mozilla.500:C:\Documents and Settings\All\Application Data\Netscape\NSB\Profiles\3sfesygn.default\cookies.txt -> TrackingCookie.Intelli-direct : Cleaned.
C:\Documents and Settings\All\Cookies\all@intelli-direct[1].txt -> TrackingCookie.Intelli-direct : Cleaned.
:mozilla.95:C:\Documents and Settings\All\Application Data\Netscape\NSB\Profiles\3sfesygn.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.96:C:\Documents and Settings\All\Application Data\Netscape\NSB\Profiles\3sfesygn.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.97:C:\Documents and Settings\All\Application Data\Netscape\NSB\Profiles\3sfesygn.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
C:\Documents and Settings\All\Cookies\all@sales.liveperson[1].txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.102:C:\Documents and Settings\All\Application Data\Netscape\NSB\Profiles\3sfesygn.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned.
C:\Documents and Settings\All\Cookies\all@mediaplex[2].txt -> TrackingCookie.Mediaplex : Cleaned.
C:\Documents and Settings\All\Cookies\all@search.msn[1].txt -> TrackingCookie.Msn : Cleaned.
:mozilla.293:C:\Documents and Settings\All\Application Data\Netscape\NSB\Profiles\3sfesygn.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
C:\Documents and Settings\All\Cookies\all@overture[1].txt -> TrackingCookie.Overture : Cleaned.
C:\Documents and Settings\All\Cookies\all@perf.overture[2].txt -> TrackingCookie.Overture : Cleaned.
:mozilla.401:C:\Documents and Settings\All\Application Data\Netscape\NSB\Profiles\3sfesygn.default\cookies.txt -> TrackingCookie.Paypal : Cleaned.
C:\Documents and Settings\All\Cookies\all@www.paypal[1].txt -> TrackingCookie.Paypal : Cleaned.
:mozilla.186:C:\Documents and Settings\All\Application Data\Netscape\NSB\Profiles\3sfesygn.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.187:C:\Documents and Settings\All\Application Data\Netscape\NSB\Profiles\3sfesygn.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.188:C:\Documents and Settings\All\Application Data\Netscape\NSB\Profiles\3sfesygn.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.189:C:\Documents and Settings\All\Application Data\Netscape\NSB\Profiles\3sfesygn.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
C:\Documents and Settings\All\Cookies\all@ads.pointroll[1].txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.182:C:\Documents and Settings\All\Application Data\Netscape\NSB\Profiles\3sfesygn.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.183:C:\Documents and Settings\All\Application Data\Netscape\NSB\Profiles\3sfesygn.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
C:\Documents and Settings\All\Cookies\all@questionmarket[1].txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.276:C:\Documents and Settings\All\Application Data\Netscape\NSB\Profiles\3sfesygn.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.277:C:\Documents and Settings\All\Application Data\Netscape\NSB\Profiles\3sfesygn.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
C:\Documents and Settings\All\Cookies\all@realmedia[2].txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.489:C:\Documents and Settings\All\Application Data\Netscape\NSB\Profiles\3sfesygn.default\cookies.txt -> TrackingCookie.Realtracker : Cleaned.
C:\Documents and Settings\All\Cookies\all@web4.realtracker[2].txt -> TrackingCookie.Realtracker : Cleaned.
C:\Documents and Settings\All\Cookies\all@stats1.reliablestats[2].txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.31:C:\Documents and Settings\All\Application Data\Netscape\NSB\Profiles\3sfesygn.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.33:C:\Documents and Settings\All\Application Data\Netscape\NSB\Profiles\3sfesygn.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.34:C:\Documents and Settings\All\Application Data\Netscape\NSB\Profiles\3sfesygn.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.35:C:\Documents and Settings\All\Application Data\Netscape\NSB\Profiles\3sfesygn.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.36:C:\Documents and Settings\All\Application Data\Netscape\NSB\Profiles\3sfesygn.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.37:C:\Documents and Settings\All\Application Data\Netscape\NSB\Profiles\3sfesygn.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.38:C:\Documents and Settings\All\Application Data\Netscape\NSB\Profiles\3sfesygn.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.39:C:\Documents and Settings\All\Application Data\Netscape\NSB\Profiles\3sfesygn.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
C:\Documents and Settings\All\Cookies\all@revsci[1].txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.407:C:\Documents and Settings\All\Application Data\Netscape\NSB\Profiles\3sfesygn.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
C:\Documents and Settings\All\Cookies\all@edge.ru4[1].txt -> TrackingCookie.Ru4 : Cleaned.
C:\Documents and Settings\All\Cookies\all@bs.serving-sys[2].txt -> TrackingCookie.Serving-sys : Cleaned.
C:\Documents and Settings\All\Cookies\all@serving-sys[2].txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.158:C:\Documents and Settings\All\Application Data\Netscape\NSB\Profiles\3sfesygn.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.159:C:\Documents and Settings\All\Application Data\Netscape\NSB\Profiles\3sfesygn.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.160:C:\Documents and Settings\All\Application Data\Netscape\NSB\Profiles\3sfesygn.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.161:C:\Documents and Settings\All\Application Data\Netscape\NSB\Profiles\3sfesygn.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.165:C:\Documents and Settings\All\Application Data\Netscape\NSB\Profiles\3sfesygn.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.166:C:\Documents and Settings\All\Application Data\Netscape\NSB\Profiles\3sfesygn.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.167:C:\Documents and Settings\All\Application Data\Netscape\NSB\Profiles\3sfesygn.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
C:\Documents and Settings\All\Cookies\all@adopt.specificclick[2].txt -> TrackingCookie.Specificclick : Cleaned.
C:\Documents and Settings\All\Cookies\all@specificclick[2].txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.209:C:\Documents and Settings\All\Application Data\Netscape\NSB\Profiles\3sfesygn.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.210:C:\Documents and Settings\All\Application Data\Netscape\NSB\Profiles\3sfesygn.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.211:C:\Documents and Settings\All\Application Data\Netscape\NSB\Profiles\3sfesygn.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
C:\Documents and Settings\All\Cookies\all@statcounter[1].txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.306:C:\Documents and Settings\All\Application Data\Netscape\NSB\Profiles\3sfesygn.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.54:C:\Documents and Settings\All\Application Data\Netscape\NSB\Profiles\3sfesygn.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.55:C:\Documents and Settings\All\Application Data\Netscape\NSB\Profiles\3sfesygn.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.56:C:\Documents and Settings\All\Application Data\Netscape\NSB\Profiles\3sfesygn.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.57:C:\Documents and Settings\All\Application Data\Netscape\NSB\Profiles\3sfesygn.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.58:C:\Documents and Settings\All\Application Data\Netscape\NSB\Profiles\3sfesygn.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
C:\Documents and Settings\All\Cookies\all@anad.tacoda[2].txt -> TrackingCookie.Tacoda : Cleaned.
C:\Documents and Settings\All\Cookies\all@anat.tacoda[1].txt -> TrackingCookie.Tacoda : Cleaned.
C:\Documents and Settings\All\Cookies\all@tacoda[1].txt -> TrackingCookie.Tacoda : Cleaned.
C:\Documents and Settings\All\Cookies\all@login.tracking101[1].txt -> TrackingCookie.Tracking101 : Cleaned.
:mozilla.488:C:\Documents and Settings\All\Application Data\Netscape\NSB\Profiles\3sfesygn.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned.
C:\Documents and Settings\All\Cookies\all@tradedoubler[2].txt -> TrackingCookie.Tradedoubler : Cleaned.
:mozilla.269:C:\Documents and Settings\All\Application Data\Netscape\NSB\Profiles\3sfesygn.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.270:C:\Documents and Settings\All\Application Data\Netscape\NSB\Profiles\3sfesygn.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.271:C:\Documents and Settings\All\Application Data\Netscape\NSB\Profiles\3sfesygn.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.272:C:\Documents and Settings\All\Application Data\Netscape\NSB\Profiles\3sfesygn.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.273:C:\Documents and Settings\All\Application Data\Netscape\NSB\Profiles\3sfesygn.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.274:C:\Documents and Settings\All\Application Data\Netscape\NSB\Profiles\3sfesygn.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.275:C:\Documents and Settings\All\Application Data\Netscape\NSB\Profiles\3sfesygn.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
C:\Documents and Settings\All\Cookies\all@trafficmp[2].txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.111:C:\Documents and Settings\All\Application Data\Netscape\NSB\Profiles\3sfesygn.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
C:\Documents and Settings\All\Cookies\all@tribalfusion[2].txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.339:C:\Documents and Settings\All\Application Data\Netscape\NSB\Profiles\3sfesygn.default\cookies.txt -> TrackingCookie.Webtrends : Cleaned.
C:\Documents and Settings\All\Cookies\all@m.webtrends[1].txt -> TrackingCookie.Webtrends : Cleaned.
:mozilla.108:C:\Documents and Settings\All\Application Data\Netscape\NSB\Profiles\3sfesygn.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned.
C:\Documents and Settings\All\Cookies\all@statse.webtrendslive[1].txt -> TrackingCookie.Webtrendslive : Cleaned.
:mozilla.237:C:\Documents and Settings\All\Application Data\Netscape\NSB\Profiles\3sfesygn.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.238:C:\Documents and Settings\All\Application Data\Netscape\NSB\Profiles\3sfesygn.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.239:C:\Documents and Settings\All\Application Data\Netscape\NSB\Profiles\3sfesygn.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
C:\Documents and Settings\All\Cookies\all@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.366:C:\Documents and Settings\All\Application Data\Netscape\NSB\Profiles\3sfesygn.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.367:C:\Documents and Settings\All\Application Data\Netscape\NSB\Profiles\3sfesygn.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
C:\Documents and Settings\All\Cookies\all@zedo[1].txt -> TrackingCookie.Zedo : Cleaned.
C:\Program Files\BroadJump\Client Foundation\CFD.exe -> Trojan.Agent : Cleaned.
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe -> Trojan.Agent : Cleaned.
C:\Program Files\McAfee.com\Agent\mcagent.exe -> Trojan.Agent : Cleaned.
C:\Program Files\McAfee.com\Agent\mcupdate.exe -> Trojan.Agent : Cleaned.
C:\Program Files\McAfee.com\VSO\mcmnhdlr.exe -> Trojan.Agent : Cleaned.
C:\Program Files\McAfee.com\VSO\mcvsshld.exe -> Trojan.Agent : Cleaned.
C:\Program Files\McAfee.com\VSO\oasclnt.exe -> Trojan.Agent : Cleaned.
C:\Program Files\REGSHAVE\REGSHAVE.EXE -> Trojan.Agent : Cleaned.
C:\Program Files\Support.com\bin\tgkill.exe -> Trojan.Agent : Cleaned.
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe -> Trojan.Agent : Cleaned.
C:\WINDOWS\system32\wintit.exe -> Trojan.Small : Cleaned.


::Report end

#10 Rawe

Rawe

  • Members
  • 2,363 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:04:37 AM

Posted 17 April 2007 - 01:29 PM

Looks like some extrawork to be done :thumbsup:

You have a downloader trojan called Downloader.Agent.awf or Downloader.Agent.ayy. This trojan replaces legitimate files that are common on most computers with an infected file. It then moves the legitimate file to a "bak" or backup folder. Please do the following ....

Download FindAWF.exe and save it to your desktop.
  • Double-click on the FindAWF.exe file to run it.
  • It will open a command prompt and ask you to "Press any key to continue".
  • Press any key and the FindAWF tool will begin scanning your computer for the infected AWF files and the backups the trojan created.
  • It may take a few minutes to complete so be patient.
  • When it is complete, it will open a text file in notepad called AWF.txt which will automatically be saved to your desktop or whatever location you ran the file from.
  • Please copy and paste the contents of the AWF.txt here.

Hi there, stranger!

#11 Scottman

Scottman
  • Topic Starter

  • Members
  • 57 posts
  • OFFLINE
  •  
  • Local time:09:37 PM

Posted 17 April 2007 - 02:10 PM

OK...let's rock and roll! Here's the findawf file


Find AWF report by noahdfear 2006


bak folders found
~~~~~~~~~~~


Directory of C:\PROGRA~1\AIM6\BAK

11/07/2006 10:29 AM 50,736 aim6.exe
1 File(s) 50,736 bytes

Directory of C:\PROGRA~1\ITUNES\BAK

02/23/2006 02:45 PM 278,528 iTunesHelper.exe
1 File(s) 278,528 bytes

Directory of C:\PROGRA~1\LEXMAR~1\BAK

12/16/2002 06:10 AM 86,102 lxbabmgr.exe
1 File(s) 86,102 bytes

Directory of C:\PROGRA~1\MESSEN~1\BAK

0 File(s) 0 bytes

Directory of C:\PROGRA~1\QUICKT~1\BAK

07/10/2006 12:34 PM 155,648 qttask.exe
1 File(s) 155,648 bytes

Directory of C:\PROGRA~1\REGSHAVE\BAK

02/04/2002 09:32 PM 53,248 REGSHAVE.EXE
1 File(s) 53,248 bytes

Directory of C:\PROGRA~1\BROADJ~1\CLIENT~1\BAK

12/17/2001 10:18 AM 483,394 CFD.exe
1 File(s) 483,394 bytes

Directory of C:\PROGRA~1\HP\HPSOFT~1\BAK

02/19/2006 02:41 AM 49,152 HPWuSchd2.exe
1 File(s) 49,152 bytes

Directory of C:\PROGRA~1\MCAFEE.COM\AGENT\BAK

09/22/2005 06:29 PM 303,104 mcagent.exe
01/11/2006 12:05 PM 212,992 mcupdate.exe
2 File(s) 516,096 bytes

Directory of C:\PROGRA~1\MCAFEE.COM\VSO\BAK

07/08/2005 06:18 PM 151,552 mcmnhdlr.exe
08/10/2005 12:49 PM 163,840 mcvsshld.exe
08/11/2005 10:02 PM 53,248 oasclnt.exe
3 File(s) 368,640 bytes

Directory of C:\PROGRA~1\SUPPORT.COM\BIN\BAK

11/21/2001 12:49 AM 57,344 tgkill.exe
1 File(s) 57,344 bytes

Directory of C:\PROGRA~1\VIEWPO~1\VIEWPO~2\BAK

11/10/2004 11:15 PM 111,816 ViewMgr.exe
1 File(s) 111,816 bytes

Directory of C:\PROGRA~1\ADOBE\PHOTOS~1\3.0\APPS\BAK

06/06/2005 10:46 PM 57,344 apdproxy.exe
1 File(s) 57,344 bytes

Directory of C:\QOOBOX\PURITY\PROGRA~1\COMMON~1\FNTS~1\BAK

0 File(s) 0 bytes


Duplicate files of bak directory contents
~~~~~~~~~~~~~~~~~~~~~~~

50736 Nov 7 2006 "C:\Program Files\AIM6\aim6.exe"
50736 Nov 7 2006 "C:\Program Files\AIM6\bak\aim6.exe"
278528 Feb 23 2006 "C:\Program Files\iTunes\bak\iTunesHelper.exe"
86102 Dec 16 2002 "C:\Program Files\Lexmark X5100 Series\bak\lxbabmgr.exe"
155648 Jul 10 2006 "C:\Program Files\QuickTime\bak\qttask.exe"
53248 Feb 4 2002 "C:\Program Files\REGSHAVE\bak\REGSHAVE.EXE"
483394 Dec 17 2001 "C:\Program Files\BroadJump\Client Foundation\bak\CFD.exe"
49152 Feb 19 2006 "C:\Program Files\HP\HP Software Update\bak\HPWuSchd2.exe"
303104 Sep 22 2005 "C:\Program Files\McAfee.com\Agent\bak\mcagent.exe"
212992 Jan 11 2006 "C:\Program Files\McAfee.com\Agent\bak\mcupdate.exe"
151552 Jul 8 2005 "C:\Program Files\McAfee.com\VSO\bak\mcmnhdlr.exe"
163840 Aug 10 2005 "C:\Program Files\McAfee.com\VSO\bak\mcvsshld.exe"
53248 Aug 11 2005 "C:\Program Files\McAfee.com\VSO\bak\oasclnt.exe"
57344 Nov 21 2001 "C:\Program Files\Support.com\bin\bak\tgkill.exe"
111816 Nov 10 2004 "C:\Program Files\Viewpoint\Viewpoint Manager\bak\ViewMgr.exe"
57344 Jun 6 2005 "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\bak\apdproxy.exe"


end of report

#12 Rawe

Rawe

  • Members
  • 2,363 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:04:37 AM

Posted 18 April 2007 - 06:28 AM

Lets continue :flowers:

Please print these instructions out, or save them to a notepad file, for easier reference during the fix.

First, please navigate to, and uninstall the following application through Control Panel -> Add/Remove Programs list:

Viewpoint
Viewpoint Manager
(not sure which one is it's name)

==

Next, please copy the following text in the quotebox below to a blank notepad file. Make sure the filetype is set to "All Files" and save it as Move.bat to your desktop.

@echo off

If exist "C:\Program Files\AIM6\bak\aim6.exe" del /q C:\Program Files\AIM6\aim6.exe copy "C:\Program Files\AIM6\bak\aim6.exe" "C:\Program Files\AIM6"

If exist "C:\Program Files\iTunes\bak\iTunesHelper.exe" del /q C:\Program Files\iTunes\iTunesHelper.exe copy "C:\Program Files\iTunes\bak\iTunesHelper.exe" "C:\Program Files\iTunes"

If exist "C:\Program Files\McAfee.com\Agent\bak\mcagent.exe" del /q C:\Program Files\McAfee.com\Agent\mcagent.exe copy "C:\Program Files\McAfee.com\Agent\bak\mcagent.exe" "C:\Program Files\McAfee.com\Agent"

If exist "C:\Program Files\McAfee.com\Agent\bak\mcupdate.exe" del /q C:\Program Files\McAfee.com\Agent\mcupdate.exe copy "C:\Program Files\McAfee.com\Agent\bak\mcupdate.exe" "C:\Program Files\McAfee.com\Agent"

If exist "C:\Program Files\McAfee.com\VSO\bak\mcmnhdlr.exe" del /q C:\Program Files\McAfee.com\VSO\mcmnhdlr.exe copy "C:\Program Files\McAfee.com\VSO\bak\mcmnhdlr.exe" "C:\Program Files\McAfee.com\VSO"

If exist "C:\Program Files\McAfee.com\VSO\bak\mcvsshld.exe" del /q C:\Program Files\McAfee.com\VSO\mcvsshld.exe copy "C:\Program Files\McAfee.com\VSO\bak\mcvsshld.exe" "C:\Program Files\McAfee.com\VSO"

If exist "C:\Program Files\McAfee.com\VSO\bak\oasclnt.exe" del /q C:\Program Files\McAfee.com\VSO\oasclnt.exe copy "C:\Program Files\McAfee.com\VSO\bak\oasclnt.exe" "C:\Program Files\McAfee.com\VSO"

If exist "C:\Program Files\Support.com\bin\bak\tgkill.exe" del /q C:\Program Files\Support.com\bin\tgkill.exe copy "C:\Program Files\Support.com\bin\bak\tgkill.exe" "C:\Program Files\Support.com\bin"

If exist "C:\Program Files\QuickTime\bak\qttask.exe" del /q C:\Program Files\QuickTime\qttask.exe copy "C:\Program Files\QuickTime\bak\qttask.exe" "C:\Program Files\QuickTime"

If exist "C:\Program Files\Lexmark X5100 Series\bak\lxbabmgr.exe" del /q C:\Program Files\Lexmark X5100 Series\lxbabmgr.exe copy "C:\Program Files\Lexmark X5100 Series\bak\lxbabmgr.exe" "C:\Program Files\Lexmark X5100 Series"

If exist "C:\Program Files\REGSHAVE\bak\REGSHAVE.EXE" del /q C:\Program Files\REGSHAVE\REGSHAVE.EXE copy "C:\Program Files\REGSHAVE\bak\REGSHAVE.EXE" "C:\Program Files\REGSHAVE"

If exist "C:\Program Files\BroadJump\Client Foundation\bak\CFD.exe" del /q C:\Program Files\BroadJump\Client Foundation\CFD.exe copy "C:\Program Files\BroadJump\Client Foundation\bak\CFD.exe" "C:\Program Files\BroadJump\Client Foundation"

If exist "C:\Program Files\HP\HP Software Update\bak\HPWuSchd2.exe" del /q C:\Program Files\HP\HP Software Update\HPWuSchd2.exe copy "C:\Program Files\HP\HP Software Update\bak\HPWuSchd2.exe" "C:\Program Files\HP\HP Software Update"

If exist "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\bak\apdproxy.exe" del /q C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe copy "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\bak\apdproxy.exe" "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps"


Next, please reboot your computer in Safe Mode by doing the following:
1) Restart your computer
2) After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
3) Instead of Windows loading as normal, a menu should appear
4) Select the first option, to run Windows in Safe Mode.
5) Choose your usual account.


Once in Safe Mode, please double-click the Move.bat file on your desktop. A window should open and close, this is normal.

Reboot back into Normal Windows.

====

Finally

Please go HERE to run Panda's ActiveScan
  • Once you are on the Panda site click the Scan your PC button
  • A new window will open...click the Check Now button
  • Enter your Country
  • Enter your State/Province
  • Enter your e-mail address and click send
  • Select either Home User or Company
  • Click the big Scan Now button
  • If it wants to install an ActiveX component allow it
  • It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
  • When download is complete, click on My Computer to start the scan
  • When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location. Post the contents of the ActiveScan report. :thumbsup:

Hi there, stranger!

#13 Scottman

Scottman
  • Topic Starter

  • Members
  • 57 posts
  • OFFLINE
  •  
  • Local time:09:37 PM

Posted 02 May 2007 - 05:13 AM

Rawe

Sorry for the dealy..been out of town and very busy.

Here's the panda report:


Incident Status Location

Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\All\Application Data\Netscape\NSB\Profiles\3sfesygn.default\cookies.txt[.doubleclick.net/]
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\All\Application Data\Netscape\NSB\Profiles\3sfesygn.default\cookies.txt[.247realmedia.com/]
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\All\Application Data\Netscape\NSB\Profiles\3sfesygn.default\cookies.txt[.atdmt.com/]
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\All\Application Data\Netscape\NSB\Profiles\3sfesygn.default\cookies.txt[.mediaplex.com/]
Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\All\Application Data\Netscape\NSB\Profiles\3sfesygn.default\cookies.txt[.trafficmp.com/]
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\All\Application Data\Netscape\NSB\Profiles\3sfesygn.default\cookies.txt[ad.yieldmanager.com/]
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\All\Application Data\Netscape\NSB\Profiles\3sfesygn.default\cookies.txt[.advertising.com/]
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\All\Application Data\Netscape\NSB\Profiles\3sfesygn.default\cookies.txt[.fastclick.net/]
Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\All\Application Data\Netscape\NSB\Profiles\3sfesygn.default\cookies.txt[.casalemedia.com/]
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\All\Application Data\Netscape\NSB\Profiles\3sfesygn.default\cookies.txt[.zedo.com/]
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\All\Application Data\Netscape\NSB\Profiles\3sfesygn.default\cookies.txt[.atwola.com/]
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\All\Application Data\Netscape\NSB\Profiles\3sfesygn.default\cookies.txt[.2o7.net/]
Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\All\Application Data\Netscape\NSB\Profiles\3sfesygn.default\cookies.txt[.ehg-dig.hitbox.com/]
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\All\Application Data\Netscape\NSB\Profiles\3sfesygn.default\cookies.txt[.go.com/]
Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\All\Application Data\Netscape\NSB\Profiles\3sfesygn.default\cookies.txt[.hitbox.com/]
Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\All\Application Data\Netscape\NSB\Profiles\3sfesygn.default\cookies.txt[.ads.pointroll.com/]
Spyware:Cookie/WebtrendsLive Not disinfected C:\Documents and Settings\All\Application Data\Netscape\NSB\Profiles\3sfesygn.default\cookies.txt[statse.webtrendslive.com/]
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\All\Application Data\Netscape\NSB\Profiles\3sfesygn.default\cookies.txt[.tribalfusion.com/]
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\All\Application Data\Netscape\NSB\Profiles\3sfesygn.default\cookies.txt[.realmedia.com/]
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\All\Application Data\Netscape\NSB\Profiles\3sfesygn.default\cookies.txt[.questionmarket.com/]
Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\All\Application Data\Netscape\NSB\Profiles\3sfesygn.default\cookies.txt[.statcounter.com/]
Spyware:Cookie/BurstNet Not disinfected C:\Documents and Settings\All\Application Data\Netscape\NSB\Profiles\3sfesygn.default\cookies.txt[.burstnet.com/]
Spyware:Cookie/BurstBeacon Not disinfected C:\Documents and Settings\All\Application Data\Netscape\NSB\Profiles\3sfesygn.default\cookies.txt[www.burstbeacon.com/]
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\All\Application Data\Netscape\NSB\Profiles\3sfesygn.default\cookies.txt[.perf.overture.com/]
Spyware:Cookie/NewMedia Not disinfected C:\Documents and Settings\All\Application Data\Netscape\NSB\Profiles\3sfesygn.default\cookies.txt[.anm.co.uk/]
Spyware:Cookie/Screensavers Not disinfected C:\Documents and Settings\All\Application Data\Netscape\NSB\Profiles\3sfesygn.default\cookies.txt[.i.screensavers.com/]
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\All\Cookies\all@247realmedia[1].txt
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\All\Cookies\all@2o7[1].txt
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\All\Cookies\all@ad.yieldmanager[2].txt
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\All\Cookies\all@adrevolver[1].txt
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\All\Cookies\all@adrevolver[3].txt
Spyware:Cookie/AdDynamix Not disinfected C:\Documents and Settings\All\Cookies\all@ads.addynamix[2].txt
Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\All\Cookies\all@ads.pointroll[1].txt
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\All\Cookies\all@advertising[2].txt
Spyware:Cookie/NewMedia Not disinfected C:\Documents and Settings\All\Cookies\all@anm.co[1].txt
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\All\Cookies\all@atdmt[2].txt
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\All\Cookies\all@atwola[2].txt
Spyware:Cookie/Azjmp Not disinfected C:\Documents and Settings\All\Cookies\all@azjmp[2].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\All\Cookies\all@belnk[1].txt
Spyware:Cookie/Bluestreak Not disinfected C:\Documents and Settings\All\Cookies\all@bluestreak[2].txt
Spyware:Cookie/bravenetA Not disinfected C:\Documents and Settings\All\Cookies\all@bravenet[1].txt
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\All\Cookies\all@bs.serving-sys[2].txt
Spyware:Cookie/BurstNet Not disinfected C:\Documents and Settings\All\Cookies\all@burstnet[1].txt
Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\All\Cookies\all@casalemedia[2].txt
Spyware:Cookie/Bridgetrack Not disinfected C:\Documents and Settings\All\Cookies\all@citi.bridgetrack[2].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\All\Cookies\all@dist.belnk[2].txt
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\All\Cookies\all@doubleclick[2].txt
Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\All\Cookies\all@ehg-dig.hitbox[1].txt
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\All\Cookies\all@fastclick[2].txt
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\All\Cookies\all@go[1].txt
Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\All\Cookies\all@hitbox[2].txt
Spyware:Cookie/Screensavers Not disinfected C:\Documents and Settings\All\Cookies\all@i.screensavers[2].txt
Spyware:Cookie/Malwarewipe Not disinfected C:\Documents and Settings\All\Cookies\all@malwarewiped[2].txt
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\All\Cookies\all@mediaplex[2].txt
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\All\Cookies\all@overture[2].txt
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\All\Cookies\all@perf.overture[1].txt
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\All\Cookies\all@questionmarket[1].txt
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\All\Cookies\all@realmedia[2].txt
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\All\Cookies\all@serving-sys[1].txt
Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\All\Cookies\all@statcounter[2].txt
Spyware:Cookie/WebtrendsLive Not disinfected C:\Documents and Settings\All\Cookies\all@statse.webtrendslive[1].txt
Spyware:Cookie/Tradedoubler Not disinfected C:\Documents and Settings\All\Cookies\all@tradedoubler[1].txt
Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\All\Cookies\all@trafficmp[1].txt
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\All\Cookies\all@tribalfusion[2].txt
Spyware:Cookie/BurstBeacon Not disinfected C:\Documents and Settings\All\Cookies\all@www.burstbeacon[1].txt
Spyware:Cookie/Systemdoctor Not disinfected C:\Documents and Settings\All\Cookies\all@www.systemdoctor[2].txt
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\All\Cookies\all@zedo[2].txt
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\All\Desktop\SmitfraudFix\Process.exe
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\All\SmitfraudFix\Process.exe
Adware:Adware/YazzleSudoku Not disinfected C:\Program Files\Common Files\Yazzle1122OinUninstaller.exe
Potentially unwanted tool:Application/Processor Not disinfected C:\WINDOWS\system32\Process.exe

Hijack This

Logfile of HijackThis v1.99.1
Scan saved at 6:10:18 AM, on 5/2/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\AIM6\aim6.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\FinePixViewer\QuickDCF.exe
C:\Program Files\EZ-DUB\EZ-DUB.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\PROGRA~1\NETSCAPE\NETSCA~1\NETSCAPE.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Comcast
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 3.1\aoltb.dll
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [ComcastSUPPORT] C:\Program Files\Support.com\bin\tgkill.exe /cleaneahtioga /start
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Exif Launcher.lnk = C:\Program Files\FinePixViewer\QuickDCF.exe
O4 - Global Startup: EZ-DUB Finder.lnk = C:\Program Files\EZ-DUB\EZ-DUB.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 3.1\resources\en-US\local\search.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_03\bin\npjpi150_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_03\bin\npjpi150_03.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 3.1\aoltb.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Help - {97E7818A-29C2-441E-857C-EBA970D7B5D2} - http://www.comcast.net/memberservices/ (file missing) (HKCU)
O9 - Extra button: Support - {D34637AF-8024-434D-A488-4BC633950521} - http://www.comcastsupport.com (file missing) (HKCU)
O9 - Extra button: ComcastHSI - {DD9FC0CA-BFEF-496F-AB22-C995E60BA7D5} - http://www.comcast.net (file missing) (HKCU)
O14 - IERESET.INF: START_PAGE_URL=http://www.comcast.net
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/m...01/mcinsctl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by105fd.bay105.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1162659590343
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/m...,26/mcgdmgr.cab
O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} (Persits Software XUpload) - http://www.leaguelineup.com/XUpload.ocx
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Lavasoft\PERSON~1\wl_hook.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

Scottman!



Thanks for any additional help!

#14 Rawe

Rawe

  • Members
  • 2,363 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:04:37 AM

Posted 03 May 2007 - 04:34 PM

I apologize for the delay :thumbsup:

Delete the following file:

C:\Program Files\Common Files\Yazzle1122OinUninstaller.exe

Empty recycle bin.

Please rerun FindAWF tool, exactly like the first time. Hows the system running now?
Hi there, stranger!

#15 Scottman

Scottman
  • Topic Starter

  • Members
  • 57 posts
  • OFFLINE
  •  
  • Local time:09:37 PM

Posted 03 May 2007 - 07:31 PM

Rawe

I was not able to locate C:\Program Files\Common Files\Yazzle1122OinUninstaller.exe...but I went and reran the FindABF...here's the file


Find AWF report by noahdfear 2006


bak folders found
~~~~~~~~~~~


Directory of C:\PROGRA~1\AIM6\BAK

11/07/2006 10:29 AM 50,736 aim6.exe
1 File(s) 50,736 bytes

Directory of C:\PROGRA~1\ITUNES\BAK

02/23/2006 02:45 PM 278,528 iTunesHelper.exe
1 File(s) 278,528 bytes

Directory of C:\PROGRA~1\LEXMAR~1\BAK

12/16/2002 06:10 AM 86,102 lxbabmgr.exe
1 File(s) 86,102 bytes

Directory of C:\PROGRA~1\MESSEN~1\BAK

0 File(s) 0 bytes

Directory of C:\PROGRA~1\QUICKT~1\BAK

07/10/2006 12:34 PM 155,648 qttask.exe
1 File(s) 155,648 bytes

Directory of C:\PROGRA~1\REGSHAVE\BAK

02/04/2002 09:32 PM 53,248 REGSHAVE.EXE
1 File(s) 53,248 bytes

Directory of C:\PROGRA~1\BROADJ~1\CLIENT~1\BAK

12/17/2001 10:18 AM 483,394 CFD.exe
1 File(s) 483,394 bytes

Directory of C:\PROGRA~1\HP\HPSOFT~1\BAK

02/19/2006 02:41 AM 49,152 HPWuSchd2.exe
1 File(s) 49,152 bytes

Directory of C:\PROGRA~1\MCAFEE.COM\AGENT\BAK

09/22/2005 06:29 PM 303,104 mcagent.exe
01/11/2006 12:05 PM 212,992 mcupdate.exe
2 File(s) 516,096 bytes

Directory of C:\PROGRA~1\MCAFEE.COM\VSO\BAK

07/08/2005 06:18 PM 151,552 mcmnhdlr.exe
08/10/2005 12:49 PM 163,840 mcvsshld.exe
08/11/2005 10:02 PM 53,248 oasclnt.exe
3 File(s) 368,640 bytes

Directory of C:\PROGRA~1\SUPPORT.COM\BIN\BAK

11/21/2001 12:49 AM 57,344 tgkill.exe
1 File(s) 57,344 bytes

Directory of C:\PROGRA~1\ADOBE\PHOTOS~1\3.0\APPS\BAK

06/06/2005 10:46 PM 57,344 apdproxy.exe
1 File(s) 57,344 bytes

Directory of C:\QOOBOX\PURITY\PROGRA~1\COMMON~1\FNTS~1\BAK

0 File(s) 0 bytes


Duplicate files of bak directory contents
~~~~~~~~~~~~~~~~~~~~~~~

50736 Nov 7 2006 "C:\Program Files\AIM6\aim6.exe"
50736 Nov 7 2006 "C:\Program Files\AIM6\bak\aim6.exe"
278528 Feb 23 2006 "C:\Program Files\iTunes\bak\iTunesHelper.exe"
86102 Dec 16 2002 "C:\Program Files\Lexmark X5100 Series\bak\lxbabmgr.exe"
155648 Jul 10 2006 "C:\Program Files\QuickTime\bak\qttask.exe"
53248 Feb 4 2002 "C:\Program Files\REGSHAVE\bak\REGSHAVE.EXE"
483394 Dec 17 2001 "C:\Program Files\BroadJump\Client Foundation\bak\CFD.exe"
49152 Feb 19 2006 "C:\Program Files\HP\HP Software Update\bak\HPWuSchd2.exe"
303104 Sep 22 2005 "C:\Program Files\McAfee.com\Agent\bak\mcagent.exe"
212992 Jan 11 2006 "C:\Program Files\McAfee.com\Agent\bak\mcupdate.exe"
151552 Jul 8 2005 "C:\Program Files\McAfee.com\VSO\bak\mcmnhdlr.exe"
163840 Aug 10 2005 "C:\Program Files\McAfee.com\VSO\bak\mcvsshld.exe"
53248 Aug 11 2005 "C:\Program Files\McAfee.com\VSO\bak\oasclnt.exe"
57344 Nov 21 2001 "C:\Program Files\Support.com\bin\bak\tgkill.exe"
57344 Jun 6 2005 "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\bak\apdproxy.exe"


end of report


Thanks for your continued help!

Scottman




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users