Need W32.Myzor.FK@yf Help

Discussion in 'Windows - Virus and spyware problems' started by Proph3t, May 25, 2006.

  1. heakra

    heakra Member

    Joined:
    Jun 2, 2006
    Messages:
    5
    Likes Received:
    0
    Trophy Points:
    11
    Here are the logs you requested. Thanks for the help. We appreciated the time you have taken to help us. It seems to have worked wonderfully!



    ---------------------------------------------------------
    ewido anti-malware - Scan report
    ---------------------------------------------------------

    + Created on: 10:08:06 PM, 6/5/2006
    + Report-Checksum: 346E684C

    + Scan result:

    HKLM\SOFTWARE\Classes\PROTOCOLS\Name-Space Handler\res -> Adware.WebSearch : Cleaned with backup
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\AUI -> Adware.WebSearch : Cleaned with backup
    C:\Documents and Settings\Heather Kramer\Cookies\heather kramer@112.2o7[2].txt -> TrackingCookie.2o7 : Cleaned with backup
    C:\Documents and Settings\Heather Kramer\Cookies\heather kramer@com[1].txt -> TrackingCookie.Com : Cleaned with backup
    C:\Documents and Settings\Heather Kramer\Cookies\heather kramer@adopt.euroclick[1].txt -> TrackingCookie.Euroclick : Cleaned with backup
    C:\Documents and Settings\Heather Kramer\Cookies\heather kramer@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
    C:\Documents and Settings\Heather Kramer\Cookies\heather kramer@northwestairlines.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
    C:\Documents and Settings\Heather Kramer\Cookies\heather kramer@www.burstbeacon[2].txt -> TrackingCookie.Burstbeacon : Cleaned with backup
    C:\Documents and Settings\Heather Kramer\Cookies\heather kramer@com[3].txt -> TrackingCookie.Com : Cleaned with backup
    C:\Documents and Settings\Heather Kramer\Cookies\heather kramer@oewabox[1].txt -> TrackingCookie.Oewabox : Cleaned with backup
    C:\Documents and Settings\Heather Kramer\Cookies\heather kramer@specificpop[1].txt -> TrackingCookie.Specificpop : Cleaned with backup
    C:\Documents and Settings\Heather Kramer\Cookies\heather kramer@112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
    C:\Documents and Settings\Heather Kramer\Cookies\heather kramer@www2.enigmasoftwaregroup[1].txt -> TrackingCookie.Enigmasoftwaregroup : Cleaned with backup
    C:\Documents and Settings\Heather Kramer\Cookies\heather kramer@stats1.reliablestats[2].txt -> TrackingCookie.Reliablestats : Cleaned with backup
    C:\Documents and Settings\Heather Kramer\Cookies\heather kramer@thunderbolt.adjuggler[1].txt -> TrackingCookie.Adjuggler : Cleaned with backup
    C:\Documents and Settings\Heather Kramer\Cookies\heather kramer@gettyimages.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
    C:\Documents and Settings\Heather Kramer\Cookies\heather kramer@sales.liveperson[1].txt -> TrackingCookie.Liveperson : Cleaned with backup
    C:\Documents and Settings\Heather Kramer\Cookies\heather kramer@www.burstbeacon[1].txt -> TrackingCookie.Burstbeacon : Cleaned with backup
    C:\Documents and Settings\Heather Kramer\Cookies\heather kramer@casalemedia[1].txt -> TrackingCookie.Casalemedia : Cleaned with backup
    C:\Documents and Settings\Heather Kramer\Cookies\heather kramer@e-2dj6wgk4shajefq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
    C:\Documents and Settings\Heather Kramer\Cookies\heather kramer@sales.liveperson[3].txt -> TrackingCookie.Liveperson : Cleaned with backup
    C:\Documents and Settings\Heather Kramer\Cookies\heather kramer@ads.realcastmedia[2].txt -> TrackingCookie.Realcastmedia : Cleaned with backup
    C:\Documents and Settings\Heather Kramer\Cookies\heather kramer@e-2dj6wfkiundjkgp.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned with backup
    C:\Documents and Settings\Heather Kramer\Cookies\heather kramer@e-2dj6wgkiqkdzmbp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
    C:\Documents and Settings\Heather Kramer\Cookies\heather kramer@ad.yieldmanager[3].txt -> TrackingCookie.Yieldmanager : Cleaned with backup
    C:\Documents and Settings\Heather Kramer\Cookies\heather kramer@adopt.specificclick[2].txt -> TrackingCookie.Specificclick : Cleaned with backup
    C:\Documents and Settings\Heather Kramer\Cookies\heather kramer@tacoda[1].txt -> TrackingCookie.Tacoda : Cleaned with backup
    C:\Documents and Settings\Heather Kramer\Cookies\heather kramer@e-2dj6wjkycid5sho.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
    C:\Documents and Settings\Heather Kramer\Cookies\heather kramer@marthastewart.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
    C:\Documents and Settings\Heather Kramer\Cookies\heather kramer@burstnet[2].txt -> TrackingCookie.Burstnet : Cleaned with backup
    C:\Documents and Settings\Heather Kramer\Cookies\heather kramer@adopt.specificclick[1].txt -> TrackingCookie.Specificclick : Cleaned with backup
    C:\Documents and Settings\Heather Kramer\Cookies\heather kramer@ads1.revenue[1].txt -> TrackingCookie.Revenue : Cleaned with backup
    C:\Documents and Settings\Heather Kramer\Cookies\heather kramer@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Cleaned with backup
    C:\Documents and Settings\Heather Kramer\Cookies\heather kramer@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Cleaned with backup
    C:\Documents and Settings\Heather Kramer\Cookies\heather kramer@adopt.euroclick[2].txt -> TrackingCookie.Euroclick : Cleaned with backup
    C:\Documents and Settings\Heather Kramer\Cookies\heather kramer@tribalfusion[1].txt -> TrackingCookie.Tribalfusion : Cleaned with backup
    C:\Documents and Settings\Heather Kramer\Cookies\heather kramer@ads.pointroll[2].txt -> TrackingCookie.Pointroll : Cleaned with backup
    C:\Documents and Settings\Heather Kramer\Cookies\heather kramer@tacoda[3].txt -> TrackingCookie.Tacoda : Cleaned with backup
    C:\Documents and Settings\Tyler Kramer\Cookies\tyler kramer@trafficmp[2].txt -> TrackingCookie.Trafficmp : Cleaned with backup
    C:\Documents and Settings\Tyler Kramer\Cookies\tyler kramer@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
    C:\Documents and Settings\Tyler Kramer\Cookies\tyler kramer@tacoda[2].txt -> TrackingCookie.Tacoda : Cleaned with backup
    C:\Documents and Settings\Tyler Kramer\Cookies\tyler kramer@login.tracking101[1].txt -> TrackingCookie.Tracking101 : Cleaned with backup
    C:\Documents and Settings\Tyler Kramer\Cookies\tyler kramer@cartoonnetwork.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
    C:\Documents and Settings\Tyler Kramer\Cookies\tyler kramer@image.masterstats[2].txt -> TrackingCookie.Masterstats : Cleaned with backup
    C:\Documents and Settings\Tyler Kramer\Cookies\tyler kramer@cz7.clickzs[2].txt -> TrackingCookie.Clickzs : Cleaned with backup
    C:\Documents and Settings\Tyler Kramer\Cookies\tyler kramer@ads.realcastmedia[1].txt -> TrackingCookie.Realcastmedia : Cleaned with backup
    C:\Documents and Settings\Tyler Kramer\Cookies\tyler kramer@www2.enigmasoftwaregroup[1].txt -> TrackingCookie.Enigmasoftwaregroup : Cleaned with backup
    C:\Documents and Settings\Tyler Kramer\Cookies\tyler kramer@stats.adbrite[1].txt -> TrackingCookie.Adbrite : Cleaned with backup
    C:\Documents and Settings\Tyler Kramer\Cookies\tyler kramer@ad1.clickhype[1].txt -> TrackingCookie.Clickhype : Cleaned with backup
    C:\Documents and Settings\Tyler Kramer\Cookies\tyler kramer@www.burstbeacon[3].txt -> TrackingCookie.Burstbeacon : Cleaned with backup
    C:\Documents and Settings\Tyler Kramer\Cookies\tyler kramer@image.masterstats[1].txt -> TrackingCookie.Masterstats : Cleaned with backup
    C:\Documents and Settings\Tyler Kramer\Cookies\tyler kramer@login.tracking101[4].txt -> TrackingCookie.Tracking101 : Cleaned with backup
    C:\Documents and Settings\Tyler Kramer\Cookies\tyler kramer@www.burstbeacon[1].txt -> TrackingCookie.Burstbeacon : Cleaned with backup
    C:\Documents and Settings\Tyler Kramer\Cookies\tyler kramer@ad.yieldmanager[3].txt -> TrackingCookie.Yieldmanager : Cleaned with backup
    C:\Documents and Settings\Tyler Kramer\Cookies\tyler kramer@yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Cleaned with backup
    C:\Documents and Settings\Tyler Kramer\Cookies\tyler kramer@starware[2].txt -> TrackingCookie.Starware : Cleaned with backup
    C:\Documents and Settings\Tyler Kramer\Cookies\tyler kramer@ads.pointroll[2].txt -> TrackingCookie.Pointroll : Cleaned with backup
    C:\Documents and Settings\Tyler Kramer\Cookies\tyler kramer@questionmarket[2].txt -> TrackingCookie.Questionmarket : Cleaned with backup
    C:\Documents and Settings\Tyler Kramer\Cookies\tyler kramer@yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Cleaned with backup
    C:\Documents and Settings\Tyler Kramer\Cookies\tyler kramer@adtech[2].txt -> TrackingCookie.Adtech : Cleaned with backup
    C:\Documents and Settings\Tyler Kramer\Cookies\tyler kramer@login.tracking101[3].txt -> TrackingCookie.Tracking101 : Cleaned with backup
    C:\Documents and Settings\Tyler Kramer\Cookies\tyler kramer@casalemedia[1].txt -> TrackingCookie.Casalemedia : Cleaned with backup
    C:\Documents and Settings\Tyler Kramer\Cookies\tyler kramer@adbrite[2].txt -> TrackingCookie.Adbrite : Cleaned with backup
    C:\Documents and Settings\Tyler Kramer\Cookies\tyler kramer@edge.ru4[2].txt -> TrackingCookie.Ru4 : Cleaned with backup
    C:\Documents and Settings\Tyler Kramer\Cookies\tyler kramer@burstnet[2].txt -> TrackingCookie.Burstnet : Cleaned with backup
    C:\Documents and Settings\Tyler Kramer\Cookies\tyler kramer@adopt.specificclick[1].txt -> TrackingCookie.Specificclick : Cleaned with backup
    C:\Documents and Settings\Tyler Kramer\Cookies\tyler kramer@cnn.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
    C:\Documents and Settings\Tyler Kramer\Cookies\tyler kramer@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Cleaned with backup
    C:\Documents and Settings\Tyler Kramer\Cookies\tyler kramer@stats1.reliablestats[1].txt -> TrackingCookie.Reliablestats : Cleaned with backup
    C:\Documents and Settings\Tyler Kramer\Cookies\tyler kramer@entrepreneur.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
    C:\Documents and Settings\Tyler Kramer\Cookies\tyler kramer@wrigley.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
    C:\Documents and Settings\Tyler Kramer\Cookies\tyler kramer@burstnet[1].txt -> TrackingCookie.Burstnet : Cleaned with backup
    C:\Documents and Settings\Jason Kramer\Cookies\jason kramer@microsofteup.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
    C:\Documents and Settings\Jason Kramer\Cookies\jason kramer@image.masterstats[1].txt -> TrackingCookie.Masterstats : Cleaned with backup
    C:\Documents and Settings\Jason Kramer\Cookies\jason kramer@com[2].txt -> TrackingCookie.Com : Cleaned with backup
    C:\Documents and Settings\Jason Kramer\Cookies\jason kramer@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Cleaned with backup
    C:\Documents and Settings\Jason Kramer\Cookies\jason kramer@tacoda[2].txt -> TrackingCookie.Tacoda : Cleaned with backup
    C:\Documents and Settings\Jason Kramer\Cookies\jason kramer@trafficmp[2].txt -> TrackingCookie.Trafficmp : Cleaned with backup
    C:\Documents and Settings\Jason Kramer\Cookies\jason kramer@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Cleaned with backup
    C:\Documents and Settings\Jason Kramer\Cookies\jason kramer@adopt.specificclick[2].txt -> TrackingCookie.Specificclick : Cleaned with backup
    C:\Documents and Settings\Jason Kramer\Cookies\jason kramer@programs.wegcash[1].txt -> TrackingCookie.Wegcash : Cleaned with backup
    C:\Documents and Settings\Jason Kramer\Cookies\jason kramer@free.wegcash[2].txt -> TrackingCookie.Wegcash : Cleaned with backup
    C:\Documents and Settings\Jason Kramer\Cookies\jason kramer@ads.realcastmedia[1].txt -> TrackingCookie.Realcastmedia : Cleaned with backup
    C:\Documents and Settings\Jason Kramer\Cookies\jason kramer@yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Cleaned with backup
    C:\Documents and Settings\Jason Kramer\Cookies\jason kramer@stats1.reliablestats[2].txt -> TrackingCookie.Reliablestats : Cleaned with backup
    C:\Documents and Settings\Jason Kramer\Cookies\jason kramer@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
    C:\Documents and Settings\Jason Kramer\Cookies\jason kramer@anat.tacoda[2].txt -> TrackingCookie.Tacoda : Cleaned with backup
    C:\Documents and Settings\Jason Kramer\Cookies\jason kramer@burstnet[2].txt -> TrackingCookie.Burstnet : Cleaned with backup
    C:\Documents and Settings\Jason Kramer\Cookies\jason kramer@stats1.reliablestats[1].txt -> TrackingCookie.Reliablestats : Cleaned with backup
    C:\Documents and Settings\Jason Kramer\Cookies\jason kramer@2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
    C:\Documents and Settings\Jason Kramer\Cookies\jason kramer@casalemedia[1].txt -> TrackingCookie.Casalemedia : Cleaned with backup
    C:\Documents and Settings\Jason Kramer\Cookies\jason kramer@ad.yieldmanager[4].txt -> TrackingCookie.Yieldmanager : Cleaned with backup
    C:\Documents and Settings\Jason Kramer\Cookies\jason kramer@tribalfusion[1].txt -> TrackingCookie.Tribalfusion : Cleaned with backup
    C:\Documents and Settings\Jason Kramer\Cookies\jason kramer@questionmarket[1].txt -> TrackingCookie.Questionmarket : Cleaned with backup
    C:\Documents and Settings\Jason Kramer\Cookies\jason kramer@ads.pointroll[2].txt -> TrackingCookie.Pointroll : Cleaned with backup
    C:\Documents and Settings\Jason Kramer\Cookies\jason kramer@www.burstbeacon[1].txt -> TrackingCookie.Burstbeacon : Cleaned with backup
    C:\Documents and Settings\Jason Kramer\Cookies\jason kramer@com[3].txt -> TrackingCookie.Com : Cleaned with backup
    C:\Documents and Settings\Jason Kramer\Cookies\jason kramer@hypertracker[1].txt -> TrackingCookie.Hypertracker : Cleaned with backup
    C:\Documents and Settings\Jason Kramer\Cookies\jason kramer@www2.enigmasoftwaregroup[1].txt -> TrackingCookie.Enigmasoftwaregroup : Cleaned with backup


    ::Report End


    Logfile of HijackThis v1.99.1
    Scan saved at 10:14:44 PM, on 6/5/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\Microsoft IntelliType Pro\type32.exe
    C:\Program Files\Microsoft IntelliPoint\point32.exe
    C:\Program Files\Sony Corporation\Image Transfer\SonyTray.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\WINDOWS\system32\cisvc.exe
    C:\Program Files\ewido anti-malware\ewidoctrl.exe
    C:\Program Files\ewido anti-malware\ewidoguard.exe
    C:\WINDOWS\system32\inetsrv\inetinfo.exe
    C:\Program Files\Norton AntiVirus\navapsvc.exe
    C:\Program Files\Sony\MD Simple Burner\NetMDSB.exe
    C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
    C:\WINDOWS\System32\snmp.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\mqsvc.exe
    C:\WINDOWS\System32\mqtgsvc.exe
    C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
    C:\WINDOWS\system32\cidaemon.exe
    C:\WINDOWS\system32\msiexec.exe
    C:\WINDOWS\system32\cidaemon.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\HJT\HijackThis_v1.99.1.exe

    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: (no name) - {6ab7158b-4bff-4160-ad7d-4d622df548cf} - C:\WINDOWS\system32\hp100.tmp (file missing)
    O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
    O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
    O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O4 - Global Startup: Image Transfer.lnk = ?
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1137455665187
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1144900302953
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
    O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
    O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
    O23 - Service: MD Simple Burner Service (NetMDSB) - Sony Corporation - C:\Program Files\Sony\MD Simple Burner\NetMDSB.exe
    O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
    O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
    O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\Pacsptisvr.exe
    O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\Sptisrv.exe
    O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe (file missing)



    SmitFraudFix v2.53

    Scan done at 17:58:27.81, Mon 06/05/2006
    Run from C:\Documents and Settings\Heather Kramer\Desktop\SmitfraudFix
    OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
    Fix ran in safe mode

    »»»»»»»»»»»»»»»»»»»»»»»» Before SmitFraudFix
    !!!Attention, following keys are not inevitably infected!!!

    SrchSTS.exe by S!Ri
    Search SharedTaskScheduler's .dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
    "{0c7416f0-dd23-420f-97f5-aae352ea2bf1}"="glochid"


    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
    "{e5b1e382-817e-4b74-8a96-ec78751e6acf}"="incatenate"

    [HKEY_CLASSES_ROOT\CLSID\{e5b1e382-817e-4b74-8a96-ec78751e6acf}\InProcServer32]
    @="C:\WINDOWS\system32\imfdfcj.dll"

    [HKEY_CURRENT_USER\Software\Classes\CLSID\{e5b1e382-817e-4b74-8a96-ec78751e6acf}\InProcServer32]
    @="C:\WINDOWS\system32\imfdfcj.dll"


    »»»»»»»»»»»»»»»»»»»»»»»» Killing process


    »»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files

    C:\WINDOWS\system32\dcomcfg.exe Deleted
    C:\WINDOWS\system32\imfdfcj.dll Deleted
    C:\WINDOWS\system32\ot.ico Deleted
    C:\WINDOWS\system32\simpole.tlb Deleted
    C:\WINDOWS\system32\stdole3.tlb Deleted
    C:\WINDOWS\system32\wfkduei.dll Deleted
    C:\WINDOWS\system32\1024\ Deleted
    C:\DOCUME~1\HEATHE~1\FAVORI~1\Antivirus Test Online.url Deleted
    C:\Program Files\Security Toolbar\ Deleted

    »»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

    GenericRenosFix by S!Ri

    C:\WINDOWS\system32\imfdfcj.dll -> Missing File


    »»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files


    »»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

    Registry Cleaning done.

    »»»»»»»»»»»»»»»»»»»»»»»» After SmitFraudFix
    !!!Attention, following keys are not inevitably infected!!!

    SrchSTS.exe by S!Ri
    Search SharedTaskScheduler's .dll


    »»»»»»»»»»»»»»»»»»»»»»»» End


     
  2. JaPK

    JaPK Regular member

    Joined:
    Feb 23, 2006
    Messages:
    1,269
    Likes Received:
    0
    Trophy Points:
    46
    @Niakiki

    You're clean now :)

    You should update your Java (old version has all kinds of vulnerabilities)

    1. Click "Start"-> "Control panel" -> Double-click Java icon (coffee cup)
    2. Move to "Update" tab and update Java by clicking "Update Now". After that do a restart.
    3. If you can't make automatic update, get new version manually from here -> http://java.sun.com/j2se/1.5.0/download.jsp
    4. After updating, uninstall the old Java if found from Add/Remove Programs, named as J2SE Runtime Environment 5.0 Update 6

    Now that you're clean, here are some tips how to stay clean.

    -> Stand Up and Be Counted, Malware Complaints -> http://www.malwarecomplaints.info
    The site offers people who have been (or are) victims of malware the opportunity to document their story and, in that way, launch a complaint against the malware and the makers of the malware.

    -> Clear your system restore -> http://www.microsoft.com/windowsxp/using/helpandsupport/learnmore/tips/mcgill1.mspx
    This will clear the system restore folders from possible malware that was left behind during the cleaning process. Remember to create a new restore point after the cleaning.

    -> Use CCleaner -> http://www.ccleaner.com
    Download and install CCleaner. Clean your registry and temporary files with it regularly.

    -> Use Ad-Aware -> http://www.bleepingcomputer.com/forums/?showtutorial=48
    Download and install Ad-Aware. Update it and scan your computer regularly with it.

    -> Use Ewido -> http://www.ewido.net/en
    Download and install Ewido. Update it and scan your computer regularly with it.

    -> Install SpywareBlaster -> http://www.javacoolsoftware.com/spywareblaster.html
    SpywareBlaster will prevent spyware from being installed to your computer.

    -> Install MVPS Hosts file -> http://mvps.org/winhelp2002/hosts.htm
    This prevents your computer from connecting to harmful sites.

    -> Change your browser to Firefox -> http://www.mozilla.org
    Firefox is faster, safer and quicker browser than Internet Explorer.

    -> Keep your systen up-to-date -> http://windowsupdate.microsoft.com
    Visit Windows Update regularly.

    -> Keep your antivirus and firewall up-to-date
    Scan your computer regularly with your antivirus.

    -> Read this article by TonyKlein -> http://castlecops.com/postlite7736-.html
    So how did I get infected in the first place?

    Stay clean ;)

    ------------------------------------------------------------------------------------------------------------------------------------------------

    @Heakra

    Almost clean, fix this entry with HijackThis:

    O2 - BHO: (no name) - {6ab7158b-4bff-4160-ad7d-4d622df548cf} - C:\WINDOWS\system32\hp100.tmp (file missing)

    Restart your computer and post a new HjT log.

    ---------------------------------------------------------------------------------------------------------------------------------------------


    @ojhk and BazE

    I'll help you both later today, sorry for the wait :)
     
  3. JaPK

    JaPK Regular member

    Joined:
    Feb 23, 2006
    Messages:
    1,269
    Likes Received:
    0
    Trophy Points:
    46
    @ojhk

    Ok lets get you cleaned....

    Cleaning instructions:

    Move HijackThis into its own folder C:\HJT

    Download and install Ewido anti-malware -> http://www.ewido.net/en/download
    Update it, but do NOT run a scan yet. We'll use it later.

    Restart your computer to the safemode and choose your normal user account -> http://www.pchell.com/support/safemode.shtml

    When in safemode, open SmitfraudFix folder and doubleclick the file smitfraudfix.cmd
    Choose option #2 - Clean by typing 2 and pressing "Enter" in order to remove the infected files.

    You are asked: "Registry cleaning - Do you want to clean the registry ?"; answer "Yes" by typing Y and press "Enter" in order to remove your desktop wallpaper and the infected registry keys.

    The tool checks if wininet.dll file is infected. You might be asked to replace the infected .dll (if found); answer "Yes" by typing Y and press "Enter".

    The tool might have to restart your computer; if it won't do it, restart your computer back to normal mode.
    A textfile will appear after the cleaning process, copy this file and paste it to here.

    Tha log is saved to your local diskdrive, usually C:\rapport.txt.

    Warning : Running option 2 in a clean computer will delete your desktop wallpaper.

    Scan and clean your computer with Ewido and save the report.

    Post the following logs to here:
    -> a fresh HijackThis log
    -> Ewido's log
    -> contents of C:\rapport.txt

    ----------------------------------------------------------------------------------------------------------------------------------------------------------
    @BazE

    You need to get rid of your WinAntiVirus Pro firewall/antivirus because that program can't be trusted, more info here -> http://www.spywarewarrior.com/rogue_anti-spyware.htm

    You should install one good firewall and one good antivirus....

    These are good (free) firewalls:
    ZoneAlarm --> http://www.zonelabs.com
    Kerio--> http://www.sunbelt-software.com/Kerio.cfm
    Outpost-> http://www.agnitum.com

    These are good (free) antiviruses:
    AVG Antivirus --> http://www.grisoft.com
    Avast --> http://www.avast.com

    Ok, you got some infections on your computer....

    Cleaning instructions:

    Move HijackThis into its own folder C:\HJT

    Download and install Ewido anti-malware -> http://www.ewido.net/en/download
    Update it, but do NOT run a scan yet. We'll use it later.

    Donwload LSPFix -> http://www.cexx.org/lspfix.htm to yuor desktop.
    Don't run this program yet. This program is used only if you lost your internet connection during the cleaning.

    Go to Control Panel -> Add/Remove programs -> Remove WinAntiVirus or similar if found

    Restart your computer to the safemode and choose your normal user account -> http://www.pchell.com/support/safemode.shtml

    When in safemode, open SmitfraudFix folder and doubleclick the file smitfraudfix.cmd
    Choose option #2 - Clean by typing 2 and pressing "Enter" in order to remove the infected files.

    You are asked: "Registry cleaning - Do you want to clean the registry ?"; answer "Yes" by typing Y and press "Enter" in order to remove your desktop wallpaper and the infected registry keys.

    The tool checks if wininet.dll file is infected. You might be asked to replace the infected .dll (if found); answer "Yes" by typing Y and press "Enter".

    The tool might have to restart your computer; if it won't do it, restart your computer back to normal mode.
    A textfile will appear after the cleaning process, copy this file and paste it to here.

    Tha log is saved to your local diskdrive, usually C:\rapport.txt.

    Warning : Running option 2 in a clean computer will delete your desktop wallpaper.

    Scan and clean your computer with Ewido and save the report.

    Post the following logs to here:
    -> a fresh HijackThis log
    -> Ewido's log
    -> contents of C:\rapport.txt

    Then we'll clean the leftovers if found........

    (IF you lost your internet connection during the new.net removal, doubleclik LSPFix.exe. Check "I know what I'm doing" option.You see two panels; If something is listed in "Remove" panel on the right side, leave it there and press "Finish>>". Then restart your computer and the connection should work. If nothing is listed in "Remove" panel, DO NOTHING, close LSPFix. Go to some different machine to get help. (This is just a precaution. Usually the internet connection stays ok ;) )
     
  4. Niakiki

    Niakiki Guest

    Hi JaPK,

    Thanks a lot for all the help !
    God Bless!
     
  5. JaPK

    JaPK Regular member

    Joined:
    Feb 23, 2006
    Messages:
    1,269
    Likes Received:
    0
    Trophy Points:
    46
    You're welcome =)
     
  6. ojhk

    ojhk Member

    Joined:
    Jun 4, 2006
    Messages:
    7
    Likes Received:
    0
    Trophy Points:
    11
    Heres the one


    SmitFraudFix v2.53

    Scan done at 13:53:18.00, Tue 06/06/2006
    Run from C:\Documents and Settings\Hunter Killingsworth\My Documents\Downloads\SmitfraudFix\SmitfraudFix
    OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
    Fix ran in safe mode

    »»»»»»»»»»»»»»»»»»»»»»»» Before SmitFraudFix

    2nd

    ---------------------------------------------------------
    ewido anti-malware - Scan report
    ---------------------------------------------------------

    + Created on: 2:05:52 PM, 6/6/2006
    + Report-Checksum: 8362C119

    + Scan result:

    No infected objects found.


    ::Report End
    !!!Attention, following keys are not inevitably infected!!!

    SrchSTS.exe by S!Ri
    Search SharedTaskScheduler's .dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
    "{62eb0924-19d2-4226-b4b9-8ad1f70904c1}"="bronchovascular"

    [HKEY_CLASSES_ROOT\CLSID\{62eb0924-19d2-4226-b4b9-8ad1f70904c1}\InProcServer32]
    @="C:\WINDOWS\system32\hvnwm.dll"

    [HKEY_CURRENT_USER\Software\Classes\CLSID\{62eb0924-19d2-4226-b4b9-8ad1f70904c1}\InProcServer32]
    @="C:\WINDOWS\system32\hvnwm.dll"


    »»»»»»»»»»»»»»»»»»»»»»»» Killing process


    »»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files

    C:\WINDOWS\system32\atmclk.exe Deleted
    C:\WINDOWS\system32\dcomcfg.exe Deleted
    C:\WINDOWS\system32\ld????.tmp Deleted
    C:\WINDOWS\system32\ot.ico Deleted
    C:\WINDOWS\system32\regperf.exe Deleted
    C:\WINDOWS\system32\simpole.tlb Deleted
    C:\WINDOWS\system32\stdole3.tlb Deleted
    C:\WINDOWS\system32\ts.ico Deleted
    C:\WINDOWS\system32\1024\ Deleted
    C:\DOCUME~1\HUNTER~1\FAVORI~1\Antivirus Test Online.url Deleted
    C:\DOCUME~1\HUNTER~1\STARTM~1\Programs\MalwareWipe Deleted
    C:\Program Files\Security Toolbar\ Deleted

    »»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

    GenericRenosFix by S!Ri

    C:\WINDOWS\system32\hvnwm.dll -> Missing File


    »»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files


    »»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

    Registry Cleaning done.

    »»»»»»»»»»»»»»»»»»»»»»»» After SmitFraudFix
    !!!Attention, following keys are not inevitably infected!!!

    SrchSTS.exe by S!Ri
    Search SharedTaskScheduler's .dll


    »»»»»»»»»»»»»»»»»»»»»»»» End

    And Last


    Logfile of HijackThis v1.99.1
    Scan saved at 2:07:48 PM, on 6/6/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
    C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\WINDOWS\System32\WLTRYSVC.EXE
    C:\WINDOWS\System32\bcmwltry.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
    C:\WINDOWS\eHome\ehRecvr.exe
    C:\WINDOWS\eHome\ehSched.exe
    C:\Program Files\ewido anti-malware\ewidoctrl.exe
    C:\Program Files\ewido anti-malware\ewidoguard.exe
    C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
    C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\WINDOWS\ehome\ehtray.exe
    C:\WINDOWS\eHome\ehmsas.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\WINDOWS\system32\igfxsrvc.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\WINDOWS\system32\igfxpers.exe
    C:\WINDOWS\system32\WLTRAY.exe
    C:\WINDOWS\stsystra.exe
    C:\Program Files\Dell\Media Experience\DMXLauncher.exe
    C:\Program Files\Dell\QuickSet\quickset.exe
    C:\Program Files\Creative\Mixer\CTSVolFE.exe
    C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
    C:\WINDOWS\System32\DLA\DLACTRLW.EXE
    C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    C:\Program Files\Saitek\Software\Profiler.exe
    C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
    C:\Program Files\Google\Google Desktop Search\GoogleDesktopDisplay.exe
    C:\Program Files\Saitek\Software\SaiSmart.exe
    C:\Program Files\Saitek\Software\SaiMfd.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\NetWaiting\netWaiting.exe
    C:\Program Files\Dell Support\DSAgnt.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\PROGRA~1\AIM\aim.exe
    C:\Program Files\MSN Messenger\MsnMsgr.Exe
    C:\Program Files\Digital Line Detect\DLG.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
    C:\HJT\HijackThis_v1.99.1.exe

    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
    O2 - BHO: Nothing - {6ab7158b-4bff-4160-ad7d-4d622df548cf} - C:\WINDOWS\system32\hp100.tmp (file missing)
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O2 - BHO: Norton Internet Security 2006 - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
    O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
    O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\Program Files\BAE\BAE.dll
    O3 - Toolbar: Norton Internet Security 2006 - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
    O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
    O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
    O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
    O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
    O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
    O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
    O4 - HKLM\..\Run: [CTSVolFE.exe] "C:\Program Files\Creative\Mixer\CTSVolFE.exe" /r
    O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
    O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    O4 - HKLM\..\Run: [Profiler] C:\Program Files\Saitek\Software\Profiler.exe
    O4 - HKLM\..\Run: [SaiSmart] C:\Program Files\Saitek\Software\SaiSmart.exe
    O4 - HKLM\..\Run: [SaiMfd] C:\Program Files\Saitek\Software\SaiMfd.exe
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKCU\..\Run: [ModemOnHold] C:\Program Files\NetWaiting\netWaiting.exe
    O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [AIM] C:\PROGRA~1\AIM\aim.exe -cnetwait.odl
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - Global Startup: Digital Line Detect.lnk = ?
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\aim.exe
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v10/StagingUI.cab40641.cab
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (ZoneBuddy Class) - http://zone.msn.com/BinFrameWork/v10/ZBuddy.cab32846.cab
    O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/binframework/v10/ZPAChat.cab32846.cab
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
    O16 - DPF: {CAC181B0-4D70-402D-B571-C596A47D0CE0} (CBankshotZoneCtrl Class) - http://zone.msn.com/bingame/zpagames/zpa_pool.cab42858.cab
    O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (StadiumProxy Class) - http://zone.msn.com/binframework/v10/StProxy.cab41227.cab
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
    O20 - AppInit_DLLs: pushow20.dll C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
    O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
    O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\ccPwdSvc.exe
    O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Norton Internet Security\comHost.exe
    O23 - Service: Creative Labs Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
    O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
    O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
    O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
    O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
    O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE



     
    Last edited: Jun 6, 2006
  7. Biggie76

    Biggie76 Regular member

    Joined:
    Mar 15, 2006
    Messages:
    192
    Likes Received:
    0
    Trophy Points:
    26
    i had that virus a few days ago and i had to do a clean wipe on my whole system now it runs good but downloads very very slow.
     
  8. JaPK

    JaPK Regular member

    Joined:
    Feb 23, 2006
    Messages:
    1,269
    Likes Received:
    0
    Trophy Points:
    46
    @ojhk

    Ok, almost clean...

    Fix this entry with HijackThis:

    O2 - BHO: Nothing - {6ab7158b-4bff-4160-ad7d-4d622df548cf} - C:\WINDOWS\system32\hp100.tmp (file missing)

    Reboot your pc.

    Post a new HijackThis log to here.
     
  9. zeusworks

    zeusworks Member

    Joined:
    May 31, 2006
    Messages:
    44
    Likes Received:
    0
    Trophy Points:
    16
    sorry, I was bbusy for a coupla days ...here's the smitfraud search (option 1) results:
    »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Zeus\Application Data


    »»»»»»»»»»»»»»»»»»»»»»»» Start Menu


    »»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\Zeus\FAVORI~1

    C:\DOCUME~1\Zeus\FAVORI~1\Antivirus Test Online.url FOUND !

    »»»»»»»»»»»»»»»»»»»»»»»» Desktop


    »»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files

    C:\Program Files\Security Toolbar\ FOUND !

    »»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys


    »»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
    "Source"="About:Home"
    "SubscribedURL"="About:Home"
    "FriendlyName"="My Current Home Page"


    »»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
    !!!Attention, following keys are not inevitably infected!!!

    SrchSTS.exe by S!Ri
    Search SharedTaskScheduler's .dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
    "{0c7416f0-dd23-420f-97f5-aae352ea2bf1}"="glochid"


    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
    "{e5b1e382-817e-4b74-8a96-ec78751e6acf}"="incatenate"


    »»»»»»»»»»»»»»»»»»»»»»»» Scanning wininet.dll infection


    »»»»»»»»»»»»»»»»»»»»»»»» End
     
  10. JaPK

    JaPK Regular member

    Joined:
    Feb 23, 2006
    Messages:
    1,269
    Likes Received:
    0
    Trophy Points:
    46
    @zeusworks

    Ok, please post a fresh HijackThis log to here too... Then we'll get you cleaned :)
     
  11. zeusworks

    zeusworks Member

    Joined:
    May 31, 2006
    Messages:
    44
    Likes Received:
    0
    Trophy Points:
    16
    Logfile of HijackThis v1.99.1
    Scan saved at 11:07:22 AM, on 6/7/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
    C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
    C:\Program Files\Common Files\AOL\1127562966\ee\services\sscFirewallPlugin\ver1_10_3_1\aolavupd.exe
    C:\WINDOWS\System32\cisvc.exe
    C:\Program Files\ewido anti-malware\ewidoctrl.exe
    C:\PROGRA~1\mcafee.com\ANTIVI~1\mcshield.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
    C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb10.exe
    C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
    C:\Program Files\ESPNRunTime\DIGServices.exe
    C:\PROGRA~1\mcafee.com\ANTIVI~1\OasClnt.exe
    C:\Program Files\Common Files\AOL\1127562966\ee\AOLSoftware.exe
    C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Common Files\AOL\1127562966\ee\services\sscAntiSpywarePlugin\ver1_10_3_1\AOLSP Scheduler.exe
    C:\Program Files\mcafee.com\antivirus\mcvsescn.exe
    C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
    C:\WINDOWS\system32\tbctray.exe
    C:\Program Files\Plaxo\2.5.10.17\PlaxoHelper.exe
    C:\Program Files\Common Files\AOL\1127562966\ee\services\sscFirewallPlugin\ver1_10_3_1\SSCEvtHdlr.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\system32\cidaemon.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\PROGRA~1\WINZIP\winzip32.exe
    C:\WINDOWS\system32\cmd.exe
    C:\PROGRA~1\AMERIC~1.0B\waol.exe
    C:\PROGRA~1\AMERIC~1.0B\shellmon.exe
    C:\WINDOWS\notepad.exe
    C:\Documents and Settings\Zeus\Desktop\hijack\HijackThis_v1.99.1.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.democracynow.org
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.democracynow.org
    R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 3.0\aoltb.dll
    N3 - Netscape 7: user_pref("browser.startup.homepage", "http://home.netscape.com/bookmark/7_2/home.html"); (C:\Documents and Settings\Zeus\Application Data\Mozilla\Profiles\default\as4lbdz0.slt\prefs.js)
    N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\Zeus\Application Data\Mozilla\Profiles\default\as4lbdz0.slt\prefs.js)
    O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_6_0_0.dll
    O2 - BHO: Nothing - {6ab7158b-4bff-4160-ad7d-4d622df548cf} - C:\WINDOWS\system32\hp100.tmp (file missing)
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 3.0\aoltb.dll
    O3 - Toolbar: &ESPN - {AE6F2894-AF10-4C9C-B16E-1DFC6FF8C0C6} - C:\Program Files\ESPN\Toolbar\DIGToolBar.dll
    O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 3.0\aoltb.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_6_0_0.dll
    O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
    O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb10.exe
    O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
    O4 - HKLM\..\Run: [DIGStream] C:\Program Files\DIGStream\digstream.exe
    O4 - HKLM\..\Run: [DIGServices] C:\Program Files\ESPNRunTime\DIGServices.exe /brand=ESPN /priority=0 /poll=24
    O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1127562966\ee\AOLSoftware.exe
    O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
    O4 - HKLM\..\Run: [AOLSPScheduler] C:\Program Files\Common Files\AOL\1127562966\ee\services\sscAntiSpywarePlugin\ver1_10_3_1\AOLSP Scheduler.exe
    O4 - HKLM\..\Run: [sscRun] C:\Program Files\Common Files\AOL\1127562966\ee\services\sscFirewallPlugin\ver1_10_3_1\SSCRun.exe
    O4 - HKLM\..\Run: [OASClnt] C:\Program Files\mcafee.com\antivirus\oasclnt.exe
    O4 - HKLM\..\Run: [EmailScan] C:\Program Files\mcafee.com\antivirus\mcvsescn.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKLM\..\Run: [IPHSend] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe
    O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
    O4 - HKLM\..\Run: [TraySantaCruz] C:\WINDOWS\system32\tbctray.exe
    O4 - HKCU\..\Run: [BBC News alerts] C:\Program Files\BBC News alerts\skinkers.exe
    O4 - HKCU\..\Run: [PlaxoUpdate] C:\Program Files\Plaxo\2.5.10.17\PlaxoHelper.exe -a
    O4 - HKCU\..\Run: [Extreme Messenger for AIM] C:\Program Files\Extreme Messenger\ExtremeMessenger.exe nosplash
    O4 - HKCU\..\Run: [Zinio DLM] C:\Program Files\Zinio\ZinioDeliveryManager.exe /autostart
    O4 - HKCU\..\Run: [AOL Fast Start] "C:\PROGRA~1\AMERIC~1.0B\AOL.EXE" -b
    O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
    O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\WINDOWS\System32\shdocvw.dll
    O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 3.0\aoltb.dll
    O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
    O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: Aces Up! by pogo - http://game1.pogo.com/applet-6.1.3.28/aces/aces-ob-assets.cab
    O16 - DPF: Blackjack by pogo - http://game1.pogo.com/applet-6.2.1.27/blackjack/blackjack-ob-assets.cab
    O16 - DPF: Texas Hold'em Poker by pogo - http://game1.pogo.com/applet-6.3.3.38/holdem/holdem-ob-assets.cab
    O16 - DPF: Tri-Peaks by pogo - http://game1.pogo.com/applet-6.1.3.28/peaks/peaks-ob-assets.cab
    O16 - DPF: Word Whomp Whackdown by pogo - http://whackdown.pogo.com/applet-6.0.3.35/whackdown/whackdown-ob-assets.cab
    O16 - DPF: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} (Web Browser Applet Control) - http://holdem2.pogo.com/applet-5.9.1.18/jvmtest
    O16 - DPF: {08BEF711-06DA-48B2-9534-802ECAA2E4F9} (PlxInstall Class) - https://www.plaxo.com/down/latest/PlaxoInstall.cab
    O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yinst20040510.cab
    O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cab
    O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} - http://aolcc.aol.com/computercheckup/qdiagcc.cab
    O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.av.aol.com/molbin/shared/mcinsctl/en-us/4,0,0,83/mcinsctl.cab
    O16 - DPF: {5D66B431-8A5B-4ECA-AED6-6F4F411E1773} (AOLLaunch Class) - http://www.disneyblast.go.com/setup/activex/AOLLauncher.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1138668142639
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1138666285549
    O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://tv.disney.go.com/global/download/otoy/OTOYAX29b.cab
    O16 - DPF: {83EF1847-D835-490B-8D9D-90B2987D66E8} - http://pictures.aolcdn.com/ap/Resources/1.0.2.19.b//cab/YgpUploader.9.3.2.3.cab
    O16 - DPF: {8DD733A8-353A-4E93-AB85-93CA8DC96F6A} (ActivatorControl1 Class) - https://objects.aol.com/activator/en-us/Activator.cab
    O16 - DPF: {9A065115-8F53-4588-AF1D-EF58AE736B3F} (AOL Newport ScreenSaver Ctrl) - http://pictures.aolcdn.com/ap/Resources/1.0.2.19.b//cab/YGPPicScreensaver.en-US.9.3.2.0.cab
    O16 - DPF: {A97B2058-825A-4B18-93CE-1483855578D1} (AOL Newport Editor Ctrl) - http://pictures.aolcdn.com/ap/Resources/1.0.2.19.b//cab/PicEditor.en-US.9.3.2.1.cab
    O16 - DPF: {B49C4597-8721-4789-9250-315DFBD9F525} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/radio/ampx/ampx2.6.1.11_en_dl.cab
    O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.av.aol.com/molbin/shared/mcgdmgr/en-us/1,0,0,20/mcgdmgr.cab
    O16 - DPF: {BE71A78B-77DB-451C-A761-59B37022D544} (AOL Newport Downloader Ctrl) - http://pictures.aolcdn.com/ap/Resources/1.0.2.19.b//cab/YGPPicDownload.en-US.9.3.2.0.cab
    O16 - DPF: {C02226EB-A5D7-4B1F-BD7E-635E46C2288D} (Toontown Installer ActiveX Control) - http://download.toontown.com/sv1.0.15.26/ttinst.cab
    O16 - DPF: {CC32D4D8-2A0B-4CEB-B105-C9B968379105} (CGameManagerCtrl Object) - https://disney.go.com/games/downloads/gamemanager/DIGGameManager.cab
    O16 - DPF: {E876D003-BCDE-11D3-9131-000094B61529} - https://project1.eroom.net/eRoomSetup/client.cab
    O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/aio/en/check/qdiagh.cab?322
    O16 - DPF: {F54C1137-5E34-4B95-95A5-BA56D4D8D743} (Secure Delivery) - http://www.gamespot.com/KDX22/download/kdx.cab
    O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
    O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
    O23 - Service: AOL Antivirus Update Service (aolavupd) - America Online - C:\Program Files\Common Files\AOL\1127562966\ee\services\sscFirewallPlugin\ver1_10_3_1\aolavupd.exe
    O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
    O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: McAfee McShield (McShield) - McAfee Inc. - C:\PROGRA~1\mcafee.com\ANTIVI~1\mcshield.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

     
  12. JaPK

    JaPK Regular member

    Joined:
    Feb 23, 2006
    Messages:
    1,269
    Likes Received:
    0
    Trophy Points:
    46
    @zeusworks

    Ok almost clean....

    Cleaning instructions:

    Run HijackThis. Press Do a system scan only, then close all other windows, checkmark the following entries and press Fix checked

    O2 - BHO: Nothing - {6ab7158b-4bff-4160-ad7d-4d622df548cf} - C:\WINDOWS\system32\hp100.tmp (file missing)


    Restart your computer to the safemode and choose your normal user account -> http://www.pchell.com/support/safemode.shtml

    When in safemode, open SmitfraudFix folder and doubleclick the file smitfraudfix.cmd
    Choose option #2 - Clean by typing 2 and pressing "Enter" in order to remove the infected files.

    You are asked: "Registry cleaning - Do you want to clean the registry ?"; answer "Yes" by typing Y and press "Enter" in order to remove your desktop wallpaper and the infected registry keys.

    The tool checks if wininet.dll file is infected. You might be asked to replace the infected .dll (if found); answer "Yes" by typing Y and press "Enter".

    The tool might have to restart your computer; if it won't do it, restart your computer back to normal mode.
    A textfile will appear after the cleaning process, copy this file and paste it to here.

    Tha log is saved to your local diskdrive, usually C:\rapport.txt.

    Warning : Running option 2 in a clean computer will delete your desktop wallpaper.

    Post the following logs to here:
    -> a fresh HijackThis log
    -> Ewido's log
    -> Contents of C:\Rapport.txt
     
  13. rm6789er

    rm6789er Member

    Joined:
    Jun 7, 2006
    Messages:
    4
    Likes Received:
    0
    Trophy Points:
    11
    I just got this virus yesterday. Here is my log. Help please.

    Logfile of HijackThis v1.99.1
    Scan saved at 12:00:54 PM, on 6/7/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\PROGRA~1\CACHEM~1\CachemanXP.exe
    C:\Program Files\Symantec AntiVirus\DefWatch.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\PRISMSVR.EXE
    C:\Program Files\Symantec AntiVirus\SavRoam.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Symantec AntiVirus\Rtvscan.exe
    C:\WINDOWS\system32\dcomcfg.exe
    C:\WINDOWS\system32\atmclk.exe
    C:\Program Files\ASUS\Probe\AsusProb.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\Program Files\D-Tools\daemon.exe
    C:\Program Files\Google\Gmail Notifier\G001-1.0.25.0\gnotify.exe
    C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\WINDOWS\system32\WgaTray.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\WINDOWS\system32\f898c1eb.exe
    C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\PROGRA~1\p2pnetworks\p2pnetworks.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    C:\Program Files\Impulse\PolicyKey.exe
    C:\Program Files\Dell Wireless\PRISMCFG.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
    C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Google\Google Desktop Search\GoogleDesktopOE.exe
    C:\Documents and Settings\Ryan\Desktop\HijackThis_v1.99.1.exe
    C:\Program Files\ewido anti-malware\ewidoguard.exe
    C:\Program Files\ewido anti-malware\ewidoctrl.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = prosearching.com
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchURL = prosearching.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = prosearching.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = prosearching.com
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = prosearching.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchURL = prosearching.com
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = prosearching.com
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = prosearching.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page_bak = prosearching.com
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: Nothing - {6ab7158b-4bff-4160-ad7d-4d622df548cf} - C:\WINDOWS\system32\hp100.tmp
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
    O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [ASUS Probe] C:\Program Files\ASUS\Probe\AsusProb.exe
    O4 - HKLM\..\Run: [NVidia System Utility] "C:\Program Files\NVIDIA Corporation\NVIDIA System Utility\\NVSystemUtility.exe" clear
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
    O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\G001-1.0.25.0\gnotify.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [Microsoft System DLL Services Configuration] windir32.exe
    O4 - HKLM\..\Run: [System service68] C:\WINDOWS\\etb\pokapoka68.exe
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\Symantec AntiVirus\VPTray.exe
    O4 - HKLM\..\Run: [System service69] C:\WINDOWS\\etb\pokapoka69.exe
    O4 - HKLM\..\Run: [MediaPipe P2P Loader] "C:\Program Files\p2pnetworks\mpp2pl.exe" /H
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [f898c1eb.exe] C:\WINDOWS\system32\f898c1eb.exe
    O4 - HKLM\..\Run: [MalwareWipe] C:\Program Files\MalwareWipe\MalwareWipe.exe /h
    O4 - HKLM\..\RunServices: [Microsoft System DLL Services Configuration] windir32.exe
    O4 - HKCU\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares Lite Edition\Ares.exe" -h
    O4 - HKCU\..\Run: [SOProc_RegSoAlertWxLiteNnAj] rundll32 shell32.dll,ShellExec_RunDLL C:\PROGRA~1\SoftwareOnline\soproc.exe -pack RegSoAlertWxLiteNnAj
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [f898c1eb.exe] C:\Documents and Settings\Ryan\Local Settings\Application Data\f898c1eb.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: HotSync Manager.lnk = C:\Program Files\Sony Handheld\HOTSYNC.EXE
    O4 - Global Startup: Policy Key.lnk = C:\Program Files\Impulse\PolicyKey.exe
    O4 - Global Startup: Wireless USB 2.0 WLAN Card Utility.lnk = ?
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
    O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Housecall ActiveX 6.5) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
    O16 - DPF: {74CD40EA-EF77-4BAD-808A-B5982DA73F20} - http://yax-download.yazzle.net/YazzleActiveX.cab?refid=1123
    O16 - DPF: {D30CA0FD-1CA0-11D4-AC78-006008A9A8BC} (WebBasedClientInstall Class) - http://patch.gcsu.edu/webinst.cab
    O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O20 - Winlogon Notify: winexy32 - C:\WINDOWS\SYSTEM32\winexy32.dll
    O23 - Service: CachemanXP (CachemanXPService) - OuterTechnologies - C:\PROGRA~1\CACHEM~1\CachemanXP.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
    O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe

     
  14. zeusworks

    zeusworks Member

    Joined:
    May 31, 2006
    Messages:
    44
    Likes Received:
    0
    Trophy Points:
    16
    SmitFraudFix v2.55

    Scan done at 11:31:13.15, Wed 06/07/2006
    Run from C:\Documents and Settings\Zeus\Desktop\virus repair info\SmitfraudFix
    OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
    Fix ran in safe mode

    »»»»»»»»»»»»»»»»»»»»»»»» Before SmitFraudFix
    !!!Attention, following keys are not inevitably infected!!!

    SrchSTS.exe by S!Ri
    Search SharedTaskScheduler's .dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
    "{0c7416f0-dd23-420f-97f5-aae352ea2bf1}"="glochid"


    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
    "{e5b1e382-817e-4b74-8a96-ec78751e6acf}"="incatenate"


    »»»»»»»»»»»»»»»»»»»»»»»» Killing process


    »»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files

    C:\WINDOWS\system32\dcomcfg.exe Deleted
    C:\WINDOWS\system32\regperf.exe Deleted
    C:\WINDOWS\system32\stdole3.tlb Deleted
    C:\WINDOWS\system32\1024\ Deleted
    C:\DOCUME~1\Zeus\FAVORI~1\Antivirus Test Online.url Deleted
    C:\Program Files\Security Toolbar\ Deleted

    »»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

    GenericRenosFix by S!Ri


    »»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files


    »»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

    Registry Cleaning done.

    »»»»»»»»»»»»»»»»»»»»»»»» After SmitFraudFix
    !!!Attention, following keys are not inevitably infected!!!

    SrchSTS.exe by S!Ri
    Search SharedTaskScheduler's .dll


    »»»»»»»»»»»»»»»»»»»»»»»» End

    Logfile of HijackThis v1.99.1
    Scan saved at 12:00:11 PM, on 6/7/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
    C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
    C:\Program Files\Common Files\AOL\1127562966\ee\services\sscFirewallPlugin\ver1_10_3_1\aolavupd.exe
    C:\WINDOWS\System32\cisvc.exe
    C:\Program Files\ewido anti-malware\ewidoctrl.exe
    C:\Program Files\ewido anti-malware\ewidoguard.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
    C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb10.exe
    C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
    C:\Program Files\ESPNRunTime\DIGServices.exe
    C:\Program Files\Common Files\AOL\1127562966\ee\AOLSoftware.exe
    C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Common Files\AOL\1127562966\ee\services\sscAntiSpywarePlugin\ver1_10_3_1\AOLSP Scheduler.exe
    C:\Program Files\mcafee.com\antivirus\oasclnt.exe
    C:\Program Files\mcafee.com\antivirus\mcvsescn.exe
    C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
    C:\WINDOWS\system32\tbctray.exe
    C:\Program Files\BBC News alerts\skinkers.exe
    C:\Program Files\Plaxo\2.5.10.17\PlaxoHelper.exe
    C:\PROGRA~1\AMERIC~1.0B\waol.exe
    C:\PROGRA~1\mcafee.com\ANTIVI~1\mcshield.exe
    C:\Program Files\Common Files\AOL\1127562966\ee\services\sscFirewallPlugin\ver1_10_3_1\SSCEvtHdlr.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\PROGRA~1\AMERIC~1.0B\shellmon.exe
    C:\WINDOWS\system32\cidaemon.exe
    C:\Program Files\ewido anti-malware\SecuritySuite.exe
    C:\Documents and Settings\Zeus\Desktop\hijack\HijackThis_v1.99.1.exe

    R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 3.0\aoltb.dll
    N3 - Netscape 7: user_pref("browser.startup.homepage", "http://home.netscape.com/bookmark/7_2/home.html"); (C:\Documents and Settings\Zeus\Application Data\Mozilla\Profiles\default\as4lbdz0.slt\prefs.js)
    N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\Zeus\Application Data\Mozilla\Profiles\default\as4lbdz0.slt\prefs.js)
    O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_6_0_0.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 3.0\aoltb.dll
    O3 - Toolbar: &ESPN - {AE6F2894-AF10-4C9C-B16E-1DFC6FF8C0C6} - C:\Program Files\ESPN\Toolbar\DIGToolBar.dll
    O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 3.0\aoltb.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_6_0_0.dll
    O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
    O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb10.exe
    O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
    O4 - HKLM\..\Run: [DIGStream] C:\Program Files\DIGStream\digstream.exe
    O4 - HKLM\..\Run: [DIGServices] C:\Program Files\ESPNRunTime\DIGServices.exe /brand=ESPN /priority=0 /poll=24
    O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1127562966\ee\AOLSoftware.exe
    O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
    O4 - HKLM\..\Run: [AOLSPScheduler] C:\Program Files\Common Files\AOL\1127562966\ee\services\sscAntiSpywarePlugin\ver1_10_3_1\AOLSP Scheduler.exe
    O4 - HKLM\..\Run: [sscRun] C:\Program Files\Common Files\AOL\1127562966\ee\services\sscFirewallPlugin\ver1_10_3_1\SSCRun.exe
    O4 - HKLM\..\Run: [OASClnt] C:\Program Files\mcafee.com\antivirus\oasclnt.exe
    O4 - HKLM\..\Run: [EmailScan] C:\Program Files\mcafee.com\antivirus\mcvsescn.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKLM\..\Run: [IPHSend] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe
    O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
    O4 - HKLM\..\Run: [TraySantaCruz] C:\WINDOWS\system32\tbctray.exe
    O4 - HKCU\..\Run: [BBC News alerts] C:\Program Files\BBC News alerts\skinkers.exe
    O4 - HKCU\..\Run: [PlaxoUpdate] C:\Program Files\Plaxo\2.5.10.17\PlaxoHelper.exe -a
    O4 - HKCU\..\Run: [Extreme Messenger for AIM] C:\Program Files\Extreme Messenger\ExtremeMessenger.exe nosplash
    O4 - HKCU\..\Run: [Zinio DLM] C:\Program Files\Zinio\ZinioDeliveryManager.exe /autostart
    O4 - HKCU\..\Run: [AOL Fast Start] "C:\PROGRA~1\AMERIC~1.0B\AOL.EXE" -b
    O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
    O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\WINDOWS\System32\shdocvw.dll
    O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 3.0\aoltb.dll
    O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
    O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: Aces Up! by pogo - http://game1.pogo.com/applet-6.1.3.28/aces/aces-ob-assets.cab
    O16 - DPF: Blackjack by pogo - http://game1.pogo.com/applet-6.2.1.27/blackjack/blackjack-ob-assets.cab
    O16 - DPF: Texas Hold'em Poker by pogo - http://game1.pogo.com/applet-6.3.3.38/holdem/holdem-ob-assets.cab
    O16 - DPF: Tri-Peaks by pogo - http://game1.pogo.com/applet-6.1.3.28/peaks/peaks-ob-assets.cab
    O16 - DPF: Word Whomp Whackdown by pogo - http://whackdown.pogo.com/applet-6.0.3.35/whackdown/whackdown-ob-assets.cab
    O16 - DPF: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} (Web Browser Applet Control) - http://holdem2.pogo.com/applet-5.9.1.18/jvmtest
    O16 - DPF: {08BEF711-06DA-48B2-9534-802ECAA2E4F9} (PlxInstall Class) - https://www.plaxo.com/down/latest/PlaxoInstall.cab
    O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yinst20040510.cab
    O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cab
    O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} - http://aolcc.aol.com/computercheckup/qdiagcc.cab
    O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.av.aol.com/molbin/shared/mcinsctl/en-us/4,0,0,83/mcinsctl.cab
    O16 - DPF: {5D66B431-8A5B-4ECA-AED6-6F4F411E1773} (AOLLaunch Class) - http://www.disneyblast.go.com/setup/activex/AOLLauncher.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1138668142639
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1138666285549
    O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://tv.disney.go.com/global/download/otoy/OTOYAX29b.cab
    O16 - DPF: {83EF1847-D835-490B-8D9D-90B2987D66E8} - http://pictures.aolcdn.com/ap/Resources/1.0.2.19.b//cab/YgpUploader.9.3.2.3.cab
    O16 - DPF: {8DD733A8-353A-4E93-AB85-93CA8DC96F6A} (ActivatorControl1 Class) - https://objects.aol.com/activator/en-us/Activator.cab
    O16 - DPF: {9A065115-8F53-4588-AF1D-EF58AE736B3F} (AOL Newport ScreenSaver Ctrl) - http://pictures.aolcdn.com/ap/Resources/1.0.2.19.b//cab/YGPPicScreensaver.en-US.9.3.2.0.cab
    O16 - DPF: {A97B2058-825A-4B18-93CE-1483855578D1} (AOL Newport Editor Ctrl) - http://pictures.aolcdn.com/ap/Resources/1.0.2.19.b//cab/PicEditor.en-US.9.3.2.1.cab
    O16 - DPF: {B49C4597-8721-4789-9250-315DFBD9F525} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/radio/ampx/ampx2.6.1.11_en_dl.cab
    O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.av.aol.com/molbin/shared/mcgdmgr/en-us/1,0,0,20/mcgdmgr.cab
    O16 - DPF: {BE71A78B-77DB-451C-A761-59B37022D544} (AOL Newport Downloader Ctrl) - http://pictures.aolcdn.com/ap/Resources/1.0.2.19.b//cab/YGPPicDownload.en-US.9.3.2.0.cab
    O16 - DPF: {C02226EB-A5D7-4B1F-BD7E-635E46C2288D} (Toontown Installer ActiveX Control) - http://download.toontown.com/sv1.0.15.26/ttinst.cab
    O16 - DPF: {CC32D4D8-2A0B-4CEB-B105-C9B968379105} (CGameManagerCtrl Object) - https://disney.go.com/games/downloads/gamemanager/DIGGameManager.cab
    O16 - DPF: {E876D003-BCDE-11D3-9131-000094B61529} - https://project1.eroom.net/eRoomSetup/client.cab
    O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/aio/en/check/qdiagh.cab?322
    O16 - DPF: {F54C1137-5E34-4B95-95A5-BA56D4D8D743} (Secure Delivery) - http://www.gamespot.com/KDX22/download/kdx.cab
    O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
    O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
    O23 - Service: AOL Antivirus Update Service (aolavupd) - America Online - C:\Program Files\Common Files\AOL\1127562966\ee\services\sscFirewallPlugin\ver1_10_3_1\aolavupd.exe
    O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
    O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: McAfee McShield (McShield) - McAfee Inc. - C:\PROGRA~1\mcafee.com\ANTIVI~1\mcshield.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

    ---------------------------------------------------------
    ewido anti-malware - Scan report
    ---------------------------------------------------------

    + Created on: 1:08:40 PM, 6/7/2006
    + Report-Checksum: 9380BD16

    + Scan result:

    C:\Documents and Settings\Zeus\Cookies\zeus@2o7[1].txt -> TrackingCookie.2o7 : Ignored
    C:\Documents and Settings\Zeus\Cookies\zeus@trafficmp[2].txt -> TrackingCookie.Trafficmp : Ignored
    C:\Documents and Settings\zeus morand\Cookies\zeus morand@com[1].txt -> TrackingCookie.Com : Ignored
    C:\Documents and Settings\zeusworks inc\Cookies\zeusworks inc@adopt.specificclick[2].txt -> TrackingCookie.Specificclick : Ignored
    C:\mtb.cab/MSVCIIRTD.DLL -> Adware.MyTool : Ignored
    :mozilla.6:C:\Documents and Settings\Zeus\Application Data\Mozilla\Profiles\default\as4lbdz0.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
    :mozilla.7:C:\Documents and Settings\Zeus\Application Data\Mozilla\Profiles\default\as4lbdz0.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
    :mozilla.8:C:\Documents and Settings\Zeus\Application Data\Mozilla\Profiles\default\as4lbdz0.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
    :mozilla.9:C:\Documents and Settings\Zeus\Application Data\Mozilla\Profiles\default\as4lbdz0.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
    :mozilla.10:C:\Documents and Settings\Zeus\Application Data\Mozilla\Profiles\default\as4lbdz0.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
    :mozilla.11:C:\Documents and Settings\Zeus\Application Data\Mozilla\Profiles\default\as4lbdz0.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
    :mozilla.12:C:\Documents and Settings\Zeus\Application Data\Mozilla\Profiles\default\as4lbdz0.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
    :mozilla.13:C:\Documents and Settings\Zeus\Application Data\Mozilla\Profiles\default\as4lbdz0.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
    :mozilla.14:C:\Documents and Settings\Zeus\Application Data\Mozilla\Profiles\default\as4lbdz0.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
    :mozilla.15:C:\Documents and Settings\Zeus\Application Data\Mozilla\Profiles\default\as4lbdz0.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
    :mozilla.16:C:\Documents and Settings\Zeus\Application Data\Mozilla\Profiles\default\as4lbdz0.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
    :mozilla.17:C:\Documents and Settings\Zeus\Application Data\Mozilla\Profiles\default\as4lbdz0.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
    :mozilla.18:C:\Documents and Settings\Zeus\Application Data\Mozilla\Profiles\default\as4lbdz0.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
    :mozilla.19:C:\Documents and Settings\Zeus\Application Data\Mozilla\Profiles\default\as4lbdz0.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
    :mozilla.20:C:\Documents and Settings\Zeus\Application Data\Mozilla\Profiles\default\as4lbdz0.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
    :mozilla.21:C:\Documents and Settings\Zeus\Application Data\Mozilla\Profiles\default\as4lbdz0.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
    :mozilla.22:C:\Documents and Settings\Zeus\Application Data\Mozilla\Profiles\default\as4lbdz0.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
    C:\Documents and Settings\Zeus\Cookies\zeus@ads.addynamix[1].txt -> TrackingCookie.Addynamix : Cleaned with backup
    C:\Documents and Settings\Zeus\Cookies\zeus@cnn.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
    C:\Documents and Settings\Zeus\Cookies\zeus@e-2dj6wgmicjdpalp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
    C:\Documents and Settings\Zeus\Cookies\zeus@fastclick[1].txt -> TrackingCookie.Fastclick : Cleaned with backup
    C:\Documents and Settings\Zeus\Cookies\zeus@statcounter[2].txt -> TrackingCookie.Statcounter : Cleaned with backup
    C:\Documents and Settings\Zeus\Cookies\zeus@tacoda[1].txt -> TrackingCookie.Tacoda : Cleaned with backup
    C:\Documents and Settings\Zeus\Cookies\zeus@tribalfusion[1].txt -> TrackingCookie.Tribalfusion : Cleaned with backup
    C:\Documents and Settings\Zeus\Cookies\zeus@z1.adserver[1].txt -> TrackingCookie.Adserver : Cleaned with backup


    ::Report End

     
  15. JaPK

    JaPK Regular member

    Joined:
    Feb 23, 2006
    Messages:
    1,269
    Likes Received:
    0
    Trophy Points:
    46
    @zeusworks

    Ok good, you're clean now :)

    You should update your Java (old version has all kinds of vulnerabilities)

    1. Click "Start"-> "Control panel" -> Double-click Java icon (coffee cup)
    2. Move to "Update" tab and update Java by clicking "Update Now". After that do a restart.
    3. If you can't make automatic update, get new version manually from here -> http://java.sun.com/j2se/1.5.0/download.jsp
    4. After updating, uninstall the old Java if found from Add/Remove Programs, named as J2SE Runtime Environment 5.0 Update 6

    Now that you're clean, here are some tips how to stay clean.

    -> Stand Up and Be Counted, Malware Complaints -> http://www.malwarecomplaints.info
    The site offers people who have been (or are) victims of malware the opportunity to document their story and, in that way, launch a complaint against the malware and the makers of the malware.

    -> Clear your system restore -> http://www.microsoft.com/windowsxp/using/helpandsupport/learnmore/tips/mcgill1.mspx
    This will clear the system restore folders from possible malware that was left behind during the cleaning process. Remember to create a new restore point after the cleaning.

    -> Use CCleaner -> http://www.ccleaner.com
    Download and install CCleaner. Clean your registry and temporary files with it regularly.

    -> Use Ad-Aware -> http://www.bleepingcomputer.com/forums/?showtutorial=48
    Download and install Ad-Aware. Update it and scan your computer regularly with it.

    -> Use Ewido -> http://www.ewido.net/en
    Download and install Ewido. Update it and scan your computer regularly with it.

    -> Install SpywareBlaster -> http://www.javacoolsoftware.com/spywareblaster.html
    SpywareBlaster will prevent spyware from being installed to your computer.

    -> Install MVPS Hosts file -> http://mvps.org/winhelp2002/hosts.htm
    This prevents your computer from connecting to harmful sites.

    -> Change your browser to Firefox -> http://www.mozilla.org
    Firefox is faster, safer and quicker browser than Internet Explorer.

    -> Keep your systen up-to-date -> http://windowsupdate.microsoft.com
    Visit Windows Update regularly.

    -> Keep your antivirus and firewall up-to-date
    Scan your computer regularly with your antivirus.

    -> Read this article by TonyKlein -> http://castlecops.com/postlite7736-.html
    So how did I get infected in the first place?

    Stay clean ;)

    -------------------------------------------------------

    @rm6789er

    Ok you got some infections...

    Download SmitfraudFix.zip to your desktop -> http://siri.urz.free.fr/Fix/SmitfraudFix.zip

    Unzip it (folder named SmitFraudFix) to your desktop:

    Open the folder SmitfraudFix and doubleclick smitfraudfix.cmd
    Choose option #1 - Search by typing 1 and pressing "Enter"; a textfile opens and lists the infected files (if those exist)

    Post the contents of this textfile to here.

    (Some antiviruses recognises process.exe as a malware. It is not malware, it is a program that stops processes)
     
  16. zeusworks

    zeusworks Member

    Joined:
    May 31, 2006
    Messages:
    44
    Likes Received:
    0
    Trophy Points:
    16
    Thank you so much JaPK. you are a lifesaver.
    Zeus
     
  17. JaPK

    JaPK Regular member

    Joined:
    Feb 23, 2006
    Messages:
    1,269
    Likes Received:
    0
    Trophy Points:
    46
    You're welcome :)
     
    Last edited: Jun 8, 2006
  18. rm6789er

    rm6789er Member

    Joined:
    Jun 7, 2006
    Messages:
    4
    Likes Received:
    0
    Trophy Points:
    11
    Here is my smitfraudfix log

    SmitFraudFix v2.56

    Scan done at 14:01:09.79, Thu 06/08/2006
    Run from C:\Documents and Settings\Ryan\Desktop\smitfraud\SmitfraudFix
    OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
    Fix ran in normal mode

    »»»»»»»»»»»»»»»»»»»»»»»» C:\


    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32

    C:\WINDOWS\system32\dcomcfg.exe FOUND !
    C:\WINDOWS\system32\hp???.tmp FOUND !
    C:\WINDOWS\system32\hp????.tmp FOUND !
    C:\WINDOWS\system32\ld????.tmp FOUND !
    C:\WINDOWS\system32\ot.ico FOUND !
    C:\WINDOWS\system32\simpole.tlb FOUND !
    C:\WINDOWS\system32\stdole3.tlb FOUND !
    C:\WINDOWS\system32\ts.ico FOUND !
    C:\WINDOWS\system32\1024\ FOUND !

    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles


    »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Ryan\Application Data


    »»»»»»»»»»»»»»»»»»»»»»»» Start Menu

    C:\DOCUME~1\Ryan\STARTM~1\Programs\MalwareWipe FOUND !

    »»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\Ryan\FAVORI~1

    C:\DOCUME~1\Ryan\FAVORI~1\Antivirus Test Online.url FOUND !

    »»»»»»»»»»»»»»»»»»»»»»»» Desktop

    C:\DOCUME~1\ALLUSE~1\Desktop\Online Security Guide.url FOUND !

    »»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files


    »»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys


    »»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
    "Source"="About:Home"
    "SubscribedURL"="About:Home"
    "FriendlyName"="My Current Home Page"


    »»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
    !!!Attention, following keys are not inevitably infected!!!

    SrchSTS.exe by S!Ri
    Search SharedTaskScheduler's .dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
    "{aea3d2df-2b2c-4d7b-81a0-d975c6dc088e}"="alongshore"

    [HKEY_CLASSES_ROOT\CLSID\{aea3d2df-2b2c-4d7b-81a0-d975c6dc088e}\InProcServer32]
    @="C:\WINDOWS\system32\yhbdupd.dll"

    [HKEY_CURRENT_USER\Software\Classes\CLSID\{aea3d2df-2b2c-4d7b-81a0-d975c6dc088e}\InProcServer32]
    @="C:\WINDOWS\system32\yhbdupd.dll"


    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
    "{5aaf6542-f4ba-4df4-873d-4902ecbe794c}"="antitragus"

    [HKEY_CLASSES_ROOT\CLSID\{5aaf6542-f4ba-4df4-873d-4902ecbe794c}\InProcServer32]
    @="C:\WINDOWS\system32\asxbbx.dll"

    [HKEY_CURRENT_USER\Software\Classes\CLSID\{5aaf6542-f4ba-4df4-873d-4902ecbe794c}\InProcServer32]
    @="C:\WINDOWS\system32\asxbbx.dll"


    »»»»»»»»»»»»»»»»»»»»»»»» Scanning wininet.dll infection


    »»»»»»»»»»»»»»»»»»»»»»»» End

     
  19. JaPK

    JaPK Regular member

    Joined:
    Feb 23, 2006
    Messages:
    1,269
    Likes Received:
    0
    Trophy Points:
    46
    Hi rm6789er.

    Ok you got a quite nice collection of malware there... It is a shame to destroy it ;)

    You don't have a firewall on your computer. Download and install one firewall.

    These are good (free) firewalls:
    ZoneAlarm --> http://www.zonelabs.com
    Kerio--> http://www.sunbelt-software.com/Kerio.cfm
    Outpost-> http://www.agnitum.com

    Cleaning instructions:

    Move HijackThis into its own folder C:\HJT

    Update your Ewido.

    Go to Control Panel -> Add/Remove programs -> Remove P2pnetworks, Kazaa, Ares or similar if found

    Download LQfix.exe© to your desktop -> http://www.downloads.subratam.org/LQfix.exe

    -> Doubleclick the file LQfix.exe and click Next > Next > Install.
    -> Don't touch the settings, if you do, the cleaning will fail!
    -> You're going to need an active internet connection so make sure that nothing is blocking it.
    -> Make sure that Launch LQfix option is checked.
    -> Click Finish option, cleaning begins.
    -> Follow the instructions on the screen.
    -> Your computer will reboot when the cleaning tool is ready.
    -> Be patient after the reboot, the script is running in the background.

    Run HijackThis. Press Do a system scan only, then close all other windows, checkmark the following entries and press Fix checked

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = prosearching.com
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchURL = prosearching.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = prosearching.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = prosearching.com
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = prosearching.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchURL = prosearching.com
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = prosearching.com
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = prosearching.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page_bak = prosearching.com
    O4 - HKLM\..\Run: [Microsoft System DLL Services Configuration] windir32.exe
    O4 - HKLM\..\Run: [System service68] C:\WINDOWS\\etb\pokapoka68.exe
    O4 - HKLM\..\Run: [System service69] C:\WINDOWS\\etb\pokapoka69.exe
    O4 - HKLM\..\Run: [MediaPipe P2P Loader] "C:\Program Files\p2pnetworks\mpp2pl.exe" /H
    O4 - HKLM\..\Run: [f898c1eb.exe] C:\WINDOWS\system32\f898c1eb.exe
    O4 - HKLM\..\RunServices: [Microsoft System DLL Services Configuration] windir32.exe
    O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares Lite Edition\Ares.exe" -h
    O4 - HKCU\..\Run: [SOProc_RegSoAlertWxLiteNnAj] rundll32 shell32.dll,ShellExec_RunDLL C:\PROGRA~1\SoftwareOnline\soproc.exe -pack RegSoAlertWxLiteNnAj
    O4 - HKCU\..\Run: [f898c1eb.exe] C:\Documents and Settings\Ryan\Local Settings\Application Data\f898c1eb.exe
    O16 - DPF: {74CD40EA-EF77-4BAD-808A-B5982DA73F20} - http://yax-download.yazzle.net/YazzleActiveX.cab?refid=1123
    O20 - Winlogon Notify: winexy32 - C:\WINDOWS\SYSTEM32\winexy32.dll

    Make your hidden files visible -> http://www.bleepingcomputer.com/tutorials/tutorial62.html
    Restart your computer to the safemode -> http://www.pchell.com/support/safemode.shtml

    Delete these folders (if found):
    C:\Program Files\p2pnetworks
    C:\Program Files\Kazaa
    C:\Program Files\Ares Lite Edition
    C:\Program Files\SoftwareOnline

    Delete these files (if found):
    C:\WINDOWS\system32\f898c1eb.exe
    C:\Documents and Settings\Ryan\Local Settings\Application Data\f898c1eb.exe
    C:\WINDOWS\SYSTEM32\winexy32.dll

    Use the Windows "search" function
    -> Start
    -> Search
    -> All files and folders
    -> More advanced options

    Checkmark these options:
    - "Search system folders"
    - "Search hidden files and folders"
    - "Search subfolders"

    ->Search for this and delete if found: windir32.exe

    Scan and clean your computer with Ewido and save the report.

    When in safemode, open SmitfraudFix folder and doubleclick the file smitfraudfix.cmd
    Choose option #2 - Clean by typing 2 and pressing "Enter" in order to remove the infected files.

    You are asked: "Registry cleaning - Do you want to clean the registry ?"; answer "Yes" by typing Y and press "Enter" in order to remove your desktop wallpaper and the infected registry keys.

    The tool checks if wininet.dll file is infected. You might be asked to replace the infected .dll (if found); answer "Yes" by typing Y and press "Enter".

    The tool might have to restart your computer; if it won't do it, restart your computer back to normal mode.
    A textfile will appear after the cleaning process, copy this file and paste it to here.

    Tha log is saved to your local diskdrive, usually C:\rapport.txt.

    Warning : Running option 2 in a clean computer will delete your desktop wallpaper.


    Clean the Recycle bin and make your hidden files visible again.

    Restart your computer normally.

    Post the following logs to here:
    -> a fresh HijackThis log
    -> Ewido's log
    -> contents of C:\rapport.txt
     
    Last edited: Jun 8, 2006
  20. rm6789er

    rm6789er Member

    Joined:
    Jun 7, 2006
    Messages:
    4
    Likes Received:
    0
    Trophy Points:
    11
    Ok, I followed the instructions the best i could. Some of the files listed from the hijackthis log were not there. I wasn't sure if this was good or bad. Here are the logs.

    Logfile of HijackThis v1.99.1
    Scan saved at 6:54:36 PM, on 6/8/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\PROGRA~1\CACHEM~1\CachemanXP.exe
    C:\Program Files\Symantec AntiVirus\DefWatch.exe
    C:\Program Files\ewido anti-malware\ewidoctrl.exe
    C:\Program Files\ewido anti-malware\ewidoguard.exe
    C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\WINDOWS\system32\nvsvc32.exe
    C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
    C:\Program Files\Symantec AntiVirus\SavRoam.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Symantec AntiVirus\Rtvscan.exe
    C:\WINDOWS\system32\WgaTray.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\PRISMSVR.EXE
    C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
    C:\Program Files\ASUS\Probe\AsusProb.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\Program Files\D-Tools\daemon.exe
    C:\Program Files\Google\Gmail Notifier\G001-1.0.25.0\gnotify.exe
    C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\WINDOWS\system32\f898c1eb.exe
    C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    C:\Program Files\Sony Handheld\HOTSYNC.EXE
    C:\Program Files\Impulse\PolicyKey.exe
    C:\Program Files\Dell Wireless\PRISMCFG.exe
    C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
    C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
    C:\Program Files\Google\Google Desktop Search\GoogleDesktopOE.exe
    C:\Program Files\Azureus\Azureus.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\WINDOWS\Explorer.EXE
    C:\HJT\HijackThis_v1.99.1.exe

    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
    O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [ASUS Probe] C:\Program Files\ASUS\Probe\AsusProb.exe
    O4 - HKLM\..\Run: [NVidia System Utility] "C:\Program Files\NVIDIA Corporation\NVIDIA System Utility\\NVSystemUtility.exe" clear
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
    O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\G001-1.0.25.0\gnotify.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\Symantec AntiVirus\VPTray.exe
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [f898c1eb.exe] C:\WINDOWS\system32\f898c1eb.exe
    O4 - HKCU\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [SOProc_RegSoAlertWxLiteNnAj] rundll32 shell32.dll,ShellExec_RunDLL C:\PROGRA~1\SoftwareOnline\soproc.exe -pack RegSoAlertWxLiteNnAj
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [f898c1eb.exe] C:\Documents and Settings\Ryan\Local Settings\Application Data\f898c1eb.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: HotSync Manager.lnk = C:\Program Files\Sony Handheld\HOTSYNC.EXE
    O4 - Global Startup: Policy Key.lnk = C:\Program Files\Impulse\PolicyKey.exe
    O4 - Global Startup: Wireless USB 2.0 WLAN Card Utility.lnk = ?
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Housecall ActiveX 6.5) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
    O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O23 - Service: CachemanXP (CachemanXPService) - OuterTechnologies - C:\PROGRA~1\CACHEM~1\CachemanXP.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
    O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
    O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
    O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
    O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe

    SmitFraudFix v2.56

    Scan done at 18:43:07.48, Thu 06/08/2006
    Run from C:\Documents and Settings\Ryan\Desktop\smitfraud\SmitfraudFix
    OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
    Fix ran in safe mode

    »»»»»»»»»»»»»»»»»»»»»»»» Before SmitFraudFix
    !!!Attention, following keys are not inevitably infected!!!

    SrchSTS.exe by S!Ri
    Search SharedTaskScheduler's .dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
    "{aea3d2df-2b2c-4d7b-81a0-d975c6dc088e}"="alongshore"

    [HKEY_CLASSES_ROOT\CLSID\{aea3d2df-2b2c-4d7b-81a0-d975c6dc088e}\InProcServer32]
    @="C:\WINDOWS\system32\yhbdupd.dll"

    [HKEY_CURRENT_USER\Software\Classes\CLSID\{aea3d2df-2b2c-4d7b-81a0-d975c6dc088e}\InProcServer32]
    @="C:\WINDOWS\system32\yhbdupd.dll"


    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
    "{5aaf6542-f4ba-4df4-873d-4902ecbe794c}"="antitragus"

    [HKEY_CLASSES_ROOT\CLSID\{5aaf6542-f4ba-4df4-873d-4902ecbe794c}\InProcServer32]
    @="C:\WINDOWS\system32\asxbbx.dll"

    [HKEY_CURRENT_USER\Software\Classes\CLSID\{5aaf6542-f4ba-4df4-873d-4902ecbe794c}\InProcServer32]
    @="C:\WINDOWS\system32\asxbbx.dll"


    »»»»»»»»»»»»»»»»»»»»»»»» Killing process


    »»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files

    C:\WINDOWS\system32\hp???.tmp Deleted
    C:\WINDOWS\system32\ld????.tmp Deleted
    C:\WINDOWS\system32\ot.ico Deleted
    C:\WINDOWS\system32\simpole.tlb Deleted
    C:\WINDOWS\system32\stdole3.tlb Deleted
    C:\WINDOWS\system32\ts.ico Deleted
    C:\DOCUME~1\ALLUSE~1\Desktop\Online Security Guide.url Deleted
    C:\DOCUME~1\Ryan\FAVORI~1\Antivirus Test Online.url Deleted
    C:\DOCUME~1\Ryan\STARTM~1\Programs\MalwareWipe Deleted

    »»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

    GenericRenosFix by S!Ri

    C:\WINDOWS\system32\yhbdupd.dll -> Missing File

    C:\WINDOWS\system32\asxbbx.dll -> Missing File


    »»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files


    »»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

    Registry Cleaning done.

    »»»»»»»»»»»»»»»»»»»»»»»» After SmitFraudFix
    !!!Attention, following keys are not inevitably infected!!!

    SrchSTS.exe by S!Ri
    Search SharedTaskScheduler's .dll


    »»»»»»»»»»»»»»»»»»»»»»»» End

    ---------------------------------------------------------
    ewido anti-malware - Scan report
    ---------------------------------------------------------

    + Created on: 6:42:17 PM, 6/8/2006
    + Report-Checksum: 7F07BFF5

    + Scan result:

    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run\\kernel32.dll -> Trojan.Small : Cleaned with backup
    HKU\S-1-5-21-507921405-1708537768-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2178F3FB-2560-458F-BDEE-631E2FE0DFE4} -> Adware.WinAntiVirus : Cleaned with backup
    :mozilla.15:C:\Documents and Settings\Ryan\Application Data\Mozilla\Firefox\Profiles\uh5cjowa.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned with backup
    :mozilla.16:C:\Documents and Settings\Ryan\Application Data\Mozilla\Firefox\Profiles\uh5cjowa.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned with backup
    :mozilla.17:C:\Documents and Settings\Ryan\Application Data\Mozilla\Firefox\Profiles\uh5cjowa.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
    :mozilla.21:C:\Documents and Settings\Ryan\Application Data\Mozilla\Firefox\Profiles\uh5cjowa.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
    :mozilla.22:C:\Documents and Settings\Ryan\Application Data\Mozilla\Firefox\Profiles\uh5cjowa.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
    :mozilla.23:C:\Documents and Settings\Ryan\Application Data\Mozilla\Firefox\Profiles\uh5cjowa.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
    :mozilla.24:C:\Documents and Settings\Ryan\Application Data\Mozilla\Firefox\Profiles\uh5cjowa.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned with backup
    :mozilla.25:C:\Documents and Settings\Ryan\Application Data\Mozilla\Firefox\Profiles\uh5cjowa.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned with backup
    :mozilla.26:C:\Documents and Settings\Ryan\Application Data\Mozilla\Firefox\Profiles\uh5cjowa.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned with backup
    :mozilla.27:C:\Documents and Settings\Ryan\Application Data\Mozilla\Firefox\Profiles\uh5cjowa.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned with backup
    :mozilla.28:C:\Documents and Settings\Ryan\Application Data\Mozilla\Firefox\Profiles\uh5cjowa.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned with backup
    :mozilla.29:C:\Documents and Settings\Ryan\Application Data\Mozilla\Firefox\Profiles\uh5cjowa.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned with backup
    :mozilla.30:C:\Documents and Settings\Ryan\Application Data\Mozilla\Firefox\Profiles\uh5cjowa.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned with backup
    :mozilla.31:C:\Documents and Settings\Ryan\Application Data\Mozilla\Firefox\Profiles\uh5cjowa.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned with backup
    :mozilla.45:C:\Documents and Settings\Ryan\Application Data\Mozilla\Firefox\Profiles\uh5cjowa.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned with backup
    :mozilla.46:C:\Documents and Settings\Ryan\Application Data\Mozilla\Firefox\Profiles\uh5cjowa.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned with backup
    :mozilla.47:C:\Documents and Settings\Ryan\Application Data\Mozilla\Firefox\Profiles\uh5cjowa.default\cookies.txt -> TrackingCookie.Clickhype : Cleaned with backup
    :mozilla.48:C:\Documents and Settings\Ryan\Application Data\Mozilla\Firefox\Profiles\uh5cjowa.default\cookies.txt -> TrackingCookie.Clickhype : Cleaned with backup
    :mozilla.49:C:\Documents and Settings\Ryan\Application Data\Mozilla\Firefox\Profiles\uh5cjowa.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned with backup
    :mozilla.63:C:\Documents and Settings\Ryan\Application Data\Mozilla\Firefox\Profiles\uh5cjowa.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
    :mozilla.64:C:\Documents and Settings\Ryan\Application Data\Mozilla\Firefox\Profiles\uh5cjowa.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
    :mozilla.65:C:\Documents and Settings\Ryan\Application Data\Mozilla\Firefox\Profiles\uh5cjowa.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
    :mozilla.66:C:\Documents and Settings\Ryan\Application Data\Mozilla\Firefox\Profiles\uh5cjowa.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
    :mozilla.67:C:\Documents and Settings\Ryan\Application Data\Mozilla\Firefox\Profiles\uh5cjowa.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
    :mozilla.68:C:\Documents and Settings\Ryan\Application Data\Mozilla\Firefox\Profiles\uh5cjowa.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
    :mozilla.69:C:\Documents and Settings\Ryan\Application Data\Mozilla\Firefox\Profiles\uh5cjowa.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
    :mozilla.70:C:\Documents and Settings\Ryan\Application Data\Mozilla\Firefox\Profiles\uh5cjowa.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
    :mozilla.80:C:\Documents and Settings\Ryan\Application Data\Mozilla\Firefox\Profiles\uh5cjowa.default\cookies.txt -> TrackingCookie.Sitestat : Cleaned with backup
    :mozilla.81:C:\Documents and Settings\Ryan\Application Data\Mozilla\Firefox\Profiles\uh5cjowa.default\cookies.txt -> TrackingCookie.Sitestat : Cleaned with backup
    :mozilla.84:C:\Documents and Settings\Ryan\Application Data\Mozilla\Firefox\Profiles\uh5cjowa.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
    :mozilla.85:C:\Documents and Settings\Ryan\Application Data\Mozilla\Firefox\Profiles\uh5cjowa.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
    :mozilla.86:C:\Documents and Settings\Ryan\Application Data\Mozilla\Firefox\Profiles\uh5cjowa.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
    :mozilla.87:C:\Documents and Settings\Ryan\Application Data\Mozilla\Firefox\Profiles\uh5cjowa.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
    :mozilla.88:C:\Documents and Settings\Ryan\Application Data\Mozilla\Firefox\Profiles\uh5cjowa.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
    :mozilla.89:C:\Documents and Settings\Ryan\Application Data\Mozilla\Firefox\Profiles\uh5cjowa.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
    :mozilla.90:C:\Documents and Settings\Ryan\Application Data\Mozilla\Firefox\Profiles\uh5cjowa.default\cookies.txt -> TrackingCookie.Cpvfeed : Cleaned with backup
    :mozilla.91:C:\Documents and Settings\Ryan\Application Data\Mozilla\Firefox\Profiles\uh5cjowa.default\cookies.txt -> TrackingCookie.Cpvfeed : Cleaned with backup
    :mozilla.92:C:\Documents and Settings\Ryan\Application Data\Mozilla\Firefox\Profiles\uh5cjowa.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
    :mozilla.94:C:\Documents and Settings\Ryan\Application Data\Mozilla\Firefox\Profiles\uh5cjowa.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned with backup
    :mozilla.95:C:\Documents and Settings\Ryan\Application Data\Mozilla\Firefox\Profiles\uh5cjowa.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned with backup
    :mozilla.102:C:\Documents and Settings\Ryan\Application Data\Mozilla\Firefox\Profiles\uh5cjowa.default\cookies.txt -> TrackingCookie.Cpvfeed : Cleaned with backup
    :mozilla.111:C:\Documents and Settings\Ryan\Application Data\Mozilla\Firefox\Profiles\uh5cjowa.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
    :mozilla.112:C:\Documents and Settings\Ryan\Application Data\Mozilla\Firefox\Profiles\uh5cjowa.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
    :mozilla.122:C:\Documents and Settings\Ryan\Application Data\Mozilla\Firefox\Profiles\uh5cjowa.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
    :mozilla.123:C:\Documents and Settings\Ryan\Application Data\Mozilla\Firefox\Profiles\uh5cjowa.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
    :mozilla.124:C:\Documents and Settings\Ryan\Application Data\Mozilla\Firefox\Profiles\uh5cjowa.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
    :mozilla.125:C:\Documents and Settings\Ryan\Application Data\Mozilla\Firefox\Profiles\uh5cjowa.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
    :mozilla.126:C:\Documents and Settings\Ryan\Application Data\Mozilla\Firefox\Profiles\uh5cjowa.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
    :mozilla.127:C:\Documents and Settings\Ryan\Application Data\Mozilla\Firefox\Profiles\uh5cjowa.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
    :mozilla.128:C:\Documents and Settings\Ryan\Application Data\Mozilla\Firefox\Profiles\uh5cjowa.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
    :mozilla.129:C:\Documents and Settings\Ryan\Application Data\Mozilla\Firefox\Profiles\uh5cjowa.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
    :mozilla.130:C:\Documents and Settings\Ryan\Application Data\Mozilla\Firefox\Profiles\uh5cjowa.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
    :mozilla.137:C:\Documents and Settings\Ryan\Application Data\Mozilla\Firefox\Profiles\uh5cjowa.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
    :mozilla.138:C:\Documents and Settings\Ryan\Application Data\Mozilla\Firefox\Profiles\uh5cjowa.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
    :mozilla.139:C:\Documents and Settings\Ryan\Application Data\Mozilla\Firefox\Profiles\uh5cjowa.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
    :mozilla.140:C:\Documents and Settings\Ryan\Application Data\Mozilla\Firefox\Profiles\uh5cjowa.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
    :mozilla.141:C:\Documents and Settings\Ryan\Application Data\Mozilla\Firefox\Profiles\uh5cjowa.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
    :mozilla.142:C:\Documents and Settings\Ryan\Application Data\Mozilla\Firefox\Profiles\uh5cjowa.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
    :mozilla.143:C:\Documents and Settings\Ryan\Application Data\Mozilla\Firefox\Profiles\uh5cjowa.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
    :mozilla.147:C:\Documents and Settings\Ryan\Application Data\Mozilla\Firefox\Profiles\uh5cjowa.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup
    :mozilla.148:C:\Documents and Settings\Ryan\Application Data\Mozilla\Firefox\Profiles\uh5cjowa.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup
    :mozilla.149:C:\Documents and Settings\Ryan\Application Data\Mozilla\Firefox\Profiles\uh5cjowa.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup
    :mozilla.150:C:\Documents and Settings\Ryan\Application Data\Mozilla\Firefox\Profiles\uh5cjowa.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup
    :mozilla.155:C:\Documents and Settings\Ryan\Application Data\Mozilla\Firefox\Profiles\uh5cjowa.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned with backup
    :mozilla.156:C:\Documents and Settings\Ryan\Application Data\Mozilla\Firefox\Profiles\uh5cjowa.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned with backup
    :mozilla.159:C:\Documents and Settings\Ryan\Application Data\Mozilla\Firefox\Profiles\uh5cjowa.default\cookies.txt -> TrackingCookie.Bluestreak : Cleaned with backup
    :mozilla.200:C:\Documents and Settings\Ryan\Application Data\Mozilla\Firefox\Profiles\uh5cjowa.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
    :mozilla.201:C:\Documents and Settings\Ryan\Application Data\Mozilla\Firefox\Profiles\uh5cjowa.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
    :mozilla.202:C:\Documents and Settings\Ryan\Application Data\Mozilla\Firefox\Profiles\uh5cjowa.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
    :mozilla.203:C:\Documents and Settings\Ryan\Application Data\Mozilla\Firefox\Profiles\uh5cjowa.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
    :mozilla.204:C:\Documents and Settings\Ryan\Application Data\Mozilla\Firefox\Profiles\uh5cjowa.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
    :mozilla.205:C:\Documents and Settings\Ryan\Application Data\Mozilla\Firefox\Profiles\uh5cjowa.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
    :mozilla.206:C:\Documents and Settings\Ryan\Application Data\Mozilla\Firefox\Profiles\uh5cjowa.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
    :mozilla.207:C:\Documents and Settings\Ryan\Application Data\Mozilla\Firefox\Profiles\uh5cjowa.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
    :mozilla.208:C:\Documents and Settings\Ryan\Application Data\Mozilla\Firefox\Profiles\uh5cjowa.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
    :mozilla.209:C:\Documents and Settings\Ryan\Application Data\Mozilla\Firefox\Profiles\uh5cjowa.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
    :mozilla.210:C:\Documents and Settings\Ryan\Application Data\Mozilla\Firefox\Profiles\uh5cjowa.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
    :mozilla.211:C:\Documents and Settings\Ryan\Application Data\Mozilla\Firefox\Profiles\uh5cjowa.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
    :mozilla.212:C:\Documents and Settings\Ryan\Application Data\Mozilla\Firefox\Profiles\uh5cjowa.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
    :mozilla.213:C:\Documents and Settings\Ryan\Application Data\Mozilla\Firefox\Profiles\uh5cjowa.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
    :mozilla.214:C:\Documents and Settings\Ryan\Application Data\Mozilla\Firefox\Profiles\uh5cjowa.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
    :mozilla.215:C:\Documents and Settings\Ryan\Application Data\Mozilla\Firefox\Profiles\uh5cjowa.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
    :mozilla.216:C:\Documents and Settings\Ryan\Application Data\Mozilla\Firefox\Profiles\uh5cjowa.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
    :mozilla.217:C:\Documents and Settings\Ryan\Application Data\Mozilla\Firefox\Profiles\uh5cjowa.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
    :mozilla.218:C:\Documents and Settings\Ryan\Application Data\Mozilla\Firefox\Profiles\uh5cjowa.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
    :mozilla.219:C:\Documents and Settings\Ryan\Application Data\Mozilla\Firefox\Profiles\uh5cjowa.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
    :mozilla.220:C:\Documents and Settings\Ryan\Application Data\Mozilla\Firefox\Profiles\uh5cjowa.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
    :mozilla.221:C:\Documents and Settings\Ryan\Application Data\Mozilla\Firefox\Profiles\uh5cjowa.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
    :mozilla.222:C:\Documents and Settings\Ryan\Application Data\Mozilla\Firefox\Profiles\uh5cjowa.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
    :mozilla.223:C:\Documents and Settings\Ryan\Application Data\Mozilla\Firefox\Profiles\uh5cjowa.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
    :mozilla.224:C:\Documents and Settings\Ryan\Application Data\Mozilla\Firefox\Profiles\uh5cjowa.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
    :mozilla.225:C:\Documents and Settings\Ryan\Application Data\Mozilla\Firefox\Profiles\uh5cjowa.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
    :mozilla.226:C:\Documents and Settings\Ryan\Application Data\Mozilla\Firefox\Profiles\uh5cjowa.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
    :mozilla.227:C:\Documents and Settings\Ryan\Application Data\Mozilla\Firefox\Profiles\uh5cjowa.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
    :mozilla.228:C:\Documents and Settings\Ryan\Application Data\Mozilla\Firefox\Profiles\uh5cjowa.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
    :mozilla.229:C:\Documents and Settings\Ryan\Application Data\Mozilla\Firefox\Profiles\uh5cjowa.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
    :mozilla.230:C:\Documents and Settings\Ryan\Application Data\Mozilla\Firefox\Profiles\uh5cjowa.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
    :mozilla.231:C:\Documents and Settings\Ryan\Application Data\Mozilla\Firefox\Profiles\uh5cjowa.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
    :mozilla.232:C:\Documents and Settings\Ryan\Application Data\Mozilla\Firefox\Profiles\uh5cjowa.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
    :mozilla.233:C:\Documents and Settings\Ryan\Application Data\Mozilla\Firefox\Profiles\uh5cjowa.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
    :mozilla.234:C:\Documents and Settings\Ryan\Application Data\Mozilla\Firefox\Profiles\uh5cjowa.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
    :mozilla.235:C:\Documents and Settings\Ryan\Application Data\Mozilla\Firefox\Profiles\uh5cjowa.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
    :mozilla.236:C:\Documents and Settings\Ryan\Application Data\Mozilla\Firefox\Profiles\uh5cjowa.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
    :mozilla.237:C:\Documents and Settings\Ryan\Application Data\Mozilla\Firefox\Profiles\uh5cjowa.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
    :mozilla.238:C:\Documents and Settings\Ryan\Application Data\Mozilla\Firefox\Profiles\uh5cjowa.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
    :mozilla.239:C:\Documents and Settings\Ryan\Application Data\Mozilla\Firefox\Profiles\uh5cjowa.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
    :mozilla.240:C:\Documents and Settings\Ryan\Application Data\Mozilla\Firefox\Profiles\uh5cjowa.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
    :mozilla.241:C:\Documents and Settings\Ryan\Application Data\Mozilla\Firefox\Profiles\uh5cjowa.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
    :mozilla.242:C:\Documents and Settings\Ryan\Application Data\Mozilla\Firefox\Profiles\uh5cjowa.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
    :mozilla.243:C:\Documents and Settings\Ryan\Application Data\Mozilla\Firefox\Profiles\uh5cjowa.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
    :mozilla.244:C:\Documents and Settings\Ryan\Application Data\Mozilla\Firefox\Profiles\uh5cjowa.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
    :mozilla.245:C:\Documents and Settings\Ryan\Application Data\Mozilla\Firefox\Profiles\uh5cjowa.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
    :mozilla.246:C:\Documents and Settings\Ryan\Application Data\Mozilla\Firefox\Profiles\uh5cjowa.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
    :mozilla.247:C:\Documents and Settings\Ryan\Application Data\Mozilla\Firefox\Profiles\uh5cjowa.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
    :mozilla.248:C:\Documents and Settings\Ryan\Application Data\Mozilla\Firefox\Profiles\uh5cjowa.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
    :mozilla.249:C:\Documents and Settings\Ryan\Application Data\Mozilla\Firefox\Profiles\uh5cjowa.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
    :mozilla.250:C:\Documents and Settings\Ryan\Application Data\Mozilla\Firefox\Profiles\uh5cjowa.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
    :mozilla.251:C:\Documents and Settings\Ryan\Application Data\Mozilla\Firefox\Profiles\uh5cjowa.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
    :mozilla.252:C:\Documents and Settings\Ryan\Application Data\Mozilla\Firefox\Profiles\uh5cjowa.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
    :mozilla.254:C:\Documents and Settings\Ryan\Application Data\Mozilla\Firefox\Profiles\uh5cjowa.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup
    :mozilla.255:C:\Documents and Settings\Ryan\Application Data\Mozilla\Firefox\Profiles\uh5cjowa.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup
    :mozilla.256:C:\Documents and Settings\Ryan\Application Data\Mozilla\Firefox\Profiles\uh5cjowa.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup
    :mozilla.257:C:\Documents and Settings\Ryan\Application Data\Mozilla\Firefox\Profiles\uh5cjowa.default\cookies.txt -> TrackingCookie.Adtech : Cleaned with backup
    :mozilla.258:C:\Documents and Settings\Ryan\Application Data\Mozilla\Firefox\Profiles\uh5cjowa.default\cookies.txt -> TrackingCookie.Adtech : Cleaned with backup
    :mozilla.259:C:\Documents and Settings\Ryan\Application Data\Mozilla\Firefox\Profiles\uh5cjowa.default\cookies.txt -> TrackingCookie.Clickbank : Cleaned with backup
    :mozilla.260:C:\Documents and Settings\Ryan\Application Data\Mozilla\Firefox\Profiles\uh5cjowa.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned with backup
    :mozilla.270:C:\Documents and Settings\Ryan\Application Data\Mozilla\Firefox\Profiles\uh5cjowa.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup
    :mozilla.271:C:\Documents and Settings\Ryan\Application Data\Mozilla\Firefox\Profiles\uh5cjowa.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup
    :mozilla.272:C:\Documents and Settings\Ryan\Application Data\Mozilla\Firefox\Profiles\uh5cjowa.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup
    :mozilla.277:C:\Documents and Settings\Ryan\Application Data\Mozilla\Firefox\Profiles\uh5cjowa.default\cookies.txt -> TrackingCookie.Overture : Cleaned with backup
    :mozilla.278:C:\Documents and Settings\Ryan\Application Data\Mozilla\Firefox\Profiles\uh5cjowa.default\cookies.txt -> TrackingCookie.Overture : Cleaned with backup
    :mozilla.279:C:\Documents and Settings\Ryan\Application Data\Mozilla\Firefox\Profiles\uh5cjowa.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup
    :mozilla.280:C:\Documents and Settings\Ryan\Application Data\Mozilla\Firefox\Profiles\uh5cjowa.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup
    :mozilla.309:C:\Documents and Settings\Ryan\Application Data\Mozilla\Firefox\Profiles\uh5cjowa.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
    :mozilla.310:C:\Documents and Settings\Ryan\Application Data\Mozilla\Firefox\Profiles\uh5cjowa.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
    :mozilla.311:C:\Documents and Settings\Ryan\Application Data\Mozilla\Firefox\Profiles\uh5cjowa.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
    :mozilla.312:C:\Documents and Settings\Ryan\Application Data\Mozilla\Firefox\Profiles\uh5cjowa.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
    :mozilla.313:C:\Documents and Settings\Ryan\Application Data\Mozilla\Firefox\Profiles\uh5cjowa.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
    :mozilla.314:C:\Documents and Settings\Ryan\Application Data\Mozilla\Firefox\Profiles\uh5cjowa.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
    :mozilla.315:C:\Documents and Settings\Ryan\Application Data\Mozilla\Firefox\Profiles\uh5cjowa.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
    :mozilla.316:C:\Documents and Settings\Ryan\Application Data\Mozilla\Firefox\Profiles\uh5cjowa.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
    :mozilla.317:C:\Documents and Settings\Ryan\Application Data\Mozilla\Firefox\Profiles\uh5cjowa.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
    :mozilla.318:C:\Documents and Settings\Ryan\Application Data\Mozilla\Firefox\Profiles\uh5cjowa.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
    :mozilla.319:C:\Documents and Settings\Ryan\Application Data\Mozilla\Firefox\Profiles\uh5cjowa.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
    :mozilla.320:C:\Documents and Settings\Ryan\Application Data\Mozilla\Firefox\Profiles\uh5cjowa.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
    :mozilla.321:C:\Documents and Settings\Ryan\Application Data\Mozilla\Firefox\Profiles\uh5cjowa.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
    :mozilla.322:C:\Documents and Settings\Ryan\Application Data\Mozilla\Firefox\Profiles\uh5cjowa.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
    :mozilla.323:C:\Documents and Settings\Ryan\Application Data\Mozilla\Firefox\Profiles\uh5cjowa.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
    :mozilla.324:C:\Documents and Settings\Ryan\Application Data\Mozilla\Firefox\Profiles\uh5cjowa.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
    :mozilla.325:C:\Documents and Settings\Ryan\Application Data\Mozilla\Firefox\Profiles\uh5cjowa.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
    :mozilla.326:C:\Documents and Settings\Ryan\Application Data\Mozilla\Firefox\Profiles\uh5cjowa.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
    :mozilla.327:C:\Documents and Settings\Ryan\Application Data\Mozilla\Firefox\Profiles\uh5cjowa.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
    :mozilla.328:C:\Documents and Settings\Ryan\Application Data\Mozilla\Firefox\Profiles\uh5cjowa.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
    :mozilla.329:C:\Documents and Settings\Ryan\Application Data\Mozilla\Firefox\Profiles\uh5cjowa.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
    :mozilla.330:C:\Documents and Settings\Ryan\Application Data\Mozilla\Firefox\Profiles\uh5cjowa.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
    :mozilla.331:C:\Documents and Settings\Ryan\Application Data\Mozilla\Firefox\Profiles\uh5cjowa.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
    :mozilla.332:C:\Documents and Settings\Ryan\Application Data\Mozilla\Firefox\Profiles\uh5cjowa.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
    :mozilla.333:C:\Documents and Settings\Ryan\Application Data\Mozilla\Firefox\Profiles\uh5cjowa.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
    :mozilla.334:C:\Documents and Settings\Ryan\Application Data\Mozilla\Firefox\Profiles\uh5cjowa.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
    :mozilla.335:C:\Documents and Settings\Ryan\Application Data\Mozilla\Firefox\Profiles\uh5cjowa.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
    :mozilla.336:C:\Documents and Settings\Ryan\Application Data\Mozilla\Firefox\Profiles\uh5cjowa.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
    :mozilla.337:C:\Documents and Settings\Ryan\Application Data\Mozilla\Firefox\Profiles\uh5cjowa.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
    :mozilla.338:C:\Documents and Settings\Ryan\Application Data\Mozilla\Firefox\Profiles\uh5cjowa.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
    :mozilla.339:C:\Documents and Settings\Ryan\Application Data\Mozilla\Firefox\Profiles\uh5cjowa.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
    :mozilla.340:C:\Documents and Settings\Ryan\Application Data\Mozilla\Firefox\Profiles\uh5cjowa.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
    :mozilla.341:C:\Documents and Settings\Ryan\Application Data\Mozilla\Firefox\Profiles\uh5cjowa.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
    :mozilla.342:C:\Documents and Settings\Ryan\Application Data\Mozilla\Firefox\Profiles\uh5cjowa.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
    :mozilla.343:C:\Documents and Settings\Ryan\Application Data\Mozilla\Firefox\Profiles\uh5cjowa.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
    :mozilla.344:C:\Documents and Settings\Ryan\Application Data\Mozilla\Firefox\Profiles\uh5cjowa.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
    :mozilla.345:C:\Documents and Settings\Ryan\Application Data\Mozilla\Firefox\Profiles\uh5cjowa.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
    :mozilla.346:C:\Documents and Settings\Ryan\Application Data\Mozilla\Firefox\Profiles\uh5cjowa.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
    :mozilla.347:C:\Documents and Settings\Ryan\Application Data\Mozilla\Firefox\Profiles\uh5cjowa.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
    :mozilla.348:C:\Documents and Settings\Ryan\Application Data\Mozilla\Firefox\Profiles\uh5cjowa.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
    :mozilla.349:C:\Documents and Settings\Ryan\Application Data\Mozilla\Firefox\Profiles\uh5cjowa.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
    :mozilla.350:C:\Documents and Settings\Ryan\Application Data\Mozilla\Firefox\Profiles\uh5cjowa.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
    :mozilla.351:C:\Documents and Settings\Ryan\Application Data\Mozilla\Firefox\Profiles\uh5cjowa.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
    :mozilla.352:C:\Documents and Settings\Ryan\Application Data\Mozilla\Firefox\Profiles\uh5cjowa.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
    :mozilla.353:C:\Documents and Settings\Ryan\Application Data\Mozilla\Firefox\Profiles\uh5cjowa.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
    :mozilla.354:C:\Documents and Settings\Ryan\Application Data\Mozilla\Firefox\Profiles\uh5cjowa.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
    :mozilla.355:C:\Documents and Settings\Ryan\Application Data\Mozilla\Firefox\Profiles\uh5cjowa.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
    :mozilla.356:C:\Documents and Settings\Ryan\Application Data\Mozilla\Firefox\Profiles\uh5cjowa.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
    :mozilla.357:C:\Documents and Settings\Ryan\Application Data\Mozilla\Firefox\Profiles\uh5cjowa.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
    :mozilla.358:C:\Documents and Settings\Ryan\Application Data\Mozilla\Firefox\Profiles\uh5cjowa.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
    :mozilla.368:C:\Documents and Settings\Ryan\Application Data\Mozilla\Firefox\Profiles\uh5cjowa.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup
    :mozilla.369:C:\Documents and Settings\Ryan\Application Data\Mozilla\Firefox\Profiles\uh5cjowa.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup
    :mozilla.370:C:\Documents and Settings\Ryan\Application Data\Mozilla\Firefox\Profiles\uh5cjowa.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup
    :mozilla.371:C:\Documents and Settings\Ryan\Application Data\Mozilla\Firefox\Profiles\uh5cjowa.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup
    :mozilla.384:C:\Documents and Settings\Ryan\Application Data\Mozilla\Firefox\Profiles\uh5cjowa.default\cookies.txt -> TrackingCookie.Hotlog : Cleaned with backup
    :mozilla.385:C:\Documents and Settings\Ryan\Application Data\Mozilla\Firefox\Profiles\uh5cjowa.default\cookies.txt -> TrackingCookie.Spylog : Cleaned with backup
    :mozilla.393:C:\Documents and Settings\Ryan\Application Data\Mozilla\Firefox\Profiles\uh5cjowa.default\cookies.txt -> TrackingCookie.Linksynergy : Cleaned with backup
    :mozilla.394:C:\Documents and Settings\Ryan\Application Data\Mozilla\Firefox\Profiles\uh5cjowa.default\cookies.txt -> TrackingCookie.Linksynergy : Cleaned with backup
    :mozilla.397:C:\Documents and Settings\Ryan\Application Data\Mozilla\Firefox\Profiles\uh5cjowa.default\cookies.txt -> TrackingCookie.Com : Cleaned with backup
    :mozilla.431:C:\Documents and Settings\Ryan\Application Data\Mozilla\Firefox\Profiles\uh5cjowa.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
    :mozilla.432:C:\Documents and Settings\Ryan\Application Data\Mozilla\Firefox\Profiles\uh5cjowa.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
    :mozilla.433:C:\Documents and Settings\Ryan\Application Data\Mozilla\Firefox\Profiles\uh5cjowa.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
    :mozilla.434:C:\Documents and Settings\Ryan\Application Data\Mozilla\Firefox\Profiles\uh5cjowa.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
    :mozilla.435:C:\Documents and Settings\Ryan\Application Data\Mozilla\Firefox\Profiles\uh5cjowa.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
    :mozilla.436:C:\Documents and Settings\Ryan\Application Data\Mozilla\Firefox\Profiles\uh5cjowa.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
    :mozilla.437:C:\Documents and Settings\Ryan\Application Data\Mozilla\Firefox\Profiles\uh5cjowa.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
    :mozilla.438:C:\Documents and Settings\Ryan\Application Data\Mozilla\Firefox\Profiles\uh5cjowa.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
    :mozilla.439:C:\Documents and Settings\Ryan\Application Data\Mozilla\Firefox\Profiles\uh5cjowa.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
    :mozilla.440:C:\Documents and Settings\Ryan\Application Data\Mozilla\Firefox\Profiles\uh5cjowa.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
    :mozilla.441:C:\Documents and Settings\Ryan\Application Data\Mozilla\Firefox\Profiles\uh5cjowa.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
    :mozilla.442:C:\Documents and Settings\Ryan\Application Data\Mozilla\Firefox\Profiles\uh5cjowa.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
    :mozilla.443:C:\Documents and Settings\Ryan\Application Data\Mozilla\Firefox\Profiles\uh5cjowa.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
    :mozilla.444:C:\Documents and Settings\Ryan\Application Data\Mozilla\Firefox\Profiles\uh5cjowa.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
    :mozilla.445:C:\Documents and Settings\Ryan\Application Data\Mozilla\Firefox\Profiles\uh5cjowa.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
    :mozilla.446:C:\Documents and Settings\Ryan\Application Data\Mozilla\Firefox\Profiles\uh5cjowa.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
    :mozilla.447:C:\Documents and Settings\Ryan\Application Data\Mozilla\Firefox\Profiles\uh5cjowa.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
    :mozilla.448:C:\Documents and Settings\Ryan\Application Data\Mozilla\Firefox\Profiles\uh5cjowa.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
    :mozilla.449:C:\Documents and Settings\Ryan\Application Data\Mozilla\Firefox\Profiles\uh5cjowa.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
    :mozilla.450:C:\Documents and Settings\Ryan\Application Data\Mozilla\Firefox\Profiles\uh5cjowa.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
    :mozilla.451:C:\Documents and Settings\Ryan\Application Data\Mozilla\Firefox\Profiles\uh5cjowa.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
    :mozilla.452:C:\Documents and Settings\Ryan\Application Data\Mozilla\Firefox\Profiles\uh5cjowa.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
    :mozilla.453:C:\Documents and Settings\Ryan\Application Data\Mozilla\Firefox\Profiles\uh5cjowa.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
    :mozilla.454:C:\Documents and Settings\Ryan\Application Data\Mozilla\Firefox\Profiles\uh5cjowa.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
    :mozilla.455:C:\Documents and Settings\Ryan\Application Data\Mozilla\Firefox\Profiles\uh5cjowa.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
    :mozilla.456:C:\Documents and Settings\Ryan\Application Data\Mozilla\Firefox\Profiles\uh5cjowa.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
    :mozilla.461:C:\Documents and Settings\Ryan\Application Data\Mozilla\Firefox\Profiles\uh5cjowa.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned with backup
    :mozilla.465:C:\Documents and Settings\Ryan\Application Data\Mozilla\Firefox\Profiles\uh5cjowa.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
    :mozilla.468:C:\Documents and Settings\Ryan\Application Data\Mozilla\Firefox\Profiles\uh5cjowa.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
    :mozilla.469:C:\Documents and Settings\Ryan\Application Data\Mozilla\Firefox\Profiles\uh5cjowa.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
    :mozilla.470:C:\Documents and Settings\Ryan\Application Data\Mozilla\Firefox\Profiles\uh5cjowa.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
    :mozilla.471:C:\Documents and Settings\Ryan\Application Data\Mozilla\Firefox\Profiles\uh5cjowa.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
    :mozilla.472:C:\Documents and Settings\Ryan\Application Data\Mozilla\Firefox\Profiles\uh5cjowa.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
    :mozilla.473:C:\Documents and Settings\Ryan\Application Data\Mozilla\Firefox\Profiles\uh5cjowa.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
    :mozilla.474:C:\Documents and Settings\Ryan\Application Data\Mozilla\Firefox\Profiles\uh5cjowa.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
    :mozilla.476:C:\Documents and Settings\Ryan\Application Data\Mozilla\Firefox\Profiles\uh5cjowa.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
    :mozilla.478:C:\Documents and Settings\Ryan\Application Data\Mozilla\Firefox\Profiles\uh5cjowa.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
    :mozilla.480:C:\Documents and Settings\Ryan\Application Data\Mozilla\Firefox\Profiles\uh5cjowa.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned with backup
    :mozilla.481:C:\Documents and Settings\Ryan\Application Data\Mozilla\Firefox\Profiles\uh5cjowa.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned with backup
    :mozilla.488:C:\Documents and Settings\Ryan\Application Data\Mozilla\Firefox\Profiles\uh5cjowa.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
    :mozilla.489:C:\Documents and Settings\Ryan\Application Data\Mozilla\Firefox\Profiles\uh5cjowa.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
    :mozilla.490:C:\Documents and Settings\Ryan\Application Data\Mozilla\Firefox\Profiles\uh5cjowa.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
    :mozilla.491:C:\Documents and Settings\Ryan\Application Data\Mozilla\Firefox\Profiles\uh5cjowa.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
    :mozilla.492:C:\Documents and Settings\Ryan\Application Data\Mozilla\Firefox\Profiles\uh5cjowa.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
    :mozilla.493:C:\Documents and Settings\Ryan\Application Data\Mozilla\Firefox\Profiles\uh5cjowa.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
    :mozilla.494:C:\Documents and Settings\Ryan\Application Data\Mozilla\Firefox\Profiles\uh5cjowa.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
    :mozilla.498:C:\Documents and Settings\Ryan\Application Data\Mozilla\Firefox\Profiles\uh5cjowa.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
    :mozilla.499:C:\Documents and Settings\Ryan\Application Data\Mozilla\Firefox\Profiles\uh5cjowa.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
    :mozilla.500:C:\Documents and Settings\Ryan\Application Data\Mozilla\Firefox\Profiles\uh5cjowa.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
    :mozilla.507:C:\Documents and Settings\Ryan\Application Data\Mozilla\Firefox\Profiles\uh5cjowa.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
    :mozilla.508:C:\Documents and Settings\Ryan\Application Data\Mozilla\Firefox\Profiles\uh5cjowa.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
    :mozilla.509:C:\Documents and Settings\Ryan\Application Data\Mozilla\Firefox\Profiles\uh5cjowa.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
    :mozilla.510:C:\Documents and Settings\Ryan\Application Data\Mozilla\Firefox\Profiles\uh5cjowa.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
    :mozilla.511:C:\Documents and Settings\Ryan\Application Data\Mozilla\Firefox\Profiles\uh5cjowa.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
    :mozilla.567:C:\Documents and Settings\Ryan\Application Data\Mozilla\Firefox\Profiles\uh5cjowa.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
    :mozilla.568:C:\Documents and Settings\Ryan\Application Data\Mozilla\Firefox\Profiles\uh5cjowa.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
    :mozilla.569:C:\Documents and Settings\Ryan\Application Data\Mozilla\Firefox\Profiles\uh5cjowa.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
    :mozilla.570:C:\Documents and Settings\Ryan\Application Data\Mozilla\Firefox\Profiles\uh5cjowa.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
    :mozilla.594:C:\Documents and Settings\Ryan\Application Data\Mozilla\Firefox\Profiles\uh5cjowa.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned with backup
    :mozilla.608:C:\Documents and Settings\Ryan\Application Data\Mozilla\Firefox\Profiles\uh5cjowa.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned with backup
    :mozilla.609:C:\Documents and Settings\Ryan\Application Data\Mozilla\Firefox\Profiles\uh5cjowa.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned with backup
    :mozilla.610:C:\Documents and Settings\Ryan\Application Data\Mozilla\Firefox\Profiles\uh5cjowa.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup
    :mozilla.611:C:\Documents and Settings\Ryan\Application Data\Mozilla\Firefox\Profiles\uh5cjowa.default\cookies.txt -> TrackingCookie.Coremetrics : Cleaned with backup
    :mozilla.615:C:\Documents and Settings\Ryan\Application Data\Mozilla\Firefox\Profiles\uh5cjowa.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup
    :mozilla.616:C:\Documents and Settings\Ryan\Application Data\Mozilla\Firefox\Profiles\uh5cjowa.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup
    :mozilla.617:C:\Documents and Settings\Ryan\Application Data\Mozilla\Firefox\Profiles\uh5cjowa.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup
    :mozilla.618:C:\Documents and Settings\Ryan\Application Data\Mozilla\Firefox\Profiles\uh5cjowa.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup
    :mozilla.619:C:\Documents and Settings\Ryan\Application Data\Mozilla\Firefox\Profiles\uh5cjowa.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup
    :mozilla.654:C:\Documents and Settings\Ryan\Application Data\Mozilla\Firefox\Profiles\uh5cjowa.default\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup
    :mozilla.658:C:\Documents and Settings\Ryan\Application Data\Mozilla\Firefox\Profiles\uh5cjowa.default\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup
    :mozilla.659:C:\Documents and Settings\Ryan\Application Data\Mozilla\Firefox\Profiles\uh5cjowa.default\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup
    :mozilla.660:C:\Documents and Settings\Ryan\Application Data\Mozilla\Firefox\Profiles\uh5cjowa.default\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup
    :mozilla.661:C:\Documents and Settings\Ryan\Application Data\Mozilla\Firefox\Profiles\uh5cjowa.default\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup
    :mozilla.662:C:\Documents and Settings\Ryan\Application Data\Mozilla\Firefox\Profiles\uh5cjowa.default\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup
    :mozilla.663:C:\Documents and Settings\Ryan\Application Data\Mozilla\Firefox\Profiles\uh5cjowa.default\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup
    :mozilla.664:C:\Documents and Settings\Ryan\Application Data\Mozilla\Firefox\Profiles\uh5cjowa.default\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup
    :mozilla.665:C:\Documents and Settings\Ryan\Application Data\Mozilla\Firefox\Profiles\uh5cjowa.default\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup
    :mozilla.666:C:\Documents and Settings\Ryan\Application Data\Mozilla\Firefox\Profiles\uh5cjowa.default\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup
    :mozilla.668:C:\Documents and Settings\Ryan\Application Data\Mozilla\Firefox\Profiles\uh5cjowa.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
    :mozilla.669:C:\Documents and Settings\Ryan\Application Data\Mozilla\Firefox\Profiles\uh5cjowa.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
    :mozilla.677:C:\Documents and Settings\Ryan\Application Data\Mozilla\Firefox\Profiles\uh5cjowa.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned with backup
    :mozilla.678:C:\Documents and Settings\Ryan\Application Data\Mozilla\Firefox\Profiles\uh5cjowa.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned with backup
    :mozilla.679:C:\Documents and Settings\Ryan\Application Data\Mozilla\Firefox\Profiles\uh5cjowa.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned with backup
    :mozilla.692:C:\Documents and Settings\Ryan\Application Data\Mozilla\Firefox\Profiles\uh5cjowa.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
    :mozilla.700:C:\Documents and Settings\Ryan\Application Data\Mozilla\Firefox\Profiles\uh5cjowa.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned with backup
    :mozilla.701:C:\Documents and Settings\Ryan\Application Data\Mozilla\Firefox\Profiles\uh5cjowa.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned with backup
    :mozilla.702:C:\Documents and Settings\Ryan\Application Data\Mozilla\Firefox\Profiles\uh5cjowa.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
    :mozilla.703:C:\Documents and Settings\Ryan\Application Data\Mozilla\Firefox\Profiles\uh5cjowa.default\cookies.txt -> TrackingCookie.Targetnet : Cleaned with backup
    :mozilla.708:C:\Documents and Settings\Ryan\Application Data\Mozilla\Firefox\Profiles\uh5cjowa.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
    :mozilla.709:C:\Documents and Settings\Ryan\Application Data\Mozilla\Firefox\Profiles\uh5cjowa.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
    :mozilla.710:C:\Documents and Settings\Ryan\Application Data\Mozilla\Firefox\Profiles\uh5cjowa.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
    :mozilla.713:C:\Documents and Settings\Ryan\Application Data\Mozilla\Firefox\Profiles\uh5cjowa.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
    :mozilla.720:C:\Documents and Settings\Ryan\Application Data\Mozilla\Firefox\Profiles\uh5cjowa.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
    :mozilla.721:C:\Documents and Settings\Ryan\Application Data\Mozilla\Firefox\Profiles\uh5cjowa.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
    :mozilla.728:C:\Documents and Settings\Ryan\Application Data\Mozilla\Firefox\Profiles\uh5cjowa.default\cookies.txt -> TrackingCookie.Bridgetrack : Cleaned with backup
    :mozilla.729:C:\Documents and Settings\Ryan\Application Data\Mozilla\Firefox\Profiles\uh5cjowa.default\cookies.txt -> TrackingCookie.Bridgetrack : Cleaned with backup
    :mozilla.738:C:\Documents and Settings\Ryan\Application Data\Mozilla\Firefox\Profiles\uh5cjowa.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
    :mozilla.739:C:\Documents and Settings\Ryan\Application Data\Mozilla\Firefox\Profiles\uh5cjowa.default\cookies.txt -> TrackingCookie.Overture : Cleaned with backup
    :mozilla.787:C:\Documents and Settings\Ryan\Application Data\Mozilla\Firefox\Profiles\uh5cjowa.default\cookies.txt -> TrackingCookie.Masterstats : Cleaned with backup
    :mozilla.792:C:\Documents and Settings\Ryan\Application Data\Mozilla\Firefox\Profiles\uh5cjowa.default\cookies.txt -> TrackingCookie.Web-stat : Cleaned with backup
    :mozilla.793:C:\Documents and Settings\Ryan\Application Data\Mozilla\Firefox\Profiles\uh5cjowa.default\cookies.txt -> TrackingCookie.Web-stat : Cleaned with backup
    :mozilla.794:C:\Documents and Settings\Ryan\Application Data\Mozilla\Firefox\Profiles\uh5cjowa.default\cookies.txt -> TrackingCookie.Web-stat : Cleaned with backup
    :mozilla.814:C:\Documents and Settings\Ryan\Application Data\Mozilla\Firefox\Profiles\uh5cjowa.default\cookies.txt -> TrackingCookie.Valuead : Cleaned with backup
    :mozilla.815:C:\Documents and Settings\Ryan\Application Data\Mozilla\Firefox\Profiles\uh5cjowa.default\cookies.txt -> TrackingCookie.Valuead : Cleaned with backup
    :mozilla.816:C:\Documents and Settings\Ryan\Application Data\Mozilla\Firefox\Profiles\uh5cjowa.default\cookies.txt -> TrackingCookie.Valuead : Cleaned with backup
    :mozilla.817:C:\Documents and Settings\Ryan\Application Data\Mozilla\Firefox\Profiles\uh5cjowa.default\cookies.txt -> TrackingCookie.Valuead : Cleaned with backup
    :mozilla.818:C:\Documents and Settings\Ryan\Application Data\Mozilla\Firefox\Profiles\uh5cjowa.default\cookies.txt -> TrackingCookie.Valuead : Cleaned with backup
    :mozilla.819:C:\Documents and Settings\Ryan\Application Data\Mozilla\Firefox\Profiles\uh5cjowa.default\cookies.txt -> TrackingCookie.Valuead : Cleaned with backup
    :mozilla.840:C:\Documents and Settings\Ryan\Application Data\Mozilla\Firefox\Profiles\uh5cjowa.default\cookies.txt -> TrackingCookie.Hitslink : Cleaned with backup
    :mozilla.841:C:\Documents and Settings\Ryan\Application Data\Mozilla\Firefox\Profiles\uh5cjowa.default\cookies.txt -> TrackingCookie.Hitslink : Cleaned with backup
    :mozilla.842:C:\Documents and Settings\Ryan\Application Data\Mozilla\Firefox\Profiles\uh5cjowa.default\cookies.txt -> TrackingCookie.Hitslink : Cleaned with backup
    :mozilla.843:C:\Documents and Settings\Ryan\Application Data\Mozilla\Firefox\Profiles\uh5cjowa.default\cookies.txt -> TrackingCookie.Hitslink : Cleaned with backup
    :mozilla.845:C:\Documents and Settings\Ryan\Application Data\Mozilla\Firefox\Profiles\uh5cjowa.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned with backup
    :mozilla.865:C:\Documents and Settings\Ryan\Application Data\Mozilla\Firefox\Profiles\uh5cjowa.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
    :mozilla.866:C:\Documents and Settings\Ryan\Application Data\Mozilla\Firefox\Profiles\uh5cjowa.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
    :mozilla.867:C:\Documents and Settings\Ryan\Application Data\Mozilla\Firefox\Profiles\uh5cjowa.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
    :mozilla.868:C:\Documents and Settings\Ryan\Application Data\Mozilla\Firefox\Profiles\uh5cjowa.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
    :mozilla.869:C:\Documents and Settings\Ryan\Application Data\Mozilla\Firefox\Profiles\uh5cjowa.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
    :mozilla.870:C:\Documents and Settings\Ryan\Application Data\Mozilla\Firefox\Profiles\uh5cjowa.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
    :mozilla.871:C:\Documents and Settings\Ryan\Application Data\Mozilla\Firefox\Profiles\uh5cjowa.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
    :mozilla.872:C:\Documents and Settings\Ryan\Application Data\Mozilla\Firefox\Profiles\uh5cjowa.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
    :mozilla.873:C:\Documents and Settings\Ryan\Application Data\Mozilla\Firefox\Profiles\uh5cjowa.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
    :mozilla.874:C:\Documents and Settings\Ryan\Application Data\Mozilla\Firefox\Profiles\uh5cjowa.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
    :mozilla.875:C:\Documents and Settings\Ryan\Application Data\Mozilla\Firefox\Profiles\uh5cjowa.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
    :mozilla.876:C:\Documents and Settings\Ryan\Application Data\Mozilla\Firefox\Profiles\uh5cjowa.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
    :mozilla.880:C:\Documents and Settings\Ryan\Application Data\Mozilla\Firefox\Profiles\uh5cjowa.default\cookies.txt -> TrackingCookie.Bfast : Cleaned with backup
    :mozilla.885:C:\Documents and Settings\Ryan\Application Data\Mozilla\Firefox\Profiles\uh5cjowa.default\cookies.txt -> TrackingCookie.Revenue : Cleaned with backup
    :mozilla.896:C:\Documents and Settings\Ryan\Application Data\Mozilla\Firefox\Profiles\uh5cjowa.default\cookies.txt -> TrackingCookie.Coremetrics : Cleaned with backup
    :mozilla.919:C:\Documents and Settings\Ryan\Application Data\Mozilla\Firefox\Profiles\uh5cjowa.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned with backup
    :mozilla.967:C:\Documents and Settings\Ryan\Application Data\Mozilla\Firefox\Profiles\uh5cjowa.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
    :mozilla.968:C:\Documents and Settings\Ryan\Application Data\Mozilla\Firefox\Profiles\uh5cjowa.default\cookies.txt -> TrackingCookie.Valueclick : Cleaned with backup
    :mozilla.969:C:\Documents and Settings\Ryan\Application Data\Mozilla\Firefox\Profiles\uh5cjowa.default\cookies.txt -> TrackingCookie.Valueclick : Cleaned with backup
    :mozilla.970:C:\Documents and Settings\Ryan\Application Data\Mozilla\Firefox\Profiles\uh5cjowa.default\cookies.txt -> TrackingCookie.Valueclick : Cleaned with backup
    C:\Documents and Settings\Ryan\Cookies\ryan@microsoftwga.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
    C:\Documents and Settings\Ryan\Cookies\ryan@partygaming.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
    C:\Documents and Settings\Ryan\Local Settings\Temp\cli4C.tmp -> Trojan.Agent.qt : Cleaned with backup
    C:\Documents and Settings\Ryan\Local Settings\Temp\cli4F.tmp -> Trojan.Agent.qt : Cleaned with backup
    C:\Documents and Settings\Ryan\Local Settings\Temp\cli70.tmp -> Trojan.Agent.qt : Cleaned with backup
    C:\Documents and Settings\Ryan\Local Settings\Temp\cli76.tmp -> Trojan.Agent.qt : Cleaned with backup
    C:\Documents and Settings\Ryan\Local Settings\Temp\temp.fr2A20 -> Downloader.Zlob.rb : Cleaned with backup
    C:\Documents and Settings\Ryan\Local Settings\Temp\temp.fr8FB7 -> Downloader.Zlob.obfuscated : Cleaned with backup
    C:\WINDOWS\system32\1024 -> Trojan.Small : Cleaned with backup
    C:\WINDOWS\system32\1024\ld3079.tmp -> Trojan.Small : Cleaned with backup
    C:\WINDOWS\system32\1024\ld35DD.tmp -> Trojan.Small : Cleaned with backup
    C:\WINDOWS\system32\1024\ld37B8.tmp -> Trojan.Small : Cleaned with backup
    C:\WINDOWS\system32\1024\ld47F2.tmp -> Trojan.Small : Cleaned with backup
    C:\WINDOWS\system32\1024\ld4AFF.tmp -> Trojan.Small : Cleaned with backup
    C:\WINDOWS\system32\1024\ld71E1.tmp -> Trojan.Small : Cleaned with backup
    C:\WINDOWS\system32\1024\ld83DE.tmp -> Trojan.Small : Cleaned with backup
    C:\WINDOWS\system32\1024\ldA7EE.tmp -> Trojan.Small : Cleaned with backup
    C:\WINDOWS\system32\1024\ldBEA4.tmp -> Trojan.Small : Cleaned with backup
    C:\WINDOWS\system32\1024\ldC7CA.tmp -> Trojan.Small : Cleaned with backup
    C:\WINDOWS\system32\1024\ldDF40.tmp -> Trojan.Small : Cleaned with backup
    C:\WINDOWS\system32\1024\ldFE0B.tmp -> Trojan.Small : Cleaned with backup
    C:\WINDOWS\system32\oins.exe -> Downloader.PurityScan.cp : Cleaned with backup
    C:\WINDOWS\Temp\win1290.tmp.exe -> Downloader.Small.cvw : Cleaned with backup


    ::Report End


    Let me know what else I need to do. By the way, you are amazing.
     

Share This Page