Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

TrojanSPM/LX

Started by GirlsDoItToo , Nov 11 2006 03:28 PM

  • Please log in to reply

#1
GirlsDoItToo
Posted 11 November 2006 - 03:28 PM

GirlsDoItToo

    Member

  • Member
  • PipPip
  • 19 posts
I did everything you said I should be before posting these, but my computer still says I have an infection. I want to make sure that I get rid of every bit of it. Please Help!




Here is my HackThis log:

Logfile of HijackThis v1.99.1
Scan saved at 4:26:26 PM, on 11/11/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
c:\PROGRA~1\mcafee.com\vso\OasClnt.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
c:\program files\mcafee.com\vso\mcvsshld.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\Program Files\Nikon\Wireless Camera Setup Utility\NkPtpEnum.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
c:\PROGRA~1\mcafee.com\mps\mscifapp.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\Program Files\Common Files\AOL\1159573950\ee\AOLSoftware.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\PROGRA~1\DELLSU~1\DSAgnt.exe
c:\program files\mcafee.com\agent\mcagent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.myspace.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://desktop.googl...back.html?hl=en
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: ToolBar888 - {C004DEC2-2623-438e-9CA2-C9043AB28508} - C:\Program Files\Common Files\{3C409DB9-0746-1033-1106-051114200001}\MyToolBar.dll (file missing)
O3 - Toolbar: &VSAdd-in - {74DD705D-6834-439C-A735-A6DBE2677452} - C:\Program Files\VSAdd-in\VSAdd-in.dll (file missing)
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe"
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe /startup
O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1159573950\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [IPHSend] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [CTDrive] rundll32.exe C:\WINDOWS\system32\drvjaz.dll,startup
O4 - HKLM\..\Run: [MPSExe] c:\PROGRA~1\mcafee.com\mps\mscifapp.exe /embedding
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [ModemOnHold] C:\Program Files\NetWaiting\netWaiting.exe
O4 - HKCU\..\Run: [DellSupport] "C:\PROGRA~1\DELLSU~1\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Bluetooth Manager.lnk = ?
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra button: (no name) - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O9 - Extra 'Tools' menuitem: McAfee Anti-Phishing Filter - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcaf...01/mcinsctl.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: NkPtpEnumP2 - Unknown owner - C:\Program Files\Nikon\Wireless Camera Setup Utility\NkPtpEnum.exe" -a -d="C:\Program Files\Nikon\Wireless Camera Setup Utility\NkPtpip.dll (file missing)
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe









Here is my AVG Log:

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 10:53:20 PM 11/9/2006

+ Scan result:



C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP59\A0014163.dll -> Adware.Agent : Cleaned.
C:\Program Files\Common Files\{3C409DB9-0746-1033-1106-051114200001}\MyToolBar.dll -> Adware.Softomate : Cleaned.
C:\Program Files\Common Files\{AC409DB9-0746-1033-1106-051114200001}\Update.exe -> Adware.Softomate : Cleaned.
C:\Program Files\Common Files\{AC409DB9-0746-1033-1106-051114200001}\services.dll -> Adware.Softomate : Cleaned.
C:\Program Files\Common Files\Yazzle1162OinAdmin.exe -> Downloader.PurityScan.dc : Cleaned.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP59\A0014155.exe -> Downloader.Zlob.avb : Cleaned.
C:\WINDOWS\system32\ishost.exe -> Downloader.Zlob.avb : Cleaned.
C:\WINDOWS\system32\ismini.exe -> Downloader.Zlob.avb : Cleaned.
C:\Program Files\DIGStream\digstream.exe -> Not-A-Virus.Downloader.Win32.DigStream : Cleaned.
:mozilla.126:C:\Documents and Settings\Her Majesty\Application Data\Mozilla\Firefox\Profiles\o7jnp0ss.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.127:C:\Documents and Settings\Her Majesty\Application Data\Mozilla\Firefox\Profiles\o7jnp0ss.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.128:C:\Documents and Settings\Her Majesty\Application Data\Mozilla\Firefox\Profiles\o7jnp0ss.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.129:C:\Documents and Settings\Her Majesty\Application Data\Mozilla\Firefox\Profiles\o7jnp0ss.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.130:C:\Documents and Settings\Her Majesty\Application Data\Mozilla\Firefox\Profiles\o7jnp0ss.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.131:C:\Documents and Settings\Her Majesty\Application Data\Mozilla\Firefox\Profiles\o7jnp0ss.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.132:C:\Documents and Settings\Her Majesty\Application Data\Mozilla\Firefox\Profiles\o7jnp0ss.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.133:C:\Documents and Settings\Her Majesty\Application Data\Mozilla\Firefox\Profiles\o7jnp0ss.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.134:C:\Documents and Settings\Her Majesty\Application Data\Mozilla\Firefox\Profiles\o7jnp0ss.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.135:C:\Documents and Settings\Her Majesty\Application Data\Mozilla\Firefox\Profiles\o7jnp0ss.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.136:C:\Documents and Settings\Her Majesty\Application Data\Mozilla\Firefox\Profiles\o7jnp0ss.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.137:C:\Documents and Settings\Her Majesty\Application Data\Mozilla\Firefox\Profiles\o7jnp0ss.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.138:C:\Documents and Settings\Her Majesty\Application Data\Mozilla\Firefox\Profiles\o7jnp0ss.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.139:C:\Documents and Settings\Her Majesty\Application Data\Mozilla\Firefox\Profiles\o7jnp0ss.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.140:C:\Documents and Settings\Her Majesty\Application Data\Mozilla\Firefox\Profiles\o7jnp0ss.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.141:C:\Documents and Settings\Her Majesty\Application Data\Mozilla\Firefox\Profiles\o7jnp0ss.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.142:C:\Documents and Settings\Her Majesty\Application Data\Mozilla\Firefox\Profiles\o7jnp0ss.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.143:C:\Documents and Settings\Her Majesty\Application Data\Mozilla\Firefox\Profiles\o7jnp0ss.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.144:C:\Documents and Settings\Her Majesty\Application Data\Mozilla\Firefox\Profiles\o7jnp0ss.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.145:C:\Documents and Settings\Her Majesty\Application Data\Mozilla\Firefox\Profiles\o7jnp0ss.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.146:C:\Documents and Settings\Her Majesty\Application Data\Mozilla\Firefox\Profiles\o7jnp0ss.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.147:C:\Documents and Settings\Her Majesty\Application Data\Mozilla\Firefox\Profiles\o7jnp0ss.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.148:C:\Documents and Settings\Her Majesty\Application Data\Mozilla\Firefox\Profiles\o7jnp0ss.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.149:C:\Documents and Settings\Her Majesty\Application Data\Mozilla\Firefox\Profiles\o7jnp0ss.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.150:C:\Documents and Settings\Her Majesty\Application Data\Mozilla\Firefox\Profiles\o7jnp0ss.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.151:C:\Documents and Settings\Her Majesty\Application Data\Mozilla\Firefox\Profiles\o7jnp0ss.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.152:C:\Documents and Settings\Her Majesty\Application Data\Mozilla\Firefox\Profiles\o7jnp0ss.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.153:C:\Documents and Settings\Her Majesty\Application Data\Mozilla\Firefox\Profiles\o7jnp0ss.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.154:C:\Documents and Settings\Her Majesty\Application Data\Mozilla\Firefox\Profiles\o7jnp0ss.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.756:C:\Documents and Settings\Her Majesty\Application Data\Mozilla\Firefox\Profiles\o7jnp0ss.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.759:C:\Documents and Settings\Her Majesty\Application Data\Mozilla\Firefox\Profiles\o7jnp0ss.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.19:C:\Documents and Settings\D&D Master\Application Data\Mozilla\Firefox\Profiles\gb86q8gm.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.20:C:\Documents and Settings\D&D Master\Application Data\Mozilla\Firefox\Profiles\gb86q8gm.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.21:C:\Documents and Settings\D&D Master\Application Data\Mozilla\Firefox\Profiles\gb86q8gm.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.346:C:\Documents and Settings\Her Majesty\Application Data\Mozilla\Firefox\Profiles\o7jnp0ss.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.347:C:\Documents and Settings\Her Majesty\Application Data\Mozilla\Firefox\Profiles\o7jnp0ss.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.348:C:\Documents and Settings\Her Majesty\Application Data\Mozilla\Firefox\Profiles\o7jnp0ss.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.349:C:\Documents and Settings\Her Majesty\Application Data\Mozilla\Firefox\Profiles\o7jnp0ss.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.350:C:\Documents and Settings\Her Majesty\Application Data\Mozilla\Firefox\Profiles\o7jnp0ss.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.351:C:\Documents and Settings\Her Majesty\Application Data\Mozilla\Firefox\Profiles\o7jnp0ss.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.451:C:\Documents and Settings\Her Majesty\Application Data\Mozilla\Firefox\Profiles\o7jnp0ss.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.459:C:\Documents and Settings\Her Majesty\Application Data\Mozilla\Firefox\Profiles\o7jnp0ss.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.615:C:\Documents and Settings\Her Majesty\Application Data\Mozilla\Firefox\Profiles\o7jnp0ss.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.652:C:\Documents and Settings\Her Majesty\Application Data\Mozilla\Firefox\Profiles\o7jnp0ss.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.653:C:\Documents and Settings\Her Majesty\Application Data\Mozilla\Firefox\Profiles\o7jnp0ss.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.654:C:\Documents and Settings\Her Majesty\Application Data\Mozilla\Firefox\Profiles\o7jnp0ss.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.655:C:\Documents and Settings\Her Majesty\Application Data\Mozilla\Firefox\Profiles\o7jnp0ss.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.656:C:\Documents and Settings\Her Majesty\Application Data\Mozilla\Firefox\Profiles\o7jnp0ss.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.657:C:\Documents and Settings\Her Majesty\Application Data\Mozilla\Firefox\Profiles\o7jnp0ss.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.658:C:\Documents and Settings\Her Majesty\Application Data\Mozilla\Firefox\Profiles\o7jnp0ss.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.659:C:\Documents and Settings\Her Majesty\Application Data\Mozilla\Firefox\Profiles\o7jnp0ss.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.660:C:\Documents and Settings\Her Majesty\Application Data\Mozilla\Firefox\Profiles\o7jnp0ss.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.661:C:\Documents and Settings\Her Majesty\Application Data\Mozilla\Firefox\Profiles\o7jnp0ss.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.662:C:\Documents and Settings\Her Majesty\Application Data\Mozilla\Firefox\Profiles\o7jnp0ss.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.663:C:\Documents and Settings\Her Majesty\Application Data\Mozilla\Firefox\Profiles\o7jnp0ss.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.664:C:\Documents and Settings\Her Majesty\Application Data\Mozilla\Firefox\Profiles\o7jnp0ss.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.665:C:\Documents and Settings\Her Majesty\Application Data\Mozilla\Firefox\Profiles\o7jnp0ss.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.666:C:\Documents and Settings\Her Majesty\Application Data\Mozilla\Firefox\Profiles\o7jnp0ss.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.667:C:\Documents and Settings\Her Majesty\Application Data\Mozilla\Firefox\Profiles\o7jnp0ss.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.668:C:\Documents and Settings\Her Majesty\Application Data\Mozilla\Firefox\Profiles\o7jnp0ss.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.669:C:\Documents and Settings\Her Majesty\Application Data\Mozilla\Firefox\Profiles\o7jnp0ss.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.670:C:\Documents and Settings\Her Majesty\Application Data\Mozilla\Firefox\Profiles\o7jnp0ss.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.671:C:\Documents and Settings\Her Majesty\Application Data\Mozilla\Firefox\Profiles\o7jnp0ss.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.672:C:\Documents and Settings\Her Majesty\Application Data\Mozilla\Firefox\Profiles\o7jnp0ss.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.673:C:\Documents and Settings\Her Majesty\Application Data\Mozilla\Firefox\Profiles\o7jnp0ss.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.674:C:\Documents and Settings\Her Majesty\Application Data\Mozilla\Firefox\Profiles\o7jnp0ss.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.675:C:\Documents and Settings\Her Majesty\Application Data\Mozilla\Firefox\Profiles\o7jnp0ss.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.676:C:\Documents and Settings\Her Majesty\Application Data\Mozilla\Firefox\Profiles\o7jnp0ss.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.773:C:\Documents and Settings\Her Majesty\Application Data\Mozilla\Firefox\Profiles\o7jnp0ss.default\cookies.txt -> TrackingCookie.Adbutler : Cleaned.
:mozilla.797:C:\Documents and Settings\Her Majesty\Application Data\Mozilla\Firefox\Profiles\o7jnp0ss.default\cookies.txt -> TrackingCookie.Adjuggler : Cleaned.
:mozilla.798:C:\Documents and Settings\Her Majesty\Application Data\Mozilla\Firefox\Profiles\o7jnp0ss.default\cookies.txt -> TrackingCookie.Adjuggler : Cleaned.
:mozilla.326:C:\Documents and Settings\Her Majesty\Application Data\Mozilla\Firefox\Profiles\o7jnp0ss.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.336:C:\Documents and Settings\Her Majesty\Application Data\Mozilla\Firefox\Profiles\o7jnp0ss.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.337:C:\Documents and Settings\Her Majesty\Application Data\Mozilla\Firefox\Profiles\o7jnp0ss.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.338:C:\Documents and Settings\Her Majesty\Application Data\Mozilla\Firefox\Profiles\o7jnp0ss.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.339:C:\Documents and Settings\Her Majesty\Application Data\Mozilla\Firefox\Profiles\o7jnp0ss.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.340:C:\Documents and Settings\Her Majesty\Application Data\Mozilla\Firefox\Profiles\o7jnp0ss.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.341:C:\Documents and Settings\Her Majesty\Application Data\Mozilla\Firefox\Profiles\o7jnp0ss.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.460:C:\Documents and Settings\Her Majesty\Application Data\Mozilla\Firefox\Profiles\o7jnp0ss.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.464:C:\Documents and Settings\Her Majesty\Application Data\Mozilla\Firefox\Profiles\o7jnp0ss.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.474:C:\Documents and Settings\Her Majesty\Application Data\Mozilla\Firefox\Profiles\o7jnp0ss.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.475:C:\Documents and Settings\Her Majesty\Application Data\Mozilla\Firefox\Profiles\o7jnp0ss.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.607:C:\Documents and Settings\Her Majesty\Application Data\Mozilla\Firefox\Profiles\o7jnp0ss.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.608:C:\Documents and Settings\Her Majesty\Application Data\Mozilla\Firefox\Profiles\o7jnp0ss.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.609:C:\Documents and Settings\Her Majesty\Application Data\Mozilla\Firefox\Profiles\o7jnp0ss.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.631:C:\Documents and Settings\Her Majesty\Application Data\Mozilla\Firefox\Profiles\o7jnp0ss.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.632:C:\Documents and Settings\Her Majesty\Application Data\Mozilla\Firefox\Profiles\o7jnp0ss.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.634:C:\Documents and Settings\Her Majesty\Application Data\Mozilla\Firefox\Profiles\o7jnp0ss.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.642:C:\Documents and Settings\Her Majesty\Application Data\Mozilla\Firefox\Profiles\o7jnp0ss.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.740:C:\Documents and Settings\Her Majesty\Application Data\Mozilla\Firefox\Profiles\o7jnp0ss.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.741:C:\Documents and Settings\Her Majesty\Application Data\Mozilla\Firefox\Profiles\o7jnp0ss.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.742:C:\Documents and Settings\Her Majesty\Application Data\Mozilla\Firefox\Profiles\o7jnp0ss.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.743:C:\Documents and Settings\Her Majesty\Application Data\Mozilla\Firefox\Profiles\o7jnp0ss.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.744:C:\Documents and Settings\Her Majesty\Application Data\Mozilla\Firefox\Profiles\o7jnp0ss.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.10:C:\Documents and Settings\Her Majesty\Application Data\Mozilla\Firefox\Profiles\o7jnp0ss.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.11:C:\Documents and Settings\Her Majesty\Application Data\Mozilla\Firefox\Profiles\o7jnp0ss.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.12:C:\Documents and Settings\Her Majesty\Application Data\Mozilla\Firefox\Profiles\o7jnp0ss.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.420:C:\Documents and Settings\Her Majesty\Application Data\Mozilla\Firefox\Profiles\o7jnp0ss.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.7:C:\Documents and Settings\Her Majesty\Application Data\Mozilla\Firefox\Profiles\o7jnp0ss.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.8:C:\Documents and Settings\Her Majesty\Application Data\Mozilla\Firefox\Profiles\o7jnp0ss.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.155:C:\Documents and Settings\Her Majesty\Application Data\Mozilla\Firefox\Profiles\o7jnp0ss.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
:mozilla.41:C:\Documents and Settings\D&D Master\Application Data\Mozilla\Firefox\Profiles\gb86q8gm.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
:mozilla.400:C:\Documents and Settings\Her Majesty\Application Data\Mozilla\Firefox\Profiles\o7jnp0ss.default\cookies.txt -> TrackingCookie.Bfast : Cleaned.
:mozilla.324:C:\Documents and Settings\Her Majesty\Application Data\Mozilla\Firefox\Profiles\o7jnp0ss.default\cookies.txt -> TrackingCookie.Bluestreak : Cleaned.
:mozilla.419:C:\Documents and Settings\Her Majesty\Application Data\Mozilla\Firefox\Profiles\o7jnp0ss.default\cookies.txt -> TrackingCookie.Bridgetrack : Cleaned.
:mozilla.592:C:\Documents and Settings\Her Majesty\Application Data\Mozilla\Firefox\Profiles\o7jnp0ss.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.593:C:\Documents and Settings\Her Majesty\Application Data\Mozilla\Firefox\Profiles\o7jnp0ss.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.594:C:\Documents and Settings\Her Majesty\Application Data\Mozilla\Firefox\Profiles\o7jnp0ss.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.597:C:\Documents and Settings\Her Majesty\Application Data\Mozilla\Firefox\Profiles\o7jnp0ss.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.232:C:\Documents and Settings\Her Majesty\Application Data\Mozilla\Firefox\Profiles\o7jnp0ss.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.234:C:\Documents and Settings\Her Majesty\Application Data\Mozilla\Firefox\Profiles\o7jnp0ss.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.239:C:\Documents and Settings\Her Majesty\Application Data\Mozilla\Firefox\Profiles\o7jnp0ss.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.240:C:\Documents and Settings\Her Majesty\Application Data\Mozilla\Firefox\Profiles\o7jnp0ss.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.241:C:\Documents and Settings\Her Majesty\Application Data\Mozilla\Firefox\Profiles\o7jnp0ss.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.242:C:\Documents and Settings\Her Majesty\Application Data\Mozilla\Firefox\Profiles\o7jnp0ss.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.243:C:\Documents and Settings\Her Majesty\Application Data\Mozilla\Firefox\Profiles\o7jnp0ss.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.125:C:\Documents and Settings\Her Majesty\Application Data\Mozilla\Firefox\Profiles\o7jnp0ss.default\cookies.txt -> TrackingCookie.Com : Cleaned.
C:\Documents and Settings\Her Majesty\Cookies\her_majesty@cpvfeed[2].txt -> TrackingCookie.Cpvfeed : Cleaned.
:mozilla.182:C:\Documents and Settings\Her Majesty\Application Data\Mozilla\Firefox\Profiles\o7jnp0ss.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.651:C:\Documents and Settings\Her Majesty\Application Data\Mozilla\Firefox\Profiles\o7jnp0ss.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.688:C:\Documents and Settings\Her Majesty\Application Data\Mozilla\Firefox\Profiles\o7jnp0ss.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.689:C:\Documents and Settings\Her Majesty\Application Data\Mozilla\Firefox\Profiles\o7jnp0ss.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.690:C:\Documents and Settings\Her Majesty\Application Data\Mozilla\Firefox\Profiles\o7jnp0ss.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.691:C:\Documents and Settings\Her Majesty\Application Data\Mozilla\Firefox\Profiles\o7jnp0ss.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.320:C:\Documents and Settings\Her Majesty\Application Data\Mozilla\Firefox\Profiles\o7jnp0ss.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.321:C:\Documents and Settings\Her Majesty\Application Data\Mozilla\Firefox\Profiles\o7jnp0ss.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.322:C:\Documents and Settings\Her Majesty\Application Data\Mozilla\Firefox\Profiles\o7jnp0ss.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.323:C:\Documents and Settings\Her Majesty\Application Data\Mozilla\Firefox\Profiles\o7jnp0ss.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.799:C:\Documents and Settings\Her Majesty\Application Data\Mozilla\Firefox\Profiles\o7jnp0ss.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.800:C:\Documents and Settings\Her Majesty\Application Data\Mozilla\Firefox\Profiles\o7jnp0ss.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.801:C:\Documents and Settings\Her Majesty\Application Data\Mozilla\Firefox\Profiles\o7jnp0ss.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.802:C:\Documents and Settings\Her Majesty\Application Data\Mozilla\Firefox\Profiles\o7jnp0ss.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.227:C:\Documents and Settings\Her Majesty\Application Data\Mozilla\Firefox\Profiles\o7jnp0ss.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.228:C:\Documents and Settings\Her Majesty\Application Data\Mozilla\Firefox\Profiles\o7jnp0ss.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.229:C:\Documents and Settings\Her Majesty\Application Data\Mozilla\Firefox\Profiles\o7jnp0ss.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.230:C:\Documents and Settings\Her Majesty\Application Data\Mozilla\Firefox\Profiles\o7jnp0ss.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.231:C:\Documents and Settings\Her Majesty\Application Data\Mozilla\Firefox\Profiles\o7jnp0ss.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.233:C:\Documents and Settings\Her Majesty\Application Data\Mozilla\Firefox\Profiles\o7jnp0ss.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.235:C:\Documents and Settings\Her Majesty\Application Data\Mozilla\Firefox\Profiles\o7jnp0ss.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.236:C:\Documents and Settings\Her Majesty\Application Data\Mozilla\Firefox\Profiles\o7jnp0ss.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.237:C:\Documents and Settings\Her Majesty\Application Data\Mozilla\Firefox\Profiles\o7jnp0ss.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.238:C:\Documents and Settings\Her Majesty\Application Data\Mozilla\Firefox\Profiles\o7jnp0ss.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.244:C:\Documents and Settings\Her Majesty\Application Data\Mozilla\Firefox\Profiles\o7jnp0ss.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.43:C:\Documents and Settings\D&D Master\Application Data\Mozilla\Firefox\Profiles\gb86q8gm.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.44:C:\Documents and Settings\D&D Master\Application Data\Mozilla\Firefox\Profiles\gb86q8gm.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.813:C:\Documents and Settings\Her Majesty\Application Data\Mozilla\Firefox\Profiles\o7jnp0ss.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.814:C:\Documents and Settings\Her Majesty\Application Data\Mozilla\Firefox\Profiles\o7jnp0ss.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.815:C:\Documents and Settings\Her Majesty\Application Data\Mozilla\Firefox\Profiles\o7jnp0ss.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.817:C:\Documents and Settings\Her Majesty\Application Data\Mozilla\Firefox\Profiles\o7jnp0ss.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.819:C:\Documents and Settings\Her Majesty\Application Data\Mozilla\Firefox\Profiles\o7jnp0ss.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\Her Majesty\Cookies\[email protected][1].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\Her Majesty\Cookies\her_majesty@hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.788:C:\Documents and Settings\Her Majesty\Application Data\Mozilla\Firefox\Profiles\o7jnp0ss.default\cookies.txt -> TrackingCookie.Hitslink : Cleaned.
:mozilla.57:C:\Documents and Settings\Her Majesty\Application Data\Mozilla\Firefox\Profiles\o7jnp0ss.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.62:C:\Documents and Settings\Her Majesty\Application Data\Mozilla\Firefox\Profiles\o7jnp0ss.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.633:C:\Documents and Settings\Her Majesty\Application Data\Mozilla\Firefox\Profiles\o7jnp0ss.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.63:C:\Documents and Settings\Her Majesty\Application Data\Mozilla\Firefox\Profiles\o7jnp0ss.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.64:C:\Documents and Settings\Her Majesty\Application Data\Mozilla\Firefox\Profiles\o7jnp0ss.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.679:C:\Documents and Settings\Her Majesty\Application Data\Mozilla\Firefox\Profiles\o7jnp0ss.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.392:C:\Documents and Settings\Her Majesty\Application Data\Mozilla\Firefox\Profiles\o7jnp0ss.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.492:C:\Documents and Settings\Her Majesty\Application Data\Mozilla\Firefox\Profiles\o7jnp0ss.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.493:C:\Documents and Settings\Her Majesty\Application Data\Mozilla\Firefox\Profiles\o7jnp0ss.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.494:C:\Documents and Settings\Her Majesty\Application Data\Mozilla\Firefox\Profiles\o7jnp0ss.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.48:C:\Documents and Settings\D&D Master\Application Data\Mozilla\Firefox\Profiles\gb86q8gm.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.49:C:\Documents and Settings\D&D Master\Application Data\Mozilla\Firefox\Profiles\gb86q8gm.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.50:C:\Documents and Settings\D&D Master\Application Data\Mozilla\Firefox\Profiles\gb86q8gm.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.51:C:\Documents and Settings\D&D Master\Application Data\Mozilla\Firefox\Profiles\gb86q8gm.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.461:C:\Documents and Settings\Her Majesty\Application Data\Mozilla\Firefox\Profiles\o7jnp0ss.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.462:C:\Documents and Settings\Her Majesty\Application Data\Mozilla\Firefox\Profiles\o7jnp0ss.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.463:C:\Documents and Settings\Her Majesty\Application Data\Mozilla\Firefox\Profiles\o7jnp0ss.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.191:C:\Documents and Settings\Her Majesty\Application Data\Mozilla\Firefox\Profiles\o7jnp0ss.default\cookies.txt -> TrackingCookie.Realtracker : Cleaned.
:mozilla.402:C:\Documents and Settings\Her Majesty\Application Data\Mozilla\Firefox\Profiles\o7jnp0ss.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.403:C:\Documents and Settings\Her Majesty\Application Data\Mozilla\Firefox\Profiles\o7jnp0ss.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.404:C:\Documents and Settings\Her Majesty\Application Data\Mozilla\Firefox\Profiles\o7jnp0ss.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.405:C:\Documents and Settings\Her Majesty\Application Data\Mozilla\Firefox\Profiles\o7jnp0ss.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.406:C:\Documents and Settings\Her Majesty\Application Data\Mozilla\Firefox\Profiles\o7jnp0ss.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.407:C:\Documents and Settings\Her Majesty\Application Data\Mozilla\Firefox\Profiles\o7jnp0ss.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.408:C:\Documents and Settings\Her Majesty\Application Data\Mozilla\Firefox\Profiles\o7jnp0ss.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.409:C:\Documents and Settings\Her Majesty\Application Data\Mozilla\Firefox\Profiles\o7jnp0ss.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.325:C:\Documents and Settings\Her Majesty\Application Data\Mozilla\Firefox\Profiles\o7jnp0ss.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.327:C:\Documents and Settings\Her Majesty\Application Data\Mozilla\Firefox\Profiles\o7jnp0ss.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.328:C:\Documents and Settings\Her Majesty\Application Data\Mozilla\Firefox\Profiles\o7jnp0ss.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.329:C:\Documents and Settings\Her Majesty\Application Data\Mozilla\Firefox\Profiles\o7jnp0ss.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.330:C:\Documents and Settings\Her Majesty\Application Data\Mozilla\Firefox\Profiles\o7jnp0ss.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.331:C:\Documents and Settings\Her Majesty\Application Data\Mozilla\Firefox\Profiles\o7jnp0ss.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.332:C:\Documents and Settings\Her Majesty\Application Data\Mozilla\Firefox\Profiles\o7jnp0ss.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.333:C:\Documents and Settings\Her Majesty\Application Data\Mozilla\Firefox\Profiles\o7jnp0ss.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.334:C:\Documents and Settings\Her Majesty\Application Data\Mozilla\Firefox\Profiles\o7jnp0ss.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.335:C:\Documents and Settings\Her Majesty\Application Data\Mozilla\Firefox\Profiles\o7jnp0ss.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.683:C:\Documents and Settings\Her Majesty\Application Data\Mozilla\Firefox\Profiles\o7jnp0ss.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.684:C:\Documents and Settings\Her Majesty\Application Data\Mozilla\Firefox\Profiles\o7jnp0ss.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.685:C:\Documents and Settings\Her Majesty\Application Data\Mozilla\Firefox\Profiles\o7jnp0ss.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.686:C:\Documents and Settings\Her Majesty\Application Data\Mozilla\Firefox\Profiles\o7jnp0ss.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.687:C:\Documents and Settings\Her Majesty\Application Data\Mozilla\Firefox\Profiles\o7jnp0ss.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.643:C:\Documents and Settings\Her Majesty\Application Data\Mozilla\Firefox\Profiles\o7jnp0ss.default\cookies.txt -> TrackingCookie.Sitestat : Cleaned.
:mozilla.577:C:\Documents and Settings\Her Majesty\Application Data\Mozilla\Firefox\Profiles\o7jnp0ss.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.578:C:\Documents and Settings\Her Majesty\Application Data\Mozilla\Firefox\Profiles\o7jnp0ss.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.579:C:\Documents and Settings\Her Majesty\Application Data\Mozilla\Firefox\Profiles\o7jnp0ss.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.580:C:\Documents and Settings\Her Majesty\Application Data\Mozilla\Firefox\Profiles\o7jnp0ss.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.581:C:\Documents and Settings\Her Majesty\Application Data\Mozilla\Firefox\Profiles\o7jnp0ss.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.752:C:\Documents and Settings\Her Majesty\Application Data\Mozilla\Firefox\Profiles\o7jnp0ss.default\cookies.txt -> TrackingCookie.Starware : Cleaned.
:mozilla.753:C:\Documents and Settings\Her Majesty\Application Data\Mozilla\Firefox\Profiles\o7jnp0ss.default\cookies.txt -> TrackingCookie.Starware : Cleaned.
:mozilla.754:C:\Documents and Settings\Her Majesty\Application Data\Mozilla\Firefox\Profiles\o7jnp0ss.default\cookies.txt -> TrackingCookie.Starware : Cleaned.
:mozilla.755:C:\Documents and Settings\Her Majesty\Application Data\Mozilla\Firefox\Profiles\o7jnp0ss.default\cookies.txt -> TrackingCookie.Starware : Cleaned.
:mozilla.213:C:\Documents and Settings\Her Majesty\Application Data\Mozilla\Firefox\Profiles\o7jnp0ss.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.214:C:\Documents and Settings\Her Majesty\Application Data\Mozilla\Firefox\Profiles\o7jnp0ss.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.215:C:\Documents and Settings\Her Majesty\Application Data\Mozilla\Firefox\Profiles\o7jnp0ss.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.216:C:\Documents and Settings\Her Majesty\Application Data\Mozilla\Firefox\Profiles\o7jnp0ss.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.217:C:\Documents and Settings\Her Majesty\Application Data\Mozilla\Firefox\Profiles\o7jnp0ss.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.218:C:\Documents and Settings\Her Majesty\Application Data\Mozilla\Firefox\Profiles\o7jnp0ss.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.219:C:\Documents and Settings\Her Majesty\Application Data\Mozilla\Firefox\Profiles\o7jnp0ss.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.220:C:\Documents and Settings\Her Majesty\Application Data\Mozilla\Firefox\Profiles\o7jnp0ss.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.221:C:\Documents and Settings\Her Majesty\Application Data\Mozilla\Firefox\Profiles\o7jnp0ss.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.222:C:\Documents and Settings\Her Majesty\Application Data\Mozilla\Firefox\Profiles\o7jnp0ss.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.223:C:\Documents and Settings\Her Majesty\Application Data\Mozilla\Firefox\Profiles\o7jnp0ss.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.224:C:\Documents and Settings\Her Majesty\Application Data\Mozilla\Firefox\Profiles\o7jnp0ss.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.225:C:\Documents and Settings\Her Majesty\Application Data\Mozilla\Firefox\Profiles\o7jnp0ss.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.226:C:\Documents and Settings\Her Majesty\Application Data\Mozilla\Firefox\Profiles\o7jnp0ss.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.717:C:\Documents and Settings\Her Majesty\Application Data\Mozilla\Firefox\Profiles\o7jnp0ss.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.718:C:\Documents and Settings\Her Majesty\Application Data\Mozilla\Firefox\Profiles\o7jnp0ss.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.719:C:\Documents and Settings\Her Majesty\Application Data\Mozilla\Firefox\Profiles\o7jnp0ss.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.735:C:\Documents and Settings\Her Majesty\Application Data\Mozilla\Firefox\Profiles\o7jnp0ss.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.6:C:\Documents and Settings\Her Majesty\Application Data\Mozilla\Firefox\Profiles\o7jnp0ss.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned.
:mozilla.465:C:\Documents and Settings\Her Majesty\Application Data\Mozilla\Firefox\Profiles\o7jnp0ss.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.466:C:\Documents and Settings\Her Majesty\Application Data\Mozilla\Firefox\Profiles\o7jnp0ss.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.467:C:\Documents and Settings\Her Majesty\Application Data\Mozilla\Firefox\Profiles\o7jnp0ss.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.468:C:\Documents and Settings\Her Majesty\Application Data\Mozilla\Firefox\Profiles\o7jnp0ss.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.469:C:\Documents and Settings\Her Majesty\Application Data\Mozilla\Firefox\Profiles\o7jnp0ss.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.470:C:\Documents and Settings\Her Majesty\Application Data\Mozilla\Firefox\Profiles\o7jnp0ss.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.471:C:\Documents and Settings\Her Majesty\Application Data\Mozilla\Firefox\Profiles\o7jnp0ss.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.472:C:\Documents and Settings\Her Majesty\Application Data\Mozilla\Firefox\Profiles\o7jnp0ss.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.473:C:\Documents and Settings\Her Majesty\Application Data\Mozilla\Firefox\Profiles\o7jnp0ss.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.165:C:\Documents and Settings\Her Majesty\Application Data\Mozilla\Firefox\Profiles\o7jnp0ss.defaul
  • 0

Advertisements

#2
Wizard
Posted 11 November 2006 - 04:57 PM

Wizard

    Retired Staff

  • Retired Staff
  • 5,661 posts
Hi GirlsDoItToo and Welcome to GeekstoGo!


Please download SmitfraudFix (by S!Ri)
Extract the content (a folder named SmitfraudFix) to your Desktop.

Open the SmitfraudFix folder and double-click smitfraudfix.cmd
Select option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).
Please copy/paste the content of that report into your next reply.

Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.
http://www.beyondlog...processutil.htm
  • 0

#3
GirlsDoItToo
Posted 11 November 2006 - 05:39 PM

GirlsDoItToo

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
Here is the content of the SmitFraudFix scan:

SmitFraudFix v2.120

Scan done at 18:37:41.96, Sat 11/11/2006
Run from C:\Documents and Settings\Her Majesty\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
Fix run in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32

C:\WINDOWS\system32\drvjaz.dll FOUND !
C:\WINDOWS\system32\components\flx?.dll FOUND !
C:\WINDOWS\system32\components\flx??.dll FOUND !
C:\WINDOWS\system32\components\flx???.dll FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Her Majesty


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Her Majesty\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Start Menu


»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\HERMAJ~1\FAVORI~1


»»»»»»»»»»»»»»»»»»»»»»»» Desktop


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files


»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys


»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"


»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""


»»»»»»»»»»»»»»»»»»»»»»»» pe386-msguard-lzx32


»»»»»»»»»»»»»»»»»»»»»»»» Scanning wininet.dll infection


»»»»»»»»»»»»»»»»»»»»»»»» End
  • 0

#4
Wizard
Posted 11 November 2006 - 06:00 PM

Wizard

    Retired Staff

  • Retired Staff
  • 5,661 posts
You should print out these instructions, or copy them to a NotePad file for reading while in Safe Mode, because you will not be able to connect to the Internet to read from this site.

Next, please reboot your computer in Safe Mode by doing the following :
  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
  • Instead of Windows loading as normal, a menu with options should appear;
  • Select the first option, to run Windows in Safe Mode, then press "Enter".
  • Choose your usual account.
Once in Safe Mode, open the SmitfraudFix folder again and double-click smitfraudfix.cmd
Select option #2 - Clean by typing 2 and press "Enter" to delete infected files.

You will be prompted : "Registry cleaning - Do you want to clean the registry ?"; answer "Yes" by typing Y and press "Enter" in order to remove the Desktop background and clean registry keys associated with the infection.

The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found); answer "Yes" by typing Y and press "Enter".

The tool may need to restart your computer to finish the cleaning process; if it doesn't, please restart it into Normal Windows.
A text file will appear onscreen, with results from the cleaning process; please copy/paste the content of that report into your next reply.
The report can also be found at the root of the system drive, usually at C:\rapport.txt

Warning : running option #2 on a non infected computer will remove your Desktop background.


After posting C:\rapport.txt,Please download Combofix to your Root Drive C:\
http://download.blee...Bs/combofix.exe

Doubleclick combofix.exe to launch the application.

Follow the prompts that will be displayed on the screen.

Don't click on the window while the fix is running, because that will cause your system to hang.

When finished, it should produce a log, combofix.txt

Please post that log in the next reply.
  • 0

#5
GirlsDoItToo
Posted 11 November 2006 - 10:23 PM

GirlsDoItToo

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
I am having problems rebooting in safe mode. Everytime I try to, I get to my user screen, type in my password, but then nothing. The screen is black and has the usual "safe mode" text in each corner. I've waited a while, but nothing. I've restarted numerous times, but nothing.... could this be due to the virus? Is there any other way around it?
  • 0

#6
GirlsDoItToo
Posted 11 November 2006 - 11:05 PM

GirlsDoItToo

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
I finally got it to run. I'm not too sure it worked, it never asked me if I wanted to clean the registry and it didn't remove the background. I am also getting the notification that I have a virus in normal mode. Here's the log:

SmitFraudFix v2.120

Scan done at 23:51:45.31, Sat 11/11/2006
Run from C:\documents and settings\her majesty\desktop
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
Fix run in safe mode

»»»»»»»»»»»»»»»»»»»»»»»» Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Killing process


»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files

C:\WINDOWS\system32\drvjaz.dll FOUND !
C:\WINDOWS\system32\components\flx?.dll FOUND !
C:\WINDOWS\system32\components\flx??.dll FOUND !
C:\WINDOWS\system32\components\flx???.dll FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Her Majesty


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Her Majesty\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Start Menu


»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\HERMAJ~1\FAVORI~1


»»»»»»»»»»»»»»»»»»»»»»»» Desktop


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files


»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys


»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"


»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""


»»»»»»»»»»»»»»»»»»»»»»»» pe386-msguard-lzx32


»»»»»»»»»»»»»»»»»»»»»»»» Scanning wininet.dll infection


»»»»»»»»»»»»»»»»»»»»»»»» End
  • 0

#7
Wizard
Posted 12 November 2006 - 04:32 AM

Wizard

    Retired Staff

  • Retired Staff
  • 5,661 posts
That would mean explorer.exe isnt loading in safe mode.

Do this,since you ran Option 1 again,just run Option 2 in Normal mode for now.

Post that log,then go onto ComboFix.

We will deal with the leftovers in the following post.
  • 0

#8
GirlsDoItToo
Posted 12 November 2006 - 02:13 PM

GirlsDoItToo

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
What is combofix?

Here is the log:

SmitFraudFix v2.120

Scan done at 15:05:08.92, Sun 11/12/2006
Run from C:\Documents and Settings\Her Majesty\Desktop
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
Fix run in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Killing process


»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files

C:\WINDOWS\system32\drvjaz.dll FOUND !
C:\WINDOWS\system32\components\flx?.dll FOUND !
C:\WINDOWS\system32\components\flx??.dll FOUND !
C:\WINDOWS\system32\components\flx???.dll FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Her Majesty


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Her Majesty\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Start Menu


»»»»»»»»»»»»»»»»»»»»»»»»


»»»»»»»»»»»»»»»»»»»»»»»» Desktop


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files


»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys


»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"


»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""


»»»»»»»»»»»»»»»»»»»»»»»» pe386-msguard-lzx32


»»»»»»»»»»»»»»»»»»»»»»»» Scanning wininet.dll infection


»»»»»»»»»»»»»»»»»»»»»»»» End
  • 0

#9
Wizard
Posted 12 November 2006 - 03:16 PM

Wizard

    Retired Staff

  • Retired Staff
  • 5,661 posts
Please carefully read the instructions in Post 4

Skip the part about booting into safe mode.

Just run Option 2 of the SmitFraud Fix and post that log.


Then follow the rest of the directions.
  • 0

#10
GirlsDoItToo
Posted 12 November 2006 - 03:32 PM

GirlsDoItToo

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
Here is the log from combofix:

Her Majesty - 06-11-12 16:29:13.53 Service Pack 2
ComboFix 06.11.9 - Running from: "C:\Documents and Settings\Her Majesty\Desktop"

(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\Program Files\Common Files\Yazzle1162OinUninstaller.exe
C:\WINDOWS\system32\components
C:\Program Files\Common Files\{3C409DB9-0746-1033-1106-051114200001}
C:\Program Files\Common Files\{AC409DB9-0746-1033-1106-051114200001}


((((((((((((((((((((((((((((((( Files Created from 2006-10-12 to 2006-11-12 ))))))))))))))))))))))))))))))))))


2006-11-11 23:50 53,248 --a------ C:\WINDOWS\system32\Process.exe
2006-11-11 23:50 40,960 --a------ C:\WINDOWS\system32\swsc.exe
2006-11-11 23:50 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2006-11-11 23:50 135,168 --a------ C:\WINDOWS\system32\swreg.exe
2006-11-11 18:10 897,399 ---hs---- C:\WINDOWS\system32\hjllm.ini2
2006-11-09 22:10 3,968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2006-11-09 17:10 90,112 --a------ C:\WINDOWS\system32\mcrtl32.dll
2006-11-09 17:10 32,768 --a------ C:\WINDOWS\system32\instlsp.exe
2006-11-09 17:10 131,072 --a------ C:\WINDOWS\system32\mclsp.dll
2006-11-09 17:10 11,264 --a------ C:\WINDOWS\system32\sporder.dll
2006-11-08 15:25 852,514 ---hs---- C:\WINDOWS\system32\hjllm.bak2
2006-11-07 15:25 722,009 ---hs---- C:\WINDOWS\system32\hjllm.bak1
2006-11-07 15:24 692,276 ---hs---- C:\WINDOWS\system32\mlljh.dll
2006-11-07 15:14 40,973 ---hs---- C:\WINDOWS\system32\rqrqqpn.dll
2006-11-07 15:13 15,872 --a------ C:\WINDOWS\system32\winrkp32.dll
2006-10-28 18:46 57,344 --a------ C:\WINDOWS\system32\Wnaspint.dll
2006-10-17 12:33 6,049,280 --------- C:\WINDOWS\system32\ieframe.dll
2006-10-17 12:33 50,688 --------- C:\WINDOWS\system32\msfeedsbs.dll
2006-10-17 12:33 458,752 --------- C:\WINDOWS\system32\msfeeds.dll
2006-10-17 12:33 180,736 --------- C:\WINDOWS\system32\ieui.dll
2006-10-17 12:05 206,336 --------- C:\WINDOWS\system32\WinFXDocObj.exe
2006-10-17 11:58 61,952 --------- C:\WINDOWS\system32\icardie.dll
2006-10-17 11:58 12,288 --------- C:\WINDOWS\system32\msfeedssync.exe
2006-10-17 11:57 266,752 --------- C:\WINDOWS\system32\iertutil.dll
2006-10-17 11:27 380,928 --------- C:\WINDOWS\system32\ieapfltr.dll
2006-10-13 18:54 56 -r-hs---- C:\WINDOWS\system32\078BE27FC8.sys
2006-10-13 18:54 4,182 --ahs---- C:\WINDOWS\system32\KGyGaAvL.sys


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2006-11-12 16:30 -------- d-------- C:\Program Files\Common Files
2006-11-12 16:25 -------- d-------- C:\Program Files\Mozilla Thunderbird
2006-11-12 15:49 -------- d-------- C:\Program Files\Mozilla Firefox
2006-11-12 02:18 -------- d-------- C:\Program Files\Common Files\Sonic Shared
2006-11-11 23:06 -------- d-------- C:\Program Files\Symantec
2006-11-11 23:06 -------- d-------- C:\Program Files\Norton Internet Security
2006-11-11 23:06 -------- d-------- C:\Program Files\Norton AntiVirus
2006-11-11 23:06 -------- d-------- C:\Program Files\Common Files\Symantec Shared(2)
2006-11-11 17:24 -------- d-------- C:\Program Files\WinZip
2006-11-11 16:26 -------- d-------- C:\Program Files\Hijackthis
2006-11-09 23:50 -------- d-------- C:\Program Files\QuickTime
2006-11-09 23:45 -------- d-------- C:\Program Files\Internet Explorer
2006-11-09 23:45 -------- d-------- C:\Program Files\Digital Line Detect
2006-11-09 23:45 -------- d-------- C:\Program Files\Dell Support
2006-11-09 23:44 -------- d-------- C:\Program Files\Common Files\System
2006-11-09 22:20 -------- d-------- C:\Program Files\VSAdd-in
2006-11-09 22:10 -------- d-------- C:\Program Files\Grisoft
2006-11-09 18:41 -------- d-------- C:\Documents and Settings\Her Majesty\Application Data\Adobe
2006-11-09 18:13 -------- d-------- C:\Documents and Settings\Her Majesty\Application Data\Lavasoft
2006-11-09 18:10 -------- d-------- C:\Program Files\Lavasoft
2006-11-09 17:11 -------- d-------- C:\Program Files\McAfee.com
2006-11-08 13:26 -------- d-------- C:\Program Files\Common Files\Adobe
2006-11-08 13:24 -------- d--h----- C:\Program Files\InstallShield Installation Information
2006-11-08 13:24 -------- d-------- C:\Program Files\Adobe
2006-11-07 21:18 -------- d-------- C:\Documents and Settings\Her Majesty\Application Data\AdobeUM
2006-11-07 15:26 -------- d-------- C:\Documents and Settings\Her Majesty\Application Data\SearchToolbarCorp
2006-11-06 02:31 -------- d-------- C:\Program Files\iTunes
2006-11-06 02:31 -------- d-------- C:\Program Files\iPod
2006-10-28 19:51 -------- d-------- C:\Program Files\Acoustica MP3 CD Burner
2006-10-21 23:46 -------- d-------- C:\Program Files\Sonic
2006-10-21 15:04 -------- d-------- C:\Program Files\Apple Software Update
2006-10-17 12:33 413696 --a------ C:\WINDOWS\system32\vbscript.dll
2006-10-17 12:33 231424 --a------ C:\WINDOWS\system32\webcheck.dll
2006-10-17 12:33 156160 --a------ C:\WINDOWS\system32\msls31.dll
2006-10-17 12:06 78336 --a------ C:\WINDOWS\system32\ieencode.dll
2006-10-17 12:05 40960 --a------ C:\WINDOWS\system32\licmgr10.dll
2006-10-17 12:05 105984 --a------ C:\WINDOWS\system32\url.dll
2006-10-17 12:04 101376 --a------ C:\WINDOWS\system32\occache.dll
2006-10-17 12:03 17408 --a------ C:\WINDOWS\system32\corpol.dll
2006-10-17 12:01 71680 --a------ C:\WINDOWS\system32\admparse.dll
2006-10-17 12:01 55296 --a------ C:\WINDOWS\system32\iesetup.dll
2006-10-17 12:01 382976 --a------ C:\WINDOWS\system32\iedkcs32.dll
2006-10-17 12:01 229376 --a------ C:\WINDOWS\system32\ieaksie.dll
2006-10-17 12:01 152064 --a------ C:\WINDOWS\system32\ieakeng.dll
2006-10-17 12:01 13312 --a------ C:\WINDOWS\system32\ieudinit.exe
2006-10-17 12:00 54784 --a------ C:\WINDOWS\system32\ie4uinit.exe
2006-10-17 12:00 43008 --a------ C:\WINDOWS\system32\iernonce.dll
2006-10-17 12:00 123904 --a------ C:\WINDOWS\system32\advpack.dll
2006-10-17 11:57 36352 --a------ C:\WINDOWS\system32\imgutil.dll
2006-10-17 11:56 45568 --a------ C:\WINDOWS\system32\mshta.exe
2006-10-17 11:28 48128 --a------ C:\WINDOWS\system32\mshtmler.dll
2006-10-17 11:23 161792 --a------ C:\WINDOWS\system32\ieakui.dll
2006-10-17 01:54 -------- d-------- C:\Documents and Settings\Her Majesty\Application Data\Apple Computer
2006-10-13 18:54 -------- d-------- C:\Documents and Settings\Her Majesty\Application Data\Corel Photo Album
2006-10-08 19:34 -------- d---s---- C:\Documents and Settings\Her Majesty\Application Data\Microsoft
2006-10-08 14:40 -------- d-------- C:\Program Files\Windows Media Player
2006-10-08 14:40 -------- d-------- C:\Program Files\Windows Media Connect 2
2006-10-08 00:40 -------- d-------- C:\Program Files\JetAudio
2006-10-08 00:40 -------- d-------- C:\Documents and Settings\Her Majesty\Application Data\COWON
2006-10-03 23:40 1755136 --ahs---- C:\Program Files\ehthumbs.db
2006-10-03 18:04 -------- d-------- C:\Program Files\filesubmit
2006-10-03 14:15 -------- d-------- C:\Documents and Settings\Her Majesty\Application Data\McAfee.com Personal Firewall
2006-09-30 16:11 -------- d-------- C:\Program Files\Common Files\SWF Studio
2006-09-30 14:36 -------- d-------- C:\Program Files\Zone Labs
2006-09-30 14:30 -------- d-------- C:\Program Files\Outlook Express
2006-09-29 20:32 -------- d-------- C:\Program Files\Common Files\Blizzard Entertainment
2006-09-29 20:21 -------- d-------- C:\Program Files\Common Files\Adobe Systems Shared
2006-09-29 20:19 -------- d-------- C:\Program Files\WinRAR
2006-09-29 20:18 -------- d-------- C:\Program Files\Microsoft Office
2006-09-29 20:18 -------- d-------- C:\Program Files\Microsoft ActiveSync
2006-09-29 20:18 -------- d-------- C:\Program Files\Common Files\Microsoft Shared
2006-09-29 20:18 -------- d-------- C:\Program Files\Common Files\Designer
2006-09-29 19:34 -------- d-------- C:\Documents and Settings\Her Majesty\Application Data\Toshiba
2006-09-29 19:32 -------- d-------- C:\Program Files\PictureProject In Touch Downloader
2006-09-29 19:30 -------- d-------- C:\Program Files\Nikon
2006-09-29 19:29 -------- d-------- C:\Program Files\MSXML 4.0
2006-09-29 19:29 -------- d-------- C:\Program Files\Common Files\Nikon
2006-09-29 19:29 -------- d-------- C:\Documents and Settings\Her Majesty\Application Data\Nikon
2006-09-29 19:28 -------- d-------- C:\Program Files\Common Files\muvee Technologies
2006-09-29 19:26 -------- d-------- C:\Program Files\ArcSoft
2006-09-29 19:22 -------- d-------- C:\Program Files\SmartFTP Client 2.0 Setup Files
2006-09-29 19:22 -------- d-------- C:\Program Files\SmartFTP Client 2.0
2006-09-29 19:19 -------- d-------- C:\Documents and Settings\Her Majesty\Application Data\Skype
2006-09-29 19:17 -------- d-------- C:\Program Files\Skype
2006-09-29 19:13 -------- d-------- C:\Documents and Settings\Her Majesty\Application Data\Thunderbird
2006-09-29 19:11 -------- d-------- C:\Program Files\Common Files\COWON
2006-09-29 19:00 -------- d-------- C:\Program Files\Yahoo!
2006-09-29 18:56 -------- d-------- C:\Documents and Settings\Her Majesty\Application Data\Macromedia
2006-09-29 18:53 -------- d-------- C:\Documents and Settings\Her Majesty\Application Data\acccore
2006-09-29 18:52 -------- d-------- C:\Program Files\Common Files\AOL
2006-09-29 18:52 -------- d-------- C:\Program Files\AOL
2006-09-29 18:52 -------- d-------- C:\Program Files\AOD
2006-09-29 18:52 -------- d-------- C:\Documents and Settings\Her Majesty\Application Data\Mozilla
2006-09-29 18:46 -------- d-------- C:\Program Files\LimeWire
2006-09-29 18:46 -------- d-------- C:\Program Files\Java
2006-09-29 18:38 -------- d-------- C:\Program Files\Last.fm
2006-09-29 18:19 -------- d-------- C:\Program Files\Samsung
2006-09-29 16:07 -------- d-------- C:\Program Files\Common Files\Intuit
2006-09-29 16:04 -------- d-------- C:\Program Files\MUSICMATCH
2006-09-29 16:02 -------- d-------- C:\Program Files\Google
2006-09-13 00:01 1084416 --a------ C:\WINDOWS\system32\msxml3.dll
2006-09-06 16:43 22752 --a------ C:\WINDOWS\system32\spupdsvc.exe
2006-08-25 10:45 617472 --a------ C:\WINDOWS\system32\comctl32.dll
2006-08-24 21:42 8704 --a------ C:\WINDOWS\system32\wdfmgr.exe
2006-08-24 21:42 8704 --a------ C:\WINDOWS\system32\uwdf.exe
2006-08-24 21:30 99840 --a------ C:\WINDOWS\system32\wmpshell.dll
2006-08-24 21:30 990208 --a------ C:\WINDOWS\system32\drmv2clt.dll
2006-08-24 21:30 937984 --a------ C:\WINDOWS\system32\wmnetmgr.dll
2006-08-24 21:30 8337920 --a------ C:\WINDOWS\system32\wmploc.dll
2006-08-24 21:30 790016 --------- C:\WINDOWS\system32\WMVSENCD.dll
2006-08-24 21:30 757248 --a------ C:\WINDOWS\system32\wmadmod.dll
2006-08-24 21:30 7168 --a------ C:\WINDOWS\system32\asferror.dll
2006-08-24 21:30 656896 --------- C:\WINDOWS\system32\WMVXENCD.dll
2006-08-24 21:30 63488 --a------ C:\WINDOWS\system32\wpdmtpus.dll
2006-08-24 21:30 629760 --a------ C:\WINDOWS\system32\wpd_ci.dll
2006-08-24 21:30 611840 --------- C:\WINDOWS\system32\wmpmde.dll
2006-08-24 21:30 603648 --a------ C:\WINDOWS\system32\WMSPDMOD.dll
2006-08-24 21:30 537600 --a------ C:\WINDOWS\system32\blackbox.dll
2006-08-24 21:30 532992 --a------ C:\WINDOWS\system32\wmdrmsdk.dll
2006-08-24 21:30 428032 --a------ C:\WINDOWS\system32\wmdrmdev.dll
2006-08-24 21:30 414208 --a------ C:\WINDOWS\system32\msscp.dll
2006-08-24 21:30 4096 --a------ C:\WINDOWS\system32\wmvdmoe2.dll
2006-08-24 21:30 4096 --a------ C:\WINDOWS\system32\wmvdmod.dll
2006-08-24 21:30 4096 --a------ C:\WINDOWS\system32\WMVADVE.DLL
2006-08-24 21:30 4096 --a------ C:\WINDOWS\system32\WMVADVD.dll
2006-08-24 21:30 4096 --a------ C:\WINDOWS\system32\wmsdmoe2.dll
2006-08-24 21:30 4096 --a------ C:\WINDOWS\system32\wmsdmod.dll
2006-08-24 21:30 4096 --a------ C:\WINDOWS\system32\wdfapi.dll
2006-08-24 21:30 4096 --a------ C:\WINDOWS\system32\MPG4DMOD.dll
2006-08-24 21:30 4096 --a------ C:\WINDOWS\system32\MP4SDMOD.dll
2006-08-24 21:30 4096 --a------ C:\WINDOWS\system32\MP43DMOD.dll
2006-08-24 21:30 37376 --a------ C:\WINDOWS\system32\wmdmps.dll
2006-08-24 21:30 35840 --a------ C:\WINDOWS\system32\wpdconns.dll
2006-08-24 21:30 349184 --a------ C:\WINDOWS\system32\wpdsp.dll
2006-08-24 21:30 347648 --a------ C:\WINDOWS\system32\wmdrmnet.dll
2006-08-24 21:30 33792 --a------ C:\WINDOWS\system32\wmdmlog.dll
2006-08-24 21:30 320512 --a------ C:\WINDOWS\system32\mswmdm.dll
2006-08-24 21:30 316928 --------- C:\WINDOWS\system32\MP4SDECD.dll
2006-08-24 21:30 314368 --a------ C:\WINDOWS\system32\wmpdxm.dll
2006-08-24 21:30 305152 --------- C:\WINDOWS\system32\MSDelta.dll
2006-08-24 21:30 295424 --------- C:\WINDOWS\system32\wmpeffects.dll
2006-08-24 21:30 284160 --------- C:\WINDOWS\system32\PortableDeviceApi.dll
2006-08-24 21:30 276480 --a------ C:\WINDOWS\system32\audiodev.dll
2006-08-24 21:30 27648 --a------ C:\WINDOWS\system32\mspmsnsv.dll
2006-08-24 21:30 259072 --------- C:\WINDOWS\system32\MPG4DECD.dll
2006-08-24 21:30 2589184 --------- C:\WINDOWS\system32\WpdShext.dll
2006-08-24 21:30 258560 --------- C:\WINDOWS\system32\MP43DECD.dll
2006-08-24 21:30 2450944 --a------ C:\WINDOWS\system32\wmvcore.dll
2006-08-24 21:30 242176 --a------ C:\WINDOWS\system32\wmpasf.dll
2006-08-24 21:30 228352 --a------ C:\WINDOWS\system32\cewmdm.dll
2006-08-24 21:30 227328 --a------ C:\WINDOWS\system32\wmerror.dll
2006-08-24 21:30 222208 --a------ C:\WINDOWS\system32\wmasf.dll
2006-08-24 21:30 211968 --a------ C:\WINDOWS\system32\MFPLAT.dll
2006-08-24 21:30 210432 --a------ C:\WINDOWS\system32\qasf.dll
2006-08-24 21:30 204800 --a------ C:\WINDOWS\system32\wmpsrcwp.dll
2006-08-24 21:30 198144 --------- C:\WINDOWS\system32\PortableDeviceWMDRM.dll
2006-08-24 21:30 179712 --a------ C:\WINDOWS\system32\msnetobj.dll
2006-08-24 21:30 175104 --a------ C:\WINDOWS\system32\mspmsp.dll
2006-08-24 21:30 166912 --------- C:\WINDOWS\system32\PortableDeviceTypes.dll
2006-08-24 21:30 1660416 --a------ C:\WINDOWS\system32\wmpencen.dll
2006-08-24 21:30 157184 --a------ C:\WINDOWS\system32\wmidx.dll
2006-08-24 21:30 154624 --a------ C:\WINDOWS\system32\wpdmtp.dll
2006-08-24 21:30 1539584 --------- C:\WINDOWS\system32\WMVDECOD.dll
2006-08-24 21:30 1532416 --------- C:\WINDOWS\system32\WMVENCOD.dll
2006-08-24 21:30 1392128 --------- C:\WINDOWS\system32\WMVSDECD.dll
2006-08-24 21:30 133120 --------- C:\WINDOWS\system32\WPDShServiceObj.dll
2006-08-24 21:30 1327616 --a------ C:\WINDOWS\system32\WMSPDMOE.dll
2006-08-24 21:30 132096 --------- C:\WINDOWS\system32\PortableDeviceWiaCompat.dll
2006-08-24 21:30 130048 --------- C:\WINDOWS\system32\wmpps.dll
2006-08-24 21:30 11264 --a------ C:\WINDOWS\system32\LAPRXY.dll
2006-08-24 21:30 1118208 --a------ C:\WINDOWS\system32\WMADMOE.dll
2006-08-24 21:30 101888 --------- C:\WINDOWS\system32\PortableDeviceClassExtension.dll
2006-08-24 19:31 100864 --a------ C:\WINDOWS\system32\logagent.exe
2006-08-24 19:27 249344 --a------ C:\WINDOWS\system32\drmupgds.exe
2006-08-24 19:26 95288 --------- C:\WINDOWS\system32\WUDFCoinstaller.dll
2006-08-24 19:26 17408 --------- C:\WINDOWS\system32\wpdshextautoplay.exe
2006-08-24 18:19 316416 --------- C:\WINDOWS\system32\WUDFx.dll
2006-08-24 18:19 145920 --------- C:\WINDOWS\system32\WudfHost.exe
2006-08-24 18:18 56320 --------- C:\WINDOWS\system32\WudfSvc.dll
2006-08-24 18:18 168448 --------- C:\WINDOWS\system32\WudfPlatform.dll
2006-08-21 07:21 16896 --a------ C:\WINDOWS\system32\fltlib.dll
2006-08-21 04:14 23040 --a------ C:\WINDOWS\system32\fltmc.exe
2006-08-16 06:58 100352 --a------ C:\WINDOWS\system32\6to4svc.dll


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"ModemOnHold"="C:\\Program Files\\NetWaiting\\netWaiting.exe"
"DellSupport"="\"C:\\PROGRA~1\\DELLSU~1\\DSAgnt.exe\" /startup"
"Aim6"=""
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"ehTray"="C:\\WINDOWS\\ehome\\ehtray.exe"
"SynTPEnh"="C:\\Program Files\\Synaptics\\SynTP\\SynTPEnh.exe"
"igfxtray"="C:\\WINDOWS\\system32\\igfxtray.exe"
"igfxhkcmd"="C:\\WINDOWS\\system32\\hkcmd.exe"
"igfxpers"="C:\\WINDOWS\\system32\\igfxpers.exe"
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.5.0_08\\bin\\jusched.exe\""
@=""
"IntelWireless"="C:\\Program Files\\Intel\\Wireless\\Bin\\ifrmewrk.exe /tf Intel PROSet/Wireless"
"SigmatelSysTrayApp"="stsystra.exe"
"Dell QuickSet"="C:\\Program Files\\Dell\\QuickSet\\quickset.exe"
"DVDLauncher"="\"C:\\Program Files\\CyberLink\\PowerDVD\\DVDLauncher.exe\""
"RealTray"="C:\\Program Files\\Real\\RealPlayer\\RealPlay.exe SYSTEMBOOTHIDEPLAYER"
"ISUSPM Startup"="\"C:\\Program Files\\Common Files\\InstallShield\\UpdateService\\isuspm.exe\" -startup"
"ISUSScheduler"="\"C:\\Program Files\\Common Files\\InstallShield\\UpdateService\\issch.exe\" -start"
"VSOCheckTask"="\"C:\\PROGRA~1\\McAfee.com\\VSO\\mcmnhdlr.exe\" /checktask"
"OASClnt"="C:\\Program Files\\McAfee.com\\VSO\\oasclnt.exe"
"MCAgentExe"="c:\\PROGRA~1\\mcafee.com\\agent\\mcagent.exe"
"MCUpdateExe"="C:\\PROGRA~1\\mcafee.com\\agent\\McUpdate.exe"
"MSKDetectorExe"="C:\\PROGRA~1\\McAfee\\SPAMKI~1\\MSKDetct.exe /startup"
"MSKAGENTEXE"="C:\\PROGRA~1\\McAfee\\SPAMKI~1\\MskAgent.exe"
"VirusScan Online"="C:\\Program Files\\McAfee.com\\VSO\\mcvsshld.exe"
"MPFExe"="C:\\PROGRA~1\\McAfee.com\\PERSON~1\\MpfTray.exe"
"HostManager"="C:\\Program Files\\Common Files\\AOL\\1159573950\\ee\\AOLSoftware.exe"
"IPHSend"="C:\\Program Files\\Common Files\\AOL\\IPHSend\\IPHSend.exe"
"dla"="C:\\WINDOWS\\system32\\dla\\tfswctrl.exe"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"CTDrive"="rundll32.exe C:\\WINDOWS\\system32\\drvjaz.dll,startup"
"MPSExe"="c:\\PROGRA~1\\mcafee.com\\mps\\mscifapp.exe /embedding"
"!AVG Anti-Spyware"="\"C:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000001

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,00,01,00,00,00,00,00,00,00,04,00,00,02,03,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\
ff,ff,04,00,00,00
"RestoredStateInfo"=hex:18,00,00,00,6a,02,00,00,23,00,00,00,a4,00,00,00,9a,00,\
00,00,01,00,00,00

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001
"InstallVisualStyle"=hex(2):43,3a,5c,57,49,4e,44,4f,57,53,5c,52,65,73,6f,75,72,\
63,65,73,5c,54,68,65,6d,65,73,5c,52,6f,79,61,6c,65,5c,52,6f,79,61,6c,65,2e,\
6d,73,73,74,79,6c,65,73,00
"InstallTheme"=hex(2):43,3a,5c,57,49,4e,44,4f,57,53,5c,52,65,73,6f,75,72,63,65,\
73,5c,54,68,65,6d,65,73,5c,52,6f,79,61,6c,65,2e,74,68,65,6d,65,00

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"
"WPDShServiceObj"="{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\mlljh
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winrkp32

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"


Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\McAfee.com Scan for Viruses - My Computer (MEGALOMANIAC-Her Majesty).job
C:\WINDOWS\tasks\Norton AntiVirus - Scan my computer.job
C:\WINDOWS\tasks\Symantec NetDetect.job

Completion time: 06-11-12 16:32:12.26
C:\ComboFix.txt ... 06-11-12 16:32
  • 0

Advertisements

#11
Wizard
Posted 12 November 2006 - 03:39 PM

Wizard

    Retired Staff

  • Retired Staff
  • 5,661 posts
Were you able to run Option 2 of the Smitfraud Fix?


Lets go ahead and get some other garbage outa there.


Please download VundoFix.exe to your desktop.
  • Double-click VundoFix.exe to run it.
  • Click the Scan for Vundo button.
  • Once it's done scanning, click the Remove Vundo button.
  • You will receive a prompt asking if you want to remove the files, click YES
  • Once you click yes, your desktop will go blank as it starts removing Vundo.
  • When completed, it will prompt that it will reboot your computer, click OK.
  • Please post the contents of C:\vundofix.txt and a new HiJackThis log.
Note: It is possible that VundoFix encountered a file it could not remove.
In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button." when VundoFix appears at reboot.
  • 0

#12
GirlsDoItToo
Posted 12 November 2006 - 03:47 PM

GirlsDoItToo

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
I'm going back to try to do option 2 and I get this:
Posted Image
  • 0

#13
GirlsDoItToo
Posted 12 November 2006 - 04:00 PM

GirlsDoItToo

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
VundoFix log:


VundoFix V6.2.8

Checking Java version...

Java version is 1.4.2.3

Java version is 1.5.0.8

Scan started at 4:48:45 PM 11/12/2006

Listing files found while scanning....

C:\WINDOWS\system32\winrkp32.dll
C:\WINDOWS\system32\mlljh.dll
C:\WINDOWS\system32\hjllm.ini
C:\WINDOWS\system32\hjllm.bak1
C:\WINDOWS\system32\hjllm.bak2
C:\WINDOWS\system32\hjllm.ini2
C:\WINDOWS\system32\hjllm.tmp

Beginning removal...

Attempting to delete C:\WINDOWS\system32\winrkp32.dll
C:\WINDOWS\system32\winrkp32.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\mlljh.dll
C:\WINDOWS\system32\mlljh.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\hjllm.ini
C:\WINDOWS\system32\hjllm.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\hjllm.bak1
C:\WINDOWS\system32\hjllm.bak1 Has been deleted!

Attempting to delete C:\WINDOWS\system32\hjllm.bak2
C:\WINDOWS\system32\hjllm.bak2 Has been deleted!

Attempting to delete C:\WINDOWS\system32\hjllm.ini2
C:\WINDOWS\system32\hjllm.ini2 Has been deleted!

Attempting to delete C:\WINDOWS\system32\hjllm.tmp
C:\WINDOWS\system32\hjllm.tmp Has been deleted!

Performing Repairs to the registry.
Done!






New HijackThis log:

Logfile of HijackThis v1.99.1
Scan saved at 5:00:12 PM, on 11/12/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\McAfee.com\VSO\oasclnt.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
C:\Program Files\McAfee.com\VSO\mcvsshld.exe
C:\WINDOWS\eHome\ehSched.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
c:\program files\mcafee.com\agent\mcdetect.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
C:\Program Files\Common Files\AOL\1159573950\ee\aolsoftware.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\mcafee.com\mps\mscifapp.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\Program Files\Nikon\Wireless Camera Setup Utility\NkPtpEnum.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\PROGRA~1\DELLSU~1\DSAgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe
C:\Program Files\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.myspace.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://desktop.googl...back.html?hl=en
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: McBrwHelper Class - {227B8AA8-DAF2-4892-BD1D-73F568BCB24E} - c:\PROGRA~1\mcafee.com\mps\mcbrhlpr.dll
O2 - BHO: McAfee PopupKiller - {3EC8255F-E043-4cae-8B3B-B191550C2A22} - c:\program files\mcafee.com\mps\popupkiller.dll
O2 - BHO: McAfee AntiPhishing Filter - {41D68ED8-4CFF-4115-88A6-6EBB8AF19000} - c:\PROGRA~1\mcafee\SPAMKI~1\mcapfbho.dll
O2 - BHO: (no name) - {46A4E9D9-B30E-452A-8157-DBBEC8573B03} - C:\Program Files\VSAdd-in\VSAdd-in.dll (file missing)
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O2 - BHO: (no name) - {AD4F25AE-3F85-44FF-A6BC-DECBA5EB7134} - C:\WINDOWS\system32\mlljh.dll (file missing)
O2 - BHO: (no name) - {C004DEC2-2623-438e-9CA2-C9043AB28508} - (no file)
O2 - BHO: (no name) - {F18F04B0-9CF1-4b93-B004-77A288BEE28B} - C:\WINDOWS\system32\lhsyulng.dll (file missing)
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: &VSAdd-in - {74DD705D-6834-439C-A735-A6DBE2677452} - C:\Program Files\VSAdd-in\VSAdd-in.dll (file missing)
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe"
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe /startup
O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1159573950\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [IPHSend] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [CTDrive] rundll32.exe C:\WINDOWS\system32\drvjaz.dll,startup
O4 - HKLM\..\Run: [MPSExe] c:\PROGRA~1\mcafee.com\mps\mscifapp.exe /embedding
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [ModemOnHold] C:\Program Files\NetWaiting\netWaiting.exe
O4 - HKCU\..\Run: [DellSupport] "C:\PROGRA~1\DELLSU~1\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Bluetooth Manager.lnk = ?
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra button: (no name) - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\PROGRA~1\mcafee\SPAMKI~1\mcapfbho.dll
O9 - Extra 'Tools' menuitem: McAfee AntiPhishing Filter - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\PROGRA~1\mcafee\SPAMKI~1\mcapfbho.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcaf...01/mcinsctl.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: IntelWireless - C:\Program Files\Intel\Wireless\Bin\LgNotify.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: NkPtpEnumP2 - Unknown owner - C:\Program Files\Nikon\Wireless Camera Setup Utility\NkPtpEnum.exe" -a -d="C:\Program Files\Nikon\Wireless Camera Setup Utility\NkPtpip.dll (file missing)
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
  • 0

#14
Wizard
Posted 12 November 2006 - 04:09 PM

Wizard

    Retired Staff

  • Retired Staff
  • 5,661 posts
Ah,thank you very much! :whistling:

Just delete the entire copy of Smitfraud fix and download a new one.

Dont unzip it yet.

Restart in Safe Mode,it should work better this time.

Unzip and Extract All files from SmitFraudFix.zip

Run as instructed and select option 1 to make a log,then run again and select option 2

Then restart normal and post that log.
  • 0

#15
GirlsDoItToo
Posted 12 November 2006 - 04:29 PM

GirlsDoItToo

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
Log for option 1:

SmitFraudFix v2.120

Scan done at 17:21:42.84, Sun 11/12/2006
Run from C:\Documents and Settings\Her Majesty\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
Fix run in safe mode

»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Her Majesty


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Her Majesty\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Start Menu


»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\HERMAJ~1\FAVORI~1


»»»»»»»»»»»»»»»»»»»»»»»» Desktop


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files


»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys


»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"


»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""


»»»»»»»»»»»»»»»»»»»»»»»» pe386-msguard-lzx32


»»»»»»»»»»»»»»»»»»»»»»»» Scanning wininet.dll infection


»»»»»»»»»»»»»»»»»»»»»»»» End









Log for option 2:

SmitFraudFix v2.120

Scan done at 17:21:54.56, Sun 11/12/2006
Run from C:\Documents and Settings\Her Majesty\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
Fix run in safe mode

»»»»»»»»»»»»»»»»»»»»»»»» Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Killing process


»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Her Majesty


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Her Majesty\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Start Menu


»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\HERMAJ~1\FAVORI~1


»»»»»»»»»»»»»»»»»»»»»»»» Desktop


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files


»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys


»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"


»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""


»»»»»»»»»»»»»»»»»»»»»»»» pe386-msguard-lzx32


»»»»»»»»»»»»»»»»»»»»»»»» Scanning wininet.dll infection


»»»»»»»»»»»»»»»»»»»»»»»» End





Also, when I rebooted, I get this error:
Posted Image
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP